Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - DaNePaLI

Pages: [1] 2
1
C - C++ / Re: Finding square root using Newton-Raphson Method
« on: March 10, 2013, 02:24:25 pm »
Hi parad0x, you made a small flaw at line 15.

Replace
Code: [Select]
while(absolute(guess * guess - x*x) >= difference){with
Code: [Select]
while(absolute(guess * guess - x) >= difference){
Since x is the number whose square root you need to find, guess * guess has to be subtracted from x not from x * x.

Then your program will run fine.

2
Projects and Discussion / Re: [Paper] OOP Design Pattern: Observer
« on: March 09, 2013, 09:06:12 pm »
Thanks for the great paper on the Observer design pattern :) . I have not much played with design patterns but I know these are essential stuffs that the software engineering teams need to keep on implementing frequently.

Based on my understanding, we use observer pattern to notify all the depending objects when the state(s) of an object change (one to many). The example that hit my mind is the GUI system where change in background data needs to change the state of one or more GUI items.

Also, what do you think of having abstract GameState class with addObserver(), removeObserver(), and notify() as the base methods, and concrete classes that inherit GameState class and has additional methods getState() and setState(). I mean this could be useful in some scenarios.

And, How can we handle the situation where we need to send notification to yet another object when a state change in some object affects the observer object in some particular fashion.

Great paper. +1

3
Web Oriented Coding / Re: How to debug in PHP
« on: March 09, 2013, 05:01:38 pm »
Make sure the display_errors = On is set in your php.ini configuration file. Moreover, I personally prefer error_reporting = E_ALL & ~E_NOTICE as this provides even the small notices in your script. Likewise, you can use var_dump(), print_r(), and normal print()/echo() statements to ease your debugging process.

And, once you get familiar with PHP, I would recommend you to use some good IDEs with debugging support. I personally use Zend IDE (commercial IDE but there's lots of cracks out there) and its awesome. I guess there are other freely available tools that support debugging.

4
General discussion / Re: actuall security of the internet
« on: March 08, 2013, 08:14:47 am »
I am not a security guru but I would like to share my understanding on the subject matter.

If you are using http or other publicly known for being insecure protocols (such as ssh v.1), the ISP can easily dissect every packet from your network to ISP. Then, the job of ISP becomes way easier. Moreover, there are several attacks such as DNS cache poisoning, misconfiguration in ISP's equipments/setups that can be planted by outside hackers who can then intercept your packets.

If you are using TLS, then I would say you are quite safe unless either your browser trusted certificate is messed somehow or the attacker(s) have control over the Certificate Authority. Please note that SSL/TLS is nothing but an additional security layer for transmitting data. It allows only the two ends (source and destination) to see the data. However, it does not ensure other form of attacks in either the server or in your system. The use of TLS basically ensures two main things: it ensures that you are talking with the right machine at the other end, and it ensures that no one can eavesdrop and gain access to the data you are sending/receiving.

That is to say, the ISPs can at most gather what I would like to call meta-information about your packets such as source, destination, and amount of traffic, and nothing more. Hence, I find the possibility of reading your data to be thin. Of course, if you are more paranoid and can't trust your ISP, you could employ the encrypted tunnels/vpns to proxy all your traffics.

Btw, I don't think SSL has any such secret password thing. SSL is based on the public key cryptography and employs two asymmetric keys (Public and private keys). The idea here is that anything encrypted with a private key can only be decrypted by the public key and vice-versa.

5
Hacking and Security / Re: About Searching in BT5
« on: March 07, 2013, 10:15:35 am »
I guess this works: Fire up the terminal and type: "ubiquity" without quotes. Alternatively, if you wish to have your launcher back, right click and then create new launcher or something like that. You need to point the command as sh -c "ubiquity". The old install icon might not appear in this launcher but that's how the older icon worked behind the scene. Btw, if its Live one, could not you reboot and the icon would appear there...

6
Web Oriented Coding / Re: php backdoor ++
« on: February 21, 2013, 07:25:29 pm »
Quote from: jay755 on February 21, 2013, 09:33:24 am
Thanks for your input, I will send you a pm when I have some code so you can look at it if you want?

Well sir I'm out of reach from Internet for a while. PM me and I'll have a look on your script :)

7
Web Oriented Coding / Re: php backdoor ++
« on: February 19, 2013, 11:11:41 am »
Well I can't work together but I can surely give you some ideas that I have. First off, antivirii are dumb, chaning few streams (with all those IDEs, refactoring is an easy task) and adding/removing some data is enough to bypass most of the AVs I've seen.

Secondly, you know that you should use POST instead of GET so why not research on it? Its just like changing exec($_GET['cmd']); to exec($_POST['cmd']); (again refactoring can be employed here as well). Of course, you have to work on giving easier interface to process POST forms.

Moreover, most of the shells are likely to have the suspicious function calls such as eval(), system(), etc. These can be used to detect the presence of PHP based shells so there exist few methods to bypass such detections.

One idea is to use the php://input, which you can execute using the include() function. The data can be passed as POST data (check http://php.net/manual/en/wrappers.php.php ). From the PHP manual, php://input is a read-only stream that allows you to read raw data from the request body. In the case of POST requests, it is preferable to use php://input instead of $HTTP_RAW_POST_DATA as it does not depend on special php.ini directives. Hence you could exploit this feature to create undetectable web shells.

The other possibility is to pass both functions to be executed and argument to the function as the POST data and create the function call on the fly.

Yet other possibility is to hex edit some unsuspicious binary/image/mp3/etc file and insert the PHP backdoor in there. Your PHP script could then read the particular bytes from the binary file on the fly and execute them.

Just my ideas. If you didn't understand any, I am happy to write examples as well :)

8
Web Oriented Coding / Re: How to take over a computer with PHP
« on: February 18, 2013, 11:38:29 am »
Well if its the non-programming savvy person, you could even install the remote administration tools initially rather than doing through the PHP script later on. Plus you could add a hidden administrator account and setup the remote desktop connection to the computer.

Or you could hide the obfuscated PHP code somewhere in the file which your end user would access the most (eg. index.php). Something that would trigger based on some POST or COOKIE. Don't use GET (eg. index.php?shell=1 ) as the HTTP logs would keep the full URL with all the query parameters. Easy method would be to use COOKIE (eg. if COOKIE['shell'] is set, the shell access would be given to you).

9
Found it on the Webs / 1.8 GB of useful stuffs
« on: February 13, 2013, 04:43:48 pm »
Hey all,
I just found this one through google.

Consists of tools and documents and other files on hacking, cryptography, windows, linux, wordlists, etc.

http://cracking8hacking.com/cracking-hacking/

Regards,
DaNePaLI

10
Found it on the Webs / Re: js x86 emulator running linux
« on: February 09, 2013, 10:06:45 pm »
Respect!!!
Bellard is the guy who developed FFMPEG, QEMU, and TinyC Compiler. He is the one to develop LZEXE at the mere age of 17.

11
Hacking and Security / Re: Password Generator
« on: February 09, 2013, 08:38:02 pm »
Well I am not a good python coder so I might be wrong. But, I am curious why are you first appending the generated strings in the list and then writing each string from the list in the file. Why not just directly write the generated strings to the file, that would be probably be better optimization to this code.

And, appending very large number of data in the list is gonna result MemoryError sooner or later based on the memory available in the system. So you might want to avoid it as even the 4 character passwords are gonna be 94 * 94 * 94 * 94 strings (Btw, I forgot to mention I'm weak in Mathematics) in number which is still huge to be appended in the list when it is not absolutely necessary. If you code is gonna cause MemoryError for 4 letters strings, you will not be able to do anything much with this generator since most of the systems do not allow passwords shorter than 6 these days.

Btw, why are you missing the shebang line (I guess its the right term) at the top of your script. (#!/usr/bin/python3)

Below is the slight modification I made:

Code: [Select]
#!/usr/bin/python3
from itertools import product
import random
def pwdgen():
    location = input("""Where do you want to store the words generated? (File Location) (Please specify the directory with / rather than \)""")
    maxlen = int(input('How long should the words generated be?'))
    file = open(location, 'w')
    variable = ()
    while len(variable) <= maxlen:
        variable += (str(random.random()), )
    for variable in product(range(33, 127), repeat = maxlen):
        tstring = ''
        for i in range(0, maxlen):
            tstring += chr(variable[i])
        file.write(tstring + '\n')
        #plist.append(tstring)
    #file = open(location, 'w')
    file.close()
    return 'Done!'

pwdgen()

12
C - C++ / Re: Compiler for learning
« on: February 09, 2013, 05:58:26 pm »
Quote from: rasenove on February 09, 2013, 05:36:04 pm
Well, VS C++ Is both an ide and compiler. So what  do you suggest?
Well, I guess cl is still the command line tool for compilation in VS C++ so if you do cl /EHsc your_code.cpp, then that will be better. My point is, try to familiarize yourself with different flags the compilers back end leverage to you. Most often, the GUI tend to impose just the widely used flags and sometimes, you might need to use different other switches so I suggest to use CLIs when you're learning.

Once you are comfortable with the compilation options, you can then freely use the IDEs.

13
Science / Re: Maths with me guys...
« on: February 09, 2013, 05:46:21 pm »
Quote from: Kulverstukas on February 09, 2013, 05:41:46 pm
You put too many spaces out of excitement.
Lmfao. Exactly.

14
C - C++ / Re: Compiler for learning
« on: February 09, 2013, 05:09:11 pm »
Well if you are using Code::Block or VS12, you should know that they are IDEs, not the compilers. Think of them like a wrapper around the all those compilation processes your source code must go to get translated into the target machine code. I must say that if you are learning, do not use these IDEs. Well IDEs have their own benefits such as code profiling, refactoring, debugging front ends, intellisense, deployment mechanisms, etc. bundled within them. But, as you said, you are starting to learn C++, I would say, go for g++ (& I guess you can use g++ on Windows through Mingw or Cygwin). As for text editor, GNU Emacs or Vim should be more than enough. Notepad++ is also a great text editor. Though they don't provide the code completion features like the IDEs, this will help you keep information in your memory.

And, you must understand the difference between IDEs and Compilers so you should google the difference.

15
Scripting Languages / Re: user created variables
« on: February 05, 2013, 02:58:30 pm »
I don't quite understand you. So you want to build a house without bricks, stones, cements, and other basic things you must have if you need to make a practically usable home? Or what?

Anyway, if I understood you right, you can create an empty list & then append:

Code: [Select]
grades = []
and then, using the appropriate loop for you, you would then do:

[/code]grades.append()[/code]

Or you could use the array (I'm assuming you'll have float values here)

Code: [Select]
from array import array

grades = array('f')
print "Enter grades below(Once finished, enter N)"

while True:
        grade = raw_input()
        if grade == 'N' or grade == 'n':
                break;
        grades.append(int(grade))

for grade in grades:
        print grade

Btw, I'm not the good python coder so others might have something to contribute in this. & Sorry if I misunderstood your question (Its not quite understandable)

Pages: [1] 2