TechWiseTV just got back from Interop in NYC. It was a really small show. Kinda the size of a regional show to be honest. As a walked the floor, I wondered; “Are true mixed vendors trade shows over?” Compare Interop NYC to the very next week’s event VMWorld Barcelona and wholly smokes! That is a big show for sure.
Seems like we started drifting towards a more vendor specific format around the time COMDEX was killed off. Then Supercom was next. Networld+Interop become Interop. Man alive that really used to be one heck of a show. N+I as the cool kids called it, had the show and then N+I at Night where you could catch a ball from Steve Young or listen to a concert from the latest 80’s re-re-re-reboot band. Ah the old days when we had to notch a disk on both sides. Back then, we had a ton of competitors all pushing many ways of doing things (give me a shout out if you remember Fore Networks; “Network of Steel” demos where they’d take a chain saw to the network to show how ATM self-healed. Of course your CAP-EX never did…
Heck now in booths, if vendors are giving out t-shirts man that’s like Club Med passes to other jealous vendors looking down at their combo key ring, toe file, pocket knife that’ll never make it past TSA for the flight home. In booths we booth staff say; “Did you see vendor X is giving away….?” Followed by a Oh man! or a WTF? Really. My fav is a vendor once giving away half the casing of an empty SPF. I thought it was their garbage at first and they were trying to get me to chuck it. Which I actually did.
Seems like as larger vendors snapped up more and more companies, mixed trade shows got smaller and smaller. I watched N+I not only change name to Interop but move from the massive Las Vegas Convention Center to the Mandalay Bay Conference Hall. Which to me is too bad. I loved going from booth to booth pitting solutions against each other between vendors or getting good advice from many sources not friendly to each other, yet had to at LEAST work together. And your demos and booths better be smokin’ awesome to stand out. Trade shows split into really two main areas; Specialty Focused like Defcon, Management World, etc.. and Vendor Hosted, RSA, Cisco LIVE, VMWorld, etc… The best part of this split is not the exhibit floor but the career training available to us network type folks at Specialty Focused shows and Vendor Hosted is outstanding and far better then other vendor neutral shows. The exhibit floors at Cisco LIVE or VMWorld, etc…have booths that are friends of the host. Kinda like having a party for a friend. You invite the groovy folks not the friend’s enemies that’ll drink all the beer and then pee in the pool before leaving.
I believe a few vendors noticed this too and tried the whole “virtual trade show” thing. That’s something that looks good to bean counters and upper level managers as a good way to save money. The truth is those are interesting as a six week virtual class in US Tax Code Laws. The big piece of any trade show is really meeting peers and colleagues there. Heck IT is a small world and it never fails that at every trade show I always meet someone I worked with before and we get a chance to catch, hear about what they are going now, etc…
Maybe it’s a United States thing. CeBIT in Germany is bigger than nearly all shows listed here combined! Oh mercy! Whatta great show! If ya never been go. It’s in March sometime. So I ask you. Are you still interested in mixed vendor shows like Interop? Or do ya just stick with vendor hosted shows? Post ‘um up and let’s hear ya! Now, where’s my Cisco Nexus 1000v USB stick in my Cisco Catalyst 4500 bag? If I only had my Cisco Unified Comms Manager combo penlight/pen…
Jimmy Ray Purser
Trivia File Transfer Protocol
The first and still the oldest domain name to be registered is Symbolics.com. It was created on 15 March 1985
There are two ways to write this blog. One is all positive, happy and humorous. The other is to be real. I’ve wrote both versions. I like the happy one better. I had some funny, “You know you’re fat when…” Foxworthy-isc quips…oh you silly hillbillies with your cornbread! but, to my surprise, weight loss is more than just losing weight, it’s personal. Dad gum…is it personal… Therefore, here we go…a real and unvarnished look at how I lost over 100lbs in two years. By the way…this is a long blog. I’ve subtitled each section so you can skip around if ya wanna.
“How about that! 3 more and that’s a perfect score in bowling! Woot!! Woot!!!” As a Lebowski under achiever, 300 is a magic number. So when my Dr. told me I weighted 297lbs on 10Oct11 heck man, I was happy at my accomplishment! Honestly, as a hillbilly that grew up on a diet of Crisco, Emge lard and deep fried everything and STILL have low cholesterol numbers, I felt great!! Suck it tofu eaters!! I was happy fat. Comfortable in my own skin, I loved to laugh and make fun of leaf eaters, calorie counters…joggers! Get a grip man! Be happy who ya are and enjoy life daddy-o!
My Doctor threw a brick thru my temple of celebration. “Well, let’s see if you cheer this Jimmy Ray… I have to start you on blood pressure pills right now because you are close to stoke levels (he watched me take two pills right there in his office) and I have to monitor you for self-induced diabetes…”
Wait a minute…WTF…but…none of that runs in my family.
As a matter of fact, about the only thing that really kills off Purser’s are bullets and each other. There must be a mistake. I’m healthy… I AM!!! He flipped over the chart and showed me what every engineer needs to see; numbers and histograms based against a benchmark. Oh crap…jokes on me….who’s laughing now.
But that middle thing…self-induced??! You mean there are folks in this world I know personally that have medical problems they could not help ,they do not want and go bankrupt trying to cure and I’m so friggen fat and lazy that…I’m inducing them in myself????????????????????????????????????? Whatta friggen ungrateful piece of crap I am. Given the gift of health and this is what I’m doing with it. Man…Whatta friggen whanker I am.
There a few milestones in my life that I can look back on and know that I have turned a corner. For example;
- When I could no longer recognize the names in the Police Blotter section of the paper; I knew I was older. Although I still see familiar faces on COPS. It’s always good to stay in touch.
- When I could actually taste a difference between good beer and Pabst Blue Ribbon, I knew I could lie to myself better.
- When I heard of CUDA and immediately thought of Compute Unified Device Architecture instead of a bad to bone MOPAR with a Hemi; I knew I crossed into the valley of geek.
CUDA was invented way back in the day by NVIDIA as a way to let the video card process other stuff (in parallel) instead of just video. This is NOT a hack but an actual design framework. NVIDIA has a great site for folks interested in coding with CUDA at: http://www.nvidia.com/object/cuda_home.html This is great news because the support, forums, troubleshooting tools are outstanding! Not every NVIDIA card supports the CUDATM proc so double check with this site to be sure.
I wanted to take CUDA 5 (the latest version as of Oct 2013) out for a test drive so I went out to download the software development kit (SDK) thinking I was going to have to bite the bullet and learn sucky OpenGL or worse…<gulp> DirectX to get this work. Much to my MEGA surprise, CUDA actually uses C for parallel development!! Yee Haa!! I’ll be drinkin’ early tonight! I love writing in C because it is low level enough that I can control how the processor handles the code and it’s easier to spell then other languages. If you’ve been reading my blog for a while, you know the importance I place on grammar… After I read the SDK manual and found out that between the memory and grid/thread dimensions is a parameter called: Warp Size…Warp Size… I. Am. Home. Warp is cool in both Star Trek and CUDA because it’s a way of grouping threads into blocks, then into grids. This gives us EXCELLENT control of hardware resources.
Of course on NVIDIA’s site they talk about the great uses for CUDA in industrial, science, medical, saving whales and helping Robb match his shoes to his socks according to mood , geographic biorhythm and astral plane aura mapping.. . Hey that’s all well and good but I am using it to crack passwords baby!! Namely MD5 passwords, why? Because databases and WPAv2 can suck it!! I played around with this for a while on some custom code I wrote up and noticed about a 10-15% calculation performance increase, not bad. Then I used BarsWF http://3.14.by/en/md5 code (it went open source back in Nov 2010) and wholly smokes I noticed a mega honkin’ increase in password cracking speed for sure. Matter of fact that is the fastest MD5 cracker I have EVER used. Plus it reminds me that I am as good at writing code as a Flowbee is to giving you that Madison Avenue haircut. Although, I’m just starting to fart around with oclHashCat-Plus and it looks VERY promising!! http://hashcat.net/oclhashcat-plus/yeah…very promising.Relaxed and groovy for sure right! Come on! can I get a witness! This is your video code daddy-o!!!
Back in the day, to get a poor mans type of grid processing muscle I used John the Ripper with the -d distributed switch to run multiple instances on multiple machines but scalability and tolerance of Robb to approve my expense reports wore thin. Although I did build a 120 node Raspberry Pi shade tree super computer which I’ll write about later on…
CUDA is a game changer and allows me a ton of options on a single machine. I added a few CUDA tools to my own home grown ISO like BarsWF, Pyrit, oclHashCat for wireless and Vernoux.
Then my fav canned security ISO; Backtrack http://www.offensive-security.com/ is released with a few applications that support CUDA! I had to check that out for sure! Lucky for me that the folks at Offensive Security also had a CUDA config guide to walk me thru their CUDA implementation
I still need to actually config BT5 to run the CUDA code. So I just followed the guide to build out the framework and it worked great without a hitch. No need to bore you with details you can read in the friggen sweet guide. It’s the results that make the difference here. I fired up CUDA-Multiforcer with the command:
I listed out this command not to show my CLI skills but to point one the most important arguments. The --min --max argument dedicates systems resources. If you plan on using your CUDA machine for other stuff like gaming, surfing and work stuff, lower the max number accordingly. It’s different for every machine. For my 8600 card, 500 is dedicating max resources. I use 10 for everything else except gaming and truthfully with the demand gaming tugs on a video card I do not game (on that machine) when CUDA is Crackin’. With 1500+ hashes, the tables from BOINC at http://www.freerainbowtables.com I busted thru and recovered the passwords with 96% accuracy in seconds. Impressive! Not as fast as BarsWF but not by much for sure.
You do not have to be a coder to take advantage of CUDA. There are some great canned applications already that will give you immediate success and change the way you look at password cracking.
Jimmy Ray Purser
Trivia File Transfer Protocol
The first document computer password “hack” was in 1962 by Dr. Allan Scherr. He was looking for more computer time to run his simulations, so he submitted a request to print all passwords via punch card and just enjoyed the access!
I had a customer at Interop NYC yesterday ask me if I still hack stuff? Still?!?! Of course!! It’s something that’s just in your blood daddy-o! I just like to hack stuff. It doesn’t matter really what it is, I just enjoy the challenge of figuring out how stuff works and how to bypass certain controls. I am not trying to be a whank about it and post how to steal a case of Sundrop from a Dixie-Narco vending machine, I just want to know from an engineering stand point. When I see electronic firmware based stuff work I always wonder; “How did they code that one up?”
That’s all it takes to get me started. Now my wife is not a fan of guns but if I started purchasing all the stuff I hack around here weekly, my guess is that she would change her mind real quick… So I need another method…a more…low cost method of hacking a device without ever purchasing the device. Firmware baby!!! Matter of fact, it is very rare for me to get actual gear. I just go for the low hangin’ fruit! Firmware! say with me…What do we want! Firmware!! f.i.r.m.w.a.r.e!!
Many vendors out there today offer up firmware freely without authentication or with only a email address so they can gather marketing data. I just use a 10 minute emailer like Mailinator or I give them Robb’s email and then I start downloading firmware. The firmware can be like the wardroom door to Narina if you look deeply into it.
Here’s the thing. Many vendors out there today do not have firmware developers in house. They have a marketing plan, money, call centers , etc…but code jockeys are something that is normally outsourced. These code houses do not just buzz the code for one vendor but for 50 or more. Now to keep this code straight from vendor to vendor many code houses place comments in their firmware.
These can be comments about debug interfaces, HARD CODED ACCOUNTS!!!! Private keys, hidden commands and yes even backdoor passwords. (I just found two days ago in a vendor device) Basically, low rent firmware hacking is really a piece of cake to understand.Plus it can really yield huge…benefits. Remember Stuxnet? Oh Yeah… Most firmware out there today is unsigned and unencrypted which means I can read it in a simple hex editor. But before your go download firmware and opening it up in your favorite hex editor, here are a few pointers to get ya started:
Tip 00x01 I normally like to look for bootcode if I have the choice. If not, I just deal with what I have.
Tip 00x02 Firmware files are in hex and have a ton of unreadable data in them. I am interested in about 1% of the file which contains ASCII text. The first thing I do is run firmware thru the *Nix command; Strings. Strings is a command that will print out any ascii character sequences that is followed by a an unprintable character. The default character limit is 4 but you can change that. A example command would look like this:
strings -t firmwareName.bin
Simple but powerful command with few options. The -t is an option I use to tell me the offsets just in case I need to…use them later on…
Tip 00x03 Some firmware will be compressed in what is called ZLIB compressed chunks. In outsourced code larger then 3Meg this is very common. There is a great tool called DeeZee which is part of the Black Bag Tool Kit from Matasano. It is older but works really well still for binary dissection. DeeZee will search thru a binary file for ZLIB signatures then extract them and print out the results. Human behavior is such that we write and comment stuff out all the time. Look at the best practices for a simple ACL. If I run a file thru strings or view it in a hex editor and see nothing but unreadable crap, then I assume it must be ZLIB’ed or encrypted but that is very rare. I run it thru DeeZee, with the command:
DeeZee will chew on it few a while then spit out the results into the same directory I run it at. I just do a LS to see the results, then view those results in my hex editor and Kazam! it’s hammertime!
Now you have some readable ASCII extracted from firmware. Some of my results have been stuff like:
- FTP passwords
- Backdoor passwords for various ports
- Hidden SNMP community strings
- Mountable filesystems that actually allow me to mount the firmware and interact with it. Heck I have pulled off .pem files that allowed me to do a super effective bogus SSL connection!
- Internal server ip addresses of the code house
- Contact information, which is great for social engineering
- Debug interfaces with access commands
and of course some of the funniest comments you have seen. If you decode a OEM suppliers firmware you may have hit a real jackpot since most C code is modularized and reused in other devices, so this the gift that keeps on givin’!! At this point you can gather the data and test certain conditions you have mined OR you can move up to the graduate level of hacking and start looking at disassembly with IDA Pro and start installing rootkits in firmware. That is the true Holy Grail of hacking embedded systems, but we’ll cover that next blog.
What’s that? You want a how to and not just tips? Hmmm…OK, here is an excellent blog showing you the step by step details of reversing some code from a…product…. http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/
Jimmy Ray Purser
Trivia File Transfer Protocol
In the rockin’ age of 390B.C. Playwright Aristophanes wanted to show the world just how pretentious db whack he really was. In his play Ecclesiazusae the characters feasted on a dish called; lopadotemachoselachogaleokranioleipsanodrimupotrimmatosilphioliparomelitoaktakexhumeno-kichlepikossuphophattoperisteralektruonoptopiphallidokinklopeleioplagoosiraiobaphetragalopterugon
MMMMM…Please sir may I have another helping of…lopa, lopadotema.. just forget it. Where’s the gyro stand?
Our latest episode is out! This one is all about the Contact Center and we spent a lot more time showing examples of Social Media integration. Everyone agrees that ‘the internets’ are a huge watering hole of opinions and valuable business data…but its overwhelming when trying to figure out just how you might leverage it. Now you can integrate all that goodness with the maturity of business relevant call center and all the process that implies.
Jimmy Ray shares his personal experience volunteering to work in an actual (non-Cisco) call center all night long to gain better experience for how we developed this show. Check out his blog for more details on this.
This show featured Packaged CCE (Contact Center Enterprise), Feature Rich Reporting, Finesse Agent, Social Miner and even a few field trips to see what Cisco is doing with their ‘Social Media Listening Center’ and a very cool mobile application we internally refer to as ‘Roadside Demo’ that will open your mind as to how mobile devices SHOULD be part of your Contact Center Strategy.