coding @ decal's security shed


computer programming


internal


Exploits, Tools & Other Proof of Concept Code

irixview.c - old exploit for SGI IRIX version less than or equal to 6.4, a.k.a. CVE-1999-0148

userrooter.sh - local privilege escalation to super-user account by dynamically loading a shared library at runtime through the userhelper(8) PAM interface on RedHat Linux 6.x

napstir.c - 3rd-party Napster clients permitted viewing of traversed pathname contents relative to the default download directory, as well as DoS due to improper handling of a specically crafted packet

head1.sh - Shell script that exploits a temporary file symlink(2) pathname race condition to expose the root password ciphertext from /etc/shadow through a set-uid root NCP binary

cmd.war - J2EE web archive containing pwn.jsp for arbitrary remote code execution via CGI

hex4vbs.py - Percent encoding to evade IDSen when conducting cross-site scripting with VBScript

oligdna.c.html - Stereoscopic Anaglyph 3D Syntax Highlighting of C99 in HTML

Linux tools for increasing accessibility in a restricted shell or chroot(2) directory

syscaller.c - execute common Linux commands without access to their executable binary files

netstat.bash - parse network statistics from Linux proc(5)

ps.bash - parse process table from the Linux proc(5) pseudo-filesystem

See also: Jails - High value, but shitty virtualization

Winsock and/or BSD socket library dynamic loading

randsrc-1.0.tar.gz - bind() to a random IPv4 interface and connect to specified host/port

shadyshell.c - Compact, cut & paste UDP portshell written in C99 to stay under the TCP/IP IDS radar
Unbeknownst to me, some phone phreaks have devised a way to tunnel WAP/VoIP data over their smartphones with this code, according to this forum posting

porkbind-1.3.tar.gz - Porkbind recursively retrieves version information for the nameserver(s) of a given domain and produces a report that describes possible vulnerabilities of each.

tcpsee-1.1.c - tcpdump wrapper that adds ANSI color escape control character sequences for pretty printing

headcap.c - raw socket example from Linux kernel version 2.2

oligdna.c - oligonucleotide sequence generator

Apple Inc.© Xcode Related ...

@ayanonagon's Swift Blog

"Hello World" in various languages

COBOL

TERM="xterm256-color" ./xterm256-color.perl

Random expressions of obscurity

l.cc ⇒ C++ written in C++

l.perl ⇒ X-Mas in Perl

l.c ⇒ Rectangular "C"

Visual Aids

Complexity Classes

Java Language Architecture

JBoss a.k.a. Wildfly JMX Architecture

Git Cheat Sheet (in SVG format)

Automated Drawing of UML Diagrams

shellcheck.net => automatically detect problems in sh/bash scripts and commands

Reference Materials

Code from the book Hacker's Delight

devdocs.io

ascii-code-table.txt

HTML Tags

UTF-8 HTML Character Entity Reference Chart

Explore and Master Chrome DevTools

Open Source Software Security Wiki @ openwall.org

UTF-8 and Unicode FAQ

doxygen Commands Manual

DocBook XSL: The Complete Guide

DTrace at Oracle® Wikis

Technical x86 Process Information

MIPS Developer Resources from the ©Imagination Community

Memory Management Reference

X86 Opcode and Instruction Reference

Linux Assembly Web Site

ssltest.py (Original Heatbleed PoC)

histogram.c

Understanding stacks and registers in the SPARC architecture(s)

Technical Documents from SPARC International, Inc.

A Taxonomy of Coding Errors that Affect Security (Documentation of Fortify Acquisition)

Advanced Bash-Scripting Guide

GreyCat's Wiki about shell scripting UNIX with bash (Bourne Again SHell)

Linux Shell Scripting Tutorial (LSST) v2.0

man-ascii.com (pretty much self-explanatory)

Coder's Toolbox - the programmer's bare necessities

rosettacode.org

learnxinyminutes.com

More RGB Color Codes Than a Box of Crayola's™

ANSI Color Tutorial

ANSI Escape Code Article by the Linux Gazette

Scholastic Aptitude Test for Leets

SANS: Application Security Procurement Language

Read the Docs: Create, host, and browse documentation.

Winsock Programmer's FAQ

Search Internet-Drafts and RFC's

Memory Optimization in ANSI C  (slides)

ECMA Formal Publications

PHP Fusion Coding Standards

CSE 4254 Programming in Lisp

DEC TOPS-20 OS for the PDP-10: COMPILE CLI /switches

Intellectual Property Rights in IETF Technology

DocBook XSL: The Complete Guide, Fourth Edition

Algorithms and Data Structures Cheat Sheet

external


Past LISTSERV Posts, Screencasts & Other PoC Demonstrations by Me


Re: remote DoS against inetd and ssh

My comments regardingconnect(2) floods as a DoS attack against daemons dependent upon the listen(2) socket queue limit assigned by inetd(8) on Linux in 1999, especially with respect toidentd(8) and its variants



bugtraq: Re: Fwd: ircii-4.4 buffer overflow

Stack buffer overflow in UNIX IRC client ircII that I reported to Bugtraq in June of 1997 and was (independently?) re-discovered three years later in March of 2000



BlockWatch Recursive NTFS SmartListing Use Case Demo

Video Demonstration of BlockWatch: a revolutionary anti-malware solution that I helped write a middleware component for with the Microsoft .NET Framework's WCF API



IOActive BlockWatch™ and IOActive Memory Cruncher™

Latest BlockWatch rebranded by IOActive® from Security Objectives© (Note: This is not all my own work and by now very little is--it's the brainchild of K2



Spot Feds Online @ decal.sdf.org

Links to research material, slides, talks & more about my IRC client hostname decloaking research findings (Hint: it's got nada to do with hash cracking!)



Programming Paradigms, Algorithms, and Sites with Re-usable Code

The Hello World Collection

Managing XCode

JSR-335 Lambda Expressions for the Java™ Programming Language

Microsoft Research Web N-Gram Services

repository of standard programming situations in a variety of languages

PLEAC - Programming Language Examples Alike Cookbook

Long-term memory for coders. Share and store code snippets.

github:gist is a simple way to share snippets and pastes

Code Snippets Collection

The Undocumented Functions by NTinternals

Wikipedia Programming Language Implementation Category

Lua Programming - Wikibooks

Lua Functional Programming - Wikibooks

Lua Reference Manuals

What is Gradual Typing?

On Lisp by Paul Graham

DBX, XDB, GDB, WinDBG & OpenVMS Debugger via erik.cabetas.com

Various DNSSEC and SMTP SPF tools written in Java

Henry Baker's Archive of Research Papers

Programming Language Research

Favorite Programming Languages and Frameworks

Current standard for Programming Language C (C11), ISO/IEC 9899:2011

C Reserved Identifiers

Java™  EE 7 Specification API's

PHP INTERVIEW QUESTIONS AND ANSWERS

The Programming Language Lua

fsharp.net

fsharp.org

Scheme

Common LISP

Ruby

rubysecurity.info

Ruby Toolbox

MPICH a.k.a. OpenMPI

OpenMP

How to Harden PHP - according to cPanel

Windows 8.1 API Sets

Node.js® is a platform built on Chrome's JavaScript runtime

Google's Go Language Documentation

The Java security API's span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.

OpenJDK

The Tcl'ers Wiki!

Source Code Analysis, Refactoring, Minification, etc.

HTML Minifier

JsFiddle @ jsfiddle.net

JSBin

JSHint

JSLint

jsPerf JavaScript performance playground

Flow: a static type checker for JavaScript  @ flowtype.org

JSON Shell for the Browser

Readable s-expressions and sweet-expressions

Rough Auditing Tool for Security (RATS)

View the source code for any class in the .NET framework.

Clang Static Analyzer

codetester.org - test web browser rendering of HTML, JavaScript, etc.

codepen.io

Rextester stands for regular expression tester

The Underhanded C Code Contest

The International Obfuscated C Code Contest

The Underhanded PowerShell Contest Repository

The JavaScript Misdirection Contest

Interoperability

Semantic Versioning

Microsoft Debugging Blog

www.WinDBG.info

IKVM.NET: an implementation of Java for Mono and the Microsoft .NET Framework

Open Runtime Platform: open-source dynamic computing research platform

Phalanager - The PHP compiler for .NET

The Python programming language for the .NET framework

The Ruby programming language for the .NET framework

Convert C# to VB and VB to C# With Telerik® Code Converter

Low-level Debugging

Software Diagnostics Institute

Miscellaneous Stuff

Software Testing Paradoxes Article in MSDN Magazine

O'Reilly Open Book

Programming Language Vulnerabilities Group at ISO/IEC

SmallVoid: Developer Links (Lots of Standards and References)

Intel® XDK HTML5 Cross-platform Development Tool

Intel® XDK Documentation

DHS CSD-SWAMP (SoftWare Assurance MarketPlace)

C++ In Depth - Google for Education -- Google Developers

An Example of Object-Oriented Design: An ATM Simulation

Hoogle: Haskell API Search Engine

Visual Studio 11 C++ Compiler Options Listed Alphabetically

Package GUIDs of Visual Studio Features

Higher Logics: Where Programming Meets Science

GCC Online Documentation

Sun Studio 12: Debugging a Program with dbx

Oracle Solaris 11 Information Library: Linker and Libraries Guide  (November 2011)

JPanic's Viruses

Cookbook for Java Web Programming via Servlets and JDBC at mollypages.org

MSR: Continuous Space Text Representations

OSI: Open Source Initiative

University of Maryland Computer Organization Course (Based on MIPS)

A Case Against The GO TO Statement by Edsger W. Djikstra

Random code snippets, projects and musings about software from Eric Kidd, a developer and entrepreneur.

IDE's and REPL's, GUI's, Web-based Tools & More..

Get-ToThePrompt -at PowerGUI.org Netbeans IDE

Eclipse is an IDE in its own right, however a C/C++ IDE and PHP IDE are also available from the same folks

Rubular: a Ruby regular expression editor and tester

Online Regular Expression Testing @ regexplanet.com

Regular Expression Cookbook's Featured Recipes @ regexplanet.com

Regular Expressions - JavaScript | MDN

Debuggex (Regular Expression Debugger That Generates the Corresponding FSA diagrams

Code Style Guides, Naming Conventions, Source Readability/Maintainability, Spacing/Indentation, etc.

Google's Style Guides for: C++, Objective-C, Java, Python, Shell, HTML/CSS, JavaScript, AngularJS, Common LISP, and Vimscript are now available!




Valid XHTML 1.0 Transitional  Valid CSS!