WordPress enable html in category description

Recently I needed to enable html in category descriptions so that I could add a featured image to each of my category.
Here is the solution.

wp_filter_kses
wp_kses_data

/**
 * Allow HTML in term (category, tag) descriptions 
         * Note : You may want to restrict access to who can edit category description or of the sort.
         * Removing the filter will enable anyone to insert html/javascript code (which may be malicious)
 */
foreach ( array( 'pre_term_description' ) as $filter ) {
    remove_filter( $filter, 'wp_filter_kses' );
}
 
foreach ( array( 'term_description' ) as $filter ) {
    remove_filter( $filter, 'wp_kses_data' );
}

I will release a small quick plugin for this when I have the time (hopefully soon)

 

Enjoyed the content ? Share it with your friends !

Optimize VestaCP Part 1 – Upgrade PHP

Optimize VestaCP Part 1 – Upgrade PHP

Assuming you already have VestaCP installed, your PHP that comes along with it is probably 5.x . However, the latest PHP version as of writing is already 7.2 . There is a huge difference in performance between PHP 7.x and PHP 5.x and hence, it is important to upgrade your PHP version if you wish to optimize and speed up your server.

Now, onto the actual upgrade process. For this tutorial, the commands will be based on CentOS

1. SSH into your server.

2. Check your PHP version just to be sure you aren’t already on 7.x

php -v

If it is already PHP 7.0 and above, you need not continue with this tutorial. You may wish to proceed to the other optimization tutorials instead..

3. Stop necessary services – httpd and php-fpm

service httpd stop
service php-fpm stop

4. Remove our current PHP installation

yum uninstall php

4.  Download or update the remi repository and enable it

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm
rpm -Uvh remi-release-7.rpm epel-release-latest-7.noarch.rpm

yum --enablerepo=remi update remi-release

5. Install our new PHP with the modules that you wish to have or remove

yum --enablerepo=remi-php70 install php70-php php70-php-pear php70-php-bcmath php70-php-pecl-jsond-devel php70-php-mysqlnd php70-php-gd php70-php-common php70-php-fpm php70-php-intl php70-php-cli php70-php php70-php-xml php70-php-opcache php70-php-pecl-apcu php70-php-pecl-jsond php70-php-pdo php70-php-gmp php70-php-process php70-php-pecl-imagick php70-php-devel php70-php-mbstring

6.  Remove old symbolic link for PHP and create a new one for our PHP 7

rm /usr/bin/php
ln -s /usr/bin/php70 /usr/bin/php

7. Start the services again

service php70-php-fpm start
service httpd start

That’s it. You can now check if the installation is successful by doing another php -v command.

 

Enjoyed the content ? Share it with your friends !

CefSharp block popup windows

CefSharp block popup windows

Recently I had to use CefSharp for a project of mine and needed to block popup windows. There are not a lot of up-to-date answers or solutions for issues pertaining to CefSharp, so I thought I should just share mine.

You will need to implement your own class which inherits or extends the ILifeSpanHandler interface

public class BrowserLifeSpanHandler : ILifeSpanHandler
 {
     public bool OnBeforePopup(IWebBrowser browserControl, IBrowser browser, IFrame frame, string targetUrl, string targetFrameName,
         WindowOpenDisposition targetDisposition, bool userGesture, IPopupFeatures popupFeatures, IWindowInfo windowInfo,
         IBrowserSettings browserSettings, ref bool noJavascriptAccess, out IWebBrowser newBrowser)
     {
         MessageBox.Show("Popup detected. Target url : " + targetUrl);
         newBrowser = null;
         return true;
     }

     public void OnAfterCreated(IWebBrowser browserControl, IBrowser browser)
     {
         //
     }

     public bool DoClose(IWebBrowser browserControl, IBrowser browser)
     {
         return false;
     }

     public void OnBeforeClose(IWebBrowser browserControl, IBrowser browser)
     {
         //nothing
     }
 }

And in your browser instance, set the LifeSpanHandler member to your own handler

BrowserLifeSpanHandler blsh = new BrowserLifeSpanHandler();
browser.LifeSpanHandler = blsh;

 

Enjoyed the content ? Share it with your friends !

CefSharp handle alerts, confirms, and prompts

CefSharp Handle alerts, confirms, and prompts

I recently needed to make use of CefSharp library to implement my own Chrome-based browser and had to hook or handle javascript alerts, confirms and prompts. This was how I did it, in case any of you find yourself needing it.

You will need to implement your own class which extends the IJsDialogHandler interface

public class JsHandler : IJsDialogHandler
{
    public void OnDialogClosed(IWebBrowser browserControl, IBrowser browser)
    {
        throw new NotImplementedException();
    }

    public bool OnJSAlert(IWebBrowser browser, string url, string message)
    {
        MessageBox.Show("Alert Detected. Url : " + url + " \n message : " + message);
        return false;
    }

    public bool OnJSBeforeUnload(IWebBrowser browserControl, IBrowser browser, string message, bool isReload, IJsDialogCallback callback)
    {
        throw new NotImplementedException();
    }

    public bool OnJSConfirm(IWebBrowser browser, string url, string message, out bool retval)
    {
        MessageBox.Show("Confirm Detected. Url : " + url + " \n message : " + message);
        retval = false;
        return false;
    }

    public bool OnJSDialog(IWebBrowser browserControl, IBrowser browser, string originUrl, CefJsDialogType dialogType, string messageText, string defaultPromptText, IJsDialogCallback callback, ref bool suppressMessage)
    {
        throw new NotImplementedException();
    }

    public bool OnJSPrompt(IWebBrowser browser, string url, string message, string defaultValue, out bool retval, out string result)
    {
        MessageBox.Show("Prompt Detected. Url : " + url + " \n message : " + message);
        retval = false;
        result = "";
        return false;
    }

    public void OnResetDialogState(IWebBrowser browserControl, IBrowser browser)
    {
        throw new NotImplementedException();
    }
}

And then in your ChromiumWebBrowser instance,

JsHandler jh = new JsHandler();
browser.JsDialogHandler = jh;

 

 

Enjoyed the content ? Share it with your friends !

Win32 Reverse Engineering Tutorial 1 Continued

Win32 Reverse Engineering Tutorial 2

Prerequisites :
Assembly (at least the basics)
– Programming background (at least the basics)

Tools needed :
– ollydbg (download here)

Files :
ReTutorial1.exe (94 downloads) (virustotal here) (sha1 : 3e9bb52e42550e9f180877ef861864d49d0f499d)

note: the file for this tutorial as the earlier part

At the end of this tutorial, you should be able to/have
1. Analyze assembly code and program flow/logic
2. Analyze program flow/logic and make simple modifications
3. Brief interactions with ollydbg software

 

In the earlier part of tutorial 1, you should have been able to get or ‘crack’ the password of the program by looking at the strings through ollydbg. Now, we will attempt to achieve the same result but with a different method (not using the password)

 

Lets get going. Load up the same .exe into ollydbg and you will see a screen similar to the one below

ReTutorial1Cont_Img1

Like we have done in the earlier part of this tutorial, lets search for all referenced string again (refer back to previous post if you don’t know how).

Click on the string that says niraeth-retutorial1 which is the password and you will be bring to a screen like this

Now, we will have to analyze the assembly codes to see how or what we should modify in order to get the Congratulations ! message

We know that a string comparison is being done in the code, but do you know how a string comparison is usually done internally? Take a look at a common implementation of the strcmp below.

int strcmp(const char* s1, const char* s2)
{
    while(*s1 && (*s1 == *s2))
    {
        s1++;
        s2++;
    }
    return *(const unsigned char*)s1 - *(const unsigned char*)s2;
}

The main thing to take note is the *s1 == *s2 and s1++; s2++; . In any kind of comparison, there will always be some sort of comparison operator (== in this case) and a increment or decrement. So as we look at the assembly codes, we will want to keep a watch for the 2 things i have mentioned above. Note that sometimes, the generated code may be different what you expect it to be due to optimizations by the compiler. However, some, if not most part of it should be the same.

If you look at the right column of the assembly codes, you will see some comments i have left there to help you understand better as you read this tutorial.

Take sometime to try and understand the assembly codes and use my comments if necessary. How similar does it look to the strcmp implementation given above? If you wish to take it a step further, try to convert the assembly code into a high-level programming language like C !

Now, i will take some time to explain my thought process as i look at the assembly codes.

Firstly, notice that there are two set of commands that are extremely similar. It starts with a mov, then a cmp, then a jnz . This most likely means that the jnz must be a jump taken when the strings are NOT equal. Why do I say so? Because the loop can only end when
1. String is not equal
2.We reached the end of the string( loop index==strlen(string)+1)

So if the bytes compared were equal, there probably isn’t a need to jump out. The loop should continue on till we detect that we reached the end of the string. Now if you recall how the cmp and jnz operands work, it will be like this

cmp dl, BYTE PTR DS:[ECX] // if dl == byte ptr ds:[ecx], set ZF flag=1
jnz <address>             // jump if ZF is NOT set(when ZF=0)

Now you can take some time to understand or analyze the other minor details of the code, but if you wish to have a reference, refer to my explanation below (the address are based on the image above)

0x00171160:                 // start of loop
  // if( *s1 != s2 )
  // goto 0x00171180;
  MOV DL, BYTE PTR DS:[ECX] 
  CMP DL, BYTE PTR DS:[EAX]
  JNZ SHORT ReTutori.00171180

  // if( *s1 == '\0' )
  // goto 0x0017117C;
  TEST DL, DL
  JE SHORT ReTutori.0017117C

  // if( *(s1+1) != *(s2+1) )
  // goto 0x00171180
  MOV DL, BYTE PTR DS:[ECX+1]
  CMP DL, BYTE PTR DS:[EAX+1]
  JNZ SHORT ReTutori.00171180

  // s1 += 2;
  // s2 += 2;
  ADD ECX,2
  ADD EAX,2

  // if ( *s1 != '\0' )
  // continue;                // loop again
  TEST DL, DL
  JNZ SHORT ReTutori.00171160

  // if code reaches here, it means strings are equal
  // return 0;
0x0017117C:
  XOR EAX, EAX
  JMP SHORT ReTutori.00171185 // goes to the congratulations message

0x00171180:
  // if code reaches here, it means strings are not equal.
  SBB EAX, EAX
  OR EAX, 1
  TEST EAX, EAX
  JNZ SHORT ReTutori.001711AC // goes further down to 'Wrong Message!'

Now if you look at the code above, at the end, the address 0x00171180, it shows that the jnz jumps to a code which outputs the ‘Wrong Message !…’. This means that we definitely do not want our code to be jumping there. To prevent it from jumping there, right click the line that jnz is on, click on ‘Binary’ -> ‘Fill with NOPs’ . Refer to the image below if necessary

After you do so, the line that jnz is on should now change to look like this

Now, lets run the program and see if its working as expected. Click on the blue arrow icon at the top menu bar of ollydbg as shown below

And… you will see that the program outputs Congratulations !

 

CONCLUSION

With this part of the tutorial, you have experienced doing simple analysis on assembly codes with the help of cross referencing the same implementation in a higher level language (strcmp implementation) and do some manipulation to how the program branches (nop-ing the jnz line).

Enjoyed the content ? Share it with your friends !