Sunday, May 30, 2010

what did you learn today?

In order, I learned how to put up a hammock made out of just about anything.

I learned of the monkey fist ball knot. They say to put something in the core, but mine doesn't have anything in it. It just is. It isn't pretty, but it functions. I would have liked to known about that when I was scuba diving and had to pass lines between boats.

I used my 100 foot repelling rope (that I've had since I was about 18) to make the monkey fist. Problem was I had it wrapped pretty tight. In making the fist, I ended up with a mess of rope on the floor. So then I went and learned how to do a backpack coil, and a mountaineering coil.

Then I finally, after watching about 30 minutes of youtube videos, figured out how to pick a pad lock. I've had a Master M1 (it's older than I am) that I've been trying to pick for about 10 years or so. I would get discouraged easy, and then I lost my picks for a long time. Found them a couple of months ago, but still got discouraged easy. Tonight, I've picked the pad lock 6 times already. still want a new / better set.

Then looking at the coil of rope, I undid it again. Put a monkey fist on the end, and then recoiled it.

Thursday, May 27, 2010

thinking about breaking it up

I'm thinking of breaking my blog up. It's a wide mishmash of things right now. I'm thinking it might be better to break the computer stuff out into another blog, and leave this part Kettlebells, politics, and rambles.

What does everyone else think?

it's a start

So... I've mentioned the WIFU class a few times now (see the wifu tag below). I've gotten the first wireless card I needed. I still need at least 1 more. I don't have to have another of the same type, but why not? I've got an old desktop I'm going to hook it up on. I haven't started the class yet, but I have started playing around.

Anyway I've tested the usb wireless card in Backtrack4 from the live DVD, in my normal Sidux install on this box (my laptop), and now in the BackTrack4 virtual machine (VM) running on top of my Sidux install.

Tonight, I followed along with the Aircrack-ng tutorials while using the VM with the USB Wifi adapter. I was mostly interested in trying packet injection with the card from the Virtual.

Getting the packet injection to work took some set up. First you have to get the card in monitoring mode, and the test injection had a link to that tutorial. However I don't think it worked every time I tried it from the VM. Sometimes the packet injection would work, sometimes it would fail. I usually had to do airmon-ng stop on both the mon0 and wlan0, then start it again on wlan0 before the injection would work. Annoying but not enough to make me give up.

I was rather excited about getting injection to work, even if it was a bit dodgy. However, I'm not the kind that is willing to leave well enough alone. Since I don't have everything set up yet for the wireless lab I'm building, I decided to jumped ahead to the WPA/WPA2 cracking. (Note I have yet to crack WEP).

I got airodump-ng running on the network I wanted (my U-Verse 2WIRE access point), and could even see the only client (the Sidux install on the laptop, using the built in 3945 wireless chip). However I didn't see any authentication packets in airodump-ng. No biggy, the tutorial tells you how to fix that if you're not patient or only have 1 client.

I was able to deauthenticate the host operating system (Sidux), and even watched was WPA_Gui would reconnect. However airodump-ng never seen the authentication handshake. I tried looking at what was going on with wireshark,and could see the deauth packets going out. But no auth packets. The VM wasn't using the network either.

I'm going to have to get more hardware, I'm ordering the second card this weekend. There are some other things I'd like too... Netbook, desktop, multiple monitors, but that will take longer to get.

I was a little surprised at how easy it was to deauth a wpa/wpa2 connection, and wondering how many people around me are messing with other people by sending deauth packets. I mean after all, I live near one University that has an Information Assurance Program, and the other University I live near is well know for having a great Computer Science / Computer Engineering program. :-)

Monday, May 24, 2010

WaHoo!

Did the pull-ups with the inch band.

3-2-1-1 1 minute rest. the elbow didn't care for it, but I'm excited. 3/4 of an inch really does make a difference.

Edit: elbow doesn't like it because my form is a little off.

Friday, May 21, 2010

Yes....

I should be able to. If you didn't read the post before this one. You need to. This one picks up where the last one left off...

I can do it. I can skip the 1.5 inches and move straight to the 1 inch. Which... hopefully means I can move to no bands in 2 weeks.

choice

Spent the last 13 days doing the 3RM pull up program. It was supposed to be a 12 day program. But it took me 1 extra day. I've been trying to decided what to do on Monday. Move on to the 5RM program, using the same band for help, or swap bands and restart 3RM. I'm going with the band swap.

2 days to rest. then do it again with a 1 inch and a 1/2 inch band. After that 12 days, down to 1 inch. The swap with the half inch.

Unless.... I wonder if I could.... Time to find out.....

not as thrilling

Brought the laptop, the wireless adapter, and both antennas to work. We work in a office park, but it doesn't have a lot of businesses in it.

So I think the most were 15 probe networks, and 5 actual networks. 2 of them don't have any encryption enabled. One of those does have it's bssid turned off.

I sat here probably an hour or more with everything set up, and no one paid attention. When I found I did bring the holder, and attached it to the back of the laptop, people started gathering around and asking questions.

something funny from yesterday

So yesterday (5/19/2010), I went to the Ann Arbor Virtual User Group meeting. It was my first one. I was told about the group after talking about VM production systems at an ARBSEC meeting.

I was talking to the guy that was running the show yesterday, Rod, (while hitting the pizza buffet), and mentioned my one "big" complaint about Virtualization. It's how the Virtual Host passes the network to the Virtual Guests.

The host will take the wired, wireless, or carrier pidgin based network, and display it to the Virtual Machine Guest as a wired network. Even though you're connected over wifi, the VM thinks it's got an Ethernet cable plugged into it. Which 99% of the time is fine. However, if you WANT you're VM to have wifi, you have to have a system that will pass the usb adapter (VirtualBox and VMWare both do this, or so I'm told and read). This is also part of the reason I bought the Alfa Wireless Adapter for the WiFu class.

Rod asked why I would want a wireless card on a VM anyway. I said for packet injection. My main interest is computer security, I'm here because I maintain the VMs at work. He looked at me and said I should go check out ArbSec and meet Jon O, the guy that runs it, if I was interested in security. I started laughing. I looked Rod in the eyes and said "but he's the one that told me about this group, at an ArbSec a couple of months ago".

The other cool thing last night, I ran into one of my former college professors (had him back in 1999 I think). He was sitting across from me. Started talking. I stopped him, asked his name. He really didn't remember me, but that's ok. I could have told him a few things that would have reminded him of who I was, but didn't want to scare him. Like the fact I'd been to his house when I was his student. Had to do with losing my text book right before the final, and he had found it.

that was enlightening

So the mail came today. In it was my new alfa (1000mw) wireless adapter. I hooked it up a little while ago.

It took a while to figure out how to make it work. First to make sure it would turn on. dmesg, lsusb, iwconfig all saw it. Sadly I'm used to ifup and ifdown. Which only work if the interface has a configuration file. I was able to get up with ifconfig.

Then I wanted to get it working with Kismet. After googling around, even though it's the rtl8187, I found you have to use the rt8180 capture device in the kismet config. I copied this line from a forum posting (changed wlan to 1 because 0 is the built in, and using it for net connection):

source=rt8180,wlan1,RTL

Then I got kismet to work. I ran it for about 30 minutes.... I found 92 networks (networks as kismet's info display on the side claimed). Some of them were probe devices.

But it was interesting to see what I could see from my laptop sitting in my bed.

I really think I'm going to take this to work tomorrow (including the laptop) and see what can see.

And I'm even more excited to take the wireless pen-testing class. Not because I have 92 networks to attack, that would be unethical, but because there were 8 to 10 boxes probing and I want to make sure they won't be using my wireless to surf porn. (IE use the skills from OSWP to secure my home wifi).

In case you're wondering, I live in a 1000+ unit apartment complex. I'm sure if I wasn't on the ground floor (took ground because I was afraid of dropping kettlebells), I would have seen even more. I might have to go over to the tower (7 floor unit), and see if I can get roof access, and then see how many networks there are.

Wednesday, May 19, 2010

fail.

I'll have to repeat today, tomorrow.

Pull-ups:
4-4-3-2-1. Minute between sets. Problems is, I goofed. All the other ones, I gripped the bar (last 9 days). Tonight I hanged just from the fingers, thumbs tucked at the side, but not around the bar like usual.

First 4, were trouble. Only got my nose over the bar. Second 4, I had to stop and adjust the grip and then finish. 3 I realized what I did wrong. Last 2 sets were better.

I also psyched myself out on doing the pull ups. Looked at the number and first though was no way. Should have been bring it. but just not feeling it today over all. Just physically zapped. Had to rely on caffeine to not fall asleep at work.

Oh well. It the set back like this that makes you push harder the next time. Means I'll finish Friday instead of tomorrow.

Other thing, with today's grip, my elbow hurts. not bad, just hey you messed up dummy kind of way.

Monday, May 17, 2010

knowing your tools

It would have been nice to know last week that rsync had an include and exclude feature for doing copies, so I wouldn't have had to waste 2 days writing shell scripts.

My own fault for not reading the man pages. I like rsync, but really don't use it to it's full potential. Mostly when I use it, I'm copying over ssh and need all the files, or between 2 hard drives and need all the files.

A current project at work is the first one where I needed to exclude directories. Still trying to figure out exactly how the include feature works.

*edit - I completely erased the original text and re-wrote the post. Last version was too negative.

really need to have someone else help with that

re measured today. (note I felt bloated yesterday). 42 inch waist, measured in the same spot, 43 inch hips, measured in the same spot.

21.4 % body fat.

I'm going to split the difference and say 22.9%, which puts me at just under 55lbs of fat on of my 240lbs.

Sunday, May 16, 2010

been a while...

It's been a while since I talked about % body fat, and weight. Back in February I got sick. The every other year visit to the hospital kind of sick. Like usual I got treated for dehydration. This year's cause was a stomach flu like virus.

I lost a bit of strength, and I'm still working on getting it back. I was doing pretty good, or so I thought, for a while. But in the last 2 weeks I've put on about 7 lbs. Which wasn't a problem until Friday when some of my clothes started to feel tight. :(

weight, 241 lbs (was higher yesterday)
waist 44 inches
hips 45 inches
forearm 13 inches
wrist 7 inches
24.4 % body fat. +/- 2% for margin of error in math, and me actually measuring the right spots.

Wish, but glad I didn't, do this about 3 weeks or so ago, when everything fit much loser, and the weight started to go up.

In other news, with the 1 3/4 inch super band, I made it through day 7 of the fighter pull up. My body hurts from Friday's kettlebell workout though, but I got the chin over the bar all 11 times. Although the first 4 at the end (1st set) got a little sloppy, still made it over.

Saturday, May 15, 2010

And it's almost sunday...?

Haven't been sleeping well. My body is short circuiting at night. As I understand it, the body's motor controls are supposed to shut down during dream state so as not to injure self.

However the last 2 nights, in the middle of the night, I've had bad dreams. Not nightmares, but just not happy dreams where I do something martial arts related in defense. Be it attacked by R.O.U.S (and I haven't watched or read the Princess Bride in months) or snapping a front kick at a zombie President Barack Obama trying to do a cyberman upgrade on me... (Maybe too much Doctor Who). In each case, I did the action in bed, and woke up while doing it.

Friday I went to Joust Fitness and had a decent kettlebell workout. Didn't kill me like other ones there did. I actually enjoyed it. Did another set of pull-ups around 9:30pm.

Saturday, I went to a Tang Soo Do seminar put on by Grand Master Kang Uk Lee. Even volunteered to be elbowed in the chest by him. It was interesting. That required me to be up at 6am, and I didn't get to sleep until after midnight. (Note I was up at 6am Friday and Saturday after fit full nights of rest).

Came home from that (got home, a little after 2) and proceed to take a nap. about 3 hours worth, and still tired.

My core hurts (shoulders, abs, ribs (not sure where that one came from), and lats).

And now it's almost Sunday. I really think I need a weekend to recover from this weekend. :)

Wednesday, May 12, 2010

Wow

So I did pull-ups last night. Same as Monday. I was sore when I got up today. Lats were very sore.

Did tonight's when I got home from work. 3-2-2-1.

I've already seen an improvement. Usually, I could only get my chin over the bar on the first one. Nose over on the rest. I was looking down on the bar each time tonight.

I know I'm going to be sore again tomorrow, but I'm happy.

Wifu - not ready

So I just got done watching the WiFu demo. I'm really looking forward to taking this class.

I'd start playing around with stuff now. but as the topic says, not ready. I still don't have all the gear I need to even begin to play.

Tuesday, May 11, 2010

more on the Cert

So I mentioned in a little shocked. I got picked for a free cert course.

After some emails around on who was going to take what, I'm taking WiFu. I actually offered to take it, kind of. I still would have preferred Penetration Testing with Backtrack. But I have a better chance of getting a cert with WiFu and I think that is a little more important.

So for the last week or so (little longer probably), I've been looking at getting things together to do the course.

I'm going to get 2 Alfa AWUS036H and 1 BU-353 USB GPS Unit. The GPS isn't needed but will be fun to play with. And I'll finally be able to do Wardriving / Warwalking and map the data out, instead of just saying hmmm... But that's for another post.

I picked up a cheap old Gateway Celeron, 256 meg, 15 gig hard drive. I'm going to toss straight Debian on it, and attach one of the USB Network Devices to it.
I'm going to dig out my old Linksys wireless router, flash it with Linksys firmware (I can put dd-wrt back on it later), and hook the other Wifi device to my laptop running BackTrack. (If don't pick up another cheap PC first).

I'll update the blog as I go along.

Monday, May 10, 2010

that was nice

So I'm struggling with pull-ups still. Jennifer has the same problem. She's pointed me to Pavel's pull-up program. I'm doing the 3 Rep Max program, with a band.

3, 2, 1, 1. It wasn't that bad. I'm looking forward to tomorrow's workout. Hoping in 12 days to either go back down a band size, or not have them to use at all.

I guess we'll see.

what to work on.

I have about 2.5 hours left to my shift at work. I've been playing with FTP all day again. Still trying to get 260 gigs worth of data to rsync across the network.

The down side is, I can only do it when there is no FTP traffic. So I have to sit here and watch the 1 server and then make the copy when no one is connected. Then stop said copy when someone connects.

I'm sure if I was better at scripting I could script it, but meh. I'm also wondering if SSH is adding overhead slowing it down.

I don't want to set up an rsync server on the boxes. I have also had problems with it running over night and over the weekend via cron.

Anyway, I've been trying to catch up on work related reading (Hackin9 and Linux Journal)

Sunday, May 9, 2010

sore

Did a kettlebell workout Friday. A real workout. First real kettlebell workout in months... I'm sore. Have been since Friday. (I still think it's Saturday).

But I needed it, and it was worth it.

Thursday, May 6, 2010

hmm...

Should be working on another book review. I lost a month destroying (cleaning out) the office. But I don't want to move the hardware to the office tonight to play along at home.

I really need to get a couple of more computers. Desktop (Server) and a netbook.

quote from last night

Heard a great quote about security last night. Might be paraphrasing, but the underlining point remains.

"[Computer] security is where you go when you know how to do everything else."

Guy at Arbsec (works for Vistion) said it.

Wednesday, May 5, 2010

This week's fun at work

So last week, on my day off (personal day), I got an email from the Senior Developer. He was asking if we'd be ready for the DNSSEC roll out today. I didn't know.

Came in Monday:
Tested our systems using the directions found on the dns-oarc.net page. It came back saying "X.X.X.X lacks EDNS, defaults to 512"

Call to Cisco. Stayed late working with Cisco TAC Security Engineer to put the work around in for CSCta35563.

Test still failed.

Tuesday:
Spent more time testing from both in front and behind the firewall. Found that some of the servers I was using for testing would work, some wouldn't. From both sides of the firewall.

Go back to my office. Start reading up on it. Some sites saying I'd have to upgrade the ios on the firewall to 8.2(2) or newer. Some saying the problem was the DNS server for our internal network not supporting it. Windows 2003.

Came across a test page from RIPE, that said if DNSSEC isn't supported by the resolver don't worry. (We're not using DNSSEC with our 2003 servers as far as I can tell, but I'm not a windows expert).

Wednesday (Today):
Built 2 Bind9 based linux servers to handle dns for us, if things break. Has taken most of the morning.

It's after 1pm now, the time that DNSSEC was supposed to roll out, and so far so good. We're not seeing problems yet. People are not screaming yet. the 2 servers are sitting here ready to roll (mostly).

Now it's just a wait and see. Going to wait 24 hours to see what happens.

Tuesday, May 4, 2010

I knew I was stressed but.....

I knew I was stressed with the Dan test but I didn't realize it was THAT BAD.

I've felt great since the test. Before I got the certificate even. Like a huge weight was lifted off me. Actually, I felt that way during the test, even though I was making mistakes.

The thing is, I knew the upcoming test was stressing me out, but I didn't realize how bad. There were things I said I'd do, like the FTP server (not working from the outside), and I started cleaning up the crap from the spare bed room / study.

Even though I could have used the space, I left the back room a mess for a whole month. I'd look at it and feel like it was too much. Actually I felt that way about a lot of things lately. However since Saturday, I haven't felt that way as much. The room is still a mess, mostly with empty boxes or stuff waiting to go to the Recycling center. However, I got the room back to a working condition. I can actually get to things in there now, like my study desk. The stuff I'm keeping has been boxed back up, and put back along the wall. Might move things around not sure yet.

But mostly I feel good.

Sunday, May 2, 2010

mostly done

I think I've got it all completed (server side) except for a password on an account. Nothing major there. And changing to a static IP address.

All that's let is to set the 2wire system to point port 20/21 to the server, and release it to the public.

FTP configured

I've got vsftpd configured. While I'm a fan of Debian, and Debian based systems (not Ubuntu), I like how Redhat Systems work with VSFTPD, over Debain.

I faked it, setting up a /etc/vsftpd directory, and then making a simlink (could have done a hard link) to the conf file, but it works.

Now for NTP, Fail2Ban, and maybe logwatch.

more on FTP

So thinking about it, I don't think I'll do a true anonymous download. Instead it'll be semi-anonymous. If it was just videos of the adults from the school, I wouldn't care. However there will be videos of kids from the kids class too.

Mostly the videos are of us doing our forms so we can see what we're doing wrong instead of just being told what we're doing wrong.

Stats on the ftp server:

Server: old desktop p3, 30gb hard drive
OS: Debian Testing
packages: vsftpd, ntp, tripwire, snort, fail2ban, xfce4, xdm, minicom, cutecom, and putty (this is also the box I use for console access to my cisco lab).
Accounts: root, mine, one of the masters, and a download account (shared for everyone).

All that's left to do is get the FTP, NTP, and fail2ban configured. Oh and the accounts.

Installed from net-inst cd, slimline (see linux journal) without the laptop. Used the article for the X windows manager.

Saturday, May 1, 2010

finally building it

I'm building the FTP server for the Korean Karate Academy. We're not sure if the web host allows or could have one on it. This is just a stop gap until we can look into it.

There are several videos that need to be loaded, setting it up with upload for a couple of us, and the rest will be anonymous download.

Offered to do this weeks ago, but never did it.

Going to load the Bo form on it. I should be able to get a copy of my test from it. One of the Masters brought his camera. One of the gups filmed it.

a 14 oz uniform makes it harder.

Note, this will not be my best writing ever. Lots of things jumbled up in my head.

Tested for my First Dan (pronounced don) today. Wasn't the hardest test ever. In fact I really enjoyed it. Stretching out before the class, one of the 3rd gups said I looked so relaxed. Truth was, I was. Felt good, in the zone.

I messed up forms, but didn't let it show. I kept going through instead of stopping. I was told if I was going to mess up it would be on the test, and to move through it.

I missed ki-haps, added extra motions, left motions out, and added more, on my bo form. I'm sure my arm wasn't high enough, and I over extended on o-dan and bassai. I almost fell over on Bassai.

The snap of the uniform around me was very distracting. The weight of it, trapped the heat and humidity that my body was generating and soaked up all the water coming out of me.

I rocked the knife and club. I didn't get to use a real knife though. I was really looking forward to it. We got it out, we were set to go. However my partner for it, even though all he was doing was challenging, didn't feel comfortable. He hadn't worked with me much with the real knife, just the rubber ones. But we've worked the club together the most. Mostly he was worried about getting injured and not having insurance (lost his job, after he unionized his store).

Doing the 1 steps, the self defense, the knife and club (After the forms), I was soaked in my uniform. I was also breathing hard. The uniform started off fine, but once the cotton started soaking up the sweat it got heavy and harder to move it.

Actually, one of the masters, when they were giving me my cert said that, that was the best knife and club they've seen on a Dan test in a long time.

Felt sorry for Jason (3rd gup). He hasn't been there for a while, but came just for my test. He's been with the club off and on longer than I have been. He was a Green belt (6th or 5th gup) when I was still a white belt. Anyway, Jason was my partner for 1 steps, take downs and self defense. I threw him around like a rag doll. The only surprise was when we switched to kick 1 steps. I took a round house to the side of the face. Thought it was a side kick, messed up the block completely.

Sparing, pretty much at the start of it, I threw a bad kick (meant to pull the guy down for a punch to the face) that was blocked. the block was between the smallest toe and the one next to it on the right foot. My foot hurts, the toe is swollen and purple.

Sparing was 5 on 1 at one point. Exhausted, dripping sweat from everywhere. Turns were causing the sweat to fling out of my hair. Got in some bad situations, but didn't stop. Figure if one guy is holding me, I don't have to worry about him while I attack everyone else with kicks. :)

I grabbed a few people and threw them back into the groups of 3 that would from coming from one direction when I'd move around the floor. But between the Uniform, sucking air (all the work it took to get the moves going with the weight of the uniform getting heavier with each minute), and just the length of the sparing bit.

Got some of the history wrong. So it goes. Did sparing, then the basic motions, then the history. Like I think I said, the toe was causing problems with my basics. Couldn't even do a front stance with it being the back leg. At the end of the basics I was asked to do a Tornado kick. I can do them from time to time, but not with my toe, ended up on my butt. No biggy.

The breaks... I messed up the first one, I tried to stop / change strike in mid motion. Ended up just tapping the board. Supposed to be a palm, threw a fist. The second strike was clean hammer fist straight through 2 boards. The side kick, the holders moved back with the kick. The second attempt was a jump side kick. No ki-haps, and all the wood fell... Then I had to do the speed break. I've practiced it 2x and never broke. Ki-happed on the speed break, and the board exploded, like it should have. (It was a very nice board. 10 years old or so. Dried out to the point it was starting to crack).

Got my cert, my belt buckle. I'm the 11th person to go from Gup to Dan under our current masters (going back to 1994). But we're a small school, and have a hard time keeping people. It's a cheap class, but people keep leaving for work, school, whatever.

I started as a kid in December of 1985. It took me until May of 2010 (24 1/2 years) to get here.

Along the way, I stopped because I didn't want to be there as a kid. I wanted to play baseball, football, do cub scouts, etc. I swam for 4 years in high school. Looked into going back in 95, but was told the school was no more after Grand Master Ormanian passed away. I was giving bad information.

In 97, I really wanted to go back and at least get a black belt. I felt like I was missing something from my life that the Black Belt should have gave me. I signed up at an expensive school a couple of miles from home. After doing that, I felt nostalgic and drove by the community center the old school was in. Just happened to be the right day. Drove by, there was a master and 2 black belts in there. I actually stopped dead in the middle of the road. I parked, ran in, and talked to them. Found out it was the same school.

After that, I had to keep missing classes because of college (classes were only available on the same night as Tang Soo Do (just like the sports and scouting when I was a kid)). But I always made a point to come back. I got there early most nights and worked with the kids class (because if I didn't I'd have slept through the class, working midnight).

Then in 2002 I got a job working in a bar. Best I could get at the time (only thing I could get at the time). Working the same days and times as the classes. In 2003, I got ran over by a drunk driver. Lost 4 years of training because of that.

Even when I went back to training in 2007, I would still miss months of class at a time, because of work.

They wanted me to test in December, but I knew I wasn't ready. Forms I needed to know, I didn't know. I'm glad I waited. Now my goal is not not take another 25 years to make Master. :)