Tag Archives: Unabashedly Nerdtastic

Tales from of a base64 WordPress Hack, part 4: dissection

Posted on by
1

Got hit again, briefly. Was able to recover very quickly thanks to the Git repos I had set up previously. I found a couple extra backdoors, using some alternate obfuscation methods. Instead of the typical “eval(base64_decode(” the attacker instead took an existing file, commented out all the code, and interwove a series of variable assignments.

I think it’s a good thing to know the enemy, and the more we know about both (a) what they are doing, (b) what they are CAPABLE of doing — the better we can both recover and detect / identify future attacks. I’ve decrypted their backdoor application and pasted it below (after the jump), with some commentary.

It looked like this:

Continue reading

Tales from a base64 wordpress hack, part 2: recovery

Posted on by
9

Time for some investigative work. This post may get unapologetically technical.

So I began by looking at my access logs from the day that the compromise occurred, I started with just a full browse of the log to look for anything anomalous. Discovered a lot of hotlinking to images on my site! Squashed that problem (go ahead and try it! You might have to clear your cache first to see the effects….)

I suspected that looking for POST requests would be a good place to start since there were likely to be fewer of them.

Continue reading

Synaesthesia, also known as “Piano Hero” [Linux FTW]

Posted on by
4

Last year, a friend of mine showed me this cool program he found called “Synaesthesia.” It is, as the title reads, “Piano Hero.” Notes fall from the top to the bottom of the screen and when they collide with the bottom, you must hit the appropriate  key on your piano / keyboard / MIDI controller. It is a VERY cool tool for training, practicing, and learning new songs. As someone that is not particularly skilled at sight-reading music (I do better learning aurally), any way to get new songs loaded into my brain is welcome.

We inherited a Yamaha Clavinova 350 last year as well, which has been really terrific for practicing; I was previously using a 2/3 size electric piano that was showing its age. I picked up an M-Audio Fast Track Pro interface off of eBay for about  $50, and so I can now use the Clavinova as a MIDI controller!

My big Win last week, though, which happens to be what this post is about, is getting it to not only work in Linux (not so hard) but getting the Clavinova to function as the MIDI controller for it (somewhat challenging). Continue reading

Satan, Cantor & Infinity [Book Review]

Posted on by
3

book imageI picked this book up at Carroll & Carroll in Stroudsburg, PA; a bookstore I frequented in highschool.

I’ve always been a fan of logic puzzles although I would hardly call myself a logician — I actually find them somewhat challenging; but perhaps that’s the point of puzzles, after all.

In Satan, Cantor & Infinity, Smullyan weaves a lengthy fictional narrative into a series of many varieties of logic puzzles — from basic Goodman (always lie / always tell the truth) to very elaborate symbolic logic.

The title and the last chapter of the book share the same name, and it refers to a logic puzzle posed by Georg Cantor (famed mathematician). In this puzzle, Satan allows his denizens to attempt to escape damnation by guessing which number he has pre-selected, chosen from 1 to Infinity. It, among with many others, are imaginatory ways of grasping really elaborate abstract concepts such as “are some infinities bigger than others?” Continue reading

Making the Switch [Linux FTW]

Posted on by
7

Since January of this year (2010), I have helped 3 separate people make the switch over to Linux from Windows. Last year I helped two people do it, and I am currently in the process of converting our desktop (used primarily by Melissa) over to Ubuntu as well. In 2011, I helped 3 other people convert, and also all 3 of my coworkers at my new job.

To date, only one of them went back, but to be fair, I wasn’t able to help him in person, only over the Internet (and being able to play World of Warcraft was a dealbreaker for him — WoW does work, you just have to hoop-jump a bit to do it). UPDATE: I play Skyrim on a regular basis via Wine with little to no difficulty.

My distro of choice, of course, is Ubuntu. The latest release as of this post, Karmic Koala, offers many really awesome features, some of which aren’t even offered on Windows.

The key factor for conversion is quite simple: most people only need some really basic features to be satisfied. If anyone has ever asked you for advice about what computer to buy, if you ask them what they plan on doing it, the answer is often “Oh, you know… email, Internet, pictures, word processing; nothing fancy, I don’t need a gaming computer.”

For the scope of this post, I’ll be discussing Ubuntu exclusively (I’ve found it to be the most accessible for new Linux users and it has a good online community base for support), though many of my sentiments will also apply to other distros (Fedora, Mint, SuSe, Debian, etc).

Continue reading

Using Virtualbox with an Existing Windows Partition [Linux FTW]

Posted on by
163

The recursion might blow your mind.

UPDATE: I am not able to help troubleshoot this anymore, as I have switched over to VMWare Player (post coming soon!); However, if you happen to discover anything about making it work, please post in the comments below and I will update the post text with your findings and credit you.

Last week, a friend of mine needed me to do an audio file conversion, but the app that I use is installed on my windows partition. I really don’t ever boot into Windows unless I have a good reason for it — I’m much happier tooling around in Linux — there’s just something satisfying and comfortable about being able to pop open a shell at any time.

Anyways – it got me thinking: I’ve booted into a Windows XP image,  why can’t I use VirtualBox to boot from a whole partition? Surely that is possible…

Tonight I finally got to play with it. And as you can see from the image here, I got success. :)

It’s a little challenging, but it’s doable. I had to spend some time to iron out the kinks, but you can reap the benefits!

UPDATE: Sandeep has submitted screenshots with instructions on getting this to work with Windows 7, see below, at the very end.

UPDATE: If you are getting the error message: Offset must be a number: rce
I have found the fix for it. See the instructions below.

UPDATE: Bogdan (see comments) was able to get Windows Vista working under Virtualbox OSE, using the method below. See his comments for specifics on Windows Vista.

UPDATE: Dan has found some tricks for getting this to work with Win7 if you are getting a BSOD on bootup.

Continue reading