Archive

Archive for the ‘security’ Category

Easy Host Fake Win32

December 27th, 2008
No comments

Easy Host Fake Win32

Sometimes we want to redirect some host to another ip address, the quick option is edit the hosts file.

Well i made this tool to do that.

Java Desktop Application, needs Java RunTime:

Easy Host Fake Java Setup

Is my first Java desktop application on NetBeans

PHP5 script, needs Console Getopt Pear Package (getopt function don’t work on Windows, in the next php 5.3.0 could be)

need pear? run go-pear.bat on your php5 directory

c:\>pear install Console_Getopt

Windows Batch file:

:save this ehf.cmd on your %windir%
:set php-cli to your php.exe path
@set php-cli=c:\php5\php.exe
:set ehf script path
@set ehf=c:\develop\php\scripts\ehf.php
@%php-cli% %ehf% %1 %2 %3 %4

Script ehf.php:

 /* Script: Easy Host Fake
  * Author: Albertux (Alberto Isaac Ayala Esquivias)
  * WebSite: http://Albertux.AyalaSoft.com
  * FeedBack: <albertoi7@gmail.com>
  * License: GPLv3 (http://www.gnu.org/licenses/gpl.txt)
  * Note: you need Pear Package Console Getopt
  */
$ip_default = '127.0.0.1'; // default ip
$hosts_file = 'c:/windows/system32/drivers/etc/hosts'; // default hosts file
 
require_once 'Console/Getopt.php';
$options = Console_Getopt::getopt($_SERVER["argv"],"a:e:r:");
 
function about() {
echo "
Easy Host Fake (version 1.0.1) [2008-12-27]
 
Usage: ehf [OPTIONS]
 
Mandatory: \"-r\" or \"-e\" [host]
 
Options:
 
  -r [host] [redirect host to 127.0.0.1 (or other ip address)]
  -e [host] [erase host on hosts file]
  -a [ip address]
 
Examples:
 
  ewf -r google.com -a 192.168.1.1
  ewf -e google.com
 
More info [http://Albertux.AyalaSoft.com/2008/12/28/easy-host-fake-win32/]
";
}
 
function AddHost($host,$ip) {
	global $hosts_file;
	$handle = fopen($hosts_file,"a");
	fwrite($handle,"\r\n$ip\t$host\t# Easy Host Fake");
	fclose($handle);
}
 
function removeHost($host) {
	global $hosts_file;
	$handle = fopen($hosts_file, "r");
	$contents = fread($handle, filesize($hosts_file));
	fclose($handle);
	$pattern = '/\\r\\n(\d+)\.(\d+)\.(\d+)\.(\d+)\t'.$host.'\t# Easy Host Fake/';
	$replacement = "";
	$newcontents = preg_replace($pattern, $replacement, $contents);
	$handle = fopen($hosts_file,"w");
	fwrite($handle,$newcontents);
	fclose($handle);
}
 
function getValue($data,$var) {
	for ($i=0; $i<count($data[0]); $i++) {
		if ($var == $data[0][$i][0]) {
			break;
		}
	}
	return $data[0][$i][1];
}
 
if ($options->message) { about(); die(); }
 
$host = getValue($options,"r");
$ip = getValue($options,"a");
 
if (!$host) {
	$host = getValue($options,"e");
	if ($ip) { about(); die(); }
	if (!$host) { about(); die(); }
	removeHost($host); die();
}
 
if (!$host) { about(); die(); }
if (!$ip) { $ip = $ip_default; }
 
addHost($host,$ip);

Download php script + batch cmd

Note: on Windows Vista you need some permissions on hosts file, and remember all Web browsers use cache.

network, projects, security, web, windows , , ,

Tcl scripting and SQLite

December 24th, 2008
No comments

Tcl scripting and SQLite

Tcl tutorial
Download Tcl/Tk (source/binary)
SQLite API (tclsh)
Download SQlite (source/binary)
A simple example (taken from sqlite.org):

#!/usr/bin/tclsh
if {$argc!=2} {
  puts stderr "Usage: %s DATABASE SQL-STATEMENT"
  exit 1
}
load /usr/lib/tclsqlite3.so Sqlite3
sqlite3 db [lindex $argv 0]
db eval [lindex $argv 1] x {
  foreach v $x(*) {
    puts "$v = $x($v)"
  }
  puts ""
}
db close

database, develop, projects, security, windows ,

Fixing the Time

December 7th, 2008
No comments

Fixing the Time

function total(year) {
  var seconds = 365 * 24 * 60 * 60; //Normal Year;
  var plus = 24 * 60 * 60; // Leap year have one more day
  var leap = false;
  if ((year % 4 == 0 &amp;&amp; year % 100 != 0) || year % 400 == 0) leap = true;
  if (leap) seconds += plus;
  if (year == 1972) seconds += 2;
  if (year &gt; 1972 &amp;&amp; year &lt; 1980) seconds += 1;
  if (year &gt; 1980 &amp;&amp; year &lt; 1984) seconds += 1;
  if (year &gt; 1988 &amp;&amp; year &lt; 1991) seconds += 1;
  if (year &gt; 1991 &amp;&amp; year &lt; 1996) seconds += 1;
  if (year &gt; 1996 &amp;&amp; year &lt; 1999) seconds += 1;
  if (year == 1985 || year == 1987 || year == 2005 || year == 2008) seconds += 1;
  document.write('Year: '+year+', Total of secods: '+seconds+'
');
}
total(1972);
total(1975);
total(1980);
total(1981);
total(2004);
total(2005);
total(2006);
total(2007);
total(2008);
total(2009);

Result:

Year: 1972, Total of secods: 31622402

Year: 1975, Total of secods: 31536001

Year: 1980, Total of secods: 31622400

Year: 1981, Total of secods: 31536001

Year: 2004, Total of secods: 31622400

Year: 2005, Total of secods: 31536001

Year: 2006, Total of secods: 31536000

Year: 2007, Total of secods: 31536000

Year: 2008, Total of secods: 31622401

Year: 2009, Total of secods: 31536000

Leap Second (http://en.wikipedia.org/wiki/Leap_second)

Leap Years (http://en.wikipedia.org/wiki/Leap_year)

develop, security, web , , ,

Send Fake Mail

December 5th, 2008
No comments

Send Fake Mail

Remember is very posible the mail was arrived on Junk Box.

#!/usr/bin/perl
# Script: fakemail.pl, Version 1.0  [2008-12-04]
# Author: Albertux (Alberto Isaac Ayala Esquivias)
# Web Author: http://Albertux.AyalaSoft.com
# FeedBack:
# Description: Send fake mail.
# Licence: GPLv3
 
use strict;
use warnings;
 
# Chouse the host to connect on port 25
my $host='localhost'; 
 
# The vars
my @raw_data=;
my ($mail1, $mail2, $name1, $name2, $subject, $data );
 
print "Fake Mail: ";
chomp($mail1 = &lt;&gt;);
print "Destiny Mail: ";
chomp($mail2 = &lt;&gt;);
print "Fake Name: ";
chomp($name1 = &lt;&gt;);
print "Destiny Name: ";
chomp($name2 = &lt;&gt;);
print "Subject: ";
chomp($subject = &lt;&gt;);
print "Data: ";
chomp($data = &lt;&gt;);
 
foreach(@raw_data) {
	$_ =~ s/MAIL1/$mail1/g;
	$_ =~ s/MAIL2/$mail2/g;
	$_ =~ s/NAME1/$name1/g;
	$_ =~ s/NAME2/$name2/g;
	$_ =~ s/SUBJECT/$subject/g;
	$_ =~ s/DATA/$data/g;
	$_ =~ s/\\n/\n/g;
}
 
print "mail send.\n";
 
open(STDOUT, "| telnet ".$host." 25 &gt; /dev/null 2&gt;&amp;1");
foreach (@raw_data) {
	print STDOUT $_;
}
 
1;
 
__DATA__
mail from: MAIL1
rcpt to: MAIL2
data
From: NAME1
To: NAME2
Subject: SUBJECT
DATA
.
quit

develop, network, security ,

jugando con una IP

November 28th, 2008
1 comment

jugando con una IP

Me llegaron unos comentarios a mi Blog una persona me firmo como si tuviera un correo de otro pais, la otra persona se que su correo es de Mexico, pero ambos procedian de la misma IP, como la curiosidad mato al gato empeze a jugar con la IP donde habia recibido los mensajes.

Bueno para no hacer el cuento largo me meti al Router aqui dejo un screenshoot:

[2008-11-28]

Por lo visto el Router no lo han reiniciado sigo teniendo acceso a el ahora ando curiosando que opciones tiene el Router:

Aqui dejo la IP de Router: https://200.67.0.184/

Saludos

network, personal, security

PHP Access Control List (ACL)

November 13th, 2008
No comments

PHP Access Control List (ACL)

I made this Access Control List for Functions:

2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

// Author Albertux (Alberto Isaac Ayala Esquivias)
// E-mail: albertoi7@gmail.com
// Web: http://albertux.ayalasoft.com
// Class: Access Control List
 
class ACL {
	public $functions;
 
	public function acl_function($function,$status) {
		if (function_exists($function)) {
			if($status==0) {
				$this->functions[$function]=0;
			} else {
				$this->functions[$function]=1;
			}
		}
	}
 
	public function acl_methods_class($class,$value) {
		$class_methods = get_class_methods($class);
		foreach ($class_methods as $method_name) {
			$this->functions[$class.'::'.$method_name]=$value;
		}
	}
 
	public function acl_functions($functions) {
		foreach($functions as $function => $value) {
			$this->functions[$function]=$value;
		}
	}
 
	public function execute($function,$params=NULL)  {
		$output='';  
		if($this->functions[$function]==1) {
				$output = call_user_func_array($function, $params);
			} 
		return $output;
	}
}

HOWTO use:

$ACL = new ACL();
 
// Array Functions, 0 = don't execute, 1 = execute
$functions = array ("somefunction" => 0, "otherfunction" => 0, "anotherfunction" => 1);
 
// Add functions on ACL
$ACL->acl_functions($functions);
 
$params = array("param 1", "param 2", "param 3");
$ACL->execute('somefunction',$params); // don't execute because on functions array 'somefunction ' => 0
 
// Add or modify function access
$ACL->acl_function('somefunction',1);
$ACL->execute('somefunction',$params); // execute, now 'somefunction' => 1
 
// Put the functions of the class 
$ACL->acl_methods_class('SomeClass',1);
 
// Execute a method from class
$ACL->execute('SomeClass::demo', $params);

develop, security

Saturday Morning Hacking

November 8th, 2008
No comments

Saturday Morning Hacking

Este sabado en la mañana (madrugada para mi) acompañe a mi tia a un curso de RNA (Redes Neuronales Artificiales) aplicadas a la valuacion (mi tia es Arquitecta)

Me meti a un ruter AirLink101 (pesimo password: admin) aburrido un poco empeze a jugar con la pagina de AINetSolutions, despues de un tiempo consegui el usuario y password de MySQL.

Aqui un screenshoot:

No modifique nada, solo estuve de observador.

Saludos a toda la raza del MHT, recordando viejas costumbres este dia.

Les mande un correo a los de AINetSolutions espero no se molesten por publicarlo en mi Blog.

Como medidas de seguridad siempre cambien el password del ruter nunca dejen el password que viene por defecto, de preferencia no utilizen conexiones remotas de MySQL o si las requieren utilizen un filtro de IP.

database, network, personal, security, web ,