Gave my OSMC Speech – Klick here to access the resources
There are serveral solutions to gather passwords with PHP CLI on Windows. But usually they do not work with Windows 7.
So this is my solution using Powershell:
// please set the path to your powershell, here it is: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe $pwd=shell_exec('C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -Command "$Password=Read-Host -assecurestring \"Please enter your password\" ; $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)) ; echo $PlainPassword;"'); $pwd=explode("\n", $pwd); $pwd=$pwd; echo "You have entered the following password: $pwd\n";
Spammers have created 500 comments. Since this feature has been used rarely, i’ve decided to disable comments from unregistered users.
The linux sftp client does not support to read the file from stdin. This is especially annoying when you want to do backup your file system, but you do not have enough free disk space to put your tar prior to uploading it to the sftp server.
So we need another client, that does this for us:
- sftp_stdin_upload (GPL v3 Licensed)
- sftp_stdout_download (GPL v3 Licensed)
You can download the archive with libssh2 from here: marcos_sftp.tar.gz
- libssh2 >= 1.2.9
- libopenssl >= 1.0 or libgcrypt >= 1.4.5
- gcc, standard build tools and libraries
# extract the archive tar -xzf marcos_sftp.tgz export PATH_TO_TAR=`pwd`'/marcos_sftp' # you can skip this if you have at least 1.2.9 # we will build libssh2 1.4.2 (consider to download the latest version): cd $PATH_TO_TAR/lib_self_compiled/libssh2-1.4.2 ./configure --enable-static --with-openssl # ALTERNATIVE: ./configure --enable-static --with-openssl --with-libgcrypt make cd $PATH_TO_TAR/marcos_sftp # in case you use another libssh2 library, # you might need to change the path LIBSSH2_dir in the Makefile make ALL # ALTERNATIVE: make Libcrypt
libssh2 1.4. can hash the known_hosts. To enable this feature you need to comment line 143 and uncomment line 145 in the file $PATH_TO_TAR/marcos_sftp
( Basically you replace LIBSSH2_KNOWNHOST_TYPE_PLAIN by LIBSSH2_KNOWNHOST_TYPE_SAH1 and LIBSSH2_KNOWNHOST_KEYENC_RAW by LIBSSH2_KNOWNHOST_KEYENC_BASE64 in the function libssh2_knownhost_checkp in the file $PATH_TO_TAR/marcos_sftp )
There is a binary to upload and another to download:
sftp_stdin_openssl - Uploads everthing from stdin to a file on the sftp server -h sftp hostname -l sftp username -p path to public key file (just key authentication is supported) -i path to private key file (just key authentication is supported) -k path to known hosts file -f path to the remote file on the sftp server sftp_stdout_openssl - Downloads everthing from a file on the sftp server to stdout -h sftp hostname -l sftp username -p path to public key file (just key authentication is supported) -i path to private key file (just key authentication is supported) -k path to known hosts file -f path to the remote file on the sftp server
Here are some basic commands, so that you can get all information out of an RPM file:
# show information rpm -qpi "$1" # show all included files rpm -qp --dump "$1" rpm -qplv "$1" # show all included scripts rpm -qp --scripts "$1" # show all included triggers rpm -qp --triggers "$1" # show all included requirements rpm -qpR "$1"
FOR security reasons, ICMP timestamp-request and timestamp-response must be turned off. Those ICMP packets allow any attacker to calculate your server’s local time (and therefore exploit weak random number generators). Additionally they also allow OS fingerprinting.
So in case your internal security scanner tells you to turn off ICMP, just execute the following commands:
iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP iptables -A INPUT -p icmp --icmp-type timestamp-reply -j DROP
If you offer HTTPS to your customers, you should not use weak encryption keys. This is a recommended setup:
SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:-MEDIUM
You can also test whether you server supports weak encryption or not:
# this command should fail openssl s_client -no_tls1 -no_ssl3 -connect www.your-server.tld:443
In case you want to check, what protocols and ciphers your webserver supports i suggest you to use SSLscan.
According to Wikipedia, click hijacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
To prevent this you can simply add the following to your apache configuration:
Header always append X-Frame-Options SAMEORIGIN
Or in case you want to add it to your PHP application, just use this code:
1 2 3
<?php header("X-Frame-Options: SAMEORIGIN"); ?>
For the full documentation just click here.
Today i was writing a little bash script. As i was just interested in the return code of an executed command, i wanted to surpress all output. Usually i always do it like this: cmd 1> /dev/null 2>&1, but today i accidentally did it like this: cmd 2>&1 1> /dev/null. And guess what: suddenly error messages began to appear. I was puzzled.
So it’s time for a litte stdout/stderr redirection tutorial:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
# redirects stdout (1) and stderr (2) to /dev/null cmd &> /dev/null # redirects stdout (1) and stderr (2) to /dev/null cmd 1> /dev/null 2> /dev/null # redirects stdout (1) and stderr (2) to /dev/null cmd 1> /dev/null 2>&1 # redirects stderr (2) to stdout (1) and redirects stdout (1) to /dev/null # it will NOT redirect stderr (2) to /dev/null # This is beceause the stdout was still pointing to itself # at the time the stderr redirection has been set up. cmd 2>&1 1> /dev/null
Here is a tiny wakeup script that i wrote:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#!/bin/bash DEST_MAC="12:34:56:78:9A:BC" DEST_HOST="192.168.10.10" echo -n "Waking up $DEST_HOST ..." ether-wake "$DEST_MAC" if [ "$?" -ne 0 ]; then echo " failed!" exit 1 fi reachable=0; while [ $reachable -eq 0 ]; do ping -q -c 1 "$DEST_HOST" 1> /dev/null 2>&1 if [ "$?" -eq 0 ]; then reachable=1 else echo -n "." sleep 1 fi done echo " OK"