Monday, 19 January 2015

Automatically installing gem dependencies when setting up Metasploit

Quick post! Setting up metasploit from source was being a bitch. I don't often work with ruby, which was more than likely why I was having issues. bundle install was not working as I would have liked and metasploit wanted 101 dependencies installing.. one.. by.. one.

ANYHO, here is a one line script I made to automate the whole process of installing the dependencies:

while true; do package=`./msfconsole 2>&1 | grep -Eo "Could not find.*" | awk {'print $4'}`; if [ -z $package ]; then echo done; break; else nam=`echo $package | grep -oE "^.*-" | sed s/-$//g`; ver=`echo $package | grep -Eo "[0-9][0-9\.]+$"`; echo $nam $ver; gem install $nam -v $ver ;fi; done  

I am sure there is a lovely neat way of doing this, however unfortunately, I did not know how.

Tuesday, 5 August 2014

sendfile system call > cat and cp

My friend just came to me and asked me whether I thought it would be quicker to use cat to copy a file or to create a bespoke program to do the same job. Whilst I originally thought the differences would be negligible I remembered the system call 'sendfile' and thought I would have a poke. 

In the linux 2.2 kernel (This release was not yesterday, it was in 1999), the system call 'sendfile' was released allowing for fast file transfers between two file descriptors.

man sendfile:
"Because this copying is done within the kernel, sendfile() is more efficient than the combination of read(2) and write(2), which would require transferring data to and from user space"

With a quick review of the coreutils source code:

[adam@localhost coreutils-8.23]$ grep sendfile * -RA2
TODO:Integrate use of sendfile, suggested here:
TODO-I don't plan to do that, since a few tests demonstrate no significant benefit.

I used my awesome coding skills to determine that sendfile was not currently in use. 

So for the hell of it I made a crude cp using sendfile to compare with:
 #include <sys/sendfile.h>  
 #include <sys/types.h>  
 #include <sys/stat.h>  
 #include <fcntl.h>  
 #include <stdio.h>  
 //ssize_t sendfile(int out_fd, int in_fd, off_t *offset, size_t count);  
 int main(int argc, char **argv){  
     ssize_t sf_stat;  
     if (argc != 3){  
         printf("usage: %s in_file out_file\n", argv[0]);  
         return -1;  
     int in_fd = open(argv[1], O_RDONLY);  
     int out_fd = creat(argv[2], S_IRUSR|S_IWUSR);  
     if ((in_fd | out_fd) < 0){  
         perror("error opening file");  
         return -1;  
     do {  
         sf_stat = sendfile(out_fd, in_fd, NULL, 65536);  
     } while (sf_stat > 0);  
     if (sf_stat < 0){  
         perror("error copying file");  

And the results were...

...that the coreutils code should probably be updated. I mean, come on, it's been 15 years already:

[adam@localhost c]$ time ./sendfile large_file /dev/null
real 0m0.044s
user 0m0.001s
sys 0m0.042s

[adam@localhost c]$ time cat large_file > /dev/null
real 0m0.283s
user 0m0.005s
sys 0m0.274s

[adam@localhost c]$ time cp large_file /dev/null
real 0m0.251s
user 0m0.003s
sys 0m0.246s

UPDATE! I did further tests. Sending files to /dev/null acts differently when using send_file; it doesn't matter what you copy, it takes the same(ish) amount of time. For normal copies, it is slightly quicker. I am still looking into it. :)

Sunday, 13 July 2014

Microphone not detected in Rosetta Stone under Wine

This was a pain in my balls for many an hour. Ethically I can not not post it online.


 - Running Rosetta Stone under Wine.
 - Rosetta Stone does not detect your microphone.

Bodge, but it works:

 - Enter a lesson. When prompted select "Turn speech OFF for this session".
 - Within the lesson, if needed, enable the microphone by enabling "Speech recognition" in the settings.


Agreed, this is a bit of a shit fix, works though :).

Thursday, 6 March 2014

Google Translate In Terminal

I am currently trying to learn french, and just to make life a tad easier, i wrote a wrapper for google translate.

Because when do you not have a terminal handy?

(Psst. I have up a more updated version here)

Saturday, 1 March 2014

Debugging with colour in Python

It's the little things that make life worth living, debugging with colour for example:



debug_level = 3

def debug(level, string):  
    level_char=["+", "*", "**", "***"]
    level_colour=['\033[1;96m', '\033[1;92m', '\033[1;93m', '\033[1;91m']
    if (level <= debug_level):
        print " %(level_colour)s[%(level_char)s]\033[0;39m\t%(string)s" % \
            {"level_colour": level_colour[level], \
            "level_char": level_char[level], \
            "string": string}  

def main():
    debug(0, "General information")
    debug(1, "Debug 1")
    debug(2, "Debug 2")
    debug(3, "Debug 3")
if __name__ == "__main__":

Thursday, 2 January 2014


Today I finally got a chance to play with my new switch (SG300), and I spent more time configuring the banner than I did configuring the actual functionality..

Still though, you have to admit its quite fetching..

Archer <3

Sunday, 10 November 2013

Subverting library calls with LD_PRELOAD

LD_PRELOAD is a dandy environment variable which, when set, allows us to override functions in shared libraries. Consider the following program:

[adam@localhost code]$ ./secret
Usage: ./secret password
[adam@localhost code]$ ./secret abc123
ERROR: Incorrect password
[adam@localhost code]$ 

Well crap. What to do. Lets have a look at the functions called:

[adam@localhost code]$ nm -D secret
                 w __gmon_start__
                 U __libc_start_main
                 U printf
                 U puts
                 U strlen
                 U strncmp

If only we knew what parameters were being passed to strncmp!.. Oh wait this is a tutorial:

Creating our own strncmp:

[adam@localhost code]$ cat load_me_first.c
#include <stdio.h>
#include <stdlib.h>

int strncmp(const char *cs, const char *ct, size_t count){
    printf("[ Non-offical strncmp hit ]\n"
           "\tcs = %s\n"
           "\tct = %s\n",
            cs, ct);

Compiling the object:

[adam@localhost code]$ gcc -shared -o -fPIC load_me_first.c
[adam@localhost code]$ ls -la *.so
-rwxrwxr-x. 1 adam adam 8065 Nov 10 22:58

And finally calling using LD_PRELOAD:

[adam@localhost code]$ LD_PRELOAD=./ ./secret "if only this was the password"
[ Non-offical strncmp hit ]
    cs = qwerty
    ct = if only this was the password
[adam@localhost code]$

Whayy. We can see that the user password is being compared against "qwerty", we would have never been able to brute that!

[adam@localhost code]$ ./secret qwerty

        )\               (__)
       /  \              (oo)
     Cow trying out for a part
       in the new JAWS movie

(p.s. This is not the answer for Don't forget to return!)

Don't forget to return! Scripting challenge.

I found this quite an amusing scripting challenge. If you get stuck feel free to ask for a hint. If you post your answer I will post mine! (Don't go OTT! If you are above 100 lines ye gone too farr)

And i'm not talking about guessing EVERY combination here..

[adam@localhost code]$ time ./
made it.
Tell me and I forget, teach me and I may remember, involve me and I learn.

real    0m0.111s
user    0m0.043s
sys    0m0.050s
[adam@localhost code]$

Thursday, 24 October 2013

Creating pretty graphs in linux with gnuplot

You have to love graphs and their graphingawesomeness. I'm not going to lie, I have a thing for them ever since I met gnuplot.

I really should be hitting they hay so this will be a quick one.

As an example I have pinged google 100 times and dropped the delay into a text file

[adam@localhost gnuplot]$ ping -c 100 -ni 0.2 | awk -F [=\ ] {'print $(NF-1)'} | grep -E "[0-9]" > ping.dat

[adam@localhost gnuplot]$ head -n 5 ping.dat

[adam@localhost gnuplot]$ cat
set terminal png
set output "ping.png"
set ylabel "Delay (m/s)"
set xlabel "Number"
plot "ping.dat" with lines

[adam@localhost gnuplot]$ ./

Poof. we have a graph

Not cool enough for you?

- set terminal png
- set output "ping.png"
+ set terminal dumb

Concurrent audio outputs with PulseAudio in Fedora (playing through multiple speakers at the same time)

pacmd is the dogs bollocks. 

I wanted to be able to talk to my friend on skype with one of my headphones in, whilst playing a movie over HDMI on my tv from my laptop, and searching for this was not proving easy on google. Whilst searching how to fix another issue i fell upon pacmd. With pacmd, you can manipulate your audio inputs and outputs to a unexpectedly awesome amount.

Below are a few examples but first things first, if you get stuck, RTFM. I have added a few bits of grep and awkage just to make it easier to read, I hope you don't mind.

What sinks (devices..ish) do we have

[adam@localhost ~]$ pacmd list-sinks | grep index -A 1
    index: 0
    name: <alsa_output.pci-0000_00_03.0.hdmi-stereo-extra1>
  * index: 1
    name: <alsa_output.pci-0000_00_1b.0.analog-stereo>
[adam@localhost ~]$ 

I have two different sinks: my HDMI out and my standard audio card, index 0 and 1 respectively. Dropping the grep gives you a bunch more useful information which I am sure if of use to lots of you.

Redirecting audio output

If you want to just swap audio to another output its pretty simple, you can just change the default sink:

[adam@localhost ~]$ pacmd set-default-sink 0

So now if I load up another application, the audio will be outputted to sink 0, which in my case is my HDMI.

This will not however redirect the audio of current applications. To list the applications which are currently linked to a sink, run the following:

[adam@localhost ~]$ pacmd list-sink-inputs | grep -Ei "(available|sink|index|application\.name)" | sed s/^[[:space:]]*//g 

>>> 1 sink input(s) available.
index: 39
sink: 1 <alsa_output.pci-0000_00_1b.0.analog-stereo> = "ALSA plug-in [plugin-container.#prelink#.QLz5gf (deleted)]"

This was a crappy youtube video that I had paused at the time, but it makes a good example. If i want to instantly redirect the output of the application all we have to do is move the index to another sink:

[adam@localhost ~]$ pacmd move-sink-input 39 0 > /dev/null
[adam@localhost ~]$ pacmd list-sink-inputs | grep -Ei "(available|sink|index|application\.name)" | sed s/^[[:space:]]*//g

>>> 1 sink input(s) available.
index: 39
sink: 0 <alsa_output.pci-0000_00_03.0.hdmi-stereo-extra1> = "ALSA plug-in [plugin-container.#prelink#.QLz5gf (deleted)]"

Tadaaa, it's now playing over HDMI without affecting any other application.

Playing over multiple speakers

For this we need a module, yes you read right pacmd is modular, it's just that awesome.

[adam@localhost ~]$ pacmd load-module module-combine-sink sink_name="Combined" slaves=0,1 adjust_time=5

[adam@localhost ~]$ pacmd list-sinks | grep index -A 1
    index: 0
    name: <alsa_output.pci-0000_00_03.0.hdmi-stereo-extra1>
  * index: 1
    name: <alsa_output.pci-0000_00_1b.0.analog-stereo>
    index: 2
    name: <Combined>

[adam@localhost ~]$ pacmd set-default-sink 2

What this did was create a new sink called "Combined" joining together my HDMI card and my standard audio card together with a 5 second re-sample rate to keep things in sync. If you have issues with the speakers becoming out of time, play with the adjust_time option. By omitting the slave option, all cards will be joined.

Too quiet?

My laptop speakers aren't half bad however some web players are just SO quiet. To fix it, we can set the volume to 100%+. The following sets it to 150%

[adam@localhost ~]$ pacmd set-sink-volume 1 0x15000


You can of course do other magical things, i just have not had the time to look into them further.

Hello World!

I have a blog! Hopefully someone, somewhere in the world will find a post on here that fixes that ball ache of a problem they have been googling for, for the past 2 hours.