Computers, Programming, Technology, Music, Literature

Gimmick free Fuck from Google translate

leave a comment »

 

I have been working on a Dutch software for quite sometime now. A few of those source code translation worries lead to write TranslateMaid for Visual Studio. However on a day to day basis, we spend a lot of time on the web pages and documents. http://translate.google.com/ is always open at one of our browser tabs.

All of a sudden one day when we tried to translate Resterend budget per afdeling what we got is Rest Fuck budget per department. See it for yourself below. I don’t really know where the Rest Fuck came from. Some developer put in in there or the translation service was perplexed by itself.

 

Screenshot_031314_095150_PM

 

However the Microsoft translator service was pretty ingenue in this case. It actually gave the correct translation.

Screenshot_031314_100936_PM

You may also like Gimmick free Freebie from Microsoft Translator Preview service.

Written by gmaran23

March 13, 2014 at 10:28 pm

Access Control through ASP.Net MVC Custom Action Filters

leave a comment »

 

A slightly different version of this article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/access-control-through-asp-net-mvc-custom-action-filters/

HttpModule being the gatekeeper ASP.Net, one level down is the Action Filters for ASP.Net MVC. While managing large scale applications, it would not always seem very rational to create new Controllers for every functionality sometimes. You may also want to restrict access to specific controllers or specific action methods, and if you worked it through you would end up with a code snipped like below. An if else condition everywhere you wanted access control.

        [HttpGet]
        public ActionResult CustomizeEmails()
        {
            if (Context.Login.IsAdministrator)
            {
                var viewModel = new CustomizeEmailViewModel();
                return View(viewModel);
            }
            else
            {
                return AccessDeniedView();
            }
        }

        [HttpGet]
        public ActionResult CustomizeUserHomePage()
        {
            if (Context.Login.IsAdministrator)
            {
                var viewModel = new CustomizeUserHomePageViewModel();
                return View(viewModel);
            }
            else
            {
                return AccessDeniedView();
            }
        }


Which is obviously redundant and does not reflect on code reusability principle. So you may choose to create a custom HttpModule for access control during the initial ASP.Net request pipeline, of if that is not a possible solution in your case (or like the one above in ASP.Net MVC), then you must be looking at building a custom action filter. Once you have that in place, you could decorate your required action methods with your access control custom filter, or the entire controller, or as a global action filter (post ASP.Net MVC 3) so that the action filter would get invoked on every controller in the application.

Below is the code snippet showing the bare minimal implementation of a custom action filter for access control. In case the current request does not come from an Administrator, then it redirects him to an AccessDenied action method in the CompanyController.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace WebClient.Filters
{
    public class AdminOnlyAction : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            //Cast the filterContext.Controller to the controller that has the access control information 
            //In my case it happened to be a BaseController
            var baseController = ((BaseController)filterContext.Controller);

            if (!baseController.Context.Login.IsAdministrator)
            {
                filterContext
                    .HttpContext
                    .Response
                    .RedirectToRoute(new { controller = "Company", action = "AccessDenied" });
            }

            base.OnActionExecuting(filterContext);
        }
    }
}

 

The if else statements in the first snippets would take a little more elegant, and neat form.

        [HttpGet]
        [AdminOnlyAction]
        public ActionResult CustomizeEmails()
        {
                var viewModel = new CustomizeEmailViewModel();
                return View(viewModel);
        }

        [HttpGet]
        [AdminOnlyAction]
        public ActionResult CustomizeUserHomePage()
        {
                var viewModel = new CustomizeUserHomePageViewModel();
                return View(viewModel);
        }


Thus you would have a simple, elegant, and powerful access control mechanism via a custom action filter. If you like this kind of cleanliness in non MVC projects, please take a look at POSTSHARP as well.

Written by gmaran23

March 12, 2014 at 8:11 pm

Devouring Security: Sql injection exploitation and prevention part 2

leave a comment »

TSQL: Enable or Disable all triggers in a database

leave a comment »

This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/tsql-enable-or-disable-all-triggers-in-a-database/

Problem statement:

You are doing a lot of data fix for a corrupted database, but then when you are executing your ‘salvage script’ to restore the lost/corrupted data, amongst the events that get executed during a DML statement execution, triggers are one one of them. Sometimes you may find the triggers execution disturbing, and you would like to disable them. You may never know, the below code snippets might come in handy to enable and disable all triggers in a database.

Solution: [Ctrl+C, Ctrl+V style]

Copy, paste, and run the below.


Enable all triggers in a Microsoft SQL Server database
 

DECLARE @DisableTriggerCommand NVARCHAR(4000)
DECLARE @TriggerTableName NVARCHAR(500)

DECLARE DisableTriggerCursor CURSOR
FOR
(
		SELECT NAME AS TableName
		FROM sysobjects
		WHERE id IN (
				SELECT parent_obj
				FROM sysobjects
				WHERE xtype = 'tr'
				)
		)

OPEN DisableTriggerCursor

FETCH NEXT
FROM DisableTriggerCursor
INTO @TriggerTableName

WHILE @@fetch_status = 0
BEGIN
	SET @DisableTriggerCommand = N'ALTER TABLE ' + @TriggerTableName + ' ENABLE TRIGGER ALL'

	PRINT 'Executing:   ' + @DisableTriggerCommand + CHAR(13)

	EXECUTE sp_executesql @DisableTriggerCommand

	FETCH NEXT
	FROM DisableTriggerCursor
	INTO @TriggerTableName
END

CLOSE DisableTriggerCursor

DEALLOCATE DisableTriggerCursor

 

Disable all triggers in a Microsoft SQL Server database 

DECLARE @DisableTriggerCommand NVARCHAR(4000)
DECLARE @TriggerTableName NVARCHAR(500)

DECLARE DisableTriggerCursor CURSOR
FOR
(
		SELECT NAME AS TableName
		FROM sysobjects
		WHERE id IN (
				SELECT parent_obj
				FROM sysobjects
				WHERE xtype = 'tr'
				)
		)

OPEN DisableTriggerCursor

FETCH NEXT
FROM DisableTriggerCursor
INTO @TriggerTableName

WHILE @@fetch_status = 0
BEGIN
	SET @DisableTriggerCommand = N'ALTER TABLE ' + @TriggerTableName + ' DISABLE TRIGGER ALL'

	PRINT 'Executing:   ' + @DisableTriggerCommand + CHAR(13)

	EXECUTE sp_executesql @DisableTriggerCommand

	FETCH NEXT
	FROM DisableTriggerCursor
	INTO @TriggerTableName
END

CLOSE DisableTriggerCursor

DEALLOCATE DisableTriggerCursor

 

:q

Written by gmaran23

February 6, 2014 at 9:46 pm

Disable Vuze from showing up in Mobile Devices

leave a comment »

 

One of my colleague called and told me that he has something with my name showing up on his “My computer/ Computer”. The moment I saw, I was shocked. First things first, google brought me, http://forum.vuze.com/thread.jspa?threadID=85963, no avail.

 

When you have vuze installed, it might show up in your Network or Computer as Vuze on <<computername>> under Media Devices. Who needs it? btw, when you are using a torrent client on a intranet, and you don’t want people to know that you are using a torrent client, guess what Vuze shows shows up on other computers on the network, with your PC name.

 

image

 

Here’s how you disable it. In the Vuze menu at top, Tools –> Options –> Plugins –> uncheck azupnpav plugin. Hit save (I don’t know if hitting save is required). Restart Vuze.

image

Written by gmaran23

January 16, 2014 at 2:24 pm

Devouring Security: Sql injection exploitation and prevention part 1

leave a comment »


I will upload the slide deck shortly, after the completion of Sql injection exploitation and prevention part 2. For those of you who were asking for it, here’s the screen recording.

Written by gmaran23

January 14, 2014 at 12:40 am

Get windows domain name from the command line

leave a comment »

 

Past couple of days, I have been hunting for the command that would give the domain that my computer is joined to. I have always been hitting the same page, and I am writing it here to no forget it.

Fyi, this command gives you the name of the domain that your computer is current joined to. That is, if you view the System Properties (sysdm.cpl), the Domain: value you see in there, that’s what this command gives you.

systeminfo | findstr /B /C:"Domain"

Written by gmaran23

January 3, 2014 at 8:41 pm

Posted in Windows

Tagged with , , ,

Installing gedit on kali linux

with one comment

 

yeah, it’s really a bummer when you try to edit a file with your (our) favorite text editor gedit, and you get “command not found”. You may be better off using gvim or leafpad but when it comes to breaking the habit of using gedit, you would have a second thought of installing gedit by hook or crook. Just as in backtrack, Off you go, and try

apt-get install gedit

 

you get Unable to locate package gedit

Screenshot_010214_031027_PM

You may be wondering if your sources.list should be updated. That is the answer. Update the /etc/apt/sources.list first based on your need with the list of repositories from here. [Or directly try apt-get update from the terminal and then install gedit with apt-get install gedit]

Or for a minimum configuration of repository list, in the terminal run

leafpad /etc/apt/sources.list

replace (or make sure) the contents of sources.list is as below

deb http://http.kali.org/kali kali main contrib non-free 
deb http://security.kali.org/kali-security kali/updates main contrib non-free 
deb cdrom:[Debian GNU/Linux 7.0 Kali - Official Snapshot i386 LIVE/INSTALL Binary 20130905327-07:57]/ kali contrib main non-free 



Save the changes to the sources.list and run apt-get update to update the package repositories.

apt-get update 

 

That’s it, once the apt-get repository is updates, you can run

apt-get install gedit

and then

gedit /etc/hosts

or

leafpad /etc/hosts Winking smile

Written by gmaran23

January 2, 2014 at 3:52 pm

Posted in kali

Tagged with , , ,

Add bindings to your azure role in Azure Compute Emulator

leave a comment »

 

(or) access azure website hosted on local Windows Azure Compute Emulator with the hostname of host’s IP address.

Scenario: If you are testing a website on your local development environment hosted on Windows Azure Emulator, if by default binds to your loopback address (localhost/127.0.0.1). What this means is, if you are on a domain or network and if you want to access this service/website from another computer on a network, you basically can’t.

 

Ideal Workaround:  Automated way is described with rinetd, and with or without serviceex – described in detail here – http://blog.sacaluta.com/2012/03/windows-azure-dev-fabric-access-it.html

 

Zappy Workaround: Here I will show you a very primitive way of working around the problem. But this is manual and you have to do it every time you start and stop the Azure emulator or the Azure role.

If the role you are trying to access from another computer on a domain is a website or uses IIS (most likely), then go ahead and edit the bindings, just as you would do for a normal website hosted in IIS. Right click on the website and select Edit Bindings. Add your IP address, or add your IP addresses and host names (with a port number that is available) that you want to bind to the website. That’s it, you are done.

 

For instance in the screenshot below, my service deployment was deployment22(44) as shown in the Windows Azure Compute Emulator, so my website in IIS looked like deployment22(44).xxxxxx. This website created in IIS is purged every time you start and stop an Azure service. That’s why I prefer the “Ideal Workaround”. But, this blog shows you yet another simple way to do it without tools.

All in one screenshot showing my csdef file, Windows Azure Compute Emulator, IIS Site Bindings, Internet explorer successfully navigating to the same website with all available bindings, and a linux on virtual box accessing the website with my ip address. Click on the screenshot to enlarge or use this link for a high res image.

image

Written by gmaran23

December 31, 2013 at 8:35 pm

Devouring Security: Insecure Direct Object References vulnerability in hotmail and yahoo mail

leave a comment »

The Gist: 

As of today, December 26, 2013, a transient Insecure Direct Object References (as quoted by OWASP) exists in hotmail, and yahoo mail.

  • Gmail, after signing out, if you try to access a gmail attachment via the url, you would be redirected to the gmail log in page.

 

  • Hotmail, after signing out, if you try to access a hotmail attachment via the url, you would be allowed to download/access the attachment for about 5 minutes, later which the url returns a 400 Bad request.

 

  • Yahoo mail, after signing out, if you try to access a yahoo mail attachment via the url, you would be allowed to download/access the attachment for about 5 minutes, later which the url returns a 500 Internal server error, and after some time, you would be redirected to the yahoo mail log in page.

 

Gmail, is perfect in it’s security implementation, in this case. Hotmail, and yahoo mail are not very perfect, though they both invalidate the attachment urls after 5 minutes or so, they still leave enough for an attacker to gain access to what they need via the attachment urls.

What I think is probably happening in case of yahoo mail and hotmail is, there is an access check mechanism that gets voids itself  after 5 minutes or so, or the files are from a private could, when requested for download, they are accessible for download via some form of reverse proxy implementation, that voids itself after 5 minutes or so. I could only speculate. Anyways, the strategy is not consistent, strict enough, and falls short with today’s security standards.

Video Transcript: (draft)

Hi, In this video, I am gonna show you, how hotmail and yahoo mail are vulnerable to “Insecure Direct Object References”. Today is Thursday, 26 December 2013, and my name is Marudhamaran Gunasekaran.

If you’d like to learn more about “Insecure Direct Object References”, get on to the OWASP site – https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References.

What is Insecure Direct Object References? In short, this vulnerability – Insecure Direct Object References - means,

If you are not authorized to access a particular resource, then you should not be able to access that resource. If case you were able to access an un-authorized resource (because of poor access control mechanisms), then you have an Insecure Direct Object References vulnerability.

For the purposes of demo, I have 3 email accounts created, one in yahoo, one in gmail, and one in hotmail.

What I am gonna do is, send my self some attachments, an image file, and a text file, from my gmail to my hotmail and yahoo email addresses.

Later, I am going to open my inbox, in all of the three email accounts, and download all the attachments to my local computer.

I am going to go the downloads section, copy all the three download links, paste it on to my clipboard for later use.

So, you are logged in to your email accounts, everything is downloadable, just the normal behavior. But, you will notice in a while that the normal behavior is going to turn out to be an unexpected, and unaccepted behavior when I sign out from all these three email accounts.

Now, let’s sign out from all three email services, and paste those copied links, one by one, in to the Firefox’s address bar.

Gmail, redirects to the log in page, which the is the expected behavior. Secure and very smart.
Hotmail servers the image, after the user has been logged out, so does yahoo mail. Not secure.

To demonstrate, how long this image is served, or how long the download link is valid in hotmail and yahoo, I have written a custom JScript in fiddler to make requests to a URL at a specified time interval. (I will show you how to do write fiddler custom scripts in a separate post).

I am going to request all these three URLs, one by one, at an interval of 15 seconds each.

What you see is gmail sending you a 302 redirect to the login page, hotmail serving up the image, yahoo mail serving up the image.

I am going to pause the recording for a couple of minutes, till hotmail thows an error.

You could see in fiddler, that hotmail started spitting a 400 Bad Request, after a while. After the user has logged out, the file was available without any access check for an approximate time of 5 minutes (more or less) in hotmail.

You could see yahoo, still serving up that image. From my observation, yahoo errors out after a while,  and after some time, yahoo redirects the user to the login page.

Now, you see that there is a good enough time window for anyone with the URL to download a private content, unrestricted.

This may not seem a ‘high impact’ vulnerability.

But, hey, what if I am an innocent user in a computer cafe, and after viewing/downloading my files, I safely log out my email sessions from yahoo and hotmail, I leave the place.

What if, the guy that comes next to same computer, in a minutes time is able to access the browser history and download my files, that should have been only private in the first place.

Thank you very much.

http://renouncedthoughts.wordpress.com

Written by gmaran23

December 27, 2013 at 1:27 am

Follow

Get every new post delivered to your Inbox.