Daily Archives: 14 February, 2021

Web Server returns a valid response with junk HTTP methods

If you have checked your website for vulnerabilities and found:

Web Server returns a valid response with junk HTTP methods, this may cause false positives.
Code language: JavaScript (javascript)

You can go and edit your httpd.conf file and add to your vhosts this lines:

RewriteEngine On RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD) RewriteRule .* - [R=405,L]

After restart apache and check againt it should make you happy 

The anti-clickjacking X-Frame-Options header is not present.

If you have this for your site after scanning:

The anti-clickjacking X-Frame-Options header is not present.

Go to apache httpd.conf and add to the bottom of the file

Header always append X-Frame-Options SAMEORIGIN

After restart the apache server

FOR UBUNTU 20.04:

First enable mod headers and restart apache2

a2enmod headers systemctl restart apache2

go to /etc/apache2/conf-enabled/security.conf:

pico /etc/apache2/conf-enabled/security.conf

find

# # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # #Header set X-Frame-Options: "sameorigin"
Code language: PHP (php)

Uncomment Header set X-Frame-Options: “sameorigin” to look like this:

# # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # Header set X-Frame-Options: "sameorigin"
Code language: PHP (php)

And restart apache2 again:

systemctl restart apache2

Tutorial: How to Disable Track and Trace in apache (TraceEnable Off)

In this simple tutorial I show how to check and disable Apache track and trace. The operating system is CentOS 7 but it can work for CentOS 8 and other distros.

Nikto error: Allowed HTTP Methods: TRACE

If you want to disable TRACE methods go to httpd.conf and add to the bottom:

TraceEnable Off

How to disable windows hibernate and diagnose the computer for power errors

Open Windows PowerShell with administrative rights and run the command

powercfg.exe /h off

This way the computer will never enter hibernate mode and you will save disk space.
If you want to check for any problems with the power state of the machine you can generate a report by typing this command

powercfg.exe /energy

you will wait for 60 seconds

S C:\WINDOWS\system32> powercfg.exe /energy Enabling tracing for 60 seconds... Observing system behavior... Analyzing trace data... Analysis complete. Energy efficiency problems were found. 15 Errors 13 Warnings 18 Informational See C:\WINDOWS\system32\energy-report.html for more details.

now open with the browser the report.

How to make a bootable windows 10 usb flash drive using cmd

1.Plug in USB
2.cmd as administrator
3.Diskpart
4.list disk
5.select disk # (replace # with USB disk number)
6.clean (to clean USB)
7.create partition primary (to create a bootable partition)
8.select partition 1 (to select the partition that you just created)
9.active
10.format fs=fat32 (or format fs=ntfs for more than 4 GB) (to format the USB drive)
11.assign
12.exit (exit diskpart)
13.copy all files from ISO and paste it inside the USB drive