Displaced Geek

Just a city geek and father coming to terms with being replanted in farm country

Archive for the ‘geek’ Category

UPDATE:So, I didn’t know it when this was posted, but LastPass put up a site to check your LinkedIn password, and another one for the eHarmony breach.

@0xabad1dea
Attention universe, change your LinkedIn password and any other account that uses it. Just do it. 8:59AM

So unless you’ve been sleeping under a digital rock for the last twelve hours, by now you know LinkedIn had at least 6million password hashes snatched right out from under their noses.

There are plenty of places on the net where people smarter than I am will walk you through exactly what this means, and even more (arguably) smart people will try to scare the crap out of you, so if that’s what you’re looking for, you can go somewhere else.

@moxie
If LinkedIn hasn’t been able to confirm the breach, they havent fixed it either. You can change your PW, but attackers can just get it again 1:13PM


I decided to post this because while I thought I’d find myself once again checking a hash list to see how likely it was that my password had been compromised, instead I found that I was suddenly unable to remember my LinkedIn password in the first place! To be more accurate, I knew I’d be able to get it within 3 or 4 tries, as I use the now (in)famous ‘Correct Horse Battery Staple‘ method. Nevertheless, with the how often these dumps hit the internet, and how often they seem to be for sites I frequent, I found myself taking my own advice:

If you’re going to do something more than once,script it!

And I came up with this:

#!/bin/bash
#check hashlist for password
echo "usage: pw algorithm hashlist"
echo "eg ./checkfor Password123$ md5 ./hashlist.txt"
case $2 in
	"md5")
	md5hash=`echo -n $1|md5sum`
    md5hash=${md5hash:0:32}
	echo "Checking for $2 hash of $1 ($md5hash) in $3..."
	awk "/$md5hash/" $3
	;;
	"sha1")
	sha1hash=`echo -n $1|sha1sum`
	sha1hash=${sha1hash:0:40}
	echo "Checking for $2 hash of $1 ($sha1hash) in $3..."
	awk "/$sha1hash/" $3
	;;
esac

Of course, I then realized that despite my best efforts, not only would many people I know never bother to check or change their passwords, they may even be tempted to plug them into one of the phishing sites claiming to check their passwords for them which will undoubtedly pop up pretty soon, if they haven’t already. So I compiled a quick list of common passwords I know are in use by friends & family (yes, I can probably guess your password, get over it), polished up that script up there to handle a wordlist…

#!/bin/bash
#check password list against hashlist
if [ -z "$3" ]         # VERY quick & dirty input checking
then
     echo "usage: checkfor ./pwlist.txt (md5|sha1) ./hashlist.txt"
     exit
fi
if [ "$1" == "?" ] #copy & past makes for easy redundancy!
then
     echo "usage: checkfor ./pwlist.txt (md5|sha1) ./hashlist.txt"
     exit
fi
while read line;
do 
if [ "$2" == md5 ]; then
     md5hash=`echo -n $line|md5sum`
     md5hash=${md5hash:0:32}
     echo "Checking for $2 hash of $line ($md5hash) in $3..."
     echo "$line" `awk "/$md5hash/{n++}; END { print n+0 }" $3`  >> ./rawresults.txt
     awk '$2 != "0"' ./rawresults.txt >> ./cleanresults.txt
     rm ./rawresults.txt
fi
if [ "$2" == sha1 ]; then
     sha1hash=`echo -n $line|sha1sum`
     sha1hash=${sha1hash:0:40}
     echo "Checking for $2 hash of $line ($sha1hash) in $3..." 
     echo "$line" `awk "/$sha1hash/{n++}; END { print n+0 }" $3`  >> ./rawresults.txt
     awk '$2 != "0"' ./rawresults.txt >> ./cleanresults.txt
     rm ./rawresults.txt
fi
done < $1

…and let it run. Thankfully, I only ended up matching some common passwords that I fully expected to match, given that they’re probably used by lots of people. (eg the sha1 of linkedinpassword is d2ffdbdb71a0e55324fa51949a145dc001ed53dc, and yes, it’s in there)

So if I don’t know you in real life, and you run linux, snatch a copy of the hashdump, and run the above script against it using your password. Or you could take even less time and just change your password. ;)

Happy scripting!

Written by Peter

June 6, 2012 at 2050

Posted in geek

Tagged with , , , , , , , ,

Basic Linux Executable Troubleshooting

Fair warning, that’s the last cute Gabriella picture in this post. Sorry Jen!

If you use a computer, you’re bound to run into something that doesn’t work every once in a while. Even worse is when something fails silently, or almost silently. With no clear error message, you might think you’re stuck, but one of the perks of running linux is that you’re never actually stuck. When something fails silently, you make it talk, see what it says, and fix it. The steps I outline below are not advanced techniques, they’re not mystical greybeard tactics, they’re just the first steps to take when you don’t know why a downloaded program isn’t running on your linux desktop.

Before we get started, a word of warning. Make sure you execute all of the following commands as a regular user, NOT as root. All debugging tools are inherently dangerous, running them as root when you don’t need to is a recipe for mistakes you cannot undo.

Okay, first we need some information

Written by Peter

January 21, 2012 at 015

Posted in geek

Tagged with , , , ,

One more reason LEGO is awesome

Just a quickie.
Did you know you can download the building instructions for almost any LEGO kit dating back to 2002?

Well you can.

Written by Peter

December 30, 2011 at 1032

Posted in geek, parenting

Tagged with , , ,

imgurdl 1.0

Partially working crap is fine for home use, but serving it up for public consumption bugged me.

#!/bin/bash
if [ -z "$2" ]
then
echo "Usage: imgurdl (album address) (savedir)"
exit
else
SEQ=/usr/bin/seq
albumaddy=$1
rawlist=$(curl -s $albumaddy | awk 'BEGIN {RS = ","} /\"hash\":"/ {print substr($0,RSTART+10,5)}')
touch ~/cookie.txt
wget --cookies=on --keep-session-cookies --save-cookies=~/cookie.txt $albumaddy
echo "$rawlist"
alist=( $(echo $rawlist) )
echo "alist1 = ${alist[1]}"
echo "alist5 = ${alist[5]}"
#5 to 9
echo " Number of files to download is $(( ${#alist[@]} ))"
echo " Continue?"
read dl
case "$dl" in
"n"*|"N"*)
exit
;;
"y"*|"Y"*)
cd $2
for i in $($SEQ 0 $((${#alist[@]} - 1)))
do
#echo "alist $i = "${alist[$i]}
#newlist[$i]=${alist[$i]:4:(${#alist[$i]}-6)}
echo "Remote filename = "${alist[$i]}".jpg"
echo "Local filename = "$i"."${alist[$i]}".jpg"
# echo ${newlist[$i]}
wget --referer=$albumaddy --cookies=on --load-cookies=~/cookie.txt --keep-session-cookies --save-cookies=cookie.txt -r --tries=10 -q --limit-rate=968k -w 3 --random-wait -nd -U "Firefox" http://i.imgur.com/"${alist[$i]}".jpg -P $2 -O $i.${alist[$i]}.jpg
# len=${#alist[$i]}
#working newlist[$i]=${alist[$i]:4:(${#alist[$i]}-6)}
# {newlist[$i]}=$(${alist[$i]:5:(${#alist[$i]}-2)})
#echo "newlist $i = "${newlist[$i]}
done

;;
*)
exit
esac
fi

 

Written by Peter

December 28, 2011 at 1714

Posted in geek

Tagged with , , , ,

imgurdl 0.5

NINJA EDIT: Apparently this form only works with certain imgur album layouts, probably due to the ridiculous awk nonsense I did to get my source urls. I don’t care right now, if I try to download an album and it doesn’t work, maybe then I’ll fix it.
Revisions are welcome in the comments

Sorted.

 

Unsatisfied with the flexibility of other options, I hacked this together the other day to download a large wallpaper archive, and thought it might be useful. It’s uncommented save for the usage text, but really, if you need an explanation for this, then I suggest you start here.

Relative paths don’t work properly in $2, which is obviously a quoting issue, but it met my needs, so I expect all work on this to cease for now.

#!/bin/bash
if [ -z "$2" ]
then
echo "Usage: imgurdl (album address) (savedir)"
exit
else
SEQ=/usr/bin/seq
albumaddy=$1
rawlist=$(curl $albumaddy | awk '/image" id="/ {print $3}')
alist=( $(echo $rawlist) )
echo " Number of files to download is $(( ${#alist[@]} ))"
echo " Continue?"
read dl
case "$dl" in
"n"*|"N"*)
exit
;;
"y"*|"Y"*)
for i in $($SEQ 0 $((${#alist[@]} - 1)))
do
#echo "alist $i = "${alist[$i]}
newlist[$i]=${alist[$i]:4:(${#alist[$i]}-6)}
echo "Remote filename = "${newlist[$i]}".jpg"
echo "Local filename = "$i"."${newlist[$i]}".jpg"
wget -r --tries=10 -q --limit-rate=968k -w 3 --random-wait -nd -U "Firefox" http://i.imgur.com/"${newlist[$i]}".jpg -P $2 -O $i.${newlist[$i]}.jpg
# len=${#alist[$i]}
done

;;
*)
exit
esac
fi

Written by Peter

December 28, 2011 at 1510

Posted in geek

Tagged with , , ,

Hey user, here’s 9 things you should know.

Disclaimer: I used ‘guy’ in the following post to denote a person of either gender. I know several “IT Gals”, and would truly hate to piss them off.

Everybody’s got an IT guy. Whether it’s an official “I’m hiring you to fix this” or the much more common, “Hey, you can check this out for me right?”, he(or she) is the one you go to when clicking the mouse button a little harder or smacking the side of your monitor just doesn’t do the trick anymore.
What you don’t realize is that whether he wants to be or not, your IT guy is probably also an illusionist, FBI profiler, and CIA interrogator. And it’s all your fault.

  • 1 – Don’t Lie To Me.

I’ve yet to meet someone who wasn’t guilty of this to some degree. From something as small and classic as “I didn’t click on anything, I swear!” to the bigger and much more aggravating “I must’ve been hacked, I’d never have something like THAT on my computer”, these do nothing but annoy me when I find out. And trust me, even if I don’t call you on it, I always find out. (usually within a few minutes of turning on your machine)

  • 2 – Insulting your last IT guy does not make us friends.

Chances are, I’m already an acquaintance, and so was the last guy. What makes you think I want to hear about what a crappy job he did, and how poorly he treated you? Whether you’re paying me or not, I’m doing the job now. If the last guy really did that poor of a job, I’ll see that, and if he didn’t, well then you probably came to me because you thought you could get the same service cheaper, and I really don’t need to hear about that either. Badmouthing someone whose shoes I’m filling does nothing but sour our relationship, and predisposes me to dislike you as a person.

  • 3 – Yes, you’re probably part of the problem.

I’m not saying there’s nothing wrong with your machine, I’m saying you’re making it worse. Computers do what they’re told. You may not have intended to click that button, or hit that key, but the computer doesn’t know that, and it’s going to do what it thinks it’s supposed to when that button is clicked, or that key is pressed whether you meant for it to or not. So when I tell you you’re causing your own issues, don’t get angry and snap at me – listen.

  • 4 – I can only fix the problem I can see.

It may look like what I do is magic, but I assure you, it isn’t. There is no incantation that just fixes everything. What I’m actually doing is searching through all the places where bad things hide on your computer, and then figuring out how to remove them one by one. If you were having a problem six weeks ago and it’s not happening now, it’s quite possible I won’t see it. And if I don’t see it, it’s not getting fixed.

  • 5 – Look before you click.

The only means of communicating with you available to the computer is the monitor. If it’s throwing up a box asking you a question, there’s probably a reason. No, not all dialog boxes are useful, or even do anything. However, simply clicking ‘yes’ whenever anything pops up, and then complaining about your files being deleted is not going to get you any sympathy.

  • 6 – Obsolescence is a real thing.

There’s only so much even I can do to make the PC your son built eight years ago and now refuses to support (because it’s eight years old) “go faster”. You need a new computer. If that last machine was built with the intent to upgrade, then maybe we can buy some new components, but it’s only delaying the inevitable. Besides, chances are you bought the cheapest thing you could find from Wal-Mart, and it makes an eMachines box look fast.

  • 7 – Toolbars are evil.

Just don't.
I think that about sums it up, don’t you?

  • 8 – Every system repair is different.

For as much as they all have in common, there are no two jobs that are identical. This means that no, I can’t tell you how long it’s going to take; and no I can’t just do the same thing I did to your neighbor’s machine to make it work; and no I don’t think you’ll be able to “just check your E-Mail for a minute” while I’m dropped into a recovery console. The best thing you can do is leave me alone while I do what I do.

  • 9 – I don’t know what personal data you’re missing.

I can only tell you what data is present and accessible right this minute. I have NO IDEA what data was on there before I sat down. If I see 1500 pictures from the summit of Everest, I have no way of knowing that you actually took 1673. The only person that knows that is you. If you tell me what to look for, I will look for it. But if I tell you it’s not there, I can assure you I didn’t waste any of my time deleting it for kicks.

Written by Peter

October 29, 2011 at 1513

Posted in geek

Tagged with , , ,

Some Hurricane Technology Tips from SANS

With Irene bearing down on a significant portion of my readers, I felt it was appropriate to share the following:

As we are looking at hurricane Irene taking aim at major population and technology centers on the east coast, here a couple of tech tips:

- Cell phone batteries last longer if you turn off non essential services like 3G, bluetooth, wifi.

- keep a hard copy of important phone number[…]

Read the rest of “Some Hurricane Technology Tips” at SANS ISC.

Many and more of these may seem obvious, but it’s easy to forget the obvious while we’re all running out stocking up on bottled water, canned goods, and camping supplies.

Written by Peter

August 27, 2011 at 826

Posted in geek, news

Tagged with , ,