shell - Dave's Blog


Search

exec($_GET

Apr 29, 8:27

Does it betray my innocence that I’m shocked by the amount of exec($_GET you can easily find on github? Hilarious comment thread on hacker news: 

This is awful. Shell commands are not guaranteed to be idempotent, people! These should all be of the form exec($_POST, not exec($_GET.

ephemeralgomi

PermalinkCommentshumor security http php technical

Moving PowerShell data into Excel

2013 Aug 15, 10:04
PowerShell nicely includes ConvertTo-CSV and ConvertFrom-CSV which allow you to serialize and deserialize your PowerShell objects to and from CSV. Unfortunately the CSV produced by ConvertTo-CSV is not easily opened by Excel which expects by default different sets of delimiters and such. Looking online you'll find folks who recommend using automation via COM to create a new Excel instance and copy over the data in that fashion. This turns out to be very slow and impractical if you have large sets of data. However you can use automation to open CSV files with not the default set of delimiters. So the following isn't the best but it gets Excel to open a CSV file produced via ConvertTo-CSV and is faster than the other options:
Param([Parameter(Mandatory=$true)][string]$Path);

$excel = New-Object -ComObject Excel.Application

$xlWindows=2
$xlDelimited=1 # 1 = delimited, 2 = fixed width
$xlTextQualifierDoubleQuote=1 # 1= doublt quote, -4142 = no delim, 2 = single quote
$consequitiveDelim = $False;
$tabDelim = $False;
$semicolonDelim = $False;
$commaDelim = $True;
$StartRow=1
$Semicolon=$True

$excel.visible=$true
$excel.workbooks.OpenText($Path,$xlWindows,$StartRow,$xlDelimited,$xlTextQualifierDoubleQuote,$consequitiveDelim,$tabDelim,$semicolonDelim, $commaDelim);
See Workbooks.OpenText documentation for more information.
PermalinkCommentscsv excel powershell programming technical

NICT Daedalus Cyber-attack alert system #DigInfo (by...

2012 Jun 20, 3:23


NICT Daedalus Cyber-attack alert system #DigInfo (by Diginfonews)

Someone has been watching too much Ghost in the Shell. I’d say someone has been watching too much Hackers but this actually looks cooler than their visualizations and also you can never watch too much of Hackers.

PermalinkCommentstechnical network visualization hack security

Permanently Add Path to System PATH Environment Variable in PowerShell

2012 May 17, 7:16
According to MSDN the proper way to permanently add a path to your system's PATH environment variable is by modifying a registry value. Accordingly this is easily represented in a PowerShell script that first checks if the path provided is already there and otherwise appends it:
param([Parameter(Mandatory = $true)] [string] $Path);
$FullPathOriginal = (gp "HKLM:\System\CurrentControlSet\Control\Session Manager\Environment").Path;
if (!($FullPathOriginal.split(";") | ?{ $_ -like $Path })) {
sp "HKLM:\System\CurrentControlSet\Control\Session Manager\Environment" -name Path -value ($FullPathOriginal + ";" +
$Path);
}
PermalinkCommentspowershell registry technical code programming

PowerShell Equivalents for JavaScript Array Functions

2012 May 15, 3:30

Built-in

map
input | %{ expression($_) }
forEach
input | %{ [void]expression($_) }
filter
input | ?{ expression($_) }
indexOf
input.indexOf(value)

Close to built-in

some
if (input | ?{ expression($_) }) { ... }
every
if (-not input | ?{ !expression($_) }) { ... }
lastIndexOf
[array]::lastIndexOf(input, value)

Write it yourself

reduce
function reduce($fn, $a, $init) { $s = $init; $a | %{ $s = &$fn $s $_; }; $s; }
PermalinkCommentsjavascript powershell array technical

URI Percent-Encoding Ignorance Level 1 - Purpose

2012 Feb 15, 4:00

As a professional URI aficionado I deal with various levels of ignorance on URI percent-encoding (aka URI encoding, or URL escaping).

Worse than the lame blog comments hating on percent-encoding is the shipping code which can do actual damage. In one very large project I won't name, I've fixed code that decodes all percent-encoded octets in a URI in order to get rid of pesky percents before calling ShellExecute. An unnamed developer with similar intent but clearly much craftier did the same thing in a loop until the string's length stopped changing. As it turns out percent-encoding serves a purpose and can't just be removed arbitrarily.

Percent-encoding exists so that one can represent data in a URI that would otherwise not be allowed or would be interpretted as a delimiter instead of data. For example, the space character (U+0020) is not allowed in a URI and so must be percent-encoded in order to appear in a URI:

  1. http://example.com/the%20path/
  2. http://example.com/the path/
In the above the first is a valid URI while the second is not valid since a space appears directly in the URI. Depending on the context and the code through which the wannabe URI is run one may get unexpected failure.

For an additional example, the question mark delimits the path from the query. If one wanted the question mark to appear as part of the path rather than delimit the path from the query, it must be percent-encoded:

  1. http://example.com/foo%3Fbar
  2. http://example.com/foo?bar
In the second, the question mark appears plainly and so delimits the path "/foo" from the query "bar". And in the first, the querstion mark is percent-encoded and so the path is "/foo%3Fbar".
PermalinkCommentsencoding uri technical ietf percent-encoding

Using Progress Indicators in Windows PowerShell

2011 Jul 27, 10:33The write-progress command in powershell allows scripts to express their progress in terms of percent or time left and powershell displays this in a friendly manner at the top of my window. Surprisingly, not hooked up to the Shell's TaskbarItemInfo's progress.PermalinkCommentstechnical powershell progress coding shell

Command line for finding missing URLACTIONs

2011 May 28, 11:00

I wanted to ensure that my switch statement in my implementation of IInternetSecurityManager::ProcessURLAction had a case for every possible documented URLACTION. I wrote the following short command line sequence to see the list of all URLACTIONs in the SDK header file not found in my source file:

grep URLACTION urlmon.idl | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > allURLACTIONs.txt
grep URLACTION MySecurityManager.cpp | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > myURLACTIONs.txt
comm -23 allURLACTIONs.txt myURLACTIONs.txt
I'm not a sed expert so I had to read the sed documentation, and I heard about comm from Kris Kowal's blog which happilly was in the Win32 GNU tools pack I already run.

But in my effort to learn and use PowerShell I found the following similar command line:

diff 
(more urlmon.idl | %{ if ($_ -cmatch "URLACTION[a-zA-Z0-9_]*") { $matches[0] } } | sort -uniq)
(more MySecurityManager.cpp | %{ if ($_ -cmatch "URLACTION[a-zA-Z0-9_]*") { $matches[0] } } | sort -uniq)
In the PowerShell version I can skip the temporary files which is nice. 'diff' is mapped to 'compare-object' which seems similar to comm but with no parameters to filter out the different streams (although this could be done more verbosely with the ?{ } filter syntax). In PowerShell uniq functionality is built into sort. The builtin -cmatch operator (c is for case sensitive) to do regexp is nice plus the side effect of generating the $matches variable with the regexp results.
PermalinkCommentspowershell tool cli technical command line

clip.exe - Useful tool I didn't know shipped with Windows

2011 May 26, 11:00

When you run clip.exe, whatever comes into its standard input is put onto the clipboard. So when you need to move the result of something in your command window somewhere else you can pipe the result into clip.exe. Then you won't have to worry about the irritating way cmd.exe does block copy/pasting and you avoid having to manually fixup line breaks in wrapped lines. For instance, you can put the contents of a script into the clipboard with:

more cdo.cmd | clip

I've got a lot of stuff dumped in my bin folder that I sync across all my PCs so I didn't realize that clip.exe is a part of standard Windows installs.

Nice for avoiding the block copy in cmd.exe but I'd prefer to have the contents sort of tee'd into the clipboard and standard output. So TeeClip.ps1:

$input | tee -var teeclipout | clip;
$teeclipout;
PermalinkCommentspowershell clip tool clipboard cli technical windows tee

PowerShell Script Batch File Wrapper

2011 May 22, 7:20

I'm trying to learn and use PowerShell more, but plenty of other folks I know don't use PowerShell. To allow them to use my scripts I use the following cmd.exe batch file to make it easy to call PowerShell scripts. To use, just name the batch file name the same as the corresponding PowerShell script filename and put it in the same directory.

@echo off
if "%1"=="/?" goto help
if "%1"=="/h" goto help
if "%1"=="-?" goto help
if "%1"=="-h" goto help

%systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command . %~dpn0.ps1 %*
goto end

:help
%systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command help %~dpn0.ps1 -full
goto end

:end

Additionally for PowerShell scripts that modify the current working directory I use the following batch file:

@echo off
if "%1"=="/?" goto help
if "%1"=="/h" goto help
if "%1"=="-?" goto help
if "%1"=="-h" goto help

%systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command . %~dpn0.ps1 %*;(pwd).Path 1> %temp%\%~n0.tmp 2> nul
set /p newdir=
PermalinkCommentspowershell technical programming batch file console

Powershell to test your XPath

2011 Apr 14, 5:11This page and esp. the final comment on the page were very helpful with describing how to parse XML in PowerShell.PermalinkCommentspowershell xml xpath technical programming

Chapter 16. The Registry - Master-PowerShell | With Dr. Tobias Weltner - Powershell.com – Powershell Scripts, Tips and Resources

2011 Jan 4, 7:25How to take ownership and re-ACL registry keys from a powershell prompt.PermalinkCommentstechnical powershell acl regkey registry windows

Windows 7 Accelerator Platform COM / C# Interop

2010 Aug 20, 11:20

For a new project I'm working on involving IE's installed Accelerators and OpenSearch search providers via the Windows 7 Accelerator Platform, I've created a C#/COM interop class for those APIs.

Download the osinterop.cs interop file here.

PermalinkCommentstechnical accelerator csharp com

DVD Ripping and Viewing in Windows Media Center

2010 Aug 17, 3:05

I've just got a new media center PC connected directly to my television with lots of HD space and so I'm ripping a bunch of my DVDs to the PC so I don't have to fuss with the physical media. I'm ripping with DVD Rip, viewing the results in Windows 7's Windows Media Center after turning on the WMC DVD Library, and using a powershell script I wrote to copy over cover art and metadata.

My powershell script follows. To use it you must do the following:

  1. Run Windows Media Center with the DVD in the drive and view the disc's metadata info.
  2. Rip each DVD to its own subdirectory of a common directory.
  3. The name of the subdirectory to which the DVD is ripped must have the same name as the DVD name in the metadata. An exception to this are characters that aren't allowed in Windows paths (e.g. <, >, ?, *, etc)
  4. Run the script and pass the path to the common directory containing the DVD rips as the first parameter.
Running WMC and viewing the DVD's metadata forces WMC to copy the metadata off the Internet and cache it locally. After playing with Fiddler and reading this blog post on WMC metadata I made the following script that copies metadata and cover art from the WMC cache to the corresponding DVD rip directory.

Download copydvdinfo.ps1

PermalinkCommentspowershell wmc technical tv dvd windows-media-center

TiMER

2010 Jun 29, 1:24

An excellent movie I'd never heard of. An entertaining and humorous sci-fi indie romance comedy. It stars Emma Caulfield (who I recognize as Anya from Buffy the Vampire Slayer) who obsesses over her timer, an implanted device that counts down to when she'll meet the love of her life. Thematically its similar to Eternal Sunshine of the Spotless Mind which similarly adds a scifi device to society in order to examine the value of failed relationships on a persons life.
PermalinkCommentsmovie review netflix TiMER

PowerShell Integration Into Visual Studio

2010 Jun 22, 1:49"The PowerGUI Visual Studio Extension adds PowerShell IntelliSense support to Visual Studio."PermalinkCommentstechnical powershell visual-studio microsoft programming shell ide

New Paintings Page: Ward Shelley

2010 Feb 4, 2:07Infographic oil paintings of things like the historical influences of avant garde or the life of Frank Zappa.PermalinkCommentsart design visualization information gallery infographics painting ward-shelley via:infosthetics

ASCIImeo, Videos in Text - peter nitsch.net

2010 Jan 18, 3:22"Today I finally launched ASCIImeo (asciimeo.com)...In a nutshell, it renders Vimeo videos in different textmode’s." Now if only it did the audio as midi. Try outPermalinkCommentsvideo ascii humor text

Cheap Multiplayer Tricks for New Super Mario Bros. Wii

2010 Jan 5, 1:47

The New Super Mario Bros. Wii is a great game. Its the fun of old school Mario with the addition of great graphics and the kind of multiplayer I've wanted for Mario since playing the original as a child: its got up to four player simultaneous cooperative multiplayer. I recommend it to anyone who has enjoyed Mario in the past. Watch this amazing video of level 1-3 you can unlock in the game.

As noted elsewhere, multiple players attempting to navigate platforms, grab power ups, and throw turtle shells creates new challenges but along with that there's new ways to be incredibly cheap.

Jumping Higher
A second player means a head one can jump on to reach higher locations. Jump on your friend's head at the apex of their jump while holding down the jump button yourself for maximum jumping. In the game you can also grab other players and hold them over your head. This is useful for reaching the top of the flagpole at the end of levels. On that same line, if the player you grab has a flying cap you can now use them to fly in the same manner you would use a flying block which makes it easy to get two players to the top of the finish flagpole if only one of you has a flying cap.
Power-Ups
Normal power-up blocks now spawn enough power-ups for everyone. A mushroom is spawned for each small player and full power-ups for the rest, except in the case everyone is small: then one of the power-ups is a full power-up. If there's two players and you're both small, the full power-up always jumps out of the block to the right. Some hidden power-up blocks only give out one power-up and in that case its a mushroom or not based on the player who hits the block - so be sure that a big player hits that if you have one.
Death & Bubbles
When a player dies but at least one other player lives the dead player comes back in a limbo bubble from which they must be released before they may play again. Because of this, in a tough spot you can send one player in and leave a second behind. If the first dies you don't lose your place in the level and the first comes back in a bubble ready to try again. For instance, if you're trying to get the last star coin in 2-1 which sits just above the abyss, one player can just jump to their death for it and as long as another player lives you've collected the coin. However you need not sacrifice your life to do this: you can press down and 'a' to force yourself into a bubble saving yourself from death. This is true in general as long as you have enough time to see your death coming. This is also useful if one player runs ahead to the right. The screen will expand a bit but then it will just move to the right following the player in the lead. Players left behind walls or now forced into lava pits will die unless they use the bubble.
Misc.
  • If all players hit the ground at the same time from a ground pound it acts like hitting a pow block, killing the enemies on the screen.
  • If you hold a player who has a projectile power over your head they can still use their power.
  • Bubbles can be popped by hitting them with your fire or ice projectiles as well as thrown shells or blocks.
  • All players get the extra lives from anyone collecting 100 coins or finishing a level with more than 7 enemies on the screen.
PermalinkCommentsmultiplayer mario wii

English Shellcode

2009 Nov 27, 6:10"What follows is a brief description of the method we have developed for encoding arbitrary shellcode as English text. This English shellcode is completely self-contained, i.e., it does not require an external loader, and executes as valid IA32 code."PermalinkCommentssecurity polyglot intel paper research programming hack obfuscation english language technical system:filetype:pdf system:media:document
Older Entries Creative Commons License Some rights reserved.