Archive for August, 2010

Mining passwords from public GitHub repositories

Saturday, August 28th, 2010

I was on GitHub today, and I had a thought about mining database, account and server passwords of public repositories where the developer has forgotten to remove the password from the source code before pushing to the public repository.

I did a simple test using GitHub’s search using certain keywords eg:

It only takes you to go through about 10 pages of search results (“root password” has over 10,000 results) and you can see a few password’s that look like real. GitHub do have an article about remove sensitive data (http://help.github.com/removing-sensitive-data/) but also has a good statement line saying “Once the commit has been pushed you should consider the data to be compromised. Period.” which is very true but it seems there are alot of developers out there that our committing there passwords. I wonder how many hackers have prowled through GitHub looking for passwords and in result successfully been able to pull of an attack.

However, the best search term is “gmail password” (http://github.com/search?type=Code&language=&q=gmail+password&repo=&langOverride=&x=0&y=0&start_value=1) which as you can see, the first result looks like a real gmail password. I haven’t tested any of these passwords but I’m sure there is plenty of real passwords that developers have committed.

So remember, DON’T COMMIT YOUR PASSWORDS!

Tags: , ,
Posted in Security | 6 Comments »

iniReader – Simple C++ configuration file parser

Saturday, August 28th, 2010

I have created a very simple C++ class that will parse a configuration file and return the value of the request key. You can get the code from http://github.com/bmaynard/iniReader.

I created this class for my CPUHog application (http://github.com/bmaynard/CPUHog) which records CPU and memory usage of applications running so you can find out which processes where hogging your CPU time.

Please feel free to leave feedback if you have any suggestions or problems. I do plan on make the class more powerful as its very simple at the moment.

**Update: I have made a few updates to the library including:

  • Changed getOption and getOptionChar to getOptionToString and getOptionToChar
  • Added getOptionToInt
  • Added cleanupIniReader which will empty the results from the parsed configuration file

Tags: , ,
Posted in c++, Programming | 2 Comments »

The most craziest captcha….EVER!

Saturday, August 14th, 2010

I have been meaning to blog about this for over a year now, but check out the captcha on this website: http://linksave.in/register.

That is one way on how NOT to do captcha, but very interesting and I wonder how spam bots go with it.

Tags:
Posted in Random, Web | 1 Comment »

NFS Manager

Wednesday, August 11th, 2010

I have been playing around with python and django the last coupon of weeks and I have created a NFS Manager module. You can grab the source code from: http://github.com/bmaynard/NFSManager

It is fairly basic at the moment and I havn’t implement all the options available for NFS but you can manage several servers from one place :) . To use the module, you create new servers, then setup the shared directories and clients. After you have set everything up you can go to the server list and push the changes across from the action drop down.

If you have any comments or suggestions then please leave a comment, I would like to try and make the module more powerful.

Tags: , , ,
Posted in Django, Python, Web | No Comments »