http POST bruteforce

This post is a bit funny. It wouldn’t have happened if I would not forget a password for this site. This actually never happened to me before: for 1-time sites I have easy 1-time passwords, and for something I am going to be using, I have strong passwords that I do remember. (UPD: not anymore; Troy Hunt made me understand that any password must be unique and very strong)
But for this site I have turned my imagination on, judging by posts dates, first two days I have remembered it, and now, few weeks later, I don’t. I’ve spent like hour typing in passwords, failed.

“I’m a programmer, after all” — I thought, and wrote a program that would bruteforce the password for me. I had a set of “tokens” that I must have used when created a password, it made task much easier. I also didn’t bothered with googling, implementing something fancy, fast, multithreading. Just a copy-paste from my other project, that have a site parsing part. Here it is:

CookieAwareWebClient

Code above allows you to be “logged in” with your WebClient via cookies. Code below is using CookieAwareWebClient to POST login-password, and then trying to download page, that is only available to users, that are logged in. There probably is some much better and faster way to understand, was login attempt successful or not (if you know better solution — please leave a comment), but this one was fast enough for me.

Using CookieAwareWebClient

Now, once I have a list of possible password tokens:

Password tokens example

I just have to iterate over them and their combinations. Voilà!

(I figured out, if something is going to be slow and inefficient — that would be networking, retrieving /admin page in single thread. Not string concatenation and regexp; hence, no optimization here at all)

 

Links:

Download sources

msbuild and msdeploy for Orchard

This site (UPD: not anymore!) and my russian site about buying items with Shipito are running on Orchard CMS. Orchard is open source project, it uses ASP.NET MVC 3, Razor syntax, it uses dynamic extensively. It is much easier to add own Modules or just edit existing ones if you have full sources of Orchard. But converting sources into deployable package is not an easy task. Since Orchard already had Orchard.proj msbuild project, compiling will be done with msbuild. Web server is “WebMatrix friendly” IIS, I will be using msdeploy to deploy package on server.

Original msbuild project is doing following: clean, compile, test, package. Everything is fine, except I don’t want source files on server.

Copy sources disabled

 

I also want Warmup, ImportExport and DesignerTools modules to be in package.

Preserve useful modules

 

Doing a few steps forward, I also want deploy to not delete folder with site information that is on server. Following hack will make folder appear in deploy package. This way folder with site info will not be deleted during deploy.

msdeploy hack

 

I also want my CSS and JS to be minified. I will be using YUI Compressor for .Net. I do not want to merge any of JS or CSS files, but I want each of them minified. It’s pretty easy (don’t forget to include Yahoo.Yui.Compressor.dll).

CSS and JS compression target

Note, that without ThreadCulture specified, this compressor was throwing JS with errors. It also can sometimes throw resulting files larger, than source files, if original file was already minified. But overall it works great, I get 30% to 50% js/css file size reduction. That’s it. Read through original Orchard.proj file yourself to understand how it works, it’s pretty straightforward.

Now I have good Orchard package. I need to

  1. customize it for every site I have / will have.
  2. deploy it to server.

Easiest way I found to use same Orchard core and different media for different sites was to inject media into the temp core package archive, deploy it to server, delete it. (I know it sounds too complicated, or even crazy, but it is the best and most universal way to deploy I have found, considering I have restricted access rights for my shared hosting; if you have an idea of how to make it better, please, leave a comment)

Here is my deploy .bat script:

Deploy .bat file

Line 11: create temp package.
Line 12: add files that are in content%site% folder to temp package.
Line 13: put app_Offline.htm file to server, this will effectively shut it down.
Line 14: deploy package to server. Do not delete *Settings.txt files, do not delete Media folder.
Line 15: remove app_Offline.htm file from server.

That’s really brief story of how my Orchard building and deploying is done.

In the end, I just need to type build to build Orchard core, and then stefantsovcom_deploy to deploy this site. I am also able to use Visual Studio 2010, it’s useful for debug and quick response to changes I make.

 

Links:

Download sources

netmf Character LCD

It’s about programming .NET Micro Framework device, Netduino. I will make it work with HD44780-compatible Character LCD.

 

What is this display?

PC2402LRS-ANH-H Character LCD

This one is PC2402LRS-ANH-H, more images at google.

It have 14-pin interface: 4 or 8 data pins, 3 control pins, power, ground, brightness adjust pin. In can display up to 255 different characters, graphics for few of them can be set up by programmer, rest are hard-written in ROM.

 

What can my Character LCD class do?

Class can handle complicated LCD controller protocol / initialization / timing / interface.

Timings from manual

 

It also offer straightforward Hashtable to map symbols you use to ones your LCD have in it’s ROM: some displays have Japanese character set, some have Cyrillic etc.

Character table

 

Sample code

Example usage of Lcd class

Once lcd is created, display is initialized and ready to work. This code does creeping line.
Here are class public members:

Visual Studio 2010 + ReSharper File Structure

 

Once you know how your LCD microcontroller works, it’s pretty straightforward. But to understand it, you might need to read some manuals. You can also find online LCD simulator very useful.

Here is BitBucket open source netmf LCD page.

If you have any questions, if you want something added or you have a change suggestion, do not hesitate to leave a comment.

My work desk with Netduino and Lcd connected

Close view on Netduino and Lcd connector

Character LCD in action

UPD: my Character LCD class was mentioned at Microsoft blog. Woot! :)