Tuesday, September 01, 2009
I have moved!
The old stuff here and at pleasefeedthegeek.wordpress.com will be left behind for reference.
Saturday, August 08, 2009
Writing stuff that helps others
Friday, July 31, 2009
Nginx + PHP-FPM : $_SERVER[PHP_SELF] returning itself twice
I got the $_SERVER[PHP_SELF] returning itself twice (eg. /123.php/123.php instead of /123.php as it should be) with my Nginx and PHP-FPM server. (Nginx 0.7.61, PHP 5.3.0)
Seems that the issue lies with the fastcgi configuration that I used. Make sure that this is not set.
# fastcgi_param PATH_INFO $fastcgi_script_name; #do not use, causes php_self to screw up
Wednesday, April 29, 2009
HOWTO: Share internet connection (painlessly) from your Ubuntu machine over Wireless
Problem was, after reading many Ubuntu forums and HOWTOs, trying out Firestarter many times (and I'm currently too lazy to learn to configure iptables myself manually), I was almost ready to give up, until I read up on ipmasq out of curiousity... You would need to use the terminal, so if you have an allergy to the terminal it'd be good to learn and overcome that first :)
If this was helpful to you, or if you have any questions, do leave a comment!
This HOWTO was done on the following:
- Ubuntu Jaunty 9.0.4 UNR (Ubuntu Netbook Release)
- Huawei E180 HSPA USB Modem
- Acer Aspire One A150
Here's what you do:
1) Install dnsmasq and ipmasq
Run the following command in terminal:
sudo apt-get install dnsmasq ipmasq -y
2) Disable dnsmasq from autostarting
In your terminal, type:
sudo gedit /etc/default/dnsmasq
Look for the line that states "ENABLED=1" and change it to "ENABLED=0"
3) Kill off dnsmasq daemon
We don't want dnsmasq to be running as a daemon here, since NetworkManager tries to start it for shared connections.
sudo killall dnsmasq
4) Enable wireless
You should know how to do this if it's not already on...
5) Configure wireless
- Left click network manager applet in the top panel.
- Select "Create new wireless network".
- Type in the network name and change your security settings as needed.
6) Check wireless config
- Right click network manager applet.
- Select "Edit Connections...".
- Go to the "Wireless" tab.
- Select your ad-hoc network and click on "Edit".
- Go to "IPv4 Settings" tab
- The method should be "Shared to other computers"
7) Configure ipmasq
In terminal, type:
sudo dpkg-reconfigure ipmasq
- Should PPP connections recompute the firewall? Yes
- Just press Ok
- When should ipmasq be started? After network interfaces are brought up
8) Connect internet facing modem connection if not already done so
For me I just select my service provider and Ubuntu "dials up" to connect
9) Run ipmasq to configure iptables
iptables configs does the actual routing, ipmasq helps configure iptables PAINLESSLY :)
From terminal, type:
sudo ipmasq
10) Get ipmasq to run whenever a network interface goes up or down
iptables configurations are not persistent, so I use ipmasq to autoconfig for me everytime a network interface goes up. Note that you can also use other methods to persist iptables. NetworkManager fires off scripts in /etc/network/if-up.d whenever an interface goes up, so let's tell it to run ipmasq too.
In terminal, type these commands:
cd /etc/network/if-up.dCopy and paste the following into the editor, save and exit.
sudo gedit config-iptables
#! /bin/shThen in terminal again, make the script executable:
/usr/sbin/ipmasq
sudo chmod +x config-iptablesYou will want ipmasq to autoconfig again when a network interface goes down, so run the following in terminal:
sudo cp config-iptables /etc/network/if-post-down.d
11) Connect client, start surfing :)
You're done! Now just get another wifi client to join in the ad-hoc network, and after it gets an IP automatically we should be good to go!
Sunday, April 05, 2009
Ubuntu on Acer Aspire One cannot see or join wireless network
I'm using an Acer Aspire One A150, running Ubuntu Intrepid Ibex 8.10, madwifi-hal drivers as instructed here.
Friday, March 27, 2009
It (still) hurts like hell
I think most people would never come close to understanding this kind of pain, which would be good if this were true... I'm grateful to God really for Yifen who really does love and know me, and I'm sure my sister-in-law does too for my brother. But even with the many people around who know about this and show concern, I believe the only one who can come close to understanding this would be my brother only.
Which is why I get quite frustrated when people come and say "Oh, you should keep trying to contact her. See, your mum is so hurt." or "It's only right to keep trying because we need to honour our parents."
Honouring father and mother I totally agree with. And that's because that is what God (or Christ) wants. But all this time thrashing it out in my mind what I still can't figure out is: why does it mean for me to honour her? Definitely far more than just fulfilling obligations/duty, but what I wish to do is exactly what's not possible now counting what's happened/happening. Totally frustrating...
Still much more floating around in my head, and after so long a time of thinking heh. But all still in a mess..
Tuesday, March 24, 2009
HP SWFScan Static Code Analysis Tool for Flash
HP has released SWFScan, a free static code analysis tool for Flash. It does decompiling and static code analysis for a pretty huge list of vulnerabilities in Flash. Supports up to ActionScript 3.
Using it is easy: point it to the flash file, click on "Get" to retrieve and decompile, then click on "Analyse" to well...Analyse the source code :)
Decompiled source codes can be saved, and a HTML vulnerability report can be generated too after analysis.
FAQ
http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/hp-swfscan-faq.aspx
Blog post
http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.aspx
Download
Wednesday, March 18, 2009
ProxyStrike!
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.
Right now it has available Sql injection and XSS modules. Both modules are designed to catch as many vulnerabilities as we can, it's that why the SQL Injection module is a Python port of the great DarkRaver "Sqlibf". The XSS module is made by us, using our library Gazpacho (soon will be released as standalone tool).The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won't see any different in the behaviour of the application, but in the background is very active. :)
Features:
- Plugin engine (Create your own plugins!)
- Request interceptor
- Request diffing
- Request repeater
- Automatic crawl process
- Save/restore session
- Http request/response history
- Request parameter stats
- Request parameter values stats
- Request url parameter signing and header field signing
- Use of an alternate proxy (tor for example ;D )
- Sql attacks (plugin)
- Server Side Includes (plugin)
- Xss attacks (plugin)
- Attack logs
- Export results to HTML or XML
Wednesday, March 11, 2009
HOWTO: Determining the day of the week from the date in Microsoft Logparser
MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7)
logparser -i:csv -o:datagrid "SELECT DISTINCT TO_DATE(DateTime), MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) FROM datetest.csv"
logparser -i:csv -o:datagrid "SELECT DISTINCT TO_DATE(DateTime), Day USING CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 0 THEN 'SAT' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 1 THEN 'SUN' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 2 THEN 'MON' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 3 THEN 'TUE' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 4 THEN 'WED' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 5 THEN 'THU' ELSE 'FRI' END END END END END END AS Day FROM datetest.csv"