2018 Drupal tip: How to fix “The file could not be uploaded” file and folder permissions

Abstract image of building floors that have different colors and are numbered

How to fix the Drupal “The file could not be uploaded” error.

Overview

I can’t tell you how often I find myself googling or revisiting a ‘unknown‘ issue just for it to turn out to be a known unknown issue.

In this particular case it has to do with Drupal’s file upload. This ‘issue’ affects Drupal 7.57 and I imagine all versions, mainly because it’s not an issue with Drupal but more to do with configuration and setup.

Here’s how to resolve it:

The Problem

Folder permissions, specially the field and field/images folder which can be found at this path sites/default/files/field/image

The Answer

Change the Read-Write Access

If you can ssh into your server and goto sites/default/files then type the following command into your terminal:

$ chmod 777 field

$ chmod 777 field/image

You can try testing upload again, if this resolves the issue. If not you’ll have to change the ownership of the folders also.

Change the Owner and Group

First type:

$ ls -l

This will print out something that looks like this: drwxrwxrwx 2 "owner name" "group name" 4096 Mar 5 15:06 image

what you need to change is: “owner name” “group name” – minus the quotes obviously.

Now that we know what the owner name and group name for the folder we’re trying to change is, we do that same for another file in the files folder i.e. a folder like css.

Once you’ve done that type the following:

$ chown "new owner name:new group name" field

$ chown "new owner name:new group name" field/image

Again, don’t add the quotes or the any of the spaces.

Now this should resolve the issue, so try uploading again.

Setup your Mac for Pentesting

Setup Your Mac For Pentesting

Get Your Mac Setup With Pen Test Tools

I’ve been using Kali for sometime now and while I do like Kali, running it from a VM can sometimes be a pain. So I started to wonder if there was a way to bypass running a VM for these security tools and instead use my host machine, my Mac.

  1. Overview
  2. How to install Pentest Tools
  3. Installing a Pentest Tool like Dirb

 

Overview

At first I was going to mimic Kali’s tools in folders on my Mac. Installing the tools I wanted manually, then I decided to stop and research if there was an easier way. Upon doing so I found this:

Homebrew Tap – Pen Test Tools
Essentially this is a collection of brew taps that will install the various tools you find in Kali. Score!

A prerequisite to use this Pen Test Tools is to have brew installed. Brew is a package manager for your Mac, it allows you to install Linux packages on your Mac, it’s really convenient.

 

How to install Pentest Tools

After you install brew you can run the following command:

$ brew tap sidaf/pentest

Installing Pen Test Tools
This will install the Pen Test Tools tap (aka. a repository), from there you can install one of the tools as seen below.

 

Installing a Pentest Tool like Dirb

$ brew install sidaf/pentest/dirb
Installing Dirb

Installing Dirb

Verifying Dirb is Installed

Verifying Dirb is Installed

This will install the Dirb tool (used to discover hidden files and directories).

 

Conclusion

Now that you can install and run some of Kali’s pentest tools you’ll be able to hunt for bugs without launch a VM. Good hunting 🙂

Feel free to let me know your how you have your mac setup to do pentesting and any additional tip/tricks you use.

How I prepared for the Certified Ethical Hacker (CEH) exam

CEH Exam

Background

So I felt my current career in web development had reached a peak and I was feeling stagant. So I started looking for a change, a new challenge. I can’t quite remember what made me think about doing Security, but I think maybe it may have been someone mentioning we had just hired a Security guy at work and he would need some help.

I started really looking at security and security related topics in the fall of 2016 and expressed my interest to my workplace. Which by coincidence they had received an email from a vendor about a Certified Information Systems Security Professional CISSP training, which with me being new to it all I gladly said, “Yes, Please!”. The CISSP training was fantastic (thanks Jay Ranade) it gave me a board overview of Information Security and what areas I may want to invest my time in.

After the training I did consider taking the exam, but I still felt unsure and plus a 6 hour exam is not something you just get excited about. So I took the chirstmas break to learn more about InfoSec and try to decide my next step.

At the begining of the new year, through work, I was able to attend another training session this time it was for the Certified Ethical Hacker (CEH). I was really excited about this training as it would be about hacking 🙂 One problem, I had been out of school for such a longtime and I felt like my brain was just mush. So I started researching how to, well learn.

How do we learn?

Here’s what I found, how I was taught in school was well, wrong. We were taught how to pass exams (barely), but we weren’t taught how to learn and retain that info.

While doing my research I came across this excellent Coursera course (Learning How to Learn: Powerful mental tools to help you master tough subjects). This course is taught by Dr. Barbara Oakley, her teaching style is easy and the content is retainable. I was so impressed and inspired that I dug deeper into other resources that Dr. Barbara Oakley might have, then I discovered her book, A Mind For Numbers: How to Excel at Math and Science (Even If You Flunked Algebra). In her book she outlines 10 Rules of Good Studying, you can read more about the process in detail but below is an outline, needless to say it helped me and I’m glad I found her book.

10 Rules of Good Studying

  1. Use recall. After you read a page, look away and recall the main ideas.
  2. Test yourself.
  3. Chunk your problems. Chunking is understanding and practicing with a problem solution so that it can all come to mind in a flash.
  4. Space your repetition. Spread out your learning in any subject a little every day, just like an athlete.
  5. Alternate different problem‐solving techniques during your practice. Never practice too long at any one session using only one problem.
  6. Take breaks.
  7. Use explanatory questioning and simple analogies. Whenever you are struggling with a concept, think to yourself, How can I explain this so that a ten‐year‐old could understand it?
  8. Focus. Turn off all interrupting beeps and alarms on your phone and computer, and then turn on a timer for twenty‐five minutes.
  9. Eat your frogs first. Do the hardest thing earliest in the day, when you are fresh.
  10. Make a mental contrast. Imagine where you’ve come from and contrast that with the dream of where your studies will take you.

So from reading all of those great tips I created my own list of resources and study routine:

 

My Resources

My study routine

Here’s the routine I used on my study nights:

  1. 15 mins – Review notes
  2. 15 mins – Review slides
  3. 15 mins – Review Flash Cards
  4. 60 mins – Do Practice Exams

Conclusion

Don’t listen to that inner voice! The biggest challenge by far was that inner voice that tries to tell you that you can’t do it, that you’ll never find the time to study and that you’re not smart enough. However if you push past that voice you’ll realize the truth, that if you want it bad enough you will achieve your goals.

Best of luck to you. Feel free to let me know your experience and tip/tricks you used to pass your exams.

 

$ Initial Commit

Initial Commit

I’ve always had an interest in hacking, and now it looks like I’ll be making it a career. I like Application & Mobile Security.

I developed Websites & Mobile apps for a number of years. Now I’m trying to focus on information security and make sure their secure. I guess I mainly felt like I wanted a new challenge and decided it was time for a change. Web development had become a bit boring and lacking in growth which also meant that opportunities for pay increases were stagnant or in many cases non-existant.

With Information Security, had everything I was looking for, potential growth, increase in salary and a new direction in life.

Right now I’m preparing for my CEH exam, I’ll share some resources that I’ve found quite helpful after I pass the exam.

How-to Create A Domain Alias In Your Django Development Environment

Close-up of a dark pink/purple tint computer keyboard

Quickly Setup domain routing for multiple Django sites

Overview

Recently, while working on a new Django project I need to create two Django sites that referred to each other. One would be the main domain i.e. mysite.com and the other would be a subdomain i.e. hello.mysite.com.

So I started wondering if there was a way to test this locally in my development environment, and after 2 days of searching online I really found nothing and started to think it was impossible.

However, after speaking with a good friend of mine, Chaz Hill, who happens to be a really kick-ass System Administrator he pointed me in the right direction. I was trying to do all this with Vagrant at the time but in this post I’ll show you how you can do it the normal way, through the shell.

Configure Django

Create your Django project and app, then launch the Django development server using port 80, this is the important part (even though I’ve been using Django for sometime now, it totally slipped my mine I could set the port to 80).

Fix Permissions Error

Now if you tried running this without sudo – you will get an permissions error, the fix of course is to do this => sudo python manage.py runserver 127.0.0.1:80 

Pic of Django development server running in shell and in the foreground the hosts file.

Pic of Django development server running in shell and in the foreground the hosts file.

Run Django Development Server

With the Django development server running, open your hosts file, /etc/hosts and add 120.0.0.1 mysite.com – save the file and goto your browser and type mysite.com, you’ll happily see your Django site running ?

How-to Use Python To Create A Beautiful Web Calendar

Python Web Calendar

Overview

At work I usually use PHP, HTML, CSS and JavaScript to build any bits of functionality but sometimes it can take quite awhile to get the what I want working.

So recently, I’ve found it really nice to use Python in my workflow to “glue” together certain aspects of a project.

For example I found it easier to create a employee pay day calendar with Python vs creating it in PHP. Not only was it fun to build but I’m left with more time to explore extending my initial idea.

 

What it should look like

Python Payday Web Calendar

The pay day calendar generated with Python

 

  1. Subclass The Python HTMLCalendar Module
  2. Pay days data
  3. Generate the webpage
  4. Presentation
  5. Download Files/Code

 

 

Subclass The Python HTMLCalendar Module

Just make it easy, just subclass. In this case I made a subclass of HTMLCalendar from the Calendar module and overrode some of the methods.

Python Web Calendar

PayDayCalendar Class, the highlighted area shows where to add in some CSS into the HTML

 

The method, formatyearpage() was the main method that needed to be modified because I wanted to dump the returned text into an actual HTML document.

So I simple added the ability to write the text to a HTML file. The remaining methods were only necessary for adding CSS attributes to the HTML.

 

Python Web Calendar

PayDayCalendar Class, from line 98 to 100 is the simple function call to write the text to a HTML file

 

Pay days data

The main script, generatePayDayWebpage.py generates the calendar and saves it to a file called CIGpaydays.html.

This script is quite simple and only contains the imported subclass of HTMLCalendar, called PayDayCalendar.

This class takes a list of tuples containing, the month and the day.

Python Web Calendar

The main script, generatePayDayWebpage.py, clean and simple

 

Generate the webpage

After creating the subclass and the main script it was time to see if it all paid off.

Running generatePayDayWebpage.py in terminal produced the desired results, a print out of the data, before and after going to PayDayCalendar class along with a confirmation that the webpage had been generated.

 

Python Web Calendar

Running generatePayDayWebpage.py in terminal, showing debug print-out and confirmation

 

 

Presentation

Now that I had generated the HTML calendar all I had to do now was style it. The ‘4’ that was passed to formatyearpage() was a parameter that lays out the calendar in 4 columns, so there wasn’t too to do in terms of CSS, only basic styling of colors and fonts.

Python Web Calendar

 

Python Web Calendar

 

Python Web Calendar

 

NOTE: this version of the calendar uses tables and in the future I intend on changing it to tableless layout.

 

 

Conclusion

Thanks for taking the time to read this article. Please feel free to leave a message or comment with your thoughts.

A Quick Tip On Creating An Easy Maintenance Mode Page In Django Using Fabric

Abstract image of wires forming a web

I wanted to share this process that I’ve figured out since I
couldn’t find a solid answer anywhere online, I hope it helps someone
and saves them time and headaches. The problem, “How to put your Django site into maintenance mode” –  the easy way with Fabric.

Truth be told I figured this out by combining info from How to use mod_rewrite rules to easily enable web site “maintenance” modes by Meitar Moscovitz this article pointed me in the right direction.

So here is the solution for using Fabric to put your Django site into maintenance mode;

1. First make sure you create a empty file on your server, this will
be your toggle file (or at least this is what I call it). We’ll use this
to check whether or not the maintenance mode is on or off.

In this case I created a file called “maintenance-mode-on” and put it
in on my server that’s serving the static content for my Django site.

2. In your .htaccess or httpd.conf file add this,

RewriteEngine On
# If this file (toggle file) exsists then put the site into maintenance mode
RewriteCond /path/to/where/your/toggle/file/is/located/on/the/server -f
# If coming from approved ip address, then don't put it into maintenance mode,
# here I'm using HTTP:x-forwarded-for in place of REMOTE_ADDR this is because some users (or your yourself) might
# arrive to the site via a proxy server, so it's more accurate to use HTTP:x-forwarded-for to get the real ip address,
# Also please note that the ip address below has '\' in them because HTTP:x-forwarded-for returns or stores the ip address as a comma delimited list
RewriteCond %{HTTP:x-forwarded-for} !^127\.127\.127\.127$
# redirect to the maintenance mode page
RewriteRule ^(.+) /path/to/the/maintenance/mode/directory/or/index.html/$1 [L]
view raw gistfile1.txt hosted with ❤ by GitHub

3. Once that’s done you can now create two new Fabric commands;

# One for renaming the toggle file from 'maintenance-mode-off' to 'maintenance-mode-on', this will turn on the maintenance mode the next time someone refreshes the page or clicks on a link
def mm_on():
with cd('~/path/to/where/your/toggle/file/is/located/on/the/server'):
run('mv maintenance-mode-off maintenance-mode-on')
# And this command turns the maintenance mode off, again by renaming the "toggle file".
def mm_off():
with cd('~/path/to/where/your/toggle/file/is/located/on/the/server'):
run('mv maintenance-mode-on maintenance-mode-off')
view raw fab.py hosted with ❤ by GitHub

And presto that’s it, you can now put your site into maintenance mode, make the necessary changes and database backups or whatever, without having to worry that users are still in or on the site.