Showing posts from October, 2012

SQLite3 class in Python

For my working, i created class using sqlite3 to manipluate database: #!/usr/bin/python import sqlite3, sys class database:     'Database sqlite3 class'     def __init__(self, name): = name         self.create_database()     def create_database(self):         self.conn = sqlite3.connect(         self.c = self.conn.cursor()     def query(self, query):         try:               r = self.c.execute(query)             self.conn.commit()             return r         except sqlite3.Error, e:             print "Error %s:" % e.args[0]             sys.exit(1)     def query2(self, query):         try:               self.c.execute(query)             r = self.c.fetchall()             return r         except sqlite3.Error, e:             print "Error %s:" % e.args[0]             sys.exit(1)     def check_database_exits(self,table_name):         re = self.query2("SELECT name FROM sqlite_master WHERE type='

Python - Multithread to read one file

Today, i am working with python. I need write script to read one file, and get line by line, per line deliver one thread process ( total 10 threads). I want solution, so i chose working with thread and queue. In python, when procsess initializate, this process will be assigned with queue, and working with this queue. We will put data ( in this case is line) to queue. Process will read from queue, so, all processes can read one file, not overlap :D import threading import Queue #Number of threads n_thread = 5 #Create queue queue = Queue.Queue() class ThreadClass(threading.Thread):     def __init__(self, queue):         threading.Thread.__init__(self)     #Assign thread working with queue         self.queue = queue     def run(self):         while True:         #Get from queue job             host = self.queue.get()             print self.getName() + ":" + host         #signals to queue job is done             self.queue.task_done() #Create number proce

Format String Attacks to maniplulate information anywhere in memory

By manipulating programs that misuse the printf and related command, an attacker can Read arbitrary information from memory. And, maniplulate information anywhere in memory. So, an attacker can have complete control over victim process The right way: printf("%s",buffer); The wrong way: printf(buffer); If program is implemented in "wrong" way, an attacker can place input into the string that will be interpreted as a string format So, an attacker can print memory, stack. In easy way to understand that main() {     char user_input[100];     char buffer[100];     int x = 1;     ....     /* get user input*/     ...     snprintf(buffer, sizeof buffer, user_input); <==== Oh, forgot the format string, the user input will be interpreted as the format   } Attacker enter "%x %x %x" into user_input, becomes: snprintf(buffer, sizeof buffer, "%x %x %x");. And buffer now contains the next three hexadecimal value on the strack, so, we can rea