Combine filters on a JTable

Published on Saturday, 01 June 2013 in Java ; tagged with project, swing, java, awt, jtable, filter, regex, trick ; text version

Since few days, I'm working on a school project. Its goal is to use Java and Swing to create an interface for the Crew Scheduling Problem.

Dealing with a list of tasks, I choose to use a JTable as the graphical view.
One feature I want to implement is some filters to display/hide the tasks.

If you read the Java doc, you will see a lot of examples on how to use filters.
My problem here is that these examples only deals with simple filter, i.e. one filter for the whole row.
What I need is several filters, each one for a specific cell on a row. At this point, the doc becomes useless.

Hopefully, while looking for some similar issues on the Internet, I stumble on really few topics which explain how to perform a more advanced filtering system.
Therefore I am writing this post to sum them up.

Continue reading

Install Metasploit 4.6-1 on Archlinux (Outdated)

Published on Saturday, 25 May 2013 in Security ; tagged with trick, archlinux, metasploit, system ; text version


During the HackGyver's session last Friday, jvoisin presented metasploit.
Setting up a metasploitable machine, he explained the basic uses of this amazing tool.

To sum up, let's say that for basic pentesting, the steps are:

Metasploit on Archlinux

First step was to install metasploit (you don't say?) and it was funny to hear something like:

It's kind of borring to install mestasploit on Debian because you have to get a .deb here, then dpkg (insert option here), then... I'll give you 15 minutes to take care of that then we start.

Hum? Difficulties on Debian for metasploit installation? Who cares? I'm on Arch \o/
I just have to write yaourt metasploit and AUR takes care of everything!

Continue reading

Crackme 0x1d01ebcc

Published on Thursday, 18 April 2013 in Reverse Engineering ; tagged with trick, elf, challenge, crackme, reverse engineering, ida, sigsev, handler, exception ; text version


Last week, jvoisin came up with a home made crackme.
Since I'm really interested in reverse engineering but really lame, I took this opportunity to learn some stuffs.

So let's take a look :)


Basic strategy, I apply file and readelf on the binary.

depierre$ file 0x1d01ebcc
0x1d01ebcc: ELF 32-bit LSB  executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), stripped

depierre$ readelf -h 0x1d01ebcc
En-tête ELF:
  Magique:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Classe:                            ELF32
  Données:                          complément à 2, système à octets de poids faible d'abord (little endian)
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  Version ABI:                       0
  Type:                              EXEC (fichier exécutable)
  Machine:                           Intel 80386
  Version:                           0x1
  Adresse du point d'entrée:         0x80492d0
  Début des en-têtes de programme:   52 (octets dans le fichier)
  Début des en-têtes de section:          57005 (octets dans le fichier)
  Fanions:                           0x0
  Taille de cet en-tête:             52 (bytes)
  Taille de l'en-tête du programme:  32 (bytes)
  Nombre d'en-tête du programme:     9
  Taille des en-têtes de section:    40 (bytes)
  Nombre d'en-têtes de section:      57007
  Table d'indexes des chaînes d'en-tête de section: 47806
readelf: ERREUR: Incapable de lire 0x22cb58 octets de En-têtes de section

Well, it seems that the section headers are screwed. He might have applied this trick from his blog.
He explains that with few modifications in the elf header, GDB will not be able to debug the crackme.

"Qu'à cela ne tienne", I'm going to use IDA instead. Since I have the 6.4 version, I'm not concerned by this possible trick, so let's give a try!

Continue reading

Secu'RT - Writeup

Published on Monday, 25 March 2013 in CTF, Security ; tagged with ctf, write up, security, challenge, secu'rt ; text version


Aujourd'hui s'est déroulé le CTF de la Secu'RT à Montbéliard.
Dans la matinée nous avons pu assister à des conférences sur le domaine de la sécurité plus ou moins intéressantes.
C'est vers 14h que les hostilités ont commencé.

Pour information, la Secu'RT a plus pour objectif de sensibiliser les gens à la sécurité.
C'est donc dans cet optique que les challenges ont été pensés.

J'y ai participé avec les membres de Hackgyver.
Nous avons du nous séparer en deux équipes pour équilibrer les forces.

Equipe 1 : Maijin et Futex (2e au classement) Equipe 2 : deadr0m1`, jvoisin et moi-même (1ère au classement héhé)

Le programme : RootBSD a mis en place les challenges.
Chacun était accessible à l'adresse, avec PORT pour passer d'une épreuve à l'autre.

Continue reading

Introduction to buffer overflows

Published on Sunday, 24 February 2013 in Security ; tagged with stack, shellcode, gdb, exploit, buffer, aslr, peda, bof, overflow, exec, security ; text version

Before starting

I know that buffer overflow is not a new hot topic from last week but it's so enormous that I really wanted to do something about it.

Thanks to the Most Expansive One-Byte Mistake, the NUL-byte defining the end of strings opens a whole new world.
By taking advantages of dummy functions like strcpy, we will be able to exploit a famous security flaw.
This security hole is called buffer overflow and it will be the topic of this paper.

I'm writing these words more as a reminder than a fully-documented expert whatever paper, but I hope it will help you.

Continue reading License WTFPL2