lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c52aefc785e4adf54f8de5ec4ed3be7d110cd88a
hpr-knowledge-base/hpr_transcripts/hpr0557.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

1237 lines
48 KiB
Plaintext
Raw Blame History

Episode: 557
Title: HPR0557: Hack Radio Live 2
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0557/hpr0557.mp3
Transcribed: 2025-10-07 23:04:03
---
This train is sort of inbound.
I'm from...
From...
...sector's side.
My crime is that of outspiring you.
If you have not yet submitted your identity to the Retinal Clearance System...
...communications interface online.
You're not dealing with AT&T.
Automatic medical systems engaged.
Welcome to the Internet, my friend.
How can I help you?
Defensive weapon selection system activated.
Have a very safe day.
Is that getting in character?
Well, truth be told not to make you feel bad...
...but I actually spent the whole day just sticking around...
...deciding from writing algorithms from our Arduino.
Saying, oh, thank God Enigma has it.
I don't have to do anything all day.
I can just show up and just be like,
Woo, so now I went to the pool...
...and you'll have to know more out of my element.
So I threw you out of your element.
Yeah, you did.
Anyway, that is from San Diego, California.
I'm tracking Nubis.
And from Sunny, Florida, I'm Enigma.
How's it going, buddy?
Not too bad.
It's a little late again here on a Saturday...
...but not too bad.
What have you been up to lately, right?
Oh, I've been working on a thing for the Arduino that I'll talk about...
...probably next week.
And other than that, it's been pretty chill.
I did actually get one funny email from VMware...
...where they invited me to register from VMworld 2010.
Have you heard about this?
Oh, yeah, the one in San Francisco.
The one at the very one.
Did you get the same email?
No, I got the one from Oracle World...
...which is actually at the same event.
That's so lame.
Who would go to Oracle?
It's like...
I can understand going to really, really specific conferences...
...like, you know, Torcon's really specific...
...but like, AgFaster, you know, LynxFest Northwest is really specific...
...but why would you go to VMworld?
It's just a bunch of people standing around going...
Oh, isn't it great that VMware 10.6.4B now supports 256 USB devices...
...and I'll be like, oh, great.
I was really hitting that 128's limit.
That was really a ceiling for me.
That's all this conference is.
Well...
...and I'll be new VMware.
To put a business sense into it...
...a Java one is also at that same location...
...so they do, I think, VMworld, Java one...
...and Oracle World are all at that same area in San Francisco.
So, one of our developers is a Java developer...
...and he's going to Java one.
And...
What do they have to say at Java one?
Yeah, you still can't actually write one to one anywhere...
No, but it's close.
No, it's like they have...
Next year for sure.
They have like talks like a Defcon or a Torcon...
...or whatever on specific Java stuff.
I don't know, I'm not a Java developer...
Okay, I suppose that's interesting...
...but you can't be a VMware developer.
So, all the talks must just be like...
...look at all the new USB devices we support.
No, so VMworld would be more like...
...configuring and networking kind of things.
VMworld.
So, yeah, one of our admins is heavy into the VM side of things...
...so he was interested in VMworld...
...but work isn't paid for that, so I don't...
It's like a bad movie.
So, hey, if work paid for me to go to Oracle World...
...I would be there in a second.
Oh my God.
That must be so lame.
Now you're exciting queries.
No, it's more of how you get your...
...database to run faster, better, you know.
It's like the...
This new command line faster, Oracle is now 8% faster.
Oh, thank you, Oracle.
It's kind of like, you know, the Bionic Man...
...make them bigger, stronger, faster, whatever.
Yeah, but it's a whole database.
The database just aren't that exciting...
...no matter how you cut it.
Yeah, if that's different...
...I'm getting more into the...
...database side of things at work...
...I'm doing some things with...
...getting into the reporting...
...and database maintenance at work.
So, I've been working a lot with SSRS...
...which is SQL Server Reporting Services.
Have you ever heard of it?
Vagely.
Just hold on a second.
All my lights just turned off and...
...now I'm in the dark.
I knew you were in the dark a long time ago.
So, back to the fascinating world of SQL databases.
All right, so have you heard of SSRS?
Vagely.
All right, well, it's this whole...
...and I'm sure I'm going to get so much hate mail for this...
...because I'm supporting a Microsoft product.
Oh, no one emails.
The only person that have emailed this show is 5150.
It's something really nice to know...
...and I should give them a shout out for that, but continue.
5150.
Who's 5150?
There's some guy.
Very nice though.
Some guy.
Anyway.
Back to my thing.
So, it's this whole suite of tools...
...that are around reporting...
...creating reports in SQL.
Off of any type of ODBC connection.
So, you can talk to Oracle.
You can talk to SQL Server.
You can talk to Microsoft Access Database...
...which we actually have won in production.
Maybe you can clarify this.
I've heard that the Microsoft Access is basically just like Microsoft's...
...basically just SQL, but in like a file format.
Yes.
Oh, that's interesting.
Yeah, it's basically a very bad implementation...
...of database.
Yeah.
Yeah.
It's bad.
But not for you because you have this exciting new software.
Yeah.
Well, we had a guy that was the SSRS guy...
...that did all the reporting.
And anyway, he's leaving us for a better opportunities...
...for a real job.
Yeah, for a real job.
We're just...
...a bunch of monkeys around there.
But anyway.
How do you end up being an SRS guy?
I think that's all you do.
Anyway, so it's true.
It's kind of like...
...it's a stripped down visual studio.
So you have a lot of the functionality of visual studio...
...in this reporting software.
And I might go into it a little more in-depth when I know a little more...
...but right now I'm just kind of...
...taking what he has developed and kind of...
...playing with it a little bit and trying to get what I need done.
But it's a very object-oriented reporting tool...
...so you can create a query to talk to an ODBC database...
...and get your results and display them in the manner...
...that you would want to display them in...
...and create, you know, pie charts, graphs...
...pretty little things that make the upper management go well.
Couldn't you do that anyway though?
I thought that was...
...whenever I do an interaction with my SQL...
...it's always a query isn't it's just like querying this?
Right, but the nice part about SSRS is...
...it can be in an automated fashion.
So it has a web server.
So basically the way we have it set up...
...is we have this reporting service on a web server...
...and this web server does all of the number crunching...
...and then displays the reports.
So we have this intranet page where we can go...
...and click on our report, it generates it...
...and we can also do where it generates...
...the report and emails us every week, let's say...
...or every day or whatever we wanted to do.
So it makes report generation automated.
Oh, so this is like that...
...there's a thing like magic reports...
...or like quick reports or something.
There's another product just like this...
...that probably is the direct competitor...
...that is actually really kind of badass.
Or you can take all these data sources...
...and it will basically do exactly...
...where you run the automated queries and such.
Okay, I know what you're talking about.
Yeah, this is just Microsoft's version...
...and it's geared more toward reporting on SQL servers.
But you can use it on any ODBC connection.
So we have...
...we're primarily a work shop.
So we have it talking to an Oracle database.
I see.
But you're not going to attend Oracle World?
I am not going to attend Oracle World only...
...because they're not paying for it.
I'd be there in a second.
I'd be there in a second if they would pay for it.
I need like some carnival mirrors...
...like step right up and check out Oracle World.
Dude, dude, dude, dude, dude.
That sounds like...
That's just wrong.
See the three-headed database.
Ooh!
Oh, man.
So anyway.
So the world's tallest digit.
Oh, yeah.
Yeah, that's basically what I've been doing.
I've been working a lot.
This is my first day off in like three weeks.
So I've been taking it off.
He's shortest giant.
Well, that's cool.
That's good.
Anyway, and I know I ditched you for the show topic tonight.
So, you know...
I think my has something so great...
...that it wasn't ready in time for this week.
So I had to scramble and figure out something.
So I'm just going to tell you some stories.
I need like a story around the campfire jingle.
No, it's story time would drink.
Story time with a tree.
Yeah, that's what it is.
I do actually have two stories I have to tell.
One, I'm just going to make up...
...because it's too illegal to be true.
So any vague resemblance to reality in the first story is just coincidental.
Okay.
And the second story is actually true,
which happened at TourCon, which is where we rigged the candy corn guessing contest.
You know, one of those contests.
Like, how many candy corn are in the jar?
Win a pony or whatever.
And we rigged that so we won.
But the first story.
So it's actually more interesting.
So you didn't have any turning the pool purple stories,
like a deaf kind of a few years ago?
No, I have a story about a hacker conference and a story about a pool.
But nothing combined the two.
Dang it.
All right, okay.
The pool thing, which would be especially interesting if it happened,
but let me make that absolutely clear that it never happened.
But the...
I'll tell it from the perspective for me as if it happened,
so you can...
It'll be a fun story, you know what I mean?
Yeah.
Yeah.
Yeah.
So there's this pool by my house that my friends don't like to go to,
but it closes at 11, which is a prom,
because we go in the late evening, like around midnight.
Mind you, we don't cause any problems or making any noise or anything.
In fact, we usually just sit in the Jacuzzi,
but we all have like jobs and classes and stuff.
So we just can't be there much before 10, 30.
May I interject for a second?
Yes.
An interject as much as you want in any field time.
You don't have a job, so you...
I did when this happened, even though it never happened,
because it's not real, but I...
That's when I was still doing consulting work.
You theoretically did have a job at the...
If I had done this, I would have had a job.
But so there's a pool area and it's just, you know,
it's like a typical pool and it's controlled by RFID tags
that are assigned to everyone in the community.
And if you're not familiar with RFIDs, basically,
you had this little IC, which is an integrated circuit
or like a small chip, if you will.
And it's just attached to a coiled wire that serves as an antenna.
When you put the card near the reader,
which is always constantly broadcasting,
it will use the actual RF power from the reader
to energize the card and then the card can transmit its own little signal back.
And most of the RFIDs, at least the cheap ones,
are passive where they rely entirely on power from the reader.
But there are also active ones which have their own battery
and like semi-active or battery-assisted ones
that use both, but that doesn't matter.
Pointing, the RFID gets the number from the card
and it passes on to this dedicated controller that checks to see
if the card should have access and if it does,
it will engage the door lock and open the door.
But after hours, it's set to deny any card
that isn't in like the management or security group.
And if you're thinking, oh, well, that's obvious.
You just got to move your card into the management or security group
or duplicate a card that's in the management or security group
and then you're right.
Well, that would work, I'm sure.
But it creates an audit trail that I was trying to avoid.
And there is actually a magical third option
that you can abuse to get these doors to unlock.
And that's, it's called different things in different systems,
but it's essentially an override.
There's actually a way that you can get these doors to unlock
without leaving any logs in the system.
It's usually used for emergency purposes,
but also for testing purposes.
And it's, you can trigger either at the actual controller itself
or usually it's an option in the management software
because the way you manage these doors,
or with most units anyway,
is that you have some computer that's hooked up to some serial cable
that actually goes to the dedicated hardware controller
and you program things on the computer
and then it will sync with the controller.
It's never, it's very rarely a single computer
actually doing all the controls
because it's faster for a dedicated piece of hardware to do it.
So I figured I couldn't get access
to the actual dedicated hardware unit itself,
but this particular place happened to have a router
that was vulnerable to a particular attack
that lets you gain SSH access
after you give it an invalid URL string.
So I did that and then I had the SSH access on the router,
which was not as useful as I thought it would be.
And this place is not a class act.
So the router wasn't telling me anything important about where I could find such a computer
that might manage such a dedicated hardware unit.
And this machine wasn't showing up in an end map scan
and I'm not an end map pro,
but it wasn't showing me anything worthwhile.
What did show up though was one of these large industrial copy machines.
You know the type I'm talking about?
They're like huge and expensive and do all kinds of things.
One of those showed up,
and I talked to it and it had a web interface
and the password could be anything,
but it wasn't. It was the default password.
So I was able to look at the web interface.
And that was just kind of coming through the tabs.
And I remember the print spool logs didn't say anything helpful.
The fax was not applicable.
It would tell me the IP address of who was logged into the web interface,
but that was only me,
which was actually a problem I had to go back and clear later
because your router shouldn't be logging into your copier.
But on a whim,
I found that it had an FTP server.
And that's, you know, people just said,
what if the copier had an FTP server?
Actually, it's really common if, let's say,
one of the desktops has a scanner.
You can set it to automatically scan to the FTP
and then say automatically print anything in the FTP or,
or sometimes you can save documents to FTP and get them later.
It's just, that's a handy feature to have.
But, sure enough, there was actually a small storage space.
It was like 128 meg or something on an SD card,
where it had all the files stored.
And right next to that was a list of all the computers
that owned each file.
And one of them was called ManagerPC.
And I was like, oh, praise the Lord.
There it is.
Because ManagerPC was a host name.
So even though I had no idea what the IP address was,
which actually turned out to be really bizarre.
So I'm not in shame that I couldn't find it.
I could just hit the host name.
And more importantly,
it was the manager's PC, which means,
oh, it doesn't mean.
But managers are usually not the most technically savvy people.
And they usually have weak passwords, like password.
And I find that they always forget to turn their computer off.
And this was kind of self explanatory.
But ManagerPC is a convention that Windows
way used to name things.
Like if your username is, you know,
Drake and Newbus, it will suggest, well,
do you want a computer Drake and Newbus PC
when you're setting it up?
So now I knew that was Windows,
but that was pretty obvious.
You know, it could have been Mac, I suppose.
But it's probably Windows in the Office environment.
But I also had his username,
or her username, I suppose,
which was also really helpful, too,
or at least it ended up being helpful.
Oh, and I should point out, by the way,
you would just expect to find the IP addresses
in the router,
but I couldn't find it because this particular computer
had a static IP address.
So it wasn't showing up in DCHP,
the DCHP tables.
So.
DHCP.
DHCP, thank you.
Dynamic host, something protocol.
Control protocol.
Thank you.
See, this is why I keep you around,
because you're on the ball today.
No, thank you.
I know you were spending too much time at the pool,
but I got it.
God.
Well, I spent the time before I worked,
and I'll go into later,
but anyway, so,
I was like really excited that I found this,
and I go, man, I bet I can ping this shit,
and show it up.
I pinged it right in the face,
and I was like,
and I was like really getting into this.
And mind you,
unlike sitting there on my laptop,
outside of this office complex,
and like there's like a parking,
a parking lot,
an actual park right there,
and kids were like tossing a beach ball right on some kids.
Like, hey, mister, you want to play tag?
I'm like, no, kid, I'm saving the world.
Get lost.
Okay.
Or something like that, you know,
and I'm trying to act on nonchalant.
And my mind's like, oh, man,
there's probably like a bilgan metasploit package
is for this.
I know some people I can call,
or God help me if it's like an unpatched window
as X-P machine,
where you can just look at it funny.
It was just to tell you all the secrets.
Yes, it will.
Yes, it will.
Yes, it will.
Yeah, will.
So, I ended up setting up an SSH tunnel,
which is really cool,
where I identify, I specify a port on my local machine,
and that same port is specified on,
whatever I'm messaging into.
So, if I hit a port on my laptop,
it forwards the router,
and then comes out of the router
as if my laptop was plugged into their network.
It's called a port tunneling report forwarding.
But I bound this to port 3389,
and I was hitting it with our admin.
Do you happen to know the significance
of port 3389 offhand?
I do not.
Take a guess.
What do you think the most valuable port
would be to hit on a machine you're trying to get access to?
RDP.
That's the one.
3389 has been the default RDP port
since Windows 2000 or NT or something.
Wow, you actually taught me something today,
because I didn't know of them.
Yeah, fun trivia.
Do you know what NT stands for?
I do not.
New technology.
Oh, yeah, I knew that.
I read that in a book called,
this is how lame I am.
I have a book called,
Show Stoppers,
The Breakneck Race to Create,
Windows NT,
and the Next Generation at Microsoft.
And why did you read this book?
It's a really exciting book.
It's actually really funny how they managed to create Windows NT.
Okay.
All right, how's it?
Okay, moving on.
You're moving on.
So I hit this port.
If I had actually done this,
which I did.
But I hit the port.
And it bounces back.
Our admin does,
with one of the blue default Windows login prompts saying
that you have the wrong password,
which was great.
Not that I had the wrong password.
But it was great that it worked,
which means that RDP was running on the target machine.
And the default password was just because
it lodged in blank without me specifying it.
And I had the manager's user name,
which was manager,
from the host name of the computer.
So it only took me a couple of minutes to try reasonable passwords.
It turned out to be the password
that was actually the number of the suite
in the office building
where the management complex was.
So that wasn't too hard to figure out.
And on his desktop,
which was actually either really clean
or he never actually used this computer,
which is possibly more probable,
was this icon that looked like a door
and had the name of the company
who was on the key card.
So that was very clearly the controller.
It was like right there.
It was like jackpot.
Thank you very much, man.
Yeah.
I'm sure he never even,
or he or she,
maybe she never even actually used it
because, you know,
I'm sure they have some underling that manages this,
but they might want to feel the power
and have it right there.
So I opened this up
and it asked me for a login prompt.
And I tried, you know,
admin password,
the manager's credentials I worked before
and nothing was going in.
I was thinking,
well, I could a key logger,
a social engineer or something,
or the application looks stupid.
It probably just stores the password
in a text file somewhere or something,
or a registry key.
But I ended up finding
the actual owner's manual to the thing online,
and they had a section on how to reset your password.
And in this section,
like printed in the,
well, this is a PDF,
but it would have been printed in the manual,
was essentially a root password
or a super user password to this system
that was like,
it was complicated to change this password,
and it was just like,
I forget what the actual thing was,
but you typed this in,
and this is like,
the highest level you can have in this thing,
your account doesn't leave logs,
you can disable any account you want,
you have unfettered access to anything,
it was like insane,
it was great.
But this was like,
anyway, the application was fantastic,
it automatically synced with the hardware controller,
and it started displaying every name in the system,
every card number,
logs,
you could do almost real-time views
of every door in the area,
so you could watch people walk in and out of things,
a doors click open and click closed,
you could see who had elevated privileges
when they were used,
when people were going into places
where you wouldn't expect them to be,
it was really actually kind of cool.
That would have been really handy.
But more importantly,
it had what I was looking for in their first place,
which was what's called,
what they call a live control panel,
that lets you select any door,
and specify a state,
so you can use it for emergency unlock,
or emergency lock down,
but in my case,
you could say, you know,
pull a door,
and press the obnoxiously big open button,
and it would just keep the door open,
it would just hold it open
until you hit the close button.
It was no trace.
What's that?
Hypothetically,
could you have set it on a timer
where you had it pop open
at a particular time on a particular day?
Yes, you could have,
because that's how they controlled the people
getting in and out.
They had timers that said,
after this hour,
keep it closed unless, you know,
this event occurred in the event was,
if you see management,
or if you see security,
or someone else,
but yeah, you could have,
but that would have been in the group section,
and I thought that they might try that,
or I would have thought this had this had happened.
So, I played with this feature,
and you can actually open and close doors
without creating a card event,
because no card was present.
The door just opened and closed,
because you told it to,
there was no log of this,
because nothing actually logs
the physical movement of the latch,
just whether or not a card
tripped it or not.
Right.
So, with some hypothetical balancing and routing,
I had the ability to access
our remote computer on my iPhone,
and now your remote computer
is just topping into this computer,
and what I would do
is I could hold my card up to the reader,
it would say denied.
I could tap the button on my phone,
the reader wouldn't make any noise,
but you could, you know,
silently pull the door open,
because it was holding the lock back.
And the reason you held up your card
was for what's called plausible deniability.
So, if you ever get stopped by security,
you could say,
oh, I don't know,
I held my card up,
and the reader made a funny noise,
but then the door opened,
so I thought it was okay.
And if they checked the logs,
they'll say, yeah, there is the card,
and the door opened,
that's weird.
But,
if you hadn't done this,
and like you got caught,
they look at the logs and say,
well, that's funny.
No one ever swiped their card to get in.
That's kind of strange.
And you don't want to be like a ghost in the pool,
so you have to make it look like it was a system area.
So, you know what I'm saying?
Right, yeah.
And it would always, you know,
look kind of funny on the camera,
if you just like tapped your phone and that.
Yeah, exactly.
There were no cameras anywhere in the area,
but there was one further,
and it wouldn't have seen anything
how they think about it.
But,
because it was actually kind of,
it was looking,
yeah, hypothetically,
it would have been looking for people
smoking pop by the bathroom, I think.
But no, it was,
the whole thing worked out very, very well.
And I was just surprised how complex
these door systems were.
Yeah.
I used to,
and another story for another day,
but I used to work for a correctional facility.
And we had fun with the door controls.
Actually,
there's not a curiosity.
What was the company name that provided you those doors?
I could probably look,
kind of rust out my head.
Okay, probably,
now that I think about it,
the probably wasn't the one I'm thinking of
because they service,
I think Southern California only,
so never mind.
And actually,
I don't know.
We'll talk about this later off show.
All right, we'll talk about that.
Anyway.
Anyway.
That was kind of cool.
The second story I have,
which is a lot.
Well, can I interject,
interject a couple of shorts?
Yes,
interject all the way.
All right.
Well, I have a couple of,
now that you've been telling story time,
I'll tell a couple of stories on mine.
That's a long time ago inigma.
Yeah, yeah, yeah.
Well,
you turned a thought
when you said that copier.
Yeah, that copier in your story.
So my fun back in college.
And this was technically sort of legal.
Like they knew I was doing it.
So it made me kind of happen.
So it did happen.
It's just, you know,
it was,
it was all about board.
I was in an ethical hacking class.
So, you know,
I was toying around on the network.
Anyway,
I was bored one day,
but I actually audited the ethical hacking class a couple times
when I was in college,
because I was bored.
And I knew the teacher very well.
So I just kind of screwed around in the back of class
while they were working.
Anyway,
so these,
these big laserjet printers
that they have in,
in some of the colleges,
that, you know,
it's just the desktop laserjet,
like the HP,
like laserjet.
I don't remember the model number.
Anyway.
Is this story going to go into the LCD screens by any chance?
It is going to go into LCD screens.
Oh, okay.
So do you remember iron geeks,
thing you did a while ago
with Freaknik,
where he changed, like,
LED screens?
Yeah, I,
I, I,
I vaguely remember something
regarding iron geek.
And I remember it was on Paul.com too,
for a while.
And I remember that,
there was certain HP printers
you could change the LCD screen,
anything you wanted.
And I would always change,
then this was a long time ago.
I would always change the ones
in my high school to say,
insert 25 cents
and throw people off.
Well, I,
I did the whole,
I am God thing.
But,
that's pretty good.
Anyway.
So,
I just wanted to mention a couple things about HP printers
because they're,
they're really cool to play with.
Yes.
You can,
tell net
to the,
if it has port 9100 open,
which is the,
the,
what's called,
it's the protocol,
these printers use.
PCL.
PCL.
PCL.
PCL and,
PCL and,
P,
JL.
You can,
tell net to these
and they have,
usually they have no password protection whatsoever on it.
So, you just tell net
to the port
and you can send commands
to the printer.
Oh, PCL.
That's printer command language.
Yes.
You said command,
I thought of it.
Yeah, PCL.
So, like,
if you tell net to that port
and send commands to it,
most of the time,
if there's no user name
and password on it,
you can,
you know,
just send random commands to this printer.
Like, one.
You can, well,
first off,
you can print from command line,
which is kind of cool.
Like,
echo hello or something?
Yep.
Yep.
You can do that.
That's cool.
Yep.
You can, you know,
type a little message,
send it to the printer
and it'll print it out,
which is kind of,
you can also
cat your entire hard drive
to the printer,
which not saying that
I ever did that,
theoretically possible.
Oh, so it will just,
like, start spewing
anything you put there.
Oh, yeah, yeah, yeah.
Oh.
So, so,
like, catting your entire hard drive,
not saying that,
that I ever did this,
but...
No, that'd be wrong.
Only a mean person would do that.
Or if you did it
from multiple machines
at the same time,
would be really wrong.
The printer must just crash after that.
I can't.
Yeah, yeah.
It, um, you can basically
toss a printer that way.
Because it only has so much buffer.
Yes.
Yes.
You can override the buffer.
Um,
anyway,
you can also
change the little,
like we talked about,
the little,
um,
display screen to say whatever.
Um,
although,
that isn't as cool
as you would think,
because all they have to do
is turn the printer on,
turn the printer back off,
and it clears it.
Yeah.
It's only stored in RAM.
You would be surprised,
well, maybe not in an office,
but, uh,
you'd be surprised how many high school students
don't want to touch the power button
of anything, though.
True.
Or librarians for that back.
Well, like, I was,
I was toying around with this
and, and I showed the,
the, they have a little student
admin at my college.
And, um,
I, I was screwing
with him one day,
and I changed it,
and I said,
come here and take a look at this.
And, uh,
he saw it and smoked at me,
and then he's like,
well,
well, how are you going to fix it?
And, uh,
I should,
shake my shoulders,
and, and he's like,
and he turns it off,
and turns it back on,
and I was kind of depressed,
because I was like,
all proud,
and it's,
that easy.
Like a, like a,
like a bash script or something.
Yeah.
Well, I'm,
if I ever get back to it,
I want,
it's got to be stored,
that information has got to be
stored somewhere on the hard drive.
Like, somewhere,
it's got to exist,
where it says,
ready.
So if you could overwrite that,
and make it always say that.
Uh, I said,
I bet you it's in the firmware
somewhere.
You could probably get a,
a copy of the firmware modified.
Actually, you could probably
just run through it with hex,
and look for ASCII screen.
Ask, ask, ask,
you could probably do that.
But anyway,
another topic,
or the other,
um, thing I wanted to talk about,
with these printers,
is they have,
surprisingly large hard drives.
Um,
I believe the one I was
toying around,
we'd had something
to the,
to the realm of 20 gig,
of space.
No.
Yeah.
I've said,
okay, you're talking about, like,
hard drive space and not RAM,
because I've seen printers
with RAM that's like up to like,
512 megabytes,
but never hard drives.
No, no, hard drive space.
Why?
These are the network printers.
They store the jobs
on the hard drive.
I want to print,
but just not right now,
maybe a couple of weeks.
Well, you can say,
print jobs.
Uh, ahh, ahh, ahh, ahh,
eh?
I might, it might
have been 10 gig.
I don't know.
It was, it was,
oh, it was, it was,
it was, it was, it was,
give me a use case scenario.
I don't know,
I don't know why this
would ever be existence,
but they have surprisingly
large hard drives.
Um,
so,
they all have Web server.
Mm-hmm.
Most,
and most of these network printers
If we're like admin and such, yeah, most of them are not protected password wise that you can just you know go to the web page and
Do whatever so theoretically you have this file server sitting on your network with you know X number of space sure
So you could theoretically hide files there that you didn't want anyone to know about because who's gonna think about
Think about looking at the printer's hard drive
That's not bad. Oh, thank you. I try not saying that I ever do such things but you know
Hypothetically you can store information there and no one would ever know the wiser
Well, I wanted to be it's not like I scuzzy and boot from it. You almost probably could
Probably could never try it, but anyways, so my second story is
you know this the
Going into like some apartment complexes. You have the little keypads the yes, I'm familiar with the keypads the
For the for the gates. Yes
You know, they're controlled by dtm f-tones, right? Yeah, what's his name gave a talk at tour kind of like a year to go?
Who's that guy we both know a savant savant? Okay. Yeah, I didn't know he gave a talk about this
But anyway, my my story hypothetically
This one is very hypothetical because it involves
Very hypothetical. That's like that's like being very pregnant
an emergency vehicle tone so a lot of the
The gate controls have
An override so yes, you would have like a all the emergency vehicle has to do is like chirp their horn and
It'll open quick side thing a lot of them have what are called merts or opticoms
Which are things that look for a certain flashing light pattern, which we'll tie into what I'll talk about eventually later
Okay, but not today anyway
So
Hypothetically you could get a tone from an emergency vehicle go up to the said device and play it back and
It'll open the gate
Yeah, I bet it would I've heard that you can even that some of them like you know how
You can in some places call a lot of part and a apartment and say oh, yeah
Hey, Sally it's me open the door and she can press like three on her phone the door open
Yeah, I've heard that and sometimes you can actually just like hit three on your cell phone
And if it actually makes a dtmf tone and not just a generic tone that they will just hear that and then open the door
Oh, that's cool. I think I heard that sometimes. I'll have to try that
They're also very you know, you don't even have to go to that extent most of them are just a standard keypad and you can pretty much guess
Like in my apartment complex it's four digit and a pound so if you know the
The combination you can pretty much you know brute force it and get in. I mean I use one two three and four all blank keys
I'll rubbed off from being pressed too much. That's a weird. Well, no. I used to use
1111 or four ones and it would get me in so I would intentionally I have a code
But I would intentionally not use the code to see how many codes I could get and I have like two or three
That's not bad. You know this never happening to be one time
I didn't get access to someone's voicemail
He's just on a by almost by accident just like
Dolly two five eight zero, which is right down the center of the keypad
So this is never gonna work. So so this is like a Paris Hilton
email story kind of although that was done with spoofing caller ID with that's
An assigned note. I just found that you can buy a hard drive for an HP printer
That's 80 gig and it comes built with a 128 bit a yes encryption. See exactly
Doesn't make it okay. It makes it you know how much does think oh my god this thing costs $700
So so you're you're busting on me for saying I had a like a 10 gig like why would you ever need a 10 gig
printer and there's an 80 gig
Oh my god, what is this 70 divided by eight? That's got to be like oh my god
That's like $10 gig. It's got to it's got to write, you know the jobs like if you save a job
It's got to write it somewhere. So it's gonna write it to disk
So if you have a very large right to if you send it a job, it's writing to Ram
No, no, but I'm saying if you save the job like you can save a print job on a printer
I can't imagine why you want to do that. I don't know why you would want to do that either
I can't think of a practical application, but
But yes, theoretically, you know
It's a very large file server sitting on the network basically unprotected and
Kind of cool. We're not this one. This one's the HP secure disk. It's protected. Well, I guess when it's plugged in
It's not protected. Okay, so when it's plugged in and you have access to the drive
Yeah, I'm sure you have a secure
file storage
So if anybody wanted to steal the hard drive, they couldn't get it
Couldn't get the data off, but yeah, yeah, good times. Anyway, you can go into your story because I'm done
Yeah, this reminds me of the story I was planning on telling anyway, which is related to
Last year's tour con which is a it's like a miniature defcon in San Diego
It's just a hacker convention and they had a guess how many candy corner in the jar and went up on you or something contest
And I was there with jolly
It was when something stupid, which I never got by the way I need to get on Geo's ass and see where my free thing is
But I was with the jolly from a jollylife.com link in the show. Okay, so that was a very shameless plug, by the way
Just for a friend, you know, his website is not like it. It's not it's just bash scripts. You might need it's nothing worth plugging there
But he's just a really cool guy. Okay, all right all out and I was there with his brother. I'm glad I had your consent. I'll get you a stamp
His brother who's just this wicked cool guy and I regret not having more time to spend with them, but
So we're down there and we're just kind of hanging out and they approached me at one point like oh
I think I walked out of a talk or something like they stopped me in the hallway all she like dude
We took pictures of the candy corn thing. Let's go back. We'll do some like volumetric math
It will be able to calculate exactly how much is in there and just like being a sarcastic ass
I'm like why don't you just like switch the damn bottles and they started cracking up and laughing
And I just kind of roll with the pretend it was actually my original idea and then as we were walking talking about the more we talked about the more
It actually seemed plausible
Because we knew that it was a jar of a peanuts jar with you know the actual peanuts brand with peanuts in it because the way it was shaped and the glue residue and
Had some crumbs in the bottom that we identified as peanuts. We actually we were walking around saying
I do know these crumbs and people like oh, yeah, those are peanut crumbs like okay, it's peanuts. So
Jolly's brother who lived in the area was like well, let's go to the store and he he said actually suggested
The Albert sins which was kind of farther away, but we went to a closer store
They didn't have it and we were kind of sweating. I'm like oh man
We need to find this pinch because we did that where they either bought the peanuts here or they came from some weird store somewhere else
Which is if I was doing so would have if I had the option
We've gotten the peanuts from something weird a store. I could find so that no one could do what we did
But we're like okay crap. We need to find this this peanut jar and
We end up I remember why we thought it to get a separate jar
We thought to get a second jar because they're like well
What if we can go find a matching jar filled with candy corn and can't that count that and I said well
If you're going to do that why don't you just switch them and that's what we can't the idea, but anyway
So we're walking out of this like 7-Eleven or whatever kind of sweat. I'm like oh, we got to find this thing
So as we're walking to my car. I'm calling people on the phone. Man, do you have any peanuts? And they're like no drink
I don't have any peanuts. Okay, fine and then I found that one of my friends called another friend
So I got this funny call from Drake
He was all freaked out asking for peanuts and the guys like oh, what hold on having the call to me man
Do you have any peanuts? No drink on how many peanuts? I just doing that just calm people all day knowing had a peanuts jar
But so we show up at Albertson which is this grocery store like burst in and I should add that Jolly and his brother look like
Terrorist like just imagine like a terrorist and that's what Jolly looks like almost
It's the whole scraggly beard and everything
So like running we're running through the store like bulking for the peanut section
We're like where is it? I think it's that way I just running through the store and the manager comes on goes
Oh sweep all aisles and sweep all aisles out at Albertson's grocery store at the nationwide chain
Is code for this a security problem and I know this because I friend of mine used to work there
So they saw us run into the store saying where is it that way and that was a security thing
But we end up running down we found jars that looked at the same and then we found jars that were the same
So we're pulling all the jars off the shelf looking for the perfect matching jar
I'm going through photos I know that jars too weird that jars too funny
And we found one that not only was it a perfect match it was the last one in the back
But we were matching these so closely that on the bottom next to the recycle logo in bossed on the bottom of the jar
It has a number which I'm guessing is the lot number like they print you know
This is a lot three five seven or three five eights or quality control can go back and find it
We found a jar that matched that lot number
So he'd add a picture of the of the jar that bought and they had a lot number on it on his camera
She's like oh, that's how matched it was and the glue was in the same spot and everything like perfect
So we ended up buying this we bought some candy corn there because we figured if they bought the jar
They must have bought the candy corn there too
And we like go back to jolly's brother's apartment and it's it's not that I don't know jolly's brother's name
But they're both named jolly so I have to distinguish between the two
But so we're in his apartment like it's must I don't know how late it was
And we're like dumb guy the jar and we're filling it up with candy corn counting how many we put in then we go back to the convention center
I paid for parking again. I should point I'm supposed to spend like a thousand dollars in parking this weekend
But we go back there. Oh, don't free tip a
Friend of mine I was trying to like social engineer the parking guy to give me just a limb back in for free
And I didn't work out well
But if you want to get into a parking garage for free because a friend of mine used to have this job
What you want to say is
I own this place or a friend of mine owns this place or a friend of mine owns a store in this place
I'm going to him because they almost never know who actually owns the restaurants there
But if you say you're the owner, they're supposed to let you in. So free tip. Okay. I'll remember that
Yeah, but that's that's actually kind of value
We can say like 10 bucks downtown San Diego, but so we go down there and we go up to the top
Thinking that somehow we can like switch the jars or something
We ended up talking to this who's this really cool guy and is super shady in some respects
And he showed us how to actually palm a switch and switch the jars like so we need to get their jar to to count how many candy corn they had
and
Fortunately for us this was actually the official
Staff photographer, so he goes, okay, and the candy corn jars right there in front of everyone
So he can't do this kind of shit and he goes, okay, everyone we need a group picture. Everyone look this way
I mean over here and move is like way off to one side everyone turns look at him and then right on cue
Jolly makes the switch
Twice and gets the two things confused and Jolly's gonna fuck which one is it so we run over and we're arguing about it
This is like okay, need one more oh wait, wait, everyone everyone look this way. I need one more hold on framing it still framing
Like look at this like what the and this I have to I have to give this some serious props
He I made it sound like he was being like over dramatic about that
But he was really slick no one turned around
We got it sorted out. We got away from there and
Today of Jolly credit. I probably couldn't done much better, but it's funny because in the actual pictures
He was taking. He was really taking pictures. You can see us in the background like just Jolly did we run over like oh
Fuck what we do and then we just got the one candy corn sitting in a different position
It's really funny off to post the pictures in the show that's why I can get them Jolly
But uh, so we have their drama go back down to my car
We're just sitting in the back of the parking lot like in my car with the light on counting candy corn
And we had the system set up like you know you count how many candy corn you also count them and they will compare numbers and see if anyone's off and
I kept eating them, but
It was perfect because we had their jar
So we know how many they think they have and they had our jar
So we know how many they actually have so we go back to the the betting table the next day
Because a lot of times passing here mind you
Um, I need to stop paying for these talks. I never go to my
Decorative candy corn
Um, but you're supposed to put money down like five bucks and then you um, you know
You you catch a number of herbers closes gets the thing
So we're like okay, we got 15 bucks. There's three of us
We all want to pick the same number and he's like you look at us like we're insane like you can't do that like no no
We all need the same number
You understand me. He's like this guy staring at me and then like okay
I'm going to give you this much and I just got I just let him extra 20 across the table
We need his number and two is credit. I'm sure he put the 20 in the tour con foundation thing
But he just looked at us if we're absolutely insane and put us in turn now he put us all on one um thing and spreadsheet
Like so conspicuous as hell because there's all these amounts all over the place
And then just this one line that has three names on it right for this one amount
Then everyone and you can see people walk over and look at the amount look at us look at the amount and go oh like crap. That's weird
So at the end but at the end
Um when they're announcing the actual value and the thing geo who's the one of the um
Conference organizers actually announced to the wrong number and we're like what
But that's not right. Yeah, we stuff and I'm like you have the wrong number. He's like how do you know
I mean in july has the actual jar and holds it up and the whole place just started breaking out laughing and um
We want we never to get to the bottom of why their number. It wasn't even like kind of off
It was off by like 200 candy chords. It was bizarre. It was like twice sure you had the right jar
Oh, we had the right no we had it down perfectly it was it was they just miscounted
Um because the because the value in uh their jar and our jar ended up being close to the same because the candy corn was the same and the volume of the jar was the same
But they were off by some amount that couldn't even fit in the jar. I mean it was impossible. I'm probably sure they just guessed and did that but um
Long story short now that I remember it. Geo owes me in july like a free tour of contrast or something
But I thought that was pretty clever
So they actually you know applauded you for for your sneakers. Yeah, they actually I can
Oh, it's it's a hacker conference. It's it's uh, so you're underhanded underhandedness uh paid off
Quite literally. That's how we did the switch we had july was walked up with the the candy corn situated under one hand and
Man should do the switch that so this is the only um
Only time or only con in the in the world that you can actually get applauded for your
Creativeness of stealing candy corn
That's right. Okay. All right. It was it was fun. Good good times. Good times
Anyway, I actually it's this took longer than I thought it was because the stories ran long
But I actually need to run out of here. So let's wrap the show up. Well cheese. You're leaving me uh hanging here
All right, oh yeah, I really failed this weekend. Yeah, you're failed. You're sitting by the by the pole and you know hanging out
So what is your topic going to be next weekend the topic that couldn't be done? I am not going to
I'm gonna save that for next week
because I actually have two ideas and
I have one fleshed out sort of kind of and then the other is I thought of while we were doing the show today at this week, so
All right, so we'll we'll we'll talk next week then. Oh, okay. I'll see you next week. All right
Oh, um, I need to plug the website hackradiolive.org go there sign up for things the show notes of great
I own them both. I own a bunch of domains. I'll I cover our bases here and also also plugging uh, you know
Most of our listeners coming from hackerpublicradio.org
That is true plug that. What's the address?
www hackerpublicradio.org
Good place to go. I recommend you go there and then go to the other side. That's better. Oh, okay. Well, hey
You're all see you next week. I'm I can't hear you. I can only hear you next week. Fine. All right
When the science will do and I look up there, it makes me glad I love you. I the experiments to learn
There is research to be done on the people who are still alive
Reference in New Issue View Git Blame Copy Permalink