Hackthebox is an online platform that allows people to practice their penetration testing skills in a fun and rewarding environment.
I've been on the platform almost two years now, and have been part of the BirdsArentReal team (previously TCLRed) for about a year. It is ranked top 5 on the team leaderboards, and top 30 within the USA CTF leaderboards.
pSubby is a passive subdomain enumeration tool written in Bash.
It supports the usage of Shodan, and makes use of Subfinder.
I've written a Bash script to automate the creation of virtual hosts and user accounts while working on an assignment for college.
This script does the following:
1) Creates a new user
2) Assings it the www-data group
3) Creates a new virtualhost directory in /var/vhosts/
4) Creates a valid virtualhost configuration in /etc/apache2/sites-available/
5) Enables this vhost config
6) Reloads the Apache2 service
7) Creates a default index.html page
8) Creates a symbolic link from /var/vhosts to /home/ for FTP purposes.
Administrator is advised to revise permissions for optimal security!
vHost Script Expansion
I've made a Proof of Concept where the above vhost bash script is executed through PHP. This allows an end user to create webinstances from a web based control panel. The reason I've developed this is due to a school project which required us to create our own virtual datacenter using ESXi/vSphere technology.
Proof of Concept:
Please keep in mind the following is just an example and demonstration of how the script I've written could be used. With no regard to error handling and input validation.
First an end-user navigates to your index.html.
When navigating to the hosting page a customer is greeted with the following:
The end-user fills in their details along with the domain to be registered.
Upon pressing the Register button, the data filled into the form is handled by a PHP script.
On the front end, the customer is shown a confirmation page.
The virtual host has now been created successfully along with the user account.
If an FTP service is installed and configured the end-user can also access their files through FTP.