So as a class project I was trying to build a simple archive cracker. I was simply calling unzip through the shell (using popen) and iterating over a dynamically generated list of words.
Anyways, I setup a test archive with the password "hunter". Now I checked my program with easier passwords and I know it works. However for a lot of "long" passwords, the utility gives a weird error. So I tried, in the case of the above-mentioned archive, manually entering the following passwords:
"pass" - The password dialog reopened, indicating that it was an incorrect password.
"hunter" - The contents of the zip were decompressed in the target forlder.
"dacbe" - I get the error saying "Unable to expand test.zip into "Project" (Error 2 - No such file or directory) or if done via terminal, "Invalid compressed data to inflate".
So I thought maybe it was the utility at fault somehow I switched to Unarchiver, same issue with the same password string. Switched a different third party utility, same issue with the error being "Error on decrunching".
Why is this happening for certain passwords?
I am running macOS 10.12
Unzip has a deliberately weak filter on an entered password to check it for validity. Only one byte of decrypted data is checked, so there is a 1/256 chance of a random password passing that check and proceeding to decompress. As you have discovered, in that case the decompression will soon thereafter detect an erroneous password.
Related
I have a project called kos and it's a simple SUID tool,
recently as a lot of people in private have been asking
me I added authentication storing/remembering,
but it's not that good
So what happens basically is:
Verify that the user has entered the correct password
If the password is correct set the temp_validate_user variable to true and temp_validate_user_id to the authenticated user's ID (e.g. 1000)
In the run_command function, after setting the appropriate IDs (uid, euid, gid and egid) do:
If the last modified timestamp is less than the set max ammount, remove /var/kos/<user id>
Else if temp_validate_user is still set make sure /var/kos exists, if not make it then make a file called /var/kos/<user id> (e.g. /var/kos/1000)
To put it simply we just store a file called /var/kos/<user id> and then check if its last modified timestamp is less than the max ammount
But we got a problem
Even though the dir is root-only with kos you can
get root and if you verify once you can do this:
while true; do echo | kos touch "/var/kos/$(id -u)"; done
And when the user authenticates the file will be
be updated all the time meaning you can have infinite
root bypass
So the question is, is there ANY better way to do this,
I really need to find a better way because as more of the
time passes I keep getting more and more worried about
it and I can't think of anything
Oh and if it wasn't clear already, I don't want to
use PAM or anything else other than pure C or C++
Related commits and lines of code:
https://github.com/TruncatedDinosour/kos/commit/cbcc1346d76b0c47bb4658a1b650de11f74a2727
https://github.com/TruncatedDinosour/kos/blob/main/src/config.h#L62
https://github.com/TruncatedDinosour/kos/blob/main/src/macros.hpp#L40
https://github.com/TruncatedDinosour/kos/blob/main/src/main.cpp#L37
https://github.com/TruncatedDinosour/kos/blob/main/src/main.cpp#L46
https://github.com/TruncatedDinosour/kos/blob/main/src/main.cpp#L23
https://github.com/TruncatedDinosour/kos/blob/main/src/main.cpp#L175
https://github.com/TruncatedDinosour/kos/blob/main/src/main.cpp#L185
https://github.com/TruncatedDinosour/kos/commit/f8c4e79e798c0ffaa15df9d1d77fb91b54e61599
https://github.com/TruncatedDinosour/kos/commit/9ee54bbd01281016d1170c37b0a6cd23433b1227
Thanks for the answers in advance :)
Questions and answers
What's your goal?
Store that the user has logged in for x ammount of seconds
then if x seconds have passed invalidate it,
but until x seconds hasn't passed don't ask the
specific logged in user to enter their password
As #ThomasWeller sudo does the same thing, meaning it's secure
enough, I dropped the terms on the dir from 744 to 711 and file
perms from 744 to 600
Thank you #ThomasWeller once again
What I would like to do is be able to gain access to a computer over the network so I can create a new directory there that I will then save multiple files to throughout the rest of the script.
I have a script that creates a bunch of files that I need to save. The problem is that this script may be ran off any number of computers, but needs to save to the same computer. If I manually remote connect to the computer it prompts me for a username and password, but I am trying to just create a directory there. My code is below, along with the response I get.
if not os.path.exists(self.dirIn):
tryPath = self.dirIn.split("/")[0:-1]
tryPath = '/'.join(tryPath)
if not os.path.exists(tryPath):
os.mkdir(tryPath)
os.mkdir(str(self.dirIn))
else:
os.mkdir(str(self.dirIn))
WindowsError: [Error 1326] The user name or password is incorrect: '//computer/e$/directory/I/am/creating'
I am using Windows, Python27
I was able to just map the drive to my computer using subprocess, do what I needed, and then unmap the drive (optional)
subprocess.Popen("net use E: \\\\computername\\E$ %s /USER:%s" % (password, username))
time.sleep(1) # Short delay to allow E: drive to map before continuing
if not os.path.exists(self.dirIn):
os.makedirs(self.dirIn)
subprocess.Popen("net use E: /delete")
I did run into problems without the sleep, my program wouldn't find the directory without it.
I'm trying to send some files (a zip and a Word doc) to a directory on a server using ftplib. I have the broad strokes sorted out:
session = ftplib.FTP(ftp.server, 'user','pass')
filewpt = open(file, mode)
readfile = open(file, mode)
session.cwd(new/work/directory)
session.storbinary('STOR filename.zip', filewpt)
session.storbinary('STOR readme.doc', readfile)
print "filename.zip and readme.doc were sent to the folder on ftp"
readfile.close()
filewpt.close()
session.quit()
This may provide someone else what they are after but not me. I have been using FileZilla as a check to make sure the files were transferred. When I see they have made it to the server, I see that they are both way smaller or even zero K for the readme.doc file. Now I'm guessing this has something to do with the fact that I stored the file in 'binary transfer mode' <--- whatever that means.
This is where my problems lie. I have no idea at all (yet) what is meant by binary transfer mode. Is it simply that I have to use retrbinary to return the files to their original state?
Could someone please explain to me like I'm a two year old what has happened to my files? If there's any more info required, please let me know.
This is a fantastic resource. Solved most of my problems. Still trying to work out the intricacies of FTPs, but I guess I will save that for another day. The link below builds a function to effortlessly upload files to an FTP without the partial upload problem that I've seen experienced by more than one Stack Exchanger.
http://effbot.org/librarybook/ftplib.htm
I am using MAPISendMail() in an MFC application, and am having a problem that webmail clients sometimes receive a winmail.dat attachment, instead of the "real" attachments.
I have researched a lot, and have found that others are experiencing this problem too, but have not found a solution.
I believe that the problem may be in my MapiFileDesc structure, in which I leave the lpFileType member pointing to NULL, in order to have the mail program (In my case Outlook 2010) determine the file type automatically.
lpFiletype is a MapiFileTagExt structure, and the documentation says this:
A value of NULL indicates an unknown file type or a file type determined by the operating system.
So I believe this should work for common types, such as JPEG or GIF and such.
I read that the winmail.dat is caused by Outlook sending the mail encoded with the ms-tnef encoding, which is proprietary to Microsoft. However, when sending the email, Outlook shows "HTML" as highlighted, not RTF.
Has anyone encountered this problem and properly solved it?
Sending via SMTP and such is not an option, because the user should have a copy of the message in their Sent Items folder.
Using the Outlook object model is not an option, because that would require the user has Outlook installed, and not any MAPI compatible client.
I was having similar issue.
I found a KB article that has interesting information in "One-Off Addressing" section, saying that when address is provided in the format [SMTP:SMTP Address] - then e-mail is always sent in rich text format.
For me the fix was not to set "Address" property of MapiRecipDesc object at all. Instead I put the address in Name property. The opening dialog then does not resolve the address at first, but it resolves it right before sending and then it is not sent in RTF!
I even got it working with recipient's name together with address:
MapiRecipDesc.Name = "Firstname Lastname <mail#address.com>";
I, too, was getting all attachments as WinMail.Dat files for the jclMapi.JclEmail, InternalSendOrSave routine, which is called by jclEmail.Send.
What I did was essentially follow jtmnt's answer and changed:
RealAddresses[I] := FAddress; //do not add the Recipients.AddressesType + AddressTypeDelimiter
and I changed:
lpszName := PAnsiChar('"' + AnsiString(RealNames[I])+'" <' +
AnsiString(RealAddresses[I]) + '>');
lpszAddress := '';
This worked so that I no longer was sending WinMail.dat files as attachments, instead the intended PDFs and MP3s were being sent.
What I really want to report is that I was using an OLE routine that was working fine in Windows 7 and stopped working in Windows 8. Thus, I started looking at the MAPI solutions but found this problem with Winmail.dat files being attached. I could not find any mention of this issue with OLE (with Outlook) not working properly in Windows 8.
(Both:
OutlookApp := GetActiveOleObject('Outlook.Application') and
OutlookApp := CreateOleObject('Outlook.Application')
were no longer working in Windows 8, but continued to work fine in Windows 7.)
Thanks for the solution. Thought you might want to know how to apply it to the jclMapi code and this issue with OLE in Win8.
Curious in Outlooks behavior is it does matter what length the domain name of the recipient has! If the e-mail address domain is 12 characters or more (I don’t know what the limit exactly is), then we face the problematic TNEF coding.
So: a#hutsfluts.nl goes wrong. While abacadabraandmore#hf.nl will result in plain text encoding.
I guess this is not by design….
The solution mentioned above:
Put the recepient e-mail address in MapiRecipDesc’s lpszName and let the lpszAddress point to an empty string (NOT null!) solves the problem.
Don’t ask me why, for I have no clue why this would influence the encoding.
I've spent all night researching this without a solution.
I'm trying to verify the digital signature of a file in the drives folder (C:\Windows\System32\drivers*.sys) pick whatever one you want. I know that the code is correct because if you move the file from that folder to C:\ the test works.
WinVerifyTrust gives error 80092003
http://pastebin.com/nLR7rvZe
CryptQueryObject gives error 80092009
http://pastebin.com/45Ra6eL4
What's the deal?
0x80092003 = CRYPT_E_FILE_ERROR = An error occurred while reading or writing to the file.
0x80092009 = CRYPT_E_NO_MATCH = No match when trying to find the object.
I'm guessing you're running on a 64-bit machine and WOW64 file system redirection is redirecting you to syswow64\drivers, which is empty. You can disable redirection with Wow64DisableWow64FsRedirection().
if you right click and view properties of file can you see a digital signature? most likely your file is part of a catalogue and you need to use the catalogue API to extract the cert from cert DB and verify it.