I’ve recently started playing one of the wargames called ‘IO’ hosted at www.smashthestack.org.

If you’ve not heard of them before they host a number of games to test your skills at computer hacking, programming and your in-depth knowledge of how computer systems work.

Each game is hosted on it own server which you access via ssh. At the begging you are provided with the username and password for level1. It is your task to complete the challenge set for you in that level. Once completed you will have escalated your user privileges to that of the subsequent level, allowing you to read a file in the next levels home folder containing it’s password. Once retrieved you can log out and back in with the next levels username and password and attempt the following challenge.
Although for a seasoned pro’ the first few levels of ‘IO’ are probably considered easy they  are still tough enough that significant knowledge is required to complete them.

The first level consists of a program which asks you to enter a password. Depending on your input this will then either output “Fail.” or “Win” along with a new shell running as level2 privileges.

The aim of this task is to analyse this executable  file and extract the password string contained within. I won’t reveal the solution but one approach would be to debug the program with gdb, find the code which does the string comparison between your entry and the correct password and then to read the password stored at the memory address. The other approach is much quicker but maybe slightly defeats the point of the level as an introduction to gdb.

The second level consists of a programming  and maths challenge. The level2 program asks for a password which consists of the results of a range of numbers in a specified series, joined together one after the other as a string.

#level2@io:~$ /levels/level02#Append the 39th through 42nd numbers in the sequence as a string and feed it to# this binary via argv[1]. 1, 2, 3, 5, 8, 13, 21…#The 4th through the 7th numbers would give you 581321

I completed this by creating a python script to create the series of numbers needed, concatenate the appropriate ones together in to a string and to give that as an argument to the level2 executable. Win.

For tasks like this you may find it quicker to do the codeing on your own machine and then upload to the io server. To do this you can use the ‘scp’ command from the terminal. (you can download scp for windows from the putty website).  First create a directory in the io server /tmp folder.

Give it a hard to guess unique name as although directory listing is restricted on the server and others can’t see your folder name if you use an easily guessable directory name others could still access it by chance.

While logged in to the io server type, ‘mkdir /tmp/mydirname’. Replacing mydirname with your unique directory name.

Then from the terminal on your machine you can upload files as such;

scp -P 2224 ~/files/level2.py level2@io.smashthestack.org:/tmp/mydirname/

The command is broken down as follows, ‘-P 2224’ specifies the port number as io does not run on the standard ssh port number, ‘~/files/level2.py’ is the location of my file to upload on my machine, ‘level2’ is the username with which I want to connect to the remote machine, io.smashthestack.org is the remote server address, the ‘:’ separates the remote server address from the final part which is the location on the remote machine to store my file.

I’ve just started the 3rd level and upon running the level3 program it instantly seg’ faults. Here in lies the challenge. Hopefully this should keep me occupied for a while.

To join in yourself connect to the io server like so;

ssh level1@io.smashthestack.org -p2224
password: level1

(linux and os x)

From windows you will need to download an ssh client like this… (putty)

Here is a snippet from the ./README file you can view when you connect.

Welcome to the IO wargame at the smash the stack network.

You have done the hard part and found our realm. Here we allow you to play with classic, and up to date vulnerabilities in software. Since many of you may be unfamiliar with how a wargame works, we will give a quick introduction in the following paragraphs. If you are an experienced wargamer, all this will be familiar to you so you might want to skip to the last section which iterates the specifics of this game.
The problems will be presented to you as a series of programs. Which will vary in size from a few lines containing an obvious bug, over to larger, and finally real software. The point is always to exploit this bug in such a way that you can grab control of the programs execution and make it do what you want. For example you will often want it to drop a shell.
The way this works is that the binaries are SUID binaries (http://en.wikipedia.org/wiki/Setuid). This means in short that they run as a different user than you do. The point is to grab control of the program and make it execute your own shellcode. Which will in turn allow you to read the password for the next level.

Once you have completed each level you can add your ‘tag’ to an html file which can be accessed from the wargame website. This is your proof to the world that you completed the level. As a word of warning do not view the tag page in your browser with JavaScript enabled. Remember this file could contain anything previous level winners have entered so it could have potentially dangerous or annoying consequences for anyone who fails to heed this warning.

If you’d like to see proof that I completed level 1 & 2 so far you can look for the tag ‘retrop’ in the respective tag pages. Once again do not click these links with JavaScript enabled. Level 2 tags (do not click without reading warning), Level 3 tags (Do not click before reading warning).

Sticks and stones……….

Well I thought I’d throw up a quick post about my latest catastrophe.

I was running late for work on Wednesday and hence riding my bike with more haste and less care than I should have for an icy morning.

End result, I turn a left corner at a fair speed and go over a patch of black ice. My tires loose traction and before I have time to blink I’m smashing in to the ground hard. Very hard.

I’ve got nice scrapes and cuts all up my left side and a few cracked ribs along with a broken wrist on my right side where I reached out to stop my head smacking the tarmac. Before you ask, yes, I was wearing a helmet.

Despite whatever gripes people may have with the NHS A&E, I was in and out of the hospital along with my arm in a cast in two hours, give or take a few minuets. I don’t think that’s too bad and the staff were all incredibly polite and helpful.

I was back in work the next day but it seems people were right when they said that I’d feel worse before I feel better. Yesterday and today have been excruciating and I’ve been unable to do much but grumble and moan. Mainly the pain is from my ribs as there is almost nothing that doesn’t seem to aggravate my injury to them, especially given the fact that my only good arm is my left. This puts extra stress on the left side of the chest which I had used to test the strength of the tarmac with.

Oh well, lesson learnt I hope. Being a few minuets late for work is better than spending a few months in a cast.

This entry also hopefully serves as an excuse as to why I’ve not posted my update on Python GUI’s also. It’ll be up soon but I’ve not felt in the mood for anything productive due to the pain I’m in.

TKinter – Delving in to the world of Python GUI’s.

So today I’ve set myself the task of getting to grips with GUI’s in Python.

I’ve started as I always do with a google search and I now have about 50 tabs open, waiting for me to pluck up the courage to start delving through the mass of information and trying to sort the cruft from invaluable.

So far I’ve found that I can forget about wxWidgets as there is no sign of Python 3 integration in the near future. This leaves me it seems with only TKinter and possibly QT4/PyQT…….

Anyone know different?

Stay tuned for my next blog, where I’ll detail what I’ve found and which websites I found useful.

I’ll also soon blog about why I’ve decided to go with Python 3, rather than the more mainstream and accepted 2.xx.

Installing Python 3.1 from Source code on OS X with readline

So I recently took it apon myself to try installing Python 3.1 from source code on my Mac laptop.

As soon as ‘make’ had finished I was presented with a message telling me that several libraries which would be required for extra functionality were missing.

One of these was ‘readline’. If you don’t know what ‘readline’ does, it provides the functionality inside the Python interpreter similar to that in Bash or Doskey. Just to mention one of the small but important feature it allows you to be able to press the up and down arrow keys to scroll through previous input. If you intended on using the Python interpreter interactively this is pretty much an essential.

OS X does not contain the GNU readline library and instead uses a replacement called editline due to licencing issues.

It’s been a few days since I performed the install but I hope my memory serves me correctly in detailing the steps necessary to get Python compiled and using the readline library. Please leave comments to the contrary if you believe I’ve missed out any step and I will try to plug-in the blanks.

Please note, to compile programs from source on OS X you will need to install X Code from Apple. This is the Apple development environment which bundles their IDE, libraries and such along with the GNU C compiler GCC.

The first thing I needed to do was to download the ‘readline’ library. I did so by downloading readline-6.1.0.tar.gz from http://pypi.python.org/pypi/readline/.

Once downloaded and extracted, I opened up the terminal and navigated to the ‘~/readlin-6.1.0/readline/’ directory.

Here I ran the command ‘./configure’, this checks your environment for prerequisites required for the compilation and then configures the make file for the build as appropriate.

Once this has completed successfully, you should run now run the command ‘make’. Again this should be done from the terminal in the same directory as before. Your computer will now be compiling the ‘readline’ library.

Presuming all steps have been successful so far you can now type, ‘sudo make install’, again from the terminal in the same directory. You will require admin permissions for this due to files being copied to protected directories. You have now installed the ‘readline’ library we have just compiled.

Now that we have built and installed the library, you can go back to your Python source code folder and compile and install Python 3.1 as instructed in the Python documentation.

All going well, you will now notice that at the end of the compile it will no longer complain about ‘readline’ being missing and your Python interpreter, will now work as intended with the correct functionality.

Welcome to my blog

Welcome to my blog. I will be using this space to write about and catalog my musings on technology, software, music production, programming, Mac OS X, Linux, Windows and anything else which happens to take my fancy.

My hope is that my blogs may be helpful and informative to those following in similar footsteps. If I can help some save time in whatever task is at hand or help point in the direction of a reference which helped me in achieving said task then great.

Professionally I work as a network administrator for both Windows and OS X network environments in an academic setting.

At home and on the move I use my MacBook Pro running Snow Leopard (10.6.x) along with Debian and Windows virtual machines installed and running side-by-side.

I use Logic Studio 9 for my amateur music production.

I use a number of programming languages in my spare time and in an attempt to help automate tasks at work but I would not profess to be anything more than a keen amateur in any of them and I’m sure my code leaves much to be desired. Regardless of this, I will still try to blog about things I’ve learnt, references I’ve found, problems and solutions that I’ve stumble across in the hope that they may be useful to others like myself.

The languages I’m currently focussing on are Python 3.1 and Objective-C  / Cocoa.

I’ve also recently started to learn about electronics, having bought myself several beginners books on electronics and Arduino, a starters electronics kit and an Arduino Duemilanove, an open source programmable prototyping board with a AVR microprocessor which can be programmed via USB and a simple C-like language to interface with a number of electronic components. Most importantly about the Arduino is it’s cheap. My Arduino board costing a little under £20. Arduino seems to have a lively online community and I’m really excited about getting to grips with it and realising my ideas in hardware.

I aim to blog about things which I have done, or that I have found interesting across all the fields mentioned and in any other areas of my life which I feel compelled to write about. I’ll be doing this to catalogue my experiences for my own future reference, to help others with similar problems and to help proliferate the spread of knowledge in any small way I can.

If you’re wondering where the name for my blog comes from, it’s my surname written backwards. Nothing more mysterious than that I’m afraid.