It’s actually pretty simple.
Author: Pierre CIHOLAS
Prompting user input in a windowed application, without window
Recently I had to to prompt my user for a number before starting my windowed application and looked for a function to generate sort of a MessageBox but with an input field.
Doesn’t exist apparently.
So I did something that allocates a console to the program, prompt the user classic style with a cin >> variable (would also probably work with other methods, such as scanf and other).
Here’s the code:
#include <Windows.h>
#include <iostream>
#include <string>using namespace std;
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
AllocConsole();
freopen(“CONIN$”, “r”, stdin);
freopen(“CONOUT$”, “w”, stdout);
freopen(“CONOUT$”, “w”, stderr);string message = “”;
cout << “Enter a message:” << endl;
cin >> message;FreeConsole();
// string -> wstring
std::wstring wmessage;
wmessage.assign(message.begin(), message.end());MessageBox(NULL, (LPCWSTR)&wmessage, L”Your input”, MB_OK);
return EXIT_SUCCESS;
}
Send an email via command line (Windows & Linux, using Telnet)
I recently had to send thousands of automatically generated emails. Granted that you have a mail server that is properly managed and won’t get blacklisted (so your mails don’t end up in a spambox on the way), you can automate the sending in a script doing the SMTP transaction procedurally.
The full telnet communication to send an email with a title and content is as follows:
An example of an “Advance-fee scam” (similar to Nigerian 419 scam)
I just received an email from “a politician and a previous member of Ghana’s executive committee on contract awards”, wanting to “relocate funds in a foreigner’s name to avoid any trace” with US $19,500,000 for me if I take part in this deal.
This is obviously a scam of the type advance-fee, but I thought it might be interesting to share on my blog this example of real email, along with the headers and pretty much everything available about it.
Get Process ID (PID) from process name (string) – C++ Windows API
Small function to get PID(s) of process(es) having a specific name.
In short, I create a snapshot of existing processes with CreateToolhelp32Snapshot, then I iterate through all of the processes in the snapshot to find the one with the researched name. The return of the function is a vector (a dynamic array) as there can be several processes with the same name.
Automated full IP WhoIs (with privacy protected info such as emails)
If you need to get all the information possible about numerous IP addresses, including all possible related emails, physical addresses, telephone numbers and more this post is for you.
I recently identified a very large number of critically vulnerable systems worldwide and I needed to contact the persons in charge of these systems to inform them of my findings and request their agreement to conduct further experiment on their systems.
The problem is, a simple whois, online or from the command line (e.g. “whois” in a Linux shell), will give numerous information about the host, but often the email is hidden for whois privacy protection.
After reading the manual of the command whois, I have seen that an extra parameter is available “whois -B” to deactivate the filters and give the email addresses.
It worked for European IPs (using the RIPE NCC RIR), but the command failed miserably for north American IPs (using ARIN RIR); for these IPs with this extra parameter, even the unprotected information was not given anymore.
However, I noticed that some specialised websites such as CentralOPs.net always return the emails when they are available, so I knew it was possible to retrieve them…
1000+ free web proxies supporting HTTPS
1 per line (ip:port), with comment about their origin.
Ready to be used in your scripts (if you access this post in a long time you can just refresh the list with the origin URL)
Make Youtube only suggest you really useful videos (not to procrastinate!)
If you are like me you typically use Youtube for 2 things:
(1) Watch videos related to your work that are useful and are really worth your time and also (2) procrastinate by watching whatever it is you like to watch to pass the time.
There is no problem with this, there’s a time for everything in life, work and relax.
The problem is that Youtube remembers … and suggest …
Therefore, even when you watch work-related videos, Youtube is suggesting you to watch useless stuff based on your previously watched videos.
The consequence is that even when you use their platform to keep informed, it suggest you to procrastinate.
Wouldn’t it be great if Youtube could only suggest you useful videos?
Wouldn’t it be great if we found a way to make Youtube understand that yeah I watched some stupid video but I absolutely don’t want to be suggested others as it takes my precious time?
In short, wouldn’t it be great if Youtube could make you want to get to work instead of suggesting you to procrastinate?
Well this is precisely what I am going to explain in this post!
Reading/writing another program’s memory manually
We keep going deeper into memory reading and writing, but this time no external software, we will learn how to read and write from and to another process (virtual) memory by ourselves.
I have written two programs in C that I will present you and explain step by step. The first one (let’s call it the legitimate program) loads two variables in memory (an integer and a string) and the other one (let’s call it the hacktool) opens the first program’s memory, reads it, prompts the user for a new string to replace into the other program’s memory and replace the memory. Both program allow you to repeat the operation to perform your tests.
Address spaces and memory virtualisation
A very good PDF that summarises how the memory is managed in a modern computer and how the address is virtualised by operating systems:
http://pages.cs.wisc.edu/~remzi/OSTEP/vm-intro.pdf