Archive for August, 2011

Rebuilding Spotlight’s Index on OS X (Manually)

August 20th, 2011 1 comment

After doing a number of disk clean up and optimizations, I found myself in the circumstance of OS X’s spotlight returning no results. Whether I searched for a keyword in Mail, or by Spotlight using Command-Space, I got no results backs – just an empty list for my troubles.

It turns out there’s a neat utility out there called Rebuild Spotlight Index 2.7 that does all the grunt work for you. Problem is, it didn’t work for me. What’s going on is actually fairly trivial, and it’s possible to simply do everything via the command line.

The metadata utilities need to run as root, so to see what your drive is up to, you’d enter something like: sudo mdutil -s /

This shows the status on the root volume.

To turn indexing on for a volume, you enter: sudo mdutil -i on /

And, to force Spotlight to rebuild its index, you simply erase the master copy of the metadata stores on the volume like this: sudo mdutil -E /

However, while I did all this, Spotlight was still not building the indexed for me.

Here’s how I solved it, using just the Terminal.

First, I wanted to see the schema file, so I printed it out using to the standard input using: sudo mdimport -X

At the bottom of the schema listing, I say a reference to a schemaLocation, and took a shot in the dark that perhaps that Spotlight’s index rebuilding needed to check data against its schema before it would start. To do that, it might need network access, if not back to the local machine. And, for good measure, I went to check the date/timestamp on the Spotlight directory using:sudo ls -la /.Spotlight*

While most of the files had the timestamp of when I tried to delete the index, not all the files had the current date and time. Additionally, the file sizes were not growing, a good indication the index was not being rebuilt.

Then, I did the following commands to ensure indexing was on, the spotlight metastore was really gone, and that I wanted it rebuilt:

sudo mdutil -i on /

rm -rf /.Spotlight*

sudo mdutil -E /

The moment I did the last command, this time the system sprung to life, the directory /.Spotlight-V100 was created, and the files inside it were growing quickly. Spotlight on the toolbar showed a progress bar, indicating the system would be done indexing in a bit.

Disable Spotlight Indexing in Mac OS 10.6 – Snow Leopard

August 20th, 2011 No comments

Disabling Spotlight in Snow Leopard is pretty easy, launch the Terminal and type the following command:

sudo mdutil -a -i off

This tells the Spotlight manager to disable all indexing on all volumes, the command will require your administrative password to execute.

Re-enabling Spotlight in Mac OS X 10.6 Snow Leopard is just as easy, just reverse the command to:

sudo mdutil -a -i on

Now Spotlight indexing will be back on and work as usual.

Setting up proxy for apps in android emulator

August 16th, 2011 3 comments

Proxy for Android apps not working even after u tried all proxy settings in emulator? Is your android proxy setting only working for browser not for apps in emulator?

In some of the previous posts( we saw how to setup a proxy for android emulator using settings available in emulator itself. The problem with that approach is that it works only for the browser, it does not work with the apps installed inside the emulator. As I couldn’t find any solution for this problem in android emulator I thought of finding a work around to perform this task. One workaround I found is that we should use the base machine itself to capture the packets which emulator (the apps in emulator) is sending.

We can use many network analyzer tools like wireshark etc to capture and analyze the packets but using these tools you can only capture the packets, there is no option to tamper the packets at runtime. If there is a requirement in which you just have to capture the packets and analyze them wireshark will suffice the needs. But if you want to tamper the request and response(which we normally do using Paros/fiddler in web applications) you need to have a tool which can capture network packets and has a capability to intercept and tamper them.

Read more…

Binary-auditing training package – Manual decompilation, Exercise 8

August 13th, 2011 No comments
This problem statement is part of binary-auditing package. This needs
to be converted to HLL

Problem:(Assembly code)

sub_408138 proc near
000 push ebx
004 push esi
008 mov esi, edx
008 dec esi
008 test esi, esi
008 jl short loc_40816F
008 inc esi
008 xor edx, edx
008 mov dl, [eax]
008 xor ebx, ebx
008 mov bl, cl
008 add edx, ebx
008 test edx, edx
008 jge short loc_40815B
008 mov ebx, 100h
008 sub ebx, edx
008 mov edx, ebx
008 jmp short loc_408169
008 cmp edx, 100h
008 jle short loc_408169
008 sub edx, 100h
008 mov [eax], dl
008 inc eax
008 dec esi
008 jnz short loc_408142
008 pop esi
004 pop ebx
000 retn
sub_408138 endp

Pseudo/High Level code:
var_esi = var_edx;
var_esi -- ;

if(var_esi >=0)

LOWER byte of EDX=*var_eax;  //EAX supplied from outside

LOWER byte of EBX=LOWER byte of ECX;  //ECX supplied from outside


var_ebx=100h;   //256

*var_eax=LOWER byte of EDX

Installation and Configuration of DHCP Server in Active Directory Domain

August 12th, 2011 No comments


Installing the DHCP Service

You can install DHCP either during or after the initial installation of Windows 2003 Server or Advanced Server, although there must be a working DNS in the environment. To validate your DNS server, click Start, click Run, type cmd, press ENTER, type ping friendly name of an existing DNS server in your environment, and then press ENTER. An unsuccessful reply generates an “Unknown Host My DNS server name” message.
Read more…

binary-auditing RCE exercise

August 11th, 2011 1 comment
As a part of learning reverse engineering and enhancing RCE skills, I was going through binary-auditing tutorials. This is manual decompilation exercise 7.

Problem: This is the code to be analysed:

proc near
000 push ebx
004 push esi
008 xor ebx, ebx
008 mov [eax], ebx
008 mov ebx, ecx
008 dec ebx
008 test ebx, ebx
008 jl short loc_408135
008 inc ebx
008 mov ecx, [eax]
008 shl ecx, 4
008 movzx esi, byte ptr [edx]
008 add ecx, esi
008 mov [eax], ecx
008 mov ecx, [eax]
008 and ecx, 0F0000000h
008 test ecx, ecx
008 jz short loc_40812D
008 mov esi, ecx
008 shr esi, 18h
008 xor [eax], esi
008 not ecx
008 and [eax], ecx
008 inc edx
008 dec ebx
008 jnz short loc_40810E
008 pop esi
004 pop ebx
000 retn
sub_408100 endp

Read more…

Categories: MalwareAnalysis Tags:

DNS Server Configuration

August 10th, 2011 No comments

Configure Distributed File System(DFS)

August 8th, 2011 2 comments

Setting up proxy for android emulator

August 8th, 2011 3 comments

Facing some issues in setting up a proxy from android emulator??

This article will tell you the steps you need to follow to set up the proxy for android applications using emulator.  For this you require three basic things i.e “Machine Connected to internet”,”Android SDK”,”Proxy Tools (Paros, Fiddler, Burpsuit etc)”. If we are ready with all these software, the first step is to setup the proxy server using any of these tools like paros, fiddler, burpsuit etc. I’ll show you how to do it with paros.

In paros go to Tool>>Options>>Local proxy and enter the address( for localhost) and port number(e.g. 8080) on which you want your proxy server should listen. Please refer to the screenshot below for the options page in paros.

Android Proxy Paros Settings

Android Proxy Paros Settings

Read more…

Active Directory Installation

August 3rd, 2011 3 comments

Switch to our mobile site