by GothNinja | Aug 16, 2010 | Writing, Hacks
A fair while ago I found a document on my machine that was in a folder with short stories, poems, notes, and book ideas. Now I only had the faintest idea of what the document could be, but when I tried to open it to read I was prompted for a password to open the file.
Password? Password? SHIT!
So I typed in my usual selection of passwords……….. NOTHING
So I typed in every password I have used since 1994……….. NOTHING
This got me determined to read whatever was protected on the document. So I tried everything I could think of that I may have used as a password……….. NOTHING
At this point I decided “Frak This” and downloaded a password cracker, kicked it off on brute force mode and left it run. After a couple of weeks of running 24/7 it had reached the maximum digit number it could get too with no luck. Shit I must use good passwords when I’m in the right frame of mind.
At this point I gave up, Until I would re-find the document and try a different password cracker that guaranteed to break the open password on documents, only to leave it running for several weeks only for it to fail AGAIN.
Well I re-found the document two weeks ago, and was about to try yet another password finder when I had an epiphany. It was an old word document written while I was in UNI. so even if it had been updated there was no way it was last saved on anything later than Office 2000. Which means the file itself would only be encrypted with a weak 40-bit encryption. So where as trying to brute-force my actual password would take months if not years of 24/7 constant running, breaking the encryption key itself and simply removing the encryption would take less than a fortnight of testing keys.
Sometimes thinking outside the box is the way forward. I now have an unencrypted copy of the document thanks to a bit of software called GuaWord (and I only needed to use the freeware version, which is why it took 12 days to decrypt)
by CodeNinja | Aug 12, 2010 | Hacks
Just a quick post to show I have not forgotten my series of small articles to show how the mainstream view of Hackers & Hacking is wrong, and we are not all evil misfits trying to do harm to YOU!
When I was in university, the library was short on Computer Workstations and you often had to wait for a free one to come available to check your email, play on the Internet, do work, etc. This was very annoying if you were in a rush and just wanted to check your email to see where you were supposed to be, or quickly email in an assignment to your lecturer.
Now, scattered around the library were UniCat terminals, simple terminals with a BBS style catalogue program running on them that allowed you to search the books in the library, see what they had, what was out (and when it was due back), order books and periodicals, and so on. Another hand feature it had was the ability to connect to similar programs running at other universities.
Now the first time i connected to another university to see how the system work I saw the familiar.
Connected to ***********.****.****.
Escape character is ‘^]’.
So what do you do in such a situation, I pressed ^] which gave me the telnet prompt and decided to connect to a different address, that of my linux account. It connected fine. Which allowed me when in a rush to check my email & ICQ, Spod, code, and do anything else I needed too without waiting for a machine to come free. It also stopped me tying up machines that could otherwise be used by others.
Playing with these terminals also helped out, since there was a bug in the system and occasionally they would crash down to the VAXos, and be unusable until the one IT staff who knew the system went around restarting them. Unless I happened to spot it was down and would help out. Well I could not leave my emergency terminals out of use.
by CodeNinja | Jul 28, 2010 | Codes, Hacks
After seeing all the people posting on Twitter/Facebook/Blogs how they have solved the cipher challenge on the CyberSecurityChallenge website when all they have done is take the first step, I thought it might be nice to post a small walkthrough to give some pointers, help, and show them that first impressions are not always correct.
Only read on if you have stopped trying to solve the puzzle yourself, or if you just need a push in the right direction. AKA, here be spoilers.
(more…)
by CodeNinja | Jul 26, 2010 | Geek, Events, Hacks
On Monday the 26th July 2010 the UK Minister for Security Declares Cyber Security Challenge UK Open.
The Cyber Security Challenge is a series of national online games and competitions that will test the cyber security abilities of individuals and teams from every walk of life. It is designed to excite and inspire anyone considering a career in the cyber security industry.
The Challenge will identify talented individuals capable of becoming part of the UK’s cyber security profession now and in the future.
Why should I participate?
Participation in the Challenge offers three fantastic opportunities:
- The Challenge will award more than 30 superb prizes. These will include:
- Places on the Detica Academy
- Funded or part-funded places for masters-level university security courses
- Funded security courses provided by SANS Institute.
- Memberships of trade bodies and professional associations
- Professional mentoring sessions
- Time on the CREST penetration test rig
- Delegate passes to industry conferences
- An internship at one of the UK’s premier security companies
- Prizes will be allocated based on individuals’ ambitions and the stage they are at in their career.
- The Challenge will provide participants with the opportunity to use world-class technology and facilities that would otherwise be inaccessible.
- It will also provide a way for individuals to meet with, work with, and learn from some of the UK’s most prominent organisations in cyber security, education and politics.
Those who demonstrate excellent levels of skill and talent will be exposed to potential employers who will look favourably on anyone who can perform well throughout the Challenge.
- The Challenge offers an opportunity for all participants to publicly demonstrate their cyber security skills and build their reputation with peers and potential employers as the UK’s most talented security experts.
The first challenge to get yourself started with is up here
Get playing!.
by CodeNinja | Jul 16, 2010 | Hacks
To all of you lucky enough to be at The Next Hope this weekend, I wish you a great time, and a curse of boils (I want to be there).
For those who are there, remember to download the Hope App to your phone,(iPhone, Android, macOS, etc) all free from the relevant AppStore. For those with normal web enabled phones you can use http://thenexthope.mobi.
For those of us unable to be there (And those there as well) the guys from Radio Statler will be streaming the event, the talks, plus extra content.
So Everyone should have a good weekend.
And hopefully the hotel will be saved and the next hope will not be the last hope (especially with the last hope being called the last hope it would get too confusing.)
If anyone see’s the 2600 guys remember to give thanks.
by CodeNinja | Jul 12, 2010 | Hacks
I forget exactly when this incident happened. I do remember it was towards the end of the University season (either the year end, or midway). It was in my second to last year in University, and everyone was rushing about trying to finish papers, coursework and get everything handed in on time.
Of course the Lords of Chaos were out in force, and the Universities Network was down, and had been for about a week, people were seriously starting to panic. The network at the time was Windows 95 running of a Novell network. Now somehow (no info was ever posted) the windows image had become corrupted. You could log onto the network, and it would copy the global copy of windows to your workstation ok, only winsock, and several other network important files/libs were corrupt meaning windows could not talk to the network. This had a knock-on problem of all the program files & user data were stored on network drives. Basically you were left with a corrupt and damaged version of windows that was of no use to anyone.
Now some of the computer labs had computers that also had local copies of windows on them, for specific software/applications. Unfortunately these were not set up to use the network, or the internet, in fact they had been set up specifically to be unable to use the network. (for security and to help prevent the pirating of specialised software)
After a few days of no net-access a friend and myself got fed up and decided to do something about it. We found one of the small labs with local copy windows machines, and using some of the libraries off the corrupt net-work versions, plus manually rewriting sever config files we were able to get two machines fully running on the uni’s network, and hence the internet. So there we were happily using the internet to plan the weekends fun when a Lecturer wandered into the lab.
“What are you guys doing in here?”
“err, just finishing some coursework to email in”
“What, do you think I’m stupid? The network is down”
I pointed at my screen and invited her to come look, pointing at a couple of websites to show it was working, and pointed out since we were desperate to finish our coursework we “fixed” the two machines we were using. She looked thoughtful for a while, then asked could we do the same to all the others in the lab, since she had an important lesson that afternoon that she had already put off once due to the broken network.
It was another week and a half before they fixed the network and all the universities computers were usable. But for that week and a half there was one small computer lab that was fully functional, and its location was spread about like a secret. After all, if everyone knew about it, you’d never get a free computer.
I like to think we helped a few people be a little less stressed in the run up to exams.
