Nytro

A Beginner's Introduction to Perl 5.10, Part 3 By chromatic June 26, 2008 The first two articles in this series (A Beginner's Introduction to Perl 5.10 and A Beginner's Introduction to Files and Strings in Perl 5.10) covered flow control, math and string operations, and files. (A Beginner's Introduction to Perl Web Programming demonstrates how to write secure web programs.) Now it's time to look at Perl's most powerful and interesting way of playing with strings, regular expressions, or regexes for short. The rule is this: after the 50th time you type "regular expression", you find you type "regexp" ever after. Regular expressions are complex enough that you could write a whole book on them (Mastering Regular Expressions by Jeffrey Friedl). Simple matching The simplest regular expressions are matching expressions. They perform tests using keywords like if, while and unless. If you want to be really clever, you can use them with and and or. A matching regexp will return a true value if whatever you try to match occurs inside a string. To match a regular expression against a string, use the special =~ operator: use 5.010; my $user_location = "I see thirteen black cats under a ladder."; say "Eek, bad luck!" if $user_location =~ /thirteen/; Notice the syntax of a regular expression: a string within a pair of slashes. The code $user_location =~ /thirteen/ asks whether the literal string thirteen occurs anywhere inside $user_location. If it does, then the test evaluates true; otherwise, it evaluates false. Metacharacters A metacharacter is a character or sequence of characters that has special meaning. You may remember metacharacters in the context of double-quoted strings, where the sequence \n means the newline character, not a backslash and the character n, and where \t means the tab character. Regular expressions have a rich vocabulary of metacharacters that let you ask interesting questions such as, "Does this expression occur at the end of a string?" or "Does this string contain a series of numbers?" The two simplest metacharacters are ^ and $. These indicate "beginning of string" and "end of string," respectively. For example, the regexp /^Bob/ will match "Bob was here," "Bob", and "Bobby." It won't match "It's Bob and David," because Bob doesn't occur at the beginning of the string. The $ character, on the other hand, matches at the end of a string. The regexp /David$/ will match "Bob and David," but not "David and Bob." Here's a simple routine that will take lines from a file and only print URLs that seem to indicate HTML files: for my $line (<$urllist>) { # "If the line starts with http: and ends with html...." print $line if $line =~ /^http:/ and $line =~ /html$/; } Another useful set of metacharacters is called wildcards. If you've ever used a Unix shell or the Windows DOS prompt, you're familiar with wildcards characters such * and ?. For example, when you type ls a*.txt, you see all filenames that begin with the letter a and end with .txt. Perl is a bit more complex, but works on the same general principle. In Perl, the generic wildcard character is .. A period inside a regular expression will match any character, except a newline. For example, the regexp /a.b/ will match anything that contains a, another character that's not a newline, followed by b -- "aab," "a3b," "a b," and so forth. To match a literal metacharacter, escape it with a backslash. The regex /Mr./ matches anything that contains "Mr" followed by another character. If you only want to match a string that actually contains "Mr.," use /Mr\./. On its own, the . metacharacter isn't very useful, which is why Perl provides three wildcard quantifiers: +, ? and *. Each quantifier means something different. The + quantifier is the easiest to understand: It means to match the immediately preceding character or metacharacter one or more times. The regular expression /ab+c/ will match "abc," "abbc," "abbbc", and so on. The * quantifier matches the immediately preceding character or metacharacter zero or more times. This is different from the + quantifier! /ab*c/ will match "abc," "abbc," and so on, just like /ab+c/ did, but it'll also match "ac," because there are zero occurences of b in that string. Finally, the ? quantifier will match the preceding character zero or one times. The regex /ab?c/ will match "ac" (zero occurences of and "abc" (one occurence of . It won't match "abbc," "abbbc", and so on. The URL-matching code can be more concise with these metacharacters. This'll make it more concise. Instead of using two separate regular expressions (/^http:/ and /html$/), combine them into one regular expression: /^http:.+html$/. To understand what this does, read from left to right: This regex will match any string that starts with "http:" followed by one or more occurences of any character, and ends with "html". Now the routine is: for my $line (<$urllist>) { print $line if $line =~ /^http:.+html$/; } Remember the /^something$/ construction -- it's very useful! Character classes The special metacharacter, ., matches any character except a newline. It's common to want to match only specific types of characters. Perl provides several metacharacters for this. \d matches a single digit, \w will match any single "word" character (a letter, digit or underscore), and \s matches a whitespace character (space and tab, as well as the \n and \r characters). These metacharacters work like any other character: You can match against them, or you can use quantifiers like + and *. The regex /^\s+/ will match any string that begins with whitespace, and /\w+/ will match a string that contains at least one word. (Though remember that Perl's definition of "word" characters includes digits and the underscore, so whether you think _ or 25 are words, Perl does!) One good use for \d is testing strings to see whether they contain numbers. For example, you might need to verify that a string contains an American-style phone number, which has the form 555-1212. You could use code like this: use 5.010; say "Not a phone number!" unless $phone =~ /\d\d\d-\d\d\d\d/; All those \d metacharacters make the regex hard to read. Fortunately, Perl can do better. Use numbers inside curly braces to indicate a quantity you want to match: use 5.010; say "Not a phone number!" unless $phone =~ /\d{3}-\d{4}/; The string \d{3} means to match exactly three numbers, and \d{4} matches exactly four digits. To use a range of numbers, you can separate them with a comma; leaving out the second number makes the range open-ended. \d{2,5} will match two to five digits, and \w{3,} will match a word that's at least three characters long. You can also invert the \d, \s and \w metacharacters to refer to anything but that type of character. \D matches nondigits; \W matches any character that isn't a letter, digit, or underscore; and \S matches anything that isn't whitespace. If these metacharacters won't do what you want, you can define your own. You define a character class by enclosing a list of the allowable characters in square brackets. For example, a class containing only the lowercase vowels is [aeiou]. /b[aeiou]g/ will match any string that contains "bag," "beg," "big," "bog", or "bug". Use dashes to indicate a range of characters, like [a-f]. (If Perl didn't give us the \d metacharacter, we could do the same thing with [0-9].) You can combine character classes with quantifiers: use 5.010; say "This string contains at least two vowels in a row." if $string =~ /[aeiou]{2}/; You can also invert character classes by beginning them with the ^ character. An inverted character class will match anything you don't list. [^aeiou] matches every character except the lowercase vowels. (Yes, ^ can also mean "beginning of string," so be careful.) Flags By default, regular expression matches are case-sensitive (that is, /bob/ doesn't match "Bob"). You can place flags after a regexp to modify their behaviour. The most commonly used flag is i, which makes a match case-insensitive: use 5.010; my $greet = "Hey everybody, it's Bob and David!"; say "Hi, Bob!" if $greet =~ /bob/i; Subexpressions You might want to check for more than one thing at a time. For example, you're writing a "mood meter" that you use to scan outgoing e-mail for potentially damaging phrases. Use the pipe character | to separate different things you are looking for: use 5.010; # In reality, @email_lines would come from your email text, # but here we'll just provide some convenient filler. my @email_lines = ("Dear idiot:", "I hate you, you twit. You're a dope.", "I bet you mistreat your llama.", "Signed, Doug"); for my $check_line (@email_lines) { if ($check_line =~ /idiot|dope|twit|llama/) { say "Be careful! This line might contain something offensive:\n$check_line"; } The matching expression /idiot|dope|twit|llama/ will be true if "idiot," "dope," "twit" or "llama" show up anywhere in the string. One of the more interesting things you can do with regular expressions is subexpression matching, or grouping. A subexpression is another, smaller regex buried inside your larger regexp within matching parentheses. The string that caused the subexpression to match will be stored in the special variable $1. This can make your mood meter more explicit about the problems with your e-mail: for my $check_line (@email_lines) { if ($check_line =~ /(idiot|dope|twit|llama)/) { say "Be careful! This line contains the offensive word '$1':\n$check_line"; } Of course, you can put matching expressions in your subexpression. Your mood watch program can be extended to prevent you from sending e-mail that contains more than three exclamation points in a row. The special {3,} quantifier will make sure to get all the exclamation points. for my $check_line (@email_lines) { if ($check_line =~ /(!{3,})/) { say "Using punctuation like '$1' is the sign of a sick mind:\n$check_line"; } } If your regex contains more than one subexpression, the results will be stored in variables named $1, $2, $3 and so on. Here's some code that will change names in "lastname, firstname" format back to normal: my $name = 'Wall, Larry'; $name =~ /(\w+), (\w+)/; # $1 contains last name, $2 contains first name $name = "$2 $1"; # $name now contains "Larry Wall" You can even nest subexpressions inside one another -- they're ordered as they open, from left to right. Here's an example of how to retrieve the full time, hours, minutes and seconds separately from a string that contains a timestamp in hh:mm:ss format. (Notice the use of the {1,2} quantifier to match a timestamp like "9:30:50".) my $string = "The time is 12:25:30 and I'm hungry."; if ($string =~ /((\d{1,2})\d{2})\d{2}))/) { my @time = ($1, $2, $3, $4); } Here's a hint that you might find useful: You can assign to a list of scalar values whenever you're assigning from a list. If you prefer to have readable variable names instead of an array, try using this line instead: my ($time, $hours, $minutes, $seconds) = ($1, $2, $3, $4); Assigning to a list of variables when you're using subexpressions happens often enough that Perl gives you a handy shortcut. In list context, a successful regular expression match returns its captured variables in the order in which they appear within the regexp: my ($time, $hours, $minutes, $seconds) = $string =~ /((\d{1,2})\d{2})\d{2}))/; Counting parentheses to see where one group begins and another group ends is troublesome though. Perl 5.10 added a new feature, lovingly borrowed from other languages, where you can give names to capture groups and access the captured values through the special hash %+. This is most obvious by example: my $name = 'Wall, Larry'; $name =~ /(?<last>\w+), (?<first>\w+)/; # %+ contains all named captures $name = "$+{last} $+{first}"; # $name now contains "Larry Wall" There's a common mistake related to captures, namely assuming that $1 and %+ et al will hold meaningful values if the match failed: my $name = "Damian Conway"; # no comma, so the match will fail! $name =~ /(?<last>\w+), (?<first>\w+)/; # and there's nothing in the capture buffers $name = "$+{last} $+{first}"; # $name now contains a blank space Always check the success or failure of your regular expression when working with captures! my $name = "Damian Conway"; $name = "$+{last} $+{first}" if $name =~ /(?<last>\w+), (?<first>\w+)/; Watch out! Regular expressions have two othertraps that generate bugs in your Perl programs: They always start at the beginning of the string, and quantifiers always match as much of the string as possible. Here's some simple code for counting all the numbers in a string and showing them to the user. It uses while to loop over the string, matching over and over until it has counted all the numbers. use 5.010; my $number = "Look, 200 5-sided, 4-colored pentagon maps."; my $number_count = 0; while ($number =~ /(\d+)/) { say "I found the number $1.\n"; $number_count++; } say "There are $number_count numbers here.\n"; This code is actually so simple it doesn't work! When you run it, Perl will print I found the number 200 over and over again. Perl always begins matching at the beginning of the string, so it will always find the 200, and never get to the following numbers. You can avoid this by using the g flag with your regex. This flag will tell Perl to remember where it was in the string when it returns to it (due to a while loop). When you insert the g flag, the code becomes: use 5.010; my $number = "Look, 200 5-sided, 4-colored pentagon maps."; my $number_count = 0; while ($number =~ /(\d+)/g) { say "I found the number $1.\n"; $number_count++; } say "There are $number_count numbers here.\n"; Now you get the expected results: I found the number 200. I found the number 5. I found the number 4. There are 3 numbers here. The second trap is that a quantifier will always match as many characters as it can. Look at this example code, but don't run it yet: use 5.010; my $book_pref = "The cat in the hat is where it's at.\n"; say $+{match} if $book_pref =~ /(?<match>cat.*at)/; Take a guess: What's in $+{match} right now? Now run the code. Does this seem counterintuitive? The matching expression cat.*at is greedy. It contains cat in the hat is where it's at because that's the longest string that matches. Remember, read left to right: "cat," followed by any number of characters, followed by "at." If you want to match the string cat in the hat, you have to rewrite your regexp so it isn't as greedy. There are two ways to do this: * Make the match more precise (try /(?<match>cat.*hat)/ instead). Of course, this still might not work -- try using this regexp against The cat in the hat is who I hate. Use a ? character after a quantifier to specify non-greedy matching. .*? instead of .* means that Perl will try to match the smallest string possible instead of the largest: # Now we get "cat in the hat" in $+{match}. say $+{match} if $book_pref =~ /(?<match>cat.*?at)/; Search and replace Regular expressions can do something else for you: replacing. If you've ever used a text editor or word processor, you've probably used its search-and-replace function. Perl's regexp facilities include something similar, the s/// operator: s/regex/replacement string/. If the string you're testing matches regex, then whatever matched is replaced with the contents of replacement string. For instance, this code will change a cat into a dog: use 5.010; my $pet = "I love my cat."; $pet =~ s/cat/dog/; say $pet; You can also use subexpressions in your matching expression, and use the variables $1, $2 and so on, that they create. The replacement string will substitute these, or any other variables, as if it were a double-quoted string. Remember the code for changing Wall, Larry into Larry Wall? It makes a fine single s/// statement! my $name = 'Wall, Larry'; $name =~ s/(\w+), (\w+)/$2 $1/; # "Larry Wall" You don't have to worry about using captures if the match fails; the substitution won't take place. Of course, named captures work equally well: my $name = 'Wall, Larry'; $name =~ s/(?<last>\w+), (?<first>\w+)/$+{first} $+{last}/; # "Larry Wall" s/// can take flags, just like matching expressions. The two most important flags are g (global) and i (case-insensitive). Normally, a substitution will only happen once, but specifying the g flag will make it happen as long as the regex matches the string. Try this code with and without the g flag: use 5.010; my $pet = "I love my cat Sylvester, and my other cat Bill.\n"; $pet =~ s/cat/dog/g; say $pet; Notice that without the g flag, Bill avoids substitution-related polymorphism. The i flag works just as it does in matching expressions: It forces your matching search to be case-insensitive. Maintainability Once you start to see how patterns describe text, everything so far is reasonably simple. Regexps may start simple, but often they grow in to larger beasts. There are two good techniques for making regexps more readable: adding comments and factoring them into smaller pieces. The x flag allows you to use whitespace and comments within regexps, without it being significant to the pattern: my ($time, $hours, $minutes, $seconds) = $string =~ /( # capture entire match (\d{1,2}) # one or two digits for the hour : (\d{2}) # two digits for the minutes : (\d{2}) # two digits for the seconds ) /x; That may be a slight improvement for the previous version of this regexp, but this technique works even better for complex regexps. Be aware that if you do need to match whitespace within the pattern, you must use \s or an equivalent. Adding comments is helpful, but sometimes giving a name to a particular piece of code is sufficient clarification. The qr// operator compiles but does not execute a regexp, producing a regexp object that you can use inside a match or substitution: my $two_digits = qr/\d{2}/; my ($time, $hours, $minutes, $seconds) = $string =~ /( # capture entire match (\d{1,2}) # one or two digits for the hour : ($two_digits) # minutes : ($two_digits) # seconds ) /x; Of course, you can use all of the previous techniques as well: use 5.010; my $two_digits = qr/\d{2}/; my $one_or_two_digits = qr/\d{1,2}/; my ($time, $hours, $minutes, $seconds) = $string =~ /(?<time> (?<hours> $one_or_two_digits) : (?<minutes> $two_digits) : (?<seconds> $two_digits) ) /x; Note that the captures are available through %+ as well as in the list of values returned from the match. Putting it all together Regular expressions have many practical uses. Consider a httpd log analyzer for an example. One of the play-around items in the previous article was to write a simple log analyzer. You can make it more interesting; how about a log analyzer that will break down your log results by file type and give you a list of total requests by hour. (Complete source code.) Here's a sample line from a httpd log: 127.12.20.59 - - [01/Nov/2000:00:00:37 -0500] "GET /gfx2/page/home.gif HTTP/1.1" 200 2285 The first task is split this into fields. Remember that the split() function takes a regular expression as its first argument. Use /\s/ to split the line at each whitespace character: my @fields = split /\s/, $line; This gives 10 fields. The interesting fields are the fourth field (time and date of request), the seventh (the URL), and the ninth and 10th (HTTP status code and size in bytes of the server response). Step one is canonicalization: turning any request for a URL that ends in a slash (like /about/) into a request for the index page from that directory (/about/index.html). Remember to escape the slashes so that Perl doesn't consider them the terminating characters of the match or substitution: $fields[6] =~ s/\/$/\/index.html/; This line is difficult to read; it suffers from leaning-toothpick syndrome. Here's a useful trick for avoiding the leaning-toothpick syndrome: replace the slashes that mark regular expressions and s/// statements with any other matching pair of characters, such as { and }. This allows you to write a more legible regex where you don't need to escape the slashes: $fields[6] =~ s{/$}{/index.html}; (To use this syntax with a matching expression, put a m in front of it. /foo/ becomes m{foo}.) Step two is to assume that any URL request that returns a status code of 200 (a successful request) is a request for the file type of the URL's extension (a request for /gfx/page/home.gif returns a GIF image). Any URL request without an extension returns a plain-text file. Remember that the period is a metacharacter, so escape it! if ($fields[8] eq '200') { if ($fields[6] =~ /\.([a-z]+)$/i) { $type_requests{$1}++; } else { $type_requests{txt}++; } } Next, retrieve the hour when each request took place. The hour is the first string in $fields[3] that will be two digits surrounded by colons, so all you need to do is look for that. Remember that Perl will stop when it finds the first match in a string: # Log the hour of this request $fields[3] =~ /:(\d{2}):/; $hour_requests{$1}++; Finally, rewrite the original report() sub. We're doing the same thing over and over (printing a section header and the contents of that section), so we'll break that out into a new sub. We'll call the new sub report_section(): sub report { print "Total bytes requested: ", $bytes, "\n"; print "\n"; report_section("URL requests:", %url_requests); report_section("Status code results:", %status_requests); report_section("Requests by hour:", %hour_requests); report_section("Requests by file type:", %type_requests); } The new report_section() sub is very simple: sub report_section { my ($header, %types) = @_; say $header; for my $type (sort keys %types) { say "$type: $types{$type}"; } print "\n"; } The keys operator returns a list of the keys in the %types hash, and the sort operator puts them in alphabetic order. The next article will explain sort in more detail. Play around! As usual, here are some sample exercises. A rule of good writing is "avoid the passive voice." Instead of The report was read by Carl, say Carl read the report. Write a program that reads a file of sentences (one per line), detects and eliminates the passive voice, and prints the result. (Don't worry about irregular verbs or capitalization, though.) Sample solution. Sample test sentences. You have a list of phone numbers. The list is messy, and the only thing you know is that there are either seven or 10 digits in each number (the area code is optional), and if there's an extension, it will show up after an "x" somewhere on the line. "416 555-1212," "5551300X40" and "(306) 555.5000 ext 40" are all possible. Write a fix_phone() sub that will turn all of these numbers into the standard format "(123) 555-1234" or "(123) 555-1234 Ext 100," if there is an extension. Assume that the default area code is "123". Sursa: A Beginner's Introduction to Perl 5.10, part three - O'Reilly News

$banner = mysql_real_escape_string($banner); $banner_link = mysql_real_escape_string($banner_link); $target = mysql_real_escape_string($target); Argumentele: $banner, $banner_link, $target - Care sunt? Sigur nu era $_POST['banner']...? Sau probabil $pachet, $tip... ? Oricum acele if-uri sunt ciudate, pune macar un if - elseif ca sa iti execute query-ul si sa creeze acele variabile numai daca toate datele sunt corecte...

Pantech unveils 1.5GHz dual-core Vega Racer droid 19 May, 2011 Pantech has just announced what looks like the most powerful Android smartphone to date. The Pantech Vega Racer packs a dual-core processor clocked at 1.5GHz plus the Adreno 220 GPU, which is a mouth-watering combo. Unfortunately at launch the Pantech Vega Racer will only be available in Korea and there's no saying if availability in other regions will follow. The Vega Racer is based on the same chipset as the HTC EVO 3D - Snapdragon MSM8660, but due to the overclocked 1.5GHz CPU should be even speedier. The other specs highlights of the Vega Racer include a 4.3" LCD of WVGA resolution, 1GB RAM and a couple of cameras - an 8 megapixel one at the back and a 1.3 megapixel unit for video-calling. Pantech Vega Raver will run on Android 2.3 Gingerbread when it hit the SK Telecom shelves later this month. Whether it will later set on a world tour remains to be seen, but it has every chance of going in the history books as the first 1.5GHz dual-core phone. Pantech has also revealed that it is already working on a tablet of its own. They didn't give us an estimate as of when it might become available but we'll be on the lookout for more information about it in the future. Sursa: Pantech unveils 1.5GHz dual-core Vega Racer droid - GSMArena.com news

BitDefender lanseaz? Mobile Security BETA Securitatea mobil? devine un aspect destul de important, aspect pe care programatorii de la Bitdefender l-au în?eles perfect. Ace?tia intr? în domeniul securit??ii mobile cu aplica?ia Bitdefender Mobile Security, unealt? suportat? de Android (momentan) ce ofer? protec?ie superioar? prin serviciile de securitate în cloud ce sunt caracterizate prin procese de scanare puternice, urm?rind prevenirea aplica?iilor mali?ioase. Proiectat cu gândul la eficientizarea consumului de energie, procesul de scanare este realizat doar atunci când este necesar: fie c? utilizatorul dore?te s? verifice aplica?iile instalate, c? instaleaz? o aplica?ie care nu este semnat? sau face alte ac?iuni ce ar putea compromite securitatea telefonului. Una dintre cele mai interesante func?ii este Security Audit, care ofer? o privire de ansamblu asupra tipurilor de aplica?ii ?i asupra informa?iilor la care au acces acestea au date confiden?iale, conexiune la internet sau permisiuni de a folosi serviciile de telefonie. Totodat?, utilizatorii beneficiaz? de scanare on-install ?i on-demand, care pot fi activate oricând, pentru a se asigura c? toate aplica?iile instalate sunt legitime ?i sigure. Varianta BETA a BitDefender Mobile Security poate fi desc?rcat? gratuit direct din Android Market sau de pe site-ul BitDefender, la aceast? adres?. Personal, am avut pl?cerea ?i ?ansa de a discuta cu echipa din spatele proiectului înc? din perioada unei versiuni Alpha timide. ?i atunci, ?i acum salut ini?iativa. Sursa: BitDefender lanseaz

Chrome, Firefox ?i Safari sufer? de o scurgere important? de memorie Pe pagina Chromium a fost raportat? o problem? a browserului care se caracterizeaz? printr-o scurgere de memorie în momentul în care un client cere ?i se afi?eaz? o imagine de la server, iar aceasta vine cu headerul “Cache-Contro: no-store”, parametru ce spune browserului c? imaginea nu ar trebui stocat? local. În mod teoretic, memoria alocat? ar trebui s? fie eliberat? la un moment dat, dar se pare c? acest lucru nu ajunge s? se întâmple niciodat?. Conform aceluia?i raport, înc?rcarea unei imagini de 22KB JPEG (512×512 pixeli) m?re?te cantitatea de memorie cu aproape 1,000KB. Interesant este faptul c? problema aceasta apare atât în Chrome 11 (versiunea stabil?), dar ?i în Safari 5, Firefox 4.x. Aparent, singurul browser care nu are aceast? problem? este Internet Explorer, versiunile 7, 8 ?i 9. Mai multe detalii aici. Sursa: Chrome, Firefox

BitDefender Total Security 2012 Beta Details: http://beta2012.bitdefender.com/ Download: http://download.bitdefender.com/windows/installer/beta/en-us/bitdefender_tsecurity.exe

Editia Windows 8 cu suport ARM nu va mosteni aplicatiile Windows de Silviu Anton | 19 mai 2011 Odata cu lansarea Windows 8, Microsoft isi propune sa cucereasca si piata mobila. Astfel, viitoarea generatie a sistemului de operare va avea doua editii: una x86 si una ARM. Arhitectura x86 va ramane compatibila cu majoritatea aplicatiilor Windows, in vreme ce versiunea cu suport pentru chip-urile mobile de la ARM va ramane fara mostenirea aplicatiilor. Asta este o veste proasta pentru consumatori, care vor fi nevoiti sa isi cumpere din nou aplicatiile esentiale precum Microsoft Office. Cel mai probabil, compania spera ca acest “neajuns” al versiunii ARM a Windows 8 sa fie unul care sa poata fi trecut cu vederea. Pana la urma, software-ul Microsoft are o multime de fanboys care asteapta cu nerabdare sa beneficieze de experienta Windows si pe dispozitivele mobile. In plus, chip-urile ARM au cunoscut o crestere exploziva pe frontul mobil, gratie performantei crescute, consumului redus de energie si a unei durate de viata mai lungi a bateriei. Sursa: Editia Windows 8 cu suport ARM nu va mosteni aplicatiile Windows | Hit.ro

Linux kernel 2.6.39 released After just 65 days of development, Linus Torvalds has released version 2.6.39 of the Linux kernel. The new release includes support for ipset which simplified firewall configuration and deployment by allowing updatable and quickly searchable external tables to be used by the network filtering. Interrupt handling can now be handled almost entirely by kernel threads, the ext4 file system and block layers are now able to scale better and show better performance and the kernel now includes a network backend for Xen virtualisation. As always, the new kernel brings hundreds of new or enhanced drivers. For example, support for AMD's current "Cayman" family of high end graphics cards and GPUs arrived with a simple DRM/KMS driver. Also new in this release are drivers for the function keys of Samsung notebooks and the Realtek RTL8192CU and RTL8188CU Wi-Fi chips. Whats News in Linux kernel 2.6.39 The latest Linux kernel offers drivers for AMD's current high-end graphics chips and ipsets that simplify firewall implementation and maintenance. The Ext4 file system and the block layer are now said to work faster and offer improved scalability. Hundreds of new or improved drivers enhance the kernel's hardware support. Version 2.6.39 once again took Linus Torvalds and his fellow developers less than 70 days to complete. This is further indication of a slight, though ever more apparent, increase in the kernel's development speed, as about 80 to 90 days still passed between the release of two versions one or two years ago. With 2.6.39, this also meant that there was a slight decrease in the number of advancements which are worth mentioning in the Kernel Log; however, there are still plenty of changes that will make Linux faster and better. This article will provide a brief description of the new Linux version's most important improvements. Many of these improvements affect not only servers but also notebooks and desktop PCs. The distribution kernels will bring the improvements to the majority of Linux systems in the short or medium term, as these kernels are based on the kernels released by Linus Torvalds. Graphics The Radeon driver of kernel version 2.6.39 will support the Cayman family of graphics chips that AMD is using, models such as the current Radeon HD 6790 to 6970 cards (see 1, 2). However, these cards' 2D and 3D acceleration features are unavailable because there is no DRM support; future kernel versions will fix this problem. The Nouveau driver for NVIDIA GPUs now supports Z compression. The developers have also fixed a performance issue that reportedly reduced performance by 10 to 30 per cent. The developers of the graphics drivers for Intel chips have made numerous minor changes; some of them reduce the power consumption of recent graphics cores (see 1, 2, 3) or improve performance in certain situations. The developers have added a rudimentary graphics driver for the GMA500, a graphics device that was previously considered a big problem under Linux. It is included in Intel's US15W ("Poulsbo") chipset, which was originally designed for the embedded market but is used in netbooks by some manufacturers. Download: http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.39.tar.bz2 Sursa: http://www.thehackernews.com/2011/05/linux-kernel-2639-released-update-now.html

E in engleza, am gasit mai multe stiri in engleza dar nu le-am citit de lene, pe asta am citit-o

Android: Problema grava de securitate! O echipa de cercetatori de la Universitatea Ulm, Germania a descoperit o problema critica de securitate la platforma Android, celebrul sistem de operare pentru smartphone de la Google. 99.7% din totalul telefoanelor de acest tip pot trimite la distanta cheia personala de autentificare, atunci cand sunt conectati prin retele WiFi nesigure. S-a descoperit ca aplicatiile trimit numele de utilizator si parola spre server in mod securizat, iar acesta din urma returneaza o cheie de autentificare, astfel incat aplicatia sa nu fie nevoita sa se logheze la fiecare conectare. Cercetatorii au descoperit ca aceasta cheie este punctul nevralgic, deoarece este transmisa de multe ori intr-un mod nesigur (facilitand furtul ei). Folosind metoda de sniffing al unei retele WiFi nesecurizate, atacatorul va putea intra usor in posesia acestei chei. Cum ea este valida timp de 2 saptamani, atacatorul poate merge mai departe sincronizand contactele si intrarile din calendar, de pe telefonul tau pe al sau. Totusi, vulnerabilitatea se rezuma strict la partea de Gmail Calendar/Contacts. Daca nu ai setat sincronizare cu Calendar sau Contacts din GMail, sau daca totusi le sincronizezi dar nu folosesti free WiFi si preferi 3G, vulnerabilitatea e redusa la zero. Android 2.3.4 si 3.0 par sa fie ferite de probleme, desi partial. Aplicatia Picasa Sync foloseste inca o modalitate nesigura de conectare, chiar si in aceste ultime versiuni. Pentru mai multe detalii: Catching authTokens in the wild - Universität Ulm Sursa: Android: Problema grava de securitate!

Invisible arbitrary CSRF file upload in Flickr.com Mic studiu de caz. Summary Basic upload form in Flickr.com was vulnerable to CSRF. Visiting a malicious page while being logged in to Flickr.com (or using Flickr.com 'keep me signed in' feature) allowed attacker to upload images or videos on user's behalf. These files could have all the visibility / privacy settings that user can set in Basic Upload form. Uploading files did not require any user intervention and/or consent. Described vulnerability has been quickly fixed by Flickr.com team. The exploit is an example of using my HTML5 arbitrary file upload method. Demo: Vulnerability description Flickr.com basic upload form displayed on http://www.flickr.com/photos/upload/basic/ submits a POST request with multipart/form-data MIME type (standard HTTP File Upload form). This request looks like this: POST /photos/upload/transfer/ HTTP/1.1 Host: up.flickr.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.2.18pre) Gecko/20110419 Ubuntu/10.04 (lucid) Namoroka/3.6.18pre Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: pl,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.flickr.com/photos/upload/basic/ Cookie: BX=somecookies&b=3&s=rv; localization=en-us%3Bus%3Bpl; current_identity_provider_name=yahoo; current_identity_email=removed@example.com; cookie_session=session-id-here Content-Type: multipart/form-data; boundary=---------------------------410405671879807276394827599 Content-Length: 29437 -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="done" 1 -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="complex_perms" 0 -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="magic_cookie" 8b84f6a5d988b5f3a1be31c841042f41 -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="file1"; filename="0011.jpg" Content-Type: image/jpeg [binary-data-here] -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="tags" -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="is_public_0" 1 -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="safety_level" 0 -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="content_type" 0 -----------------------------410405671879807276394827599 Content-Disposition: form-data; name="Submit" UPLOAD -----------------------------410405671879807276394827599-- On line 11 there are some Flickr.com cookies, there is also a magic_cookie form field which looks like an anti-CSRF token. However, it was not verified properly. Changing the value or removing magic_cookie field still resulted in successful file upload. To make things worse, Flickr.com uses persistent cookie BX for 'keep me signed in' feature. Sending POST request to http://up.flickr.com/photos/upload/transfer/does not require an active session set up beforehand. If BX cookie is present, Flickr.com will silently sign the user in while processing the request. Therefore all accounts using Flickr.com 'keep me signed in' feature were potential targets of described attack. Attack Malicious page with this HTML code: <form enctype=multipart/form-data action="http://up.flickr.com/photos/upload/transfer/" method="post"> <input type=hidden name=is_public_0 value=1> <input type=file name=file1> <input type="submit"> <!-- no magic_cookie here, still works --> </form> was able to submit a file to Flickr.com on logged in user's behalf, because the browser would attach the Flickr cookies to the request, and Flickr had no way of distinguishing it from a legitimate request (a classic CSRF vulnerability). Above technique required user to manually choose the file from his HDD. However, using my method a malicious page was able to construct the raw multipart/form-data request in Javascript and send it quietly without user interaction. In the demo video, a button press is required, but this is only for presentational purposes. File upload can be triggered automatically on page load. As a result, visiting malicious page in browsers supporting CORS requests as per specification (Firefox 4, Chrome) while using Flickr.com 'keep me signed in' feature (or having an active Flickr.com session) resulted in uploading images and videos chosen by attacker to Flickr.com photostream (with visibility settings, tags etc. chosen by the attacker). Exemplary exploit code is here. Fix As of today, Flickr.com fixed the issue and contacted me to confirm the fix - all within a few hours since notifying, great work guys! Now magic_cookie value is checked upon processing the upload request. Timeline 17.05.2011 - vulnerability discovered 18.05.2011 - vendor notified 18.05.2011 - vendor responded, fix released Sursa: Invisible arbitrary CSRF file upload in Flickr.com

The DOMinator Project What is DOMinator? DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to identify DOMXss. How it works? It uses dynamic runtime tainting model on strings and can trace back taint propagation operations in order to understand if a DOMXss vulnerability is actually exploitable. You can have an introduction about the implementation flow and some interface description here What are the possibilities? In the topics of DOMXss possibilities are quite infinite. At the moment DOMinator can help in identifying reflected DOM Based Xss, but there is potential to extend it to stored DOMXss analysis. Download Start from the installation instructions then have a look at the video. Use the issues page to post about problems crashes or whatever. And finally subscribe to the DOMinator Mailing List to get live news. Video A video has been uploaded here to show how it works. Here's the video: Soon I'll post more tutorials about the community version. Some stats about DOM Xss We downloaded top Alexa 1 million sites and analyzed the first 100 in order to verify the presence of exploitable DOM Based Cross Site Scripting vulnerabilities. Using DOMinator we found that 56 out of 100 (56% of sites) were vulnerable to reliable DOMXss attacks. Some analysis example can be found here and here. We'll release a white paper about this research, in the meantime you can try to reach our results using DOMinator. Future work DOMinator is still in beta stage but I see a lot of potential in this project. For example I can think about: Dominator library (Spidermonkey) used in web security scanners project for automated batch testing. Logging can be saved in a DB and lately analyzed. Per page testing using Selenium/iMacros. A version of DOMinator for xulrunner. A lot more It only depends on how many people will help me in improving it. So, if you're interested in contributing in the code (or in funding the project) let me know, I'll add you to the project contributors. We have some commercial ideas about developing a more usable interface with our knowledge base but we can assure you that the community version will always be open and free. In the next few days I'll release a whitepaper about DOMinator describing the implementation choices and the technical details. Stay tuned for more information about DOMinator..the best is yet to come. Acknowledgements DOMinator is a project sponsored by Minded Security, created and maintainted by me (Stefano Di Paola). I al want to thank Arshan Dabirsiaghi (Aspect Security), Gareth Heyes and Luca Carettoni (Matasano) for their feedback on the pre-pre-beta version Finally, feel free to follow DOMinator news on Twitter as well by subscribing to @WisecWisec and @DOMXss. Sursa: Minded Security Blog: The DOMinator Project

The Social-Engineer Toolkit v1.4 “The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.” This is the official change log: Java changed how self signed certificates work. It shows a big UNKNOWN now, modified self sign a bit. Added the ability to purchase a code signing certificate and sign it automatically. You can either import or create a request. Fixed a bug in the wifi attack vector where it would not recognize /usr/local/sbin/dnsspoof as a valid path Fixed a bug in the new backtrack5 to recognize airmon-ng Added the ability to import your own code signed certificate without having to generate it through SET Fixed an issue where the web templates would load two java applets on mistake, it now is correct and only loads one Fixed a bounds exception issue when using the SET interactive shell, it was using pexpect.spawn and was changed to subprocess.Popen instead Added better import detection and error handling around the python module readline. Older versions of python may not have, if it detects that python-readline is not installed it will disable tab completion Added a new menu to the main SET interface that is the new verified codesigning certificate menu Fixed a bug with the SET interactive shell that if you selected a number that was out of the range of shells listed, it would hang. It now throws a proper exception if an invalid number or non-numeric instance is given for input Added more documentation around the core modules in the SET User_Manual Updated the SET_User manual to reflect version 1.4 Download: http://www.secmaniac.com/download/ Sursa: UPDATE: The Social-Engineer Toolkit v1.4!

A mai observat cineva ca aceste "disclosure"-uri sunt facute in zile ce se termina in 7? Adica 7, 17, 27... ? Ma refer la ultimele actiuni.

NU MAI AM nytro_rst @ yahoo.com . Am dat mass cu parola, si am postat-o si aici pe forum. Nu aveam ce face cu acel ID. Si desigur, la 2 minute parola a fost schimbata si un ratat dadea mass-uri cu nu stiu ce keylogger sau stealer. Iar mail-ul de la profil, nytro@rstcenter.com e pus de forma, nu am acel mail. Deci in niciun caz nu am trimis eu acele mail-uri, nu ma ocup cu asa ceva, urasc astfel de rahaturi. Daca trimite un fisier atasat, postati aici sa il analizez.

Back|Track 5 on Motorola XOOM in 10 minutes or less Here’s a quick down and dirty on how to get Back|Track 5 working on the Motorola XOOM. There are a few tutorials out there already but none which seemed the easiest (at least for me). 1. You will need to root your Motorola XOOM, download the android-sdk and use adb to root your XOOM. The steps can be found here. 2. Download Back|Track 5 ARM edition from here: Downloads 3. Unzip and copy the the BT5 zip file and copy it over to your XOOM’s SDCARD directory, make it easy and name the folder BT5. If your using a mac, download the Android file-transfer here. 4. Download ASTRO File manager from the Android Market on your XOOM 5. Browse to your BT5 directory on the SDCARD and click on the boot.img.gz. Extract the content in the same directory. Note we couldn’t just ungzip and copy over since its FAT32 and when its extracted it’s a total of 5gb. Note it will take a few minutes to extract, the end filesize will be exactly 5.0gb. Just be patient, and go up a directory and go back in to see when its completed, the extracting message may go away but it will still extract. 6. Once you have that, go into your terminal emulator, for example busybox terminal, and type in cd /sdcard/BT5, then cp busybox ../, then sh installbusybox.sh. Once that is completed type sh bootbt 7. You should now be at a BT command prompt. Type the following in the terminal: export USER=root 8. You can do vncpasswd to change the VNC password or leave it default (toortoor). 9. Type startvnc 10. Download a VNC viewer from the Android Market on your XOOM 11. Connect to localhost via port 5901 on the new password you just created. There you go. You’re all set. Sursa: Back|Track 5 on Motorola XOOM in 10 minutes or less | SecManiac.com

Finding If a Computer Is a Laptop Marius Bancila C++, COM 2011-01-05 I’ve ran recently across this question: how to find (using C++) if a computer is a laptop? That is possible with WMI and many answers (such as this) point to the Win32_SystemEnclosure class. This class has a member called ChassisTypes, which is an array of integers indicating possible chassis types. At least one of them should indicate a laptop. However, there might be several problems with this solution. First, there are several values for “laptops”: * 8 – Portable * 9 – Laptop * 10 – Notebook Different machines might return different values. And more important, this property might not be defined on all computers. A more reliable solution is explained in this TechNet article Finding Computers That Are Laptops. The solution described there suggests checking for several properties: * Win32_SystemEnclosure, ChassisTypes(1)=10. * Win32_Battery or Win32_PortableBattery. * Win32_PCMCIAController * Win32_DriverVXD.Name = “pccard” * Win32_ComputerSystem.Manufacturer * Win32_ComputerSystem.Model The following code shows how one can query for the chassis types using C++. Run queries for the other properties to make sure you are running on a laptop. #define _WIN32_DCOM #include < iostream > using namespace std; #include < comdef.h > #include < Wbemidl.h > #pragma comment(lib, "wbemuuid.lib") class WMIQuery { IWbemLocator* m_pLocator; IWbemServices* m_pServices; public: WMIQuery(): m_pLocator(NULL), m_pServices(NULL) { } bool Initialize() { // Obtain the initial locator to WMI HRESULT hr = ::CoCreateInstance( CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &m_pLocator); if (FAILED(hr)) { cerr << "Failed to create IWbemLocator object. Err code = 0x" << hex << hr << endl; return false; } // Connect to WMI through the IWbemLocator::ConnectServer method // Connect to the root\cimv2 namespace with the current user hr = m_pLocator->ConnectServer( _bstr_t(L"ROOT\\CIMV2"), // Object path of WMI namespace NULL, // User name. NULL = current user NULL, // User password. NULL = current 0, // Locale. NULL indicates current NULL, // Security flags. 0, // Authority (e.g. Kerberos) 0, // Context object &m_pServices // pointer to IWbemServices proxy ); if (FAILED(hr)) { cerr << "Could not connect. Error code = 0x" << hex << hr << endl; m_pLocator->Release(); m_pLocator = NULL; return false; } // Set security levels on the proxy hr = ::CoSetProxyBlanket( m_pServices, // Indicates the proxy to set RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx NULL, // Server principal name RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx NULL, // client identity EOAC_NONE // proxy capabilities ); if (FAILED(hr)) { cerr << "Could not set proxy blanket. Error code = 0x" << hex << hr << endl; m_pServices->Release(); m_pServices = NULL; m_pLocator->Release(); m_pLocator = NULL; return false; } return true; } IEnumWbemClassObject* Query(LPCTSTR strquery) { IEnumWbemClassObject* pEnumerator = NULL; HRESULT hr = m_pServices->ExecQuery( bstr_t("WQL"), bstr_t(strquery), WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator); if (FAILED(hr)) { cerr << "Query for operating system name failed. Error code = 0x" << hex << hr << endl; return NULL; } return pEnumerator; } ~WMIQuery() { if(m_pServices != NULL) { m_pServices->Release(); m_pServices = NULL; } if(m_pLocator != NULL) { m_pLocator->Release(); m_pLocator = NULL; } } }; int _tmain(int argc, _TCHAR* argv[]) { HRESULT hres; // Initialize COM. hres = ::CoInitializeEx(0, COINIT_MULTITHREADED); if (FAILED(hres)) { cout << "Failed to initialize COM library. Error code = 0x" << hex << hres << endl; return 1; } // Set general COM security levels hres = ::CoInitializeSecurity( NULL, -1, // COM authentication NULL, // Authentication services NULL, // Reserved RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation NULL, // Authentication info EOAC_NONE, // Additional capabilities NULL // Reserved ); if (FAILED(hres)) { cout << "Failed to initialize security. Error code = 0x" << hex << hres << endl; ::CoUninitialize(); return 1; } else { WMIQuery query; if(query.Initialize()) { IEnumWbemClassObject* pEnumerator = query.Query(_T("SELECT * FROM Win32_SystemEnclosure")); if(pEnumerator != NULL) { // Get the data from the query IWbemClassObject *pclsObj; ULONG uReturn = 0; while (pEnumerator) { HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn); if(0 == uReturn) { break; } VARIANT vtProp; hr = pclsObj->Get(L"Name", 0, &vtProp, 0, 0); wcout << "Name: " << vtProp.bstrVal << endl; hr = pclsObj->Get(L"ChassisTypes", 0, &vtProp, 0, 0); wcout << "Chassis: "; SAFEARRAY* parrValues = NULL; if (vtProp.vt & VT_ARRAY) { if (VT_BYREF & vtProp.vt) parrValues = *vtProp.pparray; else parrValues = vtProp.parray; } if (parrValues != NULL) { SAFEARRAYBOUND arrayBounds[1]; arrayBounds[0].lLbound = 0; arrayBounds[0].cElements = 0; SafeArrayGetLBound(parrValues, 1, &arrayBounds[0].lLbound); SafeArrayGetUBound(parrValues, 1, (long*)&arrayBounds[0].cElements); arrayBounds[0].cElements -= arrayBounds[0].lLbound; arrayBounds[0].cElements += 1; if (arrayBounds[0].cElements > 0) { for (ULONG i = 0; i < arrayBounds[0].cElements; i++) { LONG lIndex = (LONG)i; INT item; HRESULT hr = ::SafeArrayGetElement(parrValues, &lIndex, &item); if(SUCCEEDED(hr)) { LPCTSTR szType = NULL; switch(item) { case 1: szType = _T("Other"); break; case 2: szType = _T("Unknown"); break; case 3: szType = _T("Desktop"); break; case 4: szType = _T("Low Profile Desktop"); break; case 5: szType = _T("Pizza Box"); break; case 6: szType = _T("Mini Tower"); break; case 7: szType = _T("Tower"); break; case 8: szType = _T("Portable"); break; case 9: szType = _T("Laptop"); break; case 10:szType = _T("Notebook"); break; case 11:szType = _T("Hand Held"); break; case 12:szType = _T("Docking Station"); break; case 13:szType = _T("All in One"); break; case 14:szType = _T("Sub Notebook"); break; case 15:szType = _T("Space-Saving"); break; case 16:szType = _T("Lunch Box"); break; case 17:szType = _T("Main System Chassis"); break; case 18:szType = _T("Expansion Chassis"); break; case 19:szType = _T("SubChassis"); break; case 20:szType = _T("Bus Expansion Chassis"); break; case 21:szType = _T("Peripheral Chassis"); break; case 22:szType = _T("Storage Chassis"); break; case 23:szType = _T("Rack Mount Chassis"); break; case 24:szType = _T("Sealed-Case PC"); break; } wcout << szType; if(i+1 < arrayBounds[0].cElements) wcout << ", "; } } wcout << endl; } } VariantClear(&vtProp); pclsObj->Release(); } pEnumerator->Release(); } } } ::CoUninitialize(); return 0; } On my laptop, the program output was: Name: System Enclosure Chassis: Notebook Sursa: Finding If a Computer Is a Laptop | Marius Bancila's Blog

Finding Installed Applications with VC++ Marius Bancila C++, COM, Windows Programming 2011-05-01 Finding applications installed on a machine (the ones that you see in Control Panel Add/Remove programs) could be a little bit tricky, because there isn’t a bulletproof API or method. Each of the available methods has its own weak points. WMI is slow and can actually be disabled on a machine. MSI API only shows applications installed with an MSI, and reading directly from the Windows Registry is not an officially supported alternative. Thus it is an open point which one is the most appropriate, though the official answer will probably be MSI API. In this post I will go through all of these three methods and show how to query for the installed applications and display the name, publisher, vendor and installation location (if available). Notice these are just some samples, and if you want to use this in your applications you’ll probably want to do additional things like better error checking. Because I want the code to work both with ANSI and UNICODE I will use the following defines #include < iostream > #include < string> #ifdef _UNICODE #define tcout wcout #define tstring wstring #else #define tcout cout #define tstring string #endif WMI Win32_Product is a WMI class that represents a product installed by Windows Installer. For fetching the list of installed applications with WMI I will reuse the WMIQuery class I first shown in this post. You need to include Wbemidl.h and link with wbemuuid.lib. In the code shown below WmiQueryValue() is a function that reads a property from the current record and returns it as an STL string (UNICODE or ANSI). WmiEnum() is a function that fetches and displays in the console all the installed applications. class WMIQuery { IWbemLocator* m_pLocator; IWbemServices* m_pServices; public: WMIQuery(): m_pLocator(NULL), m_pServices(NULL) { } bool Initialize() { // Obtain the initial locator to WMI HRESULT hr = ::CoCreateInstance( CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &m_pLocator); if (FAILED(hr)) { cerr << "Failed to create IWbemLocator object. Err code = 0x" << hex << hr << endl; return false; } // Connect to WMI through the IWbemLocator::ConnectServer method // Connect to the root\cimv2 namespace with the current user hr = m_pLocator->ConnectServer( _bstr_t(L"ROOT\\CIMV2"), // Object path of WMI namespace NULL, // User name. NULL = current user NULL, // User password. NULL = current 0, // Locale. NULL indicates current NULL, // Security flags. 0, // Authority (e.g. Kerberos) 0, // Context object &m_pServices // pointer to IWbemServices proxy ); if (FAILED(hr)) { cerr << "Could not connect. Error code = 0x" << hex << hr << endl; m_pLocator->Release(); m_pLocator = NULL; return false; } // Set security levels on the proxy hr = ::CoSetProxyBlanket( m_pServices, // Indicates the proxy to set RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx NULL, // Server principal name RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx NULL, // client identity EOAC_NONE // proxy capabilities ); if (FAILED(hr)) { cerr << "Could not set proxy blanket. Error code = 0x" << hex << hr << endl; m_pServices->Release(); m_pServices = NULL; m_pLocator->Release(); m_pLocator = NULL; return false; } return true; } IEnumWbemClassObject* Query(LPCTSTR strquery) { IEnumWbemClassObject* pEnumerator = NULL; HRESULT hr = m_pServices->ExecQuery( bstr_t("WQL"), bstr_t(strquery), WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator); if (FAILED(hr)) { cerr << "Query for operating system name failed. Error code = 0x" << hex << hr < endl; return NULL; } return pEnumerator; } ~WMIQuery() { if(m_pServices != NULL) { m_pServices->Release(); m_pServices = NULL; } if(m_pLocator != NULL) { m_pLocator->Release(); m_pLocator = NULL; } } }; tstring WmiQueryValue(IWbemClassObject* pclsObj, LPCWSTR szName) { tstring value; if(pclsObj != NULL && szName != NULL) { VARIANT vtProp; HRESULT hr = pclsObj->Get(szName, 0, &vtProp, 0, 0); if(SUCCEEDED(hr)) { if(vtProp.vt == VT_BSTR && ::SysStringLen(vtProp.bstrVal) > 0) { #ifdef _UNICODE value = vtProp.bstrVal; #else int len = ::SysStringLen(vtProp.bstrVal)+1; if(len > 0) { value.resize(len); ::WideCharToMultiByte(CP_ACP, 0, vtProp.bstrVal, -1, &value[0], len, NULL, NULL); } #endif } } } return value; } void WmiEnum() { HRESULT hres; // Initialize COM. hres = ::CoInitializeEx(0, COINIT_MULTITHREADED); if (FAILED(hres)) { cout << "Failed to initialize COM library. Error code = 0x" << hex << hres << endl; return; } // Set general COM security levels hres = ::CoInitializeSecurity( NULL, -1, // COM authentication NULL, // Authentication services NULL, // Reserved RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation NULL, // Authentication info EOAC_NONE, // Additional capabilities NULL // Reserved ); if (FAILED(hres)) { cout << "Failed to initialize security. Error code = 0x" << hex << hres << endl; ::CoUninitialize(); return; } else { WMIQuery query; if(query.Initialize()) { IEnumWbemClassObject* pEnumerator = query.Query(_T("SELECT * FROM Win32_Product")); if(pEnumerator != NULL) { // Get the data from the query IWbemClassObject *pclsObj; ULONG uReturn = 0; while (pEnumerator) { HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn); if(0 == uReturn) { break; } // find the values of the properties we are interested in tstring name = WmiQueryValue(pclsObj, L"Name"); tstring publisher = WmiQueryValue(pclsObj, L"Vendor"); tstring version = WmiQueryValue(pclsObj, L"Version"); tstring location = WmiQueryValue(pclsObj, L"InstallLocation"); if(!name.empty()) { tcout << name << endl; tcout << " - " << publisher << endl; tcout << " - " << version << endl; tcout << " - " << location << endl; tcout << endl; } pclsObj->Release(); } pEnumerator->Release(); } } } // unintializa COM ::CoUninitialize(); } A sample from the output of this WmiEnum() function looks like this: Java? 6 Update 25 – Oracle – 6.0.250 – C:\Program Files\Java\jre6\ Java? SE Development Kit 6 Update 25 – Oracle – 1.6.0.250 – C:\Program Files\Java\jdk1.6.0_25\ Microsoft .NET Framework 4 Client Profile – Microsoft Corporation – 4.0.30319 - Microsoft Sync Framework Services v1.0 SP1 (x86) – Microsoft Corporation – 1.0.3010.0 - Microsoft ASP.NET MVC 2 – Visual Studio 2010 Tools – Microsoft Corporation – 2.0.50217.0 - Adobe Reader X (10.0.1) – Adobe Systems Incorporated – 10.0.1 – C:\Program Files\Adobe\Reader 10.0\Reader\ One can notice that the code is relatively long, but most important it is very slow. MSI API Two of the MSI API functions can help fetching the list of installed applications: * MsiUnumProductsEx: enumerates through one or all the instances of products that are currently advertised or installed (requires Windows Installer 3.0 or newer) * MsiGetProductInfoEx: returns product information for advertised and installed products In order to use these functions you need to include msi.h and link to msi.lib. In the code below, MsiQueryProperty() is a function that returns the value of product property (as a tstring as defined above) by calling MsiGetProductInfoEx. MsiEnum() is a function that iterates through all the installed applications and prints in the console the name, publisher, version and installation location. tstring MsiQueryProperty(LPCTSTR szProductCode, LPCTSTR szUserSid, MSIINSTALLCONTEXT dwContext, LPCTSTR szProperty) { tstring value; DWORD cchValue = 0; UINT ret2 = ::MsiGetProductInfoEx( szProductCode, szUserSid, dwContext, szProperty, NULL, &cchValue); if(ret2 == ERROR_SUCCESS) { cchValue++; value.resize(cchValue); ret2 = ::MsiGetProductInfoEx( szProductCode, szUserSid, dwContext, szProperty, (LPTSTR)&value[0], &cchValue); } return value; } void MsiEnum() { UINT ret = 0; DWORD dwIndex = 0; TCHAR szInstalledProductCode[39] = {0}; TCHAR szSid[128] = {0}; DWORD cchSid; MSIINSTALLCONTEXT dwInstalledContext; do { memset(szInstalledProductCode, 0, sizeof(szInstalledProductCode)); cchSid = sizeof(szSid)/sizeof(szSid[0]); ret = ::MsiEnumProductsEx( NULL, // all the products in the context _T("s-1-1-0"), // i.e.Everyone, all users in the system MSIINSTALLCONTEXT_USERMANAGED | MSIINSTALLCONTEXT_USERUNMANAGED | MSIINSTALLCONTEXT_MACHINE, dwIndex, szInstalledProductCode, &dwInstalledContext, szSid, &cchSid); if(ret == ERROR_SUCCESS) { tstring name = MsiQueryProperty( szInstalledProductCode, cchSid == 0 ? NULL : szSid, dwInstalledContext, INSTALLPROPERTY_INSTALLEDPRODUCTNAME); tstring publisher = MsiQueryProperty( szInstalledProductCode, cchSid == 0 ? NULL : szSid, dwInstalledContext, INSTALLPROPERTY_PUBLISHER); tstring version = MsiQueryProperty( szInstalledProductCode, cchSid == 0 ? NULL : szSid, dwInstalledContext, INSTALLPROPERTY_VERSIONSTRING); tstring location = MsiQueryProperty( szInstalledProductCode, cchSid == 0 ? NULL : szSid, dwInstalledContext, INSTALLPROPERTY_INSTALLLOCATION); tcout << name << endl; tcout << " - " << publisher << endl; tcout << " - " << version << endl; tcout << " - " << location << endl; tcout << endl; dwIndex++; } } while(ret == ERROR_SUCCESS); } And this is a sample for the WmiEnum() function. Java? 6 Update 25 - Oracle - 6.0.250 - C:\Program Files\Java\jre6\ Java? SE Development Kit 6 Update 25 - Oracle - 1.6.0.250 - C:\Program Files\Java\jdk1.6.0_25\ Microsoft .NET Framework 4 Client Profile - Microsoft Corporation - 4.0.30319 - Microsoft Sync Framework Services v1.0 SP1 (x86) - Microsoft Corporation - 1.0.3010.0 - Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - Microsoft Corporation - 2.0.50217.0 - Adobe Reader X (10.0.1) - Adobe Systems Incorporated - 10.0.1 - C:\Program Files\Adobe\Reader 10.0\Reader\ Windows Registry Installed applications are listed in Windows Registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall. The KB247501 article explains the structure of the information under this Registry key. Make sure you read it if you decide to use this approach. In the code shown below, RegistryQueryValue() is a function that queries the value of a name/value pair in the registry and returns the value as a tstring. RegistryEnum() is a function that prints to the console all the installed application as found in the registry. tstring RegistryQueryValue(HKEY hKey, LPCTSTR szName) { tstring value; DWORD dwType; DWORD dwSize = 0; if (::RegQueryValueEx( hKey, // key handle szName, // item name NULL, // reserved &dwType, // type of data stored NULL, // no data buffer &dwSize // required buffer size ) == ERROR_SUCCESS && dwSize > 0) { value.resize(dwSize); ::RegQueryValueEx( hKey, // key handle szName, // item name NULL, // reserved &dwType, // type of data stored (LPBYTE)&value[0], // data buffer &dwSize // available buffer size ); } return value; } void RegistryEnum() { HKEY hKey; LONG ret = ::RegOpenKeyEx( HKEY_LOCAL_MACHINE, // local machine hive _T("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall"), // uninstall key 0, // reserved KEY_READ, // desired access &hKey // handle to the open key ); if(ret != ERROR_SUCCESS) return; DWORD dwIndex = 0; DWORD cbName = 1024; TCHAR szSubKeyName[1024]; while ((ret = ::RegEnumKeyEx( hKey, dwIndex, szSubKeyName, &cbName, NULL, NULL, NULL, NULL)) != ERROR_NO_MORE_ITEMS) { if (ret == ERROR_SUCCESS) { HKEY hItem; if (::RegOpenKeyEx(hKey, szSubKeyName, 0, KEY_READ, &hItem) != ERROR_SUCCESS) continue; tstring name = RegistryQueryValue(hItem, _T("DisplayName")); tstring publisher = RegistryQueryValue(hItem, _T("Publisher")); tstring version = RegistryQueryValue(hItem, _T("DisplayVersion")); tstring location = RegistryQueryValue(hItem, _T("InstallLocation")); if(!name.empty()) { tcout << name << endl; tcout << " - " << publisher << endl; tcout << " - " << version << endl; tcout << " - " << location << endl; tcout << endl; } ::RegCloseKey(hItem); } dwIndex++; cbName = 1024; } ::RegCloseKey(hKey); } And a sample output of the RegistryEnum() function: Java? SE Development Kit 6 Update 25 - Oracle - 1.6.0.250 - C:\Program Files\Java\jdk1.6.0_25\ Microsoft Visual Studio 2005 Tools for Office Runtime - Microsoft Corporation - 8.0.60940.0 - MSDN Library for Visual Studio 2008 - ENU - Microsoft - 9.0.21022 - C:\Program Files\MSDN\MSDN9.0\ Microsoft SQL Server Compact 3.5 SP2 ENU - Microsoft Corporation - 3.5.8080.0 - C:\Program Files\Microsoft SQL Server Compact Edition\ Microsoft .NET Framework 4 Client Profile - Microsoft Corporation - 4.0.30319 Sursa: Finding Installed Applications with VC++ | Marius Bancila's Blog

Probabil doar pe cele cu arhitectura procesoarelor ARM. Si probabil nici pe astea nu se poate pe toate.

Hooking 32bit System Calls under WOW64 oxff: Georg Wicherski 2011-05-16 16:47:49 While hooking code in userland seems to be fairly common for various purposes (such as sandboxing malware by API hooking), hooking system calls is usually not done in userland. As you can get the same information from employing such hooks in kernelland (just after the transition), people usually choose to deploy their hooks there, since they benefit from added security and stability if implemented properly. That being said, there is one application of system call hooking that rightfully belongs into userland: Hooking of 32bit system calls on a native 64bit environment. WOW64 is the emulation / abstraction layer introduced in 64bit Windows to support 32bit applications. There are many details about it that I don't want to cover. However for various reasons (I'll leave it to your creativity to find your own; I found a good one playing together with Tillmann Werner), one might be interested in hooking the 32bit system calls that are issued by a 32bit application running in such an environment. On 32bit Windows XP, there used to be a function pointer within the KUSER_SHARED_DATA page at offset 0x300 that pointed to the symbol ntdll!KiFastSystemCall for any modern machine and was used in any system call wrapper in ntdll to issue a system call: 0:001> u poi(0x7ffe0000+0x300) ntdll!KiFastSystemCall: 7c90e510 8bd4 mov edx,esp 7c90e512 0f34 sysenter ntdll!KiFastSystemCallRet: 7c90e514 c3 ret 7c90e515 8da42400000000 lea esp,[esp] 7c90e51c 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c90e520 8d542408 lea edx,[esp+8] 7c90e524 cd2e int 2Eh 7c90e526 c3 ret Hooking this would not make much sense, since one could gather the same data just right after the sysenter within kernelland. Now fast forward to Windows 7, 64bit with a 32bit process running on WOW64. For the following, I will use the 64bit WinDbg version. On this newer environment, the code executed by a system call wrapper, such as ntdll!ZwCreateFile in this example, does not take any indirection through KUSER_SHARED_DATA. Instead, it calls a function pointer within the TEB: 0:000:x86> u ntdll32!ZwCreateFile ntdll32!ZwCreateFile: 77a80054 b852000000 mov eax,52h 77a80059 33c9 xor ecx,ecx 77a8005b 8d542404 lea edx,[esp+4] 77a8005f 64ff15c0000000 call dword ptr fs:[0C0h] 77a80066 83c404 add esp,4 77a80069 c22c00 ret 2Ch This new field is called WOW32Reserved and points into wow64cpu: +0x0c0 WOW32Reserved : 0x743b2320 0:000:x86> u 743b2320 L1 wow64cpu!X86SwitchTo64BitMode: 743b2320 ea1e273b743300 jmp 0033:743B271E This is in turn a far jmp into the 64bit code segment. The absolute address points into the 64bit part of wow64cpu and sets up the 64bit stack first: 0:000> u 743B271E wow64cpu!CpupReturnFromSimulatedCode: 00000000`743b271e 67448b0424 mov r8d,dword ptr [esp] 00000000`743b2723 458985bc000000 mov dword ptr [r13+0BCh],r8d 00000000`743b272a 4189a5c8000000 mov dword ptr [r13+0C8h],esp 00000000`743b2731 498ba42480140000 mov rsp,qword ptr [r12+1480h] Following this, the code will convert the system call specific parameters and convert them to their 64bit equivalents. The code than transitions to the original kernel code. So the only way to grab the unmodified 32bit system calls (and parameters), before any conversion is being done, is to hook this code. My first idea was to hijack the writable function pointer inside the TEB, but that involves the inconvenience that I need to track threads and modify it for every new thread. Since this function pointer always points to the same location, I decided to go for an inline function hook. In this case, the hook is very simple, since I know that there will be one long enough instruction with fixed length operands. However, we have to take into account SMP systems that might be decoding this instruction while we're writing there, so it is desirable to use a locked write. Unfortunately, there is not enough room around the instruction to write the hook there and overwrite the original instruction with a near jmp (two bytes, can be written atomically with mov if the address is word-aligned or xchg in the general case). Hence we need to write our five bytes with one single locked write. There is (at least?) one instruction on x86 in 32bit mode which can do that: cmpxchg8b. Reading the processor manual, it gets obvious that we can abuse this to do an unconditional write if we just execute two subsequent cmpxchg8b in a row (assuming that no one else is writing there concurrently): asm("cmpxchg8b (%6)\n\tcmpxchg8b (%6)" : "=a" (* (DWORD *) origTrampoline), "=d" (* (DWORD *) &origTrampoline;[4]) : "a" (* (DWORD *) trampoline), "d" (* (DWORD *) &trampoline;[4]), "b" (* (DWORD *) trampoline), "c" (* (DWORD *) &trampoline;[4]), "D" (fnX86SwitchTo64BitMode)); One can read out the original jump destination in between those two instructions from edx:eax to hotpatch your hook before it is eventually inserted. This is especially useful when a debugger is attached, as single-stepping results in the syscall trampoline being silently executed (this is great for debugger detection). The hook can then just end in the same jmp far 0x33:?? that was present at X86SwitchTo64BitMode, one just needs to preserve esp and eax. Happy hooking! Sursa: Hooking 32bit System Calls under WOW64

Whois Ping Port Scanner NSlookup & Traceroute Over 7,191,224 guests have used these services to scan over 1,593,876,587 ports, perform 7,490,661 nslookup's, 70,948 ping requests, 414,862 traceroute requests and 71,246 whois requests. Thank you for helping us become the leader in web-based network tools! Link: http://www.t1shopper.com/tools/

Backtrack 5 install on Samsung Galaxy S just finished a Backtrack 5 install on my Samsung Galaxy S phone. I will detail out the steps to get it running most Android phones. While this method was ONLY testing on my Galaxy S (Vibrant) but should work with other devices. README.winning! I have split this guide into two sections. The first section titled "Quick Version" is a simple set of steps to get this working on your phone. All the work in the full version has already been completed by using the quick version. The "Full Version" goes into process detail if you would like to perform all the steps or it may help if you get stuck at any time during the process. This guide will continually be updated to include any feedback or changes. Quick Version: 1. Download the complete set of files you need from here: http://l-lacker.com/bt5/BT5_ARM_Joined.zip Extract BT5.zip to your phones internal SDcard in a directory called "BT5" (cAsE sEnSiTiVe) 2. Launch terminal emulator from your phone and type (everything after the $: or #: is user input): $: su #: cd sdcard #: cd BT5 #: sh bootbt 3. While Backtrack is loaded (when you see a red "root@localhost") start the VNC server by typing:root@localhost:~#: startvnc (stopvnc kills it) 4. Launch VNC (im using this)from your phone and point it at 127.0.0.1:5901 VNC pass: toortoor 5. Welcome to Backtrack on your Phone! Tutorial: http://pauldotcom.com/2011/05/backtrack-5-install-on-samsung.html

Ideea cu termenul "hack" e simpla: reclama. Ei doreau ca cei inscirsi sa foloseasca framework-urile lor: YQL, YUI... E clar: nu exista nicio legatura intre a folosi un framework si a fi hacker. Ce vreau sa spun: framework-urile te ajuta sa faci mai usor diverse actiuni. Folosind asa ceva, faci cu o linie de cod, ceea ce ar trebui sa faci cu 50, deoarece acele 50 de linii sunt deja scrise. Asta inseamna ca tu nu stii exact ce se intampla cand scrii linia respectiva de cod, si ajungi sa nu fii in stare sa faci acea actiune fara acel framework. Iar asta e total in contradictie cu termenul "hack", care presupune sa inveti ceva, sa descoperi, sa CREEZI ceva. E ca si cum i-ai da un program unui copil si l-ai pune sa il foloseasca. O sa zici ca e un script kiddie. Pe aceasta idee, dupa parerea mea, s-a mers si aici: promovarea framework-urilor lor, care presupune promovarea script-kiddingului pana la urma. Legat de proiectul lui Pax si Cheater ar fi mai multe de spus. In primul rand acesta e mai apropiat de termenul "hack" decat gramada de rahaturi imputite, stupide, jalnice si inutile, pe care nu ar da nici parintii celor care le-au facut 2 bani. Ideea a fost originala: "Vasile" intra pe o pagina si bum: se trezeste ca ofera acces la contul sau lui "x" si "y" si ca trimite fara sa vrea mesaj la toata lista de messenger cu acel link. E un atac direct la adresa securitatii celor de la Yahoo!, deci are legatura directa cu termenul "hack". Problema a fost conexiunea la net, nu a avut timp sa arate demo-ul. Si cred ca cei de la Yahoo! nu sunt foarte familiarizati cu acest termen, de XSS, ca de altfel nici multi care au participat. Ca eveniment mi-a placut: am mancat, am baut, am discutat, atmosfera a fost placuta, a fost foarte bine organizat, foarte strict si totul a fost foarte bine pus la punct.

Linux exploit development part 4 Authored by sickness Posted May 15, 2011 Whitepaper called Linux exploit development part 4 - ASCII armor bypass + return-to-plt. Download: http://packetstormsecurity.org/files/download/101426/lewt4-bypass.pdf http://www.exploit-db.com/download_pdf/17286

KisMAC- Wireless Security Tool For MAC OS As discussed so many topics for both Linux and Windows operating system, now this article will talk about the Wireless LAN (WLAN) security tool that are available for MAC operating system. This article is linked with the series article of Wardriving. Wardriving a act of searching/locating and exploit a access point. If you are a close user of MAC operating system so this tool is for you, KisMAC is a free, open source wireless stumbling and security tool for Mac OS X. Kismac is a replica of netstumbler for windows and Kismet for Linux, the overall idea of wardriving is same You can get and install Kismac on your MACbook and start driving the concept of gpsd is same. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning. KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning. Key Features Reveals hidden / cloaked / closed SSIDs Shows logged in clients (with MAC Addresses, IP addresses and signal strengths) Mapping and GPS support Can draw area maps of network coverage PCAP import and export Support for 802.11b/g Different attacks against encrypted networks Deauthentication attacks AppleScript-able Kismet drone support (capture from a Kismet drone) Cracking Support Bruteforce attacks against LEAP, WPA and WEP Weak scheduling attack against WEP Newsham 21-bit attack against WEP Download: http://kismac-ng.org/ Tutorial: http://trac.kismac-ng.org/wiki/tutorials Sursa: KisMAC- Wireless Security Tool For MAC OS | Ethical Hacking-Your Way To The World OF IT Security