• 15
  • Jul

Wordpress LogoHackosis.com just added Gravatars to the comments section! In light of the situation I decided to tell you how to add Gravatars to your custom Wordpress theme’s comment section if not already done. Most old themes won’t have this.

Gravatars can be used in Wordpress 2.5+ and must be enabled in the Wordpress settings under discussion.

From the Gravatar site:

What is a gravatar?

A gravatar, or globally recognized avatar, is quite simply an avatar image that follows you from weblog to weblog appearing beside your name when you comment on gravatar enabled sites. Avatars help identify your posts on web forums, so why not on weblogs?

To add Gravatars I simply added the following to my Wordpress theme’s comments.php file right before “<cite><?php comment_author_link() ?></cite> Says:”. Of course you do need to include the PHP opening and closing tags. Change the size variable to one suitable:

PHP [Show Plain Code]:
  1. echo get_avatar( $comment, $size = ‘50′ );

You can also change the default avatar by specifying it’s location like below :

PHP [Show Plain Code]:
  1. echo get_avatar( $comment, $size = ‘50′, $default="/path/to/url.jpg" );

I did also add a bit of styling to float it to the right and add a border, but I’ll let you be creative and do it yourself.

Let me know how it goes and if you have any questions I’ll do my best!

Feel free to test the Gravatars by commenting below (this is your one chance for free-for-all commenting). Happy Gravataring.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
  • 15
  • Jul

PHP and MySQL are one of the most used technologies on the web today. By using about 7 different script files we can add, update, and delete rows from a MySQL table.

Example of completed project:

Simple MySQL Table Editor

Download the Simple PHP MySQL Table Editor.

Lets get started. I will explain each section of the script files so you have an understanding of how it works. You can download the project in a zip file above. The download also includes the example MySQL schema structure so you can test the script right away.

All examples in this post assume that you have already typed the php opening and closing tags. I cannot inlcude them on my page due to Wordpress plugins that I am running.

ALSO, because my PHP color coder sometimes runs off the page, you may have to click “show plain code” to view all typed PHP code.

HEADER.PHP:

Header.php stores the HTML header that include the title, etc. I am not going into detail since this is not a HTML tutorial.

I always start my PHP files with comments to indicate the purpose of the script and give contact details in case anyone has questions. Comments in PHP are indicated with ‘//’ for single lines and ‘/*’, ‘*/’ for multiple line comments:
Read the rest of this entry …

  • 14
  • Dec

insecure.org logoNmap v4.5, along with a 10th anniversary, has been released along with a brand new addition called Zenmap, 2nd generation OS detection, and 320 other changes to the network mapping software.

Zenmap is a front-end GUI for Nmap allowing beginners to easily use Nmap and also allows experienced users quick access to advanced features. Read the press release for Nmap v4.5.

Zenmap Screenshot:
Zenmap Screenshot

How do I install Nmap?

Windows:

Windows users can find an installer on the Nmap download page.

Linux:

If you have RPM based package management, download and install it from the Nmap download page. Don’t forget to get the Zenmap RPM also.

su root
rpm -ivh nmap-4.50-1.i386.rpm
rpm -ivh zenmap-4.50-1.noarch.rpm

OR

Download the Nmap tarball from the Nmap download page. Also make sure you have the proper build tools installed.

bzip2 -cd nmap-4.50.tar.bz2 | tar xvf -
cd nmap-4.50
./configure
make
su root
make install

How do I use Nmap?

You really need to read the Nmap man page for all the details, but the most common options will be covered here.

NOTE: Most of these command line switched can used in a combination. Replace scanme.nmap.org with a real IP address or host name that you need to scan.
Read the rest of this entry …

  • 09
  • Dec

Snoopy Logger

Ever went to pull a command that you executed 2 months ago just to notice that it is gone in your bash history? By using Snoopy, all commands executed on the machine will be logged with syslog into a file named /var/log/auth.log. Say hello to never losing a command again.

This could also be used to monitor user activity on a server or for tracking down what happened when your server got hacked. You need to reboot after installing snoopy as it injects a shared library into every process to log the commands executed.

Install Snoopy in Ubuntu:

sudo apt-get install snoopy

Answer Yes when it asks you to modify /etc/ld.so.preload and then reboot. Happy logging!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
  • 06
  • Dec

Routing with VyattaTimes are getting thin before replacing the Cisco 7500 core router with open source routing platform, Vyatta, as mentioned in a previous post. And not only that, but the decision has been made to go ahead and set up redundant, auto-failover Vyatta routers. Also, check out how to throttle bandwith with the Linux kernel in Vyatta (or any other Linux with 2.4+ kernel) before I go into more detail.

The Hardware

The hardware has been purchased and received. The setup includes 2 - Dell PowerEdge SC1430s with the following specifications:

  • 2 Quad-core 2.0GHz Xeon Processors
  • 4 GB of 667MHz RAM
  • 2 80GB SATA 3GB/s configured with RAID 1
  • 1 Gbit Onboard NIC
  • 1 Intel 1000PT Gbit PCI Express NIC

You couldn’t ask for an easier install with Vyatta and it did so beautifully with this hardware. Vyatta acually certifies Dell 850s and 860s. Seriously, the install procedure with the live CD is as simple as logging in as root, typing

install-system

and answering a few very basic questions. All hardware components were detected including the SAS 5IR Dell RAID PCI Express adapter.

The Software

Everything has yet to be setup; it is still a work in progress. BUT these are my plans. There will be a post after the system is up and running about how well everything listed here works.

NOTE: The following assumes you have already setup your ‘real’ IP addresses and static routes.
Read the rest of this entry …

  • 30
  • Nov

I response to my Brute Force Calculator post — I would like to take the time to explain the PHP code involved with the program. This tutorial is written assuming you have basic knowledge of HTML.

The extent of the Brute Force Calulator program deals with these specific areas of PHP:

  • Comments
  • Variables
  • Predefined $_GET Variable
  • Basic Math
  • Exponents
  • If Statements
  • Else Statements
  • Isset
  • Echo Function
  • Including HTML inside of PHP

NOTE: Source code download included at the end of the post.

First thing that I always do when writing PHP is include a big fat comment with the name, description, email, and license. This is important. After all, it is nice to know what the program does, how to contact the author, and to know whether it can be copied or not. I would assume if something does not have a license I can take credit for it. Not that I would do such a thing, but legally, I could. The /* and */ states a multi-line comment. A // states a single line comment. Also, I always verbosely comment each section of the code with valuable information explaining my philosophy and reasoning.

PHP [Show Plain Code]:
  1. /* Brute Force Calculator
  3. Description: Calculates the time taken to brute force any given password
  5. Author: <shane -AT- hackosis -DOT- com>
  7. This program is free software: you can redistribute it and/or modify
  8. it under the terms of the GNU General Public License as published by
  9. the Free Software Foundation, either version 3 of the License, or
  10. (at your option) any later version.
  12. This program is distributed in the hope that it will be useful,
  13. but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15. GNU General Public License for more details.
  17. You should have received a copy of the GNU General Public License
  18. along with this program.  If not, see <http://www.gnu.org/licenses/>.*/

The next part of the PHP code is the retrieval of our variables through the HTML GET method. This data is provided by the HTML form. PHP variables always start with a $.The $_GET variable is a predefined in PHP and “used to collect values from a form”.

PHP [Show Plain Code]:
  1. //Uppercase
  2. $uc = $_GET[‘uc’];
  3.  
  4. //Lowercase
  5. $lc = $_GET[‘lc’];
  6.  
  7. //Numerical
  8. $nu = $_GET[‘nu’];
  9.  
  10. //Special Characters
  11. $sc = $_GET[’sc’];
  12.  
  13. //Random Alpha/Numeric
  14. $ran = $_GET[‘ran’];
  15.  
  16. //Random Alpha/Numeric and special characters
  17. $rans = $_GET[‘rans’];
  18.  
  19. //Phrase or word subject to a dictionary attack
  20. $dict = $_GET[‘dict’];

After we retrieve the variables from the HTML form, using simple addition the total number of characters are calculated and then stored in a variable named length.

PHP [Show Plain Code]:
  1. //Length of password
  2. $length = $uc + $lc + $nu + $sc + $ran + $rans + $dict;

Next, the key space needs to be calculated. If no length is entered for a particular character set, then 1 is assumed. The isset function checks to see if the variable is set and if not, performs the command specified for else. All If and else statements enclose the given commands in curly brackets; { and }. This is performed for each variable that is taken from the form and passed to a variable with a prepended “k” for key space.

The PHP pow function is used to calculate the key space using exponents based on the number of characters in the character set (lowercase a through z includes 26 characters). pow(number of characters in the character set(base number), length(exponent)) which is compared to 264 or 26^4, for example.
Read the rest of this entry …

  • 19
  • Nov

The Problem:

As big as Ubuntu is, I am really surprised there is no firewall included by default. Yes, I know that the functionality is built into the kernel, but do you think half of these newbs running Ubuntu know about iptables?

The Solution:

Guarddog is a GUI Linux iptables/ipchains configuration utility. This is going to save you from having to spend hours of reading about Linux firewall setup and setting up rc scripts, etc.

sudo apt-get install guarddog

Now you have a menu item under Applications -> Internet -> Guarddog. It is pretty much useless unless you are running as a superuser, so run

sudo guarddog

You should get a prompt about not having a rc.firewall, click ok.

Guarddog’s philosophy is to block if not allowed, just like any firewall. Keep this in mind if you go to try to play AssaultCube and it won’t connect.

Guarddog 1
Read the rest of this entry …

  • 06
  • Nov

 
 
PHP-MySQL Logo

There might be many reasons why you may be storing data in a database. As Google has showed us, searching data is an invaluable tool that can help minimize the time that it takes to find the information you need.

I would like to show you how you can build your own PHP search engine to find the information you seek in a MySQL database.

First you will need a LAMP to work from. For Windows users a quick and dirty way is to download and install XAMPP. For Linux users try searching Google for a tutorial.

OK, now we will skip to the part where you have a working LAMP install and a database that needs searching from a web interface. I will assume that you have basic knowledge of and where to put your PHP files and also some basic SQL query syntax.

NOTE: I am not including “<?php” at the beginning of documents, nor “?>” at the end I will assume that you will know that these are the operators to signify php code within a file. You may also download the zip file that contains all of the code examples listed below at the end of this document.

Step 1: We are going to create a config.php file with our database information. Please fill in the correct information for your MySQL database and save the file:

PHP [Show Plain Code]:
  1. $dbhost=‘127.0.0.1′;
  2. $dbusername=‘db_username’;
  3. $dbuserpass=‘db_password’;
  4. $dbname = ‘db_name’;

Read the rest of this entry …

  • 27
  • Oct

 
 
Rootkits

With Linux becoming more and more popular there is a greater risk for malicious code being written. Unlike Windows, there is much less risk for this on a Linux operating system, but there is still a risk.

What is a rootkit?

From Wikipedia:

A rootkit is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Techniques used to accomplish this can include concealing running processes, files or system data from the operating system.Rootkits have their origin in benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Mac OS X, Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.

Q: How do I detect rootkits?

A: Rookit Hunter!

What is Rootkit Hunter?

Read the rest of this entry …

  • 27
  • Oct

 
 
Stream Ripper
Kinda looks like Starwars, don’t it?

Open source, cross platform Streamripper allows you to save streaming mp3 radio stations to your hard drive. And I will show you how.

What is streaming radio?

From Wikipedia:

Internet radio (aka e-Radio) is an audio broadcasting service transmitted via the Internet. Broadcasting on the Internet is usually referred to as webcasting since it is not transmitted broadly through wireless means but is delivered over the World Wide Web. The term “e-Radio” suggests a streaming medium that presents listeners with a continuous stream of audio to which they have no control much like traditional broadcast media. It is not synonymous with podcasting which involves downloading. Nor does e-Radio suggest “on-demand” file serving. Many Internet “radio stations” are associated with a corresponding traditional “terrestrial” radio station or radio network. Internet-only radio stations are usually independent of such associations.

How do I use Streamripper?

Read the rest of this entry …