Last 10 Programming

Guest Post - Https Data Exposure - Get Vs Post

Thu, 19 Nov 2009 16:15:26 +0000

Here is a quick chart showing the data exposure when considering GET vs POST and also HTTP vs HTTPS.

URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something).
Body arguments refer to data communicated via POST paramaters in the HTTP request body.

NOTE: This chart does not address client side caching of temporary files. Caching is a separate issue from the protocol selection and should be addressed with appropriate cache-control headers.

A quick conclusion: The secure choice for transmission of any sensitive data is to use POST statements over SSL/TLS. Any other option will expose data at some point in the communication.

Full post
http://www.shortinfosec.net/2009/11/https-data-exposure-get-vs-post.html

How We Can Change Symbol In Password Field In Javascript?

Wed, 18 Nov 2009 11:13:00 +0000

Friends , I wana know that how we can change text symbol in passwordfield by using Javascript. I mean by default there is filled circle ,but I want "*" this symbol.

How To Make This Program Not Display Error When No Internet Connection?

Sat, 31 Oct 2009 12:24:34 +0000

As the title says, I have a program that someone from this forum helped me with in the past and I need some help again by the looks of it. I dont know much about programming so bare with me. This app was written in the past to work along with a php script I had running on my web server. The purpose was to notify my webserver whenever this program was run and the php script would log the time & date along with the IP and computer name that the notification came from.

So this app when run would simply look up the pc's 'computer name', then goto a certain url where the php script was located and append the computers name to the url. For example the program would open this url "http://www.YOUR-WEBSITE.com/c.php?pc=" and append the computer name it looked up to the end of it.

Now my problem is this program is suppose to run silently in the background, which it does most of the time. The problem is if the program is run when the internet connection is down or unavailable, the program will popup and display a error message. I need help making it so no matter what, this program doesnt display any messages of any kind, error or otherwise, even if no internet connection is available I want it to just silently close.

Does anyone know how I would go about modifying the below source code todo this?

#include 
#include 
#include 

#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" )
#pragma comment (lib, "Wininet.lib")

int main(int argc, char* argv[])
{
	HINTERNET Initialize, Connection;
	char cBuffer[MAX_COMPUTERNAME_LENGTH+1] = {'\0'};
	DWORD dwBytes = MAX_COMPUTERNAME_LENGTH+1;
	char logUrl[100] = {'\0'}; //Make It Smaller (url length + MAX_COMPUTERNAME_LENGTH + 1)

	strcpy(logUrl, "http://www.YOUR-WEBSITE.com/c.php?pc=");

	//BOOL GetComputerName(LPTSTR lpBuffer, LPDWORD lpnSize);
	if(! GetComputerName((LPTSTR)&cBuffer, &dwBytes))
	{
		printf("~~GetComputerName() Failed!Last Error:%s\n",GetLastError());
		return 1;
	}
	//Append Computer Name
	strcat((char*)&logUrl, (const char*)&cBuffer);

	Initialize = InternetOpen( "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)", 
				INTERNET_OPEN_TYPE_PRECONFIG , NULL, NULL, 0);

	// Make The Connection To The URL
	// This Is All That Is Needed To Get Your PHP Script To Log The IP & Computer Name
	Connection = InternetOpenUrl(Initialize, logUrl, NULL, 0,
		INTERNET_FLAG_KEEP_CONNECTION | INTERNET_FLAG_RELOAD, 0);
	if(! Connection)
	{	
		printf("~~InternetOpenUrl() Failed! LastError:%s", GetLastError());
		return 1;
	}

	//Close Handles
	InternetCloseHandle(Connection);
	InternetCloseHandle(Initialize);

	return 0;
}

Thanks in advance for anyone that can help!

-elistian

Can U Unpack This Dll?

Thu, 29 Oct 2009 16:16:43 +0000

First of all, the .dll file pops up as a false positive, because the way RL Pack pack's their files, other than that it's ready for you to try unpack it.

DETAILS - its a DLL packed with RL Pack 2.x, please try and give it a shot

http://www.filefront.com/14820215/dllchallenge.zip

[C++] Windows Mouse Hook

Thu, 29 Oct 2009 01:58:57 +0000

This simple program will hook the mouse and detect if the right mouse button is clicked near the top of the screen.

Just modify the code to make it do something when it detects the click.

An example of its use is if you have a rocket dock that you don't want anyone editing, make it logoff or something when it detects the click.

#define _WIN32_WINNT 0x0500 #include HHOOK MouseHook; LRESULT CALLBACK MouseHookProc(int nCode, WPARAM wParam, LPARAM lParam){ PKBDLLHOOKSTRUCT k = (PKBDLLHOOKSTRUCT)(lParam); POINT p; int xMetric = GetSystemMetrics(SM_CXVIRTUALSCREEN); xMetric -= 100; if(wParam == WM_RBUTTONDOWN) { GetCursorPos(&p); if(p.y < 105 && p.x < xMetric && p.x > 100) { MessageBox(NULL,"Click!",NULL,MB_OK); //Do your thing } } return CallNextHookEx(NULL,nCode,wParam,lParam); } void StayAlive(){ MSG message; while(GetMessage(&message,NULL,0,0)){ TranslateMessage(&message); DispatchMessage(&message); } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd){ FreeConsole(); MouseHook = SetWindowsHookEx(WH_MOUSE_LL,MouseHookProc,hInstance,0); StayAlive(); UnhookWindowsHookEx(MouseHook); return 0; }

[Help] Gui C++ Library

Sat, 24 Oct 2009 00:27:16 +0000

Hey guys ,

Just need some help. . . i'm after a GUI C++ library mainly want a open source one or a free one(W-bb) http://hackhound.net/forum/Smileys/sarcasmics/wink.gif

Thanks ,
DuSTY

C Programming - Buffer Overflow Exploit

Thu, 22 Oct 2009 20:49:05 +0000

With the following C program:

void func(char * str)
{
char buff[16];
strcpy(buff,str);
}
void main(int argc, char * argv[])
{
int check = 1;
func(argv);
if(check == 1)
{
printf(“check should be 1 (%d)\n”,check);
} else
{
Printf(“check should not be 1 (%d)\n”,check);
}
}

1. How would I mount a buffer overflow attack on the given program and corrupt the variable “check” with the value 25?

Such that after the buffer overflow attack the output of the program should be the following:
check should not be 1 (25)

2. How would I mount a buffer overflow attack on the given program and bypass the “if” condition?

Such that after the buffer overflow attack the output of the program should be the following:
check should not be 1 (1)

3. How would I increase the size of the buffer “buff” (to as much as you want) and mount a buffer overflow attack and make the program execute a shell (“/bin/bash”)?

I am just beginning to learn buffer overflow exploits, so any help and/or explanations would be much appreciated...

Compiling Problem On Backtrack

Tue, 20 Oct 2009 16:56:52 +0000

I'm trying to compile this apache exploit: http://milw0rm.com/exploits/764 , but keep getting this error:

ks@ks-laptop:~/exploits$ gcc -o OpenFuck OpenFuckV2.c -lcrypto
OpenFuckV2.c:649: error: expected specifier-qualifier-list before ‘RC4_KEY’
OpenFuckV2.c: In function ‘ssl_connect_host’:
OpenFuckV2.c:772: error: ‘ssl_conn’ has no member named ‘encrypted’
OpenFuckV2.c:773: error: ‘ssl_conn’ has no member named ‘write_seq’
OpenFuckV2.c:774: error: ‘ssl_conn’ has no member named ‘read_seq’
OpenFuckV2.c: In function ‘read_ssl_packet’:
OpenFuckV2.c:841: error: ‘ssl_conn’ has no member named ‘encrypted’
OpenFuckV2.c:842: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function)
OpenFuckV2.c:842: error: (Each undeclared identifier is reported only once
OpenFuckV2.c:842: error: for each function it appears in.)
OpenFuckV2.c:854: error: ‘ssl_conn’ has no member named ‘rc4_read_key’
OpenFuckV2.c: In function ‘send_ssl_packet’:
OpenFuckV2.c:880: error: ‘MD5_CTX’ undeclared (first use in this function)
OpenFuckV2.c:880: error: expected ‘;’ before ‘ctx’
OpenFuckV2.c:884: error: ‘ssl_conn’ has no member named ‘encrypted’
OpenFuckV2.c:885: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function)
OpenFuckV2.c:899: error: ‘ssl_conn’ has no member named ‘encrypted’
OpenFuckV2.c:901: error: ‘ssl_conn’ has no member named ‘write_seq’
OpenFuckV2.c:903: error: ‘ctx’ undeclared (first use in this function)
OpenFuckV2.c:914: error: ‘ssl_conn’ has no member named ‘rc4_write_key’
OpenFuckV2.c:925: error: ‘ssl_conn’ has no member named ‘write_seq’
OpenFuckV2.c: In function ‘get_server_hello’:
OpenFuckV2.c:1007: warning: passing argument 2 of ‘d2i_X509’ from incompatible pointer type
OpenFuckV2.c: In function ‘send_client_master_key’:
OpenFuckV2.c:1099: error: ‘ssl_conn’ has no member named ‘encrypted’
OpenFuckV2.c: In function ‘generate_key_material’:
OpenFuckV2.c:1104: error: ‘MD5_CTX’ undeclared (first use in this function)
OpenFuckV2.c:1104: error: expected ‘;’ before ‘ctx’
OpenFuckV2.c:1109: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function)
OpenFuckV2.c:1110: error: ‘ctx’ undeclared (first use in this function)
OpenFuckV2.c: In function ‘generate_session_keys’:
OpenFuckV2.c:1125: error: ‘ssl_conn’ has no member named ‘rc4_read_key’
OpenFuckV2.c:1125: error: ‘RC4_KEY’ undeclared (first use in this function)
OpenFuckV2.c:1125: error: expected expression before ‘)’ token
OpenFuckV2.c:1126: error: ‘ssl_conn’ has no member named ‘rc4_read_key’
OpenFuckV2.c:1129: error: ‘ssl_conn’ has no member named ‘rc4_write_key’
OpenFuckV2.c:1129: error: expected expression before ‘)’ token
OpenFuckV2.c:1130: error: ‘ssl_conn’ has no member named ‘rc4_write_key’

Any ideas what I need to do? I've got all the libraries and add -lcrypto as an arg.

thanks

Php Script Not Interprated

Sat, 19 Sep 2009 11:25:31 +0000

Hello community ;-)
I've got a little Problem: I'm trying to run a PHP-Script over GLPI-Software. GLPI allows to upload documents; I've added permission to upload PHP-Files and set Mime-Type to "plain/text". The uploaded document - in my case the php-file named '_test.php' - is interprated by the itnernal file of glpi named 'document.send' resulting in displaying the whole source-code [e.g. instead of test] AM I using the wrong Mime-Type? 'application/x-httpd-php' plet's download the file. Direct fileopening isn't allowed because of htaccess destrictions [deny from all] :/ Is there a way to get the file interprated instead of only being displayed like a txt-file?

Thank's in advance & Kind regards

Perl 6

Fri, 11 Sep 2009 01:54:01 +0000

i'm just curious if anyone has begun working with perl 6 yet. i just picked up a book today and will start reading soon. any major differences that you can tell?