Archive for August, 2010
August 28th, 2010
Winodws 7 includes many new keyboard accelerator keys that make it easier to work with menus and other commands.
Normally, the keyboard shortcuts to activate the command are listed along with command in the programs’ menus (typically a letter is underlined to indicate that it can be activated by pressing the combination of Alt key with the underlined key). Some are not listed and hidden though.
Here’s the full list of Windows 7 keyboard shortcuts or accelerator hotkeys available on the operating system level and also for several built-in application programs in Windows 7, as published by Microsoft. Read the rest of this entry »
August 27th, 2010
Network security is a completely changing area; new devices like IDS (Intrusion
Detection systems), IPS (Intrusion Prevention systems), and Honeypots are modifying the
way people think about security. Companies are spending thousand of dollars on new
security devices, but forgetting the basic, the first line of defense: the border router.
Although a lot of people may think that routers don’t need to be protect, they are
completely wrong. A lot of secure problems appear all time against this kind of device
and most of them are vulnerable. Read the rest of this entry »
August 13th, 2010
August 11th, 2010
Many people go online on internet via a wifi routers and typically only the computer directly connected to the device can interrogate it for ID information. But bad news guys because Google location data can be used to pinpoint exactly where you live 🙁
Google database created when its cars were carrying out surveys for its Street View service.
The data gathered by Google’s Street View cars
This database links Mac addresses of routers with GPS co-ordinates to help locate them. It can be use to identify someone’s location to within a few meters.
Now the actual issue:
This pin point location can be gathered by some crafted web page without asking your permissions which is possible with bug in most of the wifi routers and it is using Firefox location sharing.
1) Click here to Enter your Wifi Router MAC address and see where you are.
2) Click here to open java applet, collect that information for you and display your location. (not working. I am working on it)
3) Click here Firefox will ask your location.
Sources:
http://www.bbc.co.uk
http://www.computerworld.com
http://www.itworld.com
August 11th, 2010
Lost MySQL root password Recovery
/etc/init.d/mysql stop
mysqld_safe --skip-grant-tables &
This stops MySQL and reloads it without the authentication (grant) tables, so we can connect to MySQL without a password. Beware this locks out all of your applications until the password reset process is completed. Now we need to go in an reset the password
su -
mysql -u root -p
It will prompt you for a password, just hit enter. You should now be inside the MySQL terminal and ready to change the root password:
update user set password=PASSWORD(”NEW-PASSWORD”) where User=’root’;
Of course, replace NEW-PASSWORD with your chosen root password. Now all that remains is to restart MySQL in the normal manner in order for it to pick up the authentication tables correctly and let your customers and applications back in
# /etc/init.d/mysql stop
# /etc/init.d/mysql start
August 11th, 2010
#!/usr/local/bin/perl
use Socket;
$src_host = $ARGV[0]; # The source IP/Hostname
$src_port = $ARGV[1]; # The Source Port
$dst_host = $ARGV[2]; # The Destination IP/Hostname
$dst_port = $ARGV[3]; # The Destination Port.
if(!defined $src_host or !defined $src_port or !defined $dst_host or !defined $dst_port) {
print "Usage: $0 <source host> <source port> <dest host> <dest port>\n";
exit;
}
else {
main();
}
sub main {
my $src_host = (gethostbyname($src_host))[4];
my $dst_host = (gethostbyname($dst_host))[4];
socket(RAW, AF_INET, SOCK_RAW, 255) || die $!;
setsockopt(RAW, 0, 1, 1);
my ($packet) = makeheaders($src_host, $src_port, $dst_host, $dst_port);
my ($destination) = pack('Sna4x8', AF_INET, $dst_port, $dst_host);
send(RAW,$packet,0,$destination);
}
sub makeheaders {
local($src_host,$src_port,$dst_host,$dst_port) = @_;
my $zero_cksum = 0;
# Lets construct the TCP half
my $tcp_proto = 6;
my ($tcp_len) = 20;
my $syn = 13456;
my $ack = 0;
my $tcp_headerlen = "5";
my $tcp_reserved = 0;
my $tcp_head_reserved = $tcp_headerlen .
$tcp_reserved;
my $tcp_urg = 0; # Flag bits
my $tcp_ack = 0; # eh no
my $tcp_psh = 0; # eh no
my $tcp_rst = 0; # eh no
my $tcp_syn = 1; # yeah lets make a connexion! :)
my $tcp_fin = 0;
my $null = 0;
my $tcp_win = 124;
my $tcp_urg_ptr = 0;
my $tcp_all = $null . $null .
$tcp_urg . $tcp_ack .
$tcp_psh . $tcp_rst .
$tcp_syn . $tcp_fin ;
# In order to calculate the TCP checksum we have
# to create a fake tcp header, hence why we did
# all this stuff :) Stevens called it psuedo headers :)
my ($tcp_pseudo) = pack('a4a4CCnnnNNH2B8nvn',
$tcp_len,$src_port,$dst_port,$syn,$ack,
$tcp_head_reserved,$tcp_all,$tcp_win,$null,$tcp_urg_ptr);
my ($tcp_checksum) = &checksum($tcp_pseudo);
# Now lets construct the IP packet
my $ip_ver = 4;
my $ip_len = 5;
my $ip_ver_len = $ip_ver . $ip_len;
my $ip_tos = 00;
my ($ip_tot_len) = $tcp_len + 20;
my $ip_frag_id = 19245;
my $ip_frag_flag = "010";
my $ip_frag_oset = "0000000000000";
my $ip_fl_fr = $ip_frag_flag . $ip_frag_oset;
my $ip_ttl = 30;
# Lets pack this baby and ship it on out!
my ($pkt) = pack('H2H2nnB16C2na4a4nnNNH2B8nvn',
$ip_ver_len,$ip_tos,$ip_tot_len,$ip_frag_id,
$ip_fl_fr,$ip_ttl,$tcp_proto,$zero_cksum,$src_host,
$dst_host,$src_port,$dst_port,$syn,$ack,$tcp_head_reserved,
$tcp_all,$tcp_win,$tcp_checksum,$tcp_urg_ptr);
return $pkt;
}
sub checksum {
# This of course is a blatent rip from _the_ GOD,
# W. Richard Stevens.
my ($msg) = @_;
my ($len_msg,$num_short,$short,$chk);
$len_msg = length($msg);
$num_short = $len_msg / 2;
$chk = 0;
foreach $short (unpack("S$num_short", $msg)) {
$chk += $short;
}
$chk += unpack("C", substr($msg, $len_msg - 1, 1)) if $len_msg % 2;
$chk = ($chk >> 16) + ($chk & 0xffff);
return(~(($chk >> 16) + $chk) & 0xffff);
}