December 6, 2018

Difference between a Directory Junction and a SYMLINK (Symbolic Link)

In the last post (Create a Symbolic Link in Windows), we have seen how to create different Symbolic Links, i.e, Hard Link, Directory Symbolic Link and Directory Junction Link. If you have not read the last post I recommend to have a look, it will help you understand better.

In this post we will see how Symbolic Link and Directory Junction fits in different scenarios. At some extent Symbolic Link and Directory Junctions look similar, but they serve different purpose. Here is a list of some of the differences between a junction and a symbolic link.

  • A junction point is designed to target local directories, but a symbolic link can be used for directories and files.
  • A junction can only be linked to a local volume path. Symbolic links can be used to link both local and remote/network path. For example, a symbolic link can link to the network share e.g. \\officenetwork\shared\some-folder.

In windows explorer, the icons displayed for both Symbolic Link and Directory Junction seems identical and you can't differentiate if the created link is a Symbolic Link or a Directory Junction by seeing it. But from the command prompt, you can easily identify the correct type by using DIR command. If you have seen my last post (mentioned above), you may notice that the Directory Junction item will be displayed with <JUNCTION> type in console.

If you try to create a Directory Junction Link to some remote path, it will give you an error message. You have to use Directory Symbolic Link when you need to create a link for remote path. Lets understand this with an example:

Create a Directory Junction Link

In this example, I will create a Directory Symbolic Link to Target remote folder named TestFolder. The directory linked will be created at path C:\SymbolicLink\Network\J_Link.

  • Open the command prompt and go to the path C:\SymbolicLink\Network
  • Run the following command:

       mklink /J "C:\SymbolicLink\Network\J_Link" "\\officenetwork\IT-Developmnet\Idrees\TestFolder"
      

    You will see the error message as follows:

       Local volumes are required to complete the operation.
      
    Directory Junction Link for network path giving error

Create a Directory Symbolic Link

In this example, I will create a Directory Symbolic Link to Target remote folder named TestFolder. The directory linked will be created at path C:\SymbolicLink\Network\J_Link.

  • Open the command prompt and go to the path C:\SymbolicLink\Network
  • Run the following command:

       mklink /D "C:\SymbolicLink\Network\D_Link" "\\officenetwork\IT-Developmnet\Idrees\TestFolder"
      

    You will see the success message as follows:

       symbolic link created for C:\SymbolicLink\Network\D_Link <<===>> \\officenetwork\IT-Developmnet\Idrees\TestFolder
      
    Directory Symbolic Link for network path

    If you run the DIR command at C:\SymbolicLink\Network, you will see that the newly created directory link will be displayed as <SYMLINKD>.

    Directory Symbolic Link for network path - in command prompt

I hope you find this post helpful. I welcome your suggestions or feedback in the comments section below.

December 3, 2018

Create a Symbolic Link in Windows

Symbolic Link, Soft Link or SymLink referred to the same thing, is a file that is linked to another file or directory, which can be on the same computer or any other on the network. You can create Symbolic Link by using mklink command, which is available since Windows Vista.

Syntax of mklink is:

MKLINK [[/D] | [/H] | [/J]] Link_File_Or_Directory_Path Target_File_Or_Directory_Path

As you can see from the above syntax, mklink allows following 3 switches to create different types of Symbolic Links.

  • /D Directory symbolic link.
  • /H Creates a hard link instead of a symbolic link.
  • /J Directory junction.

The default is a file symbolic link, i.e. if you did not specify and switch than the link created will be File Symbolic Link.

Lets start create each type of link with an example:

First we setup he environment for examples to follow. I created a folder named Symbolic Links at C:/. Inside Symbolic Links folder created another folder named Original, which will be act as Target Folder of symbolic links and contains two files file1.txt and file2.txt.

Create a Hard Link

In this example, I will create a Hard Link to file1.txt which we created inside our Target Folder named Original. The linked file will be created at path C:\SymbolicLink\H_Link.

  • Open the command prompt and go to the path C:\SymbolicLink
  • Create new directory H_Link with the following command

       mkdir H_Link
      
  • Run the following command:

       mklink /H "C:\SymbolicLink\H_Link\file1.txt" "C:\SymbolicLink\Original\file1.txt"
      

    If you get the following error message:

       You do not have sufficient privilege to perform this operation.
      

    Then just restart the command prompt with Administrator Privileges. If you are already running command prompt with Administrator Privileges then you will see the success message as follows:

       Hardlink created for C:\SymbolicLink\H_Link\file1.txt <<===>> C:\SymbolicLink\Original\file1.txt
      

    We have successfully create the Symbolic Link to a file (also know as Hard Link).

Create a Directory Symbolic Link

In this exmaple, I will create a Directory Symbolic Link to Target Folder named Original. The directory linked will be created at path C:\SymbolicLink\D_Link.

  • Open the command prompt and go to the path C:\SymbolicLink
  • Run the following command:

       mklink /D "C:\SymbolicLink\D_Link" "C:\SymbolicLink\Original"
      

    If you get the following error message:

       You do not have sufficient privilege to perform this operation.
      

    Then just restart the command prompt with Administrator Privileges. If you are already running command prompt with Administrator Privileges then you will see the success message as follows:

       symbolic link created for C:\SymbolicLink\D_Link <<===>> C:\SymbolicLink\Original
      

    If you run the DIR command at C:\SymbolicLink, you will see that the newly created directory link will be displayed as .

    In windows explorer, the linked directory will be shown with icon similar to the shortcut icon, like this:

Create a Directory junction

In this exmaple, I will create a Directory Symbolic Link to Target Folder named Original. The directory linked will be created at path C:\SymbolicLink\J_Link.

  • Open the command prompt and go to the path C:\SymbolicLink
  • Run the following command:

       mklink /J "C:\SymbolicLink\J_Link" "C:\SymbolicLink\Original"
      

    You will see the success message as follows:

       Junction created for C:\SymbolicLink\J_Link <<===>> C:\SymbolicLink\Original
      

    If you run the DIR command at C:\SymbolicLink, you will see that the newly created directory link will be displayed as .

    In windows explorer, the linked directory will be shown with the icon similar to Directory Symbolic Link:

It seems like Directory Symbolic Link and Directory junction works in the same way. But there is a difference. I will explain the difference in next post soon.

November 12, 2018

IIS 7.0 or greater is required to install IIS SEO Toolkit 1.0

I downloaded the Search Engine Optimization Toolkit 64 bit installer from www.iis.net, and while trying to install at my PC with Windows 10, it was showing me this error:

 IIS Version 7.0 or greater is required to install IIS Search Engine Optimization Toolkit 1.0

After searcing, I found the following solution worked for me:

  • Find the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp from RegEdit.
  • Right click on MajorVersion name and then click Modify...

  • In decimal format, it is showing value 10. Change this value to 9 and click OK.

  • Now try to install Search Engine Optimization Toolkit, it should be installed successfully.
  • After installing SEO Toolkit, revert the value of MajorVersion back to 10 and click OK.

November 8, 2018

Find File-Type by Magic Number of File

In this post, we will find the file type for a file using Magic Number.

What is a Magic Number?

From Wikipedia (Magic Number)

Magic Number is a constant numerical or text value used to identify a file format or protocol.

Magic number is a hex number occupying a few bytes at the beginning of the file and indicates the type of content, but is not visible to users.

Some users may be thinking why not simply check the file extension to find the file type. Yes, We made the same mistake!

In common scenarios this would be enough to check by file extensions, but we faced this scenario where we can not trust on file extension. The problem we faced during our website's Penetration Testing. There is a form which let user to upload files and it is required that user can only upload PDF files. We added a check based on file extension and made it vulnerable.

During the Penetration Test, our QA team has found this vulnerability, hackers can upload even exe files by renaming the target file to PDF, like some-dangerous-file.exe.pdf. If you are checking by file extension then this file will get successfully uploaded on server.

In order to correctly find the content type of a file, we have to check Magic Number of target file. Since Magic Number can vary in length for different file types, for example, 5 bytes (4D-5A) for exe file and 14 digits (25-50-44-46-2d) for pdf file. In this example, I am reading first 20 bytes to find magic number, you may need to read more bytes for magic number if the file format you are targetting has the magic number with length greater than 20.

Lets move to the code segment, in this sample I have written two functions. IsMagicNumberMatched() is the method doing the real work to check magic number for the file-path passed as parameter. GetAuditorOpinionFromFile() is the wrapper method to test magic numbers for different files. I am writing here 4 common file types exe, pdf, xml and rar. In the end, this method will return status message as string, to display the Magic Number status if it is matched with the parameter we passed.

 public static string GetAuditorOpinionFromFile()
 {
  string filePath_EXE = @"C:\SOME_PATH_TO\MyFile.exe";
  string filePath_PDF = @"C:\SOME_PATH_TO\MyFile.pdf";
  string filePath_XML = @"C:\SOME_PATH_TO\MyFile.xml";
  string filePath_RAR = @"C:\SOME_PATH_TO\MyFile.rar";

  Dictionary numberList = new Dictionary();
  numberList.Add("exe", "4D-5A");
  numberList.Add("pdf", "25-50-44-46-2d");
  numberList.Add("xml", "3c-3f-78-6d-6c-20");
  numberList.Add("rar", "52-61-72-21-1A-07-00");

  StringBuilder sb = new StringBuilder();            
  sb.AppendFormat("File Path: {0}, File Magic No: {1}, IsMatched: {2}", filePath_EXE, numberList["exe"], IsMagicNumberMatched(filePath_EXE, numberList["exe"])).AppendLine();
  sb.AppendFormat("File Path: {0}, File Magic No: {1}, IsMatched: {2}", filePath_PDF, numberList["pdf"], IsMagicNumberMatched(filePath_PDF, numberList["pdf"])).AppendLine();
  sb.AppendFormat("File Path: {0}, File Magic No: {1}, IsMatched: {2}", filePath_XML, numberList["xml"], IsMagicNumberMatched(filePath_XML, numberList["xml"])).AppendLine();
  sb.AppendFormat("File Path: {0}, File Magic No: {1}, IsMatched: {2}", filePath_RAR, numberList["rar"], IsMagicNumberMatched(filePath_RAR, numberList["rar"])).AppendLine();

  return sb.ToString();
 }

 private static bool IsMagicNumberMatched(string filePath, string candidateMagicNo)
 {
  BinaryReader reader = new BinaryReader(new FileStream(Convert.ToString(filePath), FileMode.Open, FileAccess.Read, FileShare.None));

  ////set start position = 0, and read first 20 bytes. for some other with magic number length greater than 20, you may need to read more bytes.
  reader.BaseStream.Position = 0x0;
  byte[] data = reader.ReadBytes(20);

  //close the reader
  reader.Close();

  //convert bytes data to string in hex format
  string string_data_as_hex = BitConverter.ToString(data);

  // substring to select first (n) characters from hexadecimal array
  string currentMagicNo = string_data_as_hex.Substring(0, candidateMagicNo.Length);
  
  return currentMagicNo.ToLower() == candidateMagicNo.ToLower();
 }

I hope you find this post helpful, I welcome your comments or suggestions to help improve this post.

Resources:

November 6, 2018

Unhandled exception of type ‘StackOverflowException’ in System.Runtime.Serialization.dll

While working on website project using Visual Studio 2015, I encountered this strange error message:

 An unhandled exception of type ‘System.StackOverflowException’ 
 occurred in System.Runtime.Serialization.dll

You may notice that if you click on View Detail... link of the exception message, there is no more information is available like stack trace etc.

I know there is no any complex logic defined in my code-base that could fall in infinite loop and cause StackOverflowException. After searching, I found the real cause of this error, and is not related to my code-base but a feature by Visual Studio know as Browser Link.

From MSDN blog:

Browser Link is just a channel between your Visual Studio IDE and any open browser. This will allow dynamic data exchange between your web application and Visual Studio.

Visual Studio uses this channel to exchange data between web application and Visual Studio, since it will serialze data before exchange, that was leading to StackOverflowException. The solution is just disable this feature.

There are two ways to disable this feature:

  1. From Visual Studio, click on the small down arrow near Refresh Linked Browsers button, from the drop-down options listed, just un-check Enable browser link.

  2. Add the following key in web.config appSettings tag.

     <add key=”vs:EnableBrowserLink” value=”false” />
    

Resources: