Another wordpress catpcha implementation

Posted on January 25, 2013 in Learning • Tagged with Programming, Learning, Security • 6 min read

Hey dear readership and dudelmatz :)

I'm kinda overworked and planned quite a while ago to release my own little captcha implementation to prevent this massive bulk of spam comments I receive on a daily base: It's obnoxious to scroll through this sheer amount of spam comments and delete them. You can't just masstrash them, because you might miss a legit comment and therefore you need to check every single one. I assume the spammer embrace this expected behaviour of a blogger, and therefore exploit it.

So I needed to put a stop to this violation of my spare time and I created my own captcha. Of course, I first searched for a working and already existing solution (and I am sure there are many which are better then what I came up with), but the one I used is basically crap

Its plugin description states:

Captcha plugin allows you to protect your website from spam using math logic which can be used for login, registration, reseting password, comments forms.

And yeah as I feared this simple elegant captcha is worthless, because math logic is a joke to parse and solve by computers (=>spamscripts). I was pissed and in a mood …


Continue reading

GoogleScraper.py - A simple python module to parse google search results.

Posted on January 06, 2013 in Programming • Tagged with Google, Scraping, Programming, Security • 14 min read

UPDATE on 18th February 2014:

This python module has now its own github repository!

The plugin can extract

  • All links
  • Link titles
  • The description/caption below the links

and has the following features:

  • Advanced proxy support for SOCKS4/4a/5 and HTTP PROXY
  • Multithreading
  • XPATH parsing
  • Supports almost all search parameters

Please note that this is by no means a permanent version! Heavy structural changes will be implemented in the near future (I'll experiment with asynchronous networking for instance). But on this site, I will always host a working version with instructions how to use it, such that visitors can always use the script!

1. Edit (07.01.2013):

  • Using requests instead of urllib
  • Added random User Agents for every new search.
  • Cleaned the code
  • Implemented foundation to combine with proxychains

Original Blog Post

Sample output after searching for 'cats are not cute' (sorry) with 100 results per page on 3 ascending pages: results.txt

I always was in need of a fast and reliable working python module to query the google search engine. The google API is rubbish, because they just give you maximally 36 results. This is completly inacceptable!

So, I looked further and found http://code.google …


Continue reading

Linux/Unix privileges from a blackhats perspective

Posted on December 30, 2012 in Security • Tagged with Privilegeescalation, Unix, Security, Filepermissions • 1 min read

Hey folks!

Had some difficulties understanding UNIX file permissions in all it's variations and eternal predisposition to misuse as adminman! Made a little PDF, the independent blog article will follow soon. It's just a pain in the ass to format all that LibreOffice into a nice wordpress format. Next time, I will just do it in plain ASCII 7 Bit style, goddamnit...

Hell, it's time to read some phrack stuff again :)

Download PDF here: blackhats_view


Bullet chess challenge :)

Posted on November 26, 2012 in Chess • Tagged with Learning, Chess • 3 min read

I realised once more, that, when I excessively play bullet chess, I tend to stagnate or my performance even goes down the tubes. The reason behind this, I am assuming, the absence of defined goal or when I play without thinking (as far as thinking in bullet chess is the legit word) or other bad behaviour, as listening to music...

Therefore, I will try a little experiment: I play every day not more than 10 bullet games. This is around 20 minutes of playing. But every time I lose, I have to to 6 full and slow chin-ups. I'll play on chess.com and my starting rating is right now 1924, which actually is pretty high for me. Nevertheless, my goal is to reach ELO 2050. My all time highscore is 1974. Let's go and breake some records...

Ok let the journey begin :)

  • 26.11.2012: 1924 - 1896. Did around 30 chin-ups. Tired as hell. Lost too many times :)
  • 28.11.2012 1896 - 1903. Back in the 1900s. Did lot's of chin ups. My game improved slightly, I think more and deeper. My speed is still to slow...
  • 29.11.2012 1903 - 1900. I am stagnating, I have the impression …

Continue reading

Bullet Chess - A silly game?

Posted on November 05, 2012 in Chess • Tagged with Chess • 6 min read

I define bullet chess as games with one minute time for each player. There are plenty of other definitions, but I think my definition refers to the most common one. This article is definitely worth a read and helps to understand my further deliberations: http://en.wikipedia.org/wiki/Fast_chess

Well, besides my enthusiasm for IT security, I have always been a bullet chess player with myself worrying adictive feautures. It all began around three or four years ago, when I realised that simply too much people tend to use chess engines on online platform and in addition, I was just to nervous and unwilled to calculate and think the average (somehow boring long) length of a entire chess game. Bullet games came perfect in this manner: It is almost impossible to cheat manually in bullet games (of course you could write bots which directly interact with the server through the underlining protocol - HTTP when you're lucky, or some really badass proprietary one, when you have misfortune, but I assume that's a rather low percentage). It turns out, that my renunciation of the original purpose of chess; thinking deep and beeing patient, turned my in a slightly better long …


Continue reading

Web safe Base64 Encode/Decode in C

Posted on October 29, 2012 in Programming • Tagged with C, Programming • 2 min read

A short while ago I needed to implement a little web safe base64 en/decoder and couldn't find any good small example in the width of the internet, so I decided to do my own dirty one. I hope I help somebody with this  little demonstration code...

I used Pelles C Compiler to build this program, but I am optimistic that it works on every common C Compiler, since it's quite close to the C11 standard.

#include 
#include 
#include 
#include

#define MAX_B64_PADDING 0x2
#define B64_PAD_CHAR "="

char * Base64Encode(char *input, unsigned int inputLen);
char * Base64Decode(char *input, unsigned int inputLen);
static unsigned char GetIndexByChar(unsigned char c);

static char *b64alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";

int main(int argc, char **argv) {

    if (argc != 2) {
        printf("Usage: %s StringToEncode\n", argv[0]);
        exit(EXIT_FAILURE);
    }
    printf("String \"%s\" to: " ,argv[1]);
    printf("%s\n", Base64Encode(argv[1], strlen(argv[1])));

    exit(EXIT_SUCCESS);
}

/* Caller has to free the returned base64 encoded string ! */
char *
Base64Encode(char *input, unsigned int inputLen)
{
    char *encodedBuf;
    int fillBytes, i, k, base64StrLen;
    unsigned char a0, a1, a2, a3;
    /* Make sure there is no overflow. RAM is cheap :) */
    base64StrLen = inputLen + (int)(inputLen * 0.45);

    encodedBuf = calloc(base64StrLen, sizeof(char …

Continue reading