I spent a good three hours yesterday fighting flash drives and my motherboard to perform a fresh install of Ubuntu 17.04. It didn’t want to connect to my router at first, and the windows were laggy, but those issues have now been fixed.
So what do I hate less about Linux? I can connect my phone! I can also play mp3s in Rhythmbox! Also, Ubuntu is scrapping Unity, so once they come out with Ubuntu 18 it won’t be installed by default, which is kind of handy because I always install Gnome instead, and it’s just nice to think I won’t have all sorts of extra Unity fragments cluttering my file system.
Anyway, it’s time to get back into Linux. I gave away my primary Windows box to the refugee family I used to volunteer with. They were pretty excited, so I’m happy about that. This leaves the Linux box and my Windows laptop, so simplicity wins the day. Now I’m going to get my Music folder ducks in a row.
First off, one more thing I hate about Linux: when you need to copy some web files and all of your USB drives are somehow being mounted read-only, and you can’t format the USB you used to install the OS in the first place. It’s running dd right now, but even on a “tiny” 16GB drive, it’s taking forever.
Anyway, more MVC adventures. I’m really happy that the book I am reading, “Pro ASP.NET Core MVC”, actually dives into what all of the various extra folders mean in an MVC project. I haven’t covered everything yet, but I can skip NuGet altogether and just edit the project.json file manually. I actually figured out that a weird error I had occasionally seen was due to a mismatch in the versions of some of the dependencies. Sweet!
It’s a bit of slog right now. I’m frustrated I’m not learning MVC faster, but the combination of mild busyness and major laziness has produced a mediocre study ethic. I remember one of my past supervisors advising me to schedule my time not with some rigid pass/fail criteria but with a “here is my goal” criteria. So my goal is to put in 30 minutes every day. I don’t hit every day, but I have learned a lot more lately because of this. Tonight I decided to bite into the design of this new website I’m building because I used to love doing that. I would fight html and css for hours on end, and it’s why they are so second nature to me today. I need to be doing this with C# if I really want to get good at it.
Anyway, I set up bootstrap using Bower. It’s not hard by any means, but you haven’t done it until you’ve done it. Currently battling bootstrap trying to figure out why my easy sample is not working. I always want to read without writing any code, but that never works well. I hauled ass on that Lottery WPF application I built, learned a ton.
For what it’s worth, I bought “C Programming: A Modern Approach”. I’m worried I’m going to spread myself thin, but it’s my personal conviction that I can’t say I’m too serious about my profession until I know some C. I wouldn’t dare apply to that others, but I am curious to learn and am rather hard on myself. At the same time I need to know my current tools, I also need to expand my understanding of computers. It took me far too long to realize that logging into a database is basically interacting with an OS process/daemon, and I’m sad I don’t know exactly how those work.
Now, let’s be clear. I don’t hate Linux. But there are some things that I hate about it.
- It refuses to transfer files to and from my Nexus phone.
- Rhythmbox does not work after a fresh install, at least not with mp3s, because mp3 is a “proprietary” format. I still haven’t gotten Rhymbox to work with mp3s. Or Banshee. But the default Ubuntu video players plays them just fine. Seriously?
- It doesn’t play nicely with your most basic wireless connectors. Or printers.
- It doesn’t play nicely with much of anything.
Now, these may seem like petty issues to many, but let me explain. When I built my first computer nearly three years ago, I built it specifically to be a Linux box. I built it to be awesome. I built it to be the center of all my computing. And, perhaps foolishly, I have always done the Ubuntu upgrades. My first install gave me a significant amount of grief installing QGIS, which had failed dependencies that I never did work out. I had to go in and change something with Aptitude and managed to hack it. This has been the case with all too many programs. More recently, the upgrade to Ubuntu 16 caused my Nexus phone to appear with lsusb, but absolutely no amount of google research gave me what I needed to transfer music from my computer to my phone. And remember, this computer was supposed to be my core for all computing.
For the longest time I thought I was really bad ass for using Linux. But as time wore on, my patience grew thin, as I always managed to encounter these incredibly obscure issues. Moreover, after the Ubuntu 16 upgrade, I started seeing checksums on every bootup, and no forums answers proved fruitful. It’s awful when it doesn’t ever feel like it’s working right. And my brain still has not figured out how to remember the file structure. It is in opt? Is it in lib? Is it in usr/lib? Nobody knows. I’m not saying Windows is better, but after so many years, I pretty much know exactly where to look for things in Windows.
Sigh. We can’t all be Unix amins. I’ve never written a legitimate Bash script and I can’t say I care to. At the same time, Linux leads me back into computer history, which I find exciting. It provides a world where I can load System Monitor and see that about 1/12 of my 12gb of ram is being used. It’s elegant in its own way, I suppose. I just feel like a dumb ass trying to get it to do “simple” things. Right now I’m mostly using Windows 10, and I hate where they’ve gone with their data mining and privacy concerns. But at least it works with minimal overhead. I’ll figure something out. Maybe I just need to ditch Ubuntu and try a different distro.
Yesterday I attended my second security Capture the Flag event and it was once again quite fun. The challenges had not changed, but I was able to get further into the Linux challenges and onto the second AppSec challenge, which features a rather grizzly C program in all of its archaic goodness.
I learned, with the help of my friend Mike, that…
- sudo can work at the group level, and apparently I don’t know how to set permissions for that
- less is a powerful program and you can perform operations on chunks of text or the entire text, such as a base64 decode on a cryptic file
- the password system that allows teams to increase their scores on the score board get sent in plaintext over the network.
Yeah, about that #3. I took a long Wireshark catpure which I will be using soon to extract all the passwords that people entered onto the scoreboard. No big deal. Granted, I will be revealing my strategy once it works, but once again I have encountered the conundrum of how to encrypt traffic over an intranet. Why work hard when you can work smart? That’s what hackers do. I do still plan to learn, of course, but my hope is to teach a lesson.
I am unfortunately not talking about poisoning a session to which you are connected – I’m taking about poisoning yourself during a session capture. I use Ice Weasel on Kali Linux, and since it is essentially the same thing as Fire Fox, it copies the default behavior of showing you previews of other websites whenever you open a new tab. So I would open a new tab to try another page in isolation and would watch the site map explode with all sorts of annoying websites such as jquery, Microsoft, add sites, even Facebook, so I changed the settings to show a blank page instead.
I won’t knock on Offensive Security for not wanting to custom compile their own settings into Ice Weasel for every distribution, but if you are using Kali, you may want to think about this before doing any application testing. It’s merely an annoyance at first, but I’m recording it so I don’t forget next time (I have some version of Kali on almost every device I own, whether as a dual-boot option, a virtual machine, or the base operating system).
I fully converted my Windows 8.1 virtual machine into a server box today and set up a default C#.NET website that can be accessed over my local network. In wanting to learn Burp Suite for application testing, I wanted to make sure I could build and test vulnerable applications, since I learn better that way.
Well, I realized there were a lot of things I would want to test over the network from my Windows laptop, but setting up the appropriate testing programs on the laptop just was not feasible. I had a Kali virtual machine installed, but loading it would often bring the system to a crawl, so I decided that dual booting Kali would be the best solution.
Several failed installs, two wasted DVD-Rs, and several hours later, I realized that the Kali ISO I was using was a partial download on my Linux box that had caused me some trouble in the past. And I had forgotten to delete it. My go-to ISO was on my other Windows box (you can tell I enjoy operating systems, no?), and it has the proper SHA1SUM.
Oh, and for the record, that sum for the 64-bit 2016.1 version is deaa41c5c8f26b7854cafb34b6f1b567871c4875 . I had to use the wayback machine to get this, since they recently released the 64-bit 2016.2 version, which has a hash of 25cc6d53a8bd8886fcb468eb4fbb4cdfac895c65 . Finding that online was nearly impossible, which is surprising to me but a good reminder that I am responsible for my own documentation.
sudo dd if=<myfolder>/kali-linux-2016.1-amd64.iso of=/dev/sdf
…later, and things are happy.
So I just wanted to share, please check your hash values. And while you’re at it, don’t leave corrupted files around.