How to hack (not really, how to program but I figure this title will get more hits)

Standard

So programming, basically computers are just big calculators, they cannot do anything except add, compare and store values. Programming is the process of writing many of these basic commands in sequence to instruct the computer to do something. Although at the core all a computer can do it add, compare and store numbers when you are programming you are able to perform many more tasks, this works because code which is the actual programming text works for you, other code can interoperate your code and simplify other difficult tasks for you.

So you want to learn how to actually program, I am going to show you the basics of python. Python is an interpreted, high level language (don’t worry about what that means if you are just learning, say it to people to make you look smart and even better them look stupid).

To get started download Python and save any “scripts” (programs) and text files with the .py extension, you should then be able to open them with the python interpreter and run them.

Alright onto the actual code, programs consist of commands, the first of these commands is variable assignment, so variables are like boxes, the box can hold anything and the contents of the box can change. Like x in math.

myFavouriteNumber = 8

So this will assign 8 to the variable myFavouriteNumber, anytime myFavouriteNumber is written the value 8 will be used.

So we have our special variable, we want to show the user. Python provides a function just for this, the print function displays and variable passed to it on the screen. This opens another new topic, functions. Functions are smaller pieces of code that perform a specific tasks. You can run this code with a command structured like this

functionname()

functionname is whatever the function is called, inside the parentheses you include comma separated values or variables which are given to the function as it runs. The function we are interested in was print remember? So if we want to display the number 10 we write

print(10)

Simple right? So what if we wanted to print our favourite number. Well as I said before, variables hold values which are given any time a variable is used, so the command

print(myFavouriteNumber)

Will display 8 on the users screen, make sense?

So what if we wanted to display the actual words ‘myFavouriteNumber’ on the screen, well that brings us to our next type of data. Strings.

Strings are a series of characters which is a fancy way of saying a string holds words.

When we want to represent a literal number we can just type the number as we did earlier when defining myFavouriteNumber, when representing literal strings we must use quotation marks to specify to the computer that we are trying to give it a string instead of a command.

myFavouriteWord = “slut”

So if we run the command

print(myFavouriteWord)

Then the program will output the word ‘slut’ (without the quotation marks) remember that the quotations marks are only to tell the computer you are writing a string, they are not actually part of the string.

Variables are not required for strings, same as numbers, so we could also write the line

print(“slut”)

And we will get the exact same result.

So this shows that variables here are somewhat useless. Where variables come in handy is where the value is not known at any one point throughout the program.

So I will introduce a new function; input the input function pauses the program and waits for the user to type some text in, which is then read into a string.

so the function looks like this

answer = input(“What is your name? “)

So this shows a new feature of functions. Return values, functions often have a result or value to give back to the program, in the case of the input function the value that the user typed in is returned. Return values become the value of the function when executed. This may sound complicated but think of them like variables, where ever a variable is used it’s value takes it’s place. Same goes for functions, when a function is hit it is run and its return value takes it’s place.

The example input function has an argument passed to it, which is a string (“What is your name? “) this function prints the string at the beginning of the line waiting for the user to type in a response, it is there to pass a question to the user to respond to. The return value of the function is then stored in answer once it has run.

so lets write a little program with the knowledge we have.

question = “What is your favourite colour? ”

theirFavouriteColour = input(question)

print(“Your favourite colour is”)

print(theirFavouriteColour)

So this is pretty basic but have some fun with it, I will post another tutorial at some point over the next week. Enjoy.

Advertisements

Internet filtering

Standard

Most schools and many workplaces filter and restrict their internet, this can be as basic as denying access to a few specified websites, often social media sites such as Facebook or Twitter and look that isn’t a bad thing, if you’re at school or work there is rarely a need for social media websites.

I don’t need access to blocked websites at school, however I’m hardly using my time well already, last week I made a 250 megapixel image of the Canadian flag. I might as well be wasting my time talking to other people on the internet. Basically I think internet filtering is necessary because people cannot just do what they are supposed to do, but hey, they aren’t gonna stop us anyway.

I first got around my schools internet filtering when I was in year 6 by creating a simple PHP script which was something similar to this.

echo file_get_contents($_GET[‘url’]);

I hosted this on my computer at home and opened port 80 on my router. Look I am aware how incredibly insecure that is, but really, if someone hacked me in year 6 what are they gonna find? Flash games and homework about basic addition.

I worked on this script over the next 18 months and eventually had a fully fledged PHP web based proxy, replacing urls, proxing REST requests etc, I have since learnt that there are scripts that do this perfectly which you can just download and run (http://www.glype.com/)

Our internet filtering now is much stricter, packet sniffing and inspecting all http traffic, you even have to install an SSL certificate so it can inspect your secure traffic (if a packet is encrypted without the certificate it is rejected) So after tethering to my phone for internet for a few weeks I found a flaw which I could exploit, and I’m using that flaw right now, port 21 (Unencrypted FTP) packets are all let through (they are filtered by protocol, http proxies never work) SSH works through this port, once I found this the solution was simple: a socks proxy through port 21. In system preferences on a mac you can make all traffic via a certion internet connection forward through a proxy, I have my computer set up forward all traffic on the school wifi through a socks proxy on localhost. I use sshd to create a local socks proxy, forwarding traffic through the ssh tunnel.

The command is a single line on the client machine is simple

ssh -D10800 -p21 [USERNAME]@[SERVERADDRESS]

Anyway, just thought I would share my solution to internet filtering here.

For anyone tl’rd’ing firstly don’t be an asshole I wrote this whole thing so you could do the wrong thing, otherwise heres the basic solution

  • Open ssh server over unfiltered port (port 21 for me)
  • Use sshd to create a socks proxy and tunnel the traffic through the ssh server
  • Forward machines traffic through this proxy server

‘Ima hack you’

Chat

These are actual messages from a group conversation with stupid people I was added to on skype (Grammar has been added so you can actually make out what they are trying to say)

 

I have a java server, I can totally brute force you down

Idiot 1

Well Im gonna hack your bank, I know your ip say good bye to your money

Idiot 2

You cant hack my money, I installed a firewall on my server and I know python so I can just write a script to stop your hacks

Idiot 1

You don’t know anything about hacking, I bet you don’t even know Java or how to find someones ip, I can ping you until your internet doesnt work.

Idiot 2

People never fail to disappoint me.