Saturday, February 11, 2017

MicroLite with PostgreSQL and .Net

In this example I used,

MicroLite -Version 6.3.2
Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3

Working sample code is available at bitbucket.org/hemantup/orm/src/HEAD/MicroLite6/





This post is linked to https://hemantrohtak.blogspot.com/2016/03/is-entity-framework-best-performing.html

Friday, February 10, 2017

FluentData with PostgreSQL 9.6 and .Net 4.5

In this example I used,

Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3
FluentData -Version 3.0.1.0

Working sample code is available at:

 bitbucket.org/hemantup/orm/src/HEAD/FluentData3/










This post is related to https://hemantrohtak.blogspot.com/2017/02/entityframework6npgsql-with-postgresql.html


Thursday, February 9, 2017

NHibernate with PostgreSQL and .Net

In this example I used,

NHibernate -Version 4.1.1.4000
Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3

1. Since I am using Sequence for Id, its worth noting that even though insert doesn't fire query to insert record immediately, but retrieves sequence.
2. Also, transaction will not be able to control rollback for sequences.
3. Actual SQL queries fired are available for review only in debug mode: setings.LogSqlInConsole = true;

For full version of code please visit: bitbucket.org/hemantup/orm/src/HEAD/NHibernate4/








This post is related to https://hemantrohtak.blogspot.com/2016/03/is-entity-framework-best-performing.html

Wednesday, February 8, 2017

EntityFramework6.Npgsql with with PostgreSQL 9.6 and .Net 4.5

In this example I used,

Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3
EntityFramework6.Npgsql -Version 3.1.1


Two things worth noting here,
1. If I would have installed directly EntityFramework6.Npgsql -Version 3.1.1, it resolve dependency to  Npgsql -Version 3.1.0, which didn't work in my case, so I chose to go with Npgsql -Version 3.1.10

2. I had to make manual entry for DbProviderFactories in app.config to get it work.

If you get stuck somewhere, delete your bin, obj and packages folder . Then try the sample code mentioned below again.

Working sample code is available at:

 bitbucket.org/hemantup/orm/src/HEAD/EntityFramework6/




Tuesday, February 7, 2017

OrmLite with PostgreSQL and .Net

In this example I used:
Npgsql -Version 3.1.10
ServiceStack.OrmLite.PostgreSQL -Version 4.5.6
CsvHelper -Version 2.16.3
log4net -Version 2.0.7


Sample code below gives an idea how to use OrmLite with PostgreSQL and .Net. PostgreSQL server is installed on localhost in the example below:
Visual Studio Project along with full version of code:

bitbucket.org/hemantup/orm/src/HEAD/OrmLite/





This post is related to https://hemantrohtak.blogspot.com/2016/03/is-entity-framework-best-performing.html

Thursday, February 2, 2017

Does Anti-virus software slow down your machine ?


If you are about to disable your Anti-virus and other security related plugins/software on your machine because it slows down your machine, this post is for you.

github.com/beefproject/beef is the The Browser Exploitation Framework(BeEF) available with default installation of Kali Linux. A black hat hacker could refer it's hook.js JavaScript file in any page, which if opened on victim's browser, hacker has the full control on victim's browser to execute commands beyond imagination e.g. getting all the browser cookies, extensions information, control web cam, pop-ups to enter passwords while browsing legitimate websites and so on. For complete list refer to github.com/beefproject/beef/tree/master/modules.

How BeEF tool works:
 It keeps on hitting BeEF server from victim's client browser to get updated version of hook.js (interval defined by Config yaml at server) and execute it, when server side Utility of BeEF server attacks, say attacker run command give me webcam, a different version of hook.js is fetched to victim in next periodic call from browser to BeEF server:  github.com/beefproject/beef/blob/master/modules/browser/webcam/command.js in this example. And victim client post results to attacker as per new hook.js given to it.

 You may verify such actions on client machine using F12 ( Developer Tool) > Network tab in most of the browsers like chrome,IE, Mozilla etc or using fiddler.

How to defeat this tool:

1. If this hook.js periodic hit is blocked on victim's browser and notify victim in popup, its a temporary fix. The best place for this stuff to do could have been a utility running on client machine/browser code itself/extension to browser.

2. You may use unhook code in your browser extension very similar to github.com/beefproject/beef/blob/91cc7ed873f26a4d633f6306b34aa6af06932d49/modules/browser/unhook/command.js ( The tool use the code mentioned to stop watching (unhook) the victim.
3. Another method could be blocking the Attacker's domain altogether as done by
chrome.google.com/webstore/detail/vegan/longcaclchhmdpgcdjicmaghmpbdidlj (Vegan Chrome extension)

4. "utility running on client machine" called anti-virus have updated definition to let the system aware of these type of attacks. For example
Windows default anti-virus is aware of many attack vectors BeEF tool uses like Exploit: JS/Aimesu.A, Trojan: Win32/Spursint.F!cl , Exploit: JS/ShellCode.gen

Bottom line is you must not disable your Anti-virus software, just because it slows down your machine. Above all, you must not open malicious websites which may have been using hooks from plenty of such exploitation tools. Might be, the tool they are using is custom made and no anti-virus software is yet aware of attack vectors and how it works!! Typically, websites which offer you pirated content cost you much more than you could think of.

When it comes to government organizations and financial institutes, there is a reason they block everything else than trusted web addresses and domains. Even the most sophisticated technologies may be vulnerable to Cross-Site Scripting (XSS) attacks and attacker could inject just hooks in supposedly secured websites.

Wednesday, December 14, 2016

Get your location on google maps and find distance from a hosted IP/domain name.

Purpose

A lot of times, I am connected to internet in public place and don't know from where internet signals are coming, I may visit Get Your Location in the main navigation and track down internet signal source. This page in the application takes user's location from browser and gives driving direction to the location, which is identified by his IP address used to access internet.

Sometimes, I don't want to open a website from xxxx country, country name of hosting itself limelight authenticity of a website. I could visit Search Domain or IP Location in the main navigation to track down hosting location of an IP/domainName. This page in the application takes user's location from browser (source) and gives driving direction to the location, which is identified by IP address given as input / IP address of the domainName (Destination)

Code

myservice.js: This contains the main angular custom services built driving controllers in visitorlocation.js , searchip.js and contactus.js 
Custom Services in the js file myservice.js -->
geoipService- Talks to external geoIP service to get IP and details like latitude/longitude.
googleService- Talks to external Google map API's , reference for which is added in index.html.
myGeolocation-is used to get latitude and longitude of user's browser.
See comments section (click here) in code for further details.
index.html: This is the single page, which loads the entire html based on controller requested. This app may be very well termed as a single page app containing only one page - index.html which loads required components. Default load for index.html is introduction.html.
introduction.html: [current html you are viewing] This view simply welcomes a user. It also list details of the project and its components. There is no associated controller for this view.
visitorlocation.html: This view is associated with controller in visitorlocation.js. Actions in this controller achieved with help of services-
See comments section (click here) in code for further details.
searchip.html: This view is associated with controller in searchip.js. 
User enter a domainName or IP address. This value is processed in the function callTheMagic further on click of search. 
Actions in this function achieved with help of services-
See comments section (click here) in code for further details.
contactus.html: This view is associated with controller in contactus.js. It gives driving directions to Fort Hays State University.
myapp.js: The routes are defined here.
Weakness
Loading wheels would have been basic requirement not catered here.

Languages / Libraries
JQuery (2.1.4), AngularJS (1.4.2) with Angular-route (1.4.2) for single page app backbone.
freegeoip.net for location by IP.
maps.googleapis.com to get user's current device/browser location , and detect/display driving directions.
Bootstrap (3.3.5) with sb-admin-2 theme, font-awesome, metisMenu for desktop/mobile friendly UI.
Demo
Test with saucelabs on Linux + Opera 12: https://youtu.be/5udO_3X9cR0
Test with saucelabs on iOS 10.0 + iPhone 6s: https://youtu.be/VqfjTC6AjJw

Test with saucelabs on iOS 9.3 + iPhone 4s : https://youtu.be/udfi3afwPkY