Video about Metasploit Framework

  1. Metasploit Intro [Irongeek]:
    download AVI | presentation PDF
  2. Metasploit Scanning and Pivoting [Pwrcycle]
    download AVI | presentation PDF
  3. Metasploit Fuzzing and Exploit Development [Nullthreat]
    download AVI | presentation + examples
  4. Meterpreter and Post Exploitation + Metasploit Express demo [Purehate]
    download AVI | presentation ZIP
  5. Social Engineering Toolkit [ReL1K]
    download AVI
  6. More Encoding Fun, Fasttrack and Closing [ReL1K]
    download AVI


Blog services

Md5 bruteforce in Ruby

Here is the code for bruteforce md5 hash. It check only small letters.

require 'digest/md5'
def crack(hash, max_length)
  for i in 1..max_length
    for word in ('a'*i..'z'*i)
      if Digest::MD5.new(word) == hash
        return word
      end
    end
  end
end
puts crack(ARGV[0], 5)

Dowload files from rapidshare

Here are function writen in Python for downloading files from Rapidshare. Unfortunetly you must wait couple of seconds, you can’t skip this because it seems that counting is on server side too.

from urllib2 import urlopen, Request
from urllib import urlencode
import os
import re
import time
import base64

class DownloadLimitException(Exception):
    def __init__(self, *arg):
        Exception.__init__(self, *arg)

def download(url):
    page = urlopen(url).read()
    action_url_regex = '<form id="[^"]*" action="([^"]*)"'
    s_url = re.search(action_url_regex, page)
    if s_url:
        url = s_url.group(1)
        data = urlencode({'dl.start': 'Free'})
        request = Request(url, data)
        page = urlopen(request).read()
        action_url_regex = '<form name="[^"]*" action="([^"]*)"'
        c_regex = 'var c=([0-9]*);'
        limit_regex = 'You have reached the download limit for free-users'
        if re.match(limit_regex, page):
            raise DownloadLimitException(limit_regex)
        s_url = re.search(action_url_regex, page)
        s_c = re.search(c_regex, page)
        if s_url and s_c:
            url = s_url.group(1)
            c = int(s_c.group(1))
            print "wait %i seconds" % c
            time.sleep(c)
            os.system('wget "%s"' % url)

You could use this function like this. Notice that you must have wget installed on your system.

def main():
    from sys import argv
    if len(argv) == 2:
        try:
            download(argv[1])
        except DownloadLimitException,
            print "limit reached"

if __name__ == '__main__':
    main()

Program for showing similar things

On tastekid.com you could find similar things like movies, book and music. They provide API which return XML or JSON response. Here are code, in Python which use this API. You could download source code from GitHub.

This program:

  • will display similar things if you use it without options
  • display information about movie/book/show/author if you put -i option
  • display descriptions if you use -d options
  • and translate them to your language with -l option.

Check -h options for more info.

#!/usr/bin/python
from urllib2 import urlopen, Request, HTTPError
from urllib import quote_plus
from sys import argv, stderr
from os.path import basename
from getopt import getopt, GetoptError
from StringIO import StringIO
import json

def gets(dict, *keys):
    "function generate values from dictionary which is on the list."  
    for e in keys:
	yield dict[e]

def partial_first(fun, *args):
    "return single argument function which execute function fun with arguments."
    def p(object):
	return fun(object, *args)
    return p

def gets_fun(*args):
    "return function which return values from dictinary which is on the list."
    return partial_first(gets, *args) 

class ServerJsonException(Exception):
    pass
	
class Similar(object):
    def __init__(self, stuff, type=None):
	query = quote_plus(stuff)
	if type:
	    query = '%s:%s' % (type, query)
	url = 'http://www.tastekid.com/ask/ws?&q=%s&format=JSON&verbose=1'
	response_data = urlopen(url % query).read()
	if not re.match('{.*}', response_data):
	    raise ServerJsonException
	#fix malform json
	response_data = response_data.replace('}{', '},{')
	self.data = json.load(StringIO(response_data))
	
    def infos(self):
	for i in self.data['Similar']['Info']:
	    yield Similar.Stuff(*list(gets(i, 'Name', 'Type', 'wTeaser')))

    def similar(self):
	"generate list of Stuff."
	results = self.data['Similar']['Results']
	if len(results) == 0:
	    yield None
	for result in results:
	    elems = list(gets(result, 'Name', 'Type', 'wTeaser', 'yTitle', 'yUrl'))
	    yield Similar.Stuff(*elems)
	    
    class Stuff(object):
	def __init__(self, name, type, description, y_title=None, y_url=None):
	    self.name = name.encode('UTF-8')
	    self.type = type.encode('UTF-8')
	    self.description = description.encode('UTF-8')
	    if y_title:
		self.y_title = y_title.encode('UTF-8')
	    if y_url:
		self.y_url = y_url.encode('UTF-8')

usage = """usage:
%s -d -i -y -l  
d - display descriptions
i - display only info
y - display youtube links
l - translate descriptions
    lang should be one of:
    af - afrikaans
    sk - albánskej
    ar - عربي
    be - Беларускі
    bg - Български
    zh - 荃湾
    zh - 太阳
    hr - Hrvatski
    cs - Český
    da - Danske
    et - Eesti
    tl - filipiński
    fi - Suomi
    fr - Français
    gl - galijski
    el - Ελληνικά
    iw - עברית
    hi - हिन्दी
    es - Español
    nl - Nederlands
    id - indonezyjski
    ga - Gaeilge
    is - Íslenska
    ja - 日本語
    yi - ייִדיש
    ca - Català
    ko - 한국의
    lt - Lietuvos
    lv - Latvijas
    mk - Македонски
    ms - Melayu
    mt - Malti
    de - Deutsch
    no - Norsk
    fa - فارسی
    pl - polski
    ru - Русский
    ro - Română
    sr - Српски
    sk - Slovenský
    sl - Slovenski
    sw - Swahili
    sv - Svenska
    th - ภาษาไทย
    tr - Türk
    uk - Український
    cy - walijski
    hu - Magyar
    vi - Việt
    it - Italiano

put "band:", "movie:", "show:", "book:" or "author:" before name if you want to specify search
""" % basename(argv[0])

def main():
    try:
        opts, rest = getopt(argv[1:], 'dl:iy')
    except GetoptError:
        print usage
        exit(1)
    opts = dict(opts)
    if opts.has_key('-h'):
        print usage
        exit(0)
    description = opts.has_key('-d')
    info = opts.has_key('-i')
    youtube = opts.has_key('-y')
    lang = opts.get('-l')
    if len(rest) == 0:
	print usage
    else:
	try:
	    stuff = Similar(' '.join(rest))
	    if info:
		for info in stuff.infos():
		    print '%s (%s)' % (info.name, info.type)
		    print
		    if lang:
			from xgoogle.translate import Translator
			translate = Translator().translate
			print translate(info.description, lang_to=lang)
		    else:
			print info.description
	    else:
		for stuff in stuff.similar():
		    print stuff.name
		    if youtube:
			print 'Youtube:'
			print '\t%s' % stuff.y_title
			print '\t%s' % stuff.y_url
		    if description:
			if lang:
			    from xgoogle.translate import Translator
			    translate = Translator().translate
			    print translate(stuff.description, lang_to=lang)
			else:
			    print stuff.description
	except ServerJsonException:
	    print >> stderr, "Error: can't read recived data from the server"


if __name__ == '__main__':
    try:
        main()
    except KeyboardInterrupt:
        #when user hit Ctrl-C
        exit(1)

You need xgoogle library to it to work, you can download it from here.

You can use like this (you can change name of the script to like)

like Matrix
or
like Matrix, Ghost in the shell

If you want to check two or more movies/books/shows separate them with coma. If the same name has movie and book you can put type of things before the name

like movie:the gathering

like music:the gathering

allowed types are movie, show, book and author

if you want to download all youtube files use on Debian/Ubuntu

apt-get instll youtube-dl

or

wget http://www.nuxified.org/system/files/youtube-install.sh
sudo ./youtube-install.sh

and then run the script:

for i in `similar.py -y $1 | grep http`; do
    youtube-dl $i
done

Lisp Macro for Lisp like Structures in Guile Scheme Interpreter

Guile has ugly structure implementaion. Here are sructure implementation for guile (using lisp like macros) which look more like common lisp structures.

(define (make-name name)
  "create struct constructor name."
  (string->symbol (string-append "make-" (symbol->string name))))


(define (make-getter name field)
  "create filed acess function name."
  (string->symbol (string-append (symbol->string name) "-"
				 (symbol->string field))))


(define (make-setter name field)
  "create field setter function name."
  (string->symbol (string-append "set-" 
				 (symbol->string name) "-"
				 (symbol->string field) "!")))


(define (make-predicate name)
  "create predicate function name."
  (string->symbol (string-append (symbol->string name) "?")))


(define-macro (defstruct name . fields)
  "Macro implementing structures in guile based on assoc list."
  (let ((names (map (lambda (symbol) (gensym)) fields))
        (struct (gensym))
        (field-arg (gensym)))
    `(if (not (every-unique ',fields))
        (error 'defstruct "Fields must be unique")
        (begin
          (define (,(make-name name) ,@names)
        (map cons ',fields (list ,@names)))
          ,@(map (lambda (field)
               `(define (,(make-getter name field) ,struct)
              (cdr (assq ',field ,struct)))) fields)
          ,@(map (lambda (field)
               `(define (,(make-setter name field) ,struct ,field-arg)
                    (assq-set! ,struct ',field ,field-arg)
              ,field-arg)) fields)
          (define (,(make-predicate name) ,struct)
            (and (struct? ,struct) (equal? ',fields (map car ,struct))))))))


(define (unique item list)
  "check if item ocour only once."
  (= (length (filter (lambda (i) (eq? item i)) list)) 1))


(define (every predicate list)
  "check if every element in list return true for a given predicate."
  (let ((result #t))
    (for-each (lambda (x)
		(if (not (predicate x)) (set! result #f))) list)
    result))


(define (every-unique list)
  "check if every element ocour only once."
  (every (lambda (item) (unique item list)) list))

(define (struct? struct)
  "check if argument is structure (actualy it check if struct is alist with keys are symbols)."
  (and (list? struct) (every pair? struct) (every symbol? (map car struct))))


(define (last list)
  "return last element from the list."
  (let iter ((list list))
    (if (null? (cdr list))
	(car list)
	(iter (cdr list)))))


(define (write-struct struct)
  "print structure."
  (if (struct? struct)
      (begin
	(display "#<")
	(for-each (lambda (field)
		    (let ((first (car field)))
		      (if (struct? first)
			  (write-struct first)
			  (display first)))
		    (display ":")
		    (let ((rest (cdr field)))
		      (if (struct? rest)
			  (write-struct rest)
			  (write rest)))
		    (if (not (eq? field (last struct)))
			(display " "))) struct)
	(display ">"))))

(define (print-struct struct)
  (write-struct struct)
  (newline))

This implementation use alist as structure. If you use defstruct macro it will define couple of function: constructor make-<struct name>, geters for every field <struct name>-<field name> seters for every field set-<struct name>-<field name>! and predicate <struct name>? which check if structure are of specific type.

You can use it like this

(defstruct point x y)
(define point (make-point 10 20))
(set-point-x! point 1)
(display (string-append "x: " (point-x point)))
(newline)
(display (string-append "is struct?: " (if (struct? point) "true" "false")))
(newline)
(display (string-append "is point?: " (if (point? point) "true" "false")))
(newline)
(print-struct point)

You could download code here.

How to use and extend BiwaScheme

BiwaScheme is scheme implementation in Javascript.

Here you can find scheme interpeter using BiwaScheme (using JQuery Terminal Emulator inside JQuery UI Dialog). If you want to download BiwaScheme package click here.

BiwaScheme use prototype jQuery javascript library.

If you want to use interpreter in your own code you must:

  • add this to head tag
    http://src/development_loader.js

    or if you want to make distribution you must have make and YUI Compressor which require java
    Uncomress package and type make in biwascheme directory it will create lib/biwascheme.js file which is compressed library. You must put it in head of your html file:

    lib/biwascheme.js
  • Create instance of Interpreter class
    var intepreter = new BiwaScheme.Interpreter();
  • You can also put function for error handling to the constructor
    var biwascheme = new BiwaScheme.Interpreter(function(e, state) {
        $('output')[0].innerHTML += e.message;
    });
    
  • If you want to result be proper displayed you must overwrite puts function
    var output = $('ouptut');
    function puts(str, no_newline) {
        if (no_newline) {
            output[0].innerHTML += str;
        } else {
            output[0].innerHTML += str + "<br />";
        }
    }
    
  • Evaluating funtion should look like this:
    var input = $('input');
    var output = $('output');
    function scheme_eval(e) {
        try {
            var code = input.html();
            // show trace messages
            if (trace) {
                var opc = interpreter.compile(code);
                var dump_opc = (new BiwaScheme.Dumper()).dump_opc(opc);
                output[0].innerHTML += dump_opc;
            }
            interpreter.evaluate(code, function(result) {
                if (result != undefined) {
                    result = BiwaScheme.to_write(result);
                    output[0].innerHTML += '> ' + result + "\n";
                }
            });
        } catch(e) {
             //this will never be evaluated because all errors are
             //pased to function pased to Interpreter constructor
             output[0].innerHTML += e.message;
             throw(e);
        }
    }
    
  • You could bind this function with onclick event
    $('eval_btn').click(scheme_eval);
  • If you want to define new function which will be accessable in your scheme interpreter you should use define_libfunc function from global object BiwaScheme. First parametr is scheme name of the function, second and third are minimum and maximum of parameters and fourth is the anonimus function with one argument which is array of parameters pased to scheme procedure.
    BiwaScheme.define_libfunc('env', 0, 0, function(args) {
            var result = new Array();
            for(fun in window.BiwaScheme.CoreEnv) {
                result[result.length] = fun;
            }
            // result should be converted from array to scheme list
            return result.to_list();
        });
    

    This function will return list of all function and variables in scheme global Environment.
    The following scheme function will display that list:

    (define (show-env)
      (let iter ((list (env)))
        (if (not  (null? list))
            (begin
               (display (car list))
               (newline)
               (iter (cdr list))))))

    or simplier.

    (define (show-env)
      (display (string-join (env) "\n"))
      (newline))
    

  • If you want to define some variable you must put it in BiwaScheme.CoreEnv array.

    If you want to define (in javascript) function with scheme code use BiwaScheme.define_scmfunc. First parameter is scheme name, second and third are minimum and maximum of parameters (BiwaScheme check this before function are evaluated) and the fourth one is string containing your scheme code (should be lambda expresion).

    BiwaScheme.define_scmfunc('**', 1, 1,
            "(lambda (x y) \
                 (cond \
                     ((= y 0) 1) \
                     ((< y 0) (** (/ 1. x) (- y))) \
                     (else \
                        (let iter ((i 1) (result x)) \
                           (if (= i y) \
                               result \
                               (iter (+ i 1) (* result x)))))))");

    Former function define power with tail recursion.

    You could also create scheme macro in javascript with BiwaScheme.define_syntax function. This function must return BiwaScheme.Pair object which will be evaluated. It accept single parameter which is scheme expression (tree build from BiwaScheme.Pair objects). This is example of using macros from javascript:

    //this is helper Array method which traverse a tree build with arrays 
    //and create tree of Symbols
    // it use to_list function wich is defined by BiwaScheme
    Array.prototype.to_tree = function() {
        for(var i in this) {
            if (this[i] instanceof Array) {
                return this[i].to_tree();
            }
        }
        return this.to_list();
    };
    
    BiwaScheme.define_syntax('foo', function(expr) {
        return [BiwaScheme.Sym("display"),
                [BiwaScheme.Sym("quote"), expr.cdr.to_array().to_tree()]
               ].to_tree();
    });
    

    This code create new macro foo which simply display expression passed as parameters. Note that the whole expression is in expr.cdr filed.

  • In interpeter you could also define macros (like common lisp macros) with define-macro expresion.
    (define-macro (for params . body)
        `(let iter ((,(car params) ,(cadr params)))
            (if (< ,(car params) ,(caddr params))
                (begin
                    ,@body
                    (iter (+ ,(car params) ,(if (= (length params) 4)
                                                (cadddr params)
                                                1)))))))
    

    The former code define for loop (which use tail recursion), you could use it with (for (variable init end step) code):

    (for (i 1 10)
      (display i)
      (newline))

    or

    (for (i 10 100 10) (display i) (newline))

    Which display numers: 10 20 30 40 50 60 70 80 90 100.

Update: Check also Extending Scheme interpreter in BiwaScheme wiki on GitHub.