K+12 2012-05-27

Yesterday I went to @codi3x' school for his enrollment and paid quit a huge amount that I could buy good gadget for, but as certified dad of two I need to prioritize my kids needs.

Went through the same process, fill-up the enrollment form, payment and go home. When I was home I searched around the net for @codi3x' next school since he will be on 1st grade next year, a bigger institution for him to be exposed well. Upon searching I found the K+12 program that our good "well not so good" president launched, the K+12 program. What is this bullcrap? So I read the entire program to my findings that they "DepEd and PNoy" added few more years on high-school, and the president stated that "Education is the solution to country's problem", seriously? I have to totally disagree with this program, why?

1. Education of our youth isn't the solution for our country's problem. How would a college graduate be the solution to these problems?
2. Education will result to slavery, why is that? You'll go to school from nursery to college that's 15 years of pencil pushing. The result? You'll end up working for a company and be their slave for what? 30 years? Working so hard to live.
3. Education will teach you how to get a work, instead of teaching you how to let money work for you, it will teach you how to work for money.
4. It's not the number of years that they need to remodel, its the teaching method that needs redesigning.

So on and so forth........

After ranting and blabbing....I found out that by adding extra years on high-school it will give 7.5% additional earnings to the country....Stupid isn't it?

I'm no against education, I still agree that it is still and will be the very foundation for everyone. But talent and ideas is a gift. I will still give the best education for my two boys =)

Let's all remember that college drop-outs earns much than with someone with PhD.

Bill Gates
Larry Ellison
Mark Zuckerberg
Steve Jobs
Michael Dell
John D. Rockefeller

and many more......

Windows Setup 2012-05-22

Reinstalled my desktop and whack Windows XP for @nutell4 to be able to use it. The desktop was installed with FreeBSD and was used during ROOTCON 5 as one of the game servers.

After several attempt to loading Windows XP installer it will always throw an exception where the installer cannot find the disk. I assume this could be that the XP installer complains about the MBR or the FS type that is currently installed, so I went to zeroing the disk but still error showed up.

I made a conclusion that it could be that XP installer cannot load the HDD driver. After lurking on Google I found a great solution using nLite software. Full instructions can be found here.

Cygwin Package Management 2012-04-09

What is Cygwin?

Cygwin is:

• a collection of tools which provide a Linux look and feel environment for Windows.
• a DLL (cygwin1.dll) which acts as a Linux API layer providing substantial Linux API functionality.

Mostly at work MS Windows the most basic environment cuz most of the office apps runs to Windows and it's an easy environment to maintain (except the bluescreen and other windows headache). Cygwin can come very handy specially if you need some of the basic tools on Linux and don't have the luxury of time to fire up your VMWare or go to a Linux desktop. One of the primary reason I run Cygwin is that my Photo Dialog, can be easily managed under a Linux Environment + PHP, my Photo Dialog is PHP powered, imported through the PHP CLI and synchronized directly to my webserver, so I opted to have Cygwin environment on my laptop.

Before Cygwin package installation is a pain in the *ss, you need to run the setup.exe and look for the package that you want to install. Today I discovered a new way of installing packages through the command-line which some very handy just like any other *Nix environment.

Just follow these simple steps

Step 1. wget http://apt-cyg.googlecode.com/svn/trunk/apt-cyg

Step 2. chmod +x apt-cyg

Step 3. mv apt-cyg /usr/local/bin/

And off you go

Screenshots: (Click image to enlarge)

Secure Connection on iPhone 2011-10-07

Going to the wild without any weapon at hand can be very difficult. Most especially when connecting to some hostile networks on hacker conference and on coffee shops.

I search around the net and see if I can get this iPhone running with secure connections. Two of the solutions I found was to have a VPN connection and ToR (yes you heard it right, ToR is now on iPhone).

I first installed OpenVPN client which is  GuizmoVPN, the package can be found at Cydia, before you can setup the VPN to run you need to sign for an account on some companies that is offering free VPN accounts. I got mine from Hotsplots

Then for ToR its pretty simple HOWTO can be found here

There, you should have your iPhone Torrified and also with VPN.

R.I.P Steve Jobs (1955-2011)

I will dedicate this time to blog my own tribute to Steve Jobs death, a visionary genius that changed the tech world.

I was stunned by the news when I first saw it on Twitter and confirmed it through the Apple Inc. website (http://www.apple.com/stevejobs) (October 5, 2011). Everyone in the world who are into tech and who loves grabbing those Apple products are mourning.
 
At first I wasn't an Apple fan boy, with all its source closeness, too monopolized apps, centralized phone management through iTunes and not to mention the Apple has been known for its high price. It was only when I saw Steve's speech at Stanford University commencement dated back in 2005 (YouTube). The speech was very inspiring, and I was stunned how Steve managed his company Apple Inc. and how he loved what he has been doing for his lifetime, with all those words on his speech I had the impression that this guy might have the best gadget out there, giving Apple a shot and I was  impressed how those graphics and functionality were integrated on a single device, everything just work together, the work of a genius. It was that speech that I started following Apple products, and getting to know Steve in my own little way, how he changed the world.

I never worked with Steve but I felt this teary eye, not because there will be no more Apple innovations but with the philosophy this guy has been living and that I have been following since. The speech at Stanford changed a bit of me, a bit on how I look at life and how I pursue my dreams, it was indeed the best and the most inspiring speech I ever heard in my entire lifetime. Whenever I have my ups and down in life, I always listen to that speech, even up to now, I even placed them on my iPod and my phone, just to be reminded that there is someone out there who is a college dropout, born out of wedlock, thrown to adoption and yet changed the world.

Again, you can't connect the dots looking forward; you can only connect them looking backwards. So you have to trust that the dots will somehow connect in your future. You have to trust in something — your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.

Love and Loss
Back in 2010 I have this great opportunity that was in my hand but flew away and popped like a bubble in my hands. But because of those lines I never lose faith in me, I started coping up and trust everything will be ok, it was back in September of 2011 when I tried to connect the dots looking backwards, the view was pretty clear, as I twitted it "Seeing it all coming is the best part of it and looking backwards is the best view."

It was awful tasting medicine, but I guess the patient needed it. 

It was indeed an awful tasting medicine for me, but I guess I needed it to pursue the larger part of my dreams, a dream only me can do.

Sometimes life hits you in the head with a brick. Don't lose faith.

I'm convinced that the only thing that kept me going was that I loved what I did. You've got to find what you love. And that is as true for your work as it is for your lovers. Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven't found it yet, keep looking. Don't settle. As with all matters of the heart, you'll know when you find it. And, like any great relationship, it just gets better and better as the years roll on. So keep looking until you find it. Don't settle.

It was not that hard hitting brick that hit my head, but I did learn something from it, I continued to work my life out, and continue what I loved, at the time of writing I already found love on what I have been doing the past few months, and I will continue to pursuing what I love. Live as it was your last, work what you love and you will never feel working at all.

Staying Hungry and Staying Foolish

Stay Hungry. Stay Foolish. And I have always wished that for myself.

 Never settle, keep looking, feed your minds with great ideas and pursue it, it is only a dream away, life is peachy and we can only have them ones in our lifetime so live it as if it was your last. Perfection can only be achieved when death will come and take us away.

On this speech at Stanford I was able to cope up living what I love to do and will continue doing it until way share the same path, the path of death. There can only be one Steve Jobs, but his visions and philosophy in life will be in memory. Thank you Steve for changing the world, not just the technology but for touching the little life, a life like mine.

The transcript of Steve's speech at Stanford

GitHub and the Blah Blah Blah 2011-09-26

I seriously missed coding from functions, to methods to SVN. I wanted to develop an Extreme-Pawnage Tool, but due to the huge amount of similar InfoSec applications out there it might be useless developing such and not to mention the conference I have been managing since which is ROOTCON.

Its been a long time since I haven't used any versioning system the last was using SVN, XP-Framework which I'm also actively watching moved over to GitHub, a social coding website, where you can watch repos and follow coders/developers.

Since managing a hacker conference demands a lot of my time, instead of coding a security tool from scratch I decided to actively contribute to existing one's. Started off with putting up a GitHub Repository for all my FreeBSD port patchfiles and actively watching those ports for any updates.

I'm not new to GitHub, but it was years since I got my hands on it, so I need to review some of the basic commands. I gathered around some basic commands for reference.

The following reference were pulled from the GitHub Cheat Sheet

Configuration

identify yourself to git: email and your name
git config --global user.name "David Beckwith"
git config --global user.email "dbitsolutions@gmail.com"
To view all options:
git config --list
OR
cat .git/config

Set up aliases

git config --global alias.co checkout

View your configuration

cat .gitconfig

To ignore whitespace (Ruby is whitespace insensitive)

git config --global apply.whitespace nowarn
Some nice aliases:
gb = git branch
gba = git branch -a
gc = git commit -v
gd = git diff | mate
gl = git pull
gp = git push
gst = git status

Start using git

git init

Ignoring files

Add a file in the root directory called .gitignore and add some files to it: (comments begin with hash)
*.log db/schema.rb db/schema.sql Git automatically ignores empty directories. If you want to have a log/ directory, but want to ignore all the files in it, add the following lines to the root .gitignore: (lines beginning with ‘!’ are exceptions)
log/*
!.gitignore
Then add an empty .gitignore in the empty directory:
touch log/.gitignore

Scheduling the addition of all files to the next commit

git add .

Checking the status of your repository

git status

Committing files

git commit -m "First import"

Seeing what files have been committed

git ls-files

Scheduling deletion of a file

git rm [file name]

Committing all changes in a repository

git commit -a

Scheduling the addition of an individual file to the next commit

git add [file name]

Viewing the difference as you commit

git commit -v

Commit and type the message on the command line

git commit -m "This is the message describing the commit"

Commit and automatically get any other changes

git commit -a

A “normal” commit command

git commit -a -v

Viewing a log of your commits

git log

Viewing a log of your commits with a graph to show the changes

git log --stat

Viewing a log with pagination

git log -v

Visualizing git changes

gitk --all

Creating a new tag and pushing it to the remote branch

git tag "v1.3"
git push --tags

Creating a new branch

git branch [name of your new branch]

Pushing the branch to a remote repository

git push origin [new-remote]

Pulling a new branch from a remote repository

git fetch origin [remote-branch]:[new-local-branch]

Viewing branches

git branch

Viewing a list of all existing branches

git branch -a

Switching to another branch

The state of your file system will change after executing this command.
git checkout [name of the branch you want to switch to]
OR
git co [name of the branch you want to switch to]

Making sure changes on master appear in your branch

git rebase master

Merging a branch back into the master branch

First, switch back to the master branch:
git co master
Check to see what changes you’re about to merge together, compare the two branches:
git diff master xyz
If you’re in a branch that’s not the xyz branch and want to merge the xyz branch into it:
git merge xyz

Reverting changes to before said merge

git reset --hard ORIG_HEAD

Resolving conflicts

Remove the markings, add the file, then commit.

Creating a branch (and switching to the new branch) in one line

git checkout -b [name of new branch]

Creating a stash (like a clipboard) of changes to allow you to switch branches without committing

git stash save "Put a message here to remind you of what you're saving to the clipboard"

Switching from the current branch to another

git co [branch you want to switch to]
Do whatever
Then switch back to the stashed branch
git co [the stashed branch]

Viewing a list of stashes

git stash list

Loading back the stash

git stash apply
Now you can continue to work where you were previously.

Deleting a branch (that has been merged back at some point)

git branch -d [name of branch you want to delete]

Deleting an unmerged branch

git branch -D [name of branch you want to delete]

Deleting a stash

git stash clear

Setting up a repository for use on a remote server

Copy up your repository. e.g.:
scp -r my_project deploy@yourbox.com:my_project
Move your files on the remote server to /var/git/my_project
For security make the owner of this project git
On the repository server:
sudo chown -R git:git my_project
Then (for security) restrict the “deploy” user to doing git-related things in /etc/passwd with a git-shell.

Checking out a git repository from a remote to your local storage

git clone git@yourbox.com:/var/git/my_project

Viewing extra info about a remote repository

cat .git/config
By virtue of having cloned the remote repository, your local repository becomes the slave and will track and synchronize with the remote master branch.

Updating a local branch from the remote server

git pull

Downloading a copy of an entire repository (e.g. laptop) without merging into your local branch

git fetch laptop

Merging two local branches (ie. your local xyz branch with your local master branch) USE MERGE

git merge laptop/xyz
This merged the (already copied laptop repository’s xyz branch) with the current branch you’re sitting in.

Viewing metadata about a remote repository

git remote show laptop

Pushing a committed local change from one local branch to another remote branch

git push laptop xyz

Creating a tracking branch (i.e. to link a local branch to a remote branch)

git branch --track local_branch remote_branch
You do not need to specify the local branch if you are already sitting in it.
git pull
Note: You can track(link) different local branches to different remote machines. For example, you can track your friend’s “upgrade” branch with your “bobs_upgrade” branch, and simultaneously you can track the origin’s “master” branch (of your main webserver) with your local “master” branch.
By convention, ‘origin’ is the local name given to the remote centralized server which is the way SVN is usually set up on a remote server.

Seeing which local branches are tracking a remote branch

git remote show origin

Working with a remote Subversion repository (but with git locally)

git-svn clone [http location of an svn repository]
Now you can work with the checked out directory as though it was a git repository. (cuz it is)

Pushing (committing) changes to a remote Subversion repository

git-svn dcommit

Updating a local git repository from a remote Subversion repository

git-svn rebase

I successfully placed the repository for unSSH, RainbowCrack and Dradis, my repo can be found at GitHub and forked XP-Framework as I will be contributing to them as well.

I pushed an update for unSSH v1.5, at the time of writing compiling Dradis to send a latest patch for FreeBSD.

My current repository are the following Experiments, FreeBSD-Ports, dialog and xp-experiments.

Exim 4.69 Heap Overflow 2011-06-14

After lurking around the net, there are still plenty of mail servers running the old Exim SMTPd server, this version is prone to a remote overflow condition. The string_format function fails to properly sanitize user-supplied input resulting in a heap buffer overflow. With a specially crafted request, a local attacker can potentially cause arbitrary code execution.

The --> Secunia Advisory

Giving it a test on Metasploit....

msf > search exim

Matching Modules================
   Name                                   Disclosure Date  Rank       Description   ----                                   ---------------  ----       -----------   exploit/unix/smtp/exim4_string_format  2010-12-07       excellent  Exim4 <= 4.69 string_format Function Heap Buffer Overflowmsf > msf > use exploit/unix/smtp/exim4_string_formatmsf exploit(exim4_string_format) > 
Set your desired options, then run the exploit.....After giving it a shot, the exploit throws an exception....
[-] Exploit exception: RCPT: 550-(GYkfcPTa.com) [xxx.xxx.75.76]:14368 is currently not permitted to relay550-through this server. Perhaps you have not logged into the pop/imap server550-in the last 30 minutes or do not have SMTP Authentication turned on in your550 email client.[*] Exploit completed, but no session was created.

At least for this exploit to work, the SMTP server should allow email relaying.....whiich is a very basic setup unless you're an idiot