Dan Hawkins - Part 2

Rails3 beta3 Authlogic metaclass error

Posted on April 18, 2010 by Danny

I noticed this problem when I tried to use authlogic today:
undefined method `metaclass' for Authlogic::Session::Base:Class (NoMethodError)

Turns out the fix is pretty simple bpauly posted a comment on http://railsplugins.org with the following:
metaclass has been deprecated in favor of singleton_class. http://github.com/rails/rails/commit/763f32ab47b96289a4d7b7107411a83164bf69de


The following changes should get you running for now.
callbacks.rb line 69:

if base.metaclass.method_defined?(:set_callback)

if base.singleton_class.method_defined?(:set_callback)

password.rb line 185: if klass.metaclass.method_defined?(:set_callback) if klass.singleton_class.method_defined?(:set_callback)

So you don’t have to mess much, I took the liberty of forking github and putting the changes in my rails3 branch, so add this to GemFile to fix:

gem ‘authlogic’, :git => ‘git://github.com/danhawkins/authlogic.git’, :branch => ‘rails3”

Share and Enjoy:

Posted in Development, Patches, Ruby / Rails | Tagged authlogic, metaclass, rails3 | 5 Comments

SRC10 – Breaking things with Ruby talk

Posted on April 18, 2010 by Danny

Presenter: Rory McCune

The breaking things with Ruby session was all about penetration testing and security. It was one of the best sessions I attended while at SRC. A couple of tools and techniques were demonstrated, and the Pen testing process illustrated.

Pen testing consists of, scanning, exploitation and reporting. We were given a walk through and detail of tools used at each stage.

Scanning

NMap is the de-facto tool of choice for this task. You can scan entire networks or single IP’s you can choose which ports you want to scan and many other options. Remote OS detection is even available. Once you have performed your scan you can output XML which can be fed directly into other tools.

One thing that was news to me is that there exists ruby-nmap

Exploitation

It was a real treat to be introduced to metasploit. I didn’t even know this tool existed. I think it’s something that would require a long time to master but it basically allows you to choose from 100’s of known exploits and deploy them to targets.

A Windows machine was targeted with one of the known payloads, the payload was delivered and root access was gained in less than w minutes. It was quiet scary on one front, made me glad I’m not a Windows user, thats for sure.

Other exploits demonstrated included loading a generic PDF with and exploit, delivering it and watching as the PDF cause the target to machine to connect back to the host.

Exposing yourself?

The obvious lessons learned were; only expose ports you need, and only expose them to locations that need to get to them. Make sure you don’t give away too much info; for instance when your webserver errors, or throws a 500, 404 etc make sure the server description doesn’t give away whats running on it. This can make it very easy for an attacker to identify a way in.

Reporting

Reporting was only covered very briefly, but Dradis was mentioned.

Resources

Metasploit Unleashed
Carnal Ownage
Dark Operator Blog
The Slides from the session

Example Videos

Metasploit Demo from Westin on Vimeo.

How to own a Windows XP Sp2 system using MS08-67 vulnerability and run netcat as backdoor with Meterpreter? from Cycops India on Vimeo.

Share and Enjoy:

Posted in Conferences, Development, Security, SRC10 | Tagged scotruby, Security, SRC10 | Leave a comment

Google chrome select and CSS

Posted on February 9, 2010 by Danny

If you try and set a background image in a select element in Google chrome and you get shading over the top of the element which completely buggers up the element, I think it’s a bug. I’ve managed to get it to stop adding the shading but at the expense of losing the drop down icon. Just use the following CSS

 select{
 background: url('myimage.png');
 -webkit-appearance: none;
}

Share and Enjoy:

Posted in Uncategorized | 7 Comments

A couple of funny videos

Posted on January 8, 2010 by Danny

Best Fails of 2009:

http://www.huffingtonpost.com/2010/01/07/best-fails-of-2009-video_n_414549.html

Compare the Meerkat:

http://film.comparethemeerkat.com/

Share and Enjoy:

Posted in Funnies | Leave a comment

Automatically generating a sitemap in rails

Posted on January 8, 2010 by Danny

I recently had the need to generate a sitemap using a cron job on a regular basis (nightly) for my ruby on rails app. I found the excellent plugin from Chrisian Hellsten at http://github.com/christianhellsten/sitemap-generator. Which did the trick very nicley. However I have since added a new model and controller in the namespace blog. This caused a problem as the plugin did not look and further than the the app/models folder for the model files. Mine was at app/models/blog/article.rb.

To cut a long story short I fixed the problem by changing the following method find_models in generator.rb:

def find_models
      models = []

      files = Dir.glob(File.join(RAILS_ROOT, 'app', 'models', '*.rb')).delete_if {|c| c =~ /observer\.rb/ } #{|c| c < ActiveRecord::Base== false}

      files.each do |file|
        # Get the class from the filename
        model = file.split('/').last[0..-4].classify.constantize
        # Skip classes that don't have any sitemap options
        next if !model.methods.include?('sitemap_options') || model.sitemap_options == nil

        models << model
      end

      puts "Sitemap WARNING!! No models found. Have you included a call to the sitemap in your ActiveRecord models?" if models.empty?

      models
    end

to...

def find_models
      models = []
      model_path = File.join(RAILS_ROOT, 'app', 'models')
      files = Find.find(model_path) do |file|
        next unless file[-3..-1] == '.rb'
        next if file =~ /observer.rb/
        file.gsub!(model_path,'')
        # Get the class from the filename
        model = file.split('/').map{|f| f.gsub('.rb','').classify unless f.empty?}.compact.join('::').constantize
        # Skip classes that don't have any sitemap options
        next if !model.methods.include?('sitemap_options') || model.sitemap_options == nil

        models << model
      end

      puts "Sitemap WARNING!! No models found. Have you included a call to the sitemap in your ActiveRecord models?" if models.empty?

      models
    end

I also added an XML stylesheet to the plugin to make the sitemap.xml look pretty, the result of this can be seen at http://www.thebatteryguys.co.uk/sitemap.xml and you can install my version of the plugin using ./script/plugin install git://github.com/danhawkins/sitemap-generator.git

The homepage for my fork is at http://github.com/danhawkins/sitemap-generator

Share and Enjoy:

Posted in Development, Ruby / Rails | Leave a comment

Problem with cucumber external selenium testing

Posted on November 30, 2009 by Danny

I have added a features folder to my wordpress install and got a lovely gem called cucumber-wordpress to write cucumber driven tests for wordpress. I decided to get clever and setup selenium cucumber and normal cucumber webrat profiles. I’ve done this fine with rails before but for some reason it just wouldn’t get sorted, turns out i was missing some essentials in my enhanced config (selenium) you need this little snippet to get it all happy:

World do
  session = Webrat::SeleniumSession.new
  session.extend(Webrat::Methods)
  session.extend(Webrat::Selenium::Methods)
  session.extend(Webrat::Selenium::Matchers)
end

Share and Enjoy:

Posted in Uncategorized | Leave a comment

IE fixed width select input bug

Posted on November 27, 2009 by Danny

IE truncates options within a select if the options are longer than the width of the select control. Somehow EVERY OTHER BROWSER manages to expand the options while keeping the select at the fixed width, another reason why ie sucks!!! Anyway here is my fix for this particular issue, it’s not nice using JS to fix it but CSS alone won’t cut it. I created a file called ie.js and included this in an IE conditional block like so:

<!--[if IE]>
<%= javascript_include_tag 'ie.js' %>
<![endif]-->

The file itself contains the following, just replace <selector> with a valid selector:

$(document).ready(function(){

//function to expand the selection box
var expand = function(){
//capture the original width the first time round
if($(this).data('origWidth') == undefined)
$(this).data('origWidth',$(this).css('width'));

//expand the select
$(this)
.css("position","absolute")
.css("width","auto");
}

//function to contract the selection box
var contract = function() {
//no hide workaround for IE6 to stop the element contacting when clicked
if(!$(this).data('noHide'))
$(this)
.css("position","relative")
.css("width",$(this).data('origWidth'));
}

//set the noHide workaround on focus and blur
var focus = function(){$(this).data('noHide',true)}
var blur  = function(){$(this).data('noHide',false); contract.call(this)}

if($.browser.version.substr(0,1)<7){
//IE6
$('<selector>')
.hover(expand,contract)
.focus(focus)
.click(focus)
.blur(blur)
.change(blur);

}else{
//IE7 >
$('<selector>')
.mousedown(expand)
.change(contract)
.blur(contract);
}
});

Take a look at the demo here.

Share and Enjoy:

Posted in Development, Javascript | Leave a comment

jQuery storing data in a tag using internals

Posted on November 24, 2009 by Danny

I had a problem where I needed to store the old name of an input tag so that I could reference what it used to be called. I used the rel attribute to store this (as is common practice) but have come across a much tidier way of doing it which I was surprised to have not seen before.

You can use the data method in the jquery internals http://docs.jquery.com/Internals/jQuery.data for example:
$('#myelement').click(function(){ $(this).data('storedVal',$(this).attr('id')); });

Will store the id in jquery internals and not alter the tag in any way, the data can be retrieved by using:

$(this).data('storedVal');

Just a little snippet but very useful I think.

Share and Enjoy:

Posted in Development, Javascript | Leave a comment

How to make a wordpress plugin

Posted on November 23, 2009 by Danny

So I had my first exposure to writing a wordpress plugin yesterday. It was such a pleasant and easy experience that I thought I better give a little back. So here’s my step by step guide to creating a very simple plugin that produces a shortcode replacement plugin. I don’t pretend to be a WordPress expert, so if i’ve buggered up my approach please do comment and let me know.

Create a folder using the name for your plugin, I’ll use demo_shortcode_plugin, within this folder create your main plugin file. So the folder structure should look like this:

demo_shortcode_plugin
– demo_shortcode_plugin.php
– readme.txt (optional)

The first part of demo_shortcode_plugin.php should contain the information required to let wordpress, and wordpress users know what the plugin is, who wrote it and other meta info. Use the example below as a template.

/*
Plugin Name: Demo Shortcode Plugin
Plugin URI:
Description: A simple demo plugin that will replace [democode arg1='test' arg2='test'] with some text
Author: D. Hawkins
Version: 0.1
Author URI: http://www.danhawkins.me.uk
*/

Next write the actual plugin code, below is a very simple example. I’ve opted to keep my bits wrapped up in a lovely class but you don’t need to do this, you can of course you straight forward structured code. The init method will register the shortcode with wordpress so it knows to process it. The init will be called when plugins have loaded using the add_action call at the very bottom of the file.

You can test your plugin by just adding it to wp-content/plugins directory. To upload it all you have to do is zip up the folder and upload.

if(!class_exists("DemoShortcodePlugin")){
	class DemoShortcodePlugin{
	  //constructor
	  function DemoShortcodePlugin(){

	  }

	  //initialise
	  function init(){
    	add_shortcode('democode', array($this,'func_democode'));
	  }

		//the shortcode replacement function
	  function func_democode($attr){
    	//extract arguments passed in with default values where not present
			extract(shortcode_atts(array(
				'arg1' => 'Default Arg 1',
				'arg2' => 'Default Arg 2'
			), $attr));

			return "Arg1: {$arg1}, Arg2: {$arg2}";
	  }
	}
}

//create instance of class
$demo_shortcode_plugin = new DemoShortcodePlugin();

//get it to initialise at the correct time, in this case after plugins have loaded in case we rely on other plugins
add_action('plugins_loaded',array($demo_shortcode_plugin,'init'));

The full code is here:

/*
Plugin Name: Demo Shortcode Plugin
Plugin URI:
Description: A simple demo plugin that will replace [democode arg1='test' arg2='test'] with some text
Author: D. Hawkins
Version: 0.1
Author URI: http://www.danhawkins.me.uk
*/

if(!class_exists("DemoShortcodePlugin")){
	class DemoShortcodePlugin{
	  //constructor
	  function DemoShortcodePlugin(){

	  }

	  //initialise
	  function init(){
    	add_shortcode('democode', array($this,'func_democode'));
	  }

		//the shortcode replacement function
	  function func_democode($attr){
    	//extract arguments passed in with default values where not present
			extract(shortcode_atts(array(
				'arg1' => 'Default Arg 1',
				'arg2' => 'Default Arg 2'
			), $attr));

			return "Arg1: {$arg1}, Arg2: {$arg2}";
	  }
	}
}

//create instance of class
$demo_shortcode_plugin = new DemoShortcodePlugin();

//get it to initialise at the correct time, in this case after plugins have loaded in case we rely on other plugins
add_action('plugins_loaded',array($demo_shortcode_plugin,'init'));

Share and Enjoy:

Posted in Development, PHP, Wordpress | Leave a comment

New Beginnings

Posted on October 19, 2009 by Danny

Time to get my blog back on the go. Starting fresh, no history just a brand new slice of life, code and adventure (if we’re lucky)

Share and Enjoy:

Posted in Uncategorized | Leave a comment

Danny Hawkins

Rails3 beta3 Authlogic metaclass error

SRC10 – Breaking things with Ruby talk

Scanning

Exploitation

Exposing yourself?

Reporting

Resources

Example Videos

Google chrome select and CSS

A couple of funny videos

Automatically generating a sitemap in rails

Problem with cucumber external selenium testing

IE fixed width select input bug

jQuery storing data in a tag using internals

How to make a wordpress plugin

New Beginnings

Search

Calendar

Categories

February 2012
M	T	W	T	F	S	S
« Aug
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29

Scanning

Exploitation

Exposing yourself?

Reporting

Resources

Example Videos

Search

Calendar

Categories

Tags