Saturday, 24 December 2011

Hiding Information In Text Files Using Notepad [Windows]

Hi everybody, I had long ago read about hiding information inside text files using notepad and today I suddenly remembered while doing some other task. So I am sharing this little trick of hiding information inside the text file using notepad.

Open command prompt (Run-> Cmd) and then navigate to the directory (using cd command) where you want to save your text file. Now, type the following command:

notepad file.txt:mypassword


Replace filename part and password with yours as shown in the screenshot above and then you will be asked if you wish to create a new file or not(See the screenshot below) and then click on Yes to create the file.



Now enter your secret information in the file and save the file. Close the file and if you need to access the contents later, you will have to use the exact command you used while creating the file. If you or someone else edits your file without giving the password, your original hidden content will not be erased and you can still access the content with your original command.

I hope this trick is new for you. :)


Read more...

Thursday, 22 December 2011

First Thing To Try When Encountered An Odd Error In Eclipse

Hi everybody, this is always worth trying when you encounter some unknown and odd error while developing applications with Eclipse IDE. You may encounter errors even though every line of your code is syntactically correct and still you can't find what exactly is the error. Sometimes you might spend hours trying to find error but actually there might be no error in your application.

To clean the current project in Eclipse, go to Project -> Clean and it will clean all the compiled stuffs and will give you a fresh start for the compilation. Keep in mind this little trick and you might find useful several times while you are working on Eclipse.


Read more...

Very Simple PHP Obfuscator Tool From Techgaun

Hi everybody, I've coded a very small snippet of code that will perform very basic PHP obfuscation so that programmers can protect their code from non-programmers. The obfuscation is by no means the advanced one and easily reversible. Only purpose is to prevent script kiddies and leechers from taking away your source code and distributing those as theirs.

Click here to access the PHP Obfuscator.

I hope it becomes useful sometimes. :)


Read more...

Sunday, 18 December 2011

Copying Files From Remote Server Using SCP In Linux

Hi everybody, sometimes you need to copy files from remote server and only thing you have access to might be SSh. If you can access remote server via SSh, then you can copy files from the remote server using scp(secure file copy). This short tip will help you copy files from remote server using scp.

Scp is remote secure file copy program that makes use of SSh for the data transfer and uses the SSh authentication. The general syntax is as below:

scp -P ssh_port user@server:remote_file_path local_file_path

Following was the command I used to copy a file from remote server to my computer. It will then ask for the password for the corresponding user before you can copy the file.

scp -P 222 netadmin@192.168.0.1:/home/kubh/Desktop/torrent_trackers_list.txt /samar/torrent_trackers.txt

Also, there are GUIs for this purpose as well such as WinSCP for windows and Krusader file manager and gftp for linux distros. GUI would make things easier but still I am used to with command lines and I hope you are as well.

I hope this helps. :)

Edit(Dec 19): Paths with whitespaces must be escaped with \ character. An example of this is as below:

samar@Techgaun:~$ scp -P 222 "netadmin@192.168.0.1:/home/netadmin/Downloads/Hostel\ Part\ III\ \(2011\)\ DVDRip\ 400MB/HOST.DVD_urgrove.com.mkv.002" /samar/Moviez/Hostel1.mkv.002

Read more...

Saturday, 17 December 2011

Download Good List of Torrent Trackers

I have uploaded a text file containing many torrent tracker URLs. Number of seeders might increase if we have more torrent trackers for the torrent file we are downloading. This post will help you how to add those trackers; I had written that post specifically for utorrent however the process will be similar for other torrent clients.

Download Torrent Tracker List


Read more...

Friday, 16 December 2011

Useful Aliases To Make Things Easier In Linux

In this post we will see some of the useful aliases that I have made to work faster while I'm working in my system. From that, you can figure out such useful aliases for yourself. With this little customization, you will find so much ease and speed in doing different tasks you need to perform repeatedly.


Either you are a regular linux user or system administrator or tech-geek, you will want to make use of alias to makes several things shorter and easier.

Temporary aliases can be created using the alias command in the terminal. So to test the aliases I've posted below, you can type them in the terminal to see the effect temporarily. If you want to make aliases permanent, you can edit ~/.bashrc file and add those aliases inside this file. Even better, to separate aliases from the .bashrc file, you can put all your aliases by creating a new file ~/.bash_aliases and paste all your aliases in this file. Either way, you'll achieve the permanent aliases for yourself and you'll be finding things going easy and fast for you.

Quick Directory Jumps

alias www='cd /opt/lampp/htdocs/' #Navigating to my web root using www command(actually alias)
alias moviez='cd /samar/data/gallery/movies/' #Navigating to my movies folder by typing moviez

Getting out from deep directory structure

alias cd1='cd ..'
alias cd2='cd ../..'
alias cd3='cd ../../..'
alias cd4='cd ../../../..'
alias cd5='cd ../../../../..'
alias cd6='cd ../../../../../..'


The above aliases can help you while you are inside deep directory structure and want to get out to certain outer level in the same structure.

Shortcuts To Frequently Used Commands

alias runlampp='sudo /opt/lampp/lampp start' #run lampp server bundle
alias stoplampp='sudo /opt/lampp/lampp start' #stop lampp server bundle
alias checkmail='grep -in "Subject:" /var/mail/$USER' #overview of mail
alias myserverlogin='ssh netadmin@192.168.0.1 -p 222 -X' #ssh login to server
alias rootnaut='sudo nautilus /' #open root nautilus file explorer

With this post, what I would like to say is that there is no limit in making these aliases, eventually you will find the necessary aliases for yourself. If you have any other useful general purpose aliases, please feel free to share as the comment.

Read more...

Fast Switching To Previous Directory In Linux Terminal

I had a scenario in which I had to switch between two directories frequently while I was working on the remote server over SSh. Typing the directory paths frequently was getting so tedious that I had to know some way to switch between two directories with a single short command. Here is a small tip that will be useful in such cases.

I am presenting my scenario and you'll be able to adapt with your own scenario. So following are two directories I keep on working always.

/opt/lampp/htdocs/
and
~/gateway/bandMan/

So I have the scenario something like below.

cd /opt/lampp/htdocs/

I cd to the first directory with the command above and then perform series of numerous commands and then suddenly I've to go back to the second directory. And I do so by following command:

cd ~/gateway/bandMan/

Again, after changing the directory, I perform several commands and after finishing my tasks on this folder, I need to switch back to previous directory. And I type the following command:

cd -

How it works
This information is for the tech enthusiasts who like to know how it works. When I navigate to another directory from the shell for the first time, a new environment variable OLDPWD is set which stores the path for previous directory before the last cd command was executed. Now what cd - does is switch to the path that OLDPWD variable is storing. If OLDPWD is empty, you will see the "bash: cd: OLDPWD not set" error.

Isn't it so simple? I hope you like this small tip. :)


Read more...

Tuesday, 13 December 2011

Art of hacking 3 - spyd3rm4n's guide to hacking

This series of articles can be very useful for many beginners out there but after the thedefaced and darkmindz went down, I haven't really seen these articles anywhere else. So I thought to share this article over here. Its NOT written by me and I would like to provide the full credit to the original author as well.

Previous articles:
Part 1

Part 2


spyd3rm4n's guide to XSS Injection

Part 3

[0x01] XSS_Definition
[0x02] Pen-Testing
[0x03] Common Fields
[0x04] Escaping_BB_Code
[0x05] Image_XSS


Sub XSS_Defnition{

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting was originally referred to as CSS, although this usage has been largely discontinued.

-Taken from Wikipedia Wikipedia if you want to read more.
}

Sub Pen-Testing{

Pen-Testing, short for Penetration Testing. Pen-testing with XSS can be very easy, or very hard. It depends on the person doing this. Some common queries when pen-testing a field can include but are not limited to:

<script>alert(1)</script>
<script language="javascript">alert(1)</script>
<script src="http://site.com/evil.js">
<img src="http://site.com/evil.js">


A great site to find some of the most useful queries it http://ha.ckers.org/xss.html

Now, once you've tested the fields, if the following page returned contains any sort of popup/javascript. You know it's vulnerable.

}

Sub Common_Fields{

Some of the most common fields that I have noticed are search fields. These will most likely return the following page showing the input.

Example: I search for "Orson Wells" and the page returned: 0 Results for query "Orson Wells" or something of that sort.

There are simple ways to get around this, since I am a php coder, my favorite way is the htmlentities(), you can also use strip_tags().

Some other search engines might not show what you searched for on the page itself, but in the field, the value is still there.

If this is the case, you can search for '"/></>[XSS]

this should escape the html field value, if it is not sanitized correctly and execute the [XSS] on the page.

Basically, any field that asks for user input that is either POST or GET and is in the source of the following page, can be cross-site scripted if not properly sanitized.

}

Sub Escaping_BB_Code{

This is one of my favorite ways to XSS a site. Some people decide to create their own BB code or use on that is poorly sanitized. This can be very easy to exploit.

Let's say there is an option to make my font red using hte [font color="red"] BB code.

Well, if I post a message with [font color="red"]hi[/font] and I look at the next page's source code, I see <font color="red">hi</font>,

I will re-post using

[font color="red"></font><script>alert(/hi/)</script>]hi[/font]

And if it is poorly sanitized, the page following it would contain an alert box saying /hi/.



There are so many different ways to escape BB code it is almost too easy. Some other sites have [IMG]. This one can be easy also.

[IMG]http://site.com/image"></><script src=http://site.com/evil.js>[/IMG]

would have

<img src="http://site.com/image"></><script src=http://site.com/evil.js>

}

Sub Image_XSS{

This is probably the best discovery to XSS since, whenever. With this, you can place javascript inside an image and have it execute in Internet Explorer.

Reffer to: http://milw0rm.com/video/watch.php?id=58

}


Read more...