Some notes about the Stack
2 minute readBefore I begin, we need to clarify what a stack is first. For once, it’s a structure that represent data.
The Stack of a computer can be understood in different matters. Mostly as a way to represent current working chunks of memory a program needs to store it’s local context.
That’s a very strange to write…. Let’s try it again: When a program is executing, it needs to store some of it’s memory somewhere. Memory is allocated in chunks. This chunks of memory will be ‘stacked’.
The importance of this ‘stacking’ is, that once it’s layered down on the stack, it will be buried by the next item. Unless the next item is processed, it remains buried. You need to process the top of the stack, before the next time can be access.
Once you executes a programs, you will get a ESP. However during debugging with gdb, i notice something odd: the BSP keyword. Some search later, I figured out that this was point to the top of the stack. Just like ESP. Now: What’s the different between BSP and ESP?
So when you look at the assembler you will see thing like this:
0x080483c4 <main+0>: push ebp
0x080483c5 <main+1>: mov ebp,esp
0x080483c7 <main+3>: and esp,0xfffffff0
0x080483ca <main+6>: sub esp,0x50
0x080483cd <main+9>: lea eax,[esp+0x10]
0x080483d1 <main+13>: mov DWORD PTR [esp],eax
0x080483d4 <main+16>: call 0x80482e8 <gets@plt>
0x080483d9 <main+21>: leave
0x080483da <main+22>: ret
Andrew Honig did a blog post about this topic. I quote:
At ebp is a pointer to ebp for the previous frame (this is why push ebp; mov ebp, esp is such a common way to start a function). This effectively creates a linked list of base pointers. This linked list makes it very easy to trace backwards up the stack. For example if foo() calls bar() and bar() calls baz() and you’re debugging baz() you can easily find the parameters and local variables for foo() and bar().
best regards, akendo
29.03.2018 Linkdrop
1 minute readUseful links:
- CS 161: Computer Security Spring 2018
- The Key to Good Luck Is an Open Mind
- OPEN SECURITY TRAINING.INFO
- As a follow up link to the nautils one - Talking to Strangers (and other things that bring luck)
- How to Detect NMAP Scan Using Snort
- Snort, NMAP Ping scan and (fast) one line hacks
- Roof Topping: Lessons in Social Engineering from a Clandestine Photographer
- A surprising amount of people want to be in North Korea
- A Career Cold Start Algorithm
- Defcon 18 Build your own security operations center for little or no money Josh Pyorre Chris McKenny Part
Today I took some time to write down likes I opened some days ago. I took the time to read though them.
28.03.2018 Linkdrop
1 minute readMicrosoft did patch the meltdown vulnerability back in January, however they create even bigger flaw…
Caddy disable servertoken
1 minute readQuick note: i had to disable the servertoken of a caddyserver. For this you need to set within a header block the parameter -Server. Something like this:
# Disable the server token, to prevent information disclosure
# Avoids enumeration in servics like shodan.io
# https://caddyserver.com/docs/header
header / -Server
TinyTiny RSS
3 minute readRIP Google RSS
This Post is long time over do. I once was a heavy user of the Google Reader, a RSS feed reader, developed by Google. However, Google discontinued the Reader in June 2013. Ever since the shutdown, I was forced to use a different services to read my news.
At first I used feedly. But whenever I used feedly on my Android phone it turned into pain.The App was loading content very slow, even with wifi enabled. A 2015 note: I don’t know how feedly has improved since 2015, but the another issue is that the feedly is not open source. So I was looking for some open source service. There are quite some options. TinyTiny Rss(TT-RSS) seems to be what I was looking for.
Installation of TT-RSS
The features provide by TT-RSS can be seen as satisfying, however they dependency with PHP give me a unpleasant pain in the back of my brain. For the databases backend Postgresql can be used.
Package
There are no debian package from the project itself(2018 Note: Nowadays there are package for debian). Only the people doing home-made repository. The installation is quite simple. You can download the archive from they github site. For my local system I use Gentoo. someone was to kind and added the package the portage tree and with a simple:
emerge -avq www-apps/tt-rss
For Ubuntu you can use the PPA from webupd8.org
2018 update
Debian Sid has a package of it’s own:
apt-get install tt-rss
Should work fine on modern debian based distribution
Database
Before you can use TT-RSS you need to run a Database.
CREATE USER rss LOGIN PASSWORD 'rss';
CREATE DATABASE rss OWNER 'rss';
ALTER ROLE rss ENCRYPTED PASSWORD 'rss';
Next is to alter the /etc/postgresql-9.1/pg_hba.conf to allow access to the right databases.
host rss rss 127.0.0.1/32 md5
Now I can access it via 127.0.0.1 with the psql.
psql -U rss rss
psql (9.1.9)
Type "help" for help.
rss=>
Webserver
For the my POC I do use an Apache Web service. I do use a simple vhost configuration.
<VirtualHost *:80>
ServerName localhost
Include /etc/apache2/vhosts.d/default_vhost.include
<Directory /var/www/localhost/htdocs/tt-rss>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<IfModule mpm_peruser_module>
ServerEnvironment apache apache
</IfModule>
</VirtualHost>
</IfDefine>
and making sure that PHP is in the /etc/config.d/apache enabled.
Configuration of TT-RSS
From here the installation is simple, login to the 127.0.0.1/tt-rss/ and follow the installation instructions or you change it within the config.php like this:
define('DB_TYPE', "pgsql"); // pgsql or mysql
define('DB_HOST', "localhost");
define('DB_USER', "rss");
define('DB_NAME', "rss");
define('DB_PASS', "rss");
define('DB_PORT', '5432');
Testing
Just subscribe to some feeds and you’re done! One great plugin is FeedMode (2018 note: this project is abandoned.) The plugin fetches the content of an article instead the header. This way, it’s possible to read the context out of Tiny-Tiny-RSS itself. That becomes particular useful on a smartphone.
Android Application
One last thing, you can use TT-RSS with an App for a Android Phone. You can get it from the play store or from F-Droid. For the usage of the App you need to enable the API on Tiny-Tiny-RSS.
Summary
TinyTiny-RSS is a good alternative for the Google Reader. With the plugins it become almost a replacement for the Google Reader. There is also a great Android App that can be used to connect and read feeds from an Android Phone.
2018: I had this article done since 2015… however never finished it… the original post was on 5th of January in 2014! But I’m getting going!
02.03.2018 Linkdrop
1 minute readSome nerdy thing to share:
- https://nautil.us/blog/-i-built-a-stable-planetary-system-with-416-planets-in-the-habitable-zone the Ultimate Solar Systems ;-)
- http://review.chicagobooth.edu/behavioral-science/2018/article/how-poverty-changes-your-mind-set this took me by surprise. Short: When you’re on stress and on low money or resources you might become cognitive diminished for other options. But also way more resourceful to work with the little you have. Very nice.
Thunderbird Timestamp
2 minute readThunderbird has a American style for tracking dates and clocks. I dislike this format, because I tend to mix the times up. For example 12 AM is midnight and not noon. But when you’re not used to the 12-hour clock standard, AM and PM are not that simple to put your your mid on, it’s inconvenient.
Fun fact. In the world of IT you have thing like endianness. Endianness is a way to sort information. In most case a memory address for example: 0x12AB34,as an example for big endianness, where the MSB is the last byte to read. Little endian is when the memory address starts with the LSB in this case: 0x34AB12.
We read in our mind by default with big endian: For example: “1234”. The most significant number begins and all number with less power are written downwards. The same number in little endian would be: “4321”, very confusing.
Here comes the punch line: You can sort date formats also with endianness. Most countries in the world have a little endianess format. The annoying part is that you the default date format is American for many applications, that is in fact a middle endian format. Middle? Yes.
- little endian date: day.month.year
- big endian date: year.month.year
- middle endian date: month.day.year
The reason for the middle endian in date formats derive from the speaking language behind it. Back to fixing this. Within Thunderbird you can change this behavior by configuring some options OR you set a variable:
LC_TIME=de_DE.utf8
export LC_TIME
Start Thunderbird will now display dates in a better format ;-). Another note for this: When running fish:
set -x LC_TIME de_DE.utf8
This would be the same as above, just in a persistent matter.
best regards akendo
21.02.2018 Linkdrop
1 minute readAnother funny link I got:
- http://blog.robertelder.org/switch-statements-statement-expressions/ About validate syntax of a case statement that can be abused to make code unreadable
- https://github.com/maxchehab/CSS-Keylogging “Chrome extension and Express server that exploits keylogging abilities of CSS.”
link drop
1 minute readAnother list of link I read today ;-):
- https://gravityandlevity.wordpress.com/2009/07/08/your-body-wasnt-built-to-last-a-lesson-from-human-mortality-rates/ How the age is affecting our mortality. Fun to read, because math and statistics.
- https://www.theguardian.com/news/2018/feb/15/why-silicon-valley-billionaires-are-prepping-for-the-apocalypse-in-new-zealand why many Silicon Valley billionaires are heading for New Zealand. Funny that they see a solution in case for the end of the world…
- https://en.wikipedia.org/wiki/Exploratory_testing Just on a side note