I have a large number of EXE files and need to figure out which ones have digital signatures. Does anyone know if there is a way to check without access to WinVerifyTrust (they're all on a Unix server).
I can't seem to find any information on where the digital signature actually is inside the EXE. If I could find out where it is I might be able to open the file and fseek to a location to test. I don't need to do "real" verification on the certificate, I just want to see if a digital signature is present (or, more importantly, NOT present) without having to use WinVerifyTrust.
As mentioned above, the solely presence of the IMAGE_DIRECTORY_ENTRY_SECURITY directory is a clear indicator to detect the presence of a signature inside a PE file. If you have a large amount of files to test and want to filter these, just testing the presence of this standard directory is valid. You don't need a library to do this.
I tried to solve the problem in the same situation.
I recommend osslsigncode.
This is an implementation of windows authenticode with openssl.
https://github.com/develar/osslsigncode
Below is a code block excerpt from osslsigncode.
siglen = GET_UINT32_LE(indata + peheader + 152 + pe32plus*16 + 4);
If siglen is 0 in osslsigncode, it determines that there is no signature.
If you just want to check the signature, you don't need a library.
However, see osslsigncode for help.
You can find this information using code from Mono.Security.dll AuthenticodeBase [1]
[1] https://github.com/mono/mono/blob/master/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeBase.cs
Your best hint (if an authenticode signature is present) is:
// 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
dirSecurityOffset = BitConverterLE.ToInt32 (fileblock, peOffset + 152);
dirSecuritySize = BitConverterLE.ToInt32 (fileblock, peOffset + 156);
if dirSecuritySize is larger than 8 then there's an signature entry (valid or not).
Related
I'm getting this error:
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:6c3fc9a8-cdf6-4874-a141-10282b709022 Time:2014-07-30T10:48:43.8634735Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rwl 2014-07-31T04:48:20Z /acoustie/$root 2014-02-14
</AuthenticationErrorDetail>
</Error>
I get it when I generate a sas (Shared Access Signature) then paste that sas at the end of the container uri into a browser. This is the full address with the generated sas:
https://acoustie.blob.core.windows.net/mark?sv=2014-02-14&sr=c&sig=E6w%2B3B8bAXK8Lhvvr62exec5blSxsA62aSWAg7rmX4g%3D&se=2014-07-30T13%3A30%3A14Z&sp=rwl
I have scoured SO and Google and have tried lots of combinations, as far as I can tell I'm doing everything correctly, I know I'm not, I just can't see it...really hoping someone can help :-\
To be clear, I am generating a sas on a container, not a specific blob and not on the root container. Access on the blob is defined as Public Blob. My end goal is to simply allow writes to the container with the sas, while 'debugging' I have added most permissions to the SharedAccessBlobPolicy.
I have tried adding a \ at the beginning and ending of the container name. No change.
This is the code I use to generate the sas:
var blobClient = storageAccount.CreateCloudBlobClient();
//Get a reference to the blob container
var container = blobClient.GetContainerReference(containerName);
// Do not set start time so the sas becomes valid immediately.
var sasConstraints = new SharedAccessBlobPolicy
{
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(30),
Permissions = SharedAccessBlobPermissions.Write
| SharedAccessBlobPermissions.Read
| SharedAccessBlobPermissions.List,
};
var sasContainerToken = container.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
var sas = string.Format("{0}{1}", container.Uri.AbsoluteUri, sasContainerToken);
Logger.Debug("SAS: {0}", sas);
return sas;
It generates a signature, it just doesn't seem to be a valid signature.
I've tried different containers, changing the Access policy, with and without start times, extending the expiry to > 12 hours from now (I'm in a UTC+10 timezone), it doesn't seem to matter what I change it results in the same "signature did not match" error.
I have even tried using an older version of 'WindowsAzure.Storage', so I have now tried 4.2 and 4.1. Even tried the uri in a different browser, really shouldn't make a difference but hey...
Any suggestions are greatly appreciated :-)
Short Answer:
Add comp=list&restype=container to your SAS URL and you should not get this error.
Long Answer:
Essentially from your SAS URL, Azure Storage Service is not able to identify if the resource you're trying to access is a blob or a container and assumes it's a blob. Since it assumes the resource type is blob, it makes use of $root blob container for SAS calculation (which you can see from your error message). Since SAS was calculated for mark blob container, you get this Signature Does Not Match error. By specifying restype=container you're telling storage service to treat the resource as container. comp=list is required as per REST API specification.
Adding to #Gaurav Mantri Answer, in order to double check the permissions, you can also create your OWN SAS token in Azure Portal
From this you can relate this comp=list&restype=container
Resource types you can provide as :
Container
Object
Service
Hope this helps to some one..
After spending lot of time on this the actual error is different then exception raised by .net compiler. if you're using meta data fields while uploading blob file into storage then check metadata character's. For example I am adding metadata fields like description, filename and etc.... In description field I have some junk characters and which i found at the run time string text viewer.
my description originally > test� file description , after changing the description "test file description" . It is working fine.
metadata values i have extracted from different sources tats why it got that junk characters . Please remove/amend values of metadata then it will work well.
I've been looking for a way to check if a point is part of a polygon; this polygon is loaded from a file.
All the answers related to this question are solved with javascript, but I require to do this on server-side; this because the result does not need to be shown to the user as a webclient, it needs to be stored and later be used as a parameter to select a group of users (that use the system) inside that area (polygon).
I looked for a Google Maps API for PHP but it looks like it does not exists at all. I found this one, but it is not related to Google and also focuses on the front end.
I also looked for a REST API; it would have been relatively easy to load the content to my php and parse it, but looks like Google put all its efforts on the JS API.
Is there any workaround for this?
Edit 1: As #Spacedman requested, the file format is a KML
Clarification 1: I expected that Google provide a tool for this (as it exists with JS); parsing the file to check via an algorithm is a posibility and I'll have to check if it works properly.
Did you try searching for "php point in polygon" in your favourite search engine? Top hit:
http://assemblysys.com/php-point-in-polygon-algorithm/
It uses a scanline algorithm, and there's some examples. All you need to do is read your polygon file into the right format (you neglected to say what format you have) and call the function.
You can try somthing like this (in php should be similar):
int iCheck=0;
for (i = 0, v = HowManyVecotrsHasThePolygon - 1; i < HowManyVecotrsHasThePolygon; v = i++)
{
if (((vectorPointLatitud[i] > ptoLatitud) != (vectorPointLatitud[v] > ptoLatitud)) && (ptoLongitud < (vectorPointLongitud[v] - vectorPointLongitud[i]) * (ptoLatitud - vectorPointLatitud[i]) / (vectorPointLatitud[v] - vectorPointLatitud[i]) + vectorPointLongitud[i]))
iCheck++;
}
if iCheck is pair the point is outside, even inside
Checkout Polygons Eric Haines. I got the idea from him.
The idea is you've to create a Ray from your point, and check how many intersections between this ray and the Polygons vectors
The algorithm is just a bit of algebra, that you can check in any book.
You could use the PHP V8 PECL extension to execute javascript within PHP. Alternatively, you could call a node.js script using a shell command (which essentially does the same thing).
http://php.net/manual/en/book.v8js.php
http://php.net/manual/en/function.shell-exec.php
I'm designing a web application that can be customized based on which retail location the end user is coming from. For example, if a user is coming from a store called Farmer's Market, there may be customized content or extra links available to that user, specific to that particular store. file_exists() is used to determine if there are any customized portions of the page that need to be imported.
Up until now, we've been using a relatively insecure method, in which the item ID# and the store are simply passed in as GET parameters, and the system knows to apply them to each of the links within the page. However, we're switching to a reversible hash method, in which the store and item number are encrypted (to look something like "gd651hd8h41dg0h81"), and the pages simply decode them and assign the store and ID variables.
Since then, however, we've been running into an error that Googling extensively hasn't found me an answer for. There are several similar blocks of code, but they all look something like this:
$buttons_first = "../stores/" . $store . "/buttons_first.php";
if(file_exists($buttons_first))
{
include($buttons_first);
}
(The /stores/ directory is actually in the directory above the working one, hence the ../)
Fairly straightforward. But despite working fine when a regular ID and store is passed in, using the encrypted ID throws this error for each one of those similar statements:
Warning: file_exists() expects parameter 1 to be a valid path, string given in [url removed] on line 11
I've had the script spit back the full URL, and it appears to be assigning $store correctly. I'm running PHP 5.4.11 on 1&1 hosting (because I know they have some abnormalities in the way their servers work), if that helps any.
I got the same error before but I don't know if this solution of mine works on your problem you need to remove the "\0" try replace it:
$cleaned = strval(str_replace("\0", "", $buttons_first));
it worked on my case.
Run a var_dump(strpos($buttons_first,"\0")), this warning could come up when a path has a null byte, for security reasons. If that doesn't work, check the length of the string and make sure it is what you'd expect, just in case there are other invisible bytes.
It may be a problem with the path as it depends where you are running the script from. It's safer to use absolute paths. To get the path to the directory in which the current script is executing, you can use dirname(__FILE__).
Add / before stores/, you are better off using absolute paths.
I know this post was created on 2013 but didn't saw the common solution.
This error occurs after adding multiple to the file submit form
for example you are using files like this on php: $_FILES['file']['tmp_name']
But after the adding multiple option to the form. Your input name became file => file[]
so even if you post just one file, $_FILES['file']['tmp_name'] should be change to $_FILES['file']['tmp_name'][0]
I have a script that displays images based on certain conditions. When none of the conditions are met, I want to randomly display one of the standard (backup) images. Those other images are on a remote server. I have read that you can't read a directory on a remote server, which makes sense.
Is my best bet to place a file into the remote server's image directory that outputs all of the image file names so I can parse it with the other server? Is there an easier way?
I prefer not to use FTP (http://php.net/manual/en/book.ftp.php).
What are my options for basically just getting the names of the images in that folder?
Thanks,
Ryan
UPDATE:
#mario's answer is lightweight and works like a charm. It is exactly the solution I thought I wanted, but after thinking about it some more, and reading that even #mario would do it differently, I decided to go with #bensiu's answer, because to me, control and security are more important than convenience. With #mario's method, it's very hard to know if the data you're getting is any good (lack of control) and you're exposing your directory / some server information (security). #bensiu's suggestion involves a second file (inconvenience), but provides the control and security I'm ultimately deciding to go with!
Thank you both!
-Ryan
I would prefer an exact and dedicated handler script like #bensiu pointed out.
But an alternative would be to read out a directory listing. A simple Apache generated mod_index listing would be sufficient for:
$html = file_get_contents("http://example.com/images/");
preg_match_all('/<a href="([-\w\d.]+\.(jpeg|png|gif))"/', $html, $uu);
$files = $uu[1];
I hope you at least have access to remote server...
You can place there script "A" that will do the job locally, return list of images in preffered format ( raw text, JSON, XML... ), and this script will be remotly called by curl form your server....
It also wise to make sure that when you call script "A" you at least passing some secret key to prevent unathorised access (not perfect solution but could be enought)
if you have PHP5 and the HTTP stream wrapper enabled on your server, it's very easy and simple to copy it to a local file:
copy('http://somedomain.com/file.jpeg', '/tmp/file.jpeg');
ome hosts disable copy() function then you can make your own -
<?php
function copyemz($file1,$file2){
$contentx =#file_get_contents($file1);
$openedfile = fopen($file2, "w");
fwrite($openedfile, $contentx);
fclose($openedfile);
if ($contentx === FALSE) {
$status=false;
}else $status=true;
return $status;
}
?>
Can I programmatically upload a file to the server (without client's interference) ? I know this is not possible in normal (.html) files. Is there anyway I can do it from .hta file? or any server side or plug-gin solution?
from an HTA, you can use the shell object to run commands just as if you were running from the command line - including FTP - but of course you'll need FTP credentials. since you said you'll be able to hardcode the files to be uploaded, i assume you have full access...
var shell = new ActiveXObject('wscript.shell');
var params = // this should be a string of ftp commands, like OPEN ftp.example.com USER PASS CWD somedir PUT c:\whatever.txt BYE
shell.run("%comspec% /c ftp.exe -i -s:" + params, 1, true);
Short answer is no.
It may be possible on some machines using a signed java applet - but from the wording of the question, that's going to be a very long juorney for you.
Based on your last comment, you might atleast need the user to load a web page. So based on an onload function, you can use an ajax hidden form to submit whatever files that you'd want to.
But getting information from your user without their knowledge might put you in a legal situation.
Good luck!!