I'm happy to have learned how to use stored procedures(SP) and user-defined functions(UDF) recently. For a while now I have been using SELECT statements, but when I was asked to give a programmer the ability to call a query, I knew that a stored procedure would work better. A stored procedure lives on the SQL Server and can be called up over and over. Also, it allows different parameters to be used every time the SP is called.

EXEC sp_givemedata(param1,param2,param3)

In my case, I had a simple request to return the list of UniqueIDs from a table called Documents.

Operation completed successfullyThere are times when you find that the application logs are not helpful at all. This was one of those times.

Wikipedia describes THC-Hydra as "... software ... that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services." Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

I had a hard time installing THC-Hydra on Ubuntu. Here is how I finally did it.

First I installed dependencies.
sudo apt-get install build-essential libssl-dev libssh-dev libgtk2.0-dev libssh2-1-dev

Next, grab the Hydra source code.
wget -c http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz

Click here for original article

VMWare ESXi is a FREE bare-metal hypervisor that lacks the plethora of management tools found in the commercial version. That being the case, you can still find some powerful yet hidden features behind the command line. If you feel comfortable at the command line, VMWare ESXi will not disappoint you.

One of the hidden features is the act of cloning a virtual machine. This is one of the places virtual machines shine in comparison to the traditional act of building a server. You take the time to build parent VMs that are than cloned every time you need a new server. I loved the reaction I got from a developer who asked for a server and I delivered his IP Address and login within 15 minutes.

In VMWare ESXi, the documentation directs cloning to VMWare vCenter Server (formally called VMWare Virtual Center). Unfortunately for me, this costs money and I can't afford it. If you would like to clone virtual machine on an ESXi server without the help of vCenter here are the instructions to do so.

I tend to use the packet sniffer Wireshark here and there at work. I use it in its most basic form. I perform a capture without any capture filters. After completing the capture I use Display Filters to squeeze out the information I need. A simple list of examples can be found here:
http://wiki.wireshark.org/DisplayFilters

I mirrored the web page here as a bookmark for myself.
http://wiredbytes.com/external/DisplayFilters.htm

In my quest to upgrade ESXi 3.5 to 4.0, I found a few gotcha's. The first one was the fact that the Intel e100 drivers were no longer being supported. So I ran over to my local geek shop and picked up two Intel® PRO/1000 GT Desktop Adapters for $32 a pop ($27 on newegg.com).

My second dilemna occurred after installing the 4.0 VMWare vSphere client and attempting to upgrade with the before mentioned e100 adapters. I used the vSphere Update Utility unsuccessfully at first, but that somehow broke my connection from the vSphere client.

As of this post the current version of nmap in the ubuntu repositories is 4.76. Here are the steps I used to install the new version 5.0 on Ubuntu Jaunty 9.04.

sudo aptitude install build-essential
sudo apt-get install libssl-dev
mkdir src
cd src
wget -c http://nmap.org/dist/nmap-5.00.tar.bz2
bzip2 -cd nmap-5.00.tar.bz2 | tar xvf -
cd nmap-5.00/
./configure
make
sudo make install

To run go to Applications > Internet > Zenmap (as root).

I found a website (not listed) below that had the whole service manual for my car at no charge (normally about $300 US). The site gave me 74 links to PDF files! As excited as I was, I wasn't in the mood to click on 74 links. So I googled around and found the following one-liner.

wget `lynx -dump URL | grep .pdf$ | sed 's/[[:blank:]]\+[[:digit:]]\+\. //g'`
where URL is the URL where all the PDF files are.

11 seconds later I had all 74 PDF files. Cheers!

Click here for reference article.

I have a customer that gives me access to their email servers via Citrix and Outlook Web Access (OWA) (http://mail.domain.com/exchange). They expect me to check email all day so I found myself checking email 100 times a day via Citrix and it was becoming annoying. I have a blackberry and I wanted to use it to receive emails as they arrive. I found myself logging on to the Outlook Mobile Access website (http://mail.domain.com/oma) but that was very slow and buggy. I also tried forwarding all the email using a rule but that had the bad effect of forwarding EVERY email to my blackberry; I get about 200 emails from monitoring applications a day that get routed to folders using Outlook rules. Also, forwarding emails outside of the organization is against company policy and any Exchange administrator could see my forwarding rule.

I finally found my answer reading Paul Nicholls' blog where he bypassed his schools anti-forwarding policy.

Finds all files over 20,000KB (roughly 20MB) in size and presents their names and size in a human readable format:

find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'