Google treasure hunt (Second puzzle)

Its about time (936266827 seconds before Y2K38) i.e 19may2008 17:07:58 (UTC) and the second puzzle is live (Check it out). You can still try the first question here. Second puzzle from google treasure hunt is to calculate

Sum of line n for all files with path or name containing pattern and ending in particular extension. Similarly Sum of line m for all files with some pattern.
Hint: If the requested line does not exist, do not increment the sum.
Multiply all the above sums together and enter the product below.

for a given set of files contained in a zip archive. I have already submitted my answer :) , but this time I will have to wait for 24hrs to check the status of my answer :( . I thinks its a good puzzle to test your quick shell script abilities. (Can also be done easily in perl/python).

For the solution part, I wont give the actual solution (As dont want it to spoil for others who are actually trying) but you can use shell commands [grep, find ,sed and pipe (|)] to get to solution. You can get all the required numbers in 2 lines on shell.

Related Post:
Google Treasure Hunt
Orio’s Riddle Completed
Twisty Puzzles

May 19, 2008 | Filed Under programming, tech | 9 Comments 

Google treaure hunt

The Google Engineering team is launching its first ever Treasure Hunt, a contest designed to challenge your problem-solving skills.

Find more details at Google Australia blog here
They will be releasing first four puzzles in the next consecutive four weeks, one is alread released.
To get the URL of the contest you have to decode:

aHR0cDovL3RyZWFzdXJlaHVudC5hcHBzcG90LmNvbS8=

And yeah, :) I was able to that do that. I’ll tell you the answer its http://treasurehunt.appspot.com/, as its already on Google Blog
Actually its the base64 decode of the given code.

You can find the first puzzle here.

A robot is located at the top-left corner of a 34 x 49 grid.
The robot can only move either down or right at any point in time. The robot is trying to reach the bottom-right corner of the grid. How many possible unique paths are there?

I have solved this one. Give it a try, its not that difficult. Any way I’m there to help :)
Here is the solution to the problem :
The number of paths for n x m grid (n-1 down blocks and m-1 right blocks) is equal to number of ways of arranging n-1 D’s (Down move) and m-1 R’s (Right move). So it’s

(n-1+m-1)! / ((n-1)! * (m-1)!)

You can calculate it using calculator in Windows/Linux.
I’m waiting for the next to come.

The second puzzle will be appearing soon — to be exact, 936266827 seconds before Y2K38,

Update:

Unix internal time is commonly stored in a data structure using a long int containing the number of seconds since 1970. This time is used in all time-related processes such as scheduling, file timestamps, etc. In a 32-bit machine, this value is sufficient to store time up to 18-jan-2038. After this date, 32-bit clocks will overflow and return erroneous values such as 32-dec-1969 or 13-dec-1901. Read More about Y2K38.

According to wikipedia The latest time that can be represented in this format, following the POSIX standard, is 03:14:07 UTC on Tuesday, January 19, 2038. So when you calculate specified 936266827 seconds before that next puzzle should come around 19may2008 17:07:58 (The puzzle is alread there)(UTC) .

I have removed exact timing for you to get it on your own.(or is it still there ..haha ). And still if you need it, you can request in comments.
I calculated it using stata. You can easily calculate this in two lines in python:

>>> import time
>>> print time.ctime(2**31 - 1 - 936266827)

Related Post:
Orio’s Riddle Completed
Twisty Puzzles

May 18, 2008 | Filed Under tech | 5 Comments 

View page source trick in firefox, flock

You may have read about firefox’s special about: pages like about:config, about:cache etc. Or you can go through Firefox about: pages to have an idea about them. There is one similar functionality in firefox which allows you to view page source of a page. You can type

view-source:http://www.google.com/

this in location bar to view page source of google.com.
So i have made this Bookmarklet to view page source: View Source (So you can drag this to your bookmark toolbar to have quick access).

Similarly you can type javascript: in your location bar to open java script error console.

Update1:
Key Board Shortcut: Use Ctrl+U to view page source

Related Post:
Firefox About Pages
Little tweaks with javascript : Bookmarklets.
Open webpages in sidebar

April 15, 2008 | Filed Under firefox, tips | 2 Comments 

Cross-site Scripting (XSS)

Two days back, my shoutbox was hacked :). I was not aware that people are actually visiting this, which I made long back to have similar thing for Ethos in june, 2005. After that i haven’t updated the code and many things were left in between.

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn’t checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ‘ , ” etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:

$shout=str_replace("<","<",$_GET["shout"]);

And to be on safer side we should also replace following characters:

replace ( with (
replace ) with )
replace & with &
replace ' with '
replace " with "

Or If you are not expecting user to input these characters then you can simply replace these with null string;

Update: (25-apr-2008)
You can also use php functions htmlspecialchars, htmlentities, strip_tags.

The replacements which I have mentioned above can be easily done using htmlspecialchars but if you want to extend it to all html tags then you can use htmlentities. And to strip both html and php tags from string you can use strip_tags. The disadvantage with strip_tags is that it doesn’t validate html so can cause trouble in case of broken html tags. It also provide you option to exclude list of tags from being stripped.

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

Related post:
SQL Attacks: Hacking (SQL injection)

Update(14th May 2008): XSS cheatsheet by ha.ckers.org lists possible cross site scripting methods on various browsers.

April 15, 2008 | Filed Under hacks, programming, tips | 1 Comment 

Adobe AIR: Web to Desktop

Past few days, I have came across Adobe AIR through digg, techmeme, delicious and so today i thought i should try this. Adobe AIR lets us their existing web development skills in HTML, AJAX, Flash and Flex to build and deploy rich Internet applications to the desktop. For Application development you will need two things:

Having Adobe AIR extension for Dreamweaver CS3 can be very helpful as it facilitates to package and preview .air application files directly within Adobe Dreamweaver CS3.

As my first AIR application, I ported my rubiks cube timer as a desktop application (RubikTimer.air). Its very easy using dreamweaver extension, have a look here : Create your first HTML-based AIR application with the AIR SDK (great tutorial for beginners).

One problem I faced: Usually setInterval(”display()”,500) works with Firefox/IE but it was not starting with no error message to look into but then i found out about using Adobe CommandLine tool. (via Three ways to debug Adobe javascript Application). It´s called ADL and resides in the /bin folder of the SDK. ADL showed the Error: “Unsafe javascript”. Then after some random changes when i change it to “setInterval(display,500)”, It started working. Another problem I faced was related to keypress events in javascript, were not working with AIR (still have to resolve this issue)

Download RubikTimer.air here
Web Based Rubik Cube Timer

Related Post:

Sample Adobe AIR Applications
Trying hands on Google gadgets

February 19, 2008 | Filed Under programming, webdev | 2 Comments 

Paint Online

These days i’m getting so many websites which allows you to draw online..here is a list of some
Flash Based:

HTML < canvas > Based:

Java Based:

Related Post :
Paint Chat !!
Web2.0 Applications

April 18, 2007 | Filed Under listing, web | 1 Comment 

SQL Attacks : Hacking

Yesterday I was participating an hacking competetion in which at one stage I had login on a page and after that can get to next level . When at first i randomly typed any password. then it gave an sql error that ” zero row selected” and incorrect password. So I thought of using SQL string injection . SQL is poor in security issues surrounding is the login and url strings. So idea is you give these values in login form :
user : ‘ OR 1=1–
password : ‘ OR 1=1–

and voila you are in. the other possible strings for password are :

A funny comic strip from xkcd illustrating sql injection.
xkcd

So whats the funda behind this :
When you click “login” or “enter” on webpage the variables ‘userid’ and ‘password’ are to sql. The underlying query is :

SELECT * from auth_db where username = ‘ $userid ‘ AND password = ‘$password’

So if you have entered username = admin and password = test123 then query executed will be :
SELECT * from auth_db where username = ‘ admin ‘ AND password = ‘test123 ‘

So in auth_db , if userid and password are correct than corresponding row will be selected and as no of rows returned is > 0 you will be granted access. But if password is incorrect than it will retun zero rows and permission won’t be granted. But if you use SQL string injection like if you put ‘ OR 1=1– as password and username both than query executed will be :

SELECT * from auth_db where username = ‘ ‘ OR 1=1– ‘ AND password = ” OR 1=1– ‘

Because a pair of hyphens designate the beginning of a comment in SQL, the query becomes simply becomes :

SELECT * from auth_db where username = ” OR 1=1

The expression 1=1 is always true for every row in the table, and a true expression or’d with another expression will always return true. So, assuming there’s at least one row in the Users table, this SQL will always return a nonzero count of records.So you are logged in now. And if in some cases But many times sql tries to parse = character in input strings and didn’t allow to do so, hence trick is using :
‘ OR userid LIKE ‘%%

So resultant query will be

SELECT * from auth_db where username = ‘ ‘ OR userid LIKE ‘%% ‘ AND password = ” OR userid LIKE ‘%%
So every string matches ‘%%’ so it returns non zero number of and you are granted access.
Not all SQL injection attacks involve forms authentication. All it takes is an application with some dynamically constructed SQL and untrusted user input. Most SQL-compliant databases, including SQL Server, store metadata in a series of system tables with the names sysobjects, syscolumns, sysindexes, and so on. This means that a hacker could use the system tables to ascertain schema information for a database to assist in the further compromise of the database. For example, the following text entered into the txtFilter textbox might be used to reveal the names of the user tables in the database:

' UNION SELECT id, name, '', 0 FROM sysobjects WHERE xtype ='U' --

The UNION statement in particular is useful to a hacker because it allows him to splice the results of one query onto another. In this case, the hacker has spliced the names of the user tables in the database to the original query of the Products table. The only trick is to match the number and datatypes of the columns to the original query. The previous query might reveal that a table named Users exists in the database. So after this with multiple queries you can get control over database.

Updated :
Also visit Ten hacker tricks to exploit SQL Server systems
http://us2.php.net/mysql_real_escape_string
http://www.unixwiz.net/techtips/sql-injection.html
*******************************************************************************
WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility
********************************************************************************

March 4, 2006 | Filed Under hacks, tutorial | 3 Comments