code

ITAR

 audit, code, DARPA, data, fast track, ipmi, python, security, tech  Comments Off on ITAR
Feb 262013
 

Well, not really.  Actually I.tar.gz.  In the gzip’d tar there are 3 files; little IPMI/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an even smaller program to parse the first program’s output. Because… well, no good reason, actually, one is in python3 and the other in python2. I guess I’m testing your readiness. The programs are pretty heavily commented, especially ipmifreely.py, so […]

OMG, finally!

 code, mac, tech  Comments Off on OMG, finally!
Feb 182013
 
OMG, finally!

I’ve waited for a over a decade, but finally – per process packet tracing on the mac (mountain lion.) For example, finding out the traffic that a python script sends via UDP and the return (both python programs on the same machine); the first sends “foo”, the server sends what it got plus “bar”: # dtrace -n ‘syscall::sendto*:entry /execname == "Python"/ { printf("%s sock=%d sockadd=%x buffer[%d]=%s",execname, arg0, arg4, arg2, […]

one ring to bind them, one line to find them

 code, hack, python, web  Comments Off on one ring to bind them, one line to find them
Dec 072012
 
one ring to bind them, one line to find them

I guess if you import enough libraries just about anything can be made into a one liner… if you have imported BeautifulSoup, re, requests, and sys, in python3 you can simply do: print(re.sub(r’^.*imgurl=([^&]+)&.*$’, r’\1′, str(BeautifulSoup(requests.get("http://images.google.com/search?num=50&hl=en&safe=off&site=&tbm=isch&source=hp&biw=1744&bih=1279&q=%s&oq=" % sys.argv[1]).text).find(href=re.compile("imgurl"))))) To find the first hit on a google image search with argv[1]. Google will probably change their URL images later today and it’ll stop working, but I wanted this for a random […]

mounting jffs2

 code, embedded, hack, tech  Comments Off on mounting jffs2
Nov 232012
 

After mounting a bunch of filesystems I thought I’d just whip up a little shell script to help me out when working with jffs2 images, mtd, and linux (only tested on centos 6.) I won’t go over how to get kernel support and all that crap – there are many guides, and while many won’t work eventually something will for you too ;( This one is fairly simple to […]

avctpasswd

 code, hack, ipmi, python, security, tech  Comments Off on avctpasswd
Nov 112012
 

Since I didn’t find it anywhere else… Avocent, who makes a heck of a lot of BMCs, and at times (like with Dell’s iDRAC, at least version 6) keeps encrypted passwords in (well, quite possible/probable OEM dependent) “/flash/data0/etc/avctpasswd” (don’t be fooled by the /etc/passwd file) using SHA1 hashed passwords converted into Base64. I surmise this file is used to protect the real passwords that are stored in clear text […]