http://www.myspace.com/neighborhoodsnj
http://www.myspace.com/neighborhoodsnj
http://www.myspace.com/neighborhoodsnj
http://www.myspace.com/neighborhoodsnj

This year (December 2nd to be exact), Quake 3 turned 10 years old. It makes me feel kind of old thinking about how excited I was to read you could strafe-jump in the Q3test (I don’t think my computer could handle the demo to try it myself). Rocket jumping over peoples heads and railing them from the sky, intense 8v8 CTF matches, the excessive mod…. so much love.

I still play Quake 3 (whether it be ioQuake 3 or Quake Live). I think what keeps me playing is the fluid controls – learning to move in Quake 3 is nothing like Counter Strike or Unreal Tournament. The physics are not really realistic at all, but that makes it so much better. Who wants real life in a game anyway? This ain’t GTA4. Also, there’s nothing like leading someone with a rocket and smashing them right in the face.

Favorite map: The Longest Yard

Favorite gun: Rail

After these alleged incidents, Congress passed some bullshit that allowed Lyndon B. Johnson to do whatever he wanted… er I mean, allowed him to assist Southeast Asian countries in whatever way he saw fit. The obvious thing to do: send a bunch of 18 year old potheads into an already raging Vietnam War, to fight a bunch of normally dressed, lightly armed citizens…. in their jungles… WHAT THE FUCK.

After you load the page, click your trusty Firebug icon at the bottom of Firefox. Click on “Console” (enable it using the down arrow if necessary). In the Console, type “count = 1″ (no quotes) and press enter.

Magical.

In most modern browsers you can execute Javascript by typing it into your address bar. In Firefox, you could do something like javascript: count=1 in the address bar and it should work (not tested).

thiinc:/var/lib/mysql/plnbb# myisamchk smf_members.MYI
Checking MyISAM file: smf_members.MYI
Data records:      23   Deleted blocks:       2
myisamchk: warning: Table is marked as crashed
myisamchk: warning: 1 client is using or hasn’t closed the table properly
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
- check data record references index: 3
- check data record references index: 4
- check data record references index: 5
- check data record references index: 6
- check data record references index: 7
- check data record references index: 8
- check data record references index: 9
- check record links
myisamchk: error: Checksum for key:  7 doesn’t match checksum for records
MyISAM-table ’smf_members.MYI’ is corrupted
Fix it using switch “-r” or “-o”

thiinc:/var/lib/mysql/plnbb# myisamchk -r -q smf_members.MYI
- check record delete-chain
- recovering (with sort) MyISAM-table ’smf_members.MYI’
Data records: 23
- Fixing index 1
- Fixing index 2
- Fixing index 3
- Fixing index 4
- Fixing index 5
- Fixing index 6
- Fixing index 7
- Fixing index 8
- Fixing index 9

After that, I was able to start MySQL and the forum came back up. Hoorah.

Firebug is a Firefox extension which allows you to edit client-side code on the fly (such as Javascript and HTML). It has a wonderful feature called “Inspect Element” which allows you to jump to points in the code by moving your mouse over objects on the site. Doing this, I was able to bypass their pesky forced ads. I would hover over parts of the ad, then in Firebug, right click and hit “Delete Element”. After about 10 objects were deleted, I had a clear screen and could hit play… the episode of Dexter was good, BTW (S04E10).

What does it all mean? DEVELOPERS: USE COMMON SENSE IF YOU DON’T WANT YOUR SHIT TO GET HAXED. In this case, I was simply able to skip ads and watch a show… not a huge deal. But how about if someone used JavaScript to validate fields in a form? Using FireBug, I could strip the JavaScript out and submit whatever I wanted to the server. The sky’s the limit.

Firebug for Firefox

My first attempt was to use Automator for OS X; this proved slow and accident prone. When the program would hit a file it didn’t like, it would stop the conversation and require some human interaction. Actually, the POS actually locked up my Mac Pro a few times.

After I became fed up with the proprietary solutions, I decided to keep it real and try out ImageMagick and a bash script. The images were in about 5 different directories, so I wrote a bash script that looped through all of the directories and ran mogrify (ImageMagicks’ conversation program) on all of the TIF’s. The code was something like this:

for file in *
do
if [-d "$file" ]; then
cd “$file”
mogrify -format png *.tif *.tiff
cd ..
fi
done
exit 0

It worked. People were happy. You will be too.

Basic Bash Scripting
ImageMagick

The first message is from 3AM September 11, 2001, five hours before the first attack, and the last, 24 hours later.Text pagers are usualy carried by persons operating in an official capacity. Messages in the archive range from Pentagon and New York Police Department exchanges, to computers reporting faults to their operators as the World Trade Center collapsed.

I plan on downloading all of these files and converting them to CSV for further study. I’m doing so with the follow commands:

while true; do wget -r -l1 --no-clobber -A.txt http://911.wikileaks.org/files/index.html; sleep 300; done
cat *.txt | awk 'BEGIN {FS = " " }; {printf("%s,%s,%s,%s,%s,%s,%s", $1,$2,$3,$4,$5,$6,$7); i = 8; while (i < (NF -1)) {printf("%s ",$i); ++i;} printf("%s\n",$NF);} >> messages.csv

With the help of the reddit community, I have found some pretty interesting stuff in the logs. Here are a few (in no particular order):

2001-09-11 04:04:53 Skytel [002400326] B ALPHA julie.rodriguez@fritz.com||We have just been informed that Customs has gone manual as of 2:50am.

2001-09-11 08:50:50 Skytel [003252015] D ALPHA BOMB DETINATED IN WORLD TRADE CTR. PLS GET BACK TO MIKE BRADY W/A QUICK ASSESSMENT OF YOUR AREAS AND CONTACT US IF ANYTHING IS NEEDED AT 212-647-2345.

2001-09-11 06:36:03 Metrocall [1064381] D ALPHA IRAQ SAYS IT SHOOTS DOWN U.S. RECONNAISSANCE PLANE

On a lighter note…. check these out:

2001-09-11 06:31:26 Metrocall [1162127] D ALPHA From: 4044766632@airmessage.net Subj: Message from a two-way device Good morning sexy man!! Got my zebra thongs on!!! Feeling a little animalistic!!!

2001-09-11 07:34:37 Skytel [004548018] A ALPHA Feeling better my slave?……..if so im on, I missyou

2001-09-11 09:15:38 Arch [1376997] B ALPHA (27)Hey Honey! Can you bring some bagels when you get back? The pork chop is now crying about the World Trade Center plane crash. Geez! It is scray but no reason to cry. Talk to you later! I love you!

Admin Account Breach;

Because of poor coding, you can circumvent ReqHeaps’ admin login screen by simply pointing your browser accordingly, eg. example.com/reqheap/admin/admin_access_select.php. This will bring you to the user control page where you can add/remove/edit user and admin accounts. From there, you can gain total access to the entire ReqHeap system.

Possible Injection;

Because of the query sanitation used by the ReqHeap developers. an SQL injection attack is possible. The problem lies in $REQHEAP_HOME/admin/inc/func.php on line 275:

function escapechars($str)
{
$str=addslashes(stripslashes($str));
return $str;
}

Using PHP’s addslashes() is long known to be a bad idea, as you can use GBK characters to trick the function into inserting single quotes, etc. Chris Shiflett explains on his blogpost:

All I need to do is inject something like 0xbf27, and addslashes() modifies this to become 0xbf5c27, a valid multi-byte character followed by a single quote. In other words, I can successfully inject a single quote despite your escaping. That’s because 0xbf5c is interpreted as a single character, not two.

Solution;

Since my friend wanted to stay with MySQL 4 (for whatever god forsaken reason), we had to go through and do the following for all accounts:

mysql> SET PASSWORD FOR
    -> 'some_user'@'some_host' = OLD_PASSWORD('newpwd');

I later found out that we could have just run mysql with the –old-password switch. FML.