Pages

Showing posts with label tech. Show all posts
Showing posts with label tech. Show all posts

Tuesday, November 16, 2010

Online WYSIWYG HTML editor

TinyMCE is a Javascript HTML WYSIWYG editor control released as Open Source under LGPL.
Very very cool :)
Posted by Liviu at No comments:
Labels: ,

[eBook] Hacking - The art of exploitation

Jon Erickson's Hacking: The Art of Exploitation, 2nd Edition
Excellent book describing the fundamental techniques of serious hacking (in an ethical sense).
It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86.
The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously :).
The examples are relevant and fresh.
I will describe the steps for getting the book together with the cd and start working the examples. The price on amazon is way below the book's value, you will soon realize that it deserves the money. But anyway, if you wish to try it first, here we go...
  1. Download the torrent  (that contains the book and also the CD). The cd is an .iso file, that we'll use later.  
  2. Tools needed:  MagicIso, vmware player, vmx builder
  3. Create a new virtual machine in Vmx Builder.
    • In the Hardware tab, add a new cdrom, that will use the iso just downloaded in step 1.
    • Also add a new hard disk, that will be used for saving the changes (casper-rw persistent partition).
      • I've selected a 300 MB single growable virtual disk, on IDE
      • For Mode, select Independent and check Persistent
    • You may also disable the floppy disc, and adjust the memory (I've set 500 MB. With default 128 it didn't start).
    • I have also added an ethernet controller, with network connection set to Custom, and VMnet8 (NAT).
    • The Windows services VMware Nat and VMware DHCP should be started.
  4. Start vmx file to boot. After booting into Ubuntu Feisty, we will create a partition on the virtual hard disk, format it as ext3 and assign it the label casper-rw. This will be used for saving changes for all users. 
    5. # Log in as root
sudo su

# Check our new disk, in my case the disk has been picked up as hdb
# hd for ide, sd for SCSI
dmesg |grep hd

# Create disk
fdisk /dev/sdb
p
n
p
1
<enter>
<enter>
w

# Format
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb1

# Restart
reboot
    The system will not reboot entirely, you will have to close manually the virtual machine. For now.
  5. Make the linux persistent.
    • Step 1 : update initrd.gz
      • Open a terminal and type sudo su (to become root)
      • Type mkdir /projectinit (to make our project directory)
      • Type cd /projectinit (to change to the project directory)
      • Type gzip -dc /cdrom/casper/initrd.gz | cpio -i (to extract the initrd.gz)
      • Type gedit init (to edit the init file)
      • From gedit, find the following section:
        • break)
break=premount
;;
esac
      • Directly above esac add the following:
        • persistent)
PERSISTENT=yes
root_persistence=casper-rw
home_persistence=casper-rw
;;
      • It should end up up like the following:
        • break)
break=premount
;;

persistent)
PERSISTENT=yes
root_persistence=casper-rw
home_persistence=casper-rw
;;

esac
      • Save the changes to update the init file
      • Type find . | cpio -o -H newc | gzip -9 > initrd.gz (to zip the new initrd.gz file)
      • If you booted with network support, you could email initrd.gz file and update the ubuntu iso with this new modified file. (Use MagicIso to update the iso)
    • Step 2: modify isolinux.cfg like this:
      LABEL live
menu label ^Start Hacking LiveCD (Persistent Ubuntu Linux)
kernel /casper/vmlinuz
append file=/cdrom/preseed/ubuntu.seed boot=casper persistent initrd=/casper/initrd.gz quiet --
    Shutdown and restart the machine.
  6. Remove the prompt to eject CD.
    After restart, delete those files to get rid of the prompt.
    rm -r /etc/rc0.d/*casper

rm -r /etc/rc6.d/*casper
  7. Update package repository and install a chm viewer. I used gnochm.
    Officially the 7.04 repos are down but unofficially there are still here. They were moved to:
    http://old-releases.ubuntu.com/
    so you could edit your sources.list file and change the urls accordingly. To easily edit the file, using for example gedit, open terminal and do
    sudo gedit /etc/apt/sources.list
    modify the file and save it. Then
    sudo apt-get update
sudo apt-get install gnochm
  8. Now you should have a persistent Ubuntu Feisty Fawn 7.04 in a virtual machine, the chm viewer installed, internet and network functional and a great book full of examples. Success at getting your hands dirty with code :)
Good links:
  1. Article about Ubuntu 7.04 repositories
  2. This shows how to make Ubuntu 7.04 persistent 
  3. Article about how to remove the prompt to eject CD message
  4. Great article  about how to install Backtrack4 on VMware on Windows with persistent changes (some things also applied from here)
Posted by Liviu at No comments:
Labels: , , , , ,

Defensive Programming

Overview

Defensive Programming is a technique where you assume the worst from all input

  • The biggest danger to your application is user input.
    • It's uncontrolled, unexpected and unpredictable.
  • The input sent to your application could be malicious.
    • Or it could just be something you never expected.
  • Debugging takes a lot of time.

 

First Rule

Never Assume Anything!

Two kinds of assumptions: 

  • Expected input
    • Data from the user cannot be trusted. As such, all input must be validated.
    • For each input:
      • Define the set of all legal input values.
      • When receiving input, validate against this set.
      • Determine the behavior when input is incorrect:
        • Terminate
        • Retry
        • Warning
  • The programmer assuming something about a programming language
    • Some primitive data types have different sizes depending on the operating system and the hardware platform. For example, integers have been 8,16,32 and 64 bits. Assuming the size of a data type can be disastrous when working on different platform.
    • In C, the size of data types are defined in limits.h. In addition, C has the sizeof operator which will calculate the size of a variable.
    • You need to be especially careful on integer operation.
short x = 10000 * 10
Will x overflow?


Testing:

  • Just testing that it works is not good enough.
  • Error cases need to be tested, to see that the application reacts accordingly. Add tests for different kinds of input:
  1. illogical
  2. strange ASCII characters
  3. numerical/non-numerical
  4. positive/negative/0
  5. too large/small
  6. only composed of numbers/letters
  7. border values
  • Ask other people to test your application
    • First start with the technical testers
    • The asks non-technical people
Second Rule

Use standards!

  • Proper coding standards address weaknesses in the language standard and/or compiler design.
  • They define a format or "style" used for writing code. Every software development team should has an agreed-upon and formally documented coding standard. Coding standards make code more coherent and easier to read, thus reduce the likelihood of bugs. They cover a wide range of topics:
  1. Variable naming
  2. Indentation
  3. Position of brackets
  4. Content of header files
  5. Function declaration
  6. Use of constants/magic numbers
  7. Macro definitions
Third Rule

Keep code as simple as possible !

  • Complexity breeds bugs.
  • Software should only contain the features it needs.
  • Proper planning is key to keeping you application simple
  • Functions should be seen as a contract
    • Given input, the execute a specific task.
    • They should not do anything other than that specific task.
    • If they cannot execute that task, they should have some kind of indicator so that the callee can detect the error.
      • Throw an exception (doesn't work in C)
      • Set a global error value
      • Return an invalid value
        • NULL?
        • False?
        • Negative number?
  • Refactoring
    • Is not a bug-fixing technique. Is a good technique to battle feature creep:
      • Features are often added during development
      • These features are more often the source of problems
    • Fights this by forcing the programmer to reevaluate the structure of his/her program.
    • It can help you keep you application simple
  • Third-party libraries
    • Code reuse is not just a smart-choice, it's a safe choice. Odds are that a specific library has proven itself and is much more stable than anything you could build short-term. Although code reuse is highly recommended, many questions must be addressed before using someone else's code:
      • Do this do exactly what I need?
      • How much will I need to change my design?
      • How stable is it? What reputation does it have?
      • How old is the code?
      • Who built it?
      • Are people still using it? Can I get help?
      • How much documentation is there?
Case Study

(on function PF_SafeStrCpy)

1. Initial version:

/* 
** This function copies the null terminated string str2 to str1. 
** Str1 is truncated, if the the length of str2 is greater than or equal 
** the length of str1. The parameter len1 must conatin the length value 
** of str1 (sizeof).
*/
/* this function replaces the system one due to QAC */
IM_string PF_SafeStrCpy (IM_string str1, 
IM_cstring str2, 
IM_word len1)
{
IM_word len2;

/* strlen returns the length without the terminating '\0' -> + 1 */
len2 = strlen(str2) + 1; 

if (len2 > len1)
{
str1[len1 - 1] = '\0';
return strncpy(str1, str2, len1 - 1);
}
else
{
str1[len2] = '\0';
return strncpy(str1, str2, len2);
}
}

2. Problem discovered: A simple test proves that this function is not so safe though:

char str1 [100]; 
char str2 [100] / * strlen (str2) == 99 * /

The call PF_SafeStrCpy (str1, str2, 100); goes through the else branch and writes past the end of str1.

3. Actual corrected version:

/**
* \see PF_Basic.h 
* corrected version of PF_SafeStrCpy; the origin is from project SAR 
*/
char* PF_SafeStrCpy (char* str1, const char* str2, IM_word len)
{
if ( 0 == len ) {
return NULL;
}
else {
char* cptr = strncpy(str1, str2, len);
str1[len-1] = '\0';
return cptr;
}
}

4. Remarks on actual version:

Attack possibilities:

  • Passing NULL as "src" (str2) or "dest" (str1) can easily cause the program to terminate, thereby enabling a DoS attack
  • Improperly passing in the "count" (len) parameter (that strncpy will use), causes buffer overflow problems

5. General solution:

As a rule, the return string buffer must be at least large enough to hold the specified maximum number of characters, not bytes, plus the NULL character.

Follow these rules for safe use of strncpy():

  1. Verify that src and dest are not NULL.
  2. Null terminate the final character of DEST.
  3. Use strncpy(dest, src, sizeof(dest)/sizeof(dest[0])).
  4. If the final character (i.e., sizeof(dest) - 1) of DEST is no longer null, then the buffer was overrun.

Steps are effective, but usage still requires care in checking sizes.

6. Observations:

  • strlen() vs sizeof()

This code:

char String[]="Hello";

printf("\n Size of string: %d. String length: %d.\n", sizeof(String), strlen(String) );

... prints: Size of string: 6. String length: 5.

  • Non NULL-terminated string:

This code:

char String[5] = { 'H', 'e', 'l', 'l', 'o' };

printf("\n Size of string: %d. String length: %d.\n", sizeof(String), strlen(String) );

... prints: Size of string: 5. String length: 19. (String length is unknown. The function strlen() searches until it finds a NUL terminator.)

  • strlen() with pointers:

This code:

char *ptr = "Hello";

printf("For ptr: sizeof = %u, strlen = %u.\n", sizeof ptr, strlen(ptr));

... prints: For ptr: sizeof = 4, strlen = 5\n. (ptr is a pointer, so zieof(ptr) is the size of the pointer, in this case 4 bytes)

  • strlen() is NOT safe to call!
    • Unless you positively know that the string IS null-terminated.
    • When you call strlen() on an improperly terminated string:
      • Strlen scans until a null character is found
      • Can scan outside buffer if string is not null-terminated
      • Can result in a segmentation fault or bus error
Good external links
  1. Defensive programming on Wikipedia
  2. Secure programmer: Developing secure programs article by David Wheeler
  3. Secure programmer: Countering buffer overflows article by David Wheeler
  4. Proactive Debugging article by Jack Ganssle
  5. Secure Programming for Linux and Unix HOWTO -- Creating Secure Software free book by David Wheeler
  6. Programming issues: Buffer overflows
Posted by Liviu at No comments:
Labels: , ,

Add source code syntax highlighter to blogger

SyntaxHighlighter (by Alex Gorbatchev) it's a pretty good and customizable option.

It supports a lot of different languages and you can easily create new "brushes" for your language if it is not supported by default.

Now, adding 'Syntax Highlighter' to my blog:

Step1: Save old template

From Design->Edit HTML->Download Full Template

Step2:

In Design->Edit HTML, add the following before ending of the head element, just above </head>:
<!--SYNTAX HIGHLIGHTER BEGINS-->
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shCore.css' rel='stylesheet' type='text/css'/>
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shThemeDefault.css' rel='stylesheet' type='text/css'/>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js' type='text/javascript'></script>
<script language='javascript'>
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script>
<!--SYNTAX HIGHLIGHTER ENDS-->
Other possible variants for "brushes" are:

shBrushCss.js, shBrushJava.js, shBrushJScript.js, shBrushPhp.js, shBrushPython.js, shBrushSql.js, shBrushRuby.js, shBrushVb.js, shBrushXml.js, shBrushPerl.js.

The brush "shBrushXml.js" applies also to html syntax highlighting.

Step3:
You can preview anytime the template.
And while creating a new post, use <pre> tag in the post.
The code of your post needs to go in between the
<pre class="brush: html">
and
</pre>
tags, in order to highlight properly.

Step4
Other possible themes (instead of "shThemeDefault.css":

shThemeDjango.css, shThemeEclipse.css, shThemeEmacs.css, shThemeFadeToGrey.css, shThemeMidnight.css, shThemeRDark.css.
Posted by Liviu at No comments:
Labels: , , , , , ,

Sunday, February 28, 2010

http://antica.bestweb.net

Level 15 :D
Posted by Liviu at No comments:
Labels: ,

Saturday, February 27, 2010

Personalize view in VS debug, watch windows

Base article:

Writing custom visualizers for Visual Studio 2005

Example for a structure:

In source code:

struct test_struct{
 int val; /* 0xf - FALSE; 0xa - TRUE other - INCOHERENT*/
}

In autoexp.dat, [Visualizer] section:

[Visualizer]

; My Visualizer for my test struct
test_struct {
preview (
#(
   #if ($c.val == 0xA) (
    #("TRUE")
   ) #else (
    #if ($c.val == 0xF) (
     #("FALSE")
    ) #else (
     #("INCOHERENT")
    )
   )
)
)
}
Posted by Liviu at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)