How to make a remote server be invisible to a user

I have a webserver www.example.com that takes user input and calculates results on a remote server: <form action="www2.example.com/action.cgi">

Now the user is on the second server. How do I keep the user on the main server (or make www2 invisible to the user)?

One possibility is to do an Ajax query in the background, but that would mean results are transferred from www2 to www and then to the user, which adds delay and bandwidth costs.

What are some possibilities to accomplish this?

Also, if, in future, we have multiple remote servers www2, www3, etc. what would be the best way to accomplish this?

Query to polybase external table giving error “Access to the remote server is denied because no login-mapping exists.”

we have successfully created all pre-requisite of creating external tables using SQL Server 2017 Standard Edition CU22 Polybase.

The issue we have is the non-sysadmin login can’t query those external tables .It shows below error.

Msg 7416, Level 16, State 2, Line 29 Access to the remote server is denied because no login-mapping exists.

The sysadmin login can query external tables without any issue. Is there anybody saw this issue and can help to resolve it.

Capturing SQL calls sent to a remote server from application

First of all, I’m not well versed in SQL anything at all. Closest I’ve ever needed to get was storing and retrieving data from a local SQLite db.

In essence I think I have a simple problem but it’s hard to orient yourself when everything is new.

My main tool at work is an ERP software, which is basically a front end to an SQL db.

Problem I have with it is that it’s very clumsy and doesn’t allow automation of even the most basic tasks.

What I want to do, is bypass the front-end completely and interact directly with the db to automate most of my tasks with python.

I can connect to the database just fine from python environment, but the schema is gigantic, there’s no way I’ll be able to find whatever it is I might be looking for.

So I need to capture the call front-end sends when I click a button (telling it to display specific set of data) to use that call as a guide.

Basically, how can I, an SQL noob, capture calls that a desktop application sends to a remote server?

Edit 1: My job is mostly analytical, so all of my automation will be for retrieval, analysis and visualization. I’m not very likely to mess anything up.

Edit 2: Tried running a Profiler and got the message:

"In order to run a trace against SQL Server you must be a member of sysadmin fixed server role or have the ALTER TRACE permission."

I’m not a sysadmin, don’t have an alter trace permission and reeeally don’t feel like asking for it 😀

Do I need port forwarding for msfconsole remote target exploitation

I was running a series of test attacks on my virtual test machine. Here i had to set the RHOST option to the Ip-address of the target and LHOST to the Ip-address of my local machine. I am certain that this works well locally because both machines would be on the same private network, with private ip addresse. But what if i had my linux machine(not vm) connected to my phone which is serving as a router. If i ran such an attack on a machine on the internet, RHOST would be the public Ip-address of the target machine; i am skeptical as to what ip address i would put for my LHOST option; can i just use my private ip address(given to my linux from my phone hotspot) as this option or do i have to type in the public ip-address for my phone. And if i do have to put in my phone’s public IP is port forwarding needed in such a case or it would work just fine?

Remote command using Sophos Management

in a recent analysis of a ransomware attack, where BitLocker was used to encrypt the disk, I found that the company was using Sophos.

In the folder C:577-Sophos\AutoUpdate\data\warehouse I found some files that contain executable code and activate BitLocker, using command like the following from disk F: to Z:

manage-bde -on F: -rp 599368-358941-467368-368093-397672-261921-132506-522577 -sk C:\ -s

I’m not really into Sophos management and administration, but I read that the folder warehous can be use as cache for the update installations.

Are these files false positive? Or the malicious actors could use Sophos to spread malicious commands?

Store cookies for multiple sites on remote server and connect from multiple clients


Would it be secure to:

  1. Store all my website cookies (stack sites, webhost, github, web-based email, etc) on a remote server (using an customized open-source VPN or something)
  2. Login to the server with password + 2fa (and maybe have a trusted devices list?)
  3. Keep the cookies only on the server… never actually download them to any of my devices
  4. When visiting stackexchange.com, for example, my server would send the cookies to stack exchange, get the response, and send it back to me, but REMOVE any cookies & store them only on my server

Benefits (I think):

  1. I could keep diverse and very strong passwords for every website, but don’t store the passwords anywhere digitally (keep them on paper in a safe at home or something)
  2. logging in to all the sites I use on a new device only requires one sign in (to my custom VPN server)
  3. Only cookies would be stored digitally, so if anything went wrong server-side, my passwords would be safe & I could disable all the logins through each site’s web-interface

Problems (I think):

  1. If the authentication to my custom VPN is cracked, then every website I’ve logged into would be accessible
  2. The time & energy & learning required to set something like this up.

Improvement idea:

  1. When I sign in to the server the first time, the server creates an encryption key, encrypts all the cookies with it, and sends the encryption key to me as a cookie. Then on every request, my browser uploads the key, the website’s cookie is decrypted, then the request is made to whatever website I’m visiting. Then only one client could be logged in at a time (unless the encryption cookie were stolen)
  2. Encrypt each cookie with a simple password, short password or pin number
  3. An encryption key that updates daily (somehow)
  4. Keep a remote list of trusted devices, identified by IP address? Or maybe by cookie?

Why not just sign into the browser and sync cookies across devices?

  • Signing into Firefox mobile & Firefox on my computer doesn’t give the cookies to Twitter’s or Facebook’s web-browsers (that frustratingly always open first instead of taking me to my actual browser!)
  • It’s not as cool?
  • That would require me to trust a third-party (of course, I’ll ultimately have to trust my web-host to some extent)

Can Chrome Extensions Send Data to Remote Servers?

Suppose an extension has a scary list of permissions like that below ("Site access: On all sites"):

enter image description here

Does this also give the extension permission to send my data to the author’s servers via XHR?

I’ve read the documentation here but lack some background knowledge, so I am not sure in my interpretation:

Cross-Origin XMLHttpRequest

After reading this, it seemed like the extension isn’t allowed to send my data somewhere unless it has lines like the below in the manifest – is this correct?

"permissions": [     "https://www.google.com/"   ] 

Remote debugging android app from another computer on different network

Is is it possible for Android development to remote debug an app from another network? I am not talking about WebView/Web Pages debugging but as stated here, as this page talks about remote debugging a WebView or web pages opened in any app and also I don’t think it will work on if device and computer are on different networks.

My scenario is that if Device A is connected to Computer A on Wifi A and I want to debug the app running on Device A from Computer B on Wifi B.

There is option to connect your device using the ADB wireless debugging using TCP-IP, but that requires the Device and Computer to be on the same network, but in my case device and computer are on another network.

Is this a remote code execution vulnerability?

I am planning to evaluate and install a publicly available software.

https://github.com/opensemanticsearch/open-semantic-search

While reviewing the issues on github, there is an issue open which indicates possible remote code execution for Solr with screenshots.

https://github.com/opensemanticsearch/open-semantic-search/issues/285

I have no idea about security vulnerabilities and hoping this is the correct forum to ask experts. Do you think this is a security vulnerability and one should avoid using the software until fixed?

Screen mirroring remote proctoring

I want to know how I can see the screens(entire desktop and all actions) of four users simultaneously. I don’t want to take remote access . I want to just see all the activities of 4 users for 3 hours. It is for the purpose of remote proctoring. I don’t want to whitelist some applications because they can use the browser to open files but not for using the Internet. They can use a pdf readers but not for seeing previous saved files.v

Current remote proctoring systems I know about doesn’t let you switch tabs or move away from the tool. This won’t serve th purpose because they have to be tested on the ability to use office applications. It has to be Easy to use for teens (15 year olds) And to be able to see all 4 screens at my end but they should not be able to see any screen except their own. It should work on windows PC/mac.

What tools are possible to use What is the cost Are their any freeware..I just need it for 3 hours each day for 2 days.