I moved to http://rawr.es

This is a fast post just to say that I’m alive and that I’ll post as soon as I end with exams. I don’t tend to follow memes in fact I dislike them but I’ll follow this one from tenak since I found it quite interesting It’s about “The 10 commands you use more oftenly”.

ahm@revy: ~$ history|awk '{print $2}'|awk 'BEGIN {FS="|"} {print $1}'|sort|uniq -c|sort -rn|head -10
110 gcc
100 cd
51 ll
28 vim
28 gpg
23 mplayer-bin
12 feh
12 rm
10 youtube-dl
10 time

This past weekend I attended to fiberparty the days 27, 28, 29 an event held at Poliesportiu Campus Nord where about two hundred people meet to enjoy almost every field of computing from gaming and moding to coding and security. It had a pretty interesting activities schedule, games tournaments, talks, a coding challenges and the one I was most interested in, the security challenge.

The challenge consisted in 8+1 levels, level0 a very basic one and the 8 remaining levels. The challenge was a mix of web hacking, crypto, coding and stegano. First I started leading doing solo till level 4, at level 5 someone passed me it was Sec0 a group around 5 guys which came to be our main opponent, and when I say our it’s cause I merged with graz and SaLeM in order to compete against them since they together were faster than us doing solo. It was a healthy competition in which since level 5 Sec0 was leading until they reached level 7 where they got stuck and we could draw them. Here starts the real competition one level left, the hardest one, and we both at the same point, the game developer laughing, you can imagine the tension in the air, we progress a bit, they also do, we still progress a bit more, the also do, damn it they’re breathing in our necks…

Finally we won just by seconds! It was an interesting competition with really good opponents whom I’m glad we had, in fact if I had to decide who won the challenge I would say it was a draw

Lately I bought a new box it’s an Acer Aspire T180. Maybe you wonder why would I buy an Acer machine instead of buying the same components and assembling them myself the main reason it’s cause it’s CHEAPER (at least here).

Here it comes another story of mines, as you might have guessed I wanted to setup a Gentoo on it. So I download Gentoo 2006.1 minimal cd install for AMD64, burn it and boot it, seems to detect everything correctly, nice, lets start configuring netw… WAIT WTF!? I’m getting flooded I can’t even see what I’m typing damn message:

sky2 eth0: phy read timeout

omg someone stop that!!! Ok, time to do some research at Google and Gentoo forums, seems that there’s a problem with sky2 driver and some kernel versions it’s adviced to proceed the install with the old driver then upgrade kernel to the latest version and change drivers. So there we go:

modprobe -r sky2 && modprobe sk98lin
FATAL: Module sk98lin not found

Damn it today it’s not my day I bet this new box is going to give me some headache… So there we go as far as I remember 2006.0 cd had the sk98lin module I look for it at my cd’s collection “pekaboo I found you” err wait wait why does it have that hole in the plastic (I move my hand) now it’s bigger o_O (I look at my hand and notice that it just disintegrated in my hands -_-”, ok, ok calm down I’ll download it again it’s only 50mb and I’ll be installing it HA! gullible it’s not booting… (by that time I was already thinking going to bed)

This is friggin pissing me off, I’m stuck and I have no clue on what to do I start doing a deeper research, aham seems there’s an alternative method to install Gentoo so let’s try getting the latest Ubuntu Feisty Fawn 7.04, anyways sooner or later I’m going to download it…

Feisty Fawn comes along with 2.6.20 kernel, nice, lets try setting up the network card hmmm it’s working!!! Time to proceed with a normal install just changing the usual way to mount /proc file system for this one:

mount -o bind /proc /mnt/gentoo/proc

Now tell me: “you lost a precious time, this could be easily solved by doing this … and that …” yeah I’m pretty sure there’s an easier way to solve this issue but at least I learn some things while researching and I hope this post becomes useful to someone apart than me.

It’s been a month since my last post but lately I’ve been quite busy so here I’m trying to keep the blog alive

The other day I was thinking(while looking a box in a corner of the room) why do I have that computer here doing nothing? Then suddenly I came up with an old idea I always had I wanted to have a machine as a “personal server”.

I like Gentoo and seems pretty robust to work as a server so why not to set up it now taking in mind that I’m on spring break vacation and that way I’ll have the server and I’ll learn so I dressed up and went to buy a KVM switch cause I’m too lazy to be switching while I set it up xD.

With the KVM installed I was ready, downloaded Gentoo 2006.1 Minimal CD/Install CD and started installing it. In order to install it I followed this guide. The guide is really good so there’s nothing much to comment about it.

Once the OS was up and working was time to modify SSHd config file (/etc/ssh/sshd_config), add users/groups, modiffy permissions, … and install the tools I wanted. There’s nothing much to say, now I’m using that machine as a “development center” playing with Perl and YAML.

Till here my litlle computers story of this first days of spring break.

[Edited] This is the shit (:

Yesterday while chatting at SmashTheStack irc network dusty came up with an interesting PHP easter egg I was unaware of so appending these strings to the url you can get different combos:

?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP Credits
?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - Zend Logo
?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP Logo
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - Easter Egg

Till here everything looks normal but what about if we could use that easter eggs to get info from the server? Each PHP version as ssorg pointed has different credits, but these don’t change that much from version to version so here’s when NNP said that he had heard about this easters eggs time ago and as far as he remembers there was a tool that took profit of this to get info about the PHP running version.

Researching at google I finished at this page where I could take interesting info, seems that the images you get with ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 vary from version to version so we can distinguish 5 different images, but hell we’re still in the same case, only 5 images and “loads” of versions but going deep on this seems that version and more interesting info is sent by headers so this is the info I took from 0php:

PHPCODER GUY WITH BREADSTICKS (Thies C. Arntzen):
PHP Version 4.0.1pl2
PHP Version 4.1.2
PHP Version 4.2.2
BROWN DOG IN GRASS:
PHP4u Version 3.0, Based on PHP-4.3.2
PHP Version 4.3.2
PHP Version 4.3.3
PHP Version 4.3.8
PHP Version 4.3.9
PHP Version 4.3.10
BLACK SCOTTISH TERRIER DOG:
PHP Version 4.3.11
PHP Version 4.4.0
PHP Version 4.4.1
PHP Version 4.4.2
PHP Version 4.4.3
PHP Version 4.4.4
PHP Version 5.0.5-2ubuntu1.1
PHP Version 5.0.5-pl3-gentoo
PHP Version 5.1.0
PHP Version 5.1.2
RABBIT:
PHP Version 4.3.1
PHP Version 5.0.0
PHP Version 5.0.3
COLORED PHP LOGO:
PHP Version 5.1.4
PHP Version 5.2.0

I couldn’t find any tool that does this kind of “fingerprinting” so I might be coding one sooner or later depending on my spare time and needs.

ssorg also keeps track of this at this post.

For us who like computers there’s something called wargames. A wargame is a set of challenges usually organized by different difficulty levels in where you have to solve as many challs as possible just for the fact of fun. It’s a good way to spend your spare time (if you have) and it also helps you to check your knowledge and learn new things apart of improving your analytical skills.

Wargaming sites tend to have different types of challenges in, some are exclusively dedicated to one kind of challange. There are different kinds of challanges:

• Web and shell based ones may be the most interesting from my point of view since this are the ones that look more realistic. In this you either break into some restricted area, check for some admin slovenliness, etc (web) or have to scale privileges exploiting some bugged programs launched by users with higher privileges (shell).
• At cryptography ones as you might guess you’re given a cryptogram, sometimes few hints, and you just have to guess the ciphering method, decrypt it and find the “secret word/message”.
• Coding challenges consist of an enunciate describing you an algorithm/process and you have to code a tool that does it. Several coding challenges sites check the efficiency of the algorithm by checking the time elapsed and the resources used.
• Steganography challenges consist of a file, usually an image, in which like cryptograms you have to find secret words/messages. This tend to be harder than cryptograms it’s recommended to have some hex editors around.
• I think it’s quite obvious what you have to do with Cracking ones, you have to crack or reverse engineer the binary in order to get the algorithm that makes the keys valid then get the magic word, code a keygen, a patch, etc, that depends.

Often wargaming sites include logic and science games as a complement for the other challenges. Some others also include tests where you can check your knowledge and might also improve your gathering skills.

This is a list of the wargames I used to play, I play or ever planned to:

http://yoire.com
http://bright-shadows.net
http://intruded.net
http://quiz.ngsec.com
http://hackquest.de
http://pulltheplug.org
http://osix.net
http://www.programming-challenges.com
http://smashthestack.org
http://mathschallenge.net

Contradicting my own words from the first post saying that I wasn’t going to post social life things I’m going to write about an event I attended an event done at Auditori Caixa Forum microBCN.

microBCN an event held in Barcelona, as its name says, is a concert where some 8bit artists meet giving the audience the best of them with a duration of 3 hours and a performance of 30 mins per artist it’s one of the best concerts I’ve ever attended. microBCN had an interesting list of artists: SubATAK, Alex Martin, Jodi, “Yes, Robot”, Entter and Rabato.

I have uploaded photos you can check them at my flickr account and you also can see some clips at my youtube profile. Here my favourite ones even though I like them all:

The other day while I was surfing I ended at http://www.chaosmatrix.org/library/humor/reject.html site from which I exactly copy:

The Ultimate Rejection Letter

Herbert A. Millington
Chair - Search Committee
412A Clarkson Hall, Whitson University
College Hill, MA 34109

Dear Professor Millington,

Thank you for your letter of March 16. After careful consideration, I
regret to inform you that I am unable to accept your refusal to offer me
an assistant professor position in your department.

This year I have been particularly fortunate in receiving an unusually
large number of rejection letters. With such a varied and promising field
of candidates, it is impossible for me to accept all refusals.

Despite Whitson’s outstanding qualifications and previous experience in
rejecting applicants, I find that your rejection does not meet my needs at
this time. Therefore, I will assume the position of assistant professor
in your department this August. I look forward to seeing you then.

Best of luck in rejecting future applicants.

Sincerely,
Chris L. Jensen

As someone pointed me at comments that was taken from xkcd.org even though I found it in other site where the source wasn’t mentioned. I recommend you visit xkcd.org site and check all the comic strips they are pretty awesome.