Sunday, September 16, 2007
Anti-debugging paper
From time to time, we encounter old and new tricks how to defeat debugging or atleast to slow down the reversing process. And the list continues to grow until today. Some might have faded now in your memory, but a guy from SecFocus has a great job outlining most of the known anti-debugging techniques as of today. Check out this post from Secfocus.
Thursday, September 13, 2007
Some Linux shortcuts
While some of them are very common, you might still learn some, as I do.
# / - root directory
# ./ - current directory
# ./command_name - run a command in the current directory when the
current directory is not on the path
# ../ - parent directory
# ~ - home directory
# $ - typical prompt when logged in as ordinary user
# # - typical prompt when logged in as root or superuser
# ! - repeat specified command
# !! - repeat previous command
# ^^ - repeat previous command with substitution
# & - run a program in background mode
# [Tab][Tab] - prints a list of all available commands. This is just an
example of autocomplete with no restriction on the first letter.
# x[Tab][Tab] - prints a list of all available completions for a
command, where the beginning is "x''
# [Alt][Ctrl][F1] - switch to the first virtual text console
# [Alt][Ctrl][Fn] - switch to the nth virtual text console. Typically,
there are six on a Linux PC system.
# [Alt][Ctrl][F7] - switch to the first GUI console, if there is one
running. If the graphical console freezes, one can switch to a
nongraphical console, kill the process that is giving problems, and
switch back to the graphical console using this shortcut.
# [ArrowUp] - scroll through the command history (in bash)
# [Shift][PageUp] - scroll terminal output up. This also works at the
login prompt, so you can scroll through your boot messages.
# [Shift][PageDown] - scroll terminal output down
# [Ctrl][Alt][+] - switch to next X server resolution (if the server is
set up for more than one resolution)
# [Ctrl][Alt][-] - change to previous X server resolution
# [Ctrl][Alt][BkSpc] - kill the current X server. Used when normal exit
is not possible.
# [Ctrl][Alt][Del] - shut down the system and reboot
# [Ctrl]c - kill the current process
# [Ctrl]d - logout from the current terminal
# [Ctrl]s - stop transfer to current terminal
# [Ctrl]q - resume transfer to current terminal. This should be tried if
the terminal stops responding.
# [Ctrl]z - send current process to the background
# reset - restore a terminal to its default settings
# [Leftmousebutton] - Hold down left mouse button and drag to highlight
text. Releasing the button copies the region to the text buffer under X
and (if gpm is installed) in console mode.
# [Middlemousebutton] - Copies text from the text buffer and inserts it
at the cursor location. With a two-button mouse, click on both buttons
simultaneously. It is necessary for three-button emulation to be
enabled, either under gpm or in XF86Config.
---
Read more..
# / - root directory
# ./ - current directory
# ./command_name - run a command in the current directory when the
current directory is not on the path
# ../ - parent directory
# ~ - home directory
# $ - typical prompt when logged in as ordinary user
# # - typical prompt when logged in as root or superuser
# ! - repeat specified command
# !! - repeat previous command
# ^^ - repeat previous command with substitution
# & - run a program in background mode
# [Tab][Tab] - prints a list of all available commands. This is just an
example of autocomplete with no restriction on the first letter.
# x[Tab][Tab] - prints a list of all available completions for a
command, where the beginning is "x''
# [Alt][Ctrl][F1] - switch to the first virtual text console
# [Alt][Ctrl][Fn] - switch to the nth virtual text console. Typically,
there are six on a Linux PC system.
# [Alt][Ctrl][F7] - switch to the first GUI console, if there is one
running. If the graphical console freezes, one can switch to a
nongraphical console, kill the process that is giving problems, and
switch back to the graphical console using this shortcut.
# [ArrowUp] - scroll through the command history (in bash)
# [Shift][PageUp] - scroll terminal output up. This also works at the
login prompt, so you can scroll through your boot messages.
# [Shift][PageDown] - scroll terminal output down
# [Ctrl][Alt][+] - switch to next X server resolution (if the server is
set up for more than one resolution)
# [Ctrl][Alt][-] - change to previous X server resolution
# [Ctrl][Alt][BkSpc] - kill the current X server. Used when normal exit
is not possible.
# [Ctrl][Alt][Del] - shut down the system and reboot
# [Ctrl]c - kill the current process
# [Ctrl]d - logout from the current terminal
# [Ctrl]s - stop transfer to current terminal
# [Ctrl]q - resume transfer to current terminal. This should be tried if
the terminal stops responding.
# [Ctrl]z - send current process to the background
# reset - restore a terminal to its default settings
# [Leftmousebutton] - Hold down left mouse button and drag to highlight
text. Releasing the button copies the region to the text buffer under X
and (if gpm is installed) in console mode.
# [Middlemousebutton] - Copies text from the text buffer and inserts it
at the cursor location. With a two-button mouse, click on both buttons
simultaneously. It is necessary for three-button emulation to be
enabled, either under gpm or in XF86Config.
---
Read more..
Tuesday, September 11, 2007
How to assign hot key to Ubuntu?
1. Press Alt-F2 to open the Run application menu bar. Type gconf-editor and press Run button.
2. The Configuration Editor will show up. Go to /apps/metacity/keybinding_commands key (similar to Windows' registry) and double-click the unused name key, for example command_1. It is usually String type to accept command string. Input the name of the executable or command in the Value text box. For example, in the screenshot, I typed Konsole for the KDE terminal console executable.
3. Then go to /apps/metacity/global_keybindings as shown in the screenshot below. Find and double-click the binding key associated to your command key in step #2. For example, run_command_1. Assign a shortcut key by typing it to the Value text box. This will be your shortcut whenever you want to run the command/executable in step #2. In my example, I chose
4.You can add more shortcut key for all your frequently used programs.Monday, September 10, 2007
Sohanad!
I'm using Yahoo! Messenger most of the time as my instant messenger to contact with my friends. From time to time I would see other's YM status to something very familiar to me. And until this time, I still receive messages from someone with the similar below:
Its an indication that she/he is infected by a variant of Sohanad worm, most probably WORM_SOHANAD.AF. Once the worm is active, it will send out some built in messages to all your contacts without your knowledge and consent. This is one of many interesting Internet worms due to its agility and power to stay in the wild for quiet some time now. This is an evolving worm from a lame being to some exploit usage that made it always on the radar. If you're interested how its evolved, here's the blog from Trendmicro.
It modifies IE's default home page, disables Task Manager and Registry editor, disables the Run option in the command menu, modifies some YM's settings, and may terminate some security programs (ie antivitus, firewall, etc) running in the infected PC. These payloads needs some proper restoration process, otherwise, you might not be able to edit your registry or execute command from Run menu anymore =).
To clean .AF variant, you can follow the manual instructions.
If you're not sure of which variant got hit you, you might consider Trendmicro's free online scanner. It will execute its famous DCT (Damage Cleanup Template) technology to scan and clean your computer from most internet worms.
Its an indication that she/he is infected by a variant of Sohanad worm, most probably WORM_SOHANAD.AF. Once the worm is active, it will send out some built in messages to all your contacts without your knowledge and consent. This is one of many interesting Internet worms due to its agility and power to stay in the wild for quiet some time now. This is an evolving worm from a lame being to some exploit usage that made it always on the radar. If you're interested how its evolved, here's the blog from Trendmicro.
It modifies IE's default home page, disables Task Manager and Registry editor, disables the Run option in the command menu, modifies some YM's settings, and may terminate some security programs (ie antivitus, firewall, etc) running in the infected PC. These payloads needs some proper restoration process, otherwise, you might not be able to edit your registry or execute command from Run menu anymore =).
To clean .AF variant, you can follow the manual instructions.
If you're not sure of which variant got hit you, you might consider Trendmicro's free online scanner. It will execute its famous DCT (Damage Cleanup Template) technology to scan and clean your computer from most internet worms.
Tuesday, September 04, 2007
Show me the World, Windows!
I've encountered some Windows nuances which attributed to some registry
corruption error. For some reason, I couldn't view the tabs of my
Display Properties and the Network Properties.
Thanks to google for being so helpful as always! :)
In the first error, I've found this link as the solution, and it worked!
http://www.winhelponline.com/articles/38/1/
The next day, I've noticed that I can't connect from the remote machine to access
my shared folder in WinXP machine. When I was about to check the network setting, the
tabs in the Network properties are gone too! Thanks to this link for the solution:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5281
I used to take note troubleshooting experience because it can be handy
in the future when needed. So this not some-sort-of
superb-troubleshooting-technique-or-whatever. I just post it as a
post-it! :)
Subscribe to:
Posts (Atom)
Posts
