vimrc or …

By nblair | September 10, 2008

… life sucks. The bottom line is, “Adam’s most perfect little page editor” sucks without one of these. Save the vimrc file in your home directory as .vimrc, then start vim and take a look at how much more use vim is. This is the vimrc file I use on all of my boxes. It does line numbers, specifies the font I like, handles everything from colors to custom indentations. Really makes it easier to breeze through small projects. Enjoy…


set nocompatible ” use vim defaults

set ls=2 ” allways show status line

set tabstop=4 ” numbers of spaces of tab character

set shiftwidth=4 ” numbers of spaces to (auto)indent

set scrolloff=3 ” keep 3 lines when scrolling

set showcmd ” display incomplete commands

set hlsearch ” highlight searches

set incsearch ” do incremental searching

set ruler ” show the cursor position all the time

set visualbell t_vb= ” turn off error beep/flash

set novisualbell ” turn off visual bell

set nobackup ” do not keep a backup file

set number ” show line numbers

set ignorecase ” ignore case when searching

“set noignorecase ” don’t ignore case

set title ” show title in console title bar

set ttyfast ” smoother changes

“set ttyscroll=0 ” turn off scrolling, didn’t work well with PuTTY

set modeline ” last lines in document sets vim mode

set modelines=3 ” number lines checked for modelines

set shortmess=atI ” Abbreviate messages

set nostartofline ” don’t jump to first character when paging

set whichwrap=b,s,h,l,<,>,[,] ” move freely between files

“set viminfo=’20,<50,s10,h

“set autoindent ” always set autoindenting on

“set smartindent ” smart indent

“set cindent ” cindent

set noautoindent

set nosmartindent

set nocindent

“set autowrite ” auto saves changes when quitting and swiching buffer

“set expandtab ” tabs are converted to spaces, use only when required

“set sm ” show matching braces, somewhat annoying…

“set nowrap ” don’t wrap lines

syntax on ” syntax highlighing

if has(“gui_running”)

” See ~/.gvimrc

set guifont=Monospace\ 10 ” use this font

set lines=50 ” height = 50 lines

set columns=100 ” width = 100 columns

set background=light ” adapt colors for background

set selectmode=mouse,key,cmd

set keymodel=

else

colorscheme elflord ” use this color scheme

set background=dark ” adapt colors for background

endif

if has(“autocmd”)

” Restore cursor position

au BufReadPost * if line(“‘\”") > 0|if line(“‘\”") <= line(“$”)|exe(“norm ‘\”")|else|exe “norm $”|endif|endif

” Filetypes (au = autocmd)

au FileType helpfile set nonumber ” no line numbers when viewing help

au FileType helpfile nnoremap <buffer><cr> <c-]> ” Enter selects subject

au FileType helpfile nnoremap <buffer><bs> <c-T> ” Backspace to go back

” When using mutt, text width=72

au FileType mail,tex set textwidth=72

au FileType cpp,c,java,sh,pl,php,asp set autoindent

au FileType cpp,c,java,sh,pl,php,asp set smartindent

au FileType cpp,c,java,sh,pl,php,asp set cindent

“au BufRead mutt*[0-9] set tw=72

” Automatically chmod +x Shell and Perl scripts

“au BufWritePost *.sh !chmod +x %

“au BufWritePost *.pl !chmod +x %

” File formats

au BufNewFile,BufRead *.pls set syntax=dosini

au BufNewFile,BufRead modprobe.conf set syntax=modconf

endif

” Keyboard mappings

map <F1> :previous<CR> ” map F1 to open previous buffer

map <F2> :next<CR> ” map F2 to open next buffer

map <silent> <C-N> :silent noh<CR> ” turn off highlighted search

map ,v :sp ~/.vimrc<cr> ” edit my .vimrc file in a split

map ,e :e ~/.vimrc<cr> ” edit my .vimrc file

map ,u :source ~/.vimrc<cr> ” update the system settings from my vimrc file

“—– write out html file

map ,h :source $VIM/vim71/syntax/2html.vim<cr>:w<cr>:clo<cr>

” Common command line typos

“cmap W w

“cmap Q q

” Keyboard mapping for numeric keypad

“imap <Esc>OM <c-m>

” map <Esc>OM <c-m>

“imap <Esc>OP <nop>

” map <Esc>OP <nop>

“imap <Esc>OQ /

” map <Esc>OQ /

“imap <Esc>OR *

” map <Esc>OR *

“imap <Esc>OS -

” map <Esc>OS -

“imap <Esc>Ol +

“imap <Esc>Om -

“imap <Esc>On ,

“imap <Esc>Op 0

“imap <Esc>Oq 1

“imap <Esc>Or 2

“imap <Esc>Os 3

“imap <Esc>Ot 4

“imap <Esc>Ou 5

“imap <Esc>Ov 6

“imap <Esc>Ow 7

“imap <Esc>Ox 8

“imap <Esc>Oy 9

“imap <Esc>Oz 0

Posted in Code, Uncategorized | Tagged , , , | Leave a comment

Shellcoding fun

By nblair | July 17, 2008

Interesting finding today while reading the Shellcoder’s Handbook (second edition). The program written in chapter 2 that demonstrates how a memory overflow works. The program returned different assembly code on my box. The code depicted in the book was :


0x080483c4 <return_input+0>:  push  %ebp
0x080483c5 <return_input+1>:  mov   %esp,%ebp
0x080483c7 <return_input+3>:  sub   $0x28,%esp
0x080483ca <return_input+6>:  lea   0xffffffe0(%ebp),%eax
0x080483cd <return_input+9>:  mov   %eax,(%esp)
0x080483d0 <return_input+12>: call  0x80482c4 <_init+40>
0x080483d5 <return_input+17>: lea   0xffffffe0(%ebp),%eax
0x080483d8 <return_input+20>: mov   %eax,0x4(%esp)
0x080483dc <return_input+24>: movl  $0x8048514,(%esp)
0x080483e3 <return_input+31>: call  0x80482e4 <_init+72>
0x080483e8 <return_input+36>: leave
0x080483e9 <return_input+37>: ret
End of assembler dump.

The code return on my box had similarities but was longer. At first I though this may have something to do with the fact that I am using a dual AMD 64bit processor with a 32-bit kernel. I was wrong.

Here was the disas input_return output on my box:

0x080483f4 <return_input+0>:    push   %ebp
0x080483f5 <return_input+1>:    mov    %esp,%ebp
0x080483f7 <return_input+3>:    sub    $0x38,%esp
0x080483fa <return_input+6>:    mov    %gs:0x14,%eax
0x08048400 <return_input+12>:    mov    %eax,-0x4(%ebp)
0x08048403 <return_input+15>:    xor    %eax,%eax
0x08048405 <return_input+17>:    lea    -0x22(%ebp),%eax
0x08048408 <return_input+20>:    mov    %eax,(%esp)
0x0804840b <return_input+23>:    call   0x8048330 <gets@plt>
0x08048410 <return_input+28>:    lea    -0x22(%ebp),%eax
0x08048413 <return_input+31>:    mov    %eax,(%esp)
0x08048416 <return_input+34>:    call   0x8048360 <puts@plt>
0x0804841b <return_input+39>:    mov    -0x4(%ebp),%eax
0x0804841e <return_input+42>:    xor    %gs:0x14,%eax
0x08048425 <return_input+49>:    je     0x804842c <return_input+56>
0x08048427 <return_input+51>:    call   0x8048350 <__stack_chk_fail@plt>
0x0804842c <return_input+56>:    leave
0x0804842d <return_input+57>:    ret
End of assembler dump.

After some research I found out, I am stupid. I found this on a Wiki:

StackGuard was the first canary stack protector, released for GCC in 1997, and published at USENIX Security 1998. StackGuard is an extension to GCC that  provides buffer overflow protection. It was invented by Crispin Cowan, first implemented as a zero canary in the i386 backend for GCC 2.7.2.2 by Aaron Grier, and verified by Peat Bakke. Perry Wagle continued maintenance of StackGuard for the Immunix project, and implemented the Terminator, Random, and Random XOR canaries.

StackGuard was made available as a standard part of the Immunix Linux distribution from 1998 to 2003, providing both Red Hat-compatible binary RPMs and patched GCC sources from GCC 2.7.2.3 through 2.96.w
StackGuard was suggested for implementation in GCC according to the GCC 2003 Summit Proceedings and the StackGuard homepage; however, gcc 3.x offers no official buffer overflow protection, and the SSP concept below has been adapted for GCC 4.1 instead.

After reading this I re-compiled the program with the GCC flag –fno-stack-protector. Then this was my disas return_input output:

Dump of assembler code for function return_input:
0x080483a4 <return_input+0>:    push   %ebp
0x080483a5 <return_input+1>:    mov    %esp,%ebp
0x080483a7 <return_input+3>:    sub    $0x28,%esp
0x080483aa <return_input+6>:    lea    -0x1e(%ebp),%eax
0x080483ad <return_input+9>:    mov    %eax,(%esp)
0x080483b0 <return_input+12>:    call   0x80482e8 <gets@plt>
0x080483b5 <return_input+17>:    lea    -0x1e(%ebp),%eax
0x080483b8 <return_input+20>:    mov    %eax,(%esp)
0x080483bb <return_input+23>:    call   0x8048308 <puts@plt>
0x080483c0 <return_input+28>:    leave
---Type <return> to continue, or q <return> to quit---
0x080483c1 <return_input+29>:    ret
End of assembler dump.

This is much closer to the book’s assembly code for that function. It just goes to show you that since GCC has finally — after many many years — gotten wise to the many dangerous holes C programmers can open without much effort, also, the days of easily exploitable buffer overflows are numbered.

Posted in Code | Tagged , , , , | Leave a comment

tough book

By nblair | July 16, 2008

I won a bid for a Panasonic ToughBook. I was really excited to see it on Ebay after having seen on in BestBuy for over $3,000. I got my slightly used 800mhz processor CF-24 for only 55 bucks, and yes that includes shipping. I plan to use it to be really 1337, or something…

In my book — a tough book to get into — a rectangular mid-90’s style laptops are one of the most 31337 h4×0r looking pieces of equipment you can own.

I plan to put OpenBSD on it and run around like a freak with a laptop that has a built in handle.

Posted in Uncategorized | Tagged , , | Leave a comment

PHP/cURL

By nblair | June 5, 2008

Say you need some images from a website. You have talked to the web site’s administrator and they do not provide an XML feed  that contains the urls you need to get the images on your site. Use cURL/php a cURL extension for the php language to steal the content you need. You could even leave it hosted on their server. Just write a script that will build <img> tags the reference the image location on the remote server.

I was faced with a situation similar to this not to long ago. I just created a php file that will display the information. Then I just used a server side include to display it on a page. I found some helper classes for libcURL over at http://www.schrenk.com they helped me out, they are not really long, they are more just a tool to teach you about libcURL. Its worth popping into the book store to get a copy of this guy’s book (Webbots, Spiders, and Screen Scrapers).

<style type="text/css">
#video_tout_wrapper{
background-color:#000;
border:1px solid #fff;
width:321px;
height:100px;
padding-left:5px;
margin-top:10px;
}

.thumbnail {
color:#fff;
font-size:10px;
text-align:center;
}

.videoToutTitle {
font-size:11px;
font-weight:bold;
padding-bottom:6px;
text-transform:uppercase;
color:#fff;
}
</style>

<?php

/*
* the library is available via http://www.schrenk.com
* /

# Include libraries
include(”php_libs/LIB_parse.php”);

include(”php_libs/LIB_http.php”);

$target=”http://videos.ledger-enquirer.com/vmix_hosted_apps/p/grid?all=1&class_id=1“;
$div_array = array();

# Download a web page
$web_page = http_get($target, $referer=”");

$thumbnail_div_array = parse_array($web_page['FILE'], “<div class=\”thumbnail\”", “</div>”);

#for($img_count=0; $img_count<1; $img_count++)
#{
$thumbnail_landmark = “<img src=\”http://llnwi“;
if(stristr($thumbnail_div_array[1], $thumbnail_landmark)) //Process the divs
{

echo “<div id=\”video_tout_wrapper\”>”;
echo “<a class=\”videoToutTitle\” href=\”http://videos.ledger-enquirer.com/\“>L-E-O.COM VIDEOS</a>”;
echo “<table>”;
echo “<tr>”;
echo “<td>$thumbnail_div_array[0]</td>”;
echo “<td>$thumbnail_div_array[2]</td>”;
echo “<td>$thumbnail_div_array[1]</td>”;
echo “</tr>”;
echo “</table></div>”;

}
#}
//echo “FOUND: $img_count thumbnail img tags\n”;
?>

Disclaimer: Please don’t do this to any site unless you have fully read their TOS agreement or have written permission from the web site staff. This could get you in a ton of trouble if the content you are pulling is licensed.
Posted in Code, PHP | Tagged , | Leave a comment