• Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by n3xg3n

  1. Ratpoison. Floating window managers are essentially dead to me at this point, tiling is far more efficient for my usage. I chose ratpoison because I prefer the hands on approach to tiling (as ratpoison lets you tile for yourself rather than having predefined tiling layouts) and because I already was using screen (which ratpoison is modeled after) for my terminal sessions. RPWS makes ratpoison even more efficient.
  2. Basically we are getting to an impasse when it comes to processing power. We are still able to make processors smaller, but the speed improvement rate is tailing off and we are leveling off. To that end, the only way we can get a huge amount of processing power is to get more processing cores, not to make them faster. Dual core CPUs are already standard for low end computers with quad core (and hyperthreaded) cpus being the standard at the midrange. High end computers already have between 6 and 8 processing cores available for computation, and supercomputers have thousands of CPUs. We've stopped (or slowed down considerably) making CPUs faster, but we are adding ever more processing cores to them. To fully utilize the multicore CPUs which are fast becoming the norm, a task has to be able to break up its computation into parallel work units. I predict that in the near future, we are going to see a huge amount of industrial pressure put on developing multicore ready applications and algorithms which take advantage of parallelism. Vector processing is basically being able to perform calculations on multiple values at once. If we are looking into parallelism, this is a good thing. Parallel programming has already effected programming in a big way, but currently the place where you are most likely to run into it is in a research institution. Scientific computing is really big into parallelism currently because the simulations and calculations that are being performed are simply to complex and long running to perform on even the fastest cores available today. That is why you occasionally hear about researchers being awarded upwards 65million hours of computer time on a supercomputer. If that was run against one core it would last thousands of years, but when you spread that across many thousands of processing units, it is a much more feasible amount of time.
  3. Ehh, I use all three. I use my el-cheapo second hand MacBook for day to day activities (web browsing, Skype, IM, etc.). I use my Linux laptop for any serious work (programming, homework, IRC, etc.) I use my Windows tablet for... watching movies and Windows Journal. I try to keep my skills up to date with all three because you never know when you might have to apply those skills.
  4. If you make a mistake typing a command you can change something specific and then re-execute using the following bash trick: [n3xg3n@enigma ~]$ wgt http://www.whatismyip.org bash: wgt: command not found [n3xg3n@enigma ~]$ ^wgt^wget wget http://www.whatismyip.org --2010-11-21 20:35:48-- http://www.whatismyip.org/ Resolving www.whatismyip.org... basically, ^old^new will replace 'old' with 'new' in the previous command and re-execute.
  5. In a few weeks I will begin my college experience at Virginia Tech (in GenEng). Are there any other members of BinRev who are or will be attending VT in the coming semester? Do y'all have an official meeting, or would you be interested in starting one? Write back so we can meet up while there.
  6. systems_glitch: If you don't mind my asking, what did you switch into?
  7. InsaneAutomata: What are you talking about? Just because the figure appears in the HTML does not mean that it is hard coded. If you visit the site again, you'll notice that the counter has incremented. The counter is being put into the page dynamically, server-side. Dynamic, hence the 'D' in DHTML. For instance, the following code will keep track of the count server-side: <?php $file = 'count.txt'; $count = file_get_contents($file); $count = $count + 1; echo $count; file_put_contents($file, $count); ?>
  8. Why do universities block and filter access to the internet? My university's policy is don't transfer more than 4.2GB/day to a single IP and don't do illegal stuff, also we reserve the right to kick you off the unix servers if they are needed for something academically related. (Also the standard, "don't be a dick, this is our network" clause) Isn't the concept of blocking access to anything sort of antithetical to the concept of unbridled learning. What sort of university controls what the students are allowed to see/do online? As for VPNs, yes they are nice (especially because I need to VPN into my universities network now that I live off campus... sigh, no more 100Mbps synchronous connection to the dorm), but it is considerably easier for most people to set up a SSH tunnel, so you might want to look into that as an option. In either case, there is going to be some encryption overhead and an additional route that the data has to take to reach you, which means that the connection won't be quite as nice as a direct connection. Maybe you should try to get into the IT department there or talk to your SGA with the intent to try to change policy (As a member of my school's SGA I can tell you that if there was a policy of blocking the internet I wouldn't rest until we had pushed through a resolution calling on the school to open up the net. Your SGA is there to serve you, use them.). (Sorry if this is sort of incoherent, I just got out of a midterm and my mind is in random thought connection mode.)
  9. Oh ok....I just don't know anything about these things and that is what it is telling me to do. So how do I get the password from it? Try every possible combination until you get one that works… Suppose you have a function f(x) and an inverse function f`(x), such that f`(f(n)) = n. MD5 is a one way hashing algorithm which means that it is believed that for f(x) being the MD5 function there exists no function f`(x) which reverses it and is also computationally easy. It is possible to find the password by searching for a collision. That is, to try every possible (or a plausible subset of possible) input combinations and comparing them to the output. This can be done by cycling through all the possible letters/digits/symbols, using a wordlist, or being slightly more mathematically savvy about it and using a rainbow table (this pregenerates certain hash tables, then uses some really cool algorithms to search where in that keyspace the actual key is). Either way there is no avoiding the fact that there is no 'computationally easy' method of reversing an MD5 hash that is currently known. (There are known vulnerabilities in MD5, but no magic bullet. If you find one, there are definitely academic awards to be awarded and papers to be written)
  10. My Matches: 100% - Gentoo 100% - Arch 100% - Slackware Which is pretty accurate because I'm an Arch guy myself.
  11. Vimperator makes firefox worth it for me. I know that there are some clones for Chrome, but I just haven't gotten around to trying them. I use Chrome on Windows, Firefox on Linux, and (when I get one) Safari on Mac.
  12. The two most important: man and apropos. man followed by a command name will give you a detailed explanation of what the command does and how to use it. apropos followed by a keyword will give you all commands related to that keyword (and a brief explanation of what it does). Knowing these two commands will allow you to find the information you need even if you don't know exactly what it is you need to know. Beyond that, ls - list files cd - change directory mv - move file (rename) cp - copy file mkdir - make directory rm - remove file (-r for directory [recursive delete]) cat - echo the contents of a file to the screen (it does more than that, but for beginners...) grep - filter text results (I urge you to read the manpage for this one. execute 'man grep' for that) As for tab completion, it is very useful. You can start typing a command and then tab complete it (or have it give you a narrowed down list of options).
  13. Sigh, this makes me cry a little inside. I haven't visited my grandparents in over three years without "being put to work" for at minimum an hour each time. It's so bad I just prefer not to visit sometimes, as I thought I was visiting them not being a tech support house call service (or phone supporting software I have never used, thats fun too).
  14. (Note to mods, by the nature of this post, some docs are going to get dropped, feel free to delete this if you deem it necessary.) Yes it is possible. If you look at the filename of the picture, the third set of numbers is the person who uploaded the picture's user id. In this case, 35426_802059759332_68111578_43275108_3681124_n.jpg, 68111578. You can go to the person's facebook profile by going to http://www.facebook.com/profile.php?id=UIDNUMBER Also, the fourth set of numbers is the picture id, which if the picture isn't private, will allow you to to go to that picture's page. In this case, 35426_802059759332_68111578_43275108_3681124_n.jpg, 43275108. (Won't work in this case though...) Picture URLs are of the format http://www.facebook.com/photo.php?pid=PICTUREID&id=UIDNUMBER Use this information for good, happy stalking, and as always neither the DDP, BinRev, nor I am responsible for what creepy hi-jinx you get up to with this.
  15. You're trying to access the $_POST array before it is set (because nothing has been POSTed yet, you want to do a form, then post that form to itself and then access the $_POST data) do something like if isset($_POST['email']) { // do stuff with the post data here. // you might want to check isset($_POST['xxx']) && !empty($_POST['xxx']) for each variable just to make sure. } In PHP there tends to be a billion ways to do everything. See the manual: isset array_key_exists empty Also you don't need to post a screenshot of code, just use [code][/code] tags (or [php][/php])
  16. It appears that the CSS is not getting applied correctly. Is there any way we could get the links, without that all I can say is to check that the .css files are in place, linked properly from the html files, and getting served correctly.
  17. Damn it! Yeah, 2600 went nowhere to my knowledge. I showed up at the time and place specified on the page and no one was there after ~30 minutes so I left. As for VTLUUG, I went to some of the meetings and idle in the channel sometime. If you come down to visit tech, hit me up I guess. Cov's cool and all, don't know many other people though. Anyone else? I would like to get some BR-ness going on in Blacksburg.
  18. You're probably not seeing the packets because they aren't being routed through your computer. Since this is a wired setup you will probably have to do something like ARP poisoning[1][2] to make their machine think that you are the gateway and make the gateway think that you are their machine. Once this route is set up, simply have your computer act as a router and faithfully pass the packets between them and the gateway. Now that the packets are flowing through you, you will be able to sniff them. Here is a fairly good overview of the process (published in 2001, but the principle remains the same): Introduction to ARP Poison Routing. I also touched on this (albeit not in depth) in this post on BinRev which might interest you.
  19. While you could pull out your hard drive, and then pull out their hard drive and replace it with yours, an easier way would be to buy a SATA Hard Drive Enclosure. You can pull out your Hard Drive, put it in an enclosure then you will be able to plug it in to your friend's computer (probably best to use a mac, just because the HD file system format will be best recognized there) just like any other USB external hard drive.
  20. oooo thx in order to extract information, would you use a sniffer or try to establish a shell in the system? I heard you cant sniff WPA/WPA2 traffic in monitor mode because of client keys :S Whether or not you would use a sniffer or get a shell on the system is really dependent. Sniffing the traffic will probably be a lot easier and if it gives you all the information you're looking for then that is great. Getting a shell on the system would be a lot harder because you need to find some vulnerability that lets you exploit your way on to the system. If you need control of the system to achieve your ends, a sniffer really isn't going to do much for you (unless you can sniff a username and password for the system). Even though you mightn't be able to passively sniff in monitor mode, that doesn't mean that all is lost. There still might be ways to sniff the traffic such as ARP poisoning (or if you're feeling adventurous, a physical tap).
  21. To do post reputation: click the little green (+). To do user rating: Go to the person's profile and click the appropriate number of stars in the upper right hand corner.
  22. oic i've always wondered why adding a SQL command in the url registers it as an sql command o.o Just putting a SQL statement in a URL doesn't necessarily cause it to get executed on the SQL server. SQL injection occurs when input is taken from the user (For this case through the URL parameters) and is put into a query and that query is sent to the SQL server without the input being validated. A simple example would be as follows. This is pseudocode which I am just making up on the spot, so real examples would be more complex and also would have the advantage of being written in a real language. Suppose you have a file on a webserver: <html> <body> <!pseudo user_id = GetURLParameter("id"); sql_query = "SELECT Name FROM Users WHERE UserId='" + user_id + "'"; sql_response = doSQLQuery(sql_query); print "Hello " + getSqlResponseParam(sql_response, "Name") + "<br>"; !> </body> </html> Normally, you would go to "http://server/file.ext?id=10" or something, and it would say "Hello Bob" supposing Bob is the string that is in the 'Name' column of the row in table 'Users' where 'UserId' is equal to 10. But what if you go to "http://server/file.ext?id='; DROP TABLE 'Users" instead. The user_id is "'; DROP Table 'Users", so when the SQL statement gets put together it becomes: "SELECT Name FROM Users WHERE UserId=''; DROP TABLE 'Users'" Which will get executed by the SQL server causing it to drop (or get rid of / delete) the table "Users". Having a knowledge of the SQL DB layout is helpful when trying to extract useful data or know what is available, and because SQL backups recreate the entire DB (including the schema or layout) they are additionally useful even after the data from the backup has become outdated or changed.
  23. I think you are confused as to how SQL servers work. A SQL server is a relational database server [wiki] or program which uses SQL [wiki] to manage the data held within it. It is not just a flat file that sits on the disk. The web server and the database server don't necessarily have to be running on the same system even (though for smaller websites, it is typical) and website back ends are not the only uses for databases. Sometimes however, the database is dumped to a file for backup reasons (and I think this might be what you are talking about). In this case (For MySQL at least, though others might follow the same convention; I haven't done much DB work lately...) the structure of the DB gets dumped to a series of SQL statements which can be used to recreate the DB (See mysqldump). These typically are then stored in a file which has the file extension '.sql'. If this file is somehow exposed to the public, it can provide much more information to a malicious attacker than a site admin would necessarily want. While it does occasionally happen through administrator error: (For instance, I found this little gem in about 1 minute by googling: "password backup filetype:sql" [some Site's DB Backup] (mods, this does contain some password hashes and if this is not allowed please edit it out or let me know and I'll do it. It was easily available on google, so it isn't as if it was obtained somehow illicitly. Still, it kind of hedges on the boundary...)) An "in the know" administrator would know enough to not store the db backups on the web server in a publicly accessible directory and to keep them on a different system (as what is the point of a backup if the backup is stored on the 'hot' system. If something takes out the system, your backup goes with it... but I digress.) or at least protect them with some sort of .htaccess/.htpasswd file or something similar. You can't count on a site having it's DB backups available publicly, because it is something of a huge security risk to the point where people who are lax in other areas of computer security can realize the major issue. -edit- fixed some grammar and make one point more clearly phrased.
  24. Well, if you still had the install you could just run the command `top` and it will show you a process list and by default it is ordered by CPU usage. This would allow you to know what process is hogging the CPU and allow you to delve further into why it is doing so.
  25. Same hack time, same hack channel?