Posts

Last DC540 of the year!

Last DC540 of the year — rescheduled from 12/23, which is too close to the end-of-year holidays. Please register here, the RSVPs are closed on Meetup. Contact me directly if you have trouble with the registration system.

DEFCON DC540 Stone Ridge Pre-Thanksgiving

This is a reschedule of the 11/25 meeting, which would have been the Monday before Thanksgiving. Several members proposed moving it a week back. If this proposed date is okay with you, please RSVP here.

Posted on

BSidesDC?

How many of us are going to BSidesDC next weekend? I’m volunteering Saturday and Sunday mid-day, but I’ll have some time before and after to wander and maybe have a drink with some of y’all, especially those of you who can’t make the Monday night meetup in Stone Ridge.

Posted on

Retrocomputing: Altairduino

I picked up this Altairduino unit back in 2017 or 2018 I think. The original came with a narrow bamboo case, and I ran into fitment issues and took a break from the project, although I had gotten the electronics portion working. At its core, the project uses an Arduino Due, and simulates the loading of 8″ floppies from files on a micro SD card.

Recently, a blue and white case was made available to simulate the original Altair 8800 case. It’s a bit deeper as well, and comes with an expansion board with a hardware terminal emulator, external serial port, VGA, PS2 keyboard socket, etc. I finally got around to put my Altairduino into a box.

Now I’m struggling with the serial port functionality and/or the SD card reader. But even without those, I can play kill-the-bit and pong with the switches and LEDs on the front panel.

Posted on

And in other website change news…

Tonight I added Facebook and Twitter login via OAUTH. Facebook seems to work just fine, Twitter seems a bit weird but I’ll check it some more later. The idea is to give you folks the capability of logging in here without having to create and maintain a separate user ID. You are still welcome to do it that way, I’m just creating options.

I will work on event registration next.

Nobody has commented on the front page changes, so either:

  1. Nobody goes to the front page, they just link here directly;
  2. Nobody comes to the website at ALL;
  3. Nobody can figure out how to get past it; or
  4. Nobody gives a shit.

I’ll take any answer. As a part-time nihilist, none of this truly matters.

For tonight, I’m going back to looking at Arduino Due pinouts. I’m trying to diagnose a serial port issue.

Posted on

Thanks, Meetup!

So, if you were following our Meetup page, you’ll notice that WeWork/Meetup announced some upcoming changes that I, as an organizer, was not comfortable with.

They decided that, beginning in November, they would reduce organizer fees. Great. All in favor. But at the same time, they would start charging attendees $2 per RSVP. Yeah. No.

I would be okay with $1 per RSVP, -if- and -only- if, that money were split between Meetup and the organizer somehow. But it’s not, and I feel pretty strongly that they will either reverse this decision, or face the demise of their platform.

It’s easy for me. I’m a small organizer. It’s EASY for me to get off their platform. I don’t have to rely on them. I really feel for some of the organizers of larger events. Especially those who charge for attendance — this new schema, at this time, doesn’t seem to offer the capability to upcharge.

But again, it’s not about the money — for me, anyway. It’s that I resent a sudden inconvenience on my user base that benefits me in almost no way.

So from this point on, please feel free to follow this website and/or Twitter (@dc540baab) for updates. How this is likely to flesh out is that I continue to announce the events on Meetup, but no longer allow RSVPs through that platform, instead driving them here, where I will add a registration form of some sort.

Posted on

Forgotten admin password CTFd

So dumbass me, who only messes with CTFd in the week or so leading up to the monthly meeting, of course forgot the username and password for my administrator account on my CTFd server. [This is the server that keeps track of scores for people who have solved exploit challenges].

Of course the damn thing is in a Docker container, and everyone knows I’m a Docker n00b. But I’m determined, so I forge ahead.

I get into the docker container…

docker exec -it /bin/sh

I know it’s not running a database server, so I start poking around in the CTFd directory, and find ctfd.db, a sqlite database file. Jackpot.

I copy the file out of the docker container, because the sqlite command-line tools are not installed:

# docker cp (docker id):/opt/CTFd/CTFd/ctfd.db /tmp

At that point I just opened SQLite to it…

sqlite3 /tmp/ctfd.db

Let’s see what the schema looks like.

.schema

OK, so there’s a users table, but no admins table. Let’s look at users:

select * from users;

OK, there’s my admin account, now I know what the username was, it was one of the three I thought it would be. And there’s a column called “type” which seems to be either “user” or “admin” … The password column is encrypted, so that doesn’t help me.

So I register a new user in the web UI, give it a password, then go back to check my users table. Sure enough, there’s now an admin and a user. Let’s fix that.

update users set type=’admin’;

This would have been more finetuned had more users existed, but in my case there were no regular users but the one I created.

Back to the web UI, login as my new user, and sure enough, I have full admin rights. I don’t know what I was thinking or what I was drinking when I set that up the first time, but tragedy has been averted yet again.

And yes, I could have just rebuilt it, but all the flags for the vulnerable VMs are stored in it.