Wednesday, 31 October 2018

Invalid File Handle - Movie Downloads Beware!

Invalid File Handle - Movie Downloads Beware!

By Strictly-Software

Recently I downloaded a film, Con Man (2018), however when I try to do anything with the file such as open, run, copy, move or delete it I get a Windows "Invalid File Handle" error message.

I did some research and found that on certain file systems such as NTFS, CDFS, exFAT, UDFS, FAT, and FAT32, there are some reserved file names that you should never use which causes this error. One of these is con. Others include: PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9.

I checked the filename of the movie and the person had only named it Con.Man.2018.1080p.mp4, meaning that Windows saw the filename as Con preventing me doing anything with this file.

At the moment it is permanently stuck on my file system as I cannot remove the files containing folder either.

I did have a copy of this file on a USB stick however which I could remove, obviously due to the different format of the USB disk drive. If I had used uTorrent to download the file directly to the USB drive instead of first to a folder on my Windows drive I wouldn't have had this issue.

I am basically looking for ways to remove this file as I cannot rename it to something else, either from Windows or the Command Prompt, to enable deletion.

I saw someone suggest renaming the file to \\.\Con.xxx but this does not work as I cannot get a file handle to rename it in the first place.

Therefore this is more of a warning write up than a "How To Guide", although you can be sure I will update this when I find a solution.

So if you are downloading files such as movies to your computer be careful and check the filename first and if you are using a tool such as a Torrent downloader ensure the downloaded file name is changed to something an NTFS or FAT type disk can handle, or download it straight to a USB drive with a different disk format which will allow file deletion.

For more information you can read this MSDN article, called "Naming Files, Paths, and Namespaces".

It states: Do not use the following reserved names for the name of a file: CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9. Also avoid these names followed immediately by an extension; for example, NUL.txt is not recommended.

I will update this when I get a solution.

Sunday, 7 October 2018

Premium Plugins Cut Half In Price!

Premium Plugins Cut Half In Price!

By Strictly-Software

Just to let you know the Premium Plugins for Wordpress, Strictly AutoTags and Strictly TweetBOT have been cut in price, by HALF!

These two plugins which can be used in conjunction with each other to fully automate a site are now only £20 each and can be purchased from my main sites secure payment page.

With both of these plugins together (both for PHP 5 and 7), feed content can be automatically loaded with a feed loading plugin before tags automatically being added to the articles with Strictly AutoTags.

Then you can Tweet out to one or more accounts different Tweets, with different content, shortened or not, with a time delay to stop Twitter Rushes with Strictly TweetBOT.

The premium plugins have many more features than the free versions and since Wordpress has taken them off their site, despite over half a million downloads, you can only get them from my site.

Try the free versions first if you want, however the options in the premium versions are there for performance, extra functionality and speed.

HALF PRICE PLUGINS TO AUTOMATE YOUR WORDPRESS SITE!

What more can you want if you work with Wordpress and feeds to give yourself good SEO, tagging and social media presence automatically?

Link your Twitter account up with a Facebook page and you can post from your site to Twitter to Facebook all whilst you work or relax.

Safely knowing you will grow your site with new tags, limit the number of deeplinking to prevent single new tags creating pages, and get your tags turned into Twitter #hashtags!

What more can you want?

Check out my Facebook page for more info!


Friday, 11 May 2018

Don't Fall For Trick Links - Use REL = NOOPENER and NOREFERRER in Browsers

For the XSS Hole In Browers use NOOPENER and NOREFERRER

By Strictly-Software

As some of you might know the rel attribute in anchor tags can be used for more than just nofollow or as some stupid SEO gurus think "follow" which doesn't exist.

It can also be used to trick users who click links that open pages and then run code that uses the window.opener object to change the page's HTML that you have just come from before closing.

For example Chrome is good at protecting XSS attacks even from the same origin, however even it can fall victim to trick links. Adding into your rel attribute rel="noopener" should stop the opened page from being able to modify code on the page that opened it through the parent page through the window.opener object.

However in some browsers this does not work too well, and you should be aware of this as some browsers like FireFox sometimes need an extra noreferrer value added to prevent the opened page from modifying your initial page.

If you want to see an example of this in action then go to this link on my website www.strictly-software.com/test1.html.

Try this in FireFox first as that is the browser which doesn't seem to respect the noopener attribute.

Try it in your own personal browser of choice as well and play around with the code (copy and paste it to your local machine to tamper and run), to see if taking noopener or noreferrer out of the links work or not or whether a blank link with no rel attribute passes the object reference along at all.

There are two links on the page, the first when clicked should change the page you are looking at to the top part of a Facebook login screen.

If you can imagine getting a link in your messages, emails or on Facebook itself and clicking it to find that it seems you have been logged out.

So you login again.

Only now that the page is not Facebook but a page my trick link or window.open() page has made you think is Facebook. The link or window.open('tamper.html','win') has had it's HTML changed and the hacker is logging your email and password.

In this example I have just used an image so their is no danger of having your details stolen.

What the first page does is just offer the user a link to click. It might be from a friend or hacker but once clicked it will use target="_blank" to open a new window.

As soon as the window is open an onload event is fired that uses the window.opener object to gain access to it's parent and change the HTML.

I have used a basic example here and an image of Facebook but you can see the code in action.

function RunScam(){
 window.opener.document.documentElement.innerHTML="<html><body><img style='width:1000px' src='FBTest.png' alt='Fake Facebook Page Example' /></body></html>";
 window.close();
}


I use an onload="RunScam()" function to call that code above.

This function uses the window.opener object to reference the document.documentElement object and then innnerHTML to reformat the page before closing the new window.

Remember I am just using an image here so there is no risk but the function could be extended to load in stylesheets, real inputs that record your passwords and look just as real as the site it is faking. It could be a bank, a social media site or any other kind of site people would want to get passwords for.

Once you have checked the fake link out try the next one.

It shouldn't do anything but open a blank window.

Remember the link is at www.strictly-software.com/test1.html as you may have to go back from the fake Facebook page.

So try this out in FireFox and then you will see the importance of adding noopener and the older workaround when FF didn't support noopener, noreferrer.

Monday, 15 January 2018

Quickly Grab Generated Source Code With One Click

Quickly Grab Generated Source Code With One Click


By Strictly-Software

Now that my broken arm is getting better I will be doing more code. It still hurts like mad though, the arm bone didn't even look like it belonged anywhere near the shoulder where it was dislocated.

If you want WordPress plugins then go and check out the main site which I need to do some work on. I am also thinking of building an alternative search engine to get round Google's/CIA/NSA's de-ranking and demonetisation.

I used to have a Super Search Engine years ago, that took the top 10 items from Google, BING and Yahoo, however they kept changing the source code until it all became AJAX loaded in on the fly and too hard to scrape.

I think with the push or deletion of alternative news down the rankingsand pro-establishment news gaining viewers they would never had got a year ago due to Facebook's subservience to the USA and Israeli governments. More and more people will move to new decentralised social media platforms and once that happens Facebook and Google, who are already losing out to duckduckgo.com  due to privacy concerns will lose money in their share price as well as many members.                                 

The problem is money of course and too few people click on adverts or donate out the kindness of their heart.

I think, like search.darkpolitriks.com, that has a starting page of core main #altnews websites and podcasts, I could write my own one and charge £10 for a relevant #altnews blog or channel to be added to the SERP, just so that small alternative sites have the same chance of being found in results and sites like CNN and the BBC are weeded out.

Easiest way of creating a SERP. Just ensure the site is relevant and not mainstream.

Anyway I was fixing a bug today when I realised that it was a bookmark with an http source on an https site that prevented the lock from showing.

Sometimes I don't think people realise how dangerous loading third party scripts can be.

Just loading in a CSS stylesheet could cause nightmares.

For example say your site loaded in a stylesheet from www.SomeSiteIDontControl1.com which loads in a background PNG image which in turn loads in another remote 3rd party stylesheet from www.SomeSiteIDontControl2.com.

Then one day the person in control of that site changes that 2nd image to a dangerous .js file or .exe that loads in an XSS attack.

You are so far removed from the actual cause of the problem that with minification and compression you might have no hope in finding the dangerous file.

So one day the 2nd CSS file that you are loading looks something like this:


background:url(http://www.somesiteIdontcontrol2.com/images/background.png) no-repeat 16px 0;


Then one day this site owner changes his background image to be an .js file e.g


background:url(http://www.somesiteIdontcontrol2.com/images/dodgyscript.js) no-repeat 16px 0;


And when the page loads, and after your onDOMLoad event loads in these scripts it hits your user with the JavaScript sites code.

A recursive script might be handy to run every day to check diagnostics by referencing every URL it finds in any style-sheet or JavaScript on your site.

Follow it backwards and check every other URL it finds.

Another way, if you are perfectly happy with your code is to create local versions of the files and images and keep it all on a server you control so no-one could malform the objects being loaded.

This is a bookmarklet script I wrote years ago that shows me the DOM loaded afterwards and not before.

I wanted to see what scripts and files had been added since I pressed the View Source button that shows the HTML and JS/CSS before any code is run on the page.

I use it all the time. I created a bookmarklet and added it to my bookmark bar so it's within easy reach with a URL to www.google.com and save it.

I then edit it and change the location of the JavaScript I want from www.google.com to the code so that it runs. This might not be necessary anymore but I had add a real URL in the old days.

This code basically takes a snapshot of the DOM once all 3rd party objects have modified the code, loaded videos, changed images and anything else sites like to do when onDOMLoad (not onWindowLoad, which only fires once every image and external object has been loaded.

As you are loading the code with a press of a button there is plenty of time for the onDOM onWindow and onFrame load events to fire, plus many others.


javascript:(function()%7b function htmlEscape(s)%7bs=s.replace(/&/g,'&amp;');s=s.replace(/>/g,'&gt;');s=s.replace(/</g,'&lt;');return s;%7d x=window.open(); x.document.write('<pre>' + htmlEscape('<html>\n' + document.documentElement.innerHTML + '\n</html>')); x.document.close(); %7d)();


As the HTML 5 spec still allows for href="javascript: ..... " then a link or button can run JavaScript when it really should be running external document.addEventListener events to each object needing code to fire when hit.

The code just creates a URL encoded function called htmlEscape which replaces brackets and ampersands and opens a new window writing this new code out into the document.documentElement.innerHTML.

Not hard to do but very useful.


By Strictly-Software

© 2018 Strictly-Software

Monday, 18 September 2017

Automatic PHP 7 Support for Strictly Auto Tags

Automatic PHP 7 Support for Strictly Auto Tags


By Strictly-Software

Please check out the new free and premium plugins for PHP 7 users on the main site.

As PHP doesn't allow short cutting for some reason like decent languages I could not make a single file that would handle both PHP 5 and PHP 7 as I wanted to with a simple check to see if callbacks were supported or the modifier that was removed ( \e ).

Therefore there are now both free versions and premium versions on my site and you should check (and like) the Facebook page to keep informed of changes as WordPress have taken down my plugins for some reason.

By Strictly-Software

Tuesday, 24 January 2017

PHP7 Support For Strictly AutoTags

PHP7 Support For Strictly AutoTags


By Strictly-Software


If you are using the popular Strictly AutoTags plugin then everything should be working fine however if you have upgraded to PHP 7 then that will have caused problems.

Not every developer has the time or knowledge to know that a new PHP version will remove features or cause issues with their plugins. However in this case it's due to the /e modifier being dropped.

$content = preg_replace("/(\.[”’\"]?\s*[A-Z][a-z]+\s[a-z])/e","strtolower('$1')",$content);


The only difference apart from the callback is that I am using @ @ as wrappers around my regular expression this is just so I can see it more easily with far less escaping required.

So replace the line above which is about line 1345 of the strictly-autotags/strictlyautotags.class.php file.

$content = preg_replace_callback("@(\.[”’\"]?\s*[A-Z][a-z]+\s[a-z])@",
 function ($matches) {
  return strtolower($matches[0]);
 },
$content);

Other people have used this fix for the plugin in the WordPress forum so it should work. I don't use PHP7 yet so never had to deal with it.

However if you are a developer please help others out on the forum. I have had over 223,616 downloads of the free version. If just everyone of those people had donated me £1 then I could spent my whole time working on it but everyone wants everything for free it seems nowadays which is why I have my premium plugin with more features > Strictly AutoTags Premium Plugin Version.

Remember you can also find up to date information on my Facebook page for my Automation plugins, this and the Strictly TweetBOT plugin which go hand in hand.

Also remember there is a Facebook page for thee plugins you can check for help as I don't automatically get notified of new problems on the WordPress site for some reason.

You can find this page at https://www.facebook.com/strictlysoftware/

Remember if you have a bug with any of my plugins to do the following:


  1. Check the WordPress forum for similar bugs and fixes https://wordpress.org/support/plugin/strictly-autotags
  2. Check the ReadMe file or admin page for any help.
  3. Check your PHP and APACHE error logs to ensure it's this plugin causing the issues.
  4. Run though the standard debug practises laid out here: Giving useful debug information.
  5. Provide as much info to the developer as possible e.g PHP version, WP version, Plugin version, any other installed plugins, when it started failing, was anything else installed near that time, details of your process for tagging.


By Strictly-Software


© 2017 Strictly-Software

Monday, 23 January 2017

Find Any WiFi Password on a Windows Computer

Find Any WiFi Password on a Windows computer


By Strictly-Software

The title is a little misleading as it doesn't bring you back to the early 2000's and let you go driving around estates with a laptop, breaking into password encrypted WiFi routers. Not that you used to need to as in most estates your computer could pick up an unlocked router or three without a problem.

This is slightly different in it allows you to find ANY password that belongs to a router your PC/Laptop has been connected to in the past.

You may not like writing things down and have had a memory slip or you haven't used the router for so long the password escapes any looks for it.

First - Find out what you can access

This bit allows us to find out all the WiFi routers such as friends routers and gadgets like Chromecast that you have forgotten the password to.

Open your command prompt in administrator mode otherwise this won't work.

Once you have your command prompt up lets find out what WiFi spots we have connected to in the past or have access to. If you were around a friends one time and connected but forgot the password then you may need to use this to re-gain it if his WiFi router is in the list.

Type the following into the prompt: netsh wlan show profiles

It should then list all the routers you have had connections to from the computer you are on.

C:\Windows\system32>netsh wlan show profiles 

User profiles
-------------
    All User Profile     : Chromecast1034
    All User Profile     : BTHub4-NX23
    All User Profile     : TALKTALK-3ERA24
    All User Profile     : virginmedia8817891
    All User Profile     : strictlywifi10x
    All User Profile     : strictly-ukhorse-air


Now we have a list of spots and we pick the one we need the password for. The command is pretty similar to the preceding one it just needs the routers name added to it and the term key=clear. If you don't add this to the end then you won't get to view the password in clear text.

netsh wlan show profile BTHub4-NX23 key=clear

This will give you detailed info on the router, whether it connects automatically, authentication mode e.g WPA2 and even details of your current cost and whether you are over the data limit set by your provider.

Lets try and find the password for the connection BTHub4-NX23

C:\Windows\system32>netsh wlan show profile BTHub4-NX23 key=clear

Profile BTHub4-NX23 on interface WiFi:
=======================================================================

Applied: All User Profile

Profile information
-------------------
    Version                : 1
    Type                   : Wireless LAN
    Name                   : BTHub4-NX23
    Control options        :
        Connection mode    : Connect automatically
        Network broadcast  : Connect only if this network is broadcasting
        AutoSwitch         : Do not switch to other networks

Connectivity settings
---------------------
    Number of SSIDs        : 1
    SSID name              : "BTHub4-NX23"
    Network type           : Infrastructure
    Radio type             : [ Any Radio Type ]
    Vendor extension          : Not present

Security settings
-----------------
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Security key           : Present
    Key Content            : r85583569z

Cost settings
-------------
    Cost                   : Unrestricted
    Congested              : No
    Approaching Data Limit : No
    Over Data Limit        : No
    Roaming                : No
    Cost Source            : Default



As you can see from the Key Content section the password for this router is r85583569z.

Open the WiFi section on your desktop and connect by adding the key and it should connect. If not you have a problem.

So if you don't like writing passwords down or just want to use your mates WiFi without spending hours hunting down where he put his WiFi routers login details then this trick can come in handy.

By Strictly-Software


© 2017 Strictly-Software

Latest Cheap Amazon Goods