Instructional

Inspired by a pretty good write up by Cynofield as to his setup for getting a Raspberry Pi to “phone home”, I thought I’d set out how I do it. I have a machine that lives behind a ‘security’ infrastructure that makes my life a living hell. As a result, I set up automatic persistent reverse shells going back to other machines I use, so if I connect to those machines, I can get into the secure environment, without anything nasty being able to get in with me. ...

UPDATE I’ve long left QUB since this post was writted so as expected, IS have changed things again. If you’re hitting this, head over to Ryan McConville’s updated instructions QUB Information Services can be a bit of a mess, so in the interest of saving time, here is what works for me. In the below, the asterisks* mean that the value may be called something different depending on your mail client. Let me know in the comments if you find anything different and I’ll try and keep this reasonably up to date. ...

Had an interesting if annoying problem recently that I assumed would just fix itself eventually. But when you’re sick of prodding a power button to force a machine to reboot, you gotta do something. TL;DR**_ if you’re getting messages like “Restarting System” on an attempted reboot, try setting the reboot=pci kernel boot flag_** To do this, at the grub boot menu, press e to edit the current boot parameters. Find the line starting with “linux” (this is the line that actually kicks off the linux kernel) and at the end of that line, put “reboot=pci”. ...

Finally decided to move my research work across to GitHub; seems the ‘in’ thing to do. Also I wanted to get more into the Git swing of things and using intermediary tools like hg-git seem a bit contrived for a 1 person project. I’ve enjoyed using Bitbucket but it’s just not quite as polished. That and GH has better integration to pretty much everything… Sorry. Went through the process described here but it’s not really explained very well, so I’m adding my touch of idiot-proof magic. ...

Came across a well known issue with QUB_SEC and Android, so I decided to fix it. Basically, Android was bailing on a particular part of the TTLS Authentication scheme that is used by millions of workplace and academic RADIUS / AD secured wireless networks, and QUB is one of them. This Comment on the issue indicated that the problem had been fixed in the newly released 4.1.2 builds, and that we’d probably be waiting a while for the OTA updates… So I guess I’ll have to do it myself! ...

Intro Click is a modular router library developed at UCLA, allowing Click-definied router networks to be ‘attached’ to an ns-3- nodes layer 3 functionality. It has very little relevance to my own research, but was interesting to play with. In a nutshell, Click is an extention to the linux kernel that provides a highly performant and configurable routing architecture. Requirements Already installed ns-3 git ~/src directory Get ’er dun cd ~/src; git clone git://read.cs.ucla.edu/git/click ; cd click sudo ./configure --enable-nsclick --enable-userlevel; sudo make; sudo make install ...

IRC, Python, Ubuntu linux. Simples! Same as by Twitter post, but for IRC. Biggest problem with this one was working out that the IRC server needs to be kept alive with the irclib.IRC.process_once() command. This is wrapped in the while loop that assumes that there is other stuff going on for which you are waiting on a condition to be satisfied, but could easily be ignored if one is just sending out one message. Also, the PRIVMSG command can be used to broadcast to a channel, as is used here, or, as the name suggests, to communicate with a specific user. ...

Working on the Farset Labs Big Red Button for space occupancy, had to find a simple way to tweet a status. This is a post to remind myself and anyone else who has dived through hundreds of incorrect, out of date, or inapplicable examples of Oauth 2 with Twitter using a pre-generated auth-token pair. import oauth2 as oauth import urllib ckey='$CONSUMER_KEY' csecret='$CONSUMER_SECRET' akey='$AUTH_TOKEN' asecret='$AUTH_SECRET' def post_twitter(status): try: consumer = oauth.Consumer(key=ckey, secret=csecret) token = oauth.Token(key=akey, secret=asecret) client = oauth.Client(consumer, token) resp, content = client.request( postapi, method='POST', body = urllib.urlencode({"status": status, "wrap_links": True}), #headers=http_headers, #force_auth_header=True ) except oauth.Error as err: print("Twitter Error:"+err) return resp, content post_twitter("Hello Twitterverse")

This is my own self-indulgant reminder for how to do the things I like. I’ll keep adding to this as I think of them. Basic Setup Install Ubuntu Latest (currently 11.10), With the third party libraries and a home partition leaving at least 20GB for ‘/’. Then Update everything, during which time you can plod along to download the relevant packages for Chrome Beta, Dropbox, etc Once the update is done (I’d restart in most cases), additional packages I like to add are; ...

Idiot proof setup for persistent reverse shells / port forwards (same thing) under a Ubuntu VM remote and my Dreamhost server, but should apply to nearly* all *nix’s First off, some terms to keep this easy. I want to be able to access my in-office VM, xavier from my server magneto (not my names, but they conveniently complement). xavier is not publicly accessible, but magneto is. I’ll be replacing all of the FQN’s with these terms so expand on your own. In generic terms, xavier is the remote machine (i.e the one behind some NAT firewall or such that you want to get access to) and magneto is the local machine. Its a bit confusing since all of the work is done on xavier, but it makes sense in the long run. Just trust me and get on with it. ...