Friday, March 19, 2010

To remove old kernel from Ubuntu

To remove old kernels from ubuntu OS:

First check the current kernel version:
$ uname -r

Do not remove current version.

To remove old kernel version use command:
$sudo apt-get purge linux-image-2.6.XX-XX-generic


Then remove header of that version:
$sudo apt-get purge linux-headers-2.6.XX-XX

Tuesday, March 16, 2010

Cannot Update Ubuntu

Recently, When I was trying to update ubuntu, I was getting following error message:
E: Could not get lock /var/lib/apt/lists/lock - open (11 Resource temporarily unavailable)
E: Unable to lock the list directory

After searching on Ubuntu forums I found the solution to solve this Problem.

Use following command to see is their any synaptic pkg manager running?
      $ ps -e | grep apt

If yes, then kill all those processes using 
  $ sudo kill -9 processID

Then remove lock file from ur system:
  $  sudo rm /var/lib/apt/lists/lock

Now try to update ur system. It should work. Atleast it worked for me.



DOT Graphs

DOT (filename.dot) is a file format to draw graphs including directed graphs.
DOT writes graphs in .ps, .pdf, .gif, .png formats.

For example,

$ dot -Tps src.dot -o dest.ps

$ dot -Tpdf src.dot -o dest.pdf

Dot file  format is as follows:

digraph graphName {
 "Node 1"  -> "Node 2"  ;
 "Node 1" -> "Node 2" -> "Node 3";
}

Each line is terminated by semicolon (;), and arrow (->) is used to show directed arc.

digraph means directed graph whereas graph means undirected graph.

Within a main graph a subgraph define a subset of graph.
For example,
digraph GraphName {
"Node 1" -> "Node 2";
 subgraph SubGraphName{
   "Node 3" -> "Node 1";
   "Node 4" -> Node 3";
  }
}

Tuesday, March 2, 2010

JavaScript Injection

JavaScript Injection is a technique that allows you alter the content of current web page without actually leaving the current web page.  It is extremely useful when you want to spoof the contents that are sent to server using Forms. 

Basics of JS Injection:
JS injection means inserting or executing a script. You can execute a script from the URL bar of the web page which you want to alter.  To execute JS code, you must first clear the URL bar (Note: Don't press enter yet), that is, no http:// or anything else. 
Javascript can be executed from URL using javascript: protocol.
Try following code in the URL bar of the web page to display your message. 

              javascript:alert("Hello World!");

If you saw a window pop-up and saying Hello World, then congrats, you successfully did a JS injection test.
Cookie Editing:
This time we will try penetrate one level deeper and we will try to modify server state. 
One of the mechanism used to represent server state is using Cookies. Server identifies client state and authorization using Cookies. Therefore, it is worth to learn cookie alteration using JS injection technique. 

To check the cookies set by web site, use following script at URL bar:
         javascript:alert(document.cookie);

Above script will show you cookies set by web site. To modify any key=value pair, use following syntax:
        javascript:void(document.cookie="Key=Value");

 Above command can either alter existing Key=Value pair or add new Key=Value pair if it doesn't exists.  To edit or alter information we use void( ) function of JavaScript.

 For example, server set Authorization=no in Cookie and you want to modify this Key=value pair.  Then you can use script given below:
        javascript:void(document.cookie="Autorization=yes");

It is also useful to try an alert(document.cookie); script at the end of the same line to see what effect your altering had.
    
Form Modifications:
One way to edit values sent to web server from client using a Form is to store a web page on a local disk and modify its Form field values with whatever values you want and then submit the form to the server.

For example:
  Following HTML code snippet shows that hidden field is submitted when a submit button is clicked on Form. If we want to modify email address to get data sent by email to webmaster.

 
<form action="/missions/basic/process.php" method="post">
<input type="hidden" name="to" value="webmaster@mywebsite.com" />
<input type="submit" value="Click to Submit" />
</form>

First, we need to store this web page on local disk, and then modify it as shown below.

<form action="http://mywebsite.com/missions/basic/process.php" method="post">
<input type="hidden" name="to" value="altered@emailaddress.com" />
<input type="submit" value="Click to Submit" />
</form>

However, sometimes the website checks to see if you actually submitted it from the website  or not. To get around this, we can just edit the form using from javascript Injection.

Every form on a given webpage (unless named otherwise) is stored in the forms[x] array... where "x" is the number, in order from top to bottom, of all the forms in a page. Note that the forms start at 0, so the first form on the page would actually be 0, and the second would be 1 and so on.

Lets consider our previous form example:
<form action="/missions/basic/process.php" method="post">
<input type="hidden" name="to" value="webmaster@mywebsite.com" />
<input type="submit" value="Click to Submit" />
</form>
Note:Since this is the first form on the page, it is forms[0].

To check the value using JS, use following command:
      javascript:alert(document.forms[0].to.value)

In this case, It would pop up an alert that says "webmaster@mywebsite.com"

So here's how to Inject your email into it. You can use the same technique as shown earlier in the cookies editing :
   javascript:void(document.forms[0].to.value="altered@emailaddress.com");

Above script would change email address to altered@emailaddress.com. You can use alert( ) JavaScript function to check your work.

These are the most basic things you need to know about JS injection and useful in many cases.