So I have an assignment for my finals homework. It wants me to make a directory tree with some commands, similar to CMD. For example it will give me "make " and I will add directories to the tree. I got all the commands, syntax checking etc. down but I can't think how can I create the tree.
I thought about making a general tree for it, but there's a problem. When I add new folders, I need to check if it's already there and print a message if it is. I don't know a lot about tree structure but from what I know, to check them, I need to do firstChild, secondChild... until there is none which seems not the best way to do it.
I need ideas on this. I don't want you to do my homework, just a guideline for me to study would be more than enough.
To check if a directory path exists you can use fstat (see: https://linux.die.net/man/2/fstat).
But if you have the full path, you will parse that and check all if every part's parent exists.
For example if the path is /usr/local/bin/test you should check if /usr exists, then /usr/local, then /usr/local/bin and finally /usr/local/bin/test.
To do this you could write a recursive function calling itself with the last folder part stripped (unless you're at the root level) before checking if the specified path exists.
Related
I do not know what it is called but this is what I am wanting to do. Imagine that you have a directory named (program) then you have three other directories beneath that named 1,2,3. Each of these have 10 files in them either in python or php or what ever.
What I am wanting to do is change a little bity bit of code in each one using a find and replace in notepage ++. Is there a way to basically have every file combined for this one find and replace then when you are done just save it and have them go back into the individual files and directories like before. Is this even possible, has anyone even wanted to do this?
I am working on this problem:
https://www.hackthissite.org/missions/realistic/3/
The site above has been hacked and it is our job to return it back to its original state. I started by looking at the source code. The hacker left a comment reading:
"Note to the webmasterThis website has been hacked, but not totally destroyed. The old website is still up. I simply copied the old index.html file to oldindex.html and remade this one. Sorry about the inconvenience."
Therefore I went to https://www.hackthissite.org/missions/realistic/3/oldindex.html
I then clicked on submit poetry. In the name field I put ../index.html and in the poem field I put the source code of the page:
www(dot)hackthissite.org(dot)missions/realistic/3/oldindex(dot)html.
I got the right answer; however, I don't quite get how this works.
First of all how do you know when something is susceptible to
directory traversal. I did it because I looked at the forums, but
how would I know that directory traversal is an option?
If you click on read poem --> 'poem name' you get a url like this:
www(dot)hackthissite(dot)org/missions/realistic/3/readpoem(dot)php?name=The%20Idiot
In that case wouldn't the final url using ../index.html be:
www(dot)hackthissite(dot)org/missions/realistic/3/?name=index(dot)html
not www(dot)hackthissite(dot)org/missions/realistic/3/index(dot)html
Sory for the (dot). I need more reputation to post more links.
During a directory traversal attack, the attacker will submit a filename contaning characters that will allow them to access files outside of the intended directory. For example a single dot (.) refferes to the current directory and two dots (..) the parent directory. During an attack the aim will be to access and read restricted files using PHP's elevated privileges.
This is an example of directory transversal vulnerable php code:
$page = $_GET['page'];
$filename = "/pages/$page";
$file_handler = fopen($filename, "r");
$contents = fread($file_handler, filesize($file));
fclose($file_handler);
echo $contents;
In your challenge the file: "readpoem.php" is vulnerable in his $_GET['name'] variable and its happening something similar.
In a blackbox pentesting you can detect it by following errors produced when fuzzing a value and analyzing your request/respond traffic.
en.wikipedia.org/wiki/Fuzz_testing
One type of solution to prevent this is checking for "forbidden" occurrences as someone put an example here:
Preventing Directory Traversal in PHP but allowing paths
Firstly, I want to start by using inotify to monitor a specific directory (the main directory) for files and sub-directories. If a new directory is added into this main directory, how would I make sure to monitor this sub-directory with inotify? How would I monitor a new directory within this sub-directory of the main directory?
I think adding it to the watch is easy by using the inotify_add_watch() function but I do not know how to get the correct relative path address of files and directories within sub-directories (to use for like Dropbox-like syncing in a different location while maintaining the correct directory tree, for example).
Well the fastest to implement (but not the fastest in reality) would be to:
Create the initial tree of directories by recursively exploring the children; An example in C/Linux can be found here:
http://www.lemoda.net/c/recursive-directory/
Add a watch for each subdirectory; When something has been modified or changed you can parse all children recursively and see the differences. Something similar was discussed here:
How to monitor a folder with all subfolders and files inside?
If this solution doesn't appeal to you, you might try to do a polling mechanism such that you must re-check the whole structure using a thread at a certain time interval.
Hope it helps!
I'd like to create a unique temporary directory in Windows from some C
code (not C++ or C#). I want to do this so that I can put some temp
files in the directory, and then delete them all easily when I'm done
(by removing the directory recursively).
I'm essentially looking for an equivalent of the linux
mkdtemp
function. There is a C# answer here, and responses on this
question
suggest using Boost. But since I'm using C, those solutions don't work
for me.
The best I've been able to come up with so far is to use
GetTempFileName
followed by CreateDirectory,
but the problem there is that if I ask
GetTempFileName
to create a unique file name, it will also create the file (which I
don't want, since I want to make a directory instead).
Relatedly, there's
GetTempPath,
which returns the location of the user's temp folder from environment
variables - but since I want to create my own directory that I can
safely delete later, I still need to create a directory inside any
path it would return.
It looks like if I want a unique directory to be created, I'll have to
create a temp file, get the name, delete it, and then create a
directory with the same name - which sounds very messy.
Any other ideas?
You can use what GetTempPath returns concatenated with a Guid to ensure uniqueness of the directory. You can create a Guid using UuidCreate or CoCreateGuid Function.
To delete recursively the directory, there is an example here in pure C: How to remove directory recursively? based on FindFirstFile, FindNextFile, DeleteFile and RemoveDirectory.
There is also SHFileOperation but it's more heavyweight and is based on the Windows Shell functions, and the Shell DLLs are not always wanted, especially if you're writing server code.
Use GetTempPath then CreateDirectory with a random name under it, optionally retrying if CreateDirectory fails due to it already existing. But if your name generation is good enough, the likelihood of a collision with an existing name is much smaller than the likelihood of a blackhat guessing your password or even your private key, so you might as well ignore it.
Use _tempnam tmpnam_s to create a filename that doesn't exist yet, and then use CreateDirectory to create the directory. There's technically a race condition if you do this, in that another process could potentially create a file or directory with that name in the time in between when you generate the filename and when you create the directory, but the odds of that are rather unlikely. To protect against that, you can loop until you succeed.
For recursively removing a directory tree, you can use SHFileOperation. Alternatively, you can do the directory traversal yourself with FindFirstFile/FindNextFile, DeleteFile, and RemoveDirectory.
If you want to remove the directory automatically upon exiting, register a function using atexit. This will only work for normal program termination (i.e. via the exit function or via returning from main/WinMain). This will not work for abnormal program termination (e.g. via abort, an access violation, someone else calling TerminateProcess, etc.).
I am searching for a solution to delete all files from my pendrive using a C program. I don't want the code to detect the pendrive as that's not a concern right now. I would appreciate any links that could help me out on this.
Note: I am working on Windows 7 64-bit and I want to delete the entire contents from my pendrive, which contains .exes and .dlls.
Thanks and Regards,
Radix
The non-hack correct way to do this, is via the Virtual Disk Service.
If you can't use something like rm -rf F:\* and you really do need to implement it yourself in C then I think I'd probably opt for a recursive solution based on FindFirstFile and FindNextFile. These are the native Windows APIs for enumerating directories. Not remotely portable, but it doesn't seem that's a requirement.
Basically the idea is that you write a function, EmptyDir(), say, whose job it is to delete the contents of a directory. The function uses FindFirstFile and FindNextFile to walk the contents of the directory. When a file is encountered it is deleted. When a directory is encountered, EmptyDir() is called recursively. The last job of EmptyDir(), before it returns, is to delete the now empty directory.