[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:misc:approach_to_web_development_on_slackware [2020/11/29 20:09 (UTC)] – [Web Dev primarily HTML and PHP] captain_sensible | howtos:misc:approach_to_web_development_on_slackware [2020/12/01 16:54 (UTC)] (current) – [Structure of HTML & PHP] captain_sensible | ||
---|---|---|---|
Line 8: | Line 8: | ||
There will be some embedded information on HTML and PHP, what they do and what they do not do. I will probably throw in some anecdotal | There will be some embedded information on HTML and PHP, what they do and what they do not do. I will probably throw in some anecdotal | ||
- | == Structure of HTML & PHP == | + | ==== Structure of HTML & PHP ==== |
| | ||
Line 39: | Line 39: | ||
- | == Using Built in PHP dev Server to render HTML == | + | ==== Using Built in PHP dev Server to render HTML ==== |
Line 132: | Line 132: | ||
Click on the line that says // | Click on the line that says // | ||
+ | |||
+ | |||
+ | ==== Making use of HTML presentation but with PHP functionality ==== | ||
Line 167: | Line 170: | ||
Refresh your browser and now what do you see? Quite a lot of information concerning PHP! | Refresh your browser and now what do you see? Quite a lot of information concerning PHP! | ||
When I first did this it demonstrated the potential of PHP. | When I first did this it demonstrated the potential of PHP. | ||
+ | |||
+ | ==== Introducing Databases into the mix ==== | ||
+ | |||
+ | |||
Next we will have a simple look at using a database.When you mention anything about databases most people immediately think MySQl or Maria;so you can't do anything with a database on your Desktop since you need a daemon. Well actually you can since sqlite3 is server-less. | Next we will have a simple look at using a database.When you mention anything about databases most people immediately think MySQl or Maria;so you can't do anything with a database on your Desktop since you need a daemon. Well actually you can since sqlite3 is server-less. | ||
Assuming our Terminal Emulator is in webPlay lets create a database from the command line. Actually lets first check we have the tools in place: | Assuming our Terminal Emulator is in webPlay lets create a database from the command line. Actually lets first check we have the tools in place: | ||
Line 258: | Line 265: | ||
which is another approach for working with web development. | which is another approach for working with web development. | ||
+ | |||
+ | ==== PHP framework ==== | ||
Before we look at xampp and apache i'm going to mention composer [[https:// | Before we look at xampp and apache i'm going to mention composer [[https:// | ||
Line 321: | Line 330: | ||
There are pro's and cons. Its doesn' | There are pro's and cons. Its doesn' | ||
+ | |||
+ | |||
+ | ==== Setting up a Development Environment using Apache ==== | ||
Line 342: | Line 354: | ||
# mv CI4.zip / | # mv CI4.zip / | ||
</ | </ | ||
+ | |||
+ | === Approach To permission problems === | ||
Line 491: | Line 505: | ||
Note the 127.0.0.9 in address bar and that I can now work with framework and edit as user andrew , without risk of messing up system as root. If you follow this through and you get a problem its probably either your php version is < than 7.3 or I did something somewhere forgot about it and forgot to mention . | Note the 127.0.0.9 in address bar and that I can now work with framework and edit as user andrew , without risk of messing up system as root. If you follow this through and you get a problem its probably either your php version is < than 7.3 or I did something somewhere forgot about it and forgot to mention . | ||
- | |||
- | |||
- | |||
- | == Pen-testing | ||
- | |||
- | One element that can be taken advantage of, having your web development running in Apache web server and viewable via local host is pen-testing. | ||
- | I will for the sake of brevity stick to relevance of pen-testing using Slackware. | ||
- | |||
- | In today' | ||
- | |||
- | Pen-testing puts a load on your server and I once got a warning about bandwidth usage from my hosting provider due to excessive requests on my web probably from a bot or a hacking scan software. Also its much easier to edit any files or test plugins locally than live. | ||
- | |||
- | I have a default WordPress | ||
- | |||
- | |||
- | The first test will use software | ||
- | |||
- | [[https:// | ||
- | |||
- | |||
- | Download th Linux version and unzip it say to Desktop. Open a terminal, cd into ZAP_2.9.0 and then | ||
- | < | ||
- | |||
- | bash-5.0$ ./zap.sh | ||
- | |||
- | </ | ||
- | |||
- | All I have to do is type the url http:// | ||
- | |||
- | {{: | ||
- | |||
- | |||
- | Result was 31 alerts on csrf, 19 XSS | ||
- | |||
- | The next test will involve wpscan. Now let me just say i’m not giving away any hacking secrets here, more a case of making | ||
- | < | ||
- | | ||
- | </ | ||
- | To show you how vulnerable your user logins are, I will demonstrate by running | ||
- | |||
- | < | ||
- | |||
- | bash-5.0$ wpscan | ||
- | </ | ||
- | output: | ||
- | < | ||
- | |||
- | [i] User(s) Identified: | ||
- | |||
- | [+] fredy | ||
- | | Found By: Author Posts - Display Name (Passive Detection) | ||
- | | Confirmed By: Rss Generator (Passive Detection) | ||
- | |||
- | [+] fred | ||
- | | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) | ||
- | |||
- | [+] andy | ||
- | | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) | ||
- | |||
- | </ | ||
- | If you look at the above output ,you will see users were retrieved from the wp database table " | ||
- | Now the users were designated during setup and install of WP and then I also did a manual edit of the database. | ||
- | The software successfully easily obtained users.Im using sqlite3 as the database with WordPress, if your using MySQL it makes no difference. | ||
- | All hackers have to do is run wpscan using one of user login against password list. WordPress users you have been warned. | ||
- | |||
- | |||