Crack me

Don’t hate the hacker, hate the code.

These are some excerpts from a presentation I gave at a ladies who linux meetup in San Francisco. 

***************************

I have always really enjoyed puzzles and games. Building forts, making indestructible cars from k’nex, rock climbing, even backpacking and trying to figure out how to make a fire in the pouring rain with only one match. There are so many things in our daily lives that force us to think critically and break apart a bigger problem into a bunch of smaller, more manageable problems. My love for puzzles was one reason why I wanted to explore the tech world. What I assumed and what I have found to be true is that the tech world is really just a giant playground of puzzles. So since I have you all right here, I thought we could do a little puzzle here together.

If you recall, our topic for the evening is security. Less than two weeks ago I moved into a new place on Treasure Island. I share a house with a few others who I didn’t know previously. My sister happened to be in town for the weekend, so on Friday night I picked up the keys to the space, dropped off a handful of things and headed up to Napa to meet her and some friends for a few days. I didn’t think much of it. When I got back I started to move the rest of my things in. I got up to my room and quickly realized that a brand new pair of running shoes I had just purchased two days previous were missing, along with a few things I had purchased from IKEA. weird right? I didn’t want to assume the worst, so I checked my car for the shoes, but to no avail. Why am I telling you about my stolen shoes? I am supposed to be talking about security. I’m telling you this story because when I first thought about security, I dove right into the deep. I started researching the seven layers of OSI, about TCP vs UDP, network mapping and the list goes on. But I just told you all, I’m a beginner – I have no experience with any of those things – and the story of my shoes reminded me of some very basic fundamentals of security. When we think of security, we often go right for the hard stuff and forget about the basics. When I moved into my new space, It’s not that I should have been overly cautious or paranoid about the living situation – but I should have taken precautions to better set myself up for success. All I really needed was a simple lock on my door.

Security does not need to be complicated, you just have to make sure you cover your bases. Make sure to password protect your accounts, cell phone, and computer. Don’t use the same password for multiple things (although I’m pretty sure we are all guilty of this one).  Make sure to use two-step verification for important logins like work emails, online banking, etc. Before you worry about the deeper levels of security, make sure you have taken care of the basics.

So – on to our little puzzle.

The is a copy of this project on github under Holberton school – so you are all welcome to clone it and try it yourself at home. Check it out here.

Before we start, I am going to open up a VM. Since we don’t know what exactly these files could contain, we want to protect ourselves by doing all this little puzzle on a VM. Things are a little more contain on a VM.

vagrant up

vagrant ssh

First I am going to clone it from github – you can see that there are a few files in this repo, we are only going to be dealing with a.out tonight, but feel free to explore the others on your own time, each one increases in difficulty and not all are solvable.

Change directory to our newly cloned repo.

cd don_hate_the_hacker_hate_the_code 

Check to see what files are here

ls

README.md a.out     crackme   crackme2  crackme3

I am going to make a copy of a.out because I know from experience that if we try to execute the program with the wrong password the file will delete itself – that feature was built into the program.  So I am going to save us time and hassle .

cp a.out ladies.exe

Now we have ladies.exe

ls 

README.md  a.out      crackme    crackme2   crackme3   ladies.exe

Okay – we are all set up to start cracking. If you haven’t guessed it already, we are going to be attempting to crack the password to this file. Like I mentioned earlier, this first one is pretty easy and if you want a challenge you can try any of the others.

First thing we want to do is to gather some information about the file we are dealing with – it’s a simple command

file  ladies.exe

We can learn a lot about our puzzle at hand by learning about the file type.

ladies.exe: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, not stripped

We can see that it is ELF which means it is in an executable and linkable format – and even that it’s not stripped.

If someone wanted to cover their tracks a little bit better, they could have stripped the file.

nm ladies.exe

You get somethig that looks like this.

0000000000601058 B __bss_start

0000000000601058 b completed.6973

0000000000601048 D __data_start

0000000000601048 W data_start

0000000000400550 t deregister_tm_clones

00000000004005c0 t __do_global_dtors_aux

0000000000600e18 t __do_global_dtors_aux_fini_array_entry

0000000000601050 D __dso_handle

0000000000600e28 d _DYNAMIC

0000000000601058 D _edata

0000000000601060 B _end

When you use nm, you are listing the symbols from object files. You can strip that infomration quite easiy though. Run these commands and see what happens.

strip ladies.exe

nm ladies.exe

file ladies.exe

Now if we wanted to know a little more about the file type, despite the fact that we are the ladies who linux, we all need a man in our lives. Just man file to find out a bit more about the file command.

man file

Okay, so we have gathered some information about our file. What’s next…? Run the file?

Maybe we can read the file and find out more.

emacs ladies.exe

Woof – that’s rough. That’s not going to be of  much help. Welp – I have a few other tricks up my sleeve. How about ltrace.

man ltrace

ltrace is a program that simply runs the  specified  command  until  it exits.   It  intercepts and records the dynamic library calls which are called by the executed process and the signals which  are  received  by that  process.   It  can also intercept and print the system calls executed by the program. – Basically it will show us what library functions are being used in this file. When you use trace,  make sure to use the executable format since it actually executes the program when you run it. 

ltrace ./ladies.exe

__libc_start_main(0x40060d, 1, 0x7fff775943a8, 0x400760

printf(“Usage: %s password\n”, “./ladies.exe”Usage: ./ladies.exe password

)   = 29

puts(“See you next time hacker!”See you next time hacker!

)                = 26

You can see it’s using printf  and puts. But it looks like printf was looking for the file along with a password, so lets try it with a password now.

ltrace ./ladies.exe password

__libc_start_main(0x40060d, 2, 0x7fff451bbfe8, 0x400760

strcmp(“password”, “#cisfun”)                    = 77

strcmp(“password”, “passw0rd”)                   = 63

puts(“Access denied :(“Access denied 😦

)                         = 17

puts(“See you next time hacker!”See you next time hacker!

)                = 26

Now we see that it’s using strcmp – lets checkout what strcmp does…

man strcmp

The strcmp() function compares the two strings s1 an s2. It returns an integer less than, equal to, or greater than zero if s1 is found, respectively, to be less than, to match, or the be greater than s2.

You can see the program comparing the password we put in with two other strings, #cisfun and passw0rd. That gives us a pretty good hint that maybe one of these strings is the password. You can try them both.

Since #cisfun starts with a special character, make sure to include quotation marks around the password when you type it in.

ltrace ./ladies.exe “#cisfun”

__libc_start_main(0x40060d, 2, 0x7fff98524a78, 0x400760

strcmp(“#cisfun”, “#cisfun”)                     = 0

puts(“YES it is fun isn’t is? :)”YES it is fun isn’t is? 🙂

)               = 27

puts(“But this is not the right passwo”…But this is not the right password.

)      = 36

puts(“See you next time hacker!”See you next time hacker!

)                = 26

We get something different that time, but it’s still not right. So go ahead and try the other possibility.

ltrace ./ladies.exe passw0rd

__libc_start_main(0x40060d, 2, 0x7fff70c8f778, 0x400760

strcmp(“passw0rd”, “#cisfun”)                    = 77

strcmp(“passw0rd”, “passw0rd”)                   = 0

puts(“Access granted \\o/”Access granted \o/

)                      = 19

+++ exited (status 0) +++

It looks like it worked!

Okay let’s try something else. In programing, there are always lots of ways of solving a problem. Strings is another tool we can use.

man strings

Okay, strings – print the strings of printable characters in files. That seems like it could be useful. If there is a password in this file, it may be contained in a string.

strings ladies.exe

It looks a little bit different from ltrace. Here you can see some of the strings used in the program.

Usage: %s password

See you next time hacker!

/bin/rm

#cisfun! :);

Try again later

#cisfun

YES it is fun isn’t is? 🙂

But this is not the right password.

passw0rd

Access granted \o/

Access denied 😦

;*3$”

Now – we could write a bash script to brute force the password. We are programmers after all, so why not? This is a short program written by a fellow student at Holberton School.

#!/bin/bash

for passwrd in $(strings ./ladies.exe)

do

 cp ladies.exe tmp2.exe

 ladies=$(./tmp2.exe $passwrd | grep -v “Access denied :(“)

 echo “Trying: $passwrd”

 if [ “$ladies” != ” ]

 then

   printf “\nThe password is: %s\n” “$passwrd”

   exit 0

 fi

done

 

Yet another way to go about this is with assembly code.

objdump -d -j.text -M intel ladies.exe

I am not going to go through the assembly code now for times sake. But essentially you just have to follow one clue to another.
That’s the basics of cracking a password. If you enjoyed this, head on over to Holberton school’s github and try the others.

Definitely does compute

The other night I joined dozens of other women and supportive men for an event hosted by Marin Software. The event was the Bay Area Girl Geek Dinner, and it was aptly scheduled on International Women’s day 2016. Catriona Fallon, the EVP and CFO of Marin Software was the keynote speaker, and her topic of the evening was negotiation. Negotiations is a super applicable topic for those of us in the technology industry, and it was so useful to spend an evening hearing from such an accomplished woman. I gleaned a lot from what she had to say, and below are some snippets and shards from her presentation.

***

3 Questions you need to know the answer to before an interview

What are you interests? If you have managed to get an interview,  you should by this time have an idea of what kind of work you want to do – that’s great (and you’ve now surpassed me, as I have no idea what I want to do with my software engineering skills), but it’s not quite good enough. By the time that you walk into an interview, you need to know what your interests are. I’m not talking about your hobbies, or what you are currently binge watching on Netflix, not those kind of interests. I’m talking about what you want to get out of the job, if it’s offered to you. What is it that you want to accomplish? What new skills can tis job offer give you that other jobs, which you are qualified for, can’t? What can this job, this company, or this boss help you achieve? Make sure you know the answers to these questions before you walk in.

If you don’t know what your interests are in this company, why are you even sitting in that chair being interviewed? How do you even know the job would be a good fit? You have to figure out what it is that you want to do, and also where you want to go. Make sure your interests align with the company.

What is your best alternative? I can’t stress this one enough. Have an alternative. Even if what you are interviewing for is your dream job, make sure you have a plan B. If all of your hopes and dreams are riding the wave of that one interview, it’s going to quickly become a much more stressful satiation than it needs to be. You can never think clearly when you are stressed out. You can start to stress out, and the thought pattern tends to look something like this…

“They are not offering me what I want in pay, but it’s the only offer I have on the table right now”

“The company ethos seems a little stressful, but who knows when something else will come along”

There are countless studies on the effects of stress and decision making, Science Daily says it like this

“This means when people under stress are making a difficult decision, they may pay more attention to the upsides of the alternatives they’re considering and less to the downsides. So someone who’s deciding whether to take a new job and is feeling stressed by the decision might weigh the increase in salary more heavily than the worse commute.”

When you fail to have a backup plan in place, thoughts like the before mentioned tend to drive your decisions, rather than your logic. If you have a backup plan or two, you are more level headed and objective. One of the worst things you can do is take a job knowing it’s not the right fit, solely because it’s the only thing on the table.

What is your walk away price? Before you ever walk into an interview you need to know what your walk away price is (your W.A.P.). Do your research ahead of time and know what you are worth. This can be really hard sometimes, not the research, but assigning a number to your worth. Talk with friends (although this sometimes can be not quite reliable), check out glassdoor.com, and talk to others in the role you are applying for. The walk away price does not just include your salary  – it could also include, but is not limited to – vacation time, job flexibility (working remotely etc), time commitment, stock options, and much more.

It’s not just you who has a walk away price in this whole endeavor. The company you are interviewing also has a W.A.P. They have a cap at what the are willing to offer for the position they are interviewing for. Between your W.A.P., and the company’s W.A.P. there is a space of negotiation. There are a lot of things possible in that space, it just necessitates an aligning of intentions between you and your possible future employer.

Walking away can be super hard  – but in some situations it might be the right answer. So you need to prepare for it.  It can be particularly  hard when much of the offer seems attractive, but a few things stick out as red flags. With diligent preparation, you will hopefully be able to gauge when it is appropriate to walk away.

***

Go to the balcony.  The previous tips about negotiations were specifically targeted at the interview environment. This tip, ‘going to the balcony’ is targeted more towards negotiations once you are in the thick of the work space. Negotiations are thrust upon us all of the time, and the worst feeling is finding yourself in the middle of one and not fully prepared. Just like you need to be prepared to walk into an interview, you need to be prepared for workplace negotiations. Whether you are a project manager, developer, engineer or what-not, if you have an arsenal of responses to negotiations, you will find yourself getting what you need more often than not. One thing Catriona advised was a tactic she calls ‘go to the balcony’. It’s the idea, that when you find yourself in the middle of a negotiation – maybe you feel your temper start to heat up because things are not going the way you wanted, or planned, it can be super helpful to visualize yourself on a balcony looking down on the negotiation happening below. This can be partially helpful if the negotiation situation gets catty or a little disrespectful (as can happen when people start to loose their whits and revert to elementary tactics).

Once you’re in a workspace, a lot of the negotiations you find yourself in may have absolutely nothing to do with you personally. Maybe it’s a budget reform, or new policies and procedures – you need to be prepared to take a step back and and not take the negotiations personally. If things start to heat up, ‘go to the balcony’, finish the negotiation in a professional manner, and carry on with your day.

Don’t get mad, get what you want. If the situation starts to deviate away from what you are trying to achieve in the negotiation, don’t get mad, don’t react negatively, don’t throw a hissy fit. Cool down, step away (maybe get a drink, or feign a phone call) – focus on your breath. When you are ready you can return to the negotiation and continue the conversation. After all, we are professionals, and we all have a job to do. Fight for what is right, and don’t give up until you get it.

***

post script –

I love attending events like this, I sometimes feel like women come out of the woodwork, and I get to meet so many people that I never would have had the chance to otherwise. I do struggle with events that only target women though, I don’t want to live in a technology world where men and women operate on separate parallel lines, both working towards innovation, but never crossing paths. It IS important to create spaces where women and men feel comfortable and supported to talk about whatever need-be – and this sometimes necessitates that we put ourselves in separate rooms. I just want to stress that we can’t just keep those conversations in those separate rooms. We need to be able to regroup – men, women, and everything in-between and have those conversations together. That’s actually one of the very reasons why I really enjoyed this event. It was called ‘Girl Geek Dinner’ and we still had men in the room playing the role as advocate. If women want to make big waves in the technology field, we need men on our side (and they need us on theirs). I don’t advocate for more women in the tech industry, I am an advocate for more diversity in the tech industry, women just happen to be part of that diversity that is lacking.

 

 

Ladies who Linux

Silicon Valley is an interesting place to be studying software engineering. Patricianly if you don’t come from a tech background…(like me). I live about 45 miles from where I attend school; so every morning I have to take a commuter train into the city.  By 6 a.m. that train is filled with every tech badge imaginable – some I saw this morning, Salesforce, Oracle, Pinterest, Slack, Uber…just to name a few. How do I know…? Because it’s embroidered on everyones jacket, backpack, or other form of branded apparel. It’s a density of no comparison. It can be overwhelming most of the time, but sometimes I get to reap the benefits of of this close proximity to so many resources.

Last night I attended a Meetup at Dropbox. The theme of the night was ‘Ladies who Linux’. The Meetup caught my attention by the title. Not because it was specially for women, but because it was from a line from one of my favorite musical, song by one of my favorite actresses. The song is directly poking fun at women who are pursuing very little in life – the crux of their day being brunch. It’s funny and ironic choosing that for a title of a Meetup for women who are in fact doing the opposite, pursuing the world.

“Here’s to the ladies who lunch–
Everybody laugh.
Lounging in their caftans
And planning a brunch
On their own behalf. “

Elaine Stritch, from Stephen Sondehim’s “Company”

I joined a group of women who are working in the industry, and who all really enjoy Linux. That is an opportunity that only proximity can give you. All of these women, ranging in experience and personality, had such so much to bring to the table. Tammy Bütow, formally with DigitalOcean, now with Dropbox, organized the evening. She recently ran a similar group in New York when she was living there, but now that she has relocated to San Francisco, she decided to help create the space for women to come together and share experiences and knowledge based around the topic of Linux.

My biggest highlight was talking with Jessica McKellar – currently  an engineering manager at Dropbox (although, she tends to wear many hats at the same time). Jessica is quite impressive, and she filled the space with an air of composure and strength. She has worked hard to get to where she is today, and I believe that her passion for low-level systems has been her driving force. Jessica is a director of the Python Software Foundation, and won the O’Reilly Open Source Award for here contributions to Python back in 2012.  She’s written a few books on the subject as well. It’s women like her that give me the confidence to burst through walls when I come face to face with them. Right now Jessica is working on a video series on an introduction to Python. You better believe that I will be following that series to soak up as much as I can from a women who knows what she’s talking about.

I asked her for some advice for a beginner programer. Her one tip… contribute to open source projects. That is now on the top of my priority list.

– So here’s to the Ladies who Linux –

Changing the world one line of code at at a time.

IMG_1829

 

 

Impossible Octopus Fitness

 

One of the things that I am really loving about Holberton School is how they iterate on projects to give us a full emersion experience of what it is like to be a software engineer in the real tech world. We are most recently working on a simple web page. Part of the application to get into Holberton School was to create a web page, so it’s nice to be able to revisit front-end development now that we have some experience under our belts. The first part of the project was simply to create a web page with very specific guidelines – all designed to force us to learn specific skills. Elements like, float, clear, and myriad css statements. Once we finished that project, we were given an iteration based on SEO (search engine optimization). The same web page is now a small competition in web marketing. The goal – get the highest ranking on google for a given query. What’s the query you ask… if you haven’t guessed already “impossible octopus fitness”. The website was made in about two days, and it was the only the second one I have ever made, so it is by all means, not a great site, but do me a favor and check it out, maybe Rona (my partner on this project) and I will raise in our rankings when you do a google search of impossible octopus fitness.

impossible octopus fitness

A little birdie Bash

Yesterday we were given our second batch of projects, with a due date at the end of the week. We all got to work right away. I think we are all still trying to figure out the pace of how this school is going to work. Thank goodness it’s not being run like a traditional school – no classes, no attendance -none of that rigamarole. This just means we have to figure out the ebbs and flows of this new chapter in our lives. We are all coming form very different places – different ages, ethnicities, countries, regions, religions and lifestyles. I guess the fun part is that we get to figure it out all together. So far one of the best things about this school, is that every single person here WANTS to be here. The part that will be interesting to navigate is going to be our different skill levels. There are some skilled programers here, and like me – some beginners. This means that we have a lot of resources to pull from, but it also means there is some pressure to get up to speed. It’s nice to feel the desire to work hard, but it’s also very nerve racking. Late afternoon yesterday, I remembered standing up to take a break and thinking that I was proud of my self for getting so far in the projects (I was almost halfway done). When I was talking with some peers in the break room, I quickly realized I was not ahead of the game, but rather just below par (birdie in golf terms). Maybe I’ll give myself that new title “little birdie”. Most of my peers had already finished all the projects we were given. I think these next month are going to be a humility check for me, I’m used to being ahead of the gang – at the head of the class. Not any more. No- back to my bash projects.

Do you GIT it yet?

Day 0 was orientation, basic knowledge, and more in-depth exploration about what to expect with Holberton School. It was super long, but things have only ramped up from there. We had two projects due by the end of the weekend. The projects were oriented around understanding our tools, so when we get started on group projects, the tools won’t hold us back. We had a project understanding git, and github. I was the first to finish that project, not because I knew what I was doing, but because I wanted to get the first project out of the way. It was a blessing and a curse. I know I didn’t do the worst on the project, but I also didn’t do great. I was able to learn a lot form the QA of the project, and I was able to help my peers to make sure they wouldn’t make the same mistakes I made. One of  the biggest things I missed was not using HTTPS and instead using SSH. SSH being the more secure way to do things, since the work would not be associated with my github username and instead a secure shell that recognized my computer. I learned my lesson.

Our second project was on understanding basic bash commands in linux. I think the lesson learned with playing with basic bash is that its simpler than you think. The basic commands are a single word, and yes, you can complicate them by adding comments and such, but at it’s essence, you just need one word.

 

Two projects done, I’ve learned a lot, but I still have no idea what I’m doing. I guess that’s the the beauty of this whole ‘going back to school thing’. I have lived my life so far, proficient in my previous jobs, somewhat knowledgeable about the world around me, and yet there is still so much to learn.

Brick Wall #1

Class has not even started yet, and I’m freaking out. When I was first accepted to Holberton School in San Francisco, I knew I was going to be hitting some brick walls. I was not, however, expecting to hit them before class even started.

About a month ago, when a bunch of accepted students were talking on Slack, the communication forum for teams, we started to talk about arrival dates. Most everybody who is attending the school is not from around here, so I suggested that we meet up before school started to break the ice. The first day of school is hard, I thought it would be a bit easier to do the meet and greet ahead of time. A bunch of us meet up at the school, grabbed some picnic lunch at Yerba Buena Gardens, then split up to walk around and see a bit of this city we now all call home. I walked to the pier with a small group then trekked up to Coit Tower. We ended the afternoon with a walk through China Town. It was nice to spend some time getting to know some of the people I am going to be spending the next two years with.

The meet and greet was great. But my freak out happened about 10 minutes after walking in the door. I greeted Rudy, one of our co-founders, and then asked him for the wifi password. He directed me to a framed poster on the wall. It was code. So I took the code and sat down to start to figure it out. Only, I very quickly realized I had no idea where to start. So…I figured I would do some quick searches on my computer to see if I could find some resources or something…but wait, that would require internet. Dang-it. Brick wall #1. IMG_1388-2.JPG