nops 0x9090

## gist:2d2d632be2e7fe5eb0d5
1: Restrict all code to very simple control flow constructs. Do not use GOTO statements, setjmp or longjmp constructs, or direct or indirect recursion.

2: All loops must have a fixed upper bound. It must be trivially possible for a checking tool to statically prove that a preset upper bound on the number of iterations of a loop cannot be exceeded. If the loop-bound cannot be proven statically, the rule is considered violated.

3: Do not use dynamic memory allocation after initialization.

4: No function should be longer than what can be printed on a single sheet of paper (in a standard reference format with one line per statement and one line per declaration.) Typically, this means no more than about 60 lines of code per function.

5: The assertion density of the code should average a minimum of two assertions per function. Assertions must always be side effect-free and should be defined as Boolean tests.

## gist:cb1e3b20f65c0919313d770d269f2486
- clear your browsers cache, delete everyting (this will log you out)
- visit the page with the fresh reseted browser and see what cookie you get when you visit page first time (without being logged in)
- save this cookie for later
- now browse the site while beeing NOT logged in, see if and how the cookie changes
- after collecting all data that not involves a session, go and log in
- save this cookie, now compare with the cookie you gathered at first visit
- check what fields have changed, those that stayed same will move down on the list as second choice for alter testing
- any value that has changed, or any parameter that was beeing added, is now to be investigated
- now try changing values, start with the IP and useragent field first
- see if it logs you out after changing your useragent

## listener.py
#!/usr/bin/env python
import socket, sys

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
port = 6675
server_address = ("0.0.0.0", port)
sock.bind(server_address)
sock.listen(1)

while True:

## gist:5444937462311cb5a075
These are some common Linux programs which can be used to execute other software. This demonstrates the risk of implicitly granting sudo privledges to non-suid programs. For example, if you lock down sudo to everything except for vim, then a local attacker could still open a full root shell with that limited sudo vim privledge.


tcpdump
$ tcpdump -n -i lo -G1 -w /dev/null -z ./program.sh

tar
$ tar c a.tar -I ./program.sh a

zip

## bin_to_cstr.py
#!/usr/bin/env python
import os, binascii

# Converts the target binary file to a C formatted string. Useful for embedding binary files in C source code

target = "C:\\Windows\\System32\\cmd.exe"
output_file = "C:\\file.txt"
bytes_per_line = 16


## gist:57bbebd350cce6dcc51253b28894708d
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -L -v

## gist:e02577d3bfa20d164b87f85cf60dc0e3
--- Reproduced From OneUpSecurity (Justin Taft) --- https://www.oneupsecurity.com/research/five-minute-guide-to-software-security/


Education is the best way to mitigate security breaches. Remember, security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.

Hacker Mentality
Study and question everything. Break to learn, don't learn to break.

Don't assume something is secure without testing it.
Secure specifications are often implemented insecurely.

## makeApp.sh
#!/bin/sh

# Usage:
#   makeApp.sh <appname> <url> <iconurl>
#
# Examples:
#   ./makeApp.sh Gmail https://gmail.com http://3.bp.blogspot.com/_rx1dHU9EQFY/THCcfaArRsI/AAAAAAAAB-k/-T1oLDCAEZg/s1600/gmail_logo_contact.png
#   ./makeApp.sh Gmail file:///path/to/my/downloaded/icon

# The app name. Example "Gmail". No spaces.

## gist:4d14a68afe6c8314f92e

<html>
<head>
  <title>sneaky copy-paste terminal example</title>
</head>
  <style>
    .codeblock {
      background-color: lightyellow;
      border: 1px dotted black;
      margin-left: 50px;

## port_scanner.py
#!/usr/bin/env python
import socket
import subprocess
import sys
from datetime import datetime


remoteServer = raw_input("Enter a remote host to scan: ")
remoteServerIP = socket.gethostbyname(remoteServer)
	1: Restrict all code to very simple control flow constructs. Do not use GOTO statements, setjmp or longjmp constructs, or direct or indirect recursion.

	2: All loops must have a fixed upper bound. It must be trivially possible for a checking tool to statically prove that a preset upper bound on the number of iterations of a loop cannot be exceeded. If the loop-bound cannot be proven statically, the rule is considered violated.

	3: Do not use dynamic memory allocation after initialization.

	4: No function should be longer than what can be printed on a single sheet of paper (in a standard reference format with one line per statement and one line per declaration.) Typically, this means no more than about 60 lines of code per function.

	5: The assertion density of the code should average a minimum of two assertions per function. Assertions must always be side effect-free and should be defined as Boolean tests.
	- clear your browsers cache, delete everyting (this will log you out)
	- visit the page with the fresh reseted browser and see what cookie you get when you visit page first time (without being logged in)
	- save this cookie for later
	- now browse the site while beeing NOT logged in, see if and how the cookie changes
	- after collecting all data that not involves a session, go and log in
	- save this cookie, now compare with the cookie you gathered at first visit
	- check what fields have changed, those that stayed same will move down on the list as second choice for alter testing
	- any value that has changed, or any parameter that was beeing added, is now to be investigated
	- now try changing values, start with the IP and useragent field first
	- see if it logs you out after changing your useragent
	#!/usr/bin/env python
	import socket, sys

	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	port = 6675
	server_address = ("0.0.0.0", port)
	sock.bind(server_address)
	sock.listen(1)

	while True:
	These are some common Linux programs which can be used to execute other software. This demonstrates the risk of implicitly granting sudo privledges to non-suid programs. For example, if you lock down sudo to everything except for vim, then a local attacker could still open a full root shell with that limited sudo vim privledge.


	tcpdump
	$ tcpdump -n -i lo -G1 -w /dev/null -z ./program.sh

	tar
	$ tar c a.tar -I ./program.sh a

	zip
	#!/usr/bin/env python
	import os, binascii

	# Converts the target binary file to a C formatted string. Useful for embedding binary files in C source code

	target = "C:\\Windows\\System32\\cmd.exe"
	output_file = "C:\\file.txt"
	bytes_per_line = 16
	iptables -P INPUT ACCEPT
	iptables -F
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT ACCEPT
	iptables -L -v
	--- Reproduced From OneUpSecurity (Justin Taft) --- https://www.oneupsecurity.com/research/five-minute-guide-to-software-security/


	Education is the best way to mitigate security breaches. Remember, security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.

	Hacker Mentality
	Study and question everything. Break to learn, don't learn to break.

	Don't assume something is secure without testing it.
	Secure specifications are often implemented insecurely.
	#!/bin/sh

	# Usage:
	# makeApp.sh <appname> <url> <iconurl>
	#
	# Examples:
	# ./makeApp.sh Gmail https://gmail.com http://3.bp.blogspot.com/_rx1dHU9EQFY/THCcfaArRsI/AAAAAAAAB-k/-T1oLDCAEZg/s1600/gmail_logo_contact.png
	# ./makeApp.sh Gmail file:///path/to/my/downloaded/icon

	# The app name. Example "Gmail". No spaces.

	<html>
	<head>
	<title>sneaky copy-paste terminal example</title>
	</head>
	<style>
	.codeblock {
	background-color: lightyellow;
	border: 1px dotted black;
	margin-left: 50px;
	#!/usr/bin/env python
	import socket
	import subprocess
	import sys
	from datetime import datetime


	remoteServer = raw_input("Enter a remote host to scan: ")
	remoteServerIP = socket.gethostbyname(remoteServer)