Classic Shell Scripting
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Buffer Overflow Exploits
Buffer overflow exploits EJ Jung A Bit of History: Morris Worm Worm was released in 1988 by Robert Morris • Graduate student at Cornell, son of NSA chief scientist • Convicted under Computer Fraud and Abuse Act, sentenced to 3 years of probation and 400 hours of community service • Now a computer science professor at MIT Worm was intended to propagate slowly and harmlessly measure the size of the Internet Due to a coding error, it created new copies as fast as it could and overloaded infected machines $10-100M worth of damage Morris Worm and Buffer Overflow One of the worm’s propagation techniques was a buffer overflow attack against a vulnerable version of fingerd on VAX systems • By sending special string to finger daemon, worm caused it to execute code creating a new worm copy • Unable to determine remote OS version, worm also attacked fingerd on Suns running BSD, causing them to crash (instead of spawning a new copy) For more history: • http://www.snowplow.org/tom/worm/worm.html Buffer Overflow These Days Most common cause of Internet attacks • Over 50% of advisories published by CERT (computer security incident report team) are caused by various buffer overflows Morris worm (1988): overflow in fingerd • 6,000 machines infected CodeRed (2001): overflow in MS-IIS server • 300,000 machines infected in 14 hours SQL Slammer (2003): overflow in MS-SQL server • 75,000 machines infected in 10 minutes (!!) Attacks on Memory Buffers Buffer is a data storage area inside computer memory (stack or heap) • Intended to hold pre-defined -
Practical C Programming, 3Rd Edition
Practical C Programming, 3rd Edition By Steve Oualline 3rd Edition August 1997 ISBN: 1-56592-306-5 This new edition of "Practical C Programming" teaches users not only the mechanics or programming, but also how to create programs that are easy to read, maintain, and debug. It features more extensive examples and an introduction to graphical development environments. Programs conform to ANSI C. 0 TEAM FLY PRESENTS Table of Contents Preface How This Book is Organized Chapter by Chapter Notes on the Third Edition Font Conventions Obtaining Source Code Comments and Questions Acknowledgments Acknowledgments to the Third Edition I. Basics 1. What Is C? How Programming Works Brief History of C How C Works How to Learn C 2. Basics of Program Writing Programs from Conception to Execution Creating a Real Program Creating a Program Using a Command-Line Compiler Creating a Program Using an Integrated Development Environment Getting Help on UNIX Getting Help in an Integrated Development Environment IDE Cookbooks Programming Exercises 3. Style Common Coding Practices Coding Religion Indentation and Code Format Clarity Simplicity Summary 4. Basic Declarations and Expressions Elements of a Program Basic Program Structure Simple Expressions Variables and Storage 1 TEAM FLY PRESENTS Variable Declarations Integers Assignment Statements printf Function Floating Point Floating Point Versus Integer Divide Characters Answers Programming Exercises 5. Arrays, Qualifiers, and Reading Numbers Arrays Strings Reading Strings Multidimensional Arrays Reading Numbers Initializing Variables Types of Integers Types of Floats Constant Declarations Hexadecimal and Octal Constants Operators for Performing Shortcuts Side Effects ++x or x++ More Side-Effect Problems Answers Programming Exercises 6. -
Automatic Discovery of API-Level Vulnerabilities
Automatic Discovery of API-Level Vulnerabilities Vinod Ganapathyy, Sanjit A. Seshiaz, Somesh Jhay, Thomas W. Repsy, Randal E. Bryantz yComputer Sciences Department, zSchool of Computer Science, University of Wisconsin-Madison Carnegie Mellon University fvg|jha|[email protected] fsanjit|[email protected] UW-MADISON COMPUTER SCIENCES TECHNICAL REPORT: UW-CS-TR-1512, JULY 2004. Abstract A system is vulnerable to an API-level attack if its security can be compromised by invoking an allowed sequence of operations from its API. We present a formal framework to model and analyze APIs, and develop an automatic technique based upon bounded model checking to discover API-level vulnerabilities. If a vulnerability exists, our technique produces a trace of API operations demonstrating an attack. Two case studies show the efficacy of our technique. In the first study we present a novel way to analyze printf-family format-string attacks as API-level attacks, and implement a tool to discover them automatically. In the second study, we model a subset of the IBM Common Cryptographic Architecture API, a popular cryptographic key-management API, and automatically detect a previously known vulnerability. 1 Introduction Software modules communicate through application programming interfaces (APIs). Failure to respect an API's usage conventions or failure to understand the semantics of an API may lead to security vulnerabilities. For instance, Chen et al. [13] demonstrated a security vulnerability in sendmail-8.10.1that was due to a misunderstanding of the semantics of UNIX user-id setting commands. A programmer mistakenly assumed that setuid(getuid()) would always drop all privileges. -
Bash Scripts for Avpres Verify Manifest(1)
verify_manifest(1) Bash Scripts for AVpres verify_manifest(1) NAME verify_manifest - Verify a checksum manifest of a folder or file SYNOPSIS verify_manifest -i input_path [-m manifest_file] verify_manifest -h | -x DESCRIPTION Bash AVpres is a collection of Bash scripts for audio-visual preservation. One of these small programs is verify_manifest.Itcreates a checksum manifest of a folder or file. Bash version 3.2 is required, but we strongly advise to use the current version 5.1. OPTIONS BASIC OPTIONS -i input_path,--input=input_path path to an input folder or file -m manifest_file,--manifest=manifest_file path to the manifest file If this parameter is not passed, then the script uses for a folder: <input_path>_<algorithm>.txt and for a file: <input_path>_<extension>_<algorithm>.txt ADVA NCED OPTIONS The arguments of the advanced options can be overwritten by the user.Please remember that anystring containing spaces must be quoted, or its spaces must be escaped. --algorithm=(xxh32|xxh64|xxh128|md5|sha1|sha256|sha512|crc32) We advise to use a faster non-cryptographic hash functions, because we consider that, for archival purposes, there is no necessity to apply a more complexunkeyed cryptographic hash function. The algorithm name can be passed in upper or lower case letters. The default algorithm is xxHash 128: --algorithm=xxh128 Note that until end of 2020 the default algorithm was MD5, which has the same checksum size than the xxHash 128 algorithm. Therefore, if you verity files with an MD5 checksum, then you may pass the option --algorithm=md5 in order to speed-up the verification. Also xxHash 32 and CRC-32 have the same checksum size. -
The AWK Programming Language
The Programming ~" ·. Language PolyAWK- The Toolbox Language· Auru:o V. AHo BRIAN W.I<ERNIGHAN PETER J. WEINBERGER TheAWK4 Programming~ Language TheAWI(. Programming~ Language ALFRED V. AHo BRIAN w. KERNIGHAN PETER J. WEINBERGER AT& T Bell Laboratories Murray Hill, New Jersey A ADDISON-WESLEY•• PUBLISHING COMPANY Reading, Massachusetts • Menlo Park, California • New York Don Mills, Ontario • Wokingham, England • Amsterdam • Bonn Sydney • Singapore • Tokyo • Madrid • Bogota Santiago • San Juan This book is in the Addison-Wesley Series in Computer Science Michael A. Harrison Consulting Editor Library of Congress Cataloging-in-Publication Data Aho, Alfred V. The AWK programming language. Includes index. I. AWK (Computer program language) I. Kernighan, Brian W. II. Weinberger, Peter J. III. Title. QA76.73.A95A35 1988 005.13'3 87-17566 ISBN 0-201-07981-X This book was typeset in Times Roman and Courier by the authors, using an Autologic APS-5 phototypesetter and a DEC VAX 8550 running the 9th Edition of the UNIX~ operating system. -~- ATs.T Copyright c 1988 by Bell Telephone Laboratories, Incorporated. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy ing, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Published simultaneously in Canada. UNIX is a registered trademark of AT&T. DEFGHIJ-AL-898 PREFACE Computer users spend a lot of time doing simple, mechanical data manipula tion - changing the format of data, checking its validity, finding items with some property, adding up numbers, printing reports, and the like. -
Download Instructions—Portal
Download instructions These instructions are recommended to download big files. How to download and verify files from downloads.gvsig.org • H ow to download files • G NU/Linux Systems • MacO S X Systems • Windows Systems • H ow to validate the downloaded files How to download files The files distributed on this site can be downloaded using different access protocols, the ones currently available are FTP, HTTP and RSYNC. The base URL of the site for the different protocols is: • ftp://gvsig.org/ • http://downloads.gvsig.org/ • r sync://gvsig.org/downloads/ To download files using the first two protocols is recommended to use client programs able to resume partial downloads, as it is usual to have transfer interruptions when downloading big files like DVD images. There are multiple free (and multi platform) programs to download files using different protocols (in our case we are interested in FTP and HTTP), from them we can highlight curl (http://curl.haxx.se/) and wget (http://www.gnu.org/software/wget/) from the command line ones and Free Download Manager from the GUI ones (this one is only for Windows systems). The curl program is included in MacOS X and is available for almost all GNU/Linux distributions. It can be downloaded in source code or in binary form for different operating systems from the project web site. The wget program is also included in almost all GNU/Linux distributions and its source code or binaries of the program for different systems can be downloaded from this page. Next we will explain how to download files from the most usual operating systems using the programs referenced earlier: • G NU/Linux Systems • MacO S X Systems • Windows Systems The use of rsync (available from the URL http://samba.org/rsync/) it is left as an exercise for the reader, we will only said that it is advised to use the --partial option to avoid problems when there transfers are interrupted. -
A Type System for Format Strings E
ifact t * r * Comple t te A A n * te W E is s * e C n l l o D C A o * * c T u e m S s E u e S e n I R t v A Type System for Format Strings e o d t y * s E a * a l d u e a t Konstantin Weitz Gene Kim Siwakorn Srisakaokul Michael D. Ernst University of Washington, USA {weitzkon,genelkim,ping128,mernst}@cs.uw.edu ABSTRACT // Untested code (Hadoop) Most programming languages support format strings, but their use Resource r = ... format("Insufficient memory %d", r); is error-prone. Using the wrong format string syntax, or passing the wrong number or type of arguments, leads to unintelligible text // Unchecked input (FindBugs) output, program crashes, or security vulnerabilities. String urlRewriteFormat = read(); This paper presents a type system that guarantees that calls to format(urlRewriteFormat, url); format string APIs will never fail. In Java, this means that the API will not throw exceptions. In C, this means that the API will not // User unaware log is a format routine (Daikon) log("Exception " + e); return negative values, corrupt memory, etc. We instantiated this type system for Java’s Formatter API, and // Invalid syntax for Formatter API (ping-gcal) evaluated it on 6 large and well-maintained open-source projects. format("Unable to reach {0}", server); Format string bugs are common in practice (our type system found Listing 1: Real-world code examples of common programmer 104 bugs), and the annotation burden on the user of our type system mistakes that lead to format routine call failures. -
GNU Coreutils Cheat Sheet (V1.00) Created by Peteris Krumins ([email protected], -- Good Coders Code, Great Coders Reuse)
GNU Coreutils Cheat Sheet (v1.00) Created by Peteris Krumins ([email protected], www.catonmat.net -- good coders code, great coders reuse) Utility Description Utility Description arch Print machine hardware name nproc Print the number of processors base64 Base64 encode/decode strings or files od Dump files in octal and other formats basename Strip directory and suffix from file names paste Merge lines of files cat Concatenate files and print on the standard output pathchk Check whether file names are valid or portable chcon Change SELinux context of file pinky Lightweight finger chgrp Change group ownership of files pr Convert text files for printing chmod Change permission modes of files printenv Print all or part of environment chown Change user and group ownership of files printf Format and print data chroot Run command or shell with special root directory ptx Permuted index for GNU, with keywords in their context cksum Print CRC checksum and byte counts pwd Print current directory comm Compare two sorted files line by line readlink Display value of a symbolic link cp Copy files realpath Print the resolved file name csplit Split a file into context-determined pieces rm Delete files cut Remove parts of lines of files rmdir Remove directories date Print or set the system date and time runcon Run command with specified security context dd Convert a file while copying it seq Print sequence of numbers to standard output df Summarize free disk space setuidgid Run a command with the UID and GID of a specified user dir Briefly list directory -
Automatic Protection from Printf Format String Vulnerabilities
USENIX Association Proceedings of the 10th USENIX Security Symposium Washington, D.C., USA August 13–17, 2001 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION © 2001 by The USENIX Association All Rights Reserved For more information about the USENIX Association: Phone: 1 510 528 8649 FAX: 1 510 548 5738 Email: [email protected] WWW: http://www.usenix.org Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. FormatGuard: Automatic Protection From printf Format String Vulnerabilities Crispin Cowan, Matt Barringer, Steve Beattie, and Greg Kroah-Hartman WireX Communications, Inc. http://wirex.com/ Mike Frantzen Jamie Lokier Purdue University CERN Abstract their trouble. Since June 2000, format bugs have eclipsed buffer overflow vulnerabilities for the most In June 2000, a major new class of vulnerabilities called common form of remote penetration vulnerability. “format bugs” was discovered when an vulnerability in WU-FTP appeared that acted almost like a buffer over- There are several obvious solutions to this problem, flow, but wasn’t. Since then, dozens of format string which unfortunately don’t work: vulnerabilities have appeared. This paper describes the format bug problem, and presents FormatGuard: our Remove the %n feature: The printf %n directive is proposed solution. FormatGuard is a small patch to the most dangerous, because it induces printf to glibc that provides general protection against format write data back to the argument list. It has been pro- bugs. -
CS210 - the University of Auckland
CS210 - The University of Auckland COMPSCI 210 C Programming Language Introduction to Programming in C C: a bit of history (1) y First generation computer languages: Machine code. ◦ Computer hardware is designed to understand and execute what is called “machine code” (instructions to tell the computer what to do). ◦ A computer program: the bit pattern of the machine code to be loaded into the computer memory. It could be specified manually, using switches on the front panel for the computer y Second generation computer languages: Assembly language. ◦ Specifying a computer program as the bit pattern of the machine code was very time consuming, and error prone. A human readable/writable form of machine code was developed, namely “assembly language”. ◦ Another program, called an assembler, was developed to take a textual version of the machine code, and translate it into machine code. assembler Translation from Assembly language to Machine code 1 CS210 - The University of Auckland C: a bit of history (2) y Third generation computer languages: High level languages. ◦ Assembly language is very low level, and depends on the computer architecture. ◦ High level languages were developed, that were relatively machine independent, and more like the notation of mathematics. Fortran (~1955) and Basic (~1964): still had to build control statements out of one line if statements and goto statements, and there were no recursive functions. ◦ Pascal (~1970) and C (~1972) were developed, with support for data structures. ◦ 1971, Ken Thompson developed a FORTRAN compiler, instead ended up developed a compiler for a new high-level language he called B. ◦ In 1972, Dennis Ritchie at Bell Lab, built on B to create a new language called C (next to B) which inherited Thompson's syntax. -
Addresstranslation Adminguide
Address Translation Administrator Guide This guide is for administrators of MessageLabs Email Services. This guide is for administrators of MessageLabs Email Services. The Address Translation service is a MessageLabs Email Services feature that enables external internet-routable email addresses to be converted into internally-routable addresses, and vice versa. Document version 1.0 2006-12-07 Table of Contents 1 About the guide 3 1.1 Audience and scope 3 1.2 Versions of this guide 3 1.3 Conventions 3 2 Introduction to Address Translation 4 3 Configuring Address Translation 5 3.1 Formatting configuration data 5 3.2 Providing configuration data in CSV files 5 4 Uploading addrtrans.csv 6 4.1 Generating sha1sums (Linux) 6 4.2 Generating sha1sums (Windows) 6 4.3 Uploading CSV files to a Linux server 7 4.4 Uploading CSV files to a Windows server 7 5 Maintaining Address Translation data 8 2 1 About the guide 1.1 Audience and scope This guide is for administrators of MessageLabs Email Services. The Address Translation service is a MessageLabs Email Services feature that enables external internet-routable email addresses to be converted into internally-routable addresses, and vice versa. 1.2 Versions of this guide This guide is available in two page sizes: Letter (279 mm x 215.9 mm) and A4 (297 mm x 210 mm). The version is identified at the end of the file name as _Ltr or _A4. The content is identical in the two versions. Use whichever suits your printing requirements. 1.3 Conventions In this guide, the following conventions are used: Formatting Denotes Bold Button, tab or field Bold Italic Window title or description Note: A note containing extra information that may be useful Text to type in Text to type in Output from a computer Output from a computer Link A link to a website Screenshots normally display an Internet Explorer window. -
Learn Programming
Learn Programming Antti Salonen Aug 04, 2018 Learn Programming, first edition Antti Salonen This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. The code within this book is licensed under the MIT license. Copyright 2018, Antti Salonen. 2 CONTENTS: 1 The beginning 7 1.1 Introduction ......................... 8 1.1.1 Why this book? .................... 8 1.1.2 What is software? .................. 15 1.1.3 How does a computer work? ............ 19 1.1.4 OK, but seriously, how does a computer work? ... 26 1.1.5 The basics of programming ............. 30 1.1.6 Setting up the C toolchain .............. 39 1.1.7 The basics of programming in C .......... 43 1.1.8 Learning to learn .................. 53 1.2 Basics of programming in Python and C .......... 56 1.2.1 Quadratic formula in C ............... 56 1.2.2 Lots of quadratic equations ............. 60 1.2.3 Quadratic formula in Python ............ 65 1.2.4 Generating input data using Python ........ 71 1.3 Unix shell ........................... 72 1.3.1 Basic Unix shell usage ................ 72 1.3.2 Unix shell scripting ................. 82 1.3.3 Regular expressions ................. 89 1.4 Using libraries in Python ................... 93 1.4.1 Creating a simple web page ............. 93 1.4.2 Making our web page work ............. 97 2 Stage 1 103 2.1 Further Unix tools ...................... 104 2.1.1 Version control ..................