the “great” travel….

A journey is like marriage. The certain way to be wrong is to think you control it – John Steinbeck

…..you will never know what comes in front of you. But always enjoy the excitment that it brings along with it….

Advertisements

Three down, One more to go

The new acadamic year starts again. After 4 years enjoying and not thinking about anything to KG school where some teachers becoming your worst nightmare. Then 12 years of schoolling where we met the most wonderful people you have ever come accross in your life, your friends. The great teachers who taught and guided you throughout two by third of your life. Then after a rat race “ENGINEERING ENTRANCE EXAMINATION” comming to NIT, Calicut. Now when I see my juniors comming here and taking admissions, those nostalgic thoughts come to my mind again. In the first year, not thinking about acadamics, trying to hide from seniors, going for a tour around the campus and what not….

My life here really has affected me – on a positive sense, and has gone beyond what I thought 3 years ago when I first came to this college. Now its just less than a year to graduation; The old anxiousness returns: “What is going to happen after this????”

The entropy change when a person shifts from a system a newer or different system is what this is all about. I am aware that these feeling are only relative. May be only a very few people will be or is going to think in this manner. May be many more people wanted to get out of this system ASAP. Some people may get trapped in this system and get stuck, some never escape.

When we joined here togather we thought that we all will leave togather, but we all know that it is not going to happen.
Some who were not even remotely connected became our best of friends. Some who were so close are are getting separated.

All people who has spent time here at NITC will never be forgetting any of those days….anything that this college life has taught them. I will anyway be there at the top of the list. There is everything that you find outside, in here. You name it we have it.

There is only limited time left now…. The clock is ticking very fast… Now will be a good time to look back at what I have done and gained and lost….

Running behind WebGoat

Today as a part of my Computer Scurity course I had to install WebGoat, which is platform for learning how to exploit vulnarabilities in web applications. It could be of great help in learning secure programming practices. It work on top of Java and Tomcat server. As I started the installation I had to face many problems associated with it. Mainly with the versions of JDK and JRE used. I had lost almost half a to solve this problem. So I thought I could share my experience if it could help someone to install WebGoat.

I downloaded WebGoat v5.2 from Sourceforge. Along with the WebGoat-OWASP_Standard-5.2.zip, we also require WebGoat-5.2.war file also. Unzip the WebGoat zip file to your curent directory.Change into the new unzipped directory. Then remove all the files name webgoat in ./tomcat/webapp/ and place the downloaded war file in this directory.
Find out the versions of jre and jdk installed in your system using:  java  -version
Also find the vakue for the environmental value JAVA_HOME:  echo $JAVA_HOME
Open the webgoat.sh file from the root folder. In the function is_java_1dot6 change all the 1.6 to the your current version.
eg:   $ java -version
java version “1.7.0_21”

           OpenJDK Runtime Environment (IcedTea 2.3.9) (ArchLinux build 7.u21_2.3.9-4-x86_64)
           OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

         $ echo $JAVA_HOME
             /usr/lib/jvm/java-7-openjdk

Here java version is shown as 1.7.0_21. Therefore you can replace the older version number given in the shell script to the new version number “1.7“.You have to add below given two lines to the shell script:
JAVA_HOME=/usr/lib/jvm/java-7-openjdk
export  JAVA_HOME

Now start the tomcat server.
$ sh webgoat.sh start80         # works on default port of 80
OR
$ sh webgoat.sh start8080    # works on port 8080

Go to http://127.0.0.1/webgoat/attack OR http://127.0.0.1:8080/webgoat/attack in any browser to start using WebGoat interface. If you get an ERROR 403 while starting on port 80, it may be due to IIS that is using that port.

And if it is ERROR 404, check the url you typped on the browser.

I suppose I have included most of the thing that I have done. If there is any change or additions that anyone has to inform me feel free to contact.

Regards.

New link can be found at abijith-kp.github.io

Hacking at InCTF-Part1

Usually I just skim through my NITC mail, and checks only those send by my Class Representative or teachers. One day I read a mail forwarded by one of my seniors Karthik. It was about a hacking competition conducted by Amrutha University called InCTF which had 2 preliminary rounds and a final round. It was a Capture The Flag kind of competition. At that time I wasn’t in the mood of doing anything as I had to complete my lab assignments (which I was in a bad situation) and also if by any chance I got selected, the second round will be at the time of our exams so I ignored it. Later when I was searching for some thing I again came across this competition. This was the first time that this kind of an event comes into my notice(It was pretty interesting one… One that I know I will surely enjoy.. 🙂 ). Then I called one of my friend to tell him about this. I couldn’t make any decision then as I wanted to put my leg on both the boats – do it and not do it. He was very much excited to do the event. So we decided to meet one of seniors Jerin Shaji for getting the details of the event.

Oh….I forgot to tell, last year(2012) for sCTF, a variant of InCTF, the first prize was bagged by our college team consisting of Karthik, Jerin and Nithin.

Jerin told us many things : How they prepared, how they participated in the event, about the event format. He also gave us tips on how to attack the questions and also told us the techniques they used in the final CTF round.  We collected their last year’s question paper also. He was very supportive in all ways.

Till date two round of InCTF is completed. First round was a “learning round”. They gave us something like 2-3 months to learn few concepts and complete a question paper. The second round was a hands-on hacking round. It had different varieties of questions and most of which were of very high quality. Thanks to the support of all my friends our team “dcoder” got selected into the final round. We finished at 24th position out of 158 teams registered and the end of second round.

It was really great experience in participating in the event. The main thing I have to mention is that I learned few methods and techniques during this event. We also had to stay overnight in our lab during the second round, those were great. Those are the points in your life were you start thinking philosophically and talk like a philosopher. The main reason is that at some point we may be half asleep and wanted to answer to all the questions asked to you. These will be few moments that I will forever keep in my memories.

The more interesting part was that the second round was overlapping our exam time. So we had to it in between the exams. For my last exam I couldn’t even prepare much because I was very much involved in this. After I came back to my room I had a mild fewer also. Everything happened was indicating that I shouldn’t write my exams well(Omen kind of, just saying – I don’t believe in those).

Just excited in participating in the final round… 🙂

New link can be found at abijith-kp.github.io

Lex/Yacc in Arch Linux

In our sixth semester of B-Tech we have a course on Compiler Design. For that two tools are being used: Lex which is a lexical analyzer and Yacc is a parser generator. While compiling the code for the lexical analyzer created by lex and the code for parse created by yacc we require few libraries to include some important function templates into the code. the flags used along with gcc for this purpose are “-ll” and  “-lfl”.

After installing Lex/Yacc in my Fedora system few months back, I got an error stating that definition for yywrap is not included. After searching for some time I got the solution for it.

There can be methods to solve it :

  1. Just include the function yywrap in the lex file in the function definition part(third part of the code).Compiling can be done as “gcc lex.yy.c y.tab.c”

  2. Install flex-static library to use the gcc flag -ll. After this just compile it like “gcc lex.yy.c y.tab.c -ll”.

But later I changed to Arch Linux, after 1 year of using Fedora.
But in Arch when I tryed to compile the lex/yacc file initially the same problem arised. I thought I could solve it the same way as before. All the researches I had done was in vain. I couldn’t find a package similar to flex-static anywhere. At that point of time I used the first option, which easily solved my problem.

<EDIT>
If anyone could help in finding a package similar to flex-static in Arch Linux, please share.

New link can be found at abijith-kp.github.io

A compromise is…

A compromise is the art of dividing a cake in such a way that everyone believes he has the biggest piece – Ludwig Erhard

After studying Software engineering for my second internals and not understanding anything (meant what to write in the exams… :P), found this quote in the text book….

git@fossmeet

Untill the git session at Fossmeet 2013 at NITC, I was using git only as a method/tool to upload my code into Github. That particular session  by Mr.Noufal Ibrahim really changed my views on usage of git.  The word particular was added only because of the satisfaction I that got after attending that workshop.

Me and one of friend Krispin were attending the programme together. Actually gt was the only version control system used by us till date(just heard few names like subversion, mericurial etc). For pushing code into Github repository we only require few commands like add, commit, push and very rarely I used commands like pull. When we first used the branching technique in git, we got really amazed.
In reality I was searching for the file that I created for one branch, when I couldn’t find it in the other. Once I have heard one of seniors tell his friend that all code are maintained using git. Actually I didn’t get why he was wasting his time with all these stuffs. But that  session was the point were I really got point on why people use version control system.

We have a compiler lab for this semester and I could have saved a lt of time if I had used git. Whenever I changed the code I make of copy of it and edit the copy only, and since i have a habit of changing the code very often, I had may copies of the same file with only a small difference in them or sometimes nothing.

Now the next thing on the list list would be to study the internals and some advanced topics in git. (well before the Fossmeet itself I had tried to learn git by myself, many times. And all those tries resulted in nothing. But this time it would be different.For sure…. :))