Nash's world

Programing

Demonstration of Reverse OpenSSL Reverse Heart Bleed Bug CVE-2014-0160

by on Apr.11, 2014, under Programing

heart-bleed-bug Heart Bleed is turning out to be one of the worst bugs to hit web. While sys admins every where have been rushing to fix the web facing servers. Worst of it was thought to be mitigated by patching the servers and loadbalancers that terminated the SSL connections. It has now been demonstrated that clients that use openssl is also effected and these include

  • MariaDB 5.5.36
  • wget 1.15 (leaks memory of earlier connections and own state)
  • curl 7.36.0
  • git 1.9.1 (tested clone / push, leaks not much)
  • nginx 1.4.7 (in proxy mode, leaks memory of previous requests)
  • links 2.8 (leaks contents of previous visits!)
  • links is a great example that demonstrates the effect of this bug on clients. It is a text-based browser that leaks details including headers (cookies, authorization tokens) and page contents

A malicious server can take advantage of this and copy the memory contents from an unsuspecting client memorys as demoed here

rv heart bleed demo 2

here I am trying to load a Image from one of my servers that has social media content then after i load the page i connect to a malicious server that tries to exploit this bug.

Here is the content the server was to able to grab from from the client.
rv heart bleed demo 1

As you can seen I am able to get exif data of the loaded image and partial content of image.

Here is another demo where by i try to connect to maybanklogin page. then connect to my malicious server. As you can see I am able to get the header passed by the page and partial content of the page too

rv heart bleed demo 3

rv heart bleed demo 4

Please do note this is not a bug on server side but a bug on client side so go and update your OpenSSL library asap. You can get the demo code from https://github.com/Lekensteyn/pacemaker

Enhanced by Zemanta
Leave a Comment :, , , , , , , , , , , more...

IGMH mobile/web app open for testing/usage

by on Aug.30, 2012, under News, Programing

It was one of those rare quiet morning in office (touch wood) when Naail @kudanai (http://www.kudanai.com/) pinged me about a interesting problem he had. He asked me for suggestion on scraping IGMH doctors duty roster from this ancient looking aspx page. At the time he had google app engine app and  He was attempting at the time to use YQL to rangle the data out of the page as the page was being served out of a non standard port on the server wich appengine did not like.

I suggested to him to port the app over to django proper and move the whole application over to my server. To this end we ported app over to django added some fancy (ie: stupid) caching so that we dont kill the poor server we were scraping the data from front end is built on jquerytouch and compass. API stubs are also available to any one who want to get some some sane looking data for their own apps. For access ping Naail or me (@NashRafeeg).

To to try it out for yourselves, visit: http://igmh.dot.my

Some Known Issues:
The display code is built on jQTouch, an thus inherits its flaws and shortcomings. For example, we rely on -webkit-overflow-scrolling: touch to handle the inertial scrolling. This will fail on most android devices and so on.
also, yes, we know about the “back” button issue.
The page currently doesn’t have a timed/manual refresh mechanism (which would ideally be present in the queue data view). You have to go back to home, and then back to the view in order to reload the data.

For those of you more technically inclined
The Backend is
* Nginx
* Django with FastCGI
* Mechanize
* Beautiful Soup
Front End is powered by Jquerytouch and Compass

For how we got started on this endeavor hit up http://www.kudanai.com/2012/08/igmh-mobileweb-app-open-for-testingusage.html

Enhanced by Zemanta
1 Comment :, , , , , more...

How to list cron jobs of all the users

by on Nov.18, 2011, under cool, Programing

while I was doing some server maintenance for a customer last night it required that i find out what cron jobs were in the cron tabs of all the users  on the machine. I found this handy script that will list out all the cron jobs for all the users

#!/bin/bash
for user in $(cut -f1 -d: /etc/passwd)
do echo $user && crontab -u $user -l
echo " "
done
Enhanced by Zemanta
1 Comment more...


Reddit URL Harvester

by on Mar.31, 2011, under cool, Programing

snooI was browsing Reddit and I stumbled  upon a small sub-reddit at /r/Earthporn this small conner of Reddit had higres pictures of earth scenery.  From there i was directed to  /r/CityPorn, /r/SpacePorn , /r/MachinePorn/r/AnimalPorn and /r/BotanicalPorn all HD pic. This got me thinking since i am lazy as fuck i did not want to spend every day going through six sub-reddit download and save them the best way to do is to automate the process.

In order to download the images the first thing that needed to be down was to harvest the urls from the sub-reddits home page. I could have gone and screen scraped with beautiful soup but reddit provides this nifty feature where by if you append .json to end of a url eg http://www.reddit.com/r/earthporn/.json it will return the json file for the corresponding page with posts and urls and other data (also if you append .xml it will return and XML file with the pages data ). This allows me to skip all the dirty crud of passing html of a constenly changing page. Below is the version 0.0.1 of URL harvester code.
(continue reading…)

Leave a Comment :, , , , , more...

Printing 1 to 1000 without loop or conditionals

by on Jan.03, 2011, under Programing

Print numbers from 1 to 1000 without using any loop or conditional statements.

#include <iostream>
template<int N>
struct NumberGeneration{
  static void out(std::ostream& os)
  {
    NumberGeneration<N-1>::out(os);
    os << N << std::endl;
  }
};
template<>
struct NumberGeneration<1>{
  static void out(std::ostream& os)
  {
    os << 1 << std::endl;
  }
};
int main(){
   NumberGeneration<1000>::out(std::cout);
}
1 Comment :, , , more...

PHP variable variables; “variable variable takes the value of a variable and treats that as the name of a variable”. Also, variable.

by on Oct.19, 2010, under Programing

this is only the entrance of the rabbit hole.

If you understand what this expression really does, you realize that you’re gazing upon the entrance to R’lyeh.Do you think you don’t need your soul anymore? If you do, follow me into the lair of the Elder Gods. But be warned, you will die a lot inside.The first thing to understand is what $ is. $ is actually a shorthand for ${} and means “return the value of the variable whose name is contained in this”.That variable name is a string.

A bare word is a PHP string. Let that sink for a second, because we’ll come back to it later: $foo really is the concatenation of $ the variable-indirection character (think *foo) and foo which is a string. foo === "foo" in PHP, even though in raw source code you’ll probably get a warning. If those are enabled.

(continue reading…)

4 Comments :, , , more...


The Future: Argumented Reality

by on Feb.14, 2010, under cool, Programing

This is the new set up that is being rolled out all lego stores around the world. Imagine this technology coming to wireless contact lenses that that can project images in wearers field of vision. Imagine a world where

  • Bookstores will have the top 5 reviews hover above any book you take off the shelf
  • Showing relationship status above our heads so we can date new people.
  • system will analyze body language of another so the socially awkward will receive cues on how to better communicate with the opposite sex.
  • Show what song you are currently listening too
  • See how many calories something has before you eat it
  • Be aware of the average crime rate of the area you are in by the color of the road.
  • And australian spiders will finally have health bars,
  • being able to watch tv from any where with images filling up whole feild of vision

we truly live in the future

8 Comments :, , , more...

Reddit clone in ASM

by on Feb.10, 2010, under cool, Programing

here is reddit clone rewritten in x86 asm Assembly

(continue reading…)

2,382 Comments :, , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...

IDL

Member of The Internet Defense League