Archive for the 'Tech' Category

Hacking with Metasploit

Published
by
Vanberge
on July 29, 2008
in Tech
. Comments

Have you ever thought to yourself “Hmm… I wonder if I could ‘hack’ into another computer” ?

Trust me, you can.

But before telling you how, I want to state that the tactics described in the following text could very easily be used for malicious and/or illegal activities.  With that said, this information should only be used for educational and/or testing purposes.  Metasploit is a very valuable security research and exploit testing tool.  I am not responsible should you decide to use it in negative ways.  Never apply this information to access a system you are not authorized to use.

With the politics out of the way, let’s get down to business.

1.  Find your “target” - in this case, I have built a toshiba laptop to run a completely vanilla Windows XP installation with no service packs or updates of any kind.

2.  Download Metasploit and install it per the installation instructions.  There are versions for Linux, Windows, and Mac OS.  The remainder of these steps will be shown using the Linux version (Ubuntu 8.04).

3.  Launch Metasploit. Version 3 actually has a GUI tool to make things PAINFULLY easy, so we’ll keep with command line to show some respect.  Launch the GUI if you wish…  many of the options are the same, it’s just offendingly easy to use.  You can see below that my linux command prompt at the top of the window, and the metasploit console at the bottom where we can get started.

4.  Pick your exploit of choice. This will depend greatly on your target’s OS and patch levels.  type “show exploits” at the metasploit command prompt to get a full listing.  To use an exploit, just type “use exploit_name”.  I picked a Windows SMB exploit as you can see below.  Notice how the command prompt changes to reflect the exploit you’ve chosen.

5.  Set your options and payload.  Type “show options” and look for anything that migh need to be set.  Most likely you’ll at least have to set the target (RHOST) to the IP of your hacking target.  Set the options by typing “set optionname optionvalue” - or in this case: “set RHOST 192.168.1.144″.  Now our exploit attempt will be directed at that IP address.

You’ll also need a payload - a way to use the exploit to get access to the target machine.  This is usually a command shell, VNC session, or could even be dll injection or adding an administrative user.  To see a list of all payloads, just type “show  payloads”.  Once you find one you like, just type “set payload payload_name”.  For this test, I’ve used the windows tcp shell bind.

6.  Double check everything and exploit.  Type ’show options’ one last time and make sure there are not any required options left blank.  Sometimes a payload will require additional settings.  Once you’re sure everything has been set correctly, just type the magic word:  exploit.  Watch as the exploit code runs; and look for the “Command Shell Session 1 Opened” text as shown below.  This means the hack has been successful.

7. Connect to the hacked target.  If you are using Metasploit for Windows; you’re automatically taken to the command shell of the hacked target.  However, in Linux we have to connect to the session manually.  To see your hack session, type “sessions -l”  (dash lowercase L).  You’ll see your list of sessions shown in the output.  Once you see your shell session, just type “sessions -i 1″ to connect to session number one.  See below:

Notice how the prompt has changed to a windows command prompt? Yeah, that means you’ve just hacked a computer.

Online Overload

Published
by
Vanberge
on July 21, 2008
in Journal and Tech
. Comments

Last week when I had trouble sleeping I spent a fair amount of time surfing the internet for whatever I could find. This eventually lead me to Drist’s myspace page where I fully intended on sending them a ‘myspace message’ telling them they had to put some of their songs on RockBand ASAP.

Back up just a bit - for those of you who do not know me, I despise myspace.  I’ve always hated it.  HATED it.  Almost unexplainably.  I can’t even really put my finger on why - but part of it is people that put 8 million pictures/videos/songs on their ’space’ and crash my dual core 2GB RAM computer.

Anyway - In order to send Drist a message, I would have to take the ultimate plunge of debauchery and create my own ’space’.  After some reluctance, I did the unthinkable  Vanberge, the eternal hater and shunner of myspace fire death created a myspace account.  I then added Vanbergs as a friend and sent one of my favorite bands in the world a myspace message pleading them to put songs out for RockBand downloadable content.

That was just the beginning…

In the last 4 days I have signed up for and begun using a plethora of online services.  This includes (see sidebar) Digg, Twitter, Last.fm, LinkedIn, and of course… Myspace.

Until now, I’ve really sort of avoided the ‘online community’ side of the internet.  I’ve stuck to things I know and really haven’t tried anything new - primarily I’m an emailer and then I maintain this website - and that’s been it.  And actually, it’s too bad I’ve waited so long to start exploring the further reaches of the internet.  I’ve found myself enjoying embracing these communities and will no doubt continue to do so (well, I may not keep my ’space’).  But things like last.fm, twitter, and linkedin will probably stay part of my daily web activity for some time to come.

With the expansion into the online world, I began also looking for ways to consolidate my online activity into a more efficient means.  Typing URL after URL into the address bar is a very inefficient means of getting things done online.  Google reader has already helped me with this, but I felt there was more room for improvement.  In the end, I added and reorganized bookmarks into folders that I can easily ‘open all in tabs’.  I then used FoxMarks to continuously sync my bookmarks between all of my firefox browsers (since Google browser sync has been discontinued) - and then finally I downloaded Opera mini, a much improved web browser for my Blackberry 8830 which installs in seconds and absolutely dwarfs the default RIM browser.

Thanks to everyone who no doubt accepted the several invite/friend requests for these various online accounts I’ve finally decided to start using.

Overteched

Published
by
Vanberge
on May 3, 2008
in Journal and Tech
. Comments

This week has been nothing short of an overload on my sensory nervous system from a technical standpoint.

The week started with a drive to Detroit, where I proceeded to reside for the remainder of the workweek. I was attending a VMware training course since my company is going to invest fairly heavily in virtualization this year. The class was an ‘advanced’ course with accelerated curriculum. Long story short, I had VMware jammed at me from 8a.m.-6p.m. 5 days straight. Normally a structure like this would be result in a distinct lack of sanity - however, with VMware the class was actually very enjoyable and interesting for me. The entire concept of virtualizing operating systems is fascinating to me, and it really is changing (or, has already changed) the entire IT industry.

In a sense, this course almost motivated me. The very second I got home on Friday evening I started to mess around with my own home network. Here I sit on Saturday evening with an upgraded Destkop computer (Ubuntu 8.04), a new Ubuntu 8.04 server running on a spare 2 ghz workstation we have, and a fairly cool home network.

I now have all my media and documents centralized on this Ubuntu server, and I’ve published that using NFS so the files are accessible from both my laptop and my desktop computers. It’s been a learning experience for me because I’ve worked with Windows server systems for so long, but it’s been really fun for me to tinker around with Ubuntu from a server OS perspective.

I went even further and also set the server up to take over DHCP and DNS (vs my netgear router giving out IPs and resolving names), installed apache web server, added a web based management front end called eBox, installed MediaWiki, and finally added a cool little “Chat with Eric” applet that I had noticed Google published for their Google talk service. (click on the About page, it’s there too)

A little odd for me to start on a tech bender like this, especially since I was over-loaded with tech info all week long.

Either way, it’s been fun.

Clientless

Published
by
Vanberge
on January 28, 2008
in Tech
. Comments

For over 10 years, I’ve embraced an email client..

During that timeframe, the elder VanBergen fought and conquered these demonic beasts with poise, confidence, and heavy optimism.  From the taming of Outlook express 5, to the lashing of Eudora 6.0, across the lands of Novell’s GroupWise, through the sea of Outook Professional, and finally up the hill of the Thunderbird…  Many an email clients have been fought, hacked and re-configured to do my worst biddings.

These days of yore - of olde tymes - of clients and email - are no more.

I have been using Google’s Gmail since sometime in 2004.  However, I’ve almost always used a client to download the messages via POP3.  I can’t really say why… I guess old habits die hard.  Even in the first part of this year I was using thunderbird to pull down my gmail, as well as my RSS feeds.  As Google continues to improve their products and expand their capabilities, I see more of a benefit to going “ClientLess”.  Oddly enough, it was discussions over this weekend with a couple friends (flo, vanlandw) that really got me thinking about this switch.

I now have an iGoogle home page with front page gadgets giving me access to my email, my rss feeds, and all kinds of extra content like Netflix releases, weather, calendaring, and even a pac-man game.  Now, I’ve only been using this setup for about a day now - but so far there are no downsides to absorbing electronic content in this fashion vs. a client.

Google continues to amaze me with their products, and I continue to drink the kool aid.

Google Android

Published
by
Vanberge
on January 10, 2008
in Tech
. Comments

I do continue to amaze myself with how truly nerdy I can be at times… For example, for the last 3 hours I have been diving into the enigma that is Google Android.

For those of you who may not know, Google Android is a mobile phone operating system and software environment. It’s all open source, based on the linux kernel, and primarily constructed with java. With all that being said, Google offers a development kit for anyone to download and use to dive into this mobile platform. And, I must say that it’s frickin’ awesome.

Google’s Dev kit includes a mobile phone emulator that launches and runs the Android environment; and for all intensive purposes it is a completely operational phone. I was blown away at how easy it is to start using the development kit. I installed Eclipse (A linux based development environment), I installed Google’s development kit, and finally I installed the Android plugins for Eclipse to build/open/run software applications.

Mainly I messed around with the phone and tried to see how Android is made. In the end I did end up writing a simple app to just output a ‘hello’ message “From Scratch” to the phone screen.

Long story short - I wish some company some where would actually release a phone that runs Android. I can’t find any information anywhere about anybody even beginning to run Android. Google’s own Android FAQ says “Nope” to the question: “Can I run Android on my current Cell phone?”. Well, somebody better get a phone out that can run it pretty fast. If interested, check out the youtube clip that shows a couple prototypes filmed by Google engineers.

Otherwise, some pics that I took of the emulator that came with Google’s SDK. I want that virtual phone. :-(

Android Booting up…
Android1

The home screen of Android…
Android5

P4P in Android…
Android2

My stupid program in Android…
Android4

Calling Vanbergs in Android!
Android3

So you see… does it really get any nerdier than that??? I really can’t say that it does.  At any rate, it’s something to look forward to - and i’m definitely getting a phone that runs Android whenever the hell they do finally come out.

Budget HD Television

Published
by
Vanberge
on September 2, 2007
in Misc and Tech
. Comments

This holiday weekend has basically thrown HD television onto my person.

First - Johnson2 gets a line on a 43 inch rear projection TV. 43 inch HD television. Apparently this person was selling it on the cheap to get a LCD. “How much?” was the obvious next step… “$350 - and an HD tuner for $50 if you want that.”

Yes and Yes.

Is rear projection my first choice? no. Is having a built in HD tuner better than a set top box? sure it is. But this was a chance to leap into big-screen HD television for $400 dollars. The in-laws teamed up with William Clay Ford and helped us move the TV that evening.

After hooking up the television, rearranging the entire living room, watching Neo vs. Smith, and generally basking in all that is man; I began weighing my options for high definition content.

I’ve been a Comcast subscriber for some time now, and through the entirety of that business/customer relationship I have loved and hated this company. I hate comcast when I get the bill. Paying over 100 dollars a month for high speed internet and basic cable is pretty much a deplorable scenario. But, then I do a speakeasy speed test and my download speeds consistently reach upwards of 25 - 30 mbps. This results in near euphoria. Regardless though, the thought of paying even more to these buttholes was really not a pleasant thought.

Enter the “Antenna”.

Apparently when I was sold the HD tuner, it had come with a basic and generic indoor antenna. Not really thinking anything of it at the time; I decided to try hooking it up and see what would happen. The new TV had a cable and antenna input, so I tried that first… Nothing special: 5 or 6 fuzzy local channels. Then I tried hooking that antenna up to my HD tuner. To my exorbitant surprise; I suddenly had several fully high def 1080i channels over the air by way of this ‘useless’ antenna - for free!?

Having never heard of this functionality before - I was sure I had stumbled onto something completely unknown to the rest of the world. I hit google up a little bit and landed at a few different sites talking about how over-the-air HD is actually better than cable or satellite because it is uncompressed. And people just go crazy to get HD this way… People buy and/or build huge outdoor powered antennas in order to pick up HD signals from miles away.

I finally ended up at www.antennaweb.org which allows you to put in your location and then lists all over-the-air HD channels in your area; including how far away, what channel, and even what direction to point your antenna. I punched through the wizard and came back with all sorts of HD channels that were available within 30 miles of my home.

I immediately went out and invested in a nicer indoor antenna (amplified, directional, adjustable gain, etc.). After re-discovering all the channels with my new antenna, I have 15 HD channels including the big ones like Wood TV, WZZM, and FOX.

Basically this is one of the coolest things ever. 25+ year old technology being used to view High Definition televion… Not to mention that I have 15 free HD channels forever just by spending 27 dollars on a decent indoor antenna.