I picked up this Altairduino unit back in 2017 or 2018 I think. The original came with a narrow bamboo case, and I ran into fitment issues and took a break from the project, although I had gotten the electronics portion working. At its core, the project uses an Arduino Due, and simulates the loading of 8″ floppies from files on a micro SD card.
Recently, a blue and white case was made available to simulate the original Altair 8800 case. It’s a bit deeper as well, and comes with an expansion board with a hardware terminal emulator, external serial port, VGA, PS2 keyboard socket, etc. I finally got around to put my Altairduino into a box.
Now I’m struggling with the serial port functionality and/or the SD card reader. But even without those, I can play kill-the-bit and pong with the switches and LEDs on the front panel.
Tonight I added Facebook and Twitter login via OAUTH. Facebook seems to work just fine, Twitter seems a bit weird but I’ll check it some more later. The idea is to give you folks the capability of logging in here without having to create and maintain a separate user ID. You are still welcome to do it that way, I’m just creating options.
I will work on event registration next.
Nobody has commented on the front page changes, so either:
Nobody goes to the front page, they just link here directly;
Nobody comes to the website at ALL;
Nobody can figure out how to get past it; or
Nobody gives a shit.
I’ll take any answer. As a part-time nihilist, none of this truly matters.
For tonight, I’m going back to looking at Arduino Due pinouts. I’m trying to diagnose a serial port issue.
So dumbass me, who only messes with CTFd in the week or so leading up to the monthly meeting, of course forgot the username and password for my administrator account on my CTFd server. [This is the server that keeps track of scores for people who have solved exploit challenges].
Of course the damn thing is in a Docker container, and everyone knows I’m a Docker n00b. But I’m determined, so I forge ahead.
I get into the docker container…
docker exec -it /bin/sh
I know it’s not running a database server, so I start poking around in the CTFd directory, and find ctfd.db, a sqlite database file. Jackpot.
I copy the file out of the docker container, because the sqlite command-line tools are not installed:
OK, so there’s a users table, but no admins table. Let’s look at users:
select * from users;
OK, there’s my admin account, now I know what the username was, it was one of the three I thought it would be. And there’s a column called “type” which seems to be either “user” or “admin” … The password column is encrypted, so that doesn’t help me.
So I register a new user in the web UI, give it a password, then go back to check my users table. Sure enough, there’s now an admin and a user. Let’s fix that.
update users set type=’admin’;
This would have been more finetuned had more users existed, but in my case there were no regular users but the one I created.
Back to the web UI, login as my new user, and sure enough, I have full admin rights. I don’t know what I was thinking or what I was drinking when I set that up the first time, but tragedy has been averted yet again.
And yes, I could have just rebuilt it, but all the flags for the vulnerable VMs are stored in it.
Someone mentioned this on Reddit, seems to be a great local privilege escalation resource for both Windows and Linux, including a .bat file which creates vulnerabilities on your (NON-INTERNET-FACING) Windows VM.
The September meetup is a week away. I know this is a long shot, but if anyone has working configs for ANYTHING involving a BladeRF X40 and 3G/4G, please bring it.
If you’d like to help defray some of the expenses involved in running this group, please feel free to contribute to the GoFundMe for the CTF server, or contact [email protected] if you’d like to donate in some other way. I’d like to keep the meetings free and open for as long as possible, because so far, I like the people that attracts to the group.
I’m ready, are you? If you’re joining us in the group Hackerbox build, have you ordered one?
Still haven’t heard from anyone wanting to present, teach or learn something, so it’s likely to be the same chaotic meeting as usual, with the added lubrication of festive beverages.
The space is just about ready, and my back hurts from all the rearranging. No photos, I don’t want to spoil the surprise.
The PCBs for the MultiPass badges should be here early next week. Some will be available for purchase if you’re interested.
Reminders:
This meeting is in my house. My house, my rules. Rule #1 is don’t be a dick. Respect the other attendees, respect the space, respect the equipment. I’d like everyone to feel safe, comfortable and welcomed. Make this great and the space will stay available. Make it suck, and we’ll be back at the library.
Festive beverages are a thing here, but don’t be stupid about it, especially if you are driving. I’m not planning to serve food, but we could certainly go in on some delivery if folks get hungry. I will have some festive bevs on hand, but please feel free to BYOB.
Please RSVP on the meetup page so that attendance can be planned/capped.
Activities available: soldering station, including SMD tools; lock picking station; CTF server; fix my Mr. Robot badge;
While there’s no “official time” for the meeting (there’s no “official meeting” and no “official business” to be conducted), the space will be open from 6pm until dispersal or midnight, whichever happens first. Signage will direct you where to go. Everything you need to know is on the Meetup page.
So a few of us came to a consensus of wanting to work on Hackerbox #0046 “Persistence” for the upcoming September meeting. If you want in, bring one, and bring soldering gear. I have specialty stuff, like an electric solder removal tool and a hot air tool, but bring your basics — iron, solder, etc.
I am REALLY tempted to order boards and parts to assemble the DC27 Multipass badge, since the Gerber/Eagle files have been released along with the software. It will be a bit of a challenge for some — but we’re all about challenges, right? There are like 70 0603-sized SMD parts on it. I have more than half the parts in my lab already, but some parts I’ll need to order. If there’s enough interest, I can order stuff for the October meeting. Cost of the bare boards is about $36 each from OSHPARK, ordered in sets of three. If there’s enough interest I’ll price out the BOM and you can decide if it’s worth it to you to play.
Crossover cable came late today, and as suspected, when my laptop is connected through the gigabit switch and directly into the WOPR (as opposed to through the wifi), and I create a blank VM with BRIDGED networking through the ethernet cable, I’m able to deploy a fully-updated Kali instance to the VM (via FOG) in just over two minutes.
Shutdown and startup scripts are reliable. A quick shutdown script via ssh key tells WOPR to first SUSPEND all the VMs, then shut down itself. All the machines startup automatically when I power on the unit. The network is usable within a minute of powering it up.
Packing everything up for tomorrow’s meeting now…
WOPR Jr (check)
Wifi router (check)
Gigabit switch (check)
TPLink Wifi Extender (for attempting to piggyback on Library internet) (check)
Entertainment (check)
Swag (check)
…what am i forgetting?…
See you at the meeting. Or at the pregame. I’m going to hit the hot tub and then hit the sack. It’s been a busy weekend.
