The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,808 other followers

Archive for March 14th, 2017

PSA: Don’t use the ‘save password’ feature, or plug random USBs into your computer.  – Album on Imgur

Posted by jpluimers on 2017/03/14

Rubber Ducky

Rubber Ducky

Looks like a simple USB sick. Has it’s own CPU, Micro SD storage and can run scripts by pretending to be a keyboard.

Easy way of getting into computers:

Imgur – PSA: Don’t use the ‘save password’ feature, or plug random USBs into your computer. 

This is a neat little tool called a USB Rubber Ducky.

It simulates a keyboard. Their motto goes along the lines of “Humans use keyboards. Computers trust humans.”. What they’re trying to say is the computer won’t look at this new device as malicious, because it’s ‘a keyboard’. It types at 1000 words a minute, meaning it takes about 8 seconds to completely infect a computer with a small scale payload. It has been featured on the tv show Mr. Robot.

You can get it here:

Take Social Engineering to the next level with a USB Rubber Ducky Deluxe hidden inside an inconspicuous “thumb drive” case. All the fixings included.  Since 201

Source: USB Rubber Ducky Deluxe – HakShop

  • Fast 60 MHz 32-bit Processor
  • Convenient Type A USB Connector
  • Expandable Memory via Micro SD
  • Hideable inside an in an innocuous looking case
  • Onboard Payload Replay Button

Community Payload Generators, Firmware, Encoders and Toolkits

The USB Rubber Ducky project has fostered considerable innovation and creativity among the community. Some gems include

–jeroen

 

via: PSA: Don’t use the ‘save password’ feature, or plug random USBs into your computer.  https://imgur.com/gallery/MGS0L – DoorToDoorGeek “Stephen McLaughlin” – Google+

Read the rest of this entry »

Posted in Development, Power User, Rubber Ducky, Scripting, Security, Software Development | Leave a Comment »

sed: convert Google Drive urls to direct download ones

Posted by jpluimers on 2017/03/14

RegEx Fu

RegEx Fu

One of the things after moving most of my things from copy.com to Google Drive was the direct (public) download URLs that copy.com provides. DropBox has them as well, but Google Drive lacks them in the UI.

There is a URL format that does allow for direct download though:

While Google aims for Drive to be a competent Dropbox competitor, there’s one small but key feature that isn’t easy: sharing direct download links. Fortunately, you can create your own.

Source: Share Direct Links to Files in Google Drive and Skip the Web Viewer

You can do a similar replacement for Google Doc URLs: How to Create Direct Download Links for Files on Google Drive

The Google Drive conversion seems straightforward as they convert from either of

https://drive.google.com/file/d/FILE_ID/edit?usp=sharing
https://drive.google.com/file/d/FILE_ID/view
https://drive.google.com/open?id=FILE_ID

to

https://drive.google.com/uc?export=download&id=FILE_ID

There are tons of RegEx examples for doing the first conversion at Regex to modify Google Drive shared file URL – Stack Overflow, but

  1. they don’t cover the two conversions
  2. they use the non-greedy (.*?) capturing groups which are tricky, introduce question mark escaping issues in hash and many sed implementations fail to implement non-greedy

Since I’m a command-line person, I’ve opted for a sed conversion that wasn’t in the above list. I choose sed because it allows you to convert either a line or a complete file at one time.

There are a few indispensable resources to get my regex expressions right:

So here it goes, starting with fixing https://drive.google.com/open?id=FILE_ID as it’s the most simple replacement because the FILE_ID is at the end.

First of all, these code fragments below are part of bash functions as bash functions remove the quoting hell you have with bash aliases.

Where bash aliases have no parameters (i.e. the arguments are put after the end of the expansion), functions have parameters. So if you want to pass all function parameters to a command inside a function, you have to use “$@” to pass all parameters.

This fragment fixes https://drive.google.com/open?id=FILE_ID printing each fix on one line using the p for printing command in sed:

sed -n 's@https://drive.google.com/open?id=@https://drive.google.com/uc?export=download\&id=@p' "$@"

A few remarks:

The second fragment fixes https://drive.google.com/file/d/FILE_ID/edit?usp=sharing and https://drive.google.com/file/d/FILE_ID/view again printing each fix:

sed -n 's@https://drive.google.com/file/d/\([^.]*\)/.*@https://drive.google.com/uc?export=download\&id=\1@p' "$@"

Some more remarks:

  • The FILE_ID is obtained from a capturing group during the match using \([^.]*\) and using the value in the replace with \1 as reference.
  • There is backslash escaping of the parentheses because that’s the sed way.
  • I’ve used a non-greedy \(.*?\) capturing group (sed can’t do that) but \([^.]*\)/ which matches any non-slash inside the capturing group until the first slash outside that group.

The final part is combing both replacement into one sed command:

sed 's@https://drive.google.com/open?id=@https://drive.google.com/uc?export=download\&id=@;s@https://drive.google.com/file/d/\([^.]*\)/.*@https://drive.google.com/uc?export=download\&id=\1@' "$@"

Final remarks:

–jeroen

Posted in *nix, *nix-tools, bash, bash, Development, Power User, Scripting, sed, sed script, Software Development | Leave a Comment »

 
%d bloggers like this: