opensource
OpenOffice All Languages Wordlist
(As it seems like no one did this before... I tried to )
One of the coolest things from OpenOffice (IMHO) is it's huge spell checking database, available for 92 languages. It contains not only the "most popular" words, but also some "mutation rules", which describe the generic "word formation" algorithm for each language. This opens great possibilities for a dictionary attack.
So, all I did was picking an "All Language Pack" from OpenOffice.org, and expanding it (i.e. using the affix rules to generate a list of all recognized words of a dictionary) with the unmunch
utility from the Hunspell. As unmunch
behaved a bit... weirdly with some .aff
files (namely: ar, eu_ES, gl_ES, he_IL, hu_HU, lt_LT, mn_MN, qu_BO, se), I had to use the non-expanded .dic
instead.
This generated a set of lists with 127,153,335 unique words, which summed up into 1,932.2 MB.
And finally, here it is, for all your security testing purposes, packed with 7-Zip into a 167.3 MB file:
- The Pirate Bay (torrent)
- Mininova (torrent)
stas » November 3, 2008 » 14:06
attachment » 1 comment » 7367 reads
|
"keyboard injection" under Linux
What to do if you want to pass some data into STDIN of some process,
and it doesn't accepts it?! One of the most (un)famous example is ssh
;
who never tried to do a "echo password | ssh host"
?!
So, you just want to inject characters as there were someone
typing them. Remember: TIOCSTI ioctl() call is your
friend
Just google it to see what
it does. And now, some actually working code:
#!/usr/bin/perl -w
use strict;
use Fcntl;
use constant TIOCSTI => 0x5412;
unless (@ARGV >= 1) {
print "usage: $0 [vt] <input>\n";
exit;
}
my $vt = shift @ARGV;
my $buf = join '', <>;
&writevt ($vt, $buf) || die "can't write to $vt: $!\n";
exit;
sub writevt {
my ($vt, $buf) = @_;
sysopen (VT, $vt, O_RDONLY) || return 0;
for (my $i = 0; $i < length $buf; $i++) {
ioctl (VT, TIOCSTI, substr ($buf, $i, 1)) || return 0;
}
close (VT) || return 0;
return 1;
}
And this is how it works (Linux-specific!!!):
[stas@home stas]$ echo id | ./catvt.pl /dev/pts/0
id
[stas@home stas]$ id
uid=?????(stas) gid=?????(stas) groups=?????(stas)
Kinda awesome
stas » August 15, 2007 » 21:20
add new comment » 9490 reads
|
Geolizer HTTP stats
About Geolizer
This is an enhanced version of the popular Webalizer
HTTP server statistics generator. It's main feature is an ability to
discover visitor's country by his/her IP address. Default Webalizer
method is to extract host suffix from the reversal DNS query (obtained
directly from log files, or by webazolver
program if HTTP
server doesn't reverses client IPs), which is slow and imprecise (for
example, Brazilian host could be reversed as .com
).
Geolizer relies on the GeoIP
library API to do the same thing. Thus, no more DNS queries are
required, and
results are much more precise. Geolizer also has some additional
features: it displays file sizes in a human-readable form
(bytes/KB/MB/GB/TB) instead of default kilobytes. It
also compiles
under MinGW/MSYS now, so you can process
your UN*X log files on your Windows box.
And,
finally, Geolizer features a nice eye-candy: country flags!
Beware as Geolizer also has some bad features (read "bugs"):
for example, webazolver
won't work anymore, and already resolved hosts aren't handled well.
Want to see how it looks like, at all? Take a look at some sample
statistics! Or see who else uses Geolizer to produce
their server stats.
Tips
- The country flag pictures can be downloaded at http://flags.blogpotato.de/.
Just download and unzip
world.small.zip
&special.small.zip
to theflags/
subdirectory in your HTML output path. - You may enhance your Webalizer further (allowing it to identify more user agents, referrers and search engines than normal) using extended configuration files, provided by Enric Naval and available at http://griho.udl.es/webalizer/.
- It is possible to use multiple configuration files on
Webalizer. Just specify them at the command line:
webalizer -c common.conf -c user_stas.conf
- Why don't you try also AWStats & WebDruid?!
It is easy to located an internet service which provides low prices for voip. Simply by downloading the software the service of the voip can be utilized, though for this a fast wireless internet is also required. This is especially benefical for small website hosting companies to contact their clients at a low cost.
stas » January 16, 2007 » 14:00
3 attachments » 138 comments » 236262 reads
|
X11 FrontEnd for the Rio Utility
X11 FrontEnd for the Rio Utility v1.07 made by guys from the Snowblind Alliance. Surely not the best nor the most beautiful of all GUIs made to manage the famous Rio MP3 Player, but I tried to implement some of the ideas that the "real" managers doesn't implement. List of some "interesting" features:
- 2 windows side-by-side like in Norton Commander legacy managers
- treats M3U playlists as directories
- displays the space remaining on the device as you select files to upload
- current file & overall progress bars
- realtime display of the transfer speed
rio.exe
is OK. You can download it here and test
for yourself! However, I would suggest you to use my Diamond Rio PMP300
FS-plugin for Total
Commander.P.S. - if you get problems downloading files with long names, apply the patch I provided below on the Rio Utility source (not XRio itself!) and recompile it.
stas » January 8, 2007 » 09:37
2 attachments » 1 comment » 16487 reads
|
tiny HTTP proxy
This is a tiny and highly experimental HTTP/1.0 proxy software that I have written to debug HTTP protocol & it's clients. It is very small and simple, yet useful to reverse-engineering purposes. It's interface is quite obvious. The Server frame controls the IP, port and connection limit of the proxy server. It also shows how many connections are active at moment. The Data Traffic frame shows in/out packets & bytes. Service frame allows you to stop, start and quit the proxy. These are the very minimalist controls for the very minimalist proxy server.
The interesting stuff begins at the Plugin frame. All the packet
passed through this proxy server are forwarded to the selectable plugin
module. By default, it is logger.dll
. It simply saves every
single packet into separate file, which uses the following name scheme:
from_IP.from_port-to_IP.to_port.log
(for example,
127.0.0.1.4322-127.0.0.1.21.log
). The files can be ordered by
their modification date in your file explorer, so you can track the entire
session:
The logger.dll
can be set up to include a sequence counter at
the beginning of each packet and to output saved packets into some specific
directory:
Plugin module is also capable of injecting packets. Load the
replicator.dll
file and check the setup screen:
When you click the Capture button and then make some action in
your proxied web client, the replicator plugin will prompt you if it got a
corresponding packet. This packet may be resent automatically, at the period
specified in the Period box. You can capture & replicate several
packets, and manipulate their resend period. A very interesting application
of the replicator plugin is to flood web chats and to spin
up web counters. Of course, the right way is to use
logger.dll
and to make a clone that imitates the "real" web
client.
The final note: this is, and always will be, an alpha-state code. I do not develop this proxy application anymore. It is useful to me the way it is. But you can grab the source and make a whatever plugin you like, or even rewrite the code entirely. I don't care. Just give me the proper credits!
stas » January 3, 2007 » 21:50
attachment » 1 comment » 21832 reads
|
CEP-2-City
Módulo Perl que obtém o nome do município (do Brasil) a partir de um CEP dado. Exemplo:
#!/usr/bin/perl use CEP; # inicializa my $cep = new CEP; # $city será referência para array com estado/cidade my $city = $cep->city ('12.437-660'); # processa somente os dígitos numéricos (0-9) if ($city) { # $str será uma string no formato Cidade/ESTADO my $str = CEP::city_string ($city); # filtra os acentos e imprime em caixa alta printf "esse CEP pertence a [%s]\n", uc CEP::normalize ($str); } else { print "CEP não encontrado\n"; } exit;
Conforme pode ser observado no exemplo dado acima, este é um módulo
orientado a objeto. A instância do objeto CEP é criada com new
CEP
. Durante a inicialização, é construído um
array com a lista ordenada das faixas de CEPs (isso pode demorar, portanto é
uma boa idéia criar uma única instância e reaproveitá-la indefinidamente). O
método que realiza a busca binária pelo CEP e retorna o nome do município é
city()
. O seu único parâmetro é o número CEP propriamente dito.
Somente os dígitos numéricos serão considerados. city()
retorna
uma referência para array que contém o nome do estado e o nome da cidade,
nessa ordem. Inclui também uma subrotina city_string()
que
recebe como parâmetro o array retornado pelo city()
e retorna
uma string no formato "Nome da cidade/ESTADO". E, finalmente, quando
os acentos são desnecessários, pode-se filtrá-los com a função
normalize()
, que recebe uma string com acentos e a retorna sem
acentos
P.S. - cuidado com os line-endings do arquivo
CEP.pm! Se o segmento __DATA__
for salvo com CRLF, o módulo
apresentará comportamento estranho em sistemas UN*X!
P.P.S. - Este projeto tem agora um sucessor (que consegue obter informação sobre Rua/Bairro e até mesmo DDD regional)! Confira!
stas » January 3, 2007 » 17:55
attachment » add new comment » 16867 reads
|
inPEct .EXE binder
inPEct
means "infect", applicable to PE ("Portable Executable") format. It is an executable binder, thus, it's able to join two .exe
files in one. Now, why should anyone want to do that, is a question apart (screenshot is self-explanatory
At the time I've wrote inPEct, most executable binders were similar to
SFX ("Self-Extract") stubs: they simply extracted their content to
somewhere (commonly %TEMP%
directory). inPEct is a bit
different, as it expands the host executable and encrypts & inserts
the hosted executable inside it. When someone executes the bound
application, the host executable runs normally, and the hosted
executable is extracted and then executed. inPEct also has a feature to
execute the hosted executable only once ('smart feature'
):
if the bound program is executed by user again, hosted file won't be
extracted anymore. And inPEct is very fast and small, as it's
written entirely in pure assembler (in fact, inPEct's loader has only
800 bytes!). It's encryption algorithm is very cheap, but still uses a
random seed. Thus, I expect that inPEct is more stealthy than similar
binders.
Please note that almost every AntiVirus program detects and
quarantines inPEct (and files produced by it)! This shows it's popularity in the past, I guess
But today it's useful mostly as a pure assembler programming example... And for AntiVirus research, as this paper actually shows.
stas » January 1, 2007 » 23:00
3 attachments » 56 comments » 34677 reads
|
ACFTools (for X-Plane)
The Plane-Maker from X-Plane v7.x is fun and easy to use... Although I found it a bit limited to edit my planes' fuselage. 20 cross-sections aren't enough, sometimes. It would be nice to export the fuselage shape into any 3D-editor and fine-tune it there... This is exactly what my ACFTools are supposed to do. Please note that X-Plane v8.x is unsupported, unless you create & edit a v7 model and then import it to Plane-Maker v8. But I believe this isn't a problem: X-Plane v8 is able to use OBJ format files (which can be imported/exported by AC3D and Blender plugins) as parts of an aircraft, thus, extremely weird shapes are perfectly possible without even touching the ACF file.
Now, what exactly ACFTools does? It is able to process the file that stores all the aircraft data (except the textures), in the binary ACF format, and dump all the data in the human-readable TXT format. It is the same format as for Tony Gondola's ACF2Text utility, which inspirited my ACFTools. Then, ACFTools can extract the 3D model of the aircraft from this data, and export it in the AC3D format. After that you can edit the aircraft's shape as you want using AC3D and make the inverse process: from
.ac
to .txt
, and then from .txt
to .acf
. Here comes the brief set of ACFTools features:- Convert from ACF (aircraft) & WPN (weapon) formats to TXT format and vice-versa.
- Extract AC3D model from TXT file, along with wings and propellers (using the real airfoils!).
- Import AC3D model into TXT file (fuselage, nacelles, wheel fairings & external fuel tanks only)
ACFTools was written in Perl, thus it is able to work under Linux, MacOS & Windows. And it is Open-Source & highly modular, so you can modify it as you want, or use my functions for your own needs. When you start ACFTools, this is what you get at your console:
##############################################################################
[ACFTools v0.62a] Set of tools to play with ACF files outside of Plane-Maker
Perl script and modules coded by Stanislaw Pusep
Site of this and another X-Plane projects of mine: http://xplane.sysd.org/
Allows you to:
* export X-Plane (www.x-plane.com) aircraft data files to human-editable
plaintext format and 3D mesh editable in AC3D modeler (www.ac3d.org).
* import plaintext/3D mesh back to ACF file.
##############################################################################
Usage: acftools.exe[parameters]
o Commands:
-extract [DEF] : extract TXT from ACF (opt: using DEF definition)
-generate : generate ACF from TXT
-merge : merge body from AC3D file to TXT
o Parameters:
-acffile FILE : name of ACF file to process
-txtfile FILE : name of TXT file to process
-ac3dfile FILE : name of AC3D file to process
-noorder : DO NOT sort vertices while merging bodies
-noac3d : DO NOT generate AC3D
-(min|max)body N: write all bodies in specified range to AC3D
-force LIST : force extraction of bodies LIST (comma-separated N)
-normalize N : normalize wings to N vert/surface (N>=2 or no wings!)
o Notes:
* You can use abbreviations of commands/parameters (-gen or even -g
instead of -generate).
* The only required parameter for "extract" command is -acffile.
Both -txtfile and -ac3dfile are derivated from it.
* "generate" command and -txtfile has the same relation.
* By default "extract" uses the latest DEF file.
* "generate" doesn't need DEF at all (it is implicit in TXT)
* If file to be created already exists backup is made automatically.
o Examples:
acftools.exe --extract=ACF700 --acffile="F-22 Raptor.acf"
(extract 'F-22 Raptor.txt' from 'F-22 Raptor.acf')
acftools.exe -e -acf "F-22 Raptor.acf"
(same as above)
acftools.exe -me -ac3d ladar.ac -txt "F-22 Raptor.txt"
(merge *single* 3D body from 'ladar.ac' to 'F-22 Raptor.txt')
acftools.exe -g -txt "F-22 Raptor.txt"
(reverse operation; generate 'F-22 Raptor.acf' from 'F-22 Raptor.txt')
defs
directory. By default, it is a ACF740.def
,
which works for X-Plane v7.40 and later. You can specify any definition
file you want, as shown on the screen above. You can also write your
own definition files, if you have the structure specification. Note
that to convert TXT back to ACF, no definition is necessary, as the TXT
format itself holds all the data necessary to build the binary file.
The second thing is to specify the file that ACFTools should convert.
The name of the converted file and every of the intermediary files will
be generated from this name. When converting from ACF to AC3D formats,
TXT file is generated automatically. Please note that when you want to
put the edited aircraft part back into the .acf
file, you must save this part as a .ac
separate file, then merge it into the TXT file, and after that convert
it into ACF! Yes, it would be nice to have a GUI to automate the entire
process, but I'm too lazy to do that! Anyway, may the source be with you
I strongly recommend you to read the
docs\README.txt
file contained in the ACFTools package before you start using it!
stas » May 10, 2006 » 01:09
3 attachments » 6 comments » 28890 reads
|
MD5/SHA1 checksum
Basically, the file checksum plugin integrates the functionality of GNU utilities
md5sum
and sha1sum
into the Total Commander GUI. This is done through the packer extension
API: you simply select files/directories you want to checksum, and
"Pack" (Alt+F5) them into a .md5
or .sha
"archive". It will be a plain text file which looks like this (just the same format as that of above GNU utilities):3fb2924c8fb8098dbc8260f69824e9c437d28c68 FC4-i386-disc1.iso
31fdc2d7a1f1709aa02c9ea5854015645bd69504 FC4-i386-disc2.iso
032455cdf457179916be3a739ca16add75b768b7 FC4-i386-disc3.iso
f560f26a32820143e8286afb188f7c36d905a735 FC4-i386-disc4.iso
736e1555e88740d6131c5c84fbe69ed1073ba82d FC4-i386-rescuecd.iso
Then, to verify files consistence from TC, select
.md5
or .sha
file and "Test archive" (Shift+Alt+F9). Files generated by *BSD md5
utility are also supported. You can also browse checksum
files as they were directories; this is specially useful to locate
and check for consistence a single file from the huge directory tree.
To do that, just "View" (F3) a file, and TC Lister will pop you a
window with content like this:D:\_INSTALL_\stentz-binary-i386\FC4-i386-rescuecd.iso
expected: 736e1555e88740d6131c5c84fbe69ed1073ba82d
computed: 736e1555e88740d6131c5c84fbe69ed1073ba82d
SHA1 checksum OK!
Installation:
- Unzip the
"checksum.wcx"
to the Total Commander or Windows Commander plugins directory - In Windows Commander 4.0 (or newer) or Total Commander, choose 'Configuration => Options'
- Open the 'Packer' page
- Click 'Configure packer extension WCXs'
- Type
md5
as the extension - Click 'New type', and select the
"checksum.wcx"
file - Click OK and then 'Configure packer extension WCXs'
- Now type
sha
as the extension - Click 'New type', and select the
"checksum.wcx"
file again - Click OK
Usage:
(This section uses MD5 checksums as example; for SHA1 the procedure is thesame, just replace every "md5" you see by "sha" )
- Generate MD5 checksum:
- Select files you wish to compute checksum.
- Then go to "Files => Pack".
- Select "md5" as packer.
- PLEASE NOTE THAT ARCHIVE PATH WILL BE IGNORED!!! ".md5" 'archive' is ALWAYS generated in current directory (where checked files are), and NOT in the opposite panel! The only exception is creating checksum of the files stored on CD-ROM media as there's no way to create files there.
- Press OK and check CURRENT directory for ".md5" list generated.
- Verify MD5 checksum:
- Certify that ".md5" list is in it's right place (filenames listed in it should be relative to the current directory).
- Select it and do "Files => Test Archive(s)".
- If any file doesn't matches stored MD5 checksum then "CRC error" message box appears.
- If everything is clear Total Commander remains quiet.
- Browse MD5 checksum list:
- Certify that ".md5" list is in it's right place (filenames listed in it should be relative to the current directory).
- Select it and enter it as it were a normal archive.
- If any file is present in the ".md5" list but wasn't found in the current directory then "?" is displayed instead of file date/time and size.
- PLEASE NOTE THAT FILES CAN NOT BE EXTRACTED TO YOUR DISK! ".md5" isn't an archive, it stores only the hash of the file.
- Select file you wish to check and press F3 (call Lister).
- Lister will show complete file name, expected checksum and generated checksum. If both checksum matches then the last line is "MD5 checksum OK!".
stas » May 9, 2006 » 12:17
4 attachments » 9 comments » 19439 reads
|
Diamond Rio PMP300 FS-plugin
Diamond Rio PMP300, with only 32 MB of flash memory, was the second portable MP3 player ever released, in 1998. Unfortunately, such a revolutionary piece of hardware is very painful to interface with: as it is connected through parallel port, highest transfer rates achieved were around 80 KB/s. And the software bundled with it was too primitive. To the luck of thousands of (un)happy Rio owners, The Snowblind Alliance released their Open-Source RIO utility, which became a starting point of several alternative Rio manager interfaces. Mine is just one of them
First of all, there's absolutely no need to write the entire file manager. Total Commander (TC for short) is one of the most feature-rich file managers ever made, and it supports a very extensible plugin API. As a result, one could use TC to manage files directly on the flash memory of his/her Rio! Actually, my plugin supports listing, uploading, downloading & deleting files from Diamond Rio PMP300 internal memory. It also displays the transfer speed and the total/remaining space. Take a look at this screenshot to see it in action. Behind the GUI, my plugin uses the source of the "RIO utility v1.07" by The Snowblind Alliance.
Installation:
Just the same as for many other FS-plugins:- Unzip
rio.wfx
&rio.cfg
files to Total Commander directory - Choose "Configuration => Options => Operation => FS-Plugins"
- Choose
rio.wfx
- Click OK.
- You can now access the plugin in the "Network Neighborhood"
- Open
rio.cfg
file and set the correct LPT port address (see below for more details)
Configuration:
In the majority of cases, the plugin may work fine "out-of-the-box". If it doesn't work at all, probably you'll need to discover and specify your PC's parallel port hardware address. Open your system's "Device Manager" (on Windows XP, open the context menu for "My Computer", click "Properties", go to the "Hardware" tab, and click the "Device Manager"). Go straight to "Ports (COM & LPT)". Now locate the port that your Rio device is attached. On my case, it's LPT1. Double-click "Printer port (LPT1)", and go to the "Resources" tab. You need the first one of "I/O Range" numbers:378 is what you need. Note that this number is in a hexadecimal format. Thus, many programs (like my plugin) may accept it as 0x378. Now, open the
rio.cfg
file. It looks like this, by default:# Assume that Rio is connected to LPT1
IOPort 0x378
# default
IODelayInit 20000
IODelayTx 100
IODelayRx 2
# "turbo" mode (UNSAFE!!!)
#IODelayInit 5000
#IODelayTx 1
#IODelayRx 1
IOPort
parameter to the value you discovered.Note all that
IODelay*
parameters. For the safety reasons,
the delays are high by default, and, consequently, the file transfer is
slow. If you comment out the default values and uncomment the turbo
mode ones, you'll get a great increase in performance! But remember to
only use it when your Rio battery is 100% charged, and when your Rio is
turned on. It may corrupt some bits, through.
stas » May 6, 2006 » 00:26
5 attachments » 1 comment » 20968 reads
|