Recursively finding strings in files

Posted by & filed under Linux, Server Admin.

For example, if you wanted to scan all files in the current directory, and all sub directories for any calls to base64_decode, you could do something like this: find . -type f -exec grep -A 2 -B 2 -H -i -n “base64_decode” {} + > resultb64.txt find all files, then execute grep on them, printing… Read more »

T-SQL: Quickly Clone a Table

Posted by & filed under Code Snippets, Programming.

To quickly and easily clone a table using T-SQL, the following is useful: SELECT * INTO [Schema].[dbo].[destination_table] FROM [Schema].[dbo].[source_table] This will create the destination table and copy all source columns and data into it.

Apache Scalp fixed XML file

Posted by & filed under Server Admin.

Needed to audit some apache logs, installed scalp, grabbed the XML, and it promptly puked: web@web:~/apache-scalp$ python scalp-0.4.py –log /var/log/apache2/access.log Loading XML file ‘default_filter.xml’… The rule ‘(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w\s+like\s+\”)|(?:like\s*”\%)|(?:”\s*like\W*[“\d])|(?:”\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:”\s*\*\s*\w+\W+”)|(?:”\s*[^?\w\s=.,;)(]+\s*[(@”]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,”-]+from)|(?:find_in_set\s*\()’ cannot be compiled properly Seems there is some issue with the regex in the XML file. I found this handy thread which outlines the fixes: code.google.com/p/apache-scalp/issues/de… and… Read more »

Troubleshooting OLE DB Connections

Posted by & filed under Programming.

I was encountering database connectivity issues via a application we are running. This was a new MSSQL database we had never connected to, so there were a lot of questions as to where the connectivity issue may lie. Installed SQL Server Management Studio, and made a connection tot he new database server from there. It… Read more »

BASH: Copy files recursively, excluding directories

Posted by & filed under Linux, Server Admin.

Scenario: Folder /public_html looks like this: /public_html assets/ dev/ dev2/ code/ images/ css/ index.php I need to clone all the files and folders (with a couple of exceptions) in this directory into the /public_html/dev folder. We need to exclude the dev/ folder as it is the destination, and also want to exclude the dev2/ folder…. Read more »

OAuth Security Cheatsheet

Posted by & filed under Programming, Security, Software.

This document aims to describe common OAuth/Single Sign On/OpenID-related vulnerabilities. Many cross-site interactions are vulnerable to different kinds of leakings and hijackings. Both hackers and developers can benefit from reading it. OAuth is a critical functionality. It is responsible for access to sensitive user data, authentication and authorization. Poorly implemented OAuth is a reliable way to… Read more »

Microsoft Wildcard DNS Entries

Posted by & filed under Uncategorized.

Here is some data I have accumulated on creating wildcard DNS entries in Microsoft DNS:   Setting Up Wildcard DNS and Wildcard SSL – http://technet.microsoft.com/en-us/library/cc750429.aspx Explanation of DNS Wildcards – http://support.microsoft.com/kb/193844 Wildcard DNS and SSL setup: http://support.microsoft.com/kb/840687   Enter DNS entry in Windows Server 2003 Click Start, click Control Panel, click Administrative Tools,and then click DNS. On the… Read more »

Bosch LSU4 Sources

Posted by & filed under Automotive, EFI Tuning, HP Tuners.

Occasionally a WB02 sensor fails, this is a handy chart to replace it. Fully compatible with the Innovate LM1, LM2, and any other wideband controller that uses the LSU4 sensor. The standard LSU4 wideband sensor can be found as: Bosch Part Number Vehicle Part number extra info 0 258 007 033 Volvo 2000 C70, 2.3… Read more »

Apache key and cert generation

Posted by & filed under Server Admin.

Here’s a nice one liner to generate a private key and csr: openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr Generates the key and the csr in one shot.

WordPress Warnings

Posted by & filed under PHP, Programming, Web Development.

I recently updated some webservers to use PHP 5.4 from 5.3. For a few WordPress sites, this caused it to begin spitting out Warning messages on the website. The warning messages in some cases caused other issues because response headers were already written due to the error, etc. While the real solution here is to… Read more »

Survive the Deep End: PHP Security

Posted by & filed under PHP, Programming, Security.

As every target of a serious security breach will quickly note in their press releases and websites: Security is very important to them and take it very seriously. Taking this sentiment to heart before you learn it the hard way is recommended. Survive the Deep End: PHP security covers most of the major concepts that… Read more »

oclHashCat

Posted by & filed under Numbers, Programming, Security.

I was doing some webapp security audits and needed to use hashcat to attack a few hashes. Definitely a must have when dealing with hashes of any kind. Worlds fastest password cracker Worlds first and only GPGPU based rule engine Free Multi-GPU (up to 128 gpus) Multi-Hash (up to 15 million hashes) Multi-OS (Linux &… Read more »

Excel: Joining worksheet columns with vlookup()

Posted by & filed under Code Snippets, Programming.

Excel fun time! Today I had a rather large worksheet that had a column with a unique identifier. I had another worksheet with a matching column of UID’s and a second column that I wanted to “join” to the first worksheet. vlookup() is the function for the job. =VLOOKUP($A1,NamedRange,2,FALSE)  Parameter 1 is the column on… Read more »