Makerfarm Prusa i3 – Upgrade #1 Z Endstop Holder

IMG_1049

When i build my makerfarm prusa i3 there was something i really didn’t like….the z endstop is attached to the frame itself while the screw, which should hit the endstop, is obviously directly attached to the x idler. It is working fine like that but it always looked like it will slip down the side anytime soon.

I went to thingiverse and found this awesome little bracket. I printed it and first it looked good,but when i mounted it and tried to calibrate everything i saw the strap scratching the x idler.

I decided to remix the bracked and this is what i came up with: LINK

It’s basically the same, but it’s a little thinner than the original. This is what it looks like when it’s all done:

IMG_1059 IMG_1061

Job done:)

Makerfarm Prusa i3 Magma Hotend – Not enough material

Two weeks have passed since i got my Makerfarm Prusa i3 Kit. I bought it together with the magma hotend which allows me to print PLA and ABS parts.

IMG_1036

It all worked fine until yesterday when i tried another calibration print to improve my setup. First everything seemed normal, but then i noticed that the nozzle pushing out the melted abs could not keep up with the movement of the extruder and the abs was sticking to the nozzle. For this testprint i lowered the temperature to 215c which i thought could be a problem. On the right there is a picture taken after the print. After adjusting the temperature the result was the same so i had to investigate further…

IMG_1038 After letting it cool down i started by removing the hotend from the extruder. I wasn’t able to just pull the filament out of the nozzle so i connected to the prusa using pronterface and tried to extrude some material so i could cut it off. If you try doing so you will soon be disappointed because you won’t be able to extrude without heating it. To bypass this security setting you can send a simple „M302“ using the pronterface command line.

IMG_1039

Next i extruded some material and cut off the main line. Doing so i was able to see the whole magma nozzle with it’s first problem. There is too much tension on the cables because they are not cleanly tied so the thermistor got pulled out of the tiny whole in the nozzle. I decided to completely remove the kapton tape and wiring.

Here are some shots from the cleaning and rewiring:

IMG_1040 IMG_1041 IMG_1042 IMG_1043

IMG_1046

Next, connect to your prusa using pronterface and reverse extrude the rest material so you can remount the hotend to the extruder.

All done, yes! Sadly not. I did a fresh testprint but it showed exactly the same symptoms.

IMG_1047I pulled out the filament, ready to disassemble the extruder again when i saw arrears in the extruder feed. I took a close look at the filament i just pulled out and saw the cut i made when i disconnected the hotend. This meant that the filament is not getting into the nozzle. I cleaned the feed using a small screwdriver and then tighten the screws on the idler.

IMG_1048

After that the testprint went good and the throughput seems to be ok now. Hope this is helpful to you!

Nmap Output Filter #2

Again a little nmap filter. This time we tried this scan:

nmap -sn 192.168.1.0/24

I just wanted to have the running systems and their mac-addresses, so i did this:

map -sn 192.168.1.0/24 | grep -v -E „(Host|Nmap done|Starting)“ | sed „s/Nmap scan report for //g“ | sed „s/MAC Address:/->/g“ > hosts.txt

The result looks like this:

192.168.1.1
-> 58:6F:8F:81:CE:E6 (Cisco-Linksys)
192.168.1.101
-> 00:1E:92:46:D8:62 (Asustek Computer)
192.168.1.102
-> 0R:80:F0:12:F1:0B (Panasonic Communications Co.)
192.168.1.104

Nmap Output Filter #1

If you ever scanned a network range for Port 80, you may have received huge logfiles where you have to laboriously pick out the online hosts.

For example i did the following scan:

nmap -sV -p 80 -iL online_host_list > list_only_port80

The result is a (more or less) bigger list with results. As said, more or less useful. So i decided to write a little filter which you can use straight from the command line:

inhalt=$(cat your_lists | grep -n „your_pattern“ | sed ’s/:/\n/g‘ | grep -v „80/tcp“); for i in $inhalt; do counter=$(($i-2)); var=$(echo „sed -n “ && echo $counter && echo „p your_lists“); command=$(echo $var | sed ’s/ p/p/g‘); $command | sed ’s/ /\n/g‘ | grep -v „Interesting“ | grep -v „ports“ | grep -v „on“ | grep -v „other_pattern“ | sed ’s/(//g‘ | sed ’s/)//g‘ | sed ’s/://g‘; done

So if you, for example, scan a ip range in russia for IIS 5.0 webservers you may use this command:

inhalt=$(cat list* | grep -n „IIS webserver 5.0“ | sed ’s/:/\n/g‘ | grep -v „80/tcp“); for i in $inhalt; do counter=$(($i-2)); var=$(echo „sed -n “ && echo $counter && echo „p list*“); command=$(echo $var | sed ’s/ p/p/g‘); $command | sed ’s/ /\n/g‘ | grep -v „Interesting“ | grep -v „ports“ | grep -v „on“ | grep -v „.ru“ | sed ’s/(//g‘ | sed ’s/)//g‘ | sed ’s/://g‘; done

As a result you receive a clear list of online hosts running a http server.

Maybe not the most beautiful script, but its doing its job.

SQL Injection Time Delay

THEORY

If you’re interested in SQL Injections you may have heard about Blind SQL Injections. A typically characteristic of a blind SQL Injection is the fact that the resulting page varies from the original because you injected a false statement.

Despite all that there is the possibility of a so called Totally Blind SQL Injection. The problem with this kind of injection is that the attacker can not see any response to his Query. If this is the case the attacker still has some options to test if his query gets executed. The first case, which i won’t describe here, is working with conditional errors. The second however is using Time Delays.

TIME DELAY?

The idea behind using time delays is as simple as the fact that your query needs time to give you the results: by using built-in functions you can create a query which needs more time so you can see which part of it gets executed. The command we’re going to discuss here is called benchmark.

The basic usage of benchmark:

BENCHMARK(loop_count,expression)

A basic example:

BENCHMARK(1000000,ENCODE(‚benchmark‘,’test‘))

To use this technique in a query we use the case when-condition:

UNION SELECT (CASE WHEN (substr(username, 1,1)) > 103) THEN benchmark(1000000,ENCODE(‚benchmark‘,’test‘)) ELSE ‚false‘ END), NULL , NULL

This query tests if the first character of the username is between g and z. If the condition is true, the page will load a few seconds longer – if not it will load normaly.

IMPORTANT: Your union select statement needs the right number of columns!

So now that you have a basic overview you can go out and test your applications on Totally Blind SQL Injections.