I'm attempting to update a password via a portlet in Quercus using java libraries. Here is some of the code that I'm using:
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.SearchControls;
import javax.sql.DataSource;
import java.util.Hashtable;
$uname = isset($_POST['uname'])?$_POST['uname']:'';
$pass1 = isset($_POST['pass1'])?$_POST['pass1']:'';
//connecto to LDAP
$ldapADURL = "ldaps://poplar.example.edu:636";
$ldapEnv = new HashTable();
$ldapEnv->put("java.naming.factory.initial","com.sun.jndi.ldap.LdapCtxFactory");
$ldapEnv->put("java.naming.provider.url", $ldapADURL);
$ldapEnv->put("java.naming.security.protocal", "ssl");
$ldapEnv->put("java.naming.referral", "follow");
$ldapEnv->put("java.naming.security.authentication", "simple");
$ldapEnv->put("java.naming.security.principal", "ADUser");
$ldapEnv->put("java.naming.security.credentials", "P#ssw0rd");
$ADCtx = new InitialDirContext($ldapEnv);
//query the vault for our user
$ctlsAD = new SearchControls();
$attribsAD = array("sAMAccountName","DN","title","extensionAttribute14","extensionAttribute8","cn");
$ctlsAD->setReturningAttributes($attribsAD);
$ctlsAD->setSearchScope(2);
$filter="(sAMAccountName=" . $uname . ")";
$resultAD=$ADCtx->search("DC=conncoll,DC=edu",$filter,$ctlsAD);
if ($resultAD->hasMore()) {
$item = $resultAD->next();
$resultADAttribs = $item->getAttributes();
$rsTitle = str_replace("title: ","",$resultADAttribs->get("title"));
$rsAttrib14 = str_replace("extensionAttribute14: ","",$resultADAttribs->get("extensionAttribute14"));
$rsAttrib8 = str_replace("extensionAttribute8: ","",$resultADAttribs->get("extensionAttribute8"));
$rsUname = str_replace("sAMAccountName: ","",$resultADAttribs->get("sAMAccountName"));
$rsDN = str_replace("dn: ","",$resultADAttribs->get("DN"));
}
echo ( '<br />' . $rsTitle . '<br />' . $rsAttrib14 . '<br />' . $rsAttrib8 . '<br />' . $rsUname . '<br />' . $rsDN . '<br />');
if (isset($rsUname)/*ccLDAPCheckUser($uname)*/){
$ADCtx->addToEnvironment("java.naming.security.principal","OtherADUser");
$ADCtx->addToEnvironment("java.naming.security.credentials","0therP#ssw0rd");
//$resultAD2 = $ADCtx->search("DC=conncoll,DC=edu",$filter,$ctlsAD);
$pass2 = "\"" . $pass1 . "\"";
$newPass = mb_convert_encoding($pass2, "UTF-16LE");
$ADNewPass = new BasicAttribute("userpassword",$newPass);
$ADNewAttrib8 = new BasicAttribute("extensionAttribute8",$rsAttrib8);
$ADAttributes = new BasicAttributes();
$ADAttributes->put($ADNewPass);
$ADAttributes->put($ADNewAttrib8);
$ADCtx->modifyAttributes("sAMAccountName=" . $rsUname,2,$ADAttributes);
}
After running this code I get the following error from the LDAP server:
javax.naming.directory.InitialDirContext.modifyAttributes: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0 ]
So I'm wondering several things. The first is if I have the syntax of the modifyAttributes function call correct. I've tried it with dc=example,dc=edu tacked on to the query string to no success. The first query returns results correctly so I'm sure that I'm getting connected to the AD server and I've had someone verify that the JVM executing the code has a valid up-to-date certificate in its store.
The error makes me believe that I need the exact location specified for the object I'm attempting to update, which I don't have.
Thanks for your thoughts on the issue!
So I found part of my answer with getting the DN and using that instead of the sAMAccountName to issue a password reset.
I set $rsDN as follows:
$rsDN = $item->getNameInNamespace();
and issue the call to change the password as such:
$ADCtx->modifyAttributes($rsDN,2,$ADAttributes);
Now of course I'm getting SSL errors but I'm at least hitting the correct object with the update.
Related
The ANDROID_ID is unique in each application in Android.
To get the ANDROID_ID with Java inside Android I amd using this code:
import android.content.Context;
import android.content.ContentResolver;
import android.provider.Settings;
protected void onCreate(...) {
context = (Context)this;
String androidId = Settings.Secure.getString((ContentResolver)context.getContentResolver(), (String)"android_id");
}
But I want to run it inside some other application on my andoird phone.
I wanted to use Frida for this.
I am loading my injected script with Python:
import frida
device = frida.get_usb_device()
pid = device.spawn(["com.target.app"])
device.resume(pid)
time.sleep(1) #Without it Java.perform silently fails
session = device.attach(pid)
script = session.create_script(open("jsfrida.js").read())
script.load()
#prevent the python script from terminating
raw_input()
But inside my script I don't understand how to call it, this is what I tried:
Java.perform(function (){
console.log("Inside java perform function");
var ActivityThread = Java.use('android.app.ActivityThread');
var Context = Java.use('android.content.Context');
var settings = Java.use('android.provider.Settings.Secure');
var ctx = Java.cast(ActivityThread.currentApplication().getApplicationContext(), Context);
//console.log(ctx.getPackageName());
//console.log(ctx.getContentResolver());
var androidId = settings.Secure.getString(ctx.getContentResolver(), "android_id");
console.log(androidId);
console.log("END");
});
But it doesn't print the androidId, it only prints:
Script loaded successfully
Inside java perform function
Secure is inner class so you need to use $
inner classes will be compiled to ClassName$InnerClassName
To get CotentResolver you can invoke getContentResolver without casting.
$ frida -Uf com.app.example --no-pause
____
/ _ | Frida 12.1.2 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at http://www.frida.re/docs/home/
Spawned `com.app.example`. Resuming main thread!
[Android::com.app.example]->
function getContext() {
return Java.use('android.app.ActivityThread').currentApplication().getApplicationContext().getContentResolver();
}
function logAndroidId() {
console.log('[?]', Java.use('android.provider.Settings$Secure').getString(getContext(), 'android_id'));
}
undefined
[Android::com.app.example]-> Java.perform(logAndroidId)
[?] 52d1497b52bf8a11
undefined
[Android::com.app.example]->
Below is the fully functioning code. It works when I call it via the browser. However, I can't get my Cron job to run it. I have tried coming up with any solution and am open to any ideas that will make this script fire off once every hour 24/7 365 so to speak.
Info:
Hostgator
PHP 5.4
Link for Hostgator Cron commands: http://support.hostgator.com/articles/cpanel/what-do-i-put-for-the-cron-job-command?utm_source=cPanel&utm_medium=message&utm_campaign=Cron%20Jobs
I have tried the following:
When doing any of these I have yet to have it add a sale to the database or send a single email:
/opt/php54/bin/php /home1/user/public_html/Sales/scripts/sales-notif_em.php - Could not open input file: /home1/user/public_html/scripts/sales-notif_em.php
php /home1/user/public_html/Sales/scripts/sales-notif_em.php - blank email with nothing but this showing: Content-type: text/html
php -q /home1/lotscav1/public_html/Sales/scripts/sales_notif_em.php - I don't get any emails from the system of course
/usr/bin/curl home1/user/public_html/scripts/sales-notif_em.php - curl: (3) malformed
any command (like php or /usr/bin/curl) that has the second half with http://website.c0m/Sales/scripts/sales_notif_em.php - causes a JSON Error when trying to add the Cron job
I have checked the following things:
File permissions are 655
Timestamp is less than an hour old under the customers table
Here is my code:
<?php
//find out current time and 1 hour ago
date_default_timezone_set('America/New_York');
$current_time = strtotime("now");
$hour_ago = strtotime('-1 hour');
//////////////////////////////////////////////////////////////////
/////////////////l// Connect to Sales Database ///////////////////
//////////////////////////////////////////////////////////////////
$mysqli_s = new mysqli("localhost", "user", "password",
"server_sales_data");
if ($mysqli_s->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli_s->connect_errno . ")
" . $mysqli_s->connect_error;
}
//////////////////////////////////////////////////////////////////
///////////////////// Connect to EM Database ////////////////////
//////////////////////////////////////////////////////////////////
$mysqli_em = new mysqli("localhost", "user", "password",
"server_dlgEM");
if ($mysqli_em->connect_errno) {
echo "Failed to connect to MySQL_EM: (" . $mysqli_em->connect_errno .
") " . $mysqli_em->connect_error;
}
//Grab store name
$dlg_store = "EM";
$em_request = "SELECT * FROM customers WHERE date BETWEEN '$hour_ago'
AND '$current_time'";
$em_result = mysqli_query($mysqli_em, $em_request) or die("Error No
Sales EM");
while ($em_row = mysqli_fetch_array($em_result)) {
$em_prod_num = $em_row["prod_num"];
$em_receipt = $em_row["receipt"];
//////////////////////////////////////////////////////////////////
///////////////////// Grab info for EM Sales ////////////////////
//////////////////////////////////////////////////////////////////
$request_s = "SELECT * FROM all_products WHERE
dlgprod_num='$em_prod_num' AND dlg_store='$dlg_store'";
$result_s = mysqli_query($mysqli_s, $request_s) or die("Error dlg
prod num EM");
while ($row_s = mysqli_fetch_array($result_s)) {
$sku_s = $row_s["sku"];
$dlgprod_num_s = $row_s["dlgprod_num"];
$book_title_s = addslashes($row_s["book_title"]);
$dlgprod_price_s = $row_s["dlgprod_price"];
$author_name_s = addslashes($row_s["author_name"]);
$author_email_s = $row_s["author_email"];
$publisher_s = $row_s["publisher"];
$dlg_store_s = $row_s["dlg_store"];
$add_sql_s = "INSERT INTO all_author_sales SET
`sku`='$sku_s',
`dlgprod_num`='$dlgprod_num_s',
`dlgprod_nam`='$book_title_s',
`dlgprod_price`='$dlgprod_price_s',
`author_name`='$author_name_s',
`author_email`='$author_email_s',
`publisher`='$publisher_s',
`dlg_store`='$dlg_store_s',
`dlgcustomer_receipt`='$em_receipt' ";
//create signature
$sig = "The Admin Team at www.website.com";
//to
$admin_email = "admin#website.com";
$to = array($author_email_s, $admin_email);
//setup email headers
$headers='From: ' . $admin_email . "\r\n" .
'Reply-To: ' . $admin_email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$headers .= $emailbody."\n\n";
//email subject and body
$subject = "Your book stats";
$message = "
Hi $author_name_s,<br />
I just wanted to send you a message and let you know that the book or
books below have just been purchased.<br /><br />
Store: $dlg_store_s<br />
Receipt: $em_receipt<br />
Sku Number: $sku_s<br /><br />
Book Title: $book_title_s<br />
Publisher: $publisher_s<br />
Product Number: $dlgprod_num_s<br />
Price: $dlgprod_price_s<br /><br />
Sincerely,<br />
$sig<br /><br />
To remove yourself from this notification, please send an email to
$admin_email with Unsubscribe in the subject line.
";
if ($mysqli_s->multi_query($add_sql_s) === TRUE) {
mail (implode(',', $to), $subject, $message, $headers);
} else {
echo "Error: " . $add_sql_s . "<br>" . $mysqli_s-
>error . "<br>" . $string;
}
}
}
?>
My bet is with wrong path to the php file you want to execute.
Try using terminal if you can, navigate to the folder where the file is placed and try running it from there via command line.
Also mind You are refering to two different names: sales-notif_em.php & sales-notif_me.php.
(Posted on behalf of the OP).
Thank you for all your help. I made a custom product with my email as the author for testing purposes. In the customers table I inserted products 111111 and 111110. However, in all_products I gave products 11111111 and 11111110. tHE end result is I made a mistake.
I hope you are able to learn something from this event. Knowledge is more important than my ego. Thank you!
I am working on a JavaFx project connected to Documentum data storage . And I am trying to configure how to move a file (lets call it file1) placed in a folder (lets call it Folder1) into another folder (lets call it Folder2) . It's worth mentioning that both of the Folders are in the same cabinet . I have implemented the following class :
package application;
import com.documentum.com.DfClientX;
import com.documentum.com.IDfClientX;
import com.documentum.fc.client.DfClient;
import com.documentum.fc.client.IDfDocument;
import com.documentum.fc.client.IDfFolder;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.common.DfException;
import com.documentum.fc.common.DfId;
import com.documentum.operations.IDfMoveNode;
import com.documentum.operations.IDfMoveOperation;
public class Migrate {
public Migrate(){}
public String move ( IDfSession mySession,String docId, String destination){
String str ="";
try{
IDfClientX clientx = new DfClientX();
IDfMoveOperation mo = clientx . getMoveOperation();
IDfFolder destinationDirectory = mySession . getFolderByPath(destination);
//Here is the line that causes error
mo.setDestinationFolderId(destinationDirectory . getObjectId());
IDfDocument doc = (IDfDocument) mySession . getObject(new DfId(docId));
IDfMoveNode node = (IDfMoveNode)mo.add(doc);
if (mo.execute()) {
str= "Move operation successful . ";
}
else {
str = "Move operation failed . ";
}
}catch(DfException e){
System.out.println(e.getLocalizedMessage());
}
return str;
}
}
instead of docId I am passing through the r_object_id of the file I am wishing to be moved but I get the following error :
com.documentum.fc.client.DfFolder___PROXY cannot be cast to
com.documentum.fc.client.IDfDocument
Does any one know where my mistake is ? Or where am I doing it wrong ?
It's obvious, in line
IDfDocument doc = (IDfDocument) mySession . getObject(new DfId(docId));
the docId parameter represents folder object, not the document object. Do the type check first to be sure and than use either IDfFolder or IDfDocument. If you're sure that you're moving folder to another folder than just change IDfDocument -> IDfFolder.
I have configured ADDC on windows server 2012 R2 and I have added two users into DC - one is windows 8 and another one is ubuntu.
Windows server 2012 username - DC
Windows 8.1 username - Win
Ubuntu username - Linux
I am trying to achieve this - I want to write java program in ubuntu, that will connect to ADDC and sends back, detailed user information on windows 8.1
My program is like -
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class LdapSearch {
public static void main(String[] args) throws Exception {
Hashtable env = new Hashtable();
String sp = "com.sun.jndi.ldap.LdapCtxFactory";
env.put(Context.INITIAL_CONTEXT_FACTORY, sp);
String ldapUrl = "ldap://server.com, dc=com";
env.put(Context.PROVIDER_URL, ldapUrl);
DirContext dctx = new InitialDirContext(env);
String base = "ou=name";
SearchControls sc = new SearchControls();
String[] attributeFilter = { "cn", "mail" };
sc.setReturningAttributes(attributeFilter);
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(sn=W*)(l=Criteria*))";
NamingEnumeration results = dctx.search(base, filter, sc);
while (results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
Attributes attrs = sr.getAttributes();
Attribute attr = attrs.get("cn");
System.out.print(attr.get() + ": ");
attr = attrs.get("mail");
System.out.println(attr.get());
}
dctx.close();
}
I am referring to above program and trying to achieve connection to AD through LDAP java. I dont know how to get ou, cn, etc.. I am very much new to the concepts of LDAP, ADDC.
Any idea on this? Please let me know.
Thanks,
saurabh
I've done a similar scenario in C# so am not sure about the connection settings in Java but as for similarities you should create a directory entry for the LDAP and provide the path, user name and password of authorized user who can access the active directory, i didnt provide DC in the path just the LDAP path and then the query filter parameters that searched based upon user first name was
Filter = "(& (SAMAccountName=" + name + ") (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ))";
then it would provide you with an result in an arraylist like object so you would query the rest of information you like by just providing the attribute name, you would find a list of LDAP attributes here
LDAP attributes
I want to fetch the app category from play store through its unique identifier i.e. package name, I am using the following code but does not return any data. I also tried to use this AppsRequest.newBuilder().setAppId(query) still no help.
Thanks.
String AndroidId = "dead000beef";
MarketSession session = new MarketSession();
session.login("email", "passwd");
session.getContext().setAndroidId(AndroidId);
String query = "package:com.king.candycrushsaga";
AppsRequest appsRequest = AppsRequest.newBuilder().setQuery(query).setStartIndex(0)
.setEntriesCount(10).setWithExtendedInfo(true).build();
session.append(appsRequest, new Callback<AppsResponse>() {
#Override
public void onResult(ResponseContext context, AppsResponse response) {
String response1 = response.toString();
Log.e("reponse", response1);
}
});
session.flush();
Use this script:
######## Fetch App names and genre of apps from playstore url, using pakage names #############
"""
Reuirements for running this script:
1. requests library
Note: Run this command to avoid insecureplatform warning pip install --upgrade ndg-httpsclient
2. bs4
pip install requests
pip install bs4
"""
import requests
import csv
from bs4 import BeautifulSoup
# url to be used for package
APP_LINK = "https://play.google.com/store/apps/details?id="
output_list = []; input_list = []
# get input file path
print "Need input CSV file (absolute) path \nEnsure csv is of format: <package_name>, <id>\n\nEnter Path:"
input_file_path = str(raw_input())
# store package names and ids in list of tuples
with open(input_file_path, 'rb') as csvfile:
for line in csvfile.readlines():
(p, i) = line.strip().split(',')
input_list.append((p, i))
print "\n\nSit back and relax, this might take a while!\n\n"
for package in input_list:
# generate url, get html
url = APP_LINK + package[0]
r = requests.get(url)
if not (r.status_code==404):
data = r.text
soup = BeautifulSoup(data, 'html.parser')
# parse result
x = ""; y = "";
try:
x = soup.find('div', {'class': 'id-app-title'})
x = x.text
except:
print "Package name not found for: %s" %package[0]
try:
y = soup.find('span', {'itemprop': 'genre'})
y = y.text
except:
print "ID not found for: %s" %package[0]
output_list.append([x,y])
else:
print "App not found: %s" %package[0]
# write to csv file
with open('results.csv', 'w') as fp:
a = csv.writer(fp, delimiter=",")
a.writerows(output_list)
This is what i did, best and easy solution
https://androidquery.appspot.com/api/market?app=your.unique.package.name
Or otherwise you can get source html and get the string out of it ...
https://play.google.com/store/apps/details?id=your.unique.package.name
Get this string out of it - use split or substring methods
<span itemprop="genre">Sports</span>
In this case sports is your category
use android-market-api it will gives all information of application