Revising the course Hack Yourself First and insert Tesla Model S

March 31st, 2016 No comments

Last year, I had the chance to attend one of the excellent workshop “Hack Yourself First” presented by Troy Hunt: http://www.troyhunt.com/2016/02/more-europe-even-more-again-and-more.html

Now it’s time to practice again by using the (very simple) tool Havij and use the dedicated and deliberately vulnerable website http://hackyourselffirst.troyhunt.com/

To celebrate the unveiling of Tesla new car, I just played a little with Havij and I updated an existing car with Tesla Model S P90D characteristics: http://hackyourselffirst.troyhunt.com/Supercar/8

I guess the changes will be reverted soon, so I took a screenshot:

Sans titre3

Sans titre2

Just for reference, here is the SQL script I used:

UPDATE Make SET name=’Tesla Motors’ WHERE MakeId=8;
UPDATE Supercar SET Cylinders=’V0′ WHERE SupercarId=8;
UPDATE Supercar SET Description=’Model S acceleration is instantaneous, silent and smooth’ WHERE SupercarId=8;
UPDATE Supercar SET EngineCc=0 WHERE SupercarId=8;
UPDATE Supercar SET EngineLayout=’Dual electric motor’ WHERE SupercarId=8;
UPDATE Supercar SET Model=’Tesla Model S P90D’ WHERE SupercarId=8;
UPDATE Supercar SET PowerKw=568 WHERE SupercarId=8;
UPDATE Supercar SET TopSpeedKm=250 WHERE SupercarId=8;
UPDATE Supercar SET TorqueNm=967 WHERE SupercarId=8;
UPDATE Supercar SET WeightKg=2200 WHERE SupercarId=8;
UPDATE Supercar SET ZeroToOneHundredKmInSecs=2.8 WHERE SupercarId=8;

Some of the other attendees created a blog post to summarize what we learned at the workshop:

Categories: Non classé Tags:

U2F (Yubikey) support in Firefox

November 3rd, 2015 No comments

Unfortunately at the moment (2015-11-03), U2F protocol is still not officially supported in Mozilla Firefox.
U2F protocol is mainly promoted by Yubico company (who is selling Yubikeys)

Source: https://bugzilla.mozilla.org/show_bug.cgi?id=1065729

Categories: open bugs Tags: , ,

Emprunter l’identité d’un autre utilisateur en ASP.NET

May 22nd, 2015 No comments

Lors des phases de test/recette, il est souvent utile de pouvoir se connecter en tant qu’un autre utilisateur sur une application, par exemple pour vérifier que les permissions et les différents rôles de l’application fonctionnent correctement.

Dans mon cas, j’avais besoin de pouvoir emprunter l’identité d’un autre utilisateur sur une application Intranet ASP.NET MVC dont le mécanisme d’authentification est de type Windows NTLM (<authentication mode="Windows" />)

La solution que j’ai trouvé est de créer un cookie qui contient le nom du compte utilisateur que je veux revêtir (“impersonation”).
Puis à chaque chargement de page (Global.asax.cs), l’application examine la présence de ce cookie afin de changer à la volée l’utilisateur connecté (HttpContext.Current.User).

Evidemment, pour des raisons de sécurité et d’auditabilité, il faut désactiver ce mécanisme sur l’application en Production.

Voici le code qui permet de faire cela et que j’ai publié sur GitHub : https://github.com/ubikuity/impersonate-windows-user-aspnet
Détails de l’implémentation : https://github.com/ubikuity/impersonate-windows-user-aspnet/commit/ed660effc08f2a89ed621b62bbda6b71e72a6e3e

List of neighboring states for each US state

June 1st, 2014 No comments

I was searching for a list of neighboring/bordering/adjacent states for each USA state.

I asked on StackOverflow but I had no luck: http://stackoverflow.com/questions/12402673/get-the-neighboring-states-of-a-given-usa-state

I wasn’t able to find any open data.

So, I finally decided to create my own list using the following sources:

=> Feel free to verify, contribute and reuse my file: neighbors-states.csv

Notes:

  • The SQL script was created for SQL Server 2008.

Possible improvements:

  • Add a column called “IsApproximativeNeighbor” in the table “NeighborStates” to define properly the relation between Alaska and Washington state even if there is no common border.

Off topic:

Categories: Programmation Tags:

Revue de presse en images Avast antivirus avril 2014

April 27th, 2014 No comments

Aujourd’hui, je vous propose une petite rétrospective des articles qui ont parlé en images et en français d’Avast antivirus.


2014-04-23 : Une apparition d’Avast dans un dessin du blog CommitStrip :


2014-01-24 : Les réunions chez Avast d’après Cyprien :


2010-06-05 : La voix d’avast vu par le Le Geektionnerd, le ‘fameux’ message audio “La base virale VPS a été mise à jour” :


2008-10-20 : Un autre clin d’oeil à Avast sur “Le blog des bits” qui date de 2008 mais que je n’ai découvert que récemment :

Categories: Avast Tags:

What’s new in .NET Framework 4.5

October 1st, 2012 No comments

Here is a nice poster to summarize what’s new in .NET Framework 4.5:

http://www.heikniemi.net/hardcoded/2011/10/whats-new-in-net-framework-4-5-poster/

Concerning ASP.NET, I like:

  • New site template for ASPNET MVC 4
  • Built-in Javascript + CSS combining and minification
  • Strongly typed data binding in ASP.NET Web Forms
  • Multiple file upload component for ASP.NET Web Forms
  • IIS Express used by default (instead of Cassini)
Categories: Programmation Tags:

Difference between “Independent association” and “Foreign key association” in Entity Framework

September 11th, 2012 No comments

I begin to understand the difference between “Independent association” and “Foreign key association” in Entity Framework Code First thanks to this article : http://www.ladislavmrnka.com/2011/05/foreign-key-vs-independent-associations-in-ef-4/

Advice: use both (Independent associations and Foreign key associations):

“This saves on unnecessary DB lookups, allows lazy loaking, and allows you to easily see/set the ID if you know what you want it to be. Note that having both does not change your table structure in any way.”

Source: http://stackoverflow.com/questions/5281974/code-first-independent-associations-vs-foreign-key-associations

Categories: Entity Framework Tags:

Which version of ASP.NET MVC is used in an existing Visual Studio project

September 11th, 2012 No comments

Question: how to find which version of ASP.NET MVC is used in an existing Visual Studio project?

Answer: via Reflection:

<code>typeof (Controller).Assembly.GetName().Version </code>

Source: http://stackoverflow.com/questions/3008704/how-to-determine-the-current-version-of-asp-net-mvc

Categories: ASP.NET MVC Tags:

Copier coller du texte sans conserver la mise en forme

September 10th, 2012 No comments

PureText est un petit utilitaire qui permet de faire un copier-coller d’un bout de texte sans conserver la mise en forme d’origine (gras, souligné, style, code html, etc.) et de coller uniquement le texte brut.

Source : http://www.stevemiller.net/puretext/

Categories: Utilitaires Tags:

Publier automatiquement votre dernier article de blog sur Twitter

September 10th, 2012 No comments

Le plugin “WP to Twitter” permet de publier automatiquement vos articles de blogs WordPress sur votre compte Twitter.

La configuration du plugin demande quelques minutes d’attention (récupération des paramètres Consumer key, Consumer secret, Access token, Access token secret via https://dev.twitter.com/) mais ensuite cela marche très bien.

En savoir plus : http://cleverwp.com/publish-to-twitter-automatically-from-your-wordpress-blog/

Categories: Wordpress Tags: