tag:blogger.com,1999:blog-300091382024-02-22T07:17:09.907-05:00Mr.HinkyDink's UT BlogUT99, IT Security, Miscellaneous CrapHinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.comBlogger306125tag:blogger.com,1999:blog-30009138.post-47631806295256611262024-01-02T07:41:00.000-05:002024-01-02T07:41:26.651-05:00Snap VLC Happy fucking New Year, nerds!I've been using VideoLAN (VLC) for longer than I can remember. It has always been quirky to the extreme but I use it on my phone (Droid) and all my computers. Back in the day my work phone was an iPhone and the Apple version of VLC was seen as a threat by iOS. You could use it for a few cuts, but the OS always shut it down as soon as the Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-43805708451772455312023-08-27T10:48:00.000-04:002023-08-27T10:48:00.823-04:00Shitty globals 2023 Eleven years ago I published Shitty Globals. Funny how time flies.This was about the network discovery tool aptly named "netdiscover", which was delivered broken in BackTrack 5. I have been using it ever since. I keep the code around to put it on new boxes. I have two new Jammy Jellyfish systems I got last week and that old code finally broke. I can no longer Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-14475219762530709462023-08-23T07:55:00.004-04:002023-08-23T07:55:37.189-04:00Blocking QUIC I trashed iptables and switched over to netfilter ("Fearless Fosdick") a while ago. The motivation was IPv6. I wanted to write rules that would apply to both protocol stacks at the same time instead of having separate rules for IPv4 and IPv6.Well, at the time that didn't work out at all.Time passed. I figured out how to use Spectrum's native IPv6 stack, getting rid of my Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-38716016814218959262020-09-26T17:28:00.000-04:002020-09-26T17:28:03.478-04:002020 UPDATE Yes, I'm still alive. There is no end in site for me. But all the other stuff... that's another thing entirely.I am officially retired from $DAYJOB. Thank Bob, that place was getting weird. I reached 66, SS FRA (Social Security Full Retirement Age) in March and dropped the HR bitch a note announcing my retirement. Took a week's vacation and next thing you know Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-85536066127058277632016-05-27T13:54:00.000-04:002016-05-27T13:54:02.911-04:00The 22nd CenturyWho cares?
You're going to be dead anyway. And Billy Gibson will be a pile of dust.
Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-41911616860645661802014-10-07T11:05:00.001-04:002014-10-07T11:05:19.710-04:00A certain port, a certain country
Ever since that whole Chinese Thing, which pissed a lot of people off, I've been ever so slightly cautious about dropping bombs into Full Disclosure.
I mean, what business of mine is it if silly programmers think making a public proxy of your machine is The Right Thing To Do? After all, McAfee did it, right? So it must be a Good Thing.
I'm sure you've noticed those new proxies on aHinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-2544082187004228622014-01-29T19:06:00.000-05:002014-01-29T19:06:15.788-05:00BlazeDTV v3.5 Serial Number
Let me just say up front I am not in the business of pirating software.
These days. The 90s was a different story. But I digress.
A few years back, I bought an Auvitek ATSC USB dongle for an XP system. It was cheap and it worked great. It was bundled with "BlazeDTV v3.5" for tuning, recording, playback, etc. Then I upgraded to Windows 7 64-bit and it stopped Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-29244027879846266912013-12-20T06:35:00.001-05:002013-12-20T06:35:34.179-05:00This is PLBURLF03
No, seriously.
It is.
http://mytarget.com:8080/
Really.
Keep searching.
Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-58952110110611532742013-08-29T15:05:00.000-04:002013-08-31T07:19:21.569-04:00PoTTY v0.63 RELEASED!
v0.63
On August 6, 2013 the PuTTY Team posted an update that included some pretty serious bug fixes. You might recall that PoTTY never made it to v.062 except in a private build for my own use. In fact, after my wife got sick in January 2012 (long story) it was left to languish just before it was ready to ship.
And in a few messages to brl I got the impression that Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com2tag:blogger.com,1999:blog-30009138.post-62479456676206831472013-07-23T15:55:00.000-04:002013-07-23T15:55:06.535-04:00Apologies For My Absence
My lifestyle changed drastically in the last year and a half (long story) and I haven't had a lot of time to update the blog.
I finally approved some very old comments (and cleared out a lot of SPAM). I do like hearing from you Cameroonian puppy scammers, but why do you guys want German IPs now? I thought you only hated the Brits. Now you're going after Germany? Be Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com2tag:blogger.com,1999:blog-30009138.post-17520806274758746262013-03-23T19:06:00.001-04:002013-03-23T19:06:17.027-04:00In what Universe?
I've been seeing these articles about the Korean MBR wiper malware everywhere.
Typical of these articles in this one on Wired, which states:
Contained within that file was a hex string (4DAD4678) indicating the date and time the attack was to begin—March 20, 2013 at 2pm local time (2013-3-20 14:00:00).
My problem: 0x4DAD4678 equals 1303201400 decimal. That value gives me a date Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com2tag:blogger.com,1999:blog-30009138.post-65999173857562731722013-02-19T14:37:00.000-05:002013-02-19T14:37:02.289-05:00Micro Center Monkey Business?
I've been going to Micro Center for a long time. More years than you can imagine. I've had some interesting experiences and been treated in some odd ways.
For instance, several years ago I went into the local retail MC looking for a video card or something. I was in Full Beard Mode and it was summer so I was wearing sunglasses, shorts, a tee shirt, and my classic pork pie hempHinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com2tag:blogger.com,1999:blog-30009138.post-32459975421040788452013-02-17T12:33:00.001-05:002013-02-17T12:38:54.233-05:00Building Obfuscated OpenSSH on Last Week's Cygwin Build
I resurrected an old but capable WinXP box for my upstairs office, which is much more comfy than my subterranean lair in the winter time. Down there I have an old, diskless IBM NetVista box (the one that used to house EXP V) that boots BT5R3 off a USB stick. Works great for doing laundry—I'm doing a lot of domestic stuff these days for reasons I won't get into—but for extended stays Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com4tag:blogger.com,1999:blog-30009138.post-66814800452431030702012-11-04T08:06:00.000-05:002012-11-04T08:06:20.124-05:00BOT House|RELOADED - Part I
At long last, BOT House is finally reincarnated. And on a much perkier Intel box with a newer, 64-bit version of Debian. The new, official name is BOT House|RELOADED or BH|R for short.
So much hardware has crashed and burned this year it's hard to keep teack of it all. First, it was the proxy project box. It died of—what else—hard drive failure. It was a strange Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com1tag:blogger.com,1999:blog-30009138.post-75402698931441917612012-05-31T12:29:00.001-04:002012-07-12T11:02:18.019-04:00Flasad32.dll
Just thought I'd drop a quick "blog turd" to get another hit from Google.
Long story short(ish): had a victim of some type of Russian malware, likely a password stealing bank Trojan. The anti-virus was clueless. Found one suspect DLL, deleted it, and another (the title of this post) appeared to take its place. When I went to Google the name of this DLL, Google had nothing. &Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-68005325387162451092012-04-18T21:23:00.002-04:002012-04-18T21:38:19.490-04:00/* Shitty globals */
This is nothing earth-shattering so I'll try to make it short and sweet. And I'll add the pertinent links later. If I feel like it.
A couple of weeks ago, the InfoSec Institute announced a privilege escalation problem with wicd in Backtrack 5 R2, which caused the BT people to go into Butthurt Mode and emit a Class 3 Shit Storm.
"Tut, tut," they proclaimed, "you can't escalate Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com1tag:blogger.com,1999:blog-30009138.post-56384681928431800172012-03-05T22:25:00.000-05:002012-03-06T06:47:22.564-05:00Running Chromium as Root on BT5R2
Well, sort of.
You can't do it. They (the omnipotent and wise developers of chromium) won't let you. If you try to run it as root, you'll get this...
You can run it su'd as a regular user while logged in as root, but it takes a little X-Fu to get it done right. First, create your user with the "adduser" command. Then, give him access to the X display with the "xhost"Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com1tag:blogger.com,1999:blog-30009138.post-30278563734734304922012-01-09T12:04:00.001-05:002012-01-10T19:11:19.441-05:00McAfee Relay Server 5.2.3 (Port 6515)Earlier today I noticed I was getting a lot of TCP port 6515 proxies on The List.
Curious, I checked one and it gave me a VIA header of
1.1 Fran-PC (McAfee Relay Server 5.2.3)
Then I took a peek at the database. Nearly 1900 of these things since December 1st, 2011. Although the name of the PC above is a dead giveaway that this is some sort of consumer product ("[Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com12tag:blogger.com,1999:blog-30009138.post-42825796597660374952012-01-02T04:05:00.002-05:002012-01-02T04:05:46.674-05:00Disappearing APs...
Related?
I wouldn't characterize the issue I've been seeing here as the access point "crashing" because it's still controllable after the ESSID disappears from the airwaves.
And of course I don't have a Dlink AP.
If I did I probably give it an ESSID of "Hlinky". :o)
If you didn't know it already, Harald is not just some random guy on the Internet (like me). If he says someone Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-5614772437292584222011-12-26T10:08:00.000-05:002011-12-26T10:08:26.034-05:00I am disappoint
That's my "oh FUCK IT" face right there.
As you know it's been a Very Bad Year for the hardware that populates DinkNET. Not a single box that was running in January 2011 is still running in December 2011. The one, tiny little bright spot in all this carnage was the fact that all the replacement hardware, a motley collection of refurbs and loss leader deals, came with 10/100/1000 Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com2tag:blogger.com,1999:blog-30009138.post-18716168475325752082011-12-25T03:47:00.006-05:002011-12-25T04:45:50.326-05:00TCP Port 36081Happy Annual Gift Day!I woke up bleary-eyed this morning at around 3AM, disappointing the cats who thought it was breakfast time, and sat down at the computer and pulled up the proxy list. I was greeted with a smattering of new proxies on port 36081.This struck me as unusual so I did a quick check of the database to see how long it's been going on.And it's only been going on for the last five Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-61800274657049321882011-12-16T12:22:00.005-05:002011-12-18T22:16:29.571-05:00PoTTY v.0.62 Testing Begins!Last week, Simon Tatham announced the release of PuTTY v.0.62 which included a security fix that seemed serious enough to fire up the old compiler and shit out a new version of PoTTY.I got to work on it last night and have the working binaries ready to rock and roll as soon as I can get them all tested.This has gone much faster than the last time. I started hacking away at 1AM this morning and Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com1tag:blogger.com,1999:blog-30009138.post-39366301330624709942011-11-20T07:29:00.003-05:002011-11-20T13:07:25.457-05:00The Unending Saga Of the Disappearing Access PointYeah... about that.I rewrote my scripts to double-check the availability of the AP. It waits 30 seconds and checks again. The "problem" disappeared immediately.That lasted about a month before it came back. Now, it dies about twice a week. Seven times since rewriting the script, and only once when anyone was at home to notice it (and no one did).It's not a power failure issue, since it's on Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com4tag:blogger.com,1999:blog-30009138.post-8266764084758181112011-11-19T14:46:00.004-05:002011-11-20T07:28:55.621-05:00BT5 on a StickA STICK!!!!I've been running BT5[r1] as a "disposable OS" almost every day on a laptop for months now, booting up from a CD. Great stuff. Boot up, do your dirty work, shut down, and all the evidence is gone.A few weeks back I installed the BT5 ISO to a USB stick with UNetbootin and tossed the CD forever. Excellent perfomance. Now it boots up fast and quiet. But there's one tiny issue: it Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com0tag:blogger.com,1999:blog-30009138.post-4088195787809565822011-10-16T12:22:00.004-04:002011-10-16T13:28:14.205-04:00Proxy Browser Round-Up October 2011The other day it dawned on me I had not run Internet Explorer for a very long time. IE9 may be better than sliced shit for all I know. I have it, never use it. It's different back at the Salt Mines. Some "intranet applications" simply barf on anything else, or flat out refuse to run.Last year, on the ill-fated Proxy Obsession blog, I proclaimed SRWare Iron as the best browser ever for using Hinky Dinkhttp://www.blogger.com/profile/06062843268103990027noreply@blogger.com3