Eclipse lets you extend it's functionality by adding modules. These modules are obtained by simply going to the Help -> Install New Software... and adding the required update site for the package you want to install. You will then be allowed to select and install the features that you want from the selected module.
The following is a setup that I frequently use in my Eclipse IDE. It offers a decent set of modules and can handle a few languages that I frequently deal with.
git is an awesome reversion-control system (amougst many other things) Coupled with gitosis for easy user/project/groups/access management and gitweb to get a great visualization of a project's repository, it can quicky scale to any project at hand.
I was doing some work for the IBM Master the Mainframe 2009 contest and had to write a quickie isPrime() function. After writing it, I was searching for other solutions for a comparison and was surprised at how hard some people made their code! I figured this might come in handy to someone.
This example will only work with input values of -32767 to 32767 due to the (implied) (signed) int data type. To expand the range, just use the other numeric data types where int appears in this code snippet! For example, unsigned int would double the range by using only positive numbers (0 - 65535). Better yet, we can utilize long or unsigned longwhich allows for numbers -2147483647 to 2147483647 and 0 to 4294967295, respectively!
Yes, there is the epic long long, but I neglected to mention it due to it not being in many languages...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | /*** returns 1 if input is prime, 0 if not ***/ int is_prime (int num) { int n; // avoid loop; 0 or 1 are never prime if (num == 0 || num == 1) return 0; // loop through numbers 0..(n/2)+1, trying to // divide one into the other with no remainder. for (n=2; n < (num/2)+1; n++) { // if we had no remainder during a revision, // input number has a divisor... NOT PRIME! if ((num % n) == 0) return 0; } // made it through gauntlet...prime! return 1; } |
Nothing groundbreaking, but it does the trick with only a few lines of code!
Also, note that this code was originally written in C, but it is generic enough to apply to nearly any popular language. If you need help adapting it to some other language, contact me and I am sure we can knock it out.
I thought it would be neat to write a program to spider the Web autonomously... so I wrote a Perl script that does just that!
The computer science folks would consider the spidering aspect a breadth first search that uses a queue data-structure to hold the collection of hostnames. That sounds like a mouth full, but the idea is simple (I promise!).
The program basically works by looping through the following phases:
- do a HTTP dump on a host (port 80) in queue
- scrape unique hostnames from the output
- add the found hostnames to the crawl queue
- do something fun with the output
The link to the code is here if you want to check that out.
Often times, administrators and default installations of various DNS servers (on all platforms) leave the DNS server susceptible to zone transfers. What this basically means is that the DNS server will allow someone to download a dump of all DNS records served for a specific domain. This can obviously pose a moderate to high security risk (but can be disabled on the server quite easily).
The information gained with a successful zone transfer can be very helpful for an intelligence gathering attacker and can ultimately expose the addresses of a huge number of hosts that administrators might not want the public (internet) to know about (and that no one planned to be exposed to internet traffic!).
For example, I have seen zone transfers that listed multiple development servers that were freely accessible, exposing security flaws due to incomplete code. Development boxes are also a good candidate to look for files with incorrect permissions to gain even more information out of the host.
Also, bare in mind the situation where someone gets their hands on a decent sized transfer. Thousands of hosts belonging to a single domain can be easily gleaned in seconds. I think it is also neat how you can quickly read over most zone transfers and easily pick out the devices that belong to the core infrastructure and even addresses of important services used in the domain (due to the verbosity some administrators use in coming up with a hostname).
I wrote a small Perl tool, dig-shovel, to automate the process of finding the list of nameservers for a domain, attempting a domain transfer from each, and finally parsing the addresses contained in the zone transfer into something easily readable and exportable. The tool I wrote can be directly downloaded form this site by with this link (right-click, Save As...) or click through to this post to get the details on dig-shovel.
If your host happens to have weird or non-existent PHP logging features, you can easily enable them in-line with your code as if you had changed php.ini directly.
Unfortunately, spammers of all kinds continuously scan for pages that contain elements in which they, or their bots, can post their spam messages easily. Though the attacks can get sophisticated if they target your exact defense mechanism, you can easily circumvent many of the bots by using a simple captcha.
A captcha is just a method of getting the user to jump through a hoop of some sort to identify
- Tags
- ALIX (1)
- digitalfoo.net (2)
- embedded (6)
- FreeBSD (25)
- Java (1)
- Linux (20)
- misc (4)
- my projects (1)
- NanoBSD (3)
- opensource (5)
- perl (1)
- PHP (3)
- programming (7)
- security (4)
- Archives
- 2010
- June (5)
- July (2)
- April (6)
- March (2)
- May (1)
- August (2)
- 2009
- August (7)
- July (8)
- April (4)
- May (4)
- December (2)
- June (1)
- September (1)
- November (4)
- October (1)
- Web Tools
- Index
- dig-shovel Live
- SQL Injection Encoder
- Links
-
