How Google Search Works – Trillions of Questions, No Easy Answers: A Home Video by Google

How Google Search Works at a High Level

I’m sharing this video for anyone interested in how Google Search works from a 20,000 foot view.

This video details,how we go from typing a search in the search box in your browser to the actual operations side of how to store, index and retrieve the most relevant information, in some cases, near real-time. This is what has made Google the giant they are today.

Video: Trillions of Questions, No Easy Answers

I sincerely hope, that this information has helped you on your journey to better understand the internet and more specifically, how Google Search works.

Regards,
Cyber Abyss

C# Error: The type or namespace name ‘List’ could not be found (are you missing a using directive or an assembly reference?)

OMG are your Kidding Me!

OK, I just spent an hour on this thing while trying to get started on another Tim Corey C# Developer tutorial for creating Microsoft Excel files.

When creating a custom model/object for your C# project and try to use it to build a List that made of that custom object type, you’ll be greeted with an error.

C# Error CS0246: The type or namespace name ‘List<>’ could not be found

Error: The type or namespace name ‘List’ could not be found (are you missing a using directive or an assembly reference?) 

Error seen when creating a List of custom objects without using including the using generics statement.

The missing element is a reference to using System.Collections.Generic

Code Example

using OfficeOpenXml;
using System;
using System.IO;
using System.Collections.Generic;


namespace ExcelDemo
{
    class Program
    {
        static void Main(string[] args)
        {
            //Set the EPPlus license context to nonCommercial so we can play with it :-)
            ExcelPackage.LicenseContext = LicenseContext.NonCommercial;
            var file = new FileInfo(@"c:\scripts\demo.xlsx");
        }

     static List<PersonModel> GetSetupData() 
        {
            List<PersonModel> output = new()
            {
                new() { Id = 1, FirstName= "rick", LastName = "cable" },
                new() { Id = 2, FirstName="bob",LastName= "marley" },
                new() { Id = 3, FirstName="willie",LastName= "nelson" }
            };

            return output;
        }
    }
}

References

As always, give credit where credit is due. In this case, a big thank you to David Morton for the post on the Microsoft Visual Studio forums.

I hope this blog post helps somebody!

Cyber Abyss!

How to Run VBScript, 3 Ways to Run a VBScript?

I’ve been using VBScript for many years. Below, I share the 3 different ways you can run VBScript on a Windows PC including running VBSCript as an Administrator.

3 Methods of Running VBScripts

  1. Run VBSCript in Windows Explorer
  2. Run VBScript from Windows Command Line
  3. Run VBScript as a Windows Administrator

For more VBScript info, try these excellent VBScript resources:

1. Run VBScript in Windows Explorer

  • Locate the VBScript file using Windows Explorer or place a copy on your Desktop
  • Identify VBScript files by the .vbs file extension
VBScript files in Windows Explorer
  • Double click the VBScript file.
  • You may or may not see anything depending on the program design.
  • To check to see if VBScript is running.
  • Run Windows task Keys Ctrl+Shift+Esc then sort by Image Name. Look for “wscript.exe”.
  • To kill a VBScript process, right click over “wscript.exe” and select “end process”.
  • You may see more than one “wscript.exe” on the task manager list as it can be run multiple times and new instances will execute.

2. Run VBScript from Windows Command Line

  • Click Windows Start
  • Open Command Window by Typing “CMD” and hit Enter
CMD exe from Windows Start Menu
  • Enter the full file path at the Command Line and hit Enter

3. Run a VBScript as a Windows Administrator

To run a VBScript as a Windows Admin:

  • Create a Windows Batch File that uses WScript.exe to open the .vbs file (See example below)
  • Run Windows Batch file as Admin and Admin Rights pass thru to the VBScript

Example Windows Batch File

Save the file below with a .cmd file extension. Then right click on it and select “Run as Admin”. Admin rights will be passed on to the VBScript

@echo off
pushd %~dp0
C:\Windows\System32\WScript.exe "My_VBScript.vbs"

How to Concatenate a String using VBScript

How to Concatenate a String Value in VBScript

To concatenate string values using VBScript we use the ampersand (&) character to piece together our composite string value.

Code Example:

Srting1 = "Word 1"
String2 = "Word 2"
String3 = String1 & String2
or 
String3 = "Word 1" & "Word 2"
msgbox(String3)

The output value would be “Word 1 Word 2”.

If you’re more familiar with JavaScript, you might be used to concatenating strings using the plus character (+).

In VBScript you can only use the + operator on numeric values.

How to Submit a Free Advertisement on Findit Classifieds – Free Local Classified Advertising

Findit Classifieds / Free Local Advertising

Findit Classifieds is a free local classified advertising platform built by me, in my spare time, over the last 23 years.

I started the website with my brother, Richard, back in 1997. Sadly, my brother past from cancer only 2 years in to the project and never got to see a completed product.

The last 4 years have been spent securing the server, completing the mobile first re-design and a basic implementation of the internal messaging system. All of this while taking on a new role as a senior developer at a start-up. It was insane!

January, 2021, marks the point where I can finally say I’ve completed the MVP or Minimum Viable Product of Findit Classifieds. At this point, it is time to scale the application and see what comes next. Build it to run and compete on the open market or sell out to investors or competitors?

Now that we have the MVP, I can show you how to register and submit free advertisements on one of the most secure classified advertising systems ever built.

The Metro Area Interface

The Metro Area interface is a custom framework I designed just for Findit Classifieds. It is based on public vs private information and levels of trust around what you share and with who with a focus on selling items and services locally.

The Metro interface has two implementations. Public URLs via subdomains. A good example of a public metro area is houston.finditclassifieds.com.

All advertisements in the Houston, Texas Metro area are publicly available to search engines and people via the public Metro area subdomain.

However, logging in to the secure version, https://www.finditclassifieds.com, users can see information reserved for registered users only in addition to the public data.

For instance, if you only wanted to share your phone number with registered users in your Metro Area, you would enter it in the contact info field which is reserved for registered users.

Step 1: Register / Verify Your Email Address

There is not much to registration other than verifying your email address and selecting a “Metro Area” you live in.

From any page on the website, click Register Now.

Find the register now link on any page.

Registration is simple and straight forward. Email address, name, Metro Area, City are all you need to complete registration. Once, you submit your information, an email validation link is sent to you.

Click on the link to verify you email and you are ready to start posting free advertisements.

More stuf

How to Delay a HTTP Response in Classic ASP, AKA Classic Sleep Function Alternative Solution

Is There a Sleep Method in Classic ASP?

First, and sorry, there is no built in sleep method in classic ASP. Probably for good reason. Keep reading for my solution below.

The key things to remember about classic ASP is that it is server-side and interpreted. Classic ASP is interpreted into HTML then served out the user’s web browser from the Microsoft IIS web server.

As a prerequisite, I can’t imagine why you would want to delay a Classic ASP page from being served to a user’s web browser for 10 seconds. That’s a long time to make a user wait but you can.

If you cause the HTTP Response to delay for a User Agent like Google bot, Google will probably exclude your website from their search indexes so I normally would not do this in practice on a website that needed any kind of Search Engine Optimization (SEO) friendliness.

Normally, when I think of sleep, I think of the sleep method in JavaScript where we can set a delay in seconds to pause some code in a function.

With Classic ASP, since we don’t have a native sleep or delay method, we can just build our own. By default, I’m going to stay with a delay of specific number of seconds as our end goal.

I’m sure we come up with a few way to do this but this is mine.

Building the Sleep Function from Scratch

  • We will set some variables for a start time and a current time.
  • Then start a While Loop that watches for # of seconds we’ve chosen.
  • We update the current time at each iteration of the loop and check it at start of each loop iteration.
  • Once current time increments by 10 seconds, loop completes giving you a delay of specified seconds.

Classic ASP Sleep Function Code

<%
Sub Delay(intSeconds)
	StartTime = Now()
	CurrentTime = Now()
	While DateDiff("s",StartTime,CurrentTime) < intSeconds
		CurrentTime = Now()
	Wend
End Sub

Response.Write("Something<br>")
call Delay(10)
Response.Write("Something 10 seconds later")
%>

I hope this helps you if you were looking for a simple Classic ASP HTTP Response delay function but be careful how you use it.

~Cyber Abyss

Online Scams: Puppies for Sale or Are They? Probably not! Buyer Beware & Read This before buying a Puppy Online.

Email Address: Your Internet Driver’s License

First things first. We all need an email address in order to do anything meaningful on the the web. You do and the bad guys do too! I would go as far to say that an email address closest thing we have to a driver’s license on the internet today. Without an email address, you are on a read only version of the internet with no way to interact with with world.

By Federal law, you’re not allowed to have an email address until you’re at least 13 years old. This is specified in the FCC’s Children’s Internet Protection Act (CIPA). I often have to advise my clients on these types of issues when deciding who can legally register on a website.

An email address allows you to register on websites by validating your email address. An email address / IP address combo is the easiest and most cost effective way to provide a first pass at knowing who your customers are online.

At least we are supposed to expect that they are at least 13 years old because Google and Yahoo must check this for every email account, right? LOL! This will be important to the story below.

Blue French Bulldog Puppies For Sale or Are They?

First off, let me start by saying you should read this article which is a case study on the Anatomy of a Puppy Scam by Rae Wondersmith. A great primer on the subject!

Next, I will be hiding identity of the suspected scammer while disclosing enough details to be helpful in the analysis of the individual and the patterns observed.

The data I’m sharing comes from anti-fraud systems I’ve designed that are working in production on what I’m hoping will eventually become a popular website for local classified advertising. Maybe I’ll reveal the name of the site at the end of this article.

Blue French Bulldog  Puppies for Sale

Pic of Puppies uploaded by the Scammer

On 11/30/2020 a suspected Puppy Ad Scammer created four (4) accounts in four (4) different cities in a very short period of time.

Three of the accounts came from one ComCast Cable IP in Salem Oregon which matched one of the advertisements which did not raise a red flag initially.

They kept creating new accounts for various cities and creating a single ad for the same dog breed for each account. They targeted Salem Oregon, Kalamazoo, Boston and Lansing.

Then they posted again but IP switched from Oregon Comcast to Verizon Fios in Virginia but anti-fraud tools I built help me see it is indeed the same person registering again from same browser even though the IP had changed. I’m not sure if they are using some sort of VPN to shift the IP / Location.

I know it says “Email NOT VERIFIED” in the screenshots below but they are. I had added an email ban to the system and it reflects back on this view as NOT VERIFIED but they were. The email verification process data sits in its own database table. I collect the IP addresses from the user at start and finish of the email validation process.

I can also see the email exchange in the email server logs files which I also check daily. All of this data can be verified by looking at several system logs.

Connecting Accounts Created by Same Person on Earlier Sessions

Going back thru recent account creations I see another account matching one of the scammers email.

Observations & Fraud Patterns

Broken English or poor grammar.

Example: Breath Taken Blue French Bulldog Puppies Ready Now To GO

Notice poor grammar of Breath Taking as Breath Taken there are other examples through out the text

Phone numbers used

240 Maryland Area code in the phone number used and same phone number using in most of the ads.

Phone number was not used on all of the ads posted by this scammer

Unique Account details repeated

Same password was used on all of the accounts!

This is proprietary but yes, all accounts used the same password.

More Analysis

So far this is what I think I have and is subject to change if new data overrides this.

  • User is probably not native English speaker but may be located physically inside the US.
  • Has methods to change IP via VPN or access to computers in those cities via nefarious methods (hack) in order to hide their real IP address.
  • Its is very easy to create email accounts. This person has many email addresses and personas ready to use or creates them easily and often.
  • Only targeted one breed so far

Raw Data for Analysts

In order to help analysts and law enforcement, below are the actual ad text used in the scam advertisements.

Scam Ad for Puppies #1

Much love we have for them, we are really proud to find them a good pet loving home where they will be spoiled with much love and care. they are home raised, well fed, vet checked, vaccinated and had their first shots, update on shot and dewormed, all in good health and will come with paper we have 240) 242-7140

Suspected Scammer using email address marksmille56@gmail.com for ad posted in Kalamazoo.

Scam Ad for Puppies #2

Akc registered frenchie puppies ready for x-mas ! all shots are up to date. They have already taken flea and tick dose. They have beautiful coatings, are strong,text me (240) 242-7140 for more info

Suspected scammer using email address louisesteel259@gmail.com from ad posted in Boston Mass.

Scam Ad for Puppies #3

We are proud to find a good pet loving home for our cuties. We have lovely, young, pretty healthy males and females available now for a new home. they are home raised, well fed, vet checked, vaccinated and had their first shots, update on shot and dewormed, all in good health and will come with papers. you can contact now for more details

Suspect scammer using email address randyruy71@gmail.com from ad posted in Oregon City, Oregon.

Conclusion

The internet is still the wild wild west and most people don’t understand how it works or how the bad guys use it to take advantage of us.

The above example shows just how hard it is for anyone trying to validate and vet an online user as they create multiple accounts and post data.

I hope the information I’ve provided on this subject is helpful in any research you may be doing on the subject as I expect those would be the only people reading the article down this far.

~Cheers & Happy Hunting!

~Cyber Abyss

VBScript: Zip & Organize Files by Year / Month

Organizing large amounts of files can be a real pain in the ass! If you’ve ever had the need to organize large numbers of files then you probably had a script or really wish your had a script to do this incredibly boring and monotonous task.

I had just such a task in my role as a site reliability engineer for a set of load balanced IIS web servers a couple of years ago. I needed to archive the IIS web server log files by server / year / month.

The VBScript I’m sharing with you in this article, archives two kinds of files for the example. In this example they live in the same folder but most likely in the real world they won’t so adjust the script to your needs. I just show you two ways to parse the date out of files named differently.

  1. IIS Log File
  2. Custom CSV Log File

This example does not delete the original file after a copy has been moved to the zip folder. You can add that later or just manually delete all the files after they are all moved to zipped files.

From the example you should be able to figure out to implement this in your own use case. Good luck!

Organizing Files Using VBScript

This is one of my favorite VBScripts even though I did not write all of it myself. I’ve left credit in the comments for the zip file code I borrowed and implemented in this solution.

VBScript Code

'File System Object Prep
Const ForReading = 1
Const ForWriting = 2

sFolder = InputBox("Enter log folder path:","Select a Log Folder to Compress","C:\inetpub\logs\LogFiles\W3SVC3")
Set oFSO = CreateObject("Scripting.FileSystemObject")

For Each oFile In oFSO.GetFolder(sFolder).Files

	on error resume next
	'Breakdown file name
    strFileType = Right(oFile.Name,3)

	if strFileType = "csv" then
		strTemp = Replace(Mid(oFile.Name,20,Len(oFile.Name)-4),".csv","")
		arrDate = Split(strTemp,"_")
		iYear = Left(arrDate(0),2)
		iMonth = arrDate(1)
		if Len(iMonth) < 2 then
			iMonth = "0" & iMonth
		end if
		CheckValue = arrDate(1)
		CurrentMonth = Mid(DatePart("yyyy", Now()),3,2) & DatePart("m", Now())

        if iYear & iMonth = CurrentMonth and (strFileType = "log" OR strFileType = "csv")	then
            'Do not process current month file, only archive previous months
             'msgbox("Skipping " & sFolder & "\" & oFile.Name)
        else
            WindowsZip sFolder & "\" & oFile.Name, sFolder & "\" & iYear & iMonth & ".zip"
		end if
	end if
 
    if strFileType = "log" then	
		iYear = Mid(oFile.Name,5,2)
		iMonth = Mid(oFile.Name, 7,2)
		CheckValue = iYear & iMonth
		CurrentMonth = Mid(DatePart("yyyy", Now()),3,2) & DatePart("m", Now())

        if iYear & iMonth = CurrentMonth and (strFileType = "log" OR strFileType = "csv")	then
            'Do not process current month file, only archive previous months
            'msgbox("Skipping " & sFolder & "\" & oFile.Name)
        else
            WindowsZip sFolder & "\" & oFile.Name, sFolder & "\" & iYear & iMonth & ".zip"
        end if
	end if

Next

Function WindowsUnZip(sUnzipFileName, sUnzipDestination)
 'This script is provided under the Creative Commons license located
  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
  'be used for commercial purposes with out the expressed written consent
  'of NateRice.com

  Set oUnzipFSO = CreateObject("Scripting.FileSystemObject")
  If Not oUnzipFSO.FolderExists(sUnzipDestination) Then
    oUnzipFSO.CreateFolder(sUnzipDestination)
  End If

  With CreateObject("Shell.Application")
       .NameSpace(sUnzipDestination).Copyhere .NameSpace(sUnzipFileName).Items
  End With

  Set oUnzipFSO = Nothing
End Function

'To Test Windows Zip Function Separately 
'WindowsZip "C:\test\test2.txt","C:\test\test.zip"

Function WindowsZip(sFile, sZipFile)
  'This script is provided under the Creative Commons license located
  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
  'be used for commercial purposes with out the expressed written consent
  'of NateRice.com

  Set oZipShell = CreateObject("WScript.Shell") 
  Set oZipFSO = CreateObject("Scripting.FileSystemObject")

  If Not oZipFSO.FileExists(sZipFile) Then
    NewZip(sZipFile)
  End If


  Set oZipApp = CreateObject("Shell.Application")
  sZipFileCount = oZipApp.NameSpace(sZipFile).items.Count
  aFileName = Split(sFile, "\")
  sFileName = (aFileName(Ubound(aFileName)))

  'listfiles
  sDupe = False

  For Each sFileNameInZip In oZipApp.NameSpace(sZipFile).items
    If LCase(sFileName) = LCase(sFileNameInZip) Then
      sDupe = True
      Exit For
    End If
  Next
 
  If Not sDupe Then
    oZipApp.NameSpace(sZipFile).Copyhere sFile
    'Keep script waiting until Compressing is done
    On Error Resume Next
    sLoop = 0
    Do Until sZipFileCount < oZipApp.NameSpace(sZipFile).Items.Count
      Wscript.Sleep(100)
      sLoop = sLoop + 1
    Loop
    On Error GoTo 0
  End If
End Function

Sub NewZip(sNewZip)
  'This script is provided under the Creative Commons license located
  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
  'be used for commercial purposes with out the expressed written consent
  'of NateRice.com

  Set oNewZipFSO = CreateObject("Scripting.FileSystemObject")
  Set oNewZipFile = oNewZipFSO.CreateTextFile(sNewZip)

  oNewZipFile.Write Chr(80) & Chr(75) & Chr(5) & Chr(6) & String(18, 0)
  oNewZipFile.Close

  Set oNewZipFSO = Nothing
  Wscript.Sleep(500)
End Sub


Improve Your Developer Skills by Reading Bug Bounty Reports

I’m a professional software developer who likes to dabble in hacking.

I recently started spending time seeking out information security enthusiasts and hacking professionals who publish reports on their bug bounty work.

If you’re not familiar with bug bounties, the simplest explanation is someone putting up a prize or bounty for bugs found on a specific application / website.

Most of the time, bug bounties are official events where you register and are given guidelines in order to collect the bounty and that typically includes a good write up or report on how your discovered and exploited the bug and what type of bug it would be classifieds in to, like a “reflected XSS” cross-site scripting bug.

I’m going to use this bug discovery report from Vedant Tekale also known as “@Vegeta” on Twitter as an excellent bug bounty type of report where you can see the steps a hacker / attacker or bug bounty hunter would take to see if your website has a vulnerability that can be exploited.

As a software developer interested in creating secure applications for our users, we should always be aware of what tactics and techniques a bad actor might use against the products and features we are building.

Vedant’s write up is basically a step by step of what hackers would be looking for. First, look for bugs like XSS, open redirect, server-side request forgery (SSRF), Insecure direct object references (IDOR) but they found nothing.

With persistence, Vedant kept at it and found a bug in the password reset functionality where the password was reset feature was resetting the password to a brand new password on every forgot password attempt.

Also, rate limiting seemed to be missing as 88 password reset attempts went unchallenged so we guessing there was no rate limiting at all.

As a developer with a focus on security, I highly recommend adding reading bug bounty reports to your professional reading list. It will be a big eye opener for you if you’ve never tried hacking a web application before.

I’m on day 5 of chemo treatment for skin cancer and I think this is all I have in the tank tonight but I’m glad I got this blog post out before I have to put another round of chemo on my face for the night. It’s not pleasant. :-\

Hope this helps somebody. 😉
~CyberAbyss

How to Hide Executable Code in a Text File using Cloaking and Alternative Data Streams

Hacker Basics: How to Hide an Executable File Inside and Text File

Did you know that hackers can hide an executable file inside of a text file using a technique that uses something called data streams to trick a computer system from seeing text and or executable written in an alternate data stream inside a common text file.

I was pretty impressed the first time I watched someone demonstrate this. I was like, NO WAY! I really thought that this was some wizard level hacker stuff.

I’m no wizard level hacker, although I aspire to be, but I should be good enough to show you how to embed a simple calculator app inside a text file using an alternate data stream.

A big thank you to Cyber Security Expert, Malcolm Shore who presented a similar example in his Cyber Security Foundation online course I recently completed.

How Do Alternate Data Streams Work?

Way back in the old Wild West days when we had the DOS operating system, files used to be simple strings of data. Files are read btye by byte.

Later, in the NTFS file system, files are complex structures. NTFS files at a minimum contain a section called $Data where data is read by an application. $Data is the Data Stream.

Files may have many other sections or streams other than just the $Data section. This is what we call “Alternate Streams”.

THIS IS IMPORTANT: Windows only recognizes data in the $Data section so any data we put in an alternate data stream is not read by the Windows Operating System. We cloak data we want to hide in an alternate data stream. That’s the basics of how this works.

The data we are hiding could be a malicious malware payload or encrypted espionage message for our spy ring but in this example, it is just the simple calc.exe file you can find on any Windows PC for the last 20+ years.

Creating an Alternate Data Stream in a Text File

The screenshot below shows the three (3) files we’ll be using in this demonstration.

  • Simple text file with some string data.
  • calc.exe application or executable binary file
  • Secret text file with some string data

We can see the size of the text file is just 1 KB and the calc.exe file is 897 KB.

If we open the text-data.txt file with Notepad we’ll see just a simple line of text and the same with the secret-data.txt file.

To hide our secret message inside the the text data file, we’ll use this command line command.

C:\text\>type secret-data.txt > text-data.text:hidden.text

Screenshot of Alternate Data Stream: Insert Hidden Text

Below is a screenshot of the command line command “type” that we used in this example to insert our secret-data.txt file into an Alternate Data Stream inside of another text file.

If we type the command “more” we can look for the secret message.

The screenshot below shows the text file that contains our hidden text being opened in Notepad where we can’t see the hidden text we saved to the file. If we type the command line command below, we can read the hidden text we wrote to our Alternate Data Stream by keying in on the specific data stream.

c:\test>more < text-data.txt:hidden:text
Screenshot: Display hidden text in a text file.

Hiding an Executable Inside a Text File

Hiding an executable file inside a text file using the exact same Alternate Data Stream technique we just used in the the Secret text file example above but this time we’ll simply replace the Secret text file with the Windows Calculator application executable file.

The screenshot below shows the command line command to save the calc.exe file in an Alternate Data Stream in side our target text file.

Notice this time, the Alternate Data Stream is named “mycalc.exe”. Don’t get to hung up on this, it is just a name that is basically meta data that is saved with the data that we can use to filter the data we get out of the file. I hope that makes sense.

Important to note at this point that the file sizes didn’t change when we inserted the calc.exe file. It is still showing 52KB.

How to Execute a File Saved in an Alternate Data Stream

To execute a file you’ve stored in an Alternate Data Stream, we’ll need to use the wmic command as is done in the following example.

c:\test>wmic process call "c:\test\text-data.txt:mycalc.exe"

As you can see from the working example above, I was able to embed the calc.exe file inside as well as text file and a secret message.

If the data is text we just need to indicate which stream we saved the data in to retrieve it.

If the data we hid was an executable file, we’ll need to use the Windows “wmic” command line command to call the executable from inside the text file by keying in on the Alternate Data Stream name.

In summary, the technique is crazy easy to pull off without any 3rd party hacking tools. It just requires a little Windows Operating System inside knowledge but is something every good hacker should know.

I hope this helped somebody!
~Cyber Abyss