Web hosting

Monday, April 16, 2018

Dealing with Legacy Applications, Random Stuff, and More

- this post is to help outline some methods for dealing with legacy applications...
- compatibility mode works for a lot of programs but sometimes you don't have a choice but other means
- emulation layers such as Wine, Bochs, DosBox, etc... There has even been talk of emulators for older operating systems (such as DOS and Windows 95/98) out there
- watch for strangeness when using emulation layers. Performance issues, bits and pieces not quite fitting in, etc... Be prepared to have to do some work to make things work properly. Some of the underlying programs can be difficult to use so look out for shell, optimisation type programs and templates...
best settings theme hospital dosbox
dos games on windows 7
theme hospital runs slow in dosbox
Theme Hospital - Bullfrog (1997)
windows 98 emulation layer
9xbox fork of DosBox specifically for Windows.
- try running things in a separate virtual machine
- try running things in a seperate server
- some programs re-used backend data to create a new frontend. Total number of applications that have this done is minimal though. The total number of people who can genuinely reverse engineer binary (even text) file formats and programs out there is relatively small based on what I've seen. Tips on this elsewhere on my blog...
theme hospital on windows 7
- if you're lucky you search for newer version that is still compatible with your operating system. The best way to achieve this is via basic web search. Thankfully, a lot of older/legacy software allows for re-use of serials along the chain
"delphi 3" on "windows 7"
"delphi 4" on "windows 7"
game maker
- if that fails look at P2P locations for file names, etc... Worry about the legitimacy of P2P sites because they may be carrying trojans and/or spyware. If it's your last resort use something like virustotal.com as a bare minimum
torrent delphi
delphi 7 and 2006 code compatibility
- else, you may need to build a custom 'fuzzer'. Conceptually, looking for 200 as opposed to 404 return status. Experience tells me that for the most part file fuzzing is a useless technique especially when the company is 'larger then average'. Larger then average entails more files which entails unique filenames and directory structures which can not be easily guesstimated which means a fuzzer is relatively useless. It needs to be an intelligent fuzzer which combines spidering/crawling capability whenever possible (look over my past work for further details). For anyone just looking to try/test new software before public release this is a nice way of doing it. Sample code is on my website and blog for anyone who's interested (look for crawling and spidering software samples as well)...
web file fuzzer
- you'll need to keep up with updates and services packs for a lot of Microsoft (and some other company's) software even if it may be 'legacy software'. The painful thing is that the updates often only become security updates later on which means you'll lose functional updates down the line at some point. This generally applies to both commercial as well as Free and Open Source (FOSS) software
microsoft sql server desktop engine
sql server 2005 service pack 3
How To Apply the Microsoft® SQL Server® 2005 Service Pack 3
- look for alternate/compatible solutions. For instance Delphi and Open Pascal/Lazarus are very cross compatible based on what I've read online. alternativeto.net is a great website to look at alternate choices
sample code delphi
open source lazarus projects
open source delphi projects
delphi free 2010
visual studio online
- nightmare scenario is when you have the license but have lost the serial number. Thankfully, prior to the world of authentication a lot of software was reliant on pure serial numbers for 'registration' and to move a product from trial to full . In fact, there were serial databases for programs online (such as Serials2K). For those programs whose serials can't be found in such databases they can often be found online. Sometimes, there are methods to extract the code that you used to install your software originally (from the Windows registry or some other file) but this often requires a specialised utility
extract windows 7 serial number
Baixar Delphi 7 + Serial - YouTube
Video for delphi 7 serial number
BLOG : www.phsoft.blogspot.com
Delphi 7 : Serial : 6AMD-PKG68E-DB8PP7-9SFE Key : 3QH-9QW
delphi 7 enterprise serial
Serialkey preview: 6AMD-PKG68E-DB8PP7-N7GE
Key: S6J-8AW
- for certain software you don't really have a choice but to deal with crackers since activation/registration systems are no longer online. Multiple types of bypassing: debuggers, crackers (similar to the devices that you see in the movies that are used to bypass physical security systems. See my book on 'Cloud and Internet Security' for further details regarding this), etc... I may supply code for a simplistic 'cracker' later on but fundamentally it's not that much different then some of the 'bot code' that I have mentioned elsewhere on my blog (it will be so rudimentary that it will be effectively useless. Most modern registration systems rely on activation schemes now or else multi layers of serial numbers which are unrealistic to crack for most people without some 'genuine hard work')
algorithm iterating serial alphanumeric
java password cracker
find serial ollydbg
delphi password cracker
- there are obviously interesting methods to protect/defend software against licensing/registration 'attacks'. Activation is obvious but I've often seen cases where they've had no choice but to drop it because it caused more problems then it fixed
visual studio 2005 activation crack
1. Check license repeatedly
2. Use multiple licensing checking layers
3. Use encrypted dlls
4. Check for the hash of your exe/dll to detect tampering
5. Do not display failures immediately
6. Don't use explicit error messages
7. Crash or fail or output incorrect results when license check fails
8. Embed user information in generated licenses
- go after newer downloads that are compatible with your files and Operating System. Like I said you can do a search, use/build a custom fuzzer, etc... you should be able to find something useful especially if the program registration system is still compatible with your version. Note, Multi-National and Trans-national companies (MNC/TNC) have this problem as well as smaller firms (they rarely ever look to see whether a user has been authenticated prior to allowing downloads)...
search based on MD5 checksum
ID: 30352, Delphi and C++Builder 10 Seattle ISO
download delphi
"delphi 2006" download url
"delphi 2010" download url
Delphi 2010 and C++Builder 2010 ISO
[   ] BDS2006Disk1.iso  540.24Mb  October 8 2010 at 05:28
[   ] BDS2006Disk2.iso  494.24Mb  October 8 2010 at 05:28
[   ] BDS2006Disk3.iso  517.60Mb  October 8 2010 at 05:28
[   ] BDS2006Disk4.iso  224.03Mb  October 8 2010 at 05:28
[TXT] md5-суммы.txt  194.00b  October 8 2010 at 05:18
HTTP/1.1 200 OK
Server: Apache
ETag: "0b4c1e5542dd7cc169e5d85044a9cb33:1363822171"
Last-Modified: Wed, 20 Mar 2013 23:16:38 GMT
Accept-Ranges: bytes
Content-Length: 2021038080
Content-Type: application/octet-stream
Date: Sun, 08 Apr 2018 08:50:00 GMT
Connection: keep-alive
delphi 2006 iso
- company mergers aren't necessarily a bad thing. Most of the time they just change domains but not file naming and directory structure when they 'switch servers'
- if you can't actually get a copy of the legacy software in question online then try op-shops, specialist software boutiques, retailers, libraries, user/enthusiast groups, etc... If not too difficult then try building something from the outset by yourself that is compatible (requires 'reverse engineering' skills though as mentioned above)

Random Stuff:
- as usual thanks to all of the individuals and groups who purchase and use my goods and services
- latest in science and technology
usb graphics for crypto mining
usb graphics card mining 
Windows Mobile for Government - Common Criteria certification
cheat theme hospital reputation
- latest in finance and politics
- latest in defense and intelligence
- latest in animal news
- latest in music and entertainment

Random Quotes:
- Pogue claims the report also shatters another common perception of cyber security, “that of the teenage hacker living in a basement”.

The report found that three-quarters of respondents were college graduates and nearly one-third (32%) had post-graduate degrees. The majority (57%) worked for medium-sized, large, or enterprise businesses.

“When organisations develop their cyber security strategies, they may have IT, legal, risk, and human resources teams at the table but the one person they never invite is the bad guy,” Pogue said. “It’s no wonder that so many security strategies are misdirected.

“The Nuix Black Report 2018 is an opportunity to bring the adversary to the table and have the hackers themselves tell you what’s most effective for your security efforts.”
- These results suggest the Iron Dome debate has been too polarized. The system’s initial value may have been largely symbolic. But it later become very influential.

That’s good news for Israel and its American funder. It’s also reassuring for potential Iron Dome buyers facing missile threats in other parts of the world.

Only Azerbaijan has purchased any systems so far. But the U.S. Army may buy some for short-range air defence. (Canada only bought the radar.)

However, the system isn’t “the end of rockets.” Attackers can counter interceptors by firing rockets in large batches. Indeed, Israel’s opponents keep acquiring more rockets. Hamas in strife-filled Gaza reportedly has 10,000. Hezbollah in Lebanon has 120,000. That latter arsenal would severely strain Israeli interceptors during any future “Northern War.”

Similarly, sophisticated attackers use technology to make their missiles hard to intercept. In their Syria strike, America and its allies used difficult-to-detect cruise missiles. Defenders can’t intercept what their radars can’t see.

Thursday, April 12, 2018

APT Change Request Check Script, Random Stuff, and More

- built a change request check script recently. You can download it here:
- details are as follows:
# Ever go through a change request and it doesn't quite end up the way
# you planned it? This sort of helps with that.
# It basically does a track of all related dependencies of a relevant
# DEB package. Then it tracks the tree to see what underlying programs
# are likely to be impacted in the event of change. It also incorporates
# an Internet connectivity check since so many programs are dependent
# on this function nowadays.
# Run it in combination with my network_mapping script/program to smooth
# out change requests in general as it can track which programs, services,
# infrastructure, and network devices are likely to be impacted.
# http://dtbnguyen.blogspot.com/2018/04/network-mapping-tool-random-stuff-and.html
# It's definitely not perfect and works only on APT/Debian based systems
# at this stage (I may port it to other systems later on. The task
# clearly isn't that difficult).
# Sample output is in output.txt and was create through the following
# command:
# ./change_check.sh yelp sim > output.txt
# It obviously also has an offline download package capability for those
# systems that need to remain offline.
# As this is the very first version of the program it may be VERY buggy.
# Please test prior to deployment in a production environment.

Random Stuff:
- as usual thanks to all of the individuals and groups who purchase and use my goods and services
- latest in science and technology
- latest in finance and politics
- latest in defense and intelligence
- latest in animal news
- latest in music and entertainment

Random Quotes:
- I don't work in the Russian aerospace/fighter industry, but my feeling is that (in particular) engine life has not historically been of huge concern to them. If you look back at the Soviet era, they pumped out thousands upon thousands of relatively cheap, technologically inferior jets to arm the whole of the Warsaw Pact/satellite nations. They expected to win through numerical superiority, a strategy that has been well documented, and one that might well have worked had the figurative balloon ever gone up (at least before the nukes ended everything for the whole world a few hours later). Obviously some of that went away with the dissolution of the Soviet Union, but I'd be willing to bet that the mindset hasn't changed that much. Clearly they are producing more capable aircraft, and have been since the early 1980's when the USSR still stood, but I also think that due to economic necessity, they continue to find a cost compromise in their designs, even with higher end fighters such as the Flanker family. What is an easy way to shave a little bit off development costs? Throw away engines after a few thousand hours, and they can not only be cheaper up front, but also force international buyers/foreign sales to continue to need engines/create revenue. Just my thought, could be right, could be wrong. If it were me, and I saw the need to 1) present a credible threat to the world, and 2) do it within the bounds of a pretty chronically failed national economy, this sort of design philosophy is actually pretty smart IMO.

Wednesday, April 4, 2018

Network Mapping Tool, Random Stuff, and More

- had to build a network mapping/auditing tool recently. You can download it here:
- details are as follows:
# Ever entered a new network and you didn't quite know what was available,
# wanted to do an inventory check/audit, or you want to run a set of 
# simple tests to see what sort of security profile your network is 
# currently at? That's the purpose of this script.
# I had intended for it to be more customised but found that nmap 
# contained much of the functionality that I wanted so I basically stuck
# with that. It can be slowish but it's still much faster then
# a lot of network auditing, mapping, and vulnerability checkers out there.
# Obviously, it can be used for attack as well as defense purposes.
# Read through for a better understanding. Ideally, you'll be running 
# this against your own network. Turn off security detection systems 
# prior to running this so as not to set off spurious alerts.
# Integration of this into your existing network will give you 
# micro-SIEM capability (use in combination with something like fail2ban 
# and/or RRD type databases. This will give you better data on where 
# attacks are coming from).
# Usage is as follows. You can just fill in the network variable in 
# this script with what you want and then run it, you can fill in
# target hosts in the 'scan_hosts.txt' and then run it, or you can
# run it in combination with hosts from the command line itself.
# Usage Examples:
# ./network_mapper.sh
# ./network_mapper.sh
# ./network_mapper.sh
# ./network_mapper.sh
# ./network_mapper.sh www.microsoft.com
# ./network_mapper.sh www.car.com www.dog.com
# Go through the following if you want to add more functionality...
# detect common vulnerabilities nmap
# Note, if you aren't great with CIDR format there are plenty of tools
# out there to help you with this:
# network range to cidr format converter
# As this is the very first version of the program it may be VERY buggy. 
# Please test prior to deployment in a production environment.

Random Stuff:
- as usual thanks to all of the individuals and groups who purchase and use my goods and services
- latest in science and technology
powershell for linux
powershell i386 linux
puppet recipes
linux chef recipes
South Korea to shut off computers to stop people working late
- latest in finance and politics
- latest in defense and intelligence
- latest in animal news
- latest in music and entertainment

Random Quotes:
- The head of the Defense Department's F-35 program office worries that quality lapses at Lockheed Martin's production line could lead to delayed aircraft deliveries. On March 5, Jeff Babione, Lockheed's vice president of F-35 programs, said half of all quality escapes involve low observability systems. (Airman 1st Class Caleb Worpel/U.S. Air Force)

WASHINGTON — As the production rate of Lockheed Martin’s F-35 joint strike fighter goes up, the company is wrestling with quality escapes involving the jet’s low observability features, which now amount to about half of all defects on the aircraft, the company’s vice president of the program revealed Monday.

Last week, Vice Adm. Mat Winter, the head of the government’s F-35 Joint Program Office, slammed Lockheed for what he sees as its too-slow progress on eliminating so-called “quality escapes”— errors made by Lockheed’s workforce that could include drilling holes that are too big or installing a dinged part.

While those errors are minor, the rework done to bring the plane up to requirements is driving up the amount of money and time spent producing an airplane, Winter said.
- There are two fundamental political-economy questions posed by the imminent arrival of LEV. One question is: If millions, and eventually billions of people live for hundreds of years, how will a population explosion be averted?

The answer to that is that the rate of child-bearing will have to go way down in compensation, in order to ensure a stable global population. If LEV becomes a reality, then as a percentage of the population, children will become rare.

The other question is: Is human civilization going to accept the emergence of a caste of immortal super-rich aristocrats? Or will humanity impose an upper limit on the aggregation and hoarding of personal wealth and ownership titles?

If LEV proves technologically feasible, these two basic questions will need to be addressed within the next few decades. We live in interesting times.
- “Marriage is a process of tolerating each other, and it’s impossible that everything goes your way,” the article read.

“Change your attitude, return to the reality. Maybe there’ll be some imperfection, but your life will be full for it.”
- In addition, Medcraft noted that in 2016 and 2017, there had been around 900 ICOs (Initial Coin Offerings), nearly half of which had failed; giving some weight to the risks outlined above. 

He also observed that there is still a “wild west” mentality in much of the Blockchain environment and there is a need for the “rule of law” to come to play in order to permit monetary applications to become more main stream.
- The problem for Musk is what the industry lacks in innovation, it will make up for in execution. And if the past few months is any indication, execution isn't Musk's strong suit. 
- "Facebook and Google will have to ask users a lot more permission to track them," Carroll said. "Most people are going to say no, so I think it's going to have a huge impact on these companies."

Carroll has filed a legal action in Britain calling on Cambridge Analytica to disclose what data was gathered and used on him.

An undercover investigation of Cambridge Analytica by Britain's Channel 4 said executives boasted they could entrap politicians in compromising situations with bribes and Ukrainian sex workers, and spread misinformation online.

The executives claimed to have worked in more 200 elections across the world, including Argentina, the Czech Republic, India, Kenya and Nigeria.

The British firm said it "strongly denies" the claims from Channel 4 as well as reports on misuse of Facebook data.

"Facebook data was not used by Cambridge Analytica as part of the services it provided to the Donald Trump presidential campaign," a statement read.
- "The reality is we are fighting two wars, in Iraq and Afghanistan, and the F-22 has not performed a single mission in either theater."

Dealing with Legacy Applications, Random Stuff, and More

- this post is to help outline some methods for dealing with legacy applications... - compatibility mode works for a lot of programs but ...