I’ve been using ImageMagick in one of my projects and I’ve had to do quite a bit of Googling. Below are some tips and tricks I’ve collected that might be useful to others.
$ convert -trim img.png
Note: You can combine this with the ‘trim’ tip above by passing the -trim argument.
$ convert -background white -fill black -pointsize 72 label:"Sean Fox" output.png
Output:
$ identify -list font
Recently I’ve been noticing some of my C# files have inconsistent line endings.
The line endings in the following file are not consistent. Do you want to normalize the line endings?
This probably means some of the developers have been editing our source code using a text-editor (instead of Visual Studio) and they had their line endings set to “Unix” or “Mac” instead of “Dos/Windows”. This isn’t a big deal, though it is annoying.
Since I don’t know which files have this problem, I decided to just normalize all the line endings. There are various ways to do this, but I chose to use vim since the documentation on this topic is excellent.
To convert from any mixture of CRLF endings and LF-only endings, to CRLF endings:
:set ffs=dos :args **\*.cs :argdo w
We’re basically asking vim to assume Dos/Windows line endings, having it open all *.cs files (C# code files), then having it write the line-ending changes.
This does change every single file that was found, regardless of the original line endings. It’s best to do this as one commit in source control to avoid any confusion.
You can also use unix2dos to do this conversion or any scripting language (python, perl, powershell).
Some people also let their source control handle their line endings. Git can enforce these line endings by updating them for you if you prefer. However, at my office, we choose not to let our source control alter our code in any way; we prefer to do that ourselves. 
Now get back to coding!
Occasionally I’m away from the bash shell for too long and I forget some things. This is just a quick reminder to myself regarding the syntax and usefulness of xargs.
xargs takes a file list as input and performs some arbitrary operation on it. This is obviously useful for scripting and bulk file operations. Why use xargs? Well, quite frankly, it’s faster than using find -exec because it splits the file list into sublists and calls the command once for every sublist instead of calling the command once for every file. Also, because it uses sublists you never run into problems when trying to run commands with very large argument lists (it is actually possible to run a command and have bash reply that the maximum line length is exceeded). Below is example usage.
Using xargs we can easily correct permissions recursively. For instance, let’s improve our web security by locking down write privileges on our directories and files to only the owner:
find . -type d -print0 | xargs -0 -I {} chmod 755 {}
find . -type f -print0 | xargs -0 -I {} chmod 644 {}
Here’s what’s happening:
Of course we then do the same by running chmod 644 on all files under the current directory.
Using xargs this way is faster than running these equivalent find commands:
find . -type d -exec chmod 755 '{}' \;
find . -type f -exec chmod 644 '{}' \;
Using find this way will run chmod individually for each directory and file, which is less efficient. The general rule of thumb is to always opt for xargs.
You can use xargs for several other things, but this example is my most frequent use-case. Happy hacking!
Recently I’ve been doing some PHP web development and I decided to check out the Yii Framework. They have a great 4-part screencast tutorial from Jeffery Winesett that gets you up and running fast and Yii looks really cool!
During the installation Yii uses a ‘Requirement Checker’ webpage that verifies you have the correct PHP version and the necessary plugins. If you’re like me, you like to see all your boxes turn green just to be sure you can get the full functionality out of your apps and frameworks instead of having to debug stuff like this later and going down a rabbit hole.
To make the best use of Yii (and several other things), you’ll need these packages: GD, mcrypt, MySQL, PDO, PEAR, APC, Memcache, PgSQL, SOAP, and XML. To get proper packages for these extensions on CentOS 5, I recommend adding the IUS Community Repository. Here’s a one-liner you can run with sudo or as root after you’ve set up that repo:
yum install php53u php53u-cli php53u-common php53u-devel php53u-gd php53u-mcrypt php53u-mysql php53u-pdo \ php53u-pear php53u-pecl-apc.x86_64 php53u-pecl-memcache.x86_64 php53u-pgsql.x86_64 php53u-soap.x86_64 php53u-xml.x86_64
Have fun with Yii!
Flash doesn’t work out-of-the-box on the 64-bit version of BackTrack 5. Unfortunately this just won’t do since Nessus uses a Flash web interface! Luckily it’s easy enough to install it.
First close Firefox! It’s safer to perform these instructions with all browsers closed.
Next, remove any existing Flash installations or files:
# apt-get -y purge flashplugin-nonfree flashplugin-installer gnash gnash-common mozilla-plugin-gnash swfdec-mozilla # rm -f /usr/lib/firefox/plugins/libflashplayer.so # rm -f /usr/lib/mozilla/plugins/libflashplayer.so # rm -f /usr/lib/mozilla/plugins/flashplugin-alternative.so # rm -f /usr/lib/mozilla/plugins/npwrapper*flash*so # rm -f ~/.mozilla/plugins/*flash*so
Now download Flash.
Finally, extract and install the Flash player plugin you just downloaded:
# tar xvfz install_flash_player_10_linux.tar.gz # mkdir -p ~/.mozilla/plugins # mv -f libflashplayer.so ~/.mozilla/plugins/
Start up Firefox and you should have a working Flash installation! You can visit Adobe’s website to be sure it’s installed correctly.
Have fun using Nessus and enjoying the rest of the internet.
Sometimes I want to download recursively from an FTP server and I don’t want to leave the command line. Depending on your FTP client, you may be lucky enough to have an option built-in for this but in many cases you don’t. FTP clients often feature mget, which is good for downloading files based on a glob filter such as *.txt or *.c. But still, this isn’t recursive.
Surprise! Wget supports FTP and can download recursively! You could download the full contents of an FTP server like this:
wget -r 'ftp://user:pass@host'
Or just grab a single directory like this:
wget -r 'ftp://user:pass@host/dir'
Cool, huh?
Speaking of compiling 32-bit C programs, what about assembly language programs? Assembly varies considerably between machines as well, so it would be useful to know how to compile x86-32 software when you’re on x86-64. It’s relatively easy, so I’ll demonstrate the commands!
To compile 32-bit assembly programs with as you pass the –32 flag (found this under Target i386 options on the as man page). It’s pretty straight forward:
# as --32 -o example32bit.o example32bit.s
You’re not done yet! You still need to link the program and if you just tried that now you probably saw this:
# ld -o example32bit example32bit.o ld: i386 architecture of input file `example32bit.o' is incompatible with i386:x86-64 output
Jeez ld! What’s your problem?
Well, the linker needs to know the architecture as well. Try passing -m elf_i386 so ld will calm down a bit.
# ld -m elf_i386 -o example32bit example32bit.o
Your program should run now.
I’ve been writing a lot of articles recently about compiling C and assembly programs on my 64-bit machine. But eventually I needed to compile a 32-bit program and I thought I would explain how I did that in case anyone else runs into trouble.
To compile a 32-bit program with gcc you can just use the m32 flag (which you’ll find under i386 and x86-64 Options on the gcc man page). But if you’re on a 64-bit machine, don’t be surprised if you see something like this:
# gcc -m32 -o example32bit example32bit.c
In file included from /usr/include/features.h:378,
from /usr/include/stdio.h:28,
from example32bit.c:1:
/usr/include/gnu/stubs.h:7:27: error: gnu/stubs-32.h: No such file or directory
You see that because you don’t have the 32-bit glibc headers installed. That’s not a problem though, since most package managers should have them available for installation. If you’re on a Debian or Ubuntu machine you can install them like this:
# apt-get install gcc-multilib
# gcc -m32 -o example32bit example32bit.c #
If you’re learning about buffer overflows and shellcode, chances are you’re exploiting some stack-based vulnerabilities. If you’re like me you might also find that when you compile your programs they have stack execution disabled by default. So instead of getting excited as you see your shellcode blissfully running after smashing the stack, you might just see this instead:
Program received signal SIGSEGV, Segmentation fault. 0x0000000000601018 in shellcode ()
Ok.. calm down.. we just need to turn on stack execution when compiling.
Welcome University of Maryland students! Thanks for visiting!
I’ve now finished Vivek Ramachandran’s Assembly Primer for Hackers and I’ve decided to move on to his Buffer Overflow Primer. I’ve exploited basic buffer overflows before, but I think going through his videos will give me more perspective now that I’ve brushed up on assembly.
In this article I’ll be stepping through the program in Vivek’s first video and providing some additional tips and tricks that I find useful when reviewing the program in gdb. I’m also on a 64-bit machine, so things are a bit different in gdb for me than they are in the video. Therefore it’s better that I write up my own explanations as I grasp the material so when I review later it will be more clear.