Category Archives: Members

Members section

A Longmont Hackerspace

Posted on by


So, I'm going to take a shot at starting up a hackerspace in Longmont, CO.

http://www.meetup.com/LongmontMakerspace/events/118432972/

First meeting isThursday night this week.  7pm.  See the link above for details (If you live around here.. come on down!).

Longmont:  It's a very interesting town.  About 90,000 people.  Great school system with a special STEM program (6 grade schools, 3 middle schools and 1 high school...).  They start teaching the kids how to program computers, in the 'feeder' grade schools, at 6 years old.

It has a ton of greenway bike paths.

It has a gigabit network buildout in process.  The city council here just gave the go ahead to build out a city owned (municipal) gigabit fiber network.  Think:  Google Fiber level connectivity to every home and business, but, from a not for profit city that will never raise prices (just speeds).  The city also sponsored a City Hackathon in April (first ever... went great). They're well on their way to turning the city itself into an open data platform.

Oh yea.. it owns it's own power company already (Longmont Power and Communications.. i.e. LPC) that provides power, water, sewer and trash service.  All at 30% lower costs than the for profit services in the other cities, and the most reliable electrical grid (historically) of any town in the state.

There's a bunch of high tech companies here as well.  Microsoft has one of the worlds most advanced datacenters (running all of BING maps) in Longmont.  Seagate's got a plant here along with an R&D division working on building cloud software into hard disks and SSD devices.  Digital Globe already feeds all the satellite images you see today on Google Maps (and many others).  Amgen (Biotech) has an R&D plant and factory here.  Western Digital has an R&D group here.  Boulder County (where Longmont lives) has Boulder in it... tons of startups.  And, MANY of the highly educated people that can't afford the stupid high real estate prices of Boulder, work there, but live in Longmont.

And, houses here are (compared to most places) cheap.  An average 1500SF house goes for under $200K.

So.. interesting town.  Kind of a high tech center with a great quality of life that's been kept a secret.

I'll bet we can get us pretty darned sweet Hackerspace set up here in Longmont.


Scott on life, politics, podcasting, technology & business

Using ‘ownCloud’ on Raspberry Pi to Take Back Control of Data

Posted on by

owncloud-logo-150x74

Last month I lost what could have been a beautiful night laying out a PCB while at a secluded cottage because Google Drive didn’t sync a couple of my board files.  I switched to Microsoft Skydrive for my cloud-based storage since Windows Mesh worked so well for me over the years before it was discontinued.  At the same time, I also created my ownCloud data storage server by using my Raspberry Pi and an external 2TB drive.  I think the future will have most technically-apt people hosting their own data as cost goes down and privacy concerns go up.  Here’s to hoping that I can eventually transition all service-based services to my own servers soon.  Below is a link to an article I wrote on Element14 detailing the build — check it out!

Read The Full Article Here!

Cracking a Security Console Passsword in RSA Authentication Manager 7.1

Posted on by

I recently had to recover a password from a RSA Authentication Manager Linux server. RSA Authentication Manager 7.1 stores all the credentials in an oracle database. Unfortunately I'm not all that familiar with connecting to oracle databases and pulling data out of them. However, I do like the strings command.

RSA Authentication Manager 7.1 keeps their authentication information in an oracle database located in /usr/local/RSASecurity/RSAAuthenticationManager/db/oradata/[RANDOM STRING]/rsa_data.dat

if we run strings on this file and pipe it into less we can then search within less for the hashes

strings rsa_data.dat | less

There is a segment that consists of just hashes. I'm guessing that this is where the database is storing them in order to verify that a user isn't reusing the last 8 passwords when they set a new one. We're not interested in that part. We should be looking for section that lists usernames as well as passwords. You can also search for SSHA256 and then the username and that should put you in the right location. Once you find the correct location it will look something like the following:

VPN Username
First Name
Last Name
Email Address
Hash

Example:

bob
Bobby
Tables
bob.tables@example.com
={SSHA256}5KyoCH2c4i4f3+rI+EhQr4E0Ce7C77AzaE/R1bkvbQlBQUFBQQ==,

This hash is kept in the Salted SHA256 format where the salt is appened to the hash of the salt + password. This is known in hashcat as sha256($salt.$pass).

Hashcat can't understand the hash when it's base64 encoded. Instead we need to be able to decode it into a string that's hash:salt. We can do this using this command:

echo -n '5KyoCH2c4i4f3+rI+EhQr4E0Ce7C77AzaE/R1bkvbQlBQUFBQQ==' | base64 -d | xxd -c37 -p \
| awk '{printf("%s:%s", substr($0,1,64) , substr($0,65,10))}'

Note: hexdump and xxd will give you the bytes in a different order. You need to use xxd for this, hexdump will not work properly.

This gives us:

e4aca8087d9ce22e1fdfeac8f84850af813409eec2efb033684fd1d5b92f6d09:4141414141

Since oclhashcat-lite doesn't decode sha256($salt.$pass) we need to copy that into a file. You can pipe the command used to extract the hash into a file using the >> operator

echo -n '5KyoCH2c4i4f3+rI+EhQr4E0Ce7C77AzaE/R1bkvbQlBQUFBQQ==' | base64 -d | xxd -c37 -p \
| awk '{printf("%s:%s", substr($0,1,64) , substr($0,65,10))}'  >> hash

You should use hashcat with the following options:

--hex-salt -m 1420

Example:

./cudaHashcat-plus64.bin -a 3 --hex-salt -m 1420 hash pass?l?l?l?l

cudaHashcat-plus v0.14 by atom starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Workload: 64 loops, 80 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce GTX 460, 1023MB, 1451Mhz, 7MCU
Device #2: GeForce GTX 460, 1023MB, 1350Mhz, 7MCU
Device #1: Kernel ./kernels/4318/m1420_a3.sm_21.64.ptx
Device #2: Kernel ./kernels/4318/m1420_a3.sm_21.64.ptx

e4aca8087d9ce22e1fdfeac8f84850af813409eec2efb033684fd1d5b92f6d09:4141414141:password

Session.Name...: cudaHashcat-plus
Status.........: Cracked
Input.Mode.....: Mask (pass?l?l?l?l)
Hash.Target....: e4aca8087d9ce22e1fdfeac8f84850af813409eec2efb033684fd1d5b92f6d09:4141414141
Hash.Type......: sha256($salt.$pass)
Time.Started...: Fri May  3 10:27:26 2013 (1 sec)
Speed.GPU.#1...: 35137.3k/s
Speed.GPU.#2...: 50038.4k/s
Speed.GPU.#*...: 85175.6k/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 143360/456976 (31.37%)
Rejected.......: 0/143360 (0.00%)
HWMon.GPU.#1...: -1% Util, 41c Temp, 52% Fan
HWMon.GPU.#2...: -1% Util, 49c Temp, 20% Fan

Started: Thu May  2 22:27:26 2013
Stopped: Thu May  2 22:27:28 2013

Cracking a Security Console Passsword in RSA Authentication Manager 7.1

Posted on by

I recently had to recover a password from a RSA Authentication Manager Linux server. RSA Authentication Manager 7.1 stores all the credentials in an oracle database. Unfortunately I'm not all that familiar with connecting to oracle databases and pulling data out of them. However, I do like the strings command.

RSA Authentication Manager 7.1 keeps their authentication information in an oracle database located in /usr/local/RSASecurity/RSAAuthenticationManager/db/oradata/[RANDOM STRING]/rsa_data.dat

if we run strings on this file and pipe it into less we can then search within less for the hashes

strings rsa_data.dat | less

There is a segment that consists of just hashes. I'm guessing that this is where the database is storing them in order to verify that a user isn't reusing the last 8 passwords when they set a new one. We're not interested in that part. We should be looking for section that lists usernames as well as passwords. You can also search for SSHA256 and then the username and that should put you in the right location. Once you find the correct location it will look something like the following:

VPN Username
First Name
Last Name
Email Address
Hash

Example:

bob
Bobby
Tables
bob.tables@example.com
={SSHA256}5KyoCH2c4i4f3+rI+EhQr4E0Ce7C77AzaE/R1bkvbQlBQUFBQQ==,

This hash is kept in the Salted SHA256 format where the salt is appened to the hash of the salt + password. This is known in hashcat as sha256($salt.$pass).

Hashcat can't understand the hash when it's base64 encoded. Instead we need to be able to decode it into a string that's hash:salt. We can do this using this command:

echo -n '5KyoCH2c4i4f3+rI+EhQr4E0Ce7C77AzaE/R1bkvbQlBQUFBQQ==' | base64 -d | xxd -c37 -p \
| awk '{printf("%s:%s", substr($0,1,64) , substr($0,65,10))}'

Note: hexdump and xxd will give you the bytes in a different order. You need to use xxd for this, hexdump will not work properly.

This gives us:

e4aca8087d9ce22e1fdfeac8f84850af813409eec2efb033684fd1d5b92f6d09:4141414141

Since oclhashcat-lite doesn't decode sha256($salt.$pass) we need to copy that into a file. You can pipe the command used to extract the hash into a file using the >> operator

echo -n '5KyoCH2c4i4f3+rI+EhQr4E0Ce7C77AzaE/R1bkvbQlBQUFBQQ==' | base64 -d | xxd -c37 -p \
| awk '{printf("%s:%s", substr($0,1,64) , substr($0,65,10))}'  >> hash

You should use hashcat with the following options:

--hex-salt -m 1420

Example:

./cudaHashcat-plus64.bin -a 3 --hex-salt -m 1420 hash pass?l?l?l?l

cudaHashcat-plus v0.14 by atom starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Workload: 64 loops, 80 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce GTX 460, 1023MB, 1451Mhz, 7MCU
Device #2: GeForce GTX 460, 1023MB, 1350Mhz, 7MCU
Device #1: Kernel ./kernels/4318/m1420_a3.sm_21.64.ptx
Device #2: Kernel ./kernels/4318/m1420_a3.sm_21.64.ptx

e4aca8087d9ce22e1fdfeac8f84850af813409eec2efb033684fd1d5b92f6d09:4141414141:password

Session.Name...: cudaHashcat-plus
Status.........: Cracked
Input.Mode.....: Mask (pass?l?l?l?l)
Hash.Target....: e4aca8087d9ce22e1fdfeac8f84850af813409eec2efb033684fd1d5b92f6d09:4141414141
Hash.Type......: sha256($salt.$pass)
Time.Started...: Fri May  3 10:27:26 2013 (1 sec)
Speed.GPU.#1...: 35137.3k/s
Speed.GPU.#2...: 50038.4k/s
Speed.GPU.#*...: 85175.6k/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 143360/456976 (31.37%)
Rejected.......: 0/143360 (0.00%)
HWMon.GPU.#1...: -1% Util, 41c Temp, 52% Fan
HWMon.GPU.#2...: -1% Util, 49c Temp, 20% Fan

Started: Thu May  2 22:27:26 2013
Stopped: Thu May  2 22:27:28 2013

EntConnect: A Conference For Those Who Make Things Happen

Posted on by

Entconnect Logo

Last month I attended the EntConnect Conference to give it some coverage from Element14.  I like entrepreneurship/engineering, and they had a bunch of fun events like Skiing at Vail which really drew me in.  I wasn’t sure what to expect, with an attendee list of ~30 people how much of a conference could it be?  When I interviewed the conference organizer, John Gaudio, he said that the best way to describe what goes on is serendipity.  Looking back his description was accurate, however I had no idea what he meant at the time.

By attending I found that I had a chance to walk into a group of entrepreneurs who have been getting together every year for the past 20 to discuss their goals, companies, lessons, successes, and failures.  They have known each other for a long time, and the honesty that each presenter offered was amazing.  People giving hard numbers about their acquisitions, business deals, and company acquisitions presented a level of detail that I would never expect.  The simple honest nature of their responses made for some of the best lessons I’ve ever had in the business world.    Here’s an excerpt from my Element14 article:

The trouble with the mass-produced approach is the shallow nature of the connections made. A casual relationship is perfect for a sales person who only needs to have one meeting per year to get the order right.  Normal conferences are remarkable at connecting people who are in a specific industry.  Suppliers meet clients, new technology is unveiled, and an expo is setup as a trading floor for business cards.  Keynote speakers often deliver whitewashed talks scrubbed of anything that could be seen as embarrassing or harmful, at the expense offering the whole truth.

But if a business person wants to make an actual connection where real stories are shared honestly, an entirely different approach is required.  A forum where trust can be established over hours and days, with the same people returning year after year to tell their raw stories and set the candid tone.

EntConnect does exactly that.  It is made of a group of engineers and entrepreneurs who have been getting together for the past 20 years bound not only by their interest in entrepreneurship, technology, and building their companies, but also their friendships.

Read the Full Article Here!

OpenStack Installation Scripts

Posted on by

There are a few OpenStack installation guides available on the internet. One of the guides I've seen used the most is mseknibilel's guide, which is available here. I followed this guide and it took me about 8 hours to get my setup up and running. I found that too much time was spent on troubleshooting issues due to entering everything by hand. Because of this I have created a set of scripts that can be used to setup a multi-node OpenStack test environment. This can be used as a basis for a small production setup. However it does not setup SSL encryption for any of the communication traffic. I plan to write a script in the future that will add SSL to a base install. There is also no support for High Availability. If you are looking to deploy a medium to large scale cluster then I suggest looking into a bare metal provisioning tool such as crowbar.

The scripts are currently split into five sections, which are detailed on the github page. It is setup with three different network architectures in mind:

  • 1NIC - A single network that everything is run through
  • 2NIC - One network for public network access and one for management and data
  • 3NIC - One network for public network access, one for management, and one for data

You should also be able to have anything from a single machine running everything to separate machines running as a controller, quantum server, glance server, cinder server, and compute nodes. It took me less than two hours to get my 4 node cluster up and running.

You can find the scripts here: https://github.com/soleblaze/openstack