Sometimes, the built in functions of a framework are good enough for your purpose and there is no point in reinventing the wheel. Fine examples of this are to be found at The Daily WTF, one of my personal faves being The Backup Snippet. However, sometimes the .NET Framework does a poor job of parsing FTP FastSnap URLs. For instance, ftp://ausername:apassword@IP:port/path.
I came across quite an interesting SQL Injection scenario today. The software in which the vulnerability resides will remain anonymous until fixed, but an abstracted version of the scenario can safely be outlined below. The objective of the software is to restrict user accounts to certain IP addresses when accessing a bulletin board.
Once you have basic, non-interactive shell access to a Windows box, there are a limited number of ways in which you can transfer files to the remote host. This brief article will explicate the echo/ftp method. If you can execute, be it by SQL Injection, or a webserver vulnerability the echo command, then you can write a script file which can fetch a file of your choosing from a remote host.
Sometimes you will find yourself on a machine that has no inbound connections allowed, which can make even the most basic task a complete pain. Never fear, if you can initiate an outbound connection to an SSH server of your choosing, it is no problem whatsoever to remap the ports by what is known as Reverse Forwarding. The first step is to set up key-based, passwordless authentication in SSH.
It can be very handy to be able to login to an SSH shell without supplying a password. Here's how. Firstly, on your client machine, generate a keypair. If you are using Windows you can do this using PuTTYgen. If you are on a Nix machine issue: {% highlight bash %} ssh-keygen -t dsa {% endhighlight %} Next up, we need to copy the public key to the server.
Just sharing something that might be of interest to anyone with a similar problem. A non-technically minded friend is attempting to use Serif WebPlus to create an E-Commerce site with Paypal integration. The problem is that all his stock is in Excel format which, although Serif claims they can handle, throws an error dialog with the helpful information that the worksheet or database does not have the required fields.
A while back (quite a long while back now I suppose) I entered SmugMug's "competition" to "hack" their system. As it was hardly impenetrable I succeeded and succesfully claimed a security bounty from them; although they weren't so keen to publicise that! Now, you can moralise about security bounties if you want, but I am a student and starving in a garret.
This lengthy howto will show you how to hook up C# to an eggdrop IRC bot. I've taken this approach because it avoids the overhead of managing a fully fledged IRC client in C# whilst still providing 2-way command functionality between IRC and the application.
Just been asked some further questions about the DataExecutor class on FreeNode and thought I'd give some usage instructions/clarification here. Howto: Fill a strongly typed dataset Set your base class (of your TableAdapter) to Tools.genericTableAdapter. Fill your strongly typed DataSet thus: {% highlight csharp %} DataExecutor de = null;
I've been exploring the dark alleyways of the Windows Presentation Foundation this week and found no way in my trawlings of the net to expand a treeview to a specific node. No FindNode, no ExpandTo or ExpandAll. Great. Anyway, here's the solution I came up with. It relies upon a binding the Tag property to the text you are searching for, but that could obviously be changed.
Quite a lengthy post here with a lot of code in the hope that my experience of building an integrity-checking SSL (text-only for now) communication system will be of use to somebody else.