Skip navigation

I’ve been having some fun over the past weekend getting my chops back up to speed with some wargames at overthewire.org.  So far i’m up to Vortex 9, and it’s been a bunch of fun :D.

Instead of going back and documenting 0-7 (which you can look up elsewhere), i’m going to start documenting from 8+ (which is nowhere on the web).  Here is the work i’ve done :]

First things first we need hacking music.  I recommend this series I wrote a while ago:

 

Ok, this is a reverse engineering challenge, so lets download a copy of vortex8.bin and boot up IDA to take a look at what’s going on.

We find the following execution

1. Start a new thread
2. Drop permissions from Vortex9 to Vortex8.

messthread

ccode

The only thing this new thread does is a really silly while(1) loop.

while1

while2

 

So this thread is just gonna print “0” to the screen every second.   I think I see where this is going.  Lets keep the fact that we’re calling “sleep” in mind.

The next thing the main thread does is make another call, which ends up providing us an opportunity to overflow a buffer..

callunsafe

strcpy

strcopy2

 

So overrun this 1032 byte buffer and we’ll hit the stored stack pointer & return address.  Easy enough… but we’ve got an issue

We can’t just straight execute from the stack, because we’ll be executing at “Level 8” permissions.  Instead, we need to get the thread running at “Level 9” permissions to run code that we put in the buffer.

So the other function makes a couple function calls, including printf and sleep.   Why don’t we try to overwrite the sleep function offset in the Global Offset Table, and get that other thread to start executing from this one’s stack (neat!).  We can do this because multiple threads in a single process share linear memory space.  If we had opened a separate process, we would have needed to find a way to open a remote thread/memory and write to it.  Good thing we don’t have to worry about that.

So first thing we should do is use gdb to get the GOT entry for sleep

sleepoffset

 

We’re going to overwrite 0x0804a008 to point to our shellcode on the stack.  To save time and space, my shellcode resides at 0xFFFFD26E.  You can use gdb to print out the value of ESP when you’re inside the unsecurecode function.  From there, just use the size of your shellcode to calculate exactly where it’s going to start (and how many nops you’ll need).

Lets write the assembly that’s going to replace this GOT entry and assemble it.  And then this quick little python function to display it on the screen for me to copy/paste (I use this for any thing i have to assemble & print, it’s a handy little tool imo)

sleepreplace

displaybin

displaybin2

 

cool.  We’ve got everything we need to make our final script

shell

 

I glossed over a few things.  So lets touch on that:

1. NO \x00 ALLOWED!  Your entire payload CANNOT have a \x00 in it (until the end).  strcopy() terminates when it hits a null byte, so you must ensure anything you assemble does NOT have a null byte.

2. You need to find your stack pointer and base pointer.  If you don’t realign the stack basepointer, when you RET onto the stack you’re gonna throw segfaults.  Make sure you overrun the stored basepointer with some place in memory that’s writable.

3. We’re going to execute the code to overwrite the GOT entry for sleep with the pointer for our shellcode on the stack, and then we’re going to \xEB\xFE in order to make that thread spin.   Remember, if we let the main thread die, then the program will terminate before we get to do anything with our shell in the other thread!

4. Now that we’ve overwritten the entry and started spinning, the other thread in the while loop should take care of the rest.  The next time the while loop comes around to call the “sleep” function, we should get execution of our shellcode.

lets try it out

winnerwinner

 

NEAT!

 

 

This is what I’m doing with my love in Vermont today.

utopes

I feel confident about my exam tomorrow.  I don’t know if that’s a good or a bad thing.  Fffuuuuuuuuuu-

In 2008, a pair of internet journalists had an interesting disagreement about how the internet has changed the way our minds work. In “Is Google Making Us Stupid?”, Nicholas Carr suggests that an over-abundance of information is transforming our society into a cohort of shallow information skimmers. In a rebuttal titled “Why Abundance is Good: A Reply to Nick Carr”, Clay Shirky disagrees, discrediting Carr by pointing out his nostalgia and Luddism. As a recovering internet addict myself, I take exception with Carr’s characterization of the problem. While I identify with Shirky’s overall stance, I believe he didn’t say what needed to be said: Carr sounds like an alcoholic blaming the drink for his problems.

Carr tries to frame his loss of concentration as a symptom of extensive net usage, blaming the medium for turning him into a husk of the reader he once was. He laments his new inability to sit and read long articles and books, even saddened by missing out on the infamous War and Peace. He recalls colleagues telling him of changed reading habits, and even quotes Plato’s argument against the use of written word. Despite blaming the internet for this change in brain mechanics, the only clear fact he presents is a longing for the “good ol’ days” of reading, and Shirkey takes exception to this.

Shirkey, however, spends a majority of his article criticizing Carr’s opinion personally, stopping just shy of calling him a grumpy old man telling kids how it was “in my day…”. He does take a moment to say, on the more progressive side of the issue, he rejects the idea that the medium itself is at fault. He rebukes Carr’s usage of War and Peace as an example of the public’s inability to ingest long texts by claiming “the reading public has increasingly decided… [it] isn’t actually worth the time it takes to read”. He closes by saying the internet (as a medium) needs time to show us its true genius, in much the same way the printing press changed the world over the course of decades and centuries.

Shirkey, apparently too offended by Carr’s condescension to fully articulate what he believes, suggests we simply have to learn to use it better. He notes the difficulty of the issue because the medium has yet to reach maturity. Building on Shirkey’s opinion, I suggest that society has failed to assess itself and teach appropriate net usage. Hindering Carr’s ability to concentrate is a symptom, but Carr is ultimately responsible for no longer being able to read his beloved War and Peace.

Carr certainly has a point in suggesting the structure of online text affects the way we ingest information, but he misappropriates blame onto the medium itself. He claims hyperlinks, placed mid-article, propel readers toward other sources. In doing so, he says, they also rob the subject of their concentration. Consequently, this line of reasoning also absolves the reader of any responsibility for their own habits (which is clearly Carr’s way of saying “it’s not my fault!”).

It’s easy to suggest that the net itself is reshaping the way we think and read; everything we do changes us. Carr points out a study by British Library1 that shows internet readers have a tendency to exhibit skimming-like behaviors. Still undecided, however, is what the overall cause is, or what we can do to counteract that tendency and teach ourselves how to harness such a powerful corpus. To clarify this, let’s explore the problem within a new context: alcohol use and alcoholism.

As we all know, alcoholism is a real problem with a long, long list of causes, problems, and potential treatments. One thing we’re sure of is that prevention is infinitely more effective than treatment at improving any given person’s life. If we prevent an alcohol user from crossing the line into a problem, then we never have to treat anything. To frame how this relates to our conversation about net usage, we only have to ask one simple question: if Carr’s symptoms are indicative of irresponsible internet use, then is the solution to treat people who have the problem or to educate society before it becomes pandemic? (Trick question, we should do both!)

To elaborate, as research has shown2, educating children about the consequences (symptoms) of alcohol abuse at an age when they are at highest risk has proven effective in preventing abuse from occurring later in life (to some extent). Likewise, educating recovering alcoholics on the signs of relapse can help prevent a relapse. In both cases, success hinges on how well we can teach these people to self-assess their situation and how well they can make changes to correct it. If we, as a society, can recognize that abundant net usage has negative consequences, as Carr suggests, then the solution is education, not abstinence (or worse, prohibition).

Howard Rheingold suggests just that in his book Net Smart, asserting that doing something as simple as introducing a modicum of mindfulness into our net-use habits can go a long way to maintain a healthy lifestyle. Rheingold spends nearly a fifth of his book talking about attention and how the net (and always-on media) has changed our daily lives. He recalls an interaction with his daughter, wherein she hardly looks away from her phone to greet him as he picked her up at the airport. In this case he points out how our focus of attention has changed dramatically, but he also asserts that our browsing habits also have an effect on how well we can formulate deep meaningful thought. He, like Shirkey, also believes it is not the medium itself that has forced this change upon us, but our own self-indulgence that has created an atmosphere of acceptable shallowness.

At this point you may be asking yourself, “If this is so prevalent, why do I feel relatively unaffected by this so-called pandemic?” Well, it very likely differs depending on what generation you belong to. To put it simply, the average 15-27 year old has nothing to compare their behavior to. Unlike those born before the age of the all-powerful internet, always-on media has always been there. For the generations before us, it’s probably surprising to find research online turned into an everyman-everyday activity. Interestingly, however, the symptoms of over-exposure to the net are relatively similar regardless of generation.

I can relate to Carr, I’m the shining example of a recovering net-addict. Since the peak of my “Internetism”, how I interact with the net has changed drastically over the past half-decade. At 20 years old, I was about as motivated to read a book as a 13 year old boy being told to read A Tale of Two Cities while staring at an XBOX (actually that’s not too far off). I would agree with Carr, asserting the problem was caused by over-exposure to internet media, online forums, and attention grabbers like facebook. My habits began to turn around while studying at an acting studio. Scott Rogers3, my coach, suggested a simple attention adjustment exercise: no TV for one month. During that month (unsurprisingly), my concentration, attention to detail, and all-around personal accomplishment skyrocketed. Since that exercise, I have cut cable service, started reading books regularly, and most importantly started metering how (and how much) I use the internet. I’m unsure that it’s purely a result of less net usage, but it was certainly part of my solution.

If the “No TV” approach sounds drastic to you, there are small steps you can take right now to adjust your concentration. When facing an article filled with mid-text URLs (usually citations), open the URL in a separate tab and return to it after reading the article. Two things might surprise you. First, authors often take the time to summarize the article anyway, and you will (usually) decide not to read it. Secondly, you will have obtained a better grasp of the author’s opinion, and potentially formulated an opinion or your own, prior to reading further. That’s what Carr suggests is disappearing.

Although I easily identify with Carr’s experience, it’s likely that Shirkey’s analysis of the overall situation is correct. I was able to reverse the process of diminished attention through years of study in areas that require ingesting long texts, analyzing complex information, and formulating opinions through sustained deep thought. These are all abilities Carr laments losing. If it was simply exposure to the medium itself that caused issues, I would still be an addict.

Varying types and severities of net-addiction have cultivated Carr’s society of skimmers. This isn’t the internet’s fault for merely existing. This doesn’t mean the internet is bad for us, or that being on the computer 8 hours a day is a problem. If we teach our society responsible net usage, maybe we’ll see less “Internetism” in the future. At the very least we’ll be a little more conscientious of our use.

1. http://www.jisc.ac.uk/media/documents/programmes/reppres/gg_final_keynote_11012008.pdf
2. http://www2.potsdam.edu/hansondj/YouthIssues/1116635269.html#.UkjxSWTwI9U
3. http://scottrogersstudios.com/

It’s 2pm. You’re sitting in a meeting with your boss, his boss, his boss’ boss, and his boss’ boss’ boss. Powerpoint slides are whizzing by at the speed of molasses riding a snail in the winter. The five hour energy you just drank has given you jitters but has done nothing to prevent your head from slamming into the table. You think to yourself, “why can’t we have napping pods like at google, those are bad f***ing ass.” If only your boss understood the value of sweet, sweet catnaps.

I had a particularly interesting time learning about how employers believe our days should be consecutively productive, because the military is often blind to common sense. In the new-age military, the average middle-manager is more concerned with “professionalism” and how they are “perceived” than he/she is with their worker’s mental health, or even something as simple accomplishing anything worthwhile. What’s more, the powers that be have dictated sleeping in uniform is forbidden. Some of the hardest working and heavily stressed people in the nation, our soldiers and sailors, are being asked to fight against their body’s natural biphasic sleep cycle every day.

That’s right, according to sleepfoundation.org1, “Humans are part of the minority of monophasic sleepers, meaning that our days are divided into two distinct periods, one for sleep and one for wakefulness. It is not clear that this is the natural sleep pattern of humans.” They even quotes a study in which NASA astronauts and military pilots “ improved performance by 34% and alertness 100%” after a 40 minute nap. If naps are so effective at improving performance for the most dangerous jobs on earth, why aren’t we mandating that everyone nap?

Have you ever seen those 5-Hour Energy commercials, where the post-lunch crash is highlighted as the problem? If you found yourself relating to the plight of those actors, I welcome you to the group of socio-normative people who are convinced they must fight against nature. Ask yourself a question: “When have we ever fought nature and won?” I charge you to join the fight for glorious catnaps, and sign my petition at WhiteHouse.gov for an institutional siesta. If not for you, the do it for the soldiers and sailors out there fighting for a Google employee’s right to nap in super-expensive high-tech napping pods2 .

Uncle Sam wants YOU… to nap!

1 http://www.sleepfoundation.org/article/sleep-topics/napping
2 http://www.metronaps.com/

It’s strange, I chose to attend this University, and I chose to study a specific program.  I did not however get to choose which classes I got to take (sort of… I convinced them to let me take another required course instead of a gen-ed requirement, in order to get some of the lower-level CS stuff out of the way).

So there is a mixture of choice, and non-choice.  While the topics I’m studying are certainly not my choice… the overall field is.  For some people, this would probably prove to be frustrating.  Likewise, there is a 1 credit seminar they are making me take (well, I could petition out of it… the process would be painstaking, though), and that class looks to be nothing more than me reviewing presentation and living techniques that the military condensed into me over the past 6 years.  The likelihood of actually learning anything other than how to teach people what I already know is very slim.

So other than that… I find myself happy to get up and go to class.  Ok, happy is a bit strong, but it certainly isn’t PAINFUL to go to classes, and I often enjoy the conjecture the professors have to share.  The topics are interesting, even though they’re not necessarily something novel to me.

This is a huge change from how I worked in the navy however.  It was drudgery, day-in and day-out.  I remember one specific time in my career when I was actually HAPPY to go to work, and that was when I was a developer in hawaii, working 6am-2pm, in charge of managing a system I built, and now allowed to work on my own pet projects.  I had other responsibilities, like training people and essentially “selling” our “product” to admirals and stuff (i did tons of briefings for visiting VIPs), but it was just the cost of being given a little autonomy in my work.

Now… even the drudgery seems negligible compared to what i’m getting out of it.  I don’t know where the drive to work is coming from, because I always considered myself a slacker.  Now I find myself working at a pace I’ve never done before.  Maybe it’s out of requirement, maybe it’s out of necessity, or maybe the military did manage to instill some level of work ethic in me.  Who knows.

But somehow, even with all the work I’m doing… this work is enjoyable… my mind is blown!

I’ve had about 5 years of experience as a professional network analyst and systems developer, but without the academic background of a college degree.  I was afforded the opportunity to learn my “trade” through directed hands-on training; sometimes it was in a classroom setting, sometimes it was on-the-job.

I’ve just completed my first week of full-time college after these 5 years, and i’m finding my initial reaction to be much less loathsome than I expected.  I’ve been thinking about whether or not tunnel-vision vendor training is actually worthwhile in the face of an extremely technical field, and I’m really starting to see the two accomplish different feats.

Vendor training: a directed, tutorial based approach designed to pass on a defined set of skills.

College training: an intellectually challenging approach to passing on the skill of learning how to learn about whatever it is you choose to learn about… also some directed, tutorial based approaches designed to pass on a defined set of skills.

Seems really dumb, but in reality, the difference between the two: time

It seems to me, at first glance, that the amount of time between topics in college is at once both short and long.  On any given class, on any given week, you may cover three distinct topics. Density may vary, but this can be fairly challenging, even though the amount of time between topics is sufficiently distanced (24-72 hours between topics).

In vendor training, I’ve had what one might consider a years worth of masters level education in 3 months, 8am-5pm, monday through friday.  Yes, it is as painful as it sounds.  However, the focus required to successfully pass and apply the skills being learned is nothing to scoff at.  It’s something a student accustomed to college life would likely have trouble with.

I would submit that while the two approaches are similarly effective for learning a base of knowledge and mastering a set of techniques, the two approaches produces very dissimilar people (as a general rule, not a definitive one).

The college approach to teaching these topics is enrichment based, which means a wide variety of topics are being introduced simultaneously (4 classes + 3 topics per week per class = 12 topics per week), allowing free-flowing thought to connect (or not connect) them on an individual basis.  Application of said skills may or may not be a priority, as long as they are able to prove they can comprehend the underlying concepts.  This is why you have some computer science undergrads who obtain their degree, but never learn to apply their knowledge effectively (otherwise known as “program their way out of a paper bag”).

The vendor training approach to teaching these topics will produce a person who can competently reproduce the results of a skill they learned, and MAYBE expand the application of these skills beyond the realms of what they were taught.   This means we can enjoy effective analysis of a pre-defined set of data, but if we introduce new data or a restructured version of the same data, we’ll have to retrain the analyst (to some extent) to perform essentially the same task.

Now that said, I don’t believe it is valid to surmise a college graduate will be more valuable that the vendor trained professional in the long run.  A person with years of on-the-job experience gained during the time a student spends in college will be immediately, and sometimes profoundly, influential when pointed at solving problems they have become adept in.

On the flip side, it would also be invalid to suggest a vendor trained professional is a replacement for the average college student.  While there is a number of work-habit factors to consider, and a potential for natural pre-disposition to develop said work habits regardless of background, it is clearly truthful to say the average college graduate will research a problem more effectively and more reliably than the average vendor trained individual. (I’m speaking of legitimately earned degrees, not fraudulent degrees earned through cheating or other dishonest methods.)

While it is possible for a vendor trained individual to obtain similar research skills, the path to reach it is clearly… well… unclear.  They are likely being taught by people who have developed or learned this skill, but they are not often being taught the same process of critical thinking.  The culminates in vendor trained analysts believing their jobs are easy, and that they could be replaced by monkeys.

For those of you who identify with this last statement, I can assure you that your job is neither easy, nor replicable my monkeys.  For one thing, monkeys don’t bitch about how much they hate their jobs.

We’ll continue this dialogue later…

I GOT A SHAVE! 😀
(a professional barber shave)

burd

I don’t have a date for these entries, but I remember doing all the prep and imagination work about a full year and a half before I ever did the scene.  Things fell through will my partner and I never got to do it originally.  It resurfaced a year later when I wanted to do a scene with Julia Levanne.  She was magnificent in it, and we had quite a blast.  If I remember correctly, the only note Scott gave me was “I wish you would have just sat down and stayed there”.

Background:  Chris Keller returns from World War II (after seeing some real shit, let me tell you), and calls for his (dead) brother Larry’s girlfriend to the house to ask for her hand in marriage.  Long story short: it’s been years since Larry died, Ann moved on, fell for Chris.  In this specific scene, Chris finally grows a pair an kisses Ann, but not before recalling a particularly sad story about the men he served with.

For my imagination work, I wrote up a bunch of backstories to the people he served with, and a short passage regarding how the firefight started.  I’ll probably post them (with revisions) over the course of the next few weeks or so.

 

Private Martin

I took my family for granted.  They were as much my brothers as they were soldiers.  They sacrificed everything for me.  ME.  Now I’m here, living, reaping the benefits, living a day to day life earning a paycheck.  That paycheck is nothing but blood money to me.  I’d give it all back for any one of them.

Martin gave me his last pair of dry socks.  The skies had been drenching us for the past 72 hours, at least, and there wasn’t a patch of solid earth around us.  Our tents offered little protection, every morning we dug them 3 inches out of the mud.  Somehow this Private managed to keep a single pair of socks dry.  This 18 year old kid from Boston, never camped a day in his life, had given me a god-sent relief to what was quickly becoming trench foot.  

Happiness is a dry pair of socks.

I was always partial to Martin.  Maybe it was because he tried to suck up to me, or maybe it was that he was the little brother I never had.  Having been in Larry’s shadow most of my life, I saw myself in Martin.  People picked on him, played pranks, and he usually just kept quiet and took it.  He never started trouble.

That day, as I ran back to camp, he ran toward me.  Hellfire raining around him, he called for doc.  He was more worried about my hand than shooting back.  We hadn’t made it more than 6 steps back into camp before his neck exploded, spraying my face with blood.  He collapsed to the ground in a heap, nothing but terror and pain on his face.

I picked him up, bleeding everywhere, and rushed him 15 paces further to where doc had bunkered down.  I had to slap him and point at Martin, yelling at him to stop worrying about my hand and fix him.  He stared me dead in the eye and shook his head.

I looked down at Martin, as he gasped for air over and over, each time weaker than the last.  With his last words he said “tell her…”, as he handed me a necklace.  Her name was on the back.  I knew who she was.

We all knew who she was.