Archive for the programming Category

Monitor Active TCP Connections

Posted in bash, Linux, scripting, Uncategorized with tags on October 1, 2011 by ShellAdept

root@localhost:~# watch "netstat | grep -i -e "Foreign" -e "Internet" -e "tcp""

The ‘watch’ command will continuously execute the subsequent command (for more complex commands, as above, the entire set of commands should be enclosed in double-quotes.). By default, ‘watch’ executes every 2 seconds.

The ‘netstat’ command displays network connections (among other things–for more information refer to the Man page.). In this example, grep is used to filter out non-TCP connections.

The ‘grep’ command is used to print lines which match a desired pattern. In this example, ‘-i’ is used to ignore case, and ‘-e’ is used to print multiple patterns. Lines containing ‘tcp’, ‘Foreign’, and ‘Internet’ are printed (the latter two are used to maintain the first two lines of netstat output).

I hope somebody finds this useful. If anyone has suggestions for improvement or spots an error on my part, please feel to share. I welcome feedback!

Leave a comment »

Fun with Python

Posted in python, scripting on November 13, 2010 by ShellAdept

#This article should see extensive expansion in the future. Till then, don’t expect much organization…

To launch a Windows application (specifically calc.exe) using Python:

>>> import os
>>> os.startfile (“calc”)

The word between quotes should contain the process name you wish to launch. For completionists, calc.exe works too…

To list files in a particular directory:
>>> import os
>>> sweetPath=”C:\\temp_path”#’sweetPath’ is a variable name, clever at that–
>>> dirList=os.listdir(sweetPath)
>>> for k in dirList:
… print k#make sure you tab this line

aFile
anotherFile
yetAnotherFile
etc.txt

Leave a comment »

Hex Instruction Dictionary (x86)

Posted in assembly, programming on November 9, 2010 by ShellAdept

/*Incomplete listing of Intel x86 instructions’ hex values;  enjoy them, as it took me quite a while to decipher by comparing a hex dump of a binary with the original assembly.*/
push BYTE    ==    ‘6a’
push BYTE 112    ==    ‘6a 70’

mov BYTE al    ==    ‘b0’
mov BYTE bl    ==    ‘b3’
mov BYTE cl    ==    ‘b1’
mov BYTE dl    ==    ‘b2’

mov BYTE al, 10    ==    ‘b0 0a’
mov BYTE bl, 10 == ‘b3 0a’
mov BYTE cl, 10 == ‘b1 0a’
mov BYTE dl, 10 == ‘b2 0a’

mov [ebx+7], al == ’88 43 07′
mov [ebx+8], ebx == ’89 5b 08′
mov [ebx+12],eax == ’89 43 0c’

int        ==    ‘cd’
int 0x80    ==    ‘cd 80′

push        ==    ’68’
push 0x2f552f2f    ==    ’68 2f 2f 55 2f’
push WORD    ==    ’66’
push WORD bx    ==    ’66 53′
push esi    ==    ’56’
push ecx    ==    ’51’
push edx    ==    ’52’
push ebx    ==    ’53’

xor        ==    ’31’
xor eax, eax    ==    ’31 c0′
xor ebx, ebx    ==    ’31 db’
xor ecx, ecx    ==    ’31 c9′
xor edx, edx == ’31 d2′

mov        ==     ’89’
mov ebx, eax    ==    ’89 c3′
mov ecx, esp    ==    ’89 e1′
mov ebx, esp    ==    ’89 e3′
mov edx, esp    ==    ’89 e2′

pop eax        ==    ’58’ #66 58?
pop ebx == ‘5b’ #66 5b?
pop ecx        ==    ’59’ #66 59?
pop edx == ‘5a’ #66 5a?

cdq        ==    ’99’

inc ebx        ==    ’43’

xchg esi, eax    ==    ’96’
xchg eax, ebx    ==    ’93’

dec eax == ’48’ #66 48?
dec ebx == ‘4b’ #66 4b?
dec ecx        ==    ’49’ #66 49?
dec edx == ‘4a’ #66 4a?

jns        ==    ’79’
call == ‘e8’
short jump == ‘eb’ #eb f9?
return == ‘c9’

lea ecx, [ebx+8] == ‘8d 4b 08’
lea edx, [ebx+12] == ‘8d 53 0c’

NOTE: Though most of this dictionary has been created through trial and error using nasm, ndisasm, and hexdump, Jon Erickson’s “Hacking: The Art of Exploitation” was incredibly helpful with sample code and accompanying byte code. I highly recommend the book those interested in computer security.

Leave a comment »

Assembly Compilation with NASM

Posted in assembly, nasm, programming on October 23, 2010 by ShellAdept

//Stand in post–more to follow

‘nasm’ is an assembly compiler available on your favorite linux distro.  It is easily installed with your respective package manager (yum, apt-get, etc.).  Assembly programs are suffixed with ‘.s’ or ‘.asm’.  To compile your example.asm, type:

nasm -f elf example.asm

In this case, nasm invokes the compiler, ‘-f’ specifies the output file format (here elf is used, which is short for elf32–most users of 32 bit linux systems will probably be fine using this format.  For a complete list of formats available, type ‘nasm -hf’ in your terminal.)  And example.asm, of course, is your source file.

Next, type:

ld example.0

This invokes the GNU linker–for more information on this, refer to the man page for ld.  Keep in mind that nasm and ld are not the same.  Now you can type ./a.out and your program should run.

If ld is complaining of incompatibility with your x64 system:

ld: i386 architecture of input file ‘example.o’ is incompatible with i386:x86-64 output

Try compiling with the following command:

nasm -f elf64 example.asm

at this point, ld example.o should work.  Congratulations!

/*Please take this article with a grain of salt.  I do my best to present only accurate information, but it is entirely possible that I may post something inaccurate from time to time.  If you find errors in this article, please let me know and I’ll update it accordingly.  We are all here to learn and constructive criticism is very welcome!  Or, if you found it helpful, let me know–that would make my day!*/

2 Comments »