KUMEL'S NOTE

The first step is search vulnerable of sql injection at the site, and i've found at that site sql injection vulner in url : http://192.168.56.103/joomla/index.php?option=com_aardvertiser&cat_name=user&task=view

Now, try to inject it with sqlmap with syntax :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.103/joomla/index.php?" --data "option=com_aardvertiser&cat_name=user&task=view" -p cat_name --dbs

Than the result is :
[03:18:19] [WARNING] POST parameter 'cat_name' is not injectable
[03:18:19] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
[*] shutting down at: 03:18:19

Socks is a generic proxy protocol for TCP/IP-based networking applications, the socks protocol provides a flexible framework for developing secure comunications by easily integrating other security technologies. When an application client need to connect to an application server, the client mechine connect to a socks proxy server. The proxy server connect to application server on behalf of th client, and relays data between the client and the application server. For the application server, the proxy server is the client.
Meanwhile of http's work, when a web browser initiates a request to a server, typical by openning a TCP/IP connection. The request it self comprises : a request line, a set of request headers, and an entity. And than the server sends a response that comprises : a status line, a set of response headers, and an entity. The entity in the request or response can be though of simply as the payload which may be binnary data. The other items are readable ascii characters. When the response has been completed, either the browser or the server may terminate the TCP/IP connections, or the browser can send another request.
References :
http://www.infosecwriters.com/text_resources/pdf/what_is_socks.pdf
http://www.silicon-press.com/briefs/brief.http/brief.pdf

Information Gathering
Take the ip target

Service Enumeration
Scanning with nmap and a result is :
Starting Nmap 5.51 ( http://nmap.org ) at 2011-07-14 10:25 WIT
Nmap scan report for 192.168.56.101
Host is up (0.0011s latency).
Not shown: 995 closed ports

.htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration, with htaccess we able to override a subset of the server's global configuration. The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name.

How to configure .htaccess ?
If you want to call your .htaccess file something else, you can change the name of the file using the AccessFileName directive. For example, if you would rather call the file .configthen you can put the following in your server configuration file:

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.