DenverAlexander Banner Logo

HomeProjectsVideosDownloadsNotesAffiliatesContact Me


Change vncserver's listening port.
Posted on 05-16-08

This one is pretty simple but it was hard to find.

I found a good tutorial on using the vncserver tool inside linux and it even covered initiating a proper desktop one your in using startkde or startx. One thing that I couldn't find was how to manually set the listening port for vncserver.

I looked all over and I couldn't find a straight answer. Finally, I found this.

vncserver -rfbport PORTNUMBER

example: vncserver -rfbport 6700

Again, this is pretty simple but it was hard to find. It isn't even mentioned in the man page.



Dot11Radio is reset?
Posted on 05-09-08

While playing with a Cisco Aironet 1200 access point in the lab recently, i ran into a problem.

dot11radio is reset

Dot11Radio0 is reset

Reset? It isn't up, and it isn't down. Well, it doesn't work so its pretty much down. It just threw me because I have never seen a "reset" interface status.

Long story short, while messing around I had entered the "mbssid" command within the radio's interface config mode.

mbssid

 This put the interface status into reset mode. "no shutdown" wouldn't even bring the interface up, which makes sense. I never administratively shut the interface down. It was a configuration error. Anyways, after playing around for a while and seeing similar problems online, without solution, i realized what i had done and reversed it.

no mbssid

"no mbssid" within radio interface config was my solution.

There may be other problems which may cause a reset status, but this was mine. Try my solution, it might work for you also.



Common Interface Throughput Rates
Posted on 03-28-08

To everyone who confuses 1Mb and 1MB, and everybody who expects a 100MB movie clip to transfer in one second over a 100Mb LAN link .... this one is for you.


It is fundamentally important to understand the difference between the little b and big B. This article is a pretty good rundown of interface types and what their advertised speeds are compared to their actual real world speeds. The article kind of has a mac flavor but once you get past that, the numbers and charts are quite interesting.



Inside the Mac OS X Kernel
Posted on 03-18-08

This is something that I just found today and I thought it was extremely interesting. It is a low level review of the architecture of Mac OS X. If focuses primarily on the components of the kernel, and some of the misconceptions surrounding Mac OS X and what it is composed of. It gets pretty geeky, but if your into that kind of thing, I would recommend checking it out. It actually answered a lot of questions that i had. The video is about 45 minutes long.

Direct link: http://chaosradio.ccc.de/24c3_m4v_2303.html

Download the Movie (158 MB : MP4) : Inside the Mac OS X Kernel



Breaking out of a chroot jail
Posted on 12-07-07

This is a vulnerability that I see so much that I decided to write about it. Now there are a lot of ‘ifs’ that must be in place for this to work, but it’s not uncommon to see this scenario in the wild. Its also very simple and probably a no brainer to anybody with experience with php, but its an often overlooked backdoor to may web servers.

For those who don’t know, a chroot is a way of containing a Linux/Unix user to a "virtual file system" which is a branch off of the main directory tree. It’s mainly used to contain users to their own little environment and not allow them to see the real system behind the scenes. It’s sometimes used to give students a Linux environment to play with or to give each user on a system their own web space. In the latter example users usually place their web content in a folder commonly named public_html.

Here is where it gets a little more technical. It is often easy to break out of this container with a little bit of knowhow and some php code. Here we are assuming that the system’s administrator allows php code to execute from within user directories, most do.

Ok, at this point it’s important that you understand a little bit about the Linux file system structure and some basic php commands. If you don’t then you may want to follow these links and then come back.

PHP: http://us3.php.net/tut.php

Linux: http://geek2live.blogspot.com/2007/09/linux-file-structure.html

          http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/index.html

Ok, first I will tell you how this is done, and then how and why it works. You need to create a php file in your home directory. For this example we can call it

explore.php and it should contain:

php script system whoami

Many of you will already know the ‘whoami’ command. It simply returns the name of the user which executed it. This is an important starting point because if you were to run this command from within your jail it would return your user name. Not too exciting. But, if you navigate to your explore.php page in a web browser it should display something other than your username. You will probably see something like "apache" or maybe "www-data". It should return the name of user that belongs to the web service. Now we’re in. We can execute commands in the "real" environment and that means we can read configuration, read unrendered php code and just explore in general. Hence the name J.

You can play around now and throw anything into the command string to see what comes out.

system('ls –l /etc'); is a good one.

The web service takes php from all over the system and creates content so it has to, by nature, see the entire directory structure. With that said, a properly configured system wouldn’t have these problems, and even if it did, the damage you could do would be minimized. You can often find interesting things lying around the web directory including site backups and password in CLEAR TEXT!

system('ls /var/www/html'); can sometimes yield something fun.

This is where I will stop because this isn’t meant to be a tutorial on doing anything illegal and I don’t advocate doing this where you aren’t supposed to. This is meant to be educational ONLY and very much AT YOUR OWN RISK. At this point you are into the main directory and you can execute commands that any average user would be able to run. Have fun.



C++ skipping cin statements?
Posted on 12-05-07

cin : takes input until RETURN or a space.

cin.get : same as cin, except it accepts spaces and can be limited (extracts one character by default)

       cin.get( input, 15 );

cin.getline : similar to cin.get except getline removes the terminating character from the buffer, get() does not.

I'm sure there are other similarities and differences between these functions but these are the primary ones that you should know if you decide to use any of them.

Any introductory course to C++ programming will introduce these functions and while helping my friend with a programming assignment I came across what turned out to be a common beginner problem. I often had an issue where one cin or get or getline statement would be effectively skipped. Code such as:

cin >> inputname;
cout << “Input name: “ << inputname;

would sometimes result in cout displaying "input name:" since it skipped the input line.

Anyways, after researching this problem I found that this happened when previous cin statements left rogue return characters (or other junk) in the stream. After having mixed results with cin.ignore() which seems to be the common forums remedy, I found this. cin.sync()

cin.sync() : “Synchronizes the buffer associated with the stream to its controlled input sequence. This effectively means that the unread characters in the buffer are discarded.

So far this is the best remedy that I have found to this problem as it is a way to clear the stream and sort of “start fresh” with a clear stream which input statements expect. Again, cin.ignore() by default removes one character from your input stream but it is ineffective if there is more than one character clogging the stream. Short of ignore() in a while loop, cin.sync() is your best bet.



A Simple Linux Backup Script
Posted on 12-01-07

This is actually a bash script that i wrote for my linux class which is why it is so heavily commented. It takes a directory (my web directory) and tar and compresses it.

It leaves a copy in the directory you are when you run the script, and it sends another copy to a remote server via SCP. In my case, the offsite backup is kept on my friend's server. The script won't even ask for a password if you have a trusted key relationship setup, which helps with automating the script with cron.

It's not elaborate, and it has no email functionality but it does leave a log of operations in a defined log directory.

There are 5 variables that you must first configure.

BACKUPDIR : The path to your folder to backup without trailing '/'.
LOGDIR : Where to keep the logs WITH trailing '/'
LOGNAME : The format for the filename of the logs
SAVEFILE : The format for the filename of the backup
REMOTEBACKUPDUMP : The string for SCP, USER@SERVER:/DIRECTORY

after that is setup, your ready to go.

[User1@MyServer Backups]# sh backupscript.sh

You can download a copy of my script here

a simple linux backup script with offsite backup

Home Projects Videos Downloads Notes Affiliates Contact
39
      W3C 4.01 Transitional Validation Badge