Apr 30, 2015

Simple Python cmdline argument handling

Tags: ,
In Python, there are optparse module and its newer version, the argparse module, to build powerful solutions for command line interfaces.

Here is another simpler way to do the similar way, that handle the argument directly mapping to function arguments.

Below is the script:
#!/usr/bin/python
import sys
def do(x, y, z='zd'):  print 'x:', x  print 'y:', y  print 'z:', z
if __name__ == '__main__':  # Map command line arguments to function arguments.  do(*sys.argv[1:])

Let's pass in with 3 arguments:
$ ./do.py a b cx: ay: bz: c
Let's pass in with 2 arguments:
$ ./do.py a bx: ay: bz: zd
Let's pass in with 4 arguments:
$ ./do.py a b c dTraceback (most recent call last):  File "./do.py", line 12, in <module>    do(*sys.argv[1:])TypeError: do() takes at most 3 arguments (4 given)[1]    23517 exit 1     ./do.py a b c d
Let's pass in with 1 arguments:
$ ./do.py aTraceback (most recent call last):  File "./do.py", line 12, in <module>    do(*sys.argv[1:])TypeError: do() takes at least 2 arguments (1 given)[1]    23536 exit 1     ./do.py a

Apr 1, 2015

It's....

Tags: ,
"It's done." - developer
"It's secure". - vendor
"It's deployed." - admin
...
"It's 0wn3d." - #hacker

Mar 11, 2015

Format Your PC

Tags:
Format Your PC after....

Nov 6, 2014

Kitty to Replace Putty

Tags:
Just switch from Putty to Kitty recently, for a few reasons:

  • Available in Portable format (like Putty).
  • Built-in transparency.
  • Quick start of duplicate session (ctrl+shift+click).
  • kscp integration (drag and drop or ctrl+F3).
  • hidden text editor (shift+F2).

Oct 13, 2014

ShellShock Attack Vectors

Tags: , , ,
Shellshock attack is popular, and wormable too. However, it requires an attack vector for it to works. Here're some of the common attack vectors for shellshock to work:

  • (Apache/etc) httpd - If the CGI script calls Bash, the script could execute arbitrary code as the httpd user. mod_php, mod_perl, and mod_python do not use environment variables and we believe they are not affected.
  • (Secure Shell) ssh -  It can be used to execute any command, via ssh, scp, git, rsync, etc.
  • dhclient - The Dynamic Host Configuration Protocol Client (dhclient) is used to automatically obtain network configuration information via DHCP. This client uses various environment variables and runs Bash to configure the network interface. Connecting to a malicious DHCP server could allow an attacker to run arbitrary code on the client machine.
  • CUPS - It is believed that CUPS is affected by this issue. Various user supplied values are stored in environment variables when cups filters are executed.
  • sudo - It could still be possible for the running command to set an environment variable that could cause a Bash child process to execute arbitrary code.
  • Firefox - No detail about it as of now.
  • Postfix - While the Postfix server does call Bash in a variety of ways, the Postfix server will replace various characters with a ?, and may allow an arbitrary environment variable be set by the server. It is however possible that a filter could set environment variables.

Subscribe to: Posts (Atom)