RSS

Monthly Archives: September 2011

Hacking WI-FI ya JKUAT.

I get scared at times….not of cliche things like of the dark or of being shot by the cops because I come from one of those neighborhoods.What scares me most is cyber attack….This is going to be a tech post so if you  not into that kind of thing please click here>>>>

That being said let me  dive head fist into the contents.I am a wi-fi junkie… I spend more time online than I do with my girlfriend,Wi-fi has been good to me(when its not that time of the month when it gets all hormonal)…So why am I afraid???

Well lets just take it from the top…I share an access point with some 100 or so guys at peak and 4-5 at off peak,the commonest site visited is Facebook, YouTube and probably Yahoo(I didn’t mention Google coz it goes without say).Peak time is usually from 7-10Pm and off peak ranges from there..The wi-fi network is protected with a  WPA2  security pass and AES encryption format(not TKIP)..The network is behind a proxy server that runs SQUID..and what do we all know about squid??? Squid sacks at HTTPS (ad rather go for an ISA server but then again am not JKUAT,i only go to school there)

Sasa Jaymo ju umetuambia hii yote,how does an attack occur?.kwanza this is purely for educational  purposes.one of  the easiest attacks is using a lilttle known tool called firesheep.Ok firesheep is fa***** easy to use,.Primarily coz its not a stand alone software rather a firefox addon…With this nifty addon you can do a tonne of things to rookie web users…wanna hear like what?

Supposing student x logs on to an acess point say RUNDA wireless connection.The DHCP awards him a renewable 1 hour lease on an IP(all without him knowing) and he establishes an Internet connection.He is just from chatting with this fresha chic who gave him her Facebook handle,so student X wants to snoop…He launches his Mozilla and types the URL,seconds later the login page appears,he logs in and continues doing his thing…pretty standard right???? Well across the yard Hacker X launches his Firesheep and begins this hack..he notices Student X is logged onto Facebook via HTTP instead of HTTPS..and decides to steal his session…does kidogo of this and that….minutes  later he has the exact facebook session as student X..while he is at it he even decides to go through this nygas Inboxes to see if he is still dating that gorgeous chic of his…If thats not scary enough,he goes to Facebook settings,changes the backend Email adress and Facebook password..logs out and kicks Student X out of his own fa**** facebook page….awsome.

How is this being done…session Hijacking…What all WI-FI networks have in common is that people will acess them to browse(daaaaaa) and when they do some one can easily steal unencrypted cookie sessions.session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server(SQUID in my case)

Hiyo ni moja..next bucket-brigade attack…aka man-in-the-middle-attack.This is what good old wikipedia has to say about bucket bridge attack. This is an attack where the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted      Wi-Fi wireless access point, can insert himself as a man-in-the-middle).

And since am in a good mood today am going to give you a proff of concept that I actually tried out….First Am usually working on a linux distro called Bactrack….(sorry windows slaves,windows cant hack..f*** what you see in the movies).

So open up a shell and get the tools you want primarily we are going to be doing  arpspoof poisoning and so we need to get driftnet and dsniff.

So on bash run:-sudo apt-get install driftnet dsniff. next we enable packetforwading…echo 1>  /proc/sys/net/ipv4/ip_foward   then cat /proc/sys/net/ipv4/ip_foward  this is to allow the traffic on the network to flow via your machine…then we begin the arpspoff poisoning

sudo arpspoof -t <your ip> <router ip>  split your screen and do the reverse sudo arpspoof -t <router ip> <your ip> . And that’s it,you are primarily the man in the middle here.Now you can have fun  with this attack…

an easy one is:

 msgsnarf -i etho, where etho is the name of the network interface..you can listen to all the instant message services running,am talking MSN,gtalk…any instant messanger.so you can watch someone chatting.

urlsnarf -i -etho, Listens to port 8080,80,3128,if you in JKUAT and you use wi-fi then you must know what port 3128 is.This one obviously listens to URL that are being sent.

If you are intersted in password then we can go back to dsniff and do that

sudo dsniff -i eth0, this will listen to any password being sent.

Now if you want to see what Student X is viewing online,kama picha hivi then we switch back to driftnet

sudo drifnet -i -eth0,  this will give you a visualization of activity on the network

Bassss thats why i get afraid…but no biggie…In my next post i will tell you how to protect yourself from and of the above attacks….wacha nikasomee CAT ya fluidmechanics

 
7 Comments

Posted by on September 28, 2011 in hack, INTERNSHIP, JKUAT, true stories

 

Tags: , , ,

Work of Art.

 

He is an artist,born & bred in Machakos,fine-tuned in Nairobi.
He draws and sketches,creates and ocassionaly destroies.
He gives his mother credit for placing a crayon in his hand at 3 yrs of age.
His art has however evolved alot since then drawing,painting,architecture,interior design graphics and his current obsession
Photography
He graduated from college as an Architect and now mascurades as an interior designer and a moonlights as a photographer
Sample his work below before his true identity is revealed

 

This is the Smaller structure of the KICC(Kenyatta International Conference Center) as shot from the helipad of the same building.

A sneak peek of the KICC in Nairobi as seen from the Nation Center at dusk. a work of art if you ask me

The Kenyan Flag as hoisted on the Promulgation day.

20th  Century Plaza as captured  by his camera.

According to me,if Picasso was alive then am guessing he would hang out with this dude,catch a beer or two,Ladies and Gentlemen presenting Mutua Matheka.

Links to some of his work: MutuaMatheka.co.ke & mutuamatheka.wordpress.com

 
2 Comments

Posted by on September 24, 2011 in 254, twitter, weekend

 

Tags: , , , ,

Frothy Friday.

The words in me were itching like literally…I haven’t written in a while…not  writers block eating me up…hell no…maybe a dub of liquor and boredom add the coding to that ,the erratic wi-fi that characterizes my life and you probably get why I was kinda off.

Today is a great day to write, Saturdays are usually good for me woke up and dissed Ictumwet for going to a bash without me she looked pretty from my drive way…did kidogo  coding and decided to halla at the code  sensei *read Iddsalim*, I was bumping to windeck and he gave me a link to remix,Talked bout this and that.he was at ihub so kept the storo short

Any who today amo vent…yeah thats right amo vent…am that Guy today..the guy who cant throw stones coz he lives in a glass house so he decides to throw words. Sasa Jaymo una vent ju ya nini….what else frothy friday,I guess after you have spent a couple of years in college every thing seems like crap coz you have  been there done that, bought the t-shirt and lost it.

Booooo sour grape syndrome ndo unayo….ok let me feel you in.A ka fresha decides to feel all hot on you,amevaa ile sura ya niongeleshe uone…lakini nguo ni zile  za leo silalai kwangu…. the froth in you was kinda accelerated and she seemed fly for a minute…and the tat above her right boob kinda looked hot in retrospect to the dark…you are weaving all your words of deception  with such prowess…word play is at its highest. The froth be confusing coz you can swear you must have heard here say …”sijiskii kubonga” and the first thing to hit you was what?????But you facked as hell you dont know the question you asked her to warrant that responce..maybe  it was “I think your A cup boobs would look better with kidogo silicone implants to swell em up,dont you agree?”All in all you now solo…and the only thing you left with is that boti of Pili looking sexy as hell,you order another and you now having what I call a frothy threesome.(you,plili #1 & pili #2)

Huyo wewe next damsel….”sap ma,I kinda dig that look you have on tonight”…she smiles,you can swear its a blush,or maybe  a giggle “thanx…I havent seen you before,you new?” You engage yourself in  a minute of  monologue..kwani am supposed to be like an EABL billboard ndo uni notice…but you refrain from anything valgour “si niko low key,u know how this things go”… she has a blank expression…its like she buffering what you just told her…it hits home…fack this you too slow for my liking…

From the distance you can see Right man*read Marto* be all up on some mama….unajua usipotia bidii ni wewe unalala nje leo….you downing the bottles like they plain water or something…the booze is kicking in..real fast….fack JKUAT for few mamas and a hundred jamaas,itabidii umebafua jamaa flani…

Killer smile check…some chic is obviously not into the vybe ana pewa na jaymo be the solution…couple minutes later you and her move to a more secluded  location…..one or to shots of that,mixed with a some of that…….the next thing you remember is waking up on sato morning

 
2 Comments

Posted by on September 24, 2011 in campo, Humour, MEMORIES.

 

The Struggling coder

Am in no way a big time coder….half  of the guys I have interacted with will attest to this….but am the type of coder who will hustle ju chini to be as great as someone like Iddsalim…am the type of coder who has only handled kitu 6 clients mpaka saa hizi…the type of coder who did a rookie mistake  that may cost him alot in the event it backfires

So here is what cut,flani wa flani gets a referal from flani wa flani that jaymo can weave an idea into a running application….the refered to flani wa flani goes ahead and conatcts you……set up a meeting with you.All professional

You hook up with  the said client…..He knows what he wants(my kind of client).he even has mock ups all done decribing what he wants….You like what he is talking about….at the back of your mind you know you can code this bila wasiwasi…..Quick cash right?….wacha niendelee…you set up a price for the said project…..ju kijana ako na njaa na anataka pesa pap ana  underestimate the true cost of the project….you are doing a project worth X at 0.5X (yaani unaifanya for half the price)…..you must have missed the grin on his face when you gave him your quotation.

Client ni mstrict…anatoa ma contract,una sign,haina ma fina print*hata ingekuwa nayo all my lawyer friends were drinking that day*

Una sign on the dotted line…..Jammaa ni mpoa anakushika ka thao usikose fare ya kwenda home,you agree kuitoa kwa the 0.5X amount…..haya basi…..huyo mimi home

Kejani comp inatolewa code inaandikwa….true to your word,in 3 days unakitu ya kumshow….call it a beta of sorts….You email him and agree to hook up later on in the day.

Kitu 5pm while sipping an expensive cup of coffee at Dormans that he is paying for he has a look at what you have  come up with.ana smile…ile smile unapatianga dame akiingia box mara ya kwanza….

unajua uko paid….right? wrong!!!

Ana anza za ovyo”ok ni poa but nilikuwa nataka tuongeze database intergation hapa na hapa” Kwa kicwa yako isha kuwa 3tier already…more money for this struggling coder….You are up for the task….

Kejani tena,after kukata maji kiasi unarudia code….2 days iko sawa….second meeting…coffee bado…smile bado…..ana za ovyo tena”nilikuwa nataka ikae hivi…” ana sample kwa comp yake…..na hii si MVC coding ati utachange view chap chap..au tusema ni XML unaeza modify ukingoja  que ya beef mess

So back to the code…siku ngapi mpaka sasa 7 days….Ina bidii urudi campo,Final year is calling…..

Client ana kuharakisha,una hustle keja,huja register units….stress kibao so you cant get coding…..Client gets all threatening..ana anza kukumbusha what you signed….”In the event of failure to submit said project in said days then you will be deamed to have abscorned and may be liable for any cost incured during interaction with fulani fulani”…bullshit

Damn…unajifungia keja..Daro ka zote hujaenda..Fluid Mechanics hujaingia,PDE hatahujui nani anawafunza….coding tu,atleast unahope no more changes…..mpaka mabeste wana complain ju frothy friday uko kejani….after a couple of days code imeiva….ime steady ka 6AM erection…..

You hand over the project and wait for testing then consequent payment.Akileta za ovyo usha bonga na fake lawyer beste yako vile  utamhandle…..umechoka na hizi changes ana ka akimake kila siku

Lesson learnt:Always read the blue print behind every contract you enter,specify enough time allowing you to test before hand kabla kupatia owner and in the wise words of my coding mentor(James Maina) always teach yourself how to price your product such that isikae so cheap*read fake* au to expe

so at least leo naeza lala bila stress ju code iko salama…ju ya hiyo story kecho naenda daro

 
Leave a comment

Posted by on September 7, 2011 in 254, campo, code, Reflections

 

Tags: , , ,

The Intern Life.

Yes am no longer an intern….that may come as a shocker to some,or a persistent reminder to others.I officially bid Finlays Kenya goodbye on 20th August and took a sebatical of sorts…a sebatical from anything computer related…After coding for nearly 4 months almost daily i think it was well earned….

so how was Finlays,what memories did i bring back with me and would i consider working there given a shot……allow me to endulge you

My internship was rather long,the label intern was officially slapped on me  on 27th April,the day I got my induction training done….Finlays is a really strict company,every-and I mean every- employee has to undergo introductory induction,on every thing from standard operating procedure to health and safety at the work place…so in the event you willingly choose to abscorn any of them then you only have yourself to blame,and hence a lawsuit would be out of the question*read clever*

I was actually the first intern to arrive(nilikuwa na nyege za job)…so i kind of didn’t have anyone to shaparone me.It was my second internship in a large company so I kind of knew what to expect(bossing around,people tyring to belittle you,usororaji mob) so i had brought my arsenal of tricks with me,everthing from code samples to ebooks

The first days were the toughest,seating alone on the bus ride to work,eating alone in the cafetria,not knowing who to talk to and who to avoid like a mutated strain of plague,where to hang out during lunch break…..you get the picture…..anywho am kind social*kinda being the key word* so  i made friends quickly,the second intern (HR) arrived kitu 1 week after me,so i got a peer to hang out with…add to that she was a chic  made it even better…..

The first month was hell,rockie mistakes were norm…..no matter how good you are I mean ata kama wewe ni first class kama SavvyKenya,nothing prepares you to handling new sytems ant a new place of work.This guys had the largest domain i had worked with (over 500 computers) on their network,spanning from Nairobi,Naivasha,Nanyuki,Kericho and theUK…..so you can imagine running an ActiveDirectory with that many active nodes…

I loved coding for them…atakama VB and me never crossed.. i had this book on my desk for more than 4 months and never botherd reading

When it comes to information systems I think this guys  deserve a medal of sorts(or atleas a round of applause) They have Information systems for absolutely everthing…..from the basics to the superb.

Hakuana vile naeza kuenumerate zote but I can try….Workmate handles HR,Scala does Accounting…roadbase does fuel managment for fleet,Budini handles tires..lilies db is for lilies..ERP,HCOS…ziko mob wewe.

so the first one month was purely hands on ndo usifloat…..I had my own extention number(115),and you know how stuborn users can get…from the guy who couldnt get F1 to the chic who claimed to know everything(if you consider pining a server as anything)…bottom line is the first month really drained me.

From waking up at 6am to catch that bus to work,to heading home late because some server went bonkers after a storm the previous night.

Speaking of servers,I had even nicknamed them.

There were like 20 servers some i had acess to,some i only saw the big guys handle,some i never actually got to see(UK servers).But out of the ones i personally dealt with i had great love and loathe in disproportionate levesls..There was jean the FileServer,she was bitchy as hell,she was the only server that had the most moodswings(read Pms)…she went offline the most…there were the two twins.. I called them two Sly…they were the SQL servers,most of the 3tier applications  relied on this….and offcource my lovely Lita,she was the proxy server(ISA server) this was the one that gave me all the browsing history,pattern na kila kitu ya watu…if you went online on my watch and Googled for Midget porn…Jaymo was watching and laughing at you..

But your bwoy wasn’t all work with no  play,no  sir…he had his equal measure of frothy indulgence….the  crazy Lewa marathon where i found myself in Meru that morning (read hangover2)…Drinking sprees in weird place.

Generally Finlays was a great place….

Ill miss the place,ill miss the people….especially one someone i left there….eeehh anajijua…..

 
5 Comments

Posted by on September 5, 2011 in code, Humour, legal issues, MEMORIES., true stories, twitter

 

2 weeks abscence explained

This is one of those Blog posts…you know the ones inspired by black mail and high doses of Caffine…..why Black mail?Well many of my readers have been alarmed by my  abcence from the blogosphere…Others have questioned me via twitter or facebook…and being the loyal writer  I am an explanation  is  owed to them…..secondly i mentioned something about high levels of Caffine…well am blogging at 2.17am in the morning…..no am in no way Insomniac….far from it…my eyelids are heavy….the caffine boost aint doing what it should.Am laughing at my  twitter TL because @iddsalim is downing coffee and Redbull

I just finished installing Ubuntu on my machine….backtrack(the previous linux distro I was running) isnt cutting it anymore….to many requirements.Plus I have  to revert to WLAN & I couldn’t get any WiFi drivers for Backtrack….. which is ironical coz Backtrack is a penetration testing tool…..any who…its 2.am in the morning and am blooging thats what matters(I refrain from tech lingo)

Its been what…2 weeks  if my math serves me right…..what has cut since….oooh am no longer an intern…sorry folks (read Finlays) I wount be doing those 7.30am morning calls because your machine went to hibernate and decided to take a sebatical.

Finlays was great by any standard…..by what ever yard stick you choose….so much so that it warrants a lone post…..mentioning it  in passing would be like kissing a chic and stoping there….yes folks you know a bratha’s hands have to do the walking….so the next post I do (later on today) will be soley dedicated to my Internship….thats one extra post this week.

What else is new…ooooh yes… am back to school…am back to Math School at that university with alarmingly more dudes than chics *read JKUAT *….yes my final year….the year  I have my last swing at a college threesome (sorry guys I had to say it)….The year I promised to blog about…..the year that this blog is actually set.

With that in mind my next post will be about my first week at Jkuat as a 4th year…. that should be a thrill to….so Tuesday will see me blog about that….

Baassss nishajibonga……let me get to bed,Morning niko na class ya Fluid Mechanics2….and the lecturer is anything but a blog reader…

ps.Am going to my first class this sem so I think i will blog a little in class,just to quench your reading thirst..

Aya basi wacha jamaa akalale

 
4 Comments

Posted by on September 4, 2011 in Uncategorized