Author: JZInfo

Categories
Security Server

Common Hacker Links

When I look into the servers logs, I notices some hacker attchs.

“GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1”

“GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1

GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1

“GET /console/images/%252e%252e%252fconsole.portal HTTP/1.1”

“GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1”

“GET /_profiler/phpinfo HTTP/1.1”

“POST /mifs/.;/services/LogService HTTP/1.1” 500 1

“GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1”

“GET /.git/HEAD HTTP/1.1” 400 106 “-” “curl/7.54.0”
“GET /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 HTTP/1.1” 404 95 “-” “curl/7.54.0”
“GET /CSS/Miniweb.css HTTP/1.1” 400 112 “-” “curl/7.54.0”
“GET /HNAP1 HTTP/1.1” 404 100 “-” “curl/7.54.0”
“GET /Portal/Portal.mwsl HTTP/1.1” 400 115 “-” “curl/7.54.0”
“GET /__Additional HTTP/1.1” 404 107 “-” “curl/7.54.0”
“GET /base.aspx HTTP/1.1” 404 104 “-” “curl/7.54.0”
“GET /base.html HTTP/1.1” 404 104 “-” “curl/7.54.0”
“GET /default.php HTTP/1.1” 404 106 “-” “curl/7.54.0”
“GET /default.shtml HTTP/1.1” 404 108 “-” “curl/7.54.0”
“GET /docs/cplugError.html/ HTTP/1.1” 400 118 “-” “curl/7.54.0”
“GET /f4iY HTTP/1.1” 404 99 “-” “curl/7.54.0”
“GET /favicon.ico HTTP/1.1” 404 106 “-” “curl/7.54.0”
“GET /home.jsa HTTP/1.1” 404 103 “-” “curl/7.54.0”
“GET /inicio.php HTTP/1.1” 404 105 “-” “curl/7.54.0”
“GET /localstart.jhtml HTTP/1.1” 404 111 “-” “curl/7.54.0”
“GET /localstart.shtml HTTP/1.1” 404 111 “-” “curl/7.54.0”
“GET /main.aspx HTTP/1.1” 404 104 “-” “curl/7.54.0”
“GET /nmaplowercheck1654635763 HTTP/1.1” 404 119 “-” “curl/7.54.0”
“GET /pools HTTP/1.1” 404 100 “-” “curl/7.54.0”
“GET /pools/default/buckets HTTP/1.1” 404 116 “-” “curl/7.54.0”
“GET /server-status HTTP/1.1” 404 108 “-” “curl/7.54.0”
“GET /start.pl HTTP/1.1” 404 103 “-” “curl/7.54.0”
“POST /sdk HTTP/1.1” 404 98 “-” “curl/7.54.0”

Categories
Uncategorized

Set up Cucumber Guide

Needed for when someone wants to create automation via eclipse

Step-by-step guide

Selenium setup

  1. Download the Selenium Java Client Driver(http://docs.seleniumhq.org/download/)

    Download latest Java version. 

  2. Create a new folder with name say ‘Selenium’ in C drive and extract the jar files to ‘Selenium’ folder.

Jars to copy, copy the one in the default folder and then all the jars in the lib folder: (note versions might be different)

Cucumber setup:

  1. Download Cucumber jar files (https://mvnrepository.com/search?q=cucumber)

    Jars to download:

    Cucumber Core
    https://mvnrepository.com/artifact/info.cukes/cucumber-core
    Cucumber HTML
    https://mvnrepository.com/artifact/info.cukes/cucumber-html
    Cucumber JVM: Java

    https://mvnrepository.com/artifact/info.cukes/cucumber-java

    Cucumber JVM: Java8
    https://mvnrepository.com/artifact/info.cukes/cucumber-java8
    Cucumber JVM: JUnit
    https://mvnrepository.com/artifact/info.cukes/cucumber-junit
    Cucumber JVM: PicoContainer
    https://mvnrepository.com/artifact/info.cukes/cucumber-picocontainer
    Cucumber Report Generator
    https://mvnrepository.com/artifact/com.github.mkolisnyk/cucumber-report-generator
    Gherkin
    https://mvnrepository.com/artifact/info.cukes/gherkin
    Gherkin Repackaged Dependencies
    https://mvnrepository.com/artifact/info.cukes/gherkin-jvm-deps
  2. Create a new folder with name say Cucumber in C drive and extract the jar files to Cucumber folder.

Eclipse setup:

  1. In eclipse:

– Now Right-click on <project name> and select Properties.
– On the Properties window, click on “Java Build Path”.
– Click on the Libraries tab, and then click “Add External JARs..”
– Navigate to C:\selenium
– Add all the JAR files inside and outside the “libs” folder.

– Navigate to C:\cucumber
– Add all the JAR files inside
– Finally, click OK and we have completed importing Selenium and Cucumber libraries into our project.

Maven setup in Eclipse:

  1. File > New > ProjectSearch for Maven and select Maven Project

    Hit next, next, next

    Group Id: com.cucumber

    Artifact Id: MavenCucumber

    Package: com.cucumber.maven

    Update pom.xml file:

    project xmlns=”http://maven.apache.org/POM/4.0.0″ xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
    xsi:schemaLocation=”http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd“>
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.cucumber</groupId>
    <artifactId>MavenBillFinRegressionSuite</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>MavenBillFinRegressionSuite</name>
    <url>http://maven.apache.org</url>

    <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <dependencies>
    <dependency>
    <groupId>junit</groupId>
    <artifactId>junit</artifactId>
    <version>4.12</version>
    <scope>test</scope>
    </dependency>
    <dependency>
    <groupId>info.cukes</groupId>
    <artifactId>cucumber-java</artifactId>
    <version>1.2.5</version>
    <scope>test</scope>
    </dependency>
    <dependency>
    <groupId>info.cukes</groupId>
    <artifactId>cucumber-picocontainer</artifactId>
    <version>1.2.5</version>
    <scope>test</scope>
    </dependency>
    <dependency>
    <groupId>info.cukes</groupId>
    <artifactId>cucumber-junit</artifactId>
    <version>1.2.5</version>
    <scope>test</scope>
    </dependency>
    <dependency>
    <groupId>com.github.mkolisnyk</groupId>
    <artifactId>cucumber-reports</artifactId>
    <version>1.0.7</version>
    </dependency>
    <dependency>
    <groupId>org.seleniumhq.selenium</groupId>
    <artifactId>selenium-firefox-driver</artifactId>
    <version>3.4.0</version>
    </dependency>
    </dependencies>
    </project>

Categories
Uncategorized

Pure JavaScript to format Date object to ISO String Date only

When working on Mongo Shell, I need to format currentDate to a ISODate  format String YYYY-MM-DD

var formatDate = function (date) {
day = date.getDate();
reportdate = date.getFullYear();
month = date.getMonth() + 1;

if (month < 10) {
reportdate = reportdate + “-0” + month;
} else {
reportdate = reportdate + “-” + month;
}

if (day < 10) {
reportdate = reportdate + “-0” + day;
} else {
reportdate = reportdate + “-” + day;
}
return reportdate;
}
var date = new ISODate(“2021-01-01T05:00:00.000Z”);

print(formatDate(date));

Categories
Uncategorized

/?a=fetch&content=die(@md5(HelloThinkCMF))

When I run a security scan on the log, I found the following:
[/?a=fetch&content=die(@md5(HelloThinkCMF))]

It looks like someone is trying to scan a PHP bug for wordpress site.

It is important to keep WordPress site up to date with the latest PHP version

Categories
Tips

Apache HttpClient 4.4 with SSL Client Cert Tips

Tips:

  1. To enable SSL handshake debug:
    -Djavax.net.debug=ssl,handshake
  2. when Create a KeyStore, Client Key Pairs should be encrypted with password. ( the same password of the key store), otherwise, an exception of Can’t recover key will be threw)

Categories
Tips

How to know your computer’s information via command line

1. Open Command Prompt (enter CMD in the “type here to search bar”)
2. Copy this and hit enter: wmic bios get serialnumber
3. Copy this and hit enter: wmic computersystem get model,name,manufacturer,systemtype
4. Your screen should look like this:

Categories
BI Solution Uncategorized Web UI

Azure AD SSO Integration Error

When I trying to create a SAML Request for https://login.microsoftonline.com/xxxxx-xxxx-xxxx-xxxxx/saml2?SAMLRequest=[SAMLRequest redirect encode]

I have the following error message:

Request Id: xxxxxxxx-xxxx-446a-a8c8-84a3477d0600
Correlation Id: xxxxxxxx-xxxx-465d-83d9-6be5c98abec5
Timestamp: 2019-03-05T00:53:02Z
Message: AADSTS7500529: The value ‘817ef7d6-89a8-4367-8e41-39b1559305cd’ is not a valid SAML ID.

this GUID 817ef7d6-89a8-4367-8e41-39b1559305cd is generated with java.util.UUID tool. However, the Azure AD service is expecting an XML ID which has to meet the following requirement:

1.3.4 ID and ID Reference Values
The xs:ID simple type is used to declare SAML identifiers for assertions, requests, and responses. Values declared to be of type xs:ID in this specification MUST satisfy the following properties in addition to those
imposed by the definition of the xs:ID type itself:
• Any party that assigns an identifier MUST ensure that there is negligible probability that that party or any other party will accidentally assign the same identifier to a different data object.
• Where a data object declares that it has a particular identifier, there MUST be exactly one such declaration.
The mechanism by which a SAML system entity ensures that the identifier is unique is left to the implementation. In the case that a random or pseudorandom technique is employed, the probability of two
randomly chosen identifiers being identical MUST be less than or equal to 2-128 and SHOULD be less than or equal to 2-160
. This requirement MAY be met by encoding a randomly chosen value between 128 and 160 bits in length. The encoding must conform to the rules defining the xs:ID datatype. A pseudorandom
generator MUST be seeded with unique material in order to ensure the desired uniqueness properties
between different systems.

Page 9:  http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

A simple solution is the add “id” in front of the string and remove any “-” from it.

it would similar to: id6c1c178c166d486687be4aaf5e482731

Categories
SSO Tips

SSO Online Tools

There are few useful tools could be use to test some parameter before you start configure SSO connection with the IdP provider:

If you want to test SP initiate SSO and your IdP is Microsoft Online (https://login.microsoftonline.com), you can to the following

https://idp.ssocircle.com/sso/toolbox/samlEncode.jsp

Therre is another useful tool set avaiable here : https://www.samltool.com/url.php

It provides many useful tools:

Categories
Web UI

GIMP2 Install New Fonts in Windows 10

I was trying to install some new fancy fonts in GIMP2. After installed the font in windows system, GIMPS was having trouble to load the fonts. However, MS Word is able to see it.

After digging around the web, the follow solution helps me solve the issue:

https://gimper.net/threads/new-fonts-wont-load.5206/

In GIMP2:

edit>preferences
click on “folders”
click on fonts. you should see a line that points to where the fonts are
click on the icon that looks link a piece of paper
browse for the directory where the fonts are and add it to the list

Categories
Tips

How to Find Out the Number of Files Opened by Tomcat Hosted Application

When working with Spring Data for file  based integration, I was wondering how the application is handling the file processing.  We have seen file descriptors left opened after the application run for a while. and the application eventually stalled because an IO Exception being through out for the files opened by the application have reached its maximum.

The following script help me to monitor the file descriptor opened in the Linux server:

#!/bin/sh
#
#published GNU GPL3.0
#please change /foo/bar to the folder you want to mornitor
PID=`ps -eaf | grep tomcat | grep -v grep |grep org.apache.catalina.startup.Bootstrap | awk '{print $2}'`
if [[ "" != "$PID" ]]; then
DATE=`date '+%Y-%m-%d %H:%M:%S'`
echo "PID $PID $DATE">>lsof.log
/usr/sbin/lsof -a -p $PID|grep /foo/bar >>lsof.log
fi