I buy music from Legalsounds.com as they are far cheaper than iTunes. Last year I spent over $700 USD on iTunes alone and about $150 on LegalSounds. All of which is lost to my recent house fire Anyways, once you purchase music from them you are given a list of URLs to the mp3’s. This is very odd and I wish they would change this to maybe sending you a link to a zip file or something if you purchase the whole album.

Anyways, I was asked not to use a download manager at work as they tend to alarm the packet shapers into thinking I am doing P2P crap. Okay, I will use wget then! wget is an amazing tool which comes by default with all newer versions of Linux (save for a few embedded kernels I am sure). wget will simply “web HTTP GET” a link and save it locally on your computer. Now that I have a list of URLs, let’s write some code, eh?

say our list is like this (for brevity it is a small example, but the code is very powerful and you can actually do this with as many links as will fill your RAM):

okay I will use sed to make this say “wget” before each link and then make it an executable and run the executable (w)getting each file.

cat files.txt | sed 's/^h/wget h/g' > out.txt
cat out.txt
  wget http://files.com/file0.mp3
  wget http://files.com/file1.mp3
  wget http://files.com/file2.mp3
rm files.txt && chmod +x out.txt
./out.txt


Now after the terminal (STDOUT) fills up with warnings, statuses, and errors, or what not, an ls will show that we now have 3 files! That was “Bash Scripting” basically the ./out.txt ran each line in the out.txt file, just as if you ran the lines one at a time from the terminal.

Now for some reason, legalsounds.com appends a weird ‘%3D’ at the end of each mp3 filename, making it not readable by my Android phone! What a bummer! So what do I do? Bash Script!!

ls | grep -v 'txt' > names.txt
while read foo; do bar=`echo $foo | sed 's/%3D$//g'`; mv $foo $bar; done < names.txt


Now that isn't a file, that's a one-liner Cthluhuian Bash Script of Beauty. With that small code right there, we have successfully removed ALL appending '%3D's, using Regular Expressions too! We re-named all files in a directory (filtering out txt files). This blew my mind yesterday. I sat and looked at my phone and felt like a genius. Bash Scripting is a powerful thing to know.

I hear people talk to me about how Linux is hard and that they would switch from Windows to Linux if Linux didn't have a command line. Well, then don't switch at all. Seriously, stay with Windows. You pay peoples salaries as they remove malware and viruses and fix your OS's frail registry simply because you think it's easier to do task such as the one above, by adding 10's, 100's, 1,000's or even 1,000,000's of mouse clicks into your life. So be it.

I can't help but smile when I see that code. It's beautiful.

~Douglas.

I didn’t think I would have to come back to this subject so soon, but I have to share this story because this is something I see everyday at my job. I am a technical support / Systems Admin / Software Developer for a University. My Job title is smaller than that and my duties reach far beyond that, at the same time. Anyways, I get systems that are virus ridden. I see broken machines, systems with huge loads on CPU/RAM/(I/O), smashed laptops..you name it, I see it. Today I encountered a Vista Virus called Vista AntiVirus Pro 2010 or as I see it: av.exe This little bugger was deeply embedded. I am going to go over a few reasons in order as to why I hate dealing with Windows and why I believe it to be only made for one purpose: World of Warcraft.

The first thing I saw was that I couldn’t stop it via TaskManager.  This is normal.  usually malware can make their own svchost.exe or even splice themselves or a rogue file with one that is already running.  TaskManager, is a grandiose title for such an application in Windows.  It should be renamed to TaskEmployee.

Next I downloaded Malwarebyte’s AntiMalware tool.  This tool is absolutely amazing.  This tool is free.  This tool is NOT part of Microsoft Windows.  Why?  Well, I guess they know that they can make more money by being so fragile.  I am sure their genius developers could have thought up an anti-Malware tool they could build right into their OS by now? Pshh..  Anyways, this tool didn’t work.  Each time I would run the tool, TaskEmployee would tell me that I ran av.exe!  Oh no!

I boot into “SafeMode.”  What makes this “Safe?”  Well, they stop all things from starting automatically for you, similar to you un-checking everything in msconfig that is not from Microsoft.  As I double clicked on mbam-setup.exe (MalwareBytes) in SafeMode, I realized that av.exe opened up again!  This isn’t good, this could only mean one thing!

I opened “Windows Explorer” in SafeMode and did a search for “av.exe” in the top right search bar.  Well, nothing turned up as the file av.exe usually resides in the AppData folder of the current user – which is a hidden folder.  Then I noticed that there was no menu for Windows Explorer!  I couldn’t even change the setting to view “hidden” files and folders!  (I think I will try a real OS that handles files like a real OS should.)

I boot into WeakNet Linux Text Only Mode.  I mount the drive and run find on the users folder for ‘av\.exe’  This finds it immediately and I remove it.  I reboot.  Hrmm, why couldn’t the Windows OS do this for me?  Because it’s made for playing MMO’s NOT file management.  The name “Windows” is still a good name for this OS, I give it that.  Only because it can handle MMO windows that are open pretty easily.

Now I try to run mbam-setup.exe and guess what happens?  Yeah, Windows has no idea what an exe file is!  In fact, it’s so lame that it actually asks me to use another exe file to open it!  Guess which one! Go ahead!  Yeah, Adobe Acrobat.  Something NOT EVEN MADE BY MICROSOFT.  So I click “search online for an appropriate application” and I find something that I think is a gem.  Go to this page, and make “EXE” your file type: (I already did by adding it into your URL)

http://shell.windows.com/fileassoc/0409/xml/redir.asp?EXT=EXE

This is priceless, like a gem.  Like a gem that sits away hiding from the world and once found glows so beautifully that it opens up peoples’ eyes to new perspectives.  Yeah it says and I quote:

“Description: Windows does not recognize this file type.”

And then has a few sponsored links below it that contain Malware themselves.  Okay so right now, I can clearly see that the “OS” has no idea what a Windows native binary is and Neither do the developers of the aforementioned support site.  This is what happens.  This is were people end up being cattle.  You get herded around the internet by redirect sites and wind up with a virus that completely destroys your registry and “OS.”  At the same time, you don’t even know it’s a virus because it looks similar to and says that it is a legitimate Antivirus Client for Microsoft Windows.  To me that is just a huge kick in the balls to the company who made such a lame “OS”  (I use OS in quotes because they [ Microsoft ] accidentally named their buggy software an “operating system”).  But Microsoft likes that.  They like making money from it.  They like the fact that others’ are making money from it as well, like for instance Symantec.

Speaking of Symantec:

Wanna see something hilarious?  Well, you’re reading my article so I will show you anyways!

That is an “Antivirus Client.” Or so Symantec says so. See how it’s green? That means that everything is fine and dandy according to the “Antivirus Client.” You have no viruses or Malware! (Except for the one in the HUGE WHITE SPEAKING BUBBLE ABOVE THE SYMANTEC ICON.) Here are a few more shots of this in action:

This is tremendous. We have these HUGE software developers who make software under the wrong names! Windows isn’t an “operating system.” Symantec Norton AV, is NOT an “AntiVirus Client (Even if you have Malware protection through them, it’s useless).” These are sad times. Linux and the Linux kernel gets stronger everyday. Millions upon millions of dedicated SMART individuals are working together on the security, hardware support, and simple softwares for this OS. Windows is a lame cow. Or as Stewie once said on Family Guy “Lamer than FDR’s legs.”

Now I try to fix the registry with a .REG file. This file contains the lines:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
"exefile"=hex(0):

As instructed by Microsoft and many Microsoft support technicians. It did nothing. Once again, Windows asked me to open all EXE files with Adobe Acrobat as a suggestion. This happens everyday. Rogue antivirus clients should be the death of the fake OS. Malware should be the death of the Fake OS. For Malware truly shows how strong UNIX and Linux can actually be.

~Douglas.

Yeah, I have been releasing applications into the Google market recently and would like to share a few thoughts about it all. My first app was for the Taming The Electron show and plays the most recent episode streamed right from my web server. This was alright, but since most 3g connections are slow, you end up with a “wait or force close” window. If you click wait and leave it for a minute, it plays just fine.

The second, was a Blue Box application. This plays MF tones for a certain amount of time, when the corresponding buttons are pressed, emulating what was used to signal to the switches way back when. This, theoretically can still be used today, but you simply need to know where to call and how to signal to the switch (timing). I imagine people downloading this app who don’t know what a Blue Box even is and thinking it is stupid, and sounds like a broken DTMF pad (as the tones to slightly resemble those of a regular touch tone phone). So far this has had 302 downloads. I would like to expand on it in the future and make it so it can store tones and play them back sequentially, but this would take me a good while as I need to still learn more about Java.

http://en.wikipedia.org/wiki/Blue_box

The Third, is a simple Red Box application. This application just plays Red Box tones when a coin is pressed. These tones are used to fool live operators on the phone, or ACTS when you rarely get ACTS on the phone. There were a few good ways to get ACTS on the phone and you still can from a pay phone, but after Royal’s Red Boxing article in 2600 (I’m sure it’s a coincidence, Verizon, I mean, why would you read 2600?) a few of those ways where fixed in my area. One old trick was to simply dial 411 and when asked for money you could hit the hook switch of the unit quickly, which closed a circuit just long enough to make the 411 system think you dropped in coins. Once you did that, you would get a live operator in which you tell what business or residence you are looking for. Then ACTS would get on the line after the hung up. Well, this is what I am told used to work anyways,

http://en.wikipedia.org/wiki/Red_box_(phreaking)

The fourth, unreleased application is Catchme-NG! the Router Hunter version. This app simply uses WiFi to scan for a certain MAC address, encryption type, or BSSID while your phone is in your pocket. If found, it will play an alarm sound. This is kind of like the true Catchme-NG! application, which was also in 2600 magazine, but it only searches for routers. There are still a lot of bugs, but it works okay most of the time. I have recently added a “stop scanning” button, but it causes the application to force close. Also, I noticed that the scanning times are very much different depending on which version of Android you are actually using! 1.6 scans MUCH faster than 2.0! This is all still quite confusing and Google refuses to help me fix my Merchant account, (as they have absolutely NO CUSTOMER SUPPORT) so this may very well never actually hit the market. I still have hope though!

If you really think about these applications (besides Catchme-NG!) , they are simply sound board applications. Sound boards can be lame, but at least you know what you are downloading. What we should also consider is the amount of time it takes to learn enough about programming and Android and IDE’s and SDK’s and AVD’s and, well, the list goes on, until you can actually make such a thing. This wasn’t easy at all, as it seemed that documentation for actually making an app is completely scattered all over the internet. I even read a few Android books, but they all seemed to be targeting people who were already familiar with Java, or C++–.

So, what to do? I have begun and ultimate beginners’ guide! So far it’s a few pages long, but it is succinct and uses a lot of good examples and images. This guide could very well take me the better part of a few days to complete. But, once I am done, it will be worth more to people than the apps themselves i am sure. I haven’t released a new paper in a long time, so this will be a good exercise; you actually learn from teaching.

~Douglas.

I have written a few papers in the past about malware removal and how I was witnessing – before my eyes, the death of the Computer Virus. Yup, computer Viruses are pretty much gone it seems. Malware, Spyware, Scumware, which ever name you choose to call it has pretty much taken over. Yeah, there are still exploiting, rooting, etc, but those don’t really count. You can set up a malicious web server that hosts Ruby on Rails and Metasploit with the latest and greatest IE exploit in seconds and add your website to Google. Sooner or later, with the correct settings, you will get a bite and a shell. This really isn’t a virus though, this is more like a trap. Malware is the new internet STD. If your browser is promiscuous enough, sure, it will get your PC infected. You have to not think with your Browser when browsing, simply stay safe then right? Wrong. I have legitimately seen a system get infect within minutes of browsing completely “legit” websites!

Removing said Malware is sometimes pretty complicated, but I have found a sure-fire easy way to do so. Day to day, I spend a lot of time studying and removing viruses from students machines in a university. Sometimes I go so far as to setting up another laptop to act as the “internet” and run Wireshark to analyze packets that are sent out of the infected machine from the Malware. This is rough, but sometimes I even go as far as getting the actual EXE and ripping it apart with Reverse Engineering tools.* But I won’t go into analysis or forensics, I am just going to show you a quick and easy way to get rid of it. In this example I will be removing “Personal Security Tool.”

First recognize that the system has the rogue AV client. They are usually named something very imaginative like “Windows Police Pro 2010″ or “Security Tool 2010″ Once you realize you are infected, try opening up Task Manager with CTRL+SHIFT+ESC If it doesn’t come up, you maybe be pretty badly infected and may have a “rootkit.” A rootkit is a piece of software that leaves doors open and protects itself at the same time. Even legitimate applications can display this kind of behaviour, like Mcaffee AV Client. Try killing mcagent.exe in TaskManager as “Administrator” in Windows. It’s kind of humorous and the fact that there is an account labeled “Administrator” is, too, quite humorous as it doesn’t really portray any characteristics or abilities an actual system administrator should normally have in the genuine definition. Anyways, if you cannot access TaskManager, you will realize that you cannot run any other application besides explorer.exe! What you need to do is use another machine to download a copy of WNLAv3 HERE Now you need to burn that to disk or extrapolate it to an SD or USB card and boot into it.

Next you need to boot into it. This can be done using your computer’s “boot manager” check your computers’ documentation on how to do so, with DELL you can hit “F12″ at startup, with HP, it’s sometimes “F10″ etc. Once you see the WNLA splash screen, choose the 3rd option down “TEXT ONLY MODE” and let that start up fully.

Then you need to “mount” your hard disk in rw (read – write access) mode. The hard disk is usually labeled sdX where X is an alpha character. Here is an exmaple:
First we need to become root (UID 0):

sudo su

Then type the password “weaknet” and hit enter. Usually I try “sda” first to see what slices are associated with “sda” Slices are partitions, and most computers have more than one partition, due to diagnostics partitions, ThinkVantage, Recovery partitions, or if you are using an Apple computer you can see your Apple partition and such too. Here’s how to check your slices:

ls /dev/sda*
sda1 sda2 sda3

This shows 3 partitions. Try the first one first. Let’s mount it at /mnt/HDD.

mkdir /mntHDD
mount /dev/sda1 /mnt/HDD
ls /mnt/HDD

After the “ls” (which stands for “list”) command, you should see the normal Windows XP root directory. This should include folders like “Documents and Settings,” “WINDOWS,” “Program Files” etc. If you cd into the Documents and Settings directory and you don’t see your username there, chances are you mounted the utility or recovery partition and this won’t do. If you don’t see and of those folders mentioned above you most likely didn’t mount the correct partition. try to unmount it and mount the next one in the list:

umount /mnt/HDD
mount /dev/sda2 /mnt/HDD

Once you get it mounted, you should be able to write ot it or delete files from it as WNLAv3 has NTFS support. Now let’s search for Personal Security Tool. To do this, we use the find command and pipe that info into the grep command with regular expressions at the arguments. That may sound like a lot, but just look how simple the command is:

cd /mnt/HDD
find . * | grep -i '.*psecur.*\.exe'

This found the result since I knew what the file was called. Now, if you have a different Rogue AV virus, you will need to change the part in single quotes after the grep command. Here is an exmample of generalizing the search more to find the psecurity.exe file:

cd /mnt/HDD
find . * | grep -i '.*security.*\.exe'

This found a lot of results including two with PSECURITY in the names. Unix is case sensitive so I issued the “-i” argument to grep to say “ignore case.” Once I found them I deleted them in a overzealous way. Since my regular expression was so nice, the search ONLY found the virus files. So I simply passed it again to the xargs command and rm:

cd /mnt/HDD
find . * | grep -i '.*psecur.*\.exe' | xargs -i rm -rf {}

***DO NOT DO THIS WITHOUT BACKING UP YOUR DRIVE FIRST***
In fact, you shouldn’t do that at all, you should just use the simple “rm” command to remove the files like so:

rm /path/to/file.exe

Once they are fully removed, reboot. Rebooting will cause the drives to be safely unmounted and will then boot back into Windows XP. If all went well, the Personal Security Tool should be absent from the GUI in the OS. Once gone, try “CTRL+SHIFT+ESC” again and see if you get a TaskManager window. If so you win. Now, you need to run malware removal tools and such as soon as possible. I;d recommend using:
1. ComboFix
2. Malwarebytes
3. CleanUp!
4. ATFcleaner
5. Trojan Hunter
6. C-Cleaner
7. Spybot Search and Destroy
and then you should be good. It’s good practice to run MalwareBytes at least once a week.

That concludes this tutorial on how to beat those pesky fake AV clients. I hope it helped you!
~Douglas.

* There are some great articles in Hackin9 magazine about Malware analysis you might find interesting.

Yes. I FINALLY have a phone with a Linux kernel! I have written my first application, the cliche first app: Hello World. I don;t knkow Java far beyond this, but it seems rather complex. Looks like I need to learn a new language!
The Phone is the T-Mobile MyTouch (Yeah I know, so soon after the release of Nexus One, well I didn’t have $530 to spare) And I rooted the phone using Cyanogen’s method, and installed version 1.6 of Android and his mod which has a few VERY awesome features. I’d recommend checking it out to anyone who is interested in hacking their Android phone. (http://www.cyanogenmod.com/)

The best developer site around for Android has to be Android.com (http://developer.android.com/index.html) They have a few guides on doing your first application, installing the SDK, and more. Installing the SDK and creating a virtual Android device was rather tricky and i stumbled over a LOT of errors and mix ups. If anyone reading this and is having issues getting it installed you can Email me, I have experience with it now in Ubuntu/Debian 5.

Once up and ready with your virtual Android phone, you can start your first project, that which I did was a simple Hello World tutorial from Android.com Here is what my virtual device looks like booting up in Ubuntu:

It’s cool! It really emulates the phone rather well! Here is my code for HelloWNL.java:

package com.example.HelloWNL;

import android.app.Activity;
import android.os.Bundle;
import android.widget.TextView;

public class HelloWNL extends Activity {
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        TextView tv = new TextView(this);
        tv.setText("Hello, WeakNet Labs!\nWelcome to your first application for the Android platform!  ");
        setContentView(tv);
    }
}

Like I said, I don’t know Java beyond this and this is common sense stuff I gathered from all the other languages I know. Here is my output:

And here is a video I made to show it off:

This was a good introduction to Java for me, as i felt more inclined to make an application for a mobile phone rather than a computer. Coding C with PALIB with the DS was a big help too. It’s like all the knowledge comes together when learning something new from your past experiences.

What a good topic for a post eh? I spoke about Regular Expressions (RE) in my first episode of Taming The Electron and felt it was only fair to write a full intro for newbies to the subject. I have been reading “Mastering Regular Expressions” off and on for a good while now, but recently have been reading it with more focus on the material. This is probably due to my Kindle DX purchase, which you can read or watch about in a previous post Here. Regular Expressions are amazing. They are “magic.” They can make matches with EXTREME precision.

Now, most people, including most of my friends, think that languages that do operations on text are lame. Well, OS’s that are UNIX based, revolve around text. Operations on said files are what customize your OS. Customization is key to creating synergy between you and your OS. It makes you want to come back or entices you.

Most file in Unix based OS’s that I deal with are in /usr/share or /etc or sometimes “live” files, like those in /proc. /proc has a lot of files that are dynamic and is called a “virtual file-system.” They change constantly to with the changes of your overall system. If you wanted to write a cool application that checks your memory or cpu, you can use the files in /proc (/proc/meminfo, /proc/cpuinfo) to do that. You can even use them for error messages, bus messages, and more. In fact, many applications used in the administration of Unix based OS’s, such as ps, dmesg, top, and more utilize “live” files in /proc. Here is a great article for anyone new to /proc: /proc

When you open a file and read it in an application, you will most likely want to search for useful information. Sometimes you are simply handed raw data that you need to “parse” (or change in some way) to turn the data into information. The best way to search is line by line. The best way to match is character by character (like grep, or egrep). egrep is a powerful matching tool that allows you to create extremely complicated yet powerful matching expressions.

The word expression, in Regular Expressions has the same meaning that it does in plain Algebra. Regular Expression syntax was actually developed back in the 1950’s by Stephen Kleene as formal language theory, and automata theory (theoretical machines and problem solving). These are both basic sub-sets of computer science and theoretical computer science. the syntax can act like algebra in some ways, and even many languages that deal with “lame” text have their own regular expression syntax built right into them. RE should be a ANSI standard, but I hear a lot about how Perl 5 vs. Perl 6, and python, and Ruby all have slight differences in their Regular Expression syntax.

Okay, so that’s what they are good for and a bit about their history. Now, let’s try some matching patterns, meta characters, and meta-sequences. Think about characters and put them into classes. Class alpha will be your alphabet A-Z and lowercase a-z. You can specify a “range” in Regular Expressions with the square brackets “[]” say we have a text file that has a few lines with numbers and a few lines with digits, or phone numbers like so:

abcdefg
abc
12345
ghostbusters
007
31337
drums

Now, say we cat the file (show it’s contents) and we only want to get (filter) the lines that have letters only. We can use egrep or grep like so:

cat filename.txt | egrep '[A-Za-z]'

And this will display the lines:

abcdefg
abc
ghostbusters
drums

Now, we can change the class to Numeric (numbers) and do [0-9].

cat filename.txt | egrep '[0-9]'

This will print the lines that have numbers in them only (we filter OUT the alpha class). This is a very basic example. We can further filter our output by using “anchors.” Anchors will display what we are looking for ONLY if it is at the beginning of a line or the end of the line with the meta-characters (special word for operators (usually not of alpha or numeric classes)) “caret,” or “^” and “Dollars” or “$” respectively.

so say we add:

cat filename.txt | grep '^[0-9]'

This will display all lines with numbers only that start with numbers. If we switch the “^” with a “$” and put it after the [0-9] range like ‘[0-9]$’ This will match all lines that END with numbers and contain ONLY numbers. What if we put the meta-character “^” into the square brackets before our range? Well, usually meta-characters lose their meta when put into those brackets. for example the period “.” which usually means “any one character” becomes a simple period. The “^” means that it negates the range. So ‘[^0-9]‘ means match any character that is NOT in our numeric class. Here’s a cool tip: the range meta-character “-” only is a meta-character INSIDE of the square brackets. Yep, that means outside it’s just a plain old “-” character.

There are parenthesis in the language, just like Algebra, that group together “expressions.” For instance, here is an example from “Mastering Regular Expressions – O’Reilly” that searches for all instances of July 4th. The question mark meta-character searches for “one or more instance of the following character or group, so:

'(July?) (Four|4)(th)?'

Will find ALL values like:

July 4th
Jul Fourth
Jul 4
July 4
July Fourth

Their example in the book was:

'July? (Fourth|4(th)?)'

which seems to have over-looked the “th” string at the end of “fourth.” Yeah, you get picky like that, and once you get into the swing of computer languages and Regular Expressions, you start to look for the most efficient way to code.

These small examples can help you get into the flow I’m sure, or at least pique your interest in Regular Expressions. Just like any language, Regular Expressions will open up a lot of doors for you as a developer or system administrator. They too can help you with problem solving. Sometimes you can perform large, usually complicated tasks with them and sometimes small tasks would be large tasks without them. Mastering Regular Expressions is a good book. It also covers a few Awk, Sed, and Grep topics as well and brings everything together in one cool place; a bunch of papers wrapped in heavier paper.

I, without a doubt, realize that my code isn’t always efficient and that sometimes I do things in non-efficient ways. Perl’s motto is TIMTOWTDI “There’s more than one way to do it.” The Perl community accepts newbie code and more importantly, the interpreter Perl accepts newbie code. It’s a good language to start programming with and I am still a beginner programmer. If you find anything wrong with what I have stated above, simply let me know and I will fix it. I am forever a student of Awk, Sed, Grep, Vi and Regular Expressions.

I hate DOS. I don’t like how I have to switch back and forth between things from Linux’s Bash to Windows’ DOS. Usually what I end up doing is this:

1. Create a file in C:\WINIDOWS called “ls.bat” in that file put one word “DIR”
   now, when you accidentally type “ls” instead of “dir” you get the same ouput
2. Download GNU nano. Yeah cos that “thing” you get when you type “edit”
   is just ugly, and awful. Get the zip file and put all DLL’s and EXE’s into the same    directory you put the ls.bat: C:\WINDOWS (this works even with Windows 7)
3. Install Strawberry Perl and Ruby. Yeah, the windows versions are weird, but they do    exist!
4. Get the Win32 version of WGET, put the EXE file into C:\WINDOWS
5. Get the Win32 Versoin of NMAP, put the files form the zip into the C:\WINDOWS directory.

As you may have figured out, C:\WINDOWS is in your environment’s $PATH. So any command typed, sends that to DOS which searches your $PATH then executes any file or executable with the commands name. (quite easy eh?)

You can now make any “.bat” file you want and put whatever you want into it and then stuff it into your C:\WINDOWS directory! You can do things that even take arguments, so say you wanted something to repeat your arguments, well, they are like this: “%1, %2, … %n”

echo “You gave me the argument %1!”

Now, don’t go and get lazy or forget the real commands [application names e.g. "DIR", "EDIT", etc] for DOS in case you are sitting at a Windows machine that has a non-Bashed DOS environment!

Resources:
Win32 NMAP – http://users.ugent.be/~bpuype/wget/
Win32 WGET – http://nmap.org/book/inst-windows.html
GNU Win32 Nano – http://www.nano-editor.org/
StrawBerry Perl – http://strawberryperl.com/
Ruby for Win32 – http://www.ruby-lang.org/en/downloads/

I was messing around with some lurking [extremely quiet] geniuses on IRC and said “How can I assign a whole bunch of keystrokes to one keystroke? So maybe I could hit Windows [super key] and it would print out “#!/usr/bin/perl -w” for me, so I don;t have to type it each time.”
Well, I got no answer, as usual. So then I just thought up my own way, I could edit the way I call nano.
In my real life example, I used an “alias” in my ~/.bashrc file since I didn’t have root access to the box I was using. But I will show you two ways here:

1. create a file “pnano” and in it type:

#!/bin/bash
echo "#!/usr/bin/perl -w" > $1
nano $1
CT=`cat $1 | wc -l`
if [ $CT == 1 ]; then
rm $1
fi

2. chmod it so it’s executable:

chmod +x pnano

3. put it into your $PATH, I usually put things into bin:

sudo cp pnano /usr/bin/

This will create a new “executable” program. Let’s look at the code in the script above, line by line. This tyoe of scripting is called “shell scripting” Line 1. shows the shell what to use, as the interpreter, to “run,” or “execute” the application. In our case this will be bash. Line 2. put the line “#!/usr/bin/perl -w” into the file that you gave as an argument “$1″. This means that if you do:

pnano lolhi.pl

This will put the shebang line right into the file “lolhi.pl” bringing us to our next line. Line 3. runs nano and opens the file [from your argument] $1, or as in our example “lolhi.pl”
Once opened, you will see the shebang line in the file, and you can begin coding.

You may want to add a few arguments to nano that are extremely useful:

-w means “no wrap” meaning when you hit the end of your terminal screen with a long line, it won’t automatically hit RETURN for you giving you a new line. I think that should be default and has made me hate nano in the past. Next you should add to line 3:

nano +2 $1

The “+2″ will put you at line two so you don’t have to hit down before coding. Line 4. puts the value evaluated by “cat FILENAME | wc -l” which means “how many lines are in the file you just opened with pnano” into the variable $CT. We do this so that if you close nano without typing any code, you aren’t left with a file named $1 [whatever you put after pnano] with one line it it: “#!/usr/bin/perl -w”

so there’s an if statement: if it’s “empty” [only shebang line exists] rm it. Then “fi” ends the if block. That’s a fun exercise.

If you do not have root access to the box you code in you can make an alias statement in your ~/.bashrc file like so:

alias pnano='/home/USERNAME/pnano'

And put that anywhere in your ~/.bashrc file.
Another cool tip for those who use nano to write their Perl applications is the /etc/nanorc file. This was recently pointed out to me by Tully. What it does is automatically color your code so you can read it easier. To use it, simply uncomment the line that looks like so:

# include "/usr/share/nano/perl.nanorc"

Just take away the “#” and save it. next time you open a Perl .pl file, it will be in color. <3

EDIT:

I have already clobbered a file with the ">” in the echo system call So what I did was use the

if [ -f $1 ]; then 

syntax to check to see if the file already exists or not before clobbering it! check it out:

#!/bin/bash
FILE=$1
if [ -f $FILE ]; then
        nano $FILE
else
        echo "#!/usr/bin/perl -w" > $1
        nano +2 $1
        CT=`cat $1 | wc -l`
        if [ $CT == 1 ]; then
                rm $1
        fi
fi

Enjoy

I will be hosting a show on CactiRadio at 7PM EST each Sunday night for WeakNet Labs called “Taming the Electron.” It will primarily be about programming, hacking, and phreaking. I will try to get a few interviews in, and play a lot of electronic music. If you have any suggestions about future shows, please feel free to Email me – Douglas [at] WeakNetLabs [dot] com

If you’d like to listen in, here is the URL for CactiRadio

It’s a great station that plays The Phone Show, PLA Radio episodes, and often plays my music! I will host the episodes as well, at http://weaknetlabs.com/tamingtheelectron

This weeks Episode will be themed “Inspiring people to start programming”

I was watching Dexter last night. It kind of scares me how I feel so connected to his thought process. Maybe I should see a shrink? Speaking of shrinks, he [Dexter] was comparing profiles of suicide victims in his area. After looking through them multiple times, a light bulb went off in his head.

He realized that they [suicide victims] had the same psychiatrist! Well, they were computer print outs, and “Word” documents I’m sure, so why not leave them digital and search through them like “grep?”

I thought up an extremely easy application as I was watching the show (ADD, I know):

#!/usr/bin/perl -w
my @prof0 = ("bobby", "luke", "test", "wheel", "root", "hacker");
my @prof1 = ("computer", "luke", "bobby", "root", "hacker");
my @dict = ("computer", "test", "wheel", "root", "hacker");
foreach my $var (@prof0) {
        if (grep(/$var/, @prof1)) {
                if (!grep(/$var/, @dict)) {
                        print $var . " is in both!\n";
                }
        }
}

This will compare 2 profiles (The real implementation will need to slurp the lines of each profile FILE into the corresponding arrays.)

Then (once again slurping a dictionary file into the @dict array in the real life implementation) checks to see if the word is a plain word or proper noun. Proper noun was the whole ‘EUREAKA’ cusp for me. “Cusp” being our mathematical peak(/pique? – curious distinction in our context eh?) for finding the last clue to solving the problem in brain activity

So everything from the cusp to the code above was downhill as I adjusted my thoughts into (simple) boolean logic. I am sure scientists have such applications in forensics labs, or police stations, but it was a nice exercise and taught me that I think outside of what is really being taken in by my eyes.

~Douglas.