by @ylujion
Strasharo
Shared posts
First time scanning the corporate network at a new job
by @joshdustin
Mount file system using back-up superblock
$ mount -o sb=98304 /dev/sda5 /mnt/data5
by David Winterbottom (codeinthehole.com)
List partition superblocks
$ sudo dumpe2fs /dev/sda1 | grep superblock
by David Winterbottom (codeinthehole.com)
When someone converted a python script to a shell script
image by strychinine
Daughter Sends Dad a Bill for Fixing His Laptop
When someone creates a pull request without tests
by spajus
My favorite regex of all time
I thought I'd share my favorite regex of all time:
[ -~]
Any ideas what this regexp matches?
It matches all ASCII characters from the space to the tilde. What are those characters? They're all printable characters!
Take a look at the ASCII table. The printable characters start at the space and end at the tilde:
[ -~]
matches all printable ascii characters (light blue background)
I love this.
Update:
Would you like to wear this regular expression? I just had an idea to make it a t-shirt as this blog post is getting so popular. Check out this t-shirt that I made:
This shirt is available through Teespring. Teespring is like Kickstarter for t-shirts. If 50 people buy the shirt, everyone gets their shirt. Otherwise no one gets charged and no one gets the shirt.
A UNIX System! I know this!
When I was a kid that actually knew and used UNIX (AT&T and AIX at the time), I knew in my heart of hearts that there was no video-game-like flying graphical file manager for UNIX. A lot of us made fun of the computer scenes in Jurassic Park. Well, I was wrong. All of us were. Here's the 20+ year-old Fusion (fsn) file manager running on a 20-year old computer.
We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2010, HiR
Meeting company people on the weekend
by tomek
Comic for June 23, 2013
Comic for June 22, 2013
Lots of alerts - then realise it's dev environment
by ADWynne
Pi duration tests and review of two new lithium battery packs
Comic for June 20, 2013
Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)
Posted by Hunger on Jun 20
$ uname -aFreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec
4 09:23:10 UTC 2012
root () farrell cse buffalo edu:/usr/obj/usr/src/sys/GENERIC amd64
$ id
uid=1001(hunger) gid=1002(hunger) groups=1002(hunger)
$ gcc fbsd9lul.c -o fbsd9lul
$ ./fbsd9lul
FreeBSD 9.{0,1} mmap/ptrace exploit
by Hunger <fbsd9lul () hunger hu>
# id
uid=0(root) gid=0(wheel) egid=1002(hunger) groups=1002(hunger)
#
/*
* FreeBSD 9.{0,1} mmap/ptrace...
PDP-11 Still Working In Nuclear Plants - For 37 More Years
Read more of this story at Slashdot.
Episode #167: Big MAC
So there I was, browsing my Twitter timeline and a friend forwarded a link to Jeremy Ashkenas' github site. Jeremy created an alias for changing your MAC address to a random value. This is useful when you're on a public WiFi network that only gives you a small amount of free minutes. Since most of these services keep track by noting your MAC address, as long as you keep cycling you MAC, you can keep using the network for free.
Here's the core of Jeremy's alias:
sudo ifconfig en0 ether `openssl rand -hex 6 | sed "s/\(..\)/\1:/g; s/.$//"`
Note that the syntax of the ifconfig command varies a great deal between various OS versions. On my Linux machine, the syntax would be "sudo ifconfig wlan0 hw ether..."-- you need "hw ether" after the interface name and not just "ether".
Anyway, this seemed like a lot of code just to generate a random MAC address. Besides, what if you didn't have the openssl command installed on your Linux box? So I decided to try and figure out how to generate a random MAC address in fewer characters and using commonly built-in tools.
What does a MAC address look like? It's six pairs of digits with colons between. "Pairs of digits with colons between" immediately made me think of time values. And this works:
$ date +00:11:22:%T 00:11:22:11:23:08
Just print three pairs of fixed digits followed by "hh:mm:ss". I originally tried "date +%T:%T". But in my testing, the ifconfig command didn't always like the fake MAC addresses that were generated this way. So specifying the first few octets was the way to go.
The only problem is that this address really isn't all that random. If there were a lot of people on the same WiFi network all using this trick, MAC address collisions could happen pretty easily. Though if everybody chose their own personal sequence for the first three octets, you could make this a lot less likely.
The Linux date command lets you output a nine-digit nanoseconds value with "%N". I could combine that with a few leading digits to generate a pseudo-random sequence of 12 digits:
$ date +000%N 000801073504
But now we need to use the sed expression in Jeremy's original alias to put the colons in. Or do we?
$ sudo ifconfig wlan0 hw ether $(date +000%N) $ ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:02:80:12:43:53 ...
I admit that I was a little shocked when I tried this and it actually worked! I can't guarantee that it will work across all Unix-like operating systems, but it allows me to come up with a much shorter bit of fu compared to Jeremy's solution.
What if you were on a system that didn't have openssl installed and didn't have a date command that had nanosecond resolution? If your system has a /dev/urandom device (and most do) you could use the trick we used way back in Episode #85:
$ sudo ifconfig wlan0 hw ether 00$(head /dev/urandom | tr -dc a-f0-9 | cut -c1-10) $ ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:7a:5f:be:a2:ca ...
Again I'm using two literal zeroes at the front of the MAC address, so that I create addresses that don't cause ifconfig to error out on me.
The expression above is not very short, but at least it uses basic commands that will be available on pretty much any Unix-like OS. If your ifconfig needs colons between the octets, then you'll have to add a little sed like Jeremy did:
$ sudo ifconfig wlan0 hw ether \ 00$(head /dev/urandom | tr -dc a-f0-9 | sed 's/\(..\)/:\1/g;' | cut -c1-15) $ ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:d9:3e:0d:80:57 ...
Jeremy's sed is more complicated because he takes 12 digits and adds colons after each octet, but leaves a trailing colon at the end of the address. So he has a second substitution to drop the trailing colon. I'm using cut to trim off the extra output anyway, so I don't really need the extra sed substitution. Also, since I'm specifying the first octet outside of the "$(...)", my sed expression puts the colons in front of each octet.
So there you have it. There's a very short solution for my Linux box that has a date command with nanosecond resolution and a very forgiving ifconfig command. And a longer solution that should work on pretty much any Unix-like OS. But even my longest solution is surely going to look great compared to what Tim's going to have to deal with.
Tim wishes he hadn't checked into Twitter:I'm so jealous of Hal. I think his entire command is shorter than the name of my interface. This command is painful, quite painful. I would very much suggest something like Technitium's Mac Address Changer, but since Hal set me up here we go...
To start of, we need to get the name of our target interface. Sadly, the names of the interfaces aren't as simply named as they are on a *nix box. Not only is the name 11 times longer, but it is not easy to type. If you run "ipconfig /all" you can find the name and copy/paste it. (By the way, I'm only going to use PowerShell here, the CMD.EXE version would be ugly^2).
PS C:\> $ifname = "Intel(R) 82574L Gigabit Network Connection"
The MAC address for each interface is stored somewhere in the registry under this even-less-easy-to-type Key:
HKLM:\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\[Some 4 digit number]\
First, a bit of clarification. Many people (erroneously) refer to Keys as the name/value pairs, but those pairs are actually called Values. A key is the container object (similar to a directory). How about that for a little piece of trivia?
With PowerShell we can use Get-ChildItem (alias dir, ls, gci) to list all the keys and then Get-ItemProperty (alias gp) to list the DriverDesc values. A simple Where-Object filter (alias where, ?) will find the key we need.
PS C:\> Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\Class\`{4D36E972-E325- 11CE-BFC1-08002bE10318`}\[0-9]*\ | Get-ItemProperty -Name DriverDesc | ? DriverDesc -eq "Intel(R) 82574L Gigabit Network Connection" DriverDesc : Intel(R) 82574L Gigabit Network Connection PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SY...0318}\0010 PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SY...0318} PSChildName : 0010 PSProvider : Microsoft.PowerShell.Core\Registry
Note: the curly braces ({}) need to be prefixed with a back tick (`) so they are not interpreted as a script block.
So now we have the Key for our target network interface. Next, we need to generate a random MAC address. Fortunately, Windows does not requires the use of colons (or dots) in the MAC address. This is nice as it makes our command a little easier to read (a very very little, but we'll take any win we can). The acceptable values are between 000000000000 and fffffffffffe (ffffffffffff is the broadcast address and should be avoided). This is the range between 0 and 2^48-2 ([Math]::Pow(2,8*6)-2 = 281474976710654). The random number is then formatted as a 12 digit hex number.
PS C:\> [String]::Format("{0:x12}", (Get-Random -Minimum 0 -Maximum 281474976710655)) 16db434bed4e PS C:\> [String]::Format("{0:x12}", (Get-Random -Minimum 0 -Maximum 281474976710655)) a31bfae1296d
We have a random MAC address value and we know the Key, now we need to put those two pieces together to actually change the MAC address. The New-ItemProperty cmdlet will create the value if it doesn't exist and the -Force option will overwrite it if it already exists. This results in the final version of our ugly command. We could shorten the command a little (very little) bit, but this is the way it's mother loves it, so we'll leave it alone.
PS C:\> ls HKLM:\SYSTEM\CurrentControlSet\Control\Class\`{4D36E972-E325-11CE-BFC1- 08002bE10318`}\0*\ | Get-ItemProperty -Name DriverDesc | ? DriverDesc -eq "Intel(R) 82574L Gigabit Network Connection" | New-ItemProperty -Name NetworkAddress -Value ([String]::Format("{0:x12}", (Get-Random -Minimum 0 -Maximum 281474976710655))) -PropertyType String -Force
You would think that after all of this mess we would be good to go, but you would be wrong. As with most things Windows, you could reboot the system to have this take affect, but that's no fun. We can accomplish the same goal by disabling and enabling the connection. This syntax isn't too bad, but we need to use a different long name here.
PS C:\> netsh set interface name="Wired Ethernet Connection" admin=DISABLED PS C:\> netsh set interface name="Wired Ethernet Connection" admin=ENABLED
At this point you should be running with the new MAC address.
And now you can see why I recommend a better tool to do this...and why I envy Hal.
EDIT:
Andres Elliku wrote in and reminded me of the new NetAdapter cmdlets in version 3. Here is his response.
This is directed mainly to Tim as a suggestion to decrease his pain. :) (Tim's comment: for this I'm thankful!)
Powershell has included at least since version 2.0 the NetAdapter module. This means that in Powershell you could set the mac aadress with something like:
PS C:\> Set-NetAdapter -Name "Wi-Fi" -MacAddress ([String]::Format("{0:x12}", (Get-Random -Minimum 0 -Maximum 281474976710655))) | Restart-NetAdapter
NB! The adapter name might vary, but usually they are still pretty short.
The shorter interface names is one of my favorite features of Windows 8 and Windows 2012. Also, with these cmdlets we don't need the name if the device (Intel blah blah blah) but the newly shortened interface name. Great stuff Andres. Thanks for writing in! -Tim
EDIT 2:
@PowerShellGuy tweeted an even shorted version using the format operator and built-in byte conversion:
PS C:\> Set-NetAdapter "wi-fi" -mac ("{0:x12}" -f (get-random -max (256tb-1))) | Restart-NetAdapter
Well done for really shortening the command -Tim
ФСБ получили доступ к переписке Врублевского в Facebook, взломав серверы компании
Comic for June 18, 2013
How I imagine a customer when I send them a long, detailed list of recommendations and they get hacked again within a month
by thrill