Pages

Tuesday, November 30, 2010

Base .. powered by Apache

From a shell,
telnet presidency.ro 80
HEAD / HTTP/1.0

Date: Tue, 30 Nov 2010 08:50:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Or you can see the response headers (and many many others) with the Web Developer plugin for Chrome or Firefox:
Date: Tue, 30 Nov 2010 08:50:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
...

First question: is it for real? :) Has he really gone free software?
Second,  is it good/bad, why.......

Set key bindings for C shell

To bind a sequence of keys to a particular shell command (for example use Ctrl+R, to search the history backwards, as in bash, or other useful functions) add the following to ~/.cshrc :

# Nice key bindings
bindkey -b ^r history-search-backward
bindkey -b ^w backward-delete-word
bindkey -b ^u backward-kill-line
bindkey -b ^b backward-word     # Ctrl + b
bindkey -b ^f forward-word      # Ctrl + f
bindkey '^[OD' backward-word    # Ctrl + Left
bindkey '^[OC' forward-word     # Ctrl + Right
bindkey '\e[1;5D' backward-word # ~ for xterm
bindkey '\e[1;5C' forward-word  # ~

How to obtain the key sequence from a function key, or combination of keys: use the read command. 
Example for pressing Ctrl + Left sequence:
$ read
^[[1;5D
Example for pressing Esc sequence:
$ read
^[
Make sure you write the key sequence as \e[1;5D  rather than ^[[1;5D. The ^[ sequence is equivalent to the [Esc] key, which is represented by \e in the shell. So, for instance, if the key sequence was ^[[OP the resulting bind code to use would be \e[OP.
The same key sequence for a function key or combination can be obtained by pressing Ctrl+V and then the key or sequence.

Sunday, November 21, 2010

Memory Segmentation

Writing down what you think you know is a good way of finding out what you don’t.

    When debugging a program, we have seen address of variables differ, whether it's a local variable or global, static or not, initialized or not, dynamically allocated....The memory of a compiled program is composed of 5 segments: text, data, bss, heap and stack. Each one contains specific things and has different properties. 
  1. The Text Segment:
    • also know as code segment. Here are located the program instructions (assembled machine code)
    • execution of instructions from here is non-linear, controlled by the EIP (instruction pointer) register. After an instruction is read, EIP is incremented with the byte length of the instruction and the instruction is executed.
    • write permission is disabled (prevent modifications of the code). If modification is attempted, an alert is generated and program is killed. 
    • being read-only, can be shared by multiple copies of the program running simultaneously
    • has a fixed size (does not need to change)
  2. The Data Segment:
    • used to store static and global variables
    • contains initialized global & static variables
    • is writable
    • has fixed size
  3. The BSS Segment:
    • used to store uninitialized global and static variables
    • is writable (same as data segment)
    • has fixed size (same as data segment)
  4. The Heap Segment:
    • can be directly controlled 
    • programmer can allocate blocks from this segment
    • it's not fixed, it can grow or shrink as needed
    • the memory here is managed by the allocator/deallocator algorithms 
    • it grows toward higher addresses (downward by convention)
  5. The Stack Segment:
    • has variable size
    • stores variables and contexts  (stack frame) for every function
    • a stack frame contains:
      • the variables that are passed to the functon
      • the location the EIP should point after the function finishes
      • all the local variables used by the function
    • LIFO (last-in first-out) structure containing all the stack frames [1]
An image of the program memory:
An example to show variables addresses in different segments of memory. This shows how the variables are placed in the memory, according to the picture. An execution with gdb reveals also the address where the instructions are to be the lowest.
#include 

int global_var;

int global_initialized_var = 5;

void function() {  
   int stack_var; // This variable has the same name as the one in main() !

   printf("the function's stack_var is at address 0x%08x\n", &stack_var);
}

int main() {
   int stack_var; // Same name as the variable in function()
   static int static_initialized_var = 5;
   static int static_var;
   int *heap_var_ptr;

   heap_var_ptr = (int *) malloc(4);

   printf("These variables are in the data segment.\n");
   printf("global_initialized_var is at address 0x%08x\n", &global_initialized_var);
   printf("static_initialized_var is at address 0x%08x\n\n", &static_initialized_var);

   printf("These variables are in the bss segment.\n");
   printf("static_var is at address 0x%08x\n", &static_var);
   printf("global_var is at address 0x%08x\n\n", &global_var);

   printf("This variable is in the heap segment.\n");
   printf("heap_var is at address 0x%08x\n\n", heap_var_ptr);

   printf("These variables are in the stack segment.\n");
   printf("stack_var is at address 0x%08x\n", &stack_var);
   function(); 
}

References:
  1. The call stack  (Wikipedia)
  2. Jon Erickson - Hacking: The Art of Exploitation, 2nd Edition
  3. Toby Opferman - Debug Tutorial Part 2: The Stack  (on  Codeproject) 

Saturday, November 20, 2010

Customize blog description display (javascript + css)


How to use a javascript function to display something in the blog
description section on my blogspot blog:


  1. Save a backup copy of the original template
    (Download Full Template option from Design->Edit HTML template)

  2. Find the section that deals with the description in the HTML code for the template:
    • Go to Design -> Edit HTML, check "Expand Widget Templates"
    • Search for the code <data:description/>. This is the one that will print the description.
    • Search for something like
      descriptionwrapper {
          padding-left: $(header.padding);
          padding-right: $(header.padding);
      }
      .
      This is the CSS part that deals with the style of the description. (Note that it could be the same style for the title (titlewrapper{...}) and for the description. In this case, separate the two into 2 different blocks {..}).

  3. Add some code that prints a random quote every time, instead of the description. Replace <data:description/> with:
    <p id="description">
       <script language="javascript">
         var quotes = new Array ();
         quotes[0] = "Text string one";
         quotes[1] = "Text string two";
         quotes[2] = "Text string three";
         quotes[3] = "Text string four";
         quotes[4] = "Text string five";
         quotes[5] = "Text string six";
         quotes[6] = "Text string seven";
         var random_i = Math.floor(7*Math.random());
         document.write(quotes[random_i]);
       </script>
    </p> 
    <noscript><data:description/></noscript>
    
  4. Explanations:
    • any number of strings can be added to the array. The Math.Random() javascript funtion returns an integer between 0 and 1 (exclusive). So you multiply that result with your number of items in the array, and then round the result with Math.Floor() and you get a number between [0, N) that it's used as the index.
    • The original description is still kept after the script.
      
      
      for the crowlers(lke Google bot) that search for the description and also for the browsers that dont support Javascript, or it's disabled by the user (
      HTML noscript tag
      )
  5. Customize CSS style for the description:
    • Find the section
      .header-inner .Header.descriptionwrapper {...} and add as many styles as you like.
    • Here you can choose how to modify the fonts, and look and feel :) of the text.
    • And from here you can add a nice border if you like. There are other nice options there, for margins, padding, background. Very nice. I customized my css style like this:
      .header-inner .Header.descriptionwrapper {
        padding-left: $(header.padding);
        padding-right: $(header.padding);
        border-style: outset;
        font-size: 17px;
        font-family: sans-serif; 
        font-weight: bolder;
      }
      

  6. Other great links:

Friday, November 19, 2010

Have some green tea!

The Little Book of Semaphores by Allen B. Downey

is a free (in both senses of the word - as in "free speech" and also as in "free beer") textbook that introduces the principles of synchronization for concurrent programming. The site also contains a 1 hour introduction to semaphores presented at Northeastern University by the author. Theory, examples, exercises, puzzles, that's the way a good CS course should be.
"The approach of this book is to identify patterns that are useful for a variety of synchronization problems and then show how they can be assembled into solutions. After each problem, the book offers a hint before showing a solution, giving students a better chance of discovering solutions on their own."

Tuesday, November 16, 2010

Online WYSIWYG HTML editor

TinyMCE is a Javascript HTML WYSIWYG editor control released as Open Source under LGPL.
Very very cool :)

[eBook] Hacking - The art of exploitation

Jon Erickson's Hacking: The Art of Exploitation, 2nd Edition
Excellent book describing the fundamental techniques of serious hacking (in an ethical sense).
It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86.
The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously :).
The examples are relevant and fresh.
I will describe the steps for getting the book together with the cd and start working the examples. The price on amazon is way below the book's value, you will soon realize that it deserves the money. But anyway, if you wish to try it first, here we go...
  1. Download the torrent  (that contains the book and also the CD). The cd is an .iso file, that we'll use later.  
  2. Tools needed:  MagicIso, vmware player, vmx builder
  3. Create a new virtual machine in Vmx Builder.
    • In the Hardware tab, add a new cdrom, that will use the iso just downloaded in step 1.
    • Also add a new hard disk, that will be used for saving the changes (casper-rw persistent partition).
      • I've selected a 300 MB single growable virtual disk, on IDE
      • For Mode, select Independent and check Persistent
    • You may also disable the floppy disc, and adjust the memory (I've set 500 MB. With default 128 it didn't start).
    • I have also added an ethernet controller, with network connection set to Custom, and VMnet8 (NAT).
    • The Windows services VMware Nat and VMware DHCP should be started.
  4. Start vmx file to boot. After booting into Ubuntu Feisty, we will create a partition on the virtual hard disk, format it as ext3 and assign it the label casper-rw. This will be used for saving changes for all users. 
  5. # Log in as root
    sudo su
    
    # Check our new disk, in my case the disk has been picked up as hdb
    # hd for ide, sd for SCSI
    dmesg |grep hd
    
    # Create disk
    fdisk /dev/sdb
    p
    n
    p
    1
    <enter>
    <enter>
    w
    
    # Format
    mkfs.ext3 -b 4096 -L casper-rw /dev/sdb1
    
    # Restart
    reboot
    
    The system will not reboot entirely, you will have to close manually the virtual machine. For now.
  6. Make the linux persistent.
    • Step 1 : update initrd.gz
      • Open a terminal and type sudo su (to become root)
      • Type mkdir /projectinit (to make our project directory)
      • Type cd /projectinit (to change to the project directory)
      • Type gzip -dc /cdrom/casper/initrd.gz | cpio -i (to extract the initrd.gz)
      • Type gedit init (to edit the init file)
      • From gedit, find the following section:
      • break)
        break=premount
        ;;
        esac
      • Directly above esac add the following:
      • persistent)
        PERSISTENT=yes
        root_persistence=casper-rw
        home_persistence=casper-rw
        ;;
        
      • It should end up up like the following:
      • break)
        break=premount
        ;;
        
        persistent)
        PERSISTENT=yes
        root_persistence=casper-rw
        home_persistence=casper-rw
        ;;
        
        esac
        
      • Save the changes to update the init file
      • Type find . | cpio -o -H newc | gzip -9 > initrd.gz (to zip the new initrd.gz file)
      • If you booted with network support, you could email initrd.gz file and update the ubuntu iso with this new modified file. (Use MagicIso to update the iso)
    • Step 2: modify isolinux.cfg like this:
      LABEL live
      menu label ^Start Hacking LiveCD (Persistent Ubuntu Linux)
      kernel /casper/vmlinuz
      append file=/cdrom/preseed/ubuntu.seed boot=casper persistent initrd=/casper/initrd.gz quiet --
      
    Shutdown and restart the machine.
  7. Remove the prompt to eject CD.
    After restart, delete those files to get rid of the prompt.
    rm -r /etc/rc0.d/*casper
    
    rm -r /etc/rc6.d/*casper
    
  8. Update package repository and install a chm viewer. I used gnochm.
    Officially the 7.04 repos are down but unofficially there are still here. They were moved to:
    http://old-releases.ubuntu.com/
    so you could edit your sources.list file and change the urls accordingly. To easily edit the file, using for example gedit, open terminal and do
    sudo gedit /etc/apt/sources.list
    modify the file and save it. Then
    sudo apt-get update
    sudo apt-get install gnochm
    
  9. Now you should have a persistent Ubuntu Feisty Fawn 7.04 in a virtual machine, the chm viewer installed, internet and network functional and a great book full of examples. Success at getting your hands dirty with code :)
Good links:
  1. Article about Ubuntu 7.04 repositories
  2. This shows how to make Ubuntu 7.04 persistent 
  3. Article about how to remove the prompt to eject CD message
  4. Great article  about how to install Backtrack4 on VMware on Windows with persistent changes (some things also applied from here)

Defensive Programming

Overview

Defensive Programming is a technique where you assume the worst from all input

  • The biggest danger to your application is user input.
    • It's uncontrolled, unexpected and unpredictable.
  • The input sent to your application could be malicious.
    • Or it could just be something you never expected.
  • Debugging takes a lot of time.

 

First Rule

Never Assume Anything!

Two kinds of assumptions: 

  • Expected input
    • Data from the user cannot be trusted. As such, all input must be validated.
    • For each input:
      • Define the set of all legal input values.
      • When receiving input, validate against this set.
      • Determine the behavior when input is incorrect:
        • Terminate
        • Retry
        • Warning
  • The programmer assuming something about a programming language
    • Some primitive data types have different sizes depending on the operating system and the hardware platform. For example, integers have been 8,16,32 and 64 bits. Assuming the size of a data type can be disastrous when working on different platform.
    • In C, the size of data types are defined in limits.h. In addition, C has the sizeof operator which will calculate the size of a variable.
    • You need to be especially careful on integer operation.
short x = 10000 * 10
Will x overflow?


Testing:

  • Just testing that it works is not good enough.
  • Error cases need to be tested, to see that the application reacts accordingly. Add tests for different kinds of input:
  1. illogical
  2. strange ASCII characters
  3. numerical/non-numerical
  4. positive/negative/0
  5. too large/small
  6. only composed of numbers/letters
  7. border values
  • Ask other people to test your application
    • First start with the technical testers
    • The asks non-technical people
Second Rule

Use standards!

  • Proper coding standards address weaknesses in the language standard and/or compiler design.
  • They define a format or "style" used for writing code. Every software development team should has an agreed-upon and formally documented coding standard. Coding standards make code more coherent and easier to read, thus reduce the likelihood of bugs. They cover a wide range of topics:
  1. Variable naming
  2. Indentation
  3. Position of brackets
  4. Content of header files
  5. Function declaration
  6. Use of constants/magic numbers
  7. Macro definitions
Third Rule

Keep code as simple as possible !

  • Complexity breeds bugs.
  • Software should only contain the features it needs.
  • Proper planning is key to keeping you application simple
  • Functions should be seen as a contract
    • Given input, the execute a specific task.
    • They should not do anything other than that specific task.
    • If they cannot execute that task, they should have some kind of indicator so that the callee can detect the error.
      • Throw an exception (doesn't work in C)
      • Set a global error value
      • Return an invalid value
        • NULL?
        • False?
        • Negative number?
  • Refactoring
    • Is not a bug-fixing technique. Is a good technique to battle feature creep:
      • Features are often added during development
      • These features are more often the source of problems
    • Fights this by forcing the programmer to reevaluate the structure of his/her program.
    • It can help you keep you application simple
  • Third-party libraries
    • Code reuse is not just a smart-choice, it's a safe choice. Odds are that a specific library has proven itself and is much more stable than anything you could build short-term. Although code reuse is highly recommended, many questions must be addressed before using someone else's code:
      • Do this do exactly what I need?
      • How much will I need to change my design?
      • How stable is it? What reputation does it have?
      • How old is the code?
      • Who built it?
      • Are people still using it? Can I get help?
      • How much documentation is there?
Case Study

(on function PF_SafeStrCpy)

1. Initial version:

/* 
** This function copies the null terminated string str2 to str1. 
** Str1 is truncated, if the the length of str2 is greater than or equal 
** the length of str1. The parameter len1 must conatin the length value 
** of str1 (sizeof).
*/
/* this function replaces the system one due to QAC */
IM_string PF_SafeStrCpy (IM_string str1, 
IM_cstring str2, 
IM_word len1)
{
IM_word len2;

/* strlen returns the length without the terminating '\0' -> + 1 */
len2 = strlen(str2) + 1; 

if (len2 > len1)
{
str1[len1 - 1] = '\0';
return strncpy(str1, str2, len1 - 1);
}
else
{
str1[len2] = '\0';
return strncpy(str1, str2, len2);
}
}

2. Problem discovered: A simple test proves that this function is not so safe though:

char str1 [100]; 
char str2 [100] / * strlen (str2) == 99 * / 

The call PF_SafeStrCpy (str1, str2, 100); goes through the else branch and writes past the end of str1.

3. Actual corrected version:

/**
* \see PF_Basic.h 
* corrected version of PF_SafeStrCpy; the origin is from project SAR 
*/
char* PF_SafeStrCpy (char* str1, const char* str2, IM_word len)
{
if ( 0 == len ) {
return NULL;
}
else {
char* cptr = strncpy(str1, str2, len);
str1[len-1] = '\0';
return cptr;
}
}

4. Remarks on actual version:

Attack possibilities:

  • Passing NULL as "src" (str2) or "dest" (str1) can easily cause the program to terminate, thereby enabling a DoS attack
  • Improperly passing in the "count" (len) parameter (that strncpy will use), causes buffer overflow problems

5. General solution:

As a rule, the return string buffer must be at least large enough to hold the specified maximum number of characters, not bytes, plus the NULL character.

Follow these rules for safe use of strncpy():

  1. Verify that src and dest are not NULL.
  2. Null terminate the final character of DEST.
  3. Use strncpy(dest, src, sizeof(dest)/sizeof(dest[0])).
  4. If the final character (i.e., sizeof(dest) - 1) of DEST is no longer null, then the buffer was overrun.

Steps are effective, but usage still requires care in checking sizes.

6. Observations:

  • strlen() vs sizeof()

This code:

char String[]="Hello";

printf("\n Size of string: %d. String length: %d.\n", sizeof(String), strlen(String) );

... prints: Size of string: 6. String length: 5.

  • Non NULL-terminated string:

This code:

char String[5] = { 'H', 'e', 'l', 'l', 'o' };

printf("\n Size of string: %d. String length: %d.\n", sizeof(String), strlen(String) );

... prints: Size of string: 5. String length: 19. (String length is unknown. The function strlen() searches until it finds a NUL terminator.)

  • strlen() with pointers:

This code:

char *ptr = "Hello";

printf("For ptr: sizeof = %u, strlen = %u.\n", sizeof ptr, strlen(ptr));

... prints: For ptr: sizeof = 4, strlen = 5\n. (ptr is a pointer, so zieof(ptr) is the size of the pointer, in this case 4 bytes)

  • strlen() is NOT safe to call!
    • Unless you positively know that the string IS null-terminated.
    • When you call strlen() on an improperly terminated string:
      • Strlen scans until a null character is found
      • Can scan outside buffer if string is not null-terminated
      • Can result in a segmentation fault or bus error
Good external links
  1. Defensive programming on Wikipedia
  2. Secure programmer: Developing secure programs article by David Wheeler
  3. Secure programmer: Countering buffer overflows article by David Wheeler
  4. Proactive Debugging article by Jack Ganssle
  5. Secure Programming for Linux and Unix HOWTO -- Creating Secure Software free book by David Wheeler
  6. Programming issues: Buffer overflows

Add source code syntax highlighter to blogger

SyntaxHighlighter (by Alex Gorbatchev) it's a pretty good and customizable option.

It supports a lot of different languages and you can easily create new "brushes" for your language if it is not supported by default.

Now, adding 'Syntax Highlighter' to my blog:

Step1: Save old template

From Design->Edit HTML->Download Full Template

Step2:

In Design->Edit HTML, add the following before ending of the head element, just above </head>:
<!--SYNTAX HIGHLIGHTER BEGINS-->
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shCore.css' rel='stylesheet' type='text/css'/>
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shThemeDefault.css' rel='stylesheet' type='text/css'/>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js' type='text/javascript'></script>
<script language='javascript'>
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script>
<!--SYNTAX HIGHLIGHTER ENDS-->
Other possible variants for "brushes" are:

shBrushCss.js, shBrushJava.js, shBrushJScript.js, shBrushPhp.js, shBrushPython.js, shBrushSql.js, shBrushRuby.js, shBrushVb.js, shBrushXml.js, shBrushPerl.js.

The brush "shBrushXml.js" applies also to html syntax highlighting.

Step3:
You can preview anytime the template.
And while creating a new post, use <pre> tag in the post.
The code of your post needs to go in between the
<pre class="brush: html">
and
</pre>
tags, in order to highlight properly.

Step4
Other possible themes (instead of "shThemeDefault.css":

shThemeDjango.css, shThemeEclipse.css, shThemeEmacs.css, shThemeFadeToGrey.css, shThemeMidnight.css, shThemeRDark.css.

Monday, November 15, 2010

Anti-Advice

Never give advice. Wise men don't need advice. Fools won't take it

Gravity

"Falling in love is one of the most irrational behaviors or brain states imaginable for both men and women"