USBwake

Posted on by
2

USBwake is a little Android app that just listens for the device to start charging, then while its charging does not let it go to sleep. I was using the wifi tether a lot lately and it would kill my connection everytime my fone would go to sleep so i made this little guy. I hope some one can get some use out of it, enjoy 🙂

DOWNLOAD: USBwake
USBwake QR

Last nights meeting.

Posted on by
Reply

Last nights meeting was great as always! Trying out the new spot went well, it was a little iffy at the start but everything worked out good. Lots of new faces which is always welcome and plenty of chatter. Lots of lock picking mayhem, as always, and dw attempted to wow us with some wifi magic but was being plague by gremlins, maybe i can get him to stop by and blog about it. By the next meeting he promised to have all the bugs worked out and give it another go, i cant wait!! I didnt take any pictures this time around, sorry i was busy 😛 ngh did some war driving on our way to the spot, about 47 miles a-b, and found a ton of aps. Ill upload the log when ever ngharo gets them to me. Ok thats it, enjoy and i hope to see everyone at the next meeting!

UPDATE: 2.7.11 – Here is the log from ngharo’s drive. Over a thousand aps in that log 😀 A big thanx to ngharo!!

Material related to operation Tunisia

Posted on by
Reply

First the why:

Yeah i hope someone finds the ppl in that van and gives them a slow death!

Anonymous care package for the poor ppl of Egypt – www.bit.ly/hsAjGq

This from – http://typewith.me/optunisia
´===========================================
( ),,( )                         irc.anonops.ru:6667 #optunisia                                        ( ),( )
( ‘;’ )                                                                                                                            (‘;’ )
-(. )-                                                                                                                           -(‘.’)-
I I CENTRAL COLLECTION PAD FOR OPERATION TUNISIA RELATED MATERIAL I I
============================================
If you started a pad about something related to Operation Tunisia, add it to this list.
Please save with Nick!!!

Anonymous Press Declarations
[2011-01-15] Tunisia and its chance… (not completed; need rework!)
http://piratenpad.de/APR20110115

Guide to Protecting the Tunisian Revolution, Part One: Initial Security
http://typewith.me/how-to-protect-tunisian-arabic-french yo
Guide to Protecting the Tunisian Revolution, Part Two: Safety in Confrontation
http://www.dailykos.com/story/2011/1/16/936793/-Please-distribute-to-Tunisians:-Safety-in-Confrontation

Guide to Protecting the Tunisian Revolution, Part Three: Transforming National Politics (still in progress, please assist)
http://www.typewith.me/qdjqeFFu8O

Stuff about the families who’re stealing Tunisia: (Arabic->English Translation needed!!)
http://piratepad.net/lMiNqsnZfi
copy at http://typewith.me/MvarLgc6u6

Manifesto from tunisian protesters:
http://typewith.me/stDHppshwJ <

Video footage of Tunisia (add your own!)
http://typewith.me/TunisiaVideoFootage

Tunisians needs FTPs for mirror – #ftp (died?)no #ftp
Info-List: http://piratenpad.de/6V13pN0sxM

Untrusted Twitter accounts spreading false news
http://piratepad.net/GGYVc6RtnA < reverted

Translation pad for Tunisia IRC project
http://typewith.me/TunisiaIRCTranslation

Tunisians, tell your stories here! (need translators)
http://piratepad.net/G9CvOF3dbg
copy at http://typewith.me/wzfsEVIx7B

Manifesto from Anon about Tunisia:
http://piratepad.net/5d891ABcBW

Video ideas and links:
http://piratepad.net/VJhU2KXfMQ

“Video site” zip and mirrors
http://pad.telecomix.org/tnvideos-mirrors

Video about a man put out of his country, and subtitle translation (need an incruster for the subtitle)
http://piratepad.net/7eT1ozHLSN
copy at http://typewith.me/7fc5aYZ2LW

Anon Video to be subtitled: http://www.youtube.com/watch?v=BFLaBRk9wY0
http://piratepad.net/XZtZlf3acf

French Pdf to be translated: Relating to the familie who Reign over Carthage.
http://i3.makcdn.com/wp-content/blogs.dir/14986/files//2009/11/la-regente-2-carthage.pdf
http://piratepad.net/VyLDOHVMyD

Diary of Tunisia:
http://typewith.me/3koSuMGO8O

Related Stuff:
Anonymous PR Pad
http://piratenpad.de/AnonymousPR

Swift Assist – helpful notes on establishing secure networks for Tunisian revolutionaries
http://typewith.me/owA6rmGfP6

What the fuck is freedom of speech, anyway? – introduction via IHRL
http://piratepad.net/whGudXWEmM

Using Unetbootin to create bootable USB drive from iso

Posted on by
1

I had used Unetbootin to create a USB installer from a Ubuntu ISO image. All went OK in creating and installing the USB image following UNetbootin instructions, so I thought.

The Problem
UNetbootin created menu entries in the bootloader containing invalid arguments.
When booting, it would load the kernel, then kick me to a shell stating
init not found pass init= to kernel
Googling reveals many other users having the same issue.

The Solution
Bootable Linux CDs usually always contain a configuration file for the bootloader. I mounted the ISO image loopback (# mount -o loop image.iso /mnt/mountpoint) and found Ubuntu 10.x is using Grub, which is pretty standard across all Linux distros. Looking at this config file in /boot/grub/loopback.cfg in my instance, I was able to see how Ubuntu was expected to boot.

Here’s what the default menu entry in Ubuntu Netbook image looks like:
menuentry "Try Ubuntu Netbook without installing" {
linux /casper/vmlinuz file=/cdrom/preseed/ubuntu-netbook.seed boot=casper iso-scan/filename=${iso_path} quiet splash --
initrd /casper/initrd.lz
}

Passing kernel=/casper/vmlinuz initrd=/casper/initrd.lz boot=casper to UNetbootin’s bootloader and it booted right up.

Repairing HP Ipaq hx2755 SDcard slot

Posted on by
Reply

I got the hx2755 a long time ago, back when it was top of the line and it served me well. One day the SDCard slot just stopped working but by that time i had a smart phone and didn’t use it much anymore, my kids used it more then i did. So for a long time it sat taking up space, i had intended to open it up for some time and try to fix it but never had a tool that would allow me to do so. Well i finally got off my ass and made my way to the local hardware store to find the tool i needed, the fucker was $5! So lets get to business! heres a little pick of the device before i opened it up:

So to start i turned it over, removed the battery and unscrewed the four screws i made arrows to in the pic below. One is hidden behind the stylist.

After i got the back off i had two more screws to remove “arrows pointing” and two wires to disconnect “arrows pointing”.

Now i could really open this sucker and take a look at the SDcard slot. Heres what i had to work with:

Now for me to see the pins i had to turn the main board back over and remove the tin shield over the expansion slot. Heres a pick of what im talking about “i put a circle around the shield”:

“Yes i did re-edit a image i already used, needless to say i fucked up lol”

Once i had it removed i was able to see a bent pin for the SDcard slot and used one of my tools to bend it back into place

Then i put it all back together. I was a little amazed it turned on let alone that it actually worked! So now that i have this little guy working like new “almost” again my next move is to put linux or something one it. Wish me luck 😀 Well thats how i repaired my hx2755s SDcard slot. Thats it for now, peace.

BackupPC 3.2.0 XSS

Posted on by
Reply

I dont normally make posts about XSS exploits unless there is some special circumstances. I picked this one because BackupPC is a popular network backup tool that you might find in networks all over the place and because there is no built in security you normally only find it on “secure” trusted networks.

So anyway the issue is in Browse.pm. It gets a num variable passed to it via get request, then displays the unsanitary input back to the user. So heres PoCs of both the vectors i found.

PoC 1: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS] – comes back as a valid request and runs XSS

PoC 2: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS] – comes back as ERROR and runs XSS

Like most XSS holes its a easy fix, just edit line 55 in /usr/local/BackupPC/lib/BackupPC/CGI/Browse.pm to read like so:
my $num = ${EscHTML($In{num})};

or download this Browse.pm file and replace it with the one in /usr/local/BackupPC/lib/BackupPC/CGI/ on the installed server.

Ok thats it, peace.