Pages

Thursday, March 17, 2011

Ruby 'O Virustotal

# START OF CODE
#!/usr/bin/ruby
#
# 17 February 2011 by Alip Undead
#
# WHAT THE CODE DO #
# This is a ruby code that will receive one argument (ARGV[0]) of "MD5" and do a search on virus total URL.
# If the search return a result, there is a redirection on the URL, which will be called on the specific function.
# It will then write the result to the output file name out.htm and save it to database
# if the search return no result, it will also output the file to out.html but wont save the result to database.
# END

# usage $ ruby main.rb

require 'rubygems'
require 'net/http'
require 'uri'
require 'mysql'
require 'parseconfig'
require 'optparse'

def no_redirection(url,search)
params = {'chain' => search
}
x = Net::HTTP.post_form(URI.parse(url), params)
# get the url and write to output out.htm
File.open('out.htm', 'w') { |f| f.write x.body }
end


def redirection(url)
url = URI.parse(url)
http = Net::HTTP.new(url.host, url.port)
request = Net::HTTP::Get.new(url.request_uri)
response = http.request(request)
File.open('out.htm', 'w') do |f|
f.write response.body
end
end

def search_virus_total(url,search)
url2 = URI.parse(url)
req = Net::HTTP::Post.new(url2.path)
req.set_form_data({'chain'=>search}, ';')
http = Net::HTTP.new(url2.host, url2.port)
res = http.start {|http| http.request(req) }
case res
when Net::HTTPRedirection
puts "redirect found, headed to #{res['location']}"
new_url = res['location']
redirection(new_url)
return res['location']
when Net::HTTPSuccess
puts "no redirection found"
no_redirection(url,search)
return "empty"
else
res.error!
end
end

def check(dbh,md5)
statement = "select * from binaries where md5_hash ='#{md5}'"
result = dbh.query(statement)

puts "Checking for previous search for #{md5} ... #{result.num_rows} number of rows found in database"

#if found md5 already in the database, exit the program =)
exit if result.num_rows > 0
end


@search = ARGV[0]
url = 'http://www.virustotal.com/search.html'

begin
# connect to the MySQL server
dbh = Mysql.real_connect("127.0.0.1", "username", "password", "sample")

#check if binary already exist in database
check(dbh,@search)

#if binary does not exist, run the search by calling search_virus_total function
virus_total = search_virus_total(url,@search)

puts "keyword to search: #{@search}"
puts "url to search is #{url}"
statement = "INSERT INTO binaries (md5_hash,vt_link) VALUES ('#{@search}','#{virus_total}')"

#output some information of the database and query
dbh.query(statement)
puts "Connected to #{dbh.get_host_info}"
puts "Number of rows affected: #{dbh.affected_rows}"
puts "Statement: #{statement}"

# if ERRRRRR... puts error code
rescue Mysql::Error => e
puts "Error code: #{e.errno}"
puts "Error message: #{e.error}"
puts "Error SQLSTATE: #{e.sqlstate}" if e.respond_to?("sqlstate")
ensure
# disconnect from server
dbh.close if dbh
end

# END OF CODE


SQL Dump for Sample

-- Table structure for table `binaries`
--

DROP TABLE IF EXISTS `binaries`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `binaries` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`md5_hash` varchar(255) NOT NULL,
`vt_link` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

Adobe Coldfusion Directory Traversal Exploit now on MetaSploit

Just 1 word. Wootz

http://www.exploit-db.com/exploits/16985/

Friday, May 21, 2010

How to create RSS Feed using Ruby

To create an RSS Feed from Ruby. You can use the code below:
--- code starts here---
require 'rss/maker'

version = "2.0" # ["0.9", "1.0", "2.0"]
destination = "test_maker.xml" # local file to write

content = RSS::Maker.make(version) do |m|
m.channel.title = "Example Ruby RSS feed"
m.channel.link = "http://www.rubyrss.com"
m.channel.description = "Old news (or new olds) at Ruby RSS"
m.items.do_sort = true # sort items by date

i = m.items.new_item
i.title = "Ruby can parse RSS feeds"
i.link = "http://www.rubyrss.com/"
i.date = Time.parse("2007/2/11 14:01")

i = m.items.new_item
i.title = "Ruby can create RSS feeds"
i.link = "http://www.rubyrss.com/"
i.date = Time.now
end

File.open(destination,"w") do |f|
f.write(content)
end
--- code end here ---
from rubyrss.com

Modify the script abit so you can query from your database to your xml!
--code starts here ---
require 'rss/maker'
require 'rubygems'
require 'mysql'


begin

dbh = Mysql.real_connect('127.0.0.1', 'yourusername', 'yourpassword', 'yourdatabase', 3306)
#this is the mysql connection part start

query = dbh.query('select id,name from student') #your database query

version = "2.0" # ["0.9", "1.0", "2.0"]
destination = "test_maker.xml" # local file to write

content = RSS::Maker.make(version) do |m|
m.channel.title = "Welcome to my RSS Maker Example"
m.channel.link = "http://www.yourwebsites.com "
m.channel.description = "Student Listing RSS"
m.items.do_sort = true # sort items by date


query.each do |data|
#loop through your query and put it into the xml, data[0] = id and data[1] = name
i = m.items.new_item
i.title = "#{data[0]} "
i.link = "#{data[0]}"
i.date = Time.parse("#{data[1]}")
i.description = "student id : #{data[0]} student name: #{data[1]}"
end


end

File.open(destination,"w") do |f|
f.write(content)
end

rescue MysqlError => e
print "Error code: ", e.errno, "\n"
print "Error message: ", e.error, "\n"

ensure
query.free #free query data
dbh.close #close the connection

end
---code end here ---

The code is pretty straight forward. You just need to connect to your database and loop through all the data that you want to put in your xml file. Using Mysql.real_connect.

Thursday, May 20, 2010

DontPhishMe

DontPhishMe is an anti-phishing addon for Mozilla Firefox that utilizes pattern matching technique to provide the Malaysian Internet user with information and notification to protect them against online banking phishing website that is specifically targeting financial institutions in Malaysia.

[More info HERE]

Sunday, May 16, 2010

Lagwagon - May 16th

No more waiting on them
as you rise inside new rooms
It's official you've gone
You can live for no one else
Man the guilt must be huge
As there's no gain in failure
You succeed at being mine
Yeah, old friend, see you there
I will be proud from afar
I can paint a picture
In a moment of memories
And there aren't many left
I am extradited, uninvited
It's just another Saturday
Take a step to freedom
You and her loathing this cruel world
Take a breath of shelter
And exhale trust and allegiance
Liberate yourself from hell
It's just another Saturday

-greetz xanda

Parsing parameter through render :partial


Rails tip:

You can pass a variable through a render partial by using locals as the parameter.
Here how the code will look like :

In your main view:

<%= render :partial => 'partialname' , :locals => { :data1 => 'hello' , :data2 => 'world!'}%>

Here is how you access the locals variable:

<%= local_assigns[:data1] %>

Thursday, May 13, 2010

hosting rails app with mongrel + apache2 mod proxy

This article will walk through the steps of servings multiple rails application behind one apache2 server. Assuming that you have basics Rails knowledge and apache2 mod_proxy.

Let say you have a site running apache2 :

www.example.com

and you have 2 rails app named app1 and app2 running at a different host behind the same network as the apache2 server:

http://192.168.1.1:3000/app2

http://192.168.1.2:3000/app1

1. Edit the /etc/apache2/apache2.conf file and add the line below:

Include /etc/apache2/sites-enabled/

2. Edit the file /etc/apache2/sites-enabled/proxy and add the line below:

ProxyPass /app1 http://192.168.1.1:3000
ProxyHTMLURLMap http://192.168.1.1:3000 /app1

ProxyPassReverse http://192.168.100.200:3000
SetOutputFilter proxy-html
ProxyHTMLURLMap / /app1/
AddOutputFilterByType application/json text/plain text/xml text/css application/x-javascript


ProxyPass /app1 http://192.168.1.2:3000
ProxyHTMLURLMap http://192.168.1.2:3000 /app2

ProxyPassReverse http://192.168.1.2:3000
SetOutputFilter proxy-html
ProxyHTMLURLMap / /app2/
AddOutputFilterByType application/json text/plain text/xml text/css application/x-javascript


well the configuration is basically kind of straight forward, it will route the request from your main site /app1 to your rails project under http://192.168.1.1:3000

you can now run your "script/server" and see your rails application running at http://www.example.com/app1

be very careful with rails "render :text =>" cause any text will be encoded to html. If you want to use json for example. try

"render :json =>"

-alip