ngsec game #3 level 2

Wohoo got it. This level is a timing attack. After guessing the username, the error page will show you what the password was supposed to be. It changes way to fast to just resubmit the password, so you have to figure out what the password is supposed to be and submit that...

Think timezone, curl, and md5.


ngsec game #3 level 1

Finally got it. wohoo.

This a blind sql injection with a twist. Thanks to everybody at the dc303 meeting Friday. I learned a lot.

Upon first inspection, game 1 doesn't seem to be susceptible to any sort of issue.

Some odd things are being set:
name="token" value="34bu5Un3zJ3S4AxXV52pmRMW7U5PUnv2"
name="token2" value="c4ca4 238a0b923820dcc509a6f75849b"
name="level" value="1"
Finally we figured out the second value was an md5sum of the 'level' value, 1. Some more messing around and we figured out that we would get a "Query String Tampered!", must be some sort of weak field verification.

After being stuck, and prone to cheeting ;) ... I finally broke down and looked in the forums. Thats where someone pointed out the call to game3/level1/ajax_auth_ver3.php. Version 3 huh? Wonder if there is a version 1.

(note some of the url has been remove for formating)

$ curl http://quiz.ngsec.com/game3/level1/ajax_auth_ver1.php?login=hax0r\&password=reet123\&token=EhCsWGA7h67qSExYP2lDvaKZ2SlPx7j5\&=c4ca4238a0b923820dcc509a6f75849b\&level=1
Error: invalid credentials.

Looks like it, wonder if this one has issues.

echo -n "1 ' or 1=1" | md5sum
$ curl http://quiz.ngsec.com/game3/level1/ajax_auth_ver1.php?login=hax0r\&password=reet123\&token=EhCsWGA7h67qSExYP2lDvaKZ2SlPx7j5\&token2=8cf277be3b542e7abd5458bc2ba3a7a7\&level=1\'+or+1=1--
Query String Tampered!

Hrm... what is going on. Messing around some more, the entry must be getting stripped. This can also be verified looking at the file ajax.js. In particular this line:

qstr = 'login=' + escape(login) + '&password='+ (password) + '&token='+ escape(token) + '&token2='+ escape(token2) + '&level='+ escape(level);

Weak sauce. Some more playing around, and we finally find out this script is indeed injectable.
$ echo -n a | md5sum
$ curl http://quiz.ngsec.com/game3/level1/ajax_auth_ver1.php?login=hax0r\&password=reet123\&token=EhCsWGA7h67qSExYP2lDvaKZ2SlPx7j5\&token2=0cc175b9c0f1b6a831c399e269772661\&level=a
Error: SQL error.

Thats good.

$ echo -n "1 or 1=1" | md5sum
$ curl http://quiz.ngsec.com/game3/level1/ajax_auth_ver1.php?login=hax0r\&password=reet123\&token=EhCsWGA7h67qSExYP2lDvaKZ2SlPx7j5\&token2=77a63a557cb73fffdf2247ac79e6b8f2\&level=1+or+1=1
Error: invalid credentials.

So we are able to inject sql.
Having blown past my knowledge of sql injection a while ago, I read the forum over and over and over, as well as just about every sql injection google hit.
I don't want to give the rest away, so here are some hints.

  • The answer is a UNION injection in the level field.
  • The md5sum of label must match token2.
  • You need something in the login and password fields.
  • You want the injection to return 1 result.
Have fun!

*2007-02-21 - fix typo.

user input in perl

#!/usr/bin/env perl
if ( $ARGV[0] eq "" ){
while ( $num eq "" ){
print "Please enter something: ";
$num = <STDIN>;
chomp $num;
else {
$num = $ARGV[0];
print "You entered: $num\n";

user input in python

#!/usr/bin/env python

import sys

min = 1

if len(sys.argv) - 1 < 1:
while 1:
num = raw_input("Please enter something: ")
if len(num) > 0:
num = sys.argv[1]
print "You entered:", num


kismet with ipw3945 on fc6

Setup kismet on ipw3945 chipset. The ipw3945 packages are from the freshrpms.net depot.
$ lspci | grep 3945
03:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)
$ rpm -qa | egrep "ipw3945|kismet"
$ cd /usr/src/ipw3945-1.2.0-1/
$ cat Makefile
$ make
$ sudo cp ipw3945.ko /lib/modules/$(uname -r)/kernel/drivers/net/wireless/
$ cat /etc/modprobe.conf
install ipw3945 /sbin/modprobe --ignore-install ipw3945 ;sleep 0.5 ; /sbin/ipw3945d --quiet
remove ipw3945 /sbin/ipw3945d --kill ;/sbin/modprobe -r --ignore-remove ipw3945
$ modprobe ipw3945
$ sudo iwconfig eth1
eth1 unassociated ESSID:off/any
Mode:Managed Frequency=nan kHz Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power:16 dBm
Retry limit:15 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:2641 Missed beacon:0
$ sudo iwconfig eth1 mode Monitor
$ sudo iwconfig eth1
eth1 unassociated ESSID:off/any
Mode:Monitor Frequency=nan kHz Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power:16 dBm
Retry limit:15 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:2690 Missed beacon:0
$ sudo cat /etc/kismet/kismet.conf
$ kimsmet


xv6700 gentoo tether

This is how I was able to tether the verizon xv6700 (htc wizard) with gentoo. Use this information at your own risk.

Configure the kernel, you need ppp, ppp_async, ipaq, uhci_hcd

Symbol: PPP [=m]
Prompt: PPP (point-to-point protocol) support
Defined at drivers/net/Kconfig:2467
Depends on: NET
-> Device Drivers
-> Network device support
Symbol: PPP_ASYNC [=m]
Prompt: PPP support for async serial ports
Defined at drivers/net/Kconfig:2523
Depends on: NET && PPP
-> Device Drivers
-> Network device support
-> PPP (point-to-point protocol) support (PPP [=m])
Symbol: USB_SERIAL_IPAQ [=m]
Prompt: USB PocketPC PDA Driver
Defined at drivers/usb/serial/Kconfig:192
Depends on: USB!=n && USB_SERIAL
-> Device Drivers
-> USB support
-> USB Serial Converter support
-> USB Serial Converter support (USB_SERIAL [=m])
Symbol: USB_UHCI_HCD [=m]
Prompt: UHCI HCD (most Intel and VIA) support
Defined at drivers/usb/host/Kconfig:111
Depends on: USB && PCI
-> Device Drivers
-> USB support
-> Support for Host-side USB (USB [=y])
Install and configure software and kernel.
$ emerge -s wvdial ppp
$ cat /etc/wvdial.conf

[Dialer Defaults]
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = Analog Modem
Phone = #777
ISDN = 0
Username = xxxxxxxxxx@vzw3g.com # This should be phonenumber@
Init1 = ATZ
Password = vzw
Modem = /dev/ttyUSB0
Baud = 460800

$ cat /etc/ppp/peers/ver
name wvdial
connect "/usr/bin/wvdial --chat Defaults"

$cat /etc/modules.autoload.d/kernel-2.6
ipaq vendor=0x0bbf product=0x00cf # if OS wont recognize phone, reinsert ipaq *with* options
Now, configure the phone.
   1. Hit Send.
2. Enter ##3328873 and press Send
3. Enter 000000 (six zeros) for the code
4. Now Enable both the BT DUN and Wmodem
5. Tap OK several times and OK to soft reset your device
6. copy wmodem to My Device -> Windows -> Start Menu -> Programs
7. Set connection type to USB
8. click start
9. connect device to system.
Back on the gentoo box.
$ dmesg
ipaq 3-1:1.0: PocketPC PDA converter detected
usb 3-1: PocketPC PDA converter now attached to ttyUSB0
usb 3-1: USB disconnect, address 2
ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0
ipaq 3-1:1.0: device disconnected
usb 3-1: new full speed USB device using uhci_hcd and address 3
$ sudo pppd call ver
$ sudo tail -f /var/log/messages
Feb 12 22:33:16 gentoo wvdial[25122]: OK
Feb 12 22:33:16 gentoo wvdial[25122]: Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Feb 12 22:33:16 gentoo wvdial[25122]: OK
Feb 12 22:33:16 gentoo wvdial[25122]: Modem initialized.
Feb 12 22:33:16 gentoo wvdial[25122]: Sending: ATDT#777
Feb 12 22:33:16 gentoo wvdial[25122]: Waiting for carrier.
Feb 12 22:33:20 gentoo wvdial[25122]: CONNECT
Feb 12 22:33:20 gentoo wvdial[25122]: Carrier detected. Waiting for prompt.
Feb 12 22:33:49 gentoo wvdial[25122]: Don't know what to do! Starting pppd and hoping for the best.
Feb 12 22:33:49 gentoo pppd[25118]: Serial connection established.
Feb 12 22:33:49 gentoo pppd[25118]: Using interface ppp0
Feb 12 22:33:49 gentoo pppd[25118]: Connect: ppp0 <--> /dev/ttyUSB0
Feb 12 22:33:50 gentoo pppd[25118]: not replacing existing default route to eth0 [xx.xx.xx.xx]
Feb 12 22:33:50 gentoo pppd[25118]: local IP address xx.xx.xx.xx
Feb 12 22:33:50 gentoo pppd[25118]: remote IP address xx.xx.xx.xx
Feb 12 22:33:50 gentoo pppd[25118]: primary DNS address xx.xx.xx.xx
Feb 12 22:33:50 gentoo pppd[25118]: secondary DNS address xx.xx.xx.xx
$ ping www.google.com
PING www.l.google.com ( 56(84) bytes of data.
64 bytes from www.google.com ( icmp_seq=1 ttl=243 time=227 ms
64 bytes from www.google.com ( icmp_seq=2 ttl=243 time=63.1 ms

vmware libpng12.so.0

I got tired of seeing the libping12.so.0 error when I launched vmware. Here is a simple fix.

$ vmware
/usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/libpng12.so.0/libpng12.so.0: no version information available (required by /usr/lib/libcairo.so.2)
$ /usr/lib/vmware/lib/libpng12.so.0
$ mv libpng12.so.0 libpng12.so.0.old
$ ln -s /usr/lib/libpng12.so.0 .
$ vmware


vmware with unusual resolutions

Letting your virtual OS know about an odd resolution (1280x800, 1650x1080, etc) for you host OS.
$ grep svga Windows\ XP\ Professional.vmx 
svga.maxWidth = "1280"
svga.maxHeight = "800"

changing xorg resolution

Simple script to change resolution.
# change resolution to or from 1280x1024 (monitor to laptop LCD)
#set -x
RESOLUTION=`xdpyinfo | awk '$0 ~ /dimensions/ {print $2}'`

if [ "$RESOLUTION" = "1280x1024" ];then
xrandr -s 0
xrandr -s 1


vi text format

When in vim.
:set textwidth=105

With your cursor on the text, enter visual mode with 'v' then 'gq' to wrap the text.

dell 710m 1280x800 resolution

This is on my gentoo laptop.
*  sys-apps/855resolution
Latest version available: 0.4
Latest version installed: 0.4
Size of files: 6 kB
Homepage: http://perso.wanadoo.fr/apoirier
Description: Utility to patch VBIOS of Intel 855 / 865 / 915 chipsets.
License: public-domain as-is

* x11-drivers/xf86-video-i810
Latest version available: 1.6.5
Latest version installed: 1.6.5
Size of files: 429 kB
Homepage: http://xorg.freedesktop.org/
Description: X.Org driver for Intel cards
License: xf86-video-i810

$ cat /etc/conf.d/855resolution
with[0]="1280 800"
$ rc-update -a 855resolution default


fixing SELinux permissions

A simple look at fixing issues with SELinux.

restoring /etc/cups from a backup, caused cups to break.

Here is the error message.
Feb  9 09:28:13 hostname kernel: audit(1171038493.185:76): avc:  denied  { read } for
pid=6918 comm="cupsd" name="services" dev=sda1 ino=2586231 scontext=user_u:system_r:cupsd_t:s0-s0:c0.c1023
tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
Feb 9 09:28:13 hostname cupsd: Unable to read configuration file '/etc/cups/cupsd.conf' - exiting!
Looks to be a SElinux issue. Luckily I kept the original files.
$ ls -Z /etc/cups.orig/
-rw------- root lp system_u:object_r:cupsd_rw_etc_t classes.conf
-rw-r--r-- root lp system_u:object_r:etc_t client.conf
-rw-r----- root lp system_u:object_r:cupsd_rw_etc_t cupsd.conf
-rw-r----- root lp system_u:object_r:cupsd_rw_etc_t cupsd.conf.default
drwxr-xr-x root root system_u:object_r:cupsd_etc_t interfaces
-rw-r--r-- root root system_u:object_r:cupsd_rw_etc_t lpoptions
-rw-r--r-- root root system_u:object_r:cupsd_etc_t mime.convs
-rw-r--r-- root root system_u:object_r:cupsd_etc_t mime.types
-rw-r--r-- root lp system_u:object_r:cupsd_etc_t pdftops.conf
drwxr-xr-x root lp system_u:object_r:cupsd_etc_t ppd
-rw------- root lp system_u:object_r:cupsd_rw_etc_t printers.conf
-rw------- root lp system_u:object_r:cupsd_rw_etc_t printers.conf.O
-rw-r--r-- root root system_u:object_r:cupsd_etc_t pstoraster.convs
-rw-r--r-- root lp system_u:object_r:cupsd_etc_t snmp.conf
drwx------ root lp system_u:object_r:cupsd_etc_t ssl
$ ls -Z /etc/cups/
-rw-r--r-- root lp user_u:object_r:user_home_t client.conf
-rw-r----- root lp user_u:object_r:user_home_t cupsd.conf
-rw-r----- root lp user_u:object_r:user_home_t cupsd.conf.default
drwxr-xr-x root lp user_u:object_r:user_home_t interfaces
-rw-r--r-- root lp user_u:object_r:user_home_t mime.convs
-rw-r--r-- root lp user_u:object_r:user_home_t mime.types
-rw-r--r-- root lp user_u:object_r:user_home_t pdftops.conf
drwxr-xr-x root lp user_u:object_r:user_home_t ppd
-rw------- root lp user_u:object_r:user_home_t printers.conf
-rw------- root lp user_u:object_r:user_home_t printers.conf.O
-rw-r--r-- root lp user_u:object_r:user_home_t pstoraster.convs
-rw-r--r-- root lp user_u:object_r:user_home_t snmp.conf
drwx------ root lp user_u:object_r:user_home_t ssl
$ for i in *;do echo "sudo chcon --reference ../cups.orig/$i $i";done
chcon --reference ../cups.orig/client.conf client.conf
chcon --reference ../cups.orig/cupsd.conf cupsd.conf
chcon --reference ../cups.orig/cupsd.conf.default cupsd.conf.default
chcon --reference ../cups.orig/interfaces interfaces
chcon --reference ../cups.orig/mime.convs mime.convs
chcon --reference ../cups.orig/mime.types mime.types
chcon --reference ../cups.orig/pdftops.conf pdftops.conf
chcon --reference ../cups.orig/ppd ppd
chcon --reference ../cups.orig/printers.conf printers.conf
chcon --reference ../cups.orig/printers.conf.O printers.conf.O
chcon --reference ../cups.orig/pstoraster.convs pstoraster.convs
chcon --reference ../cups.orig/snmp.conf snmp.conf
chcon --reference ../cups.orig/ssl ssl
$ for i in *;do echo "sudo chcon --reference ../cups.orig/$i $i";done|sh
$ sudo chcon --reference=/etc/cups.orig /etc/cups
$ sudo /etc/init.d/cups start
Starting cups: [ OK ]

acroread expr: syntax error

The newest Adobe Reader gave me the above error.
418 #echo $mfile| sed 's/libgtk-x11-\([0-9]*\).0.so.0.\([0-9]\)00.\([0-9]*\)\|\(.*\)/\1\2\3/g'
419 echo $mfile| sed 's/libgtk-x11-\([0-9]*\).0.so.0.\([0-9]*\)00.\([0-9]*\)\|\(.*\)/\1\2\3/g'

644 #MIN_GTK_VERSION="240"
645 MIN_GTK_VERSION="2040"
More information from here.


lvm2 notes

One of my boxes crashed, and would kernel panic on boot. It turned out to be an issue with the upgraded kernel, but before I figured that out I did some playing with lvm in knoppix.
root@3[~]# lvscan
inactive '/dev/VolGroup00/LogVol01' [5.84 GB] inherit
inactive '/dev/VolGroup00/LogVol03' [219.91 GB] inherit
inactive '/dev/VolGroup00/LogVol02' [5.84 GB] inherit
inactive '/dev/VolGroup00/LogVol00' [1.00 GB] inherit

root@3[~]# pvdisplay
--- Physical volume ---
PV Name /dev/hda2
VG Name VolGroup00
PV Size 232.62 GB / not usable 0
Allocatable yes
PE Size (KByte) 32768
Total PE 7444
Free PE 1
Allocated PE 7443
PV UUID JnTR2m-XuJh-ddhr-Alr5-UCZz-3m9V-rausR0

root@3[~]# vgdisplay
--- Volume group ---
VG Name VolGroup00
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 5
VG Access read/write
VG Status resizable
Cur LV 4
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 232.62 GB
PE Size 32.00 MB
Total PE 7444
Alloc PE / Size 7443 / 232.59 GB
Free PE / Size 1 / 32.00 MB
VG UUID ChwLAR-5vp4-WWYX-SYi5-1nFS-KqT8-M0ofxk

root@3[~]# vgchange -a y
4 logical volume(s) in volume group "VolGroup00" now active

root@3[~]# lvscan
ACTIVE '/dev/VolGroup00/LogVol01' [5.84 GB] inherit
ACTIVE '/dev/VolGroup00/LogVol03' [219.91 GB] inherit
ACTIVE '/dev/VolGroup00/LogVol02' [5.84 GB] inherit
ACTIVE '/dev/VolGroup00/LogVol00' [1.00 GB] inherit

vmware server on fc6

While installing the latest vmware server on a new Fedora Core 6 box, I ran into some trouble:
make[1]: Entering directory `/usr/src/kernels/2.6.19-1.2895.fc6-i686'
CC [M] /tmp/vmware-config0/vmnet-only/driver.o
CC [M] /tmp/vmware-config0/vmnet-only/hub.o
CC [M] /tmp/vmware-config0/vmnet-only/userif.o
/tmp/vmware-config0/vmnet-only/userif.c: In function #VNetCopyDatagramToUser#:
/tmp/vmware-config0/vmnet-only/userif.c:629: error: #CHECKSUM_HW# undeclared (first use in this function)
/tmp/vmware-config0/vmnet-only/userif.c:629: error: (Each undeclared identifier is reported only once
/tmp/vmware-config0/vmnet-only/userif.c:629: error: for each function it appears in.)
make[2]: *** [/tmp/vmware-config0/vmnet-only/userif.o] Error 1
make[1]: *** [_module_/tmp/vmware-config0/vmnet-only] Error 2
make[1]: Leaving directory `/usr/src/kernels/2.6.19-1.2895.fc6-i686'
make: *** [vmnet.ko] Error 2
make: Leaving directory `/tmp/vmware-config0/vmnet-only'
Unable to build the vmnet module.
With some help from google I found some sites with further information (noted below). From these sites I pieced together this solution.
$ cd /tmp
$ cp /usr/lib/vmware/modules/source/vmnet.tar .
$ tar xf vmnet.tar
$ cd vmnet-only/
$ wget http://nerdbynature.de/bits/2.6.19-rc5/vmnet_CHECKSUM_PARTIAL.diff
$ patch -p1
patching file Makefile.kernel
patching file bridge.c
patching file userif.c
$ cd ..
$ tar cf vmnet.tar vmnet-only
$ cd /usr/lib/vmware/modules/source/
$ sudo cp vmnet.tar vmnet.tar.orig
$ sudo mv /tmp/vmnet.tar .
$ sudo vmware-config.pl
vmware-config.pl now finishes as expected.
More details:

fix statusd_volume2.lua

Original script is here
Running this script with ion3 returned stdin:1: attempt to concatenate global 'master_level' (a nil value)
I don't really know anything about lua, but figured I would check things out. Looking at the script, here is the relevant chunk:

local function get_volume()
local f=io.popen('amixer','r')
local s=f:read('*all')
local _, _, master_level, master_state = string.find(s, "%[(%d*%%)%] %[(%a*)%]")
local sound_state = ""
if master_state == "off" then
sound_state = "MUTE "
return master_level.."", sound_state..""
Lua has a cli, just like perl or python, so I tried running part of the script manually.

$ lua
Lua 5.1.1 Copyright (C) 1994-2006 Lua.org, PUC-Rio
> f=io.popen('amixer','r')
> s=f:read('*all')
> f:close()
> master_level=string.find(s, "%[(%d*%%)%]")
> print(master_level)
That isn't good.
After some searching with our trusty google, it seems that lua doesn't work this way anymore. From the lua tutorial page here, I figured out it should actually look more like this.

> master_level = string.sub(s, string.find(s, "%[(%d*%%)%]"))
> print(master_level)
Which is what we need to see for this script to work. Wohoo!
Here is the relevant chunk of the fixed script.

local function get_volume()
local f=io.popen('amixer','r')
local s=f:read('*all')
local master_level = string.sub(s, string.find(s, "%[(%d*%%)%]"))
local master_state = string.sub(s, string.find(s, "%[(%a*)%]"))
local sound_state = ""
if master_state == "[off]" then
sound_state = "MUTE "
return master_level.."", sound_state..""
Also, here is the diff from my version of the script and the original statuds_volume2.lua script.

$ diff statusd_volume2.lua statusd_volume.lua
< local _, _, master_level, master_state = string.find(s, "%[(%d*%%)%] %[(%a*)%]")
> local master_level = string.sub(s, string.find(s, "%[(%d*%%)%]"))
> local master_state = string.sub(s, string.find(s, "%[(%a*)%]"))
< if master_state == "off" then
> if master_state == "[off]" then

free fonts

Saving these for later.


ion3 configurations

Relatively simple ion3 customizations

~/.ion3 $ wget http://modeemi.fi/~tuomov/repos/ion-scripts-3/scripts/switch_bindings.lua
~/.ion3 $ wget http://modeemi.fi/~tuomov/repos/ion-scripts-3/statusd/statusd_iwinfo.lua
~/.ion3 $ wget http://modeemi.fi/~tuomov/repos/ion-scripts-3/statusd/statusd_laptopstatus.lua
~/.ion3 $ wget http://modeemi.fi/~tuomov/repos/ion-scripts-3/statusd/statusd_volume2.lua -O statusd_volume.lua
~/.ion3 $
~/.ion3 $ cat cfg_ion.lua
-- Deprecated.
dopath("cfg_user", true)

~/.ion3 $ cat cfg_user.lua
defbindings("WMPlex", {
kpress(META.."I", "WFrame.switch_next(_)"),
kpress(META.."D", "detach.toggle_floatws(_, false)"),
kpress(META.."Up", "ioncore.exec_on(_, 'amixer set Master 2+')"),
kpress(META.."Down", "ioncore.exec_on(_, 'amixer set Master 2-')"),
kpress(META.."Left", "ioncore.exec_on(_, 'amixer set Master mute')"),
kpress(META.."Right", "ioncore.exec_on(_, 'amixer set Master unmute')"),
kpress(ALTMETA.."F7", "mod_query.query_renameframe(_)"),
kpress(ALTMETA.."F8", "ioncore.exec_on(_, 'xscreensaver-command -lock')"), })

~/.ion3 $ cat cfg_statusbar.lua
template="[ %date || load: %>load || %iwinfo_ssid %iwinfo_bitrate || CPU: %laptopstatus_cpuspeed %laptopstatus_temperature || BATT: %laptopstatus_batterypercent %laptopstatus_batterytimeleft || vol: %volume_level %volume_state] %filler%systray" ,

~/.ion3 $ cat cfg_kludges.lua
defwinprop {
class = "Gaim",
instance = "gaim",
target = "*scratchpad*",

defwinprop {
instance = "Gecko",
class = "Firefox-bin",
target = "thafox",



It is possible to configure less to view several file formats in the console. This makes things easier only having to use the one command. Recently I have setup less to view .rtf .doc and .iso.

Install less, antiword, unrtf and cdrtools.

Next make sure less is setup to use the lesspipe.sh script. From the shell type
You should see something like this:
$ echo $LESSOPEN
|/usr/bin/lesspipe.sh %s

Next, open /usr/bin/lesspipe.sh, find the *gif and add the following lines above, you file should wind up looking like this:

*.doc) antiword "$1";;
*.rtf) unrtf --nopict --text "$1" ;;
*.iso) isoinfo -d -i "$1" ; isoinfo -lJ -i "$1";;

It should now be possible to 'less word.doc' 'less word.rtf' or 'less cd.iso'.

awk notes

$NF is the last field in an awk statement. $0 is a reference to all of the fields. Simple math can be done against the $NF variable.

$ ls -al /etc/ | awk '$NF ~ /bashrc/ {print $0}'
-rw-r--r-- 1 root root 1437 Jan 31 2006 bashrc

$ ls -al /etc/bashrc | awk '{print $(NF - 3), $(NF - 2)}'
Jan 31


syntax highlighting goodness

From messing with my first post, I realized I want to see my code the same way I see it in vim. Luckily vim is awesome.

:help 2html

This is not a syntax file itself, but a script that converts the current
window into HTML. Vim opens a new window in which it builds the HTML file.

You are not supposed to set the 'filetype' or 'syntax' option to "2html"!
Source the script to convert the current file: >

:runtime! syntax/2html.vim

Save the file and simply copy the resulting html into a post.

first post

well, this is my first post. weeee. This blog is really just a place for me to keep notes, documentation, links, etc.

Solution for: The Twelve Days of Christmas Packet Challenge

I wrote a perl script to decode (base64) tcp payloads from a pcap file.

$ cat bin/tcp_base64_decode.pl


# Reads pcap file, decodes base64 tcp payload.
# prints sequence number and decoded data.
# syndrowm 2007-02-05

require Net::Pcap;
require NetPacket::Ethernet;
require NetPacket::IP;
require NetPacket::TCP;
require MIME::Base64;

use Net::Pcap;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP qw(:strip);
use NetPacket::TCP;
use MIME::Base64;

sub usage {
die "usage: $0 filename\n"

sub process_packet {
my($user_data, $header, $packet) = @_;
my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($packet)));
$data = MIME::Base64::decode($tcp_obj->{data});
print "$tcp_obj->{seqnum} : $data\n";

if ($ARGV[0] eq ""){

$dump = $ARGV[0];

# Open file
$pcap = Net::Pcap::open_offline($dump, \$err)
or die "Can't read '$dump': $err\n";

# loop over the packets, calling proccess_packet function
Net::Pcap::loop($pcap, 0, \&process_packet, "12 packets for me");

# close the file