Maven helps us build our jar and war components for different environments configuring profiles.

We are going to see here how we can use Maven profiles to build and package Java jar files configured for specific environments.

Popularity: unranked [?]

Compensation From The Government.

The Chairman
DEBT MANAGEMENT OFFICE
Committee On Government Compensation,
Wuse Zone II, FCT, ABUJA.:
Our Ref : FGN /SNT/STB

Dear Beneficiary,

Re: Government Compensation on Scams Victims, Lotto, Unpaid/Unclaimed
Contract/Donation.

The Federal Government of Nigeria through the President Dr.Goodluck Jonathan GCFR CON, has mandated the Debt management office in colaboration with Nigeria Financial Intelligence Unit (EFCC)to compensate all foreigner’s who in one way or the other has been retrieve of there hard earn money through illegal transaction.

All the Scams Victim who has lost so much to the fraudsters in Nigeria can now be compensation in pro rata of money lost.we are carrying out this verification and payment procedure with guideline from the The Federal Bureau Investigation Director (FBI) Mr.Robert,S.Mueller. The EFCC Chairman Mrs. Farida Waziri agency had not only recovered $6.5bn since its inception but had secured 400 convictions :http://www.punchng.com/Articl.aspx?theartic=Art201006153502178

You are officially informed that the sum of $150,000.00 (One hundred and fifty thousand U. S. dollars only)has been accredited in your favor for compensation due to your inability to claim your funds for some circumstances.

The Instruction has been given to us to Compensate the Scams Victims.Please if you have not been Scammed do not reply this message,it is onlyfor those that were scammed of their money that needs to reply this mail for Compensation.

For processing and verifications, kindly tender the below information:
* Full Name:
* proof of payment/relevant document:
* Phone Number:
* Gender:
* Age:
* Occupation:
* Country:
* Identification:

Direct your information below to the officer that will give instruction to
pay you the Compensation.

Dr. Greg Sambo
DEBT MANAGEMENT OFFICE
Committee On Government Compensation.
email:dmo@contractreviewplanel.fr.fm

Popularity: unranked [?]

1
2
3
4
5

<select name="client.idClient" id="idClient">
	<option value="1">CLIENT 1</option>
	<option value="2">CLIENT 2</option>
	<option value="3">CLIENT 3</option>
</select>

You can disable an element by setting the disabled attribute to disabled:

1

jQuery("#idClient").attr("disabled","disabled");

And enable the element by removing the disabled attribute:

1

jQuery("#idClient").removeAttr("disabled");

If the element is an input:

1

<input type="checkbox" id="yes"/>

then you have to set the checked attribute to checked:

1
2

jQuery("#yes").attr("checked","checked");
jQuery("#yes").removeAttr("checked");

If you want to set a value for an element in your document:

1

jQuery("#idClient").val('1');

will set the selected option in the dropdown to the value 1.

To get the selected value:

1

jQuery("#idClient").val();

and the selected text:

1

jQuery("#idClient option:selected").text();

Very useful link: jQuery – FAQ

Popularity: unranked [?]

<input type="button" value="<liferay-ui:message key="cancel" />" 
onclick="<portlet:namespace/>_back();"/>
 
<script type="text/javascript">
 
      function <portlet:namespace/>_back() {
 
            var backURL = Liferay.PortletURL.createRenderURL();
            backURL.setPortletId("");
            backURL.setParameter("networkId", ${networkId});
            backURL.setPortletMode("view");
 
            location.href = backURL;
      }
 
</script>

All the available methods are (as in Liferay 5.2.3):

• setCopyCurrentRenderParameters: function(copyCurrentRenderParameters);
• setDoAsUserId: function(doAsUserId);
• setEncrypt: function(encrypt);
• setEscapeXML: function(escapeXML);
• setLifecycle: function(lifecycle);
• setName: function(name);
• setParameter: function(key, value);
• setPlid: function(plid);
• setPortletConfiguration: function(portletConfiguration);
• setPortletId: function(portletId);
• setPortletMode: function(portletMode);
• setResourceId: function(resourceId);
• setSecure: function(secure);
• setWindowState: function(windowState);
• toString: function();

And you can create any portlet URL:

• var actionURL = Liferay.PortletURL.createActionURL(); // (‘ACTION_PHASE’);
• var renderURL = Liferay.PortletURL.createRenderURL(); // (‘RENDER_PHASE’);
• var resourceURL = Liferay.PortletURL.createResourceURL(); // (‘RESOURCE_PHASE’);
• var permissionURL = Liferay.PortletURL.createPermissionURL(portletResource, modelResource, modelResourceDescription, resourcePrimKey);

Have a look at the library in

liferay-portal-src-5.2.3/portal-web/docroot/html/js/liferay/portlet_url.js

Popularity: unranked [?]

In this post we are creating a simple Liferay hook to change the value of a property in the portal.properties, override one of the Portal jsps and handling an event.

Popularity: unranked [?]

Maven lifecycle:
http://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html

Maven create web app
http://maven.apache.org/plugins/maven-archetype-plugin/examples/webapp.html

Maven plugins
http://maven.apache.org/plugins/

Work on progress… any suggestions?

Popularity: unranked [?]

http://usefulfor.com/java

Here you will find snippets for those things that you do when setting up a new project, or every now and then, and absolutely forget about. Instead of spending time re-looking for them in your file system or googling them (again), come here and copy and paste that jQuery method, configuration file or find the solution for that Exception you are already familiar with!

Popularity: 61% [?]

public String getMonthFromInt(int iMonth) {
  String month = "invalid";
  DateFormatSymbols dfs = new DateFormatSymbols();
  String[] months = dfs.getMonths();
 if (iMonth >= 0 && iMonth <= 11)
    month = months[iMonth];
  return month;
}

Popularity: unranked [?]

Popularity: unranked [?]

Step #1: install RubyGems:
apt-get install rubygems

Step #2: update RubyGems:
gem install rubygems-update --version=1.3.4

Step #3: get Rails 2.3.5:
gem install rails --no-rdoc --no-ri

Popularity: unranked [?]

However, every now and then, we stumble upon more complex scenarios, for instance, an application whose code has been obfuscated causing decompilation errors. In that case it will no longer be enough to decompile, modify the code and compile again, we would need some other technique. Patching the .class file at the bytecode level sounds like a reasonable approach.

Popularity: unranked [?]

It turned out that an osvdb project already existed in RubyForge so we have submitted our code there.

There are no releases so far but the code in the repository is working. In order to get it:

svn checkout http://osvdb.rubyforge.org/svn/trunk osvdb

As well as implementations for the ‘Find by Microsoft Security Bulletin ID’ and ‘OSVDB ID Lookup’ queries, the repository contains test cases and a Rakefile to generate RDoc documentation for the library.

Stay tuned for updates.

Popularity: unranked [?]

The org.jboss.resource.security.SecureIdentityLoginModule from jboss-jca.jar can be used to encrypt database passwords rather than using clear text passwords in the DataSource configuration. [...]

Which in principle, is a great thing. The problem being that usually database credentials end up being placed in the web application configuration file in clear text. However:

[...] It uses a hard-coded password to encrypt/decrypt the DataSource password.

Bottom line, anyone using the SecureIdentityLoginModule to encrypt their password in the configuration file is doing it with a Blowfish algorithm and well known key. So if during an engagement you find a configuration snippet similar to the one below:

<policy>
[...]
  <!-- Example usage of the SecureIdentityLoginModule -->
  <application-policy name="EncryptDBPassword">
    <authentication>
      <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
      <module-option name="username">sa</module-option>
      <module-option name="password">5dfc52b51bd35553df8592078de921bc</module-option>
      <module-option name="managedConnectionFactoryName">[...]</module-option>
    </login-module>
  </authentication>
</application-policy>
[...]
</policy>

You should be able to reverse the encryption and get the credentials in clear text. JBoss.java can help you with this, it is now available in usefulfor’s repository at GitHub.

Popularity: unranked [?]

The truth is that you would need 2 or 3 duplicates to get to do all the stuff that you want to do. There are just too many talks, contests and random stuff going on that it is not possible to cover it all. Anyway, below is a breakdown of the talks I managed to get in.

Popularity: unranked [?]

Generate the certificate using OpenSSL:-

$ openssl genrsa 1024 > foo.key
$ openssl req -new -x509 -nodes -sha1 -days 7300 -key foo.key > foo.crt
$ openssl pkcs12 -export -out foo.p12 -in foo.crt -inkey foo.key -name "your name"

You will need the .p12 file (contains key and certificate) to configure Burp. And the .crt file to add it to the Java keystore used by the client. Checkout Burp’s help page for instructions on how to get the first done.

Create a Java keystore, import the certificate

Straightforward enough (just remember the password you entered):

keytool.exe -import -file foo.crt -keystore usefulfor.jks -alias burpcert

Run the application and point it to your keystore

java \
  -Djavax.net.ssl.trustStore=usefulfor.jks \
  -Djavax.net.ssl.trustStorePassword=password \
  -Djavax.net.debug=all  \
  com.usefulfor.Demo

Other interesting properties that you may need in order to further tweak the SSL configuration are javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

Popularity: unranked [?]

Tools are provided to create your own certificates and also to use the certificates you have created in SSL communications. The information in this article should be valuable in understanding the certificate format and useful if you need to work with certificate parsing, SSL implementations or fuzzing of the related technologies.

Popularity: unranked [?]

Update (2009-04-09): Checkout the new import/export plugin generators at dradis community forums.

Popularity: unranked [?]

Popularity: unranked [?]

In this post I’ll be looking at what an extension is, how it fits into the dradis framework and how to write your own extensions.

You are welcome to jump ahead to the How do I write my own extension? if that is the only part that you are interested in.

Popularity: unranked [?]

It is not the final solution, and it is not integrated with the web interface, but hopefully it will give you an idea of how easy is to get your own exporting modules for dradis.

Popularity: unranked [?]