Category Archives: Tech

Technology related stuff

Consolidating Gmails

I’ve been using Gmail for a pretty long time now.  And over the years I’ve accumulated several random gmail addresses (palmerforpresident@gmail.com; eric.vanbergen@gmail.com; vanberge@gmail.com, vanberge@comcast.net, etc.)

So today I finally took a much needed step to combine all those accounts into my main Gmail account.  First, I set every one of my other gmail addresses to simply forward to vanberge@gmail.com (and to delete the original copy).  Then, I used Gmail’s “Send email as” feature to allow me to send email from any of my email addresses from my main account.

Now I can stop managing all these random Gmail accounts I’ve created over the years.   A small step that I should have taken quite awhile ago, but later is better than never I guess.

Google Chrome

While I am not the biggest fan of the name, I am completely sold on Google’s new web browser: Chrome.

I can’t believe I didn’t hear about this sooner, But this morning on FOX17’s morning show I heard “Google is planning to launch a new internet browser… etc.”  And that it was launching TODAY.  How could I have missed that?  How could I not have heard about this?   It was a pretty nice surprise today because I really like Google’s products across the board.  Reader, Calendar, Gmail, Docs, Sync, Browser Sync (formerly), Analytics, Adsense, Maps – The list just goes on and on.   Add to the list, Chrome.

I seriously downloaded this browser the minute that the download page worked (it had redirected to google’s default search homepage) and I instantly installed and began using Chrome at work on my Windows Vista workstation.  

My first impressions are as follows:
The browser has the best layout that I have ever seen in a web browser.  The tabs are placed above the address bar and there is almost no wasted space for the controls.  When the browser is maximized, I almost feel like it’s missing completely, in a good way – The browser itself becomes secondary, to the point where the web content is the only focus.  I caught myself saying “oh, yea…  I’m using a browser’

The bookmarks/favorites functionality is pretty basic and does leave a little bit to be desired. But hopefully future enhancements will include automatic syncing with my google bookmarks.

It’s pretty easy to tell that much of the browsing and plugin engine components are the same as firefox.  Installing a flash plugin really reminded me of the same process that firefox uses.  Not a bad thing by any means.

The configuration and options are fairly vanilla – there’s not alot you can customize or change using this browser.  But, at the same time i don’t find myself wanting to make any changes.  It’s a simple, clean, easy to use web browser that runs very efficiently, is very light weight, and allows you to control each browser related process running inside it.

Overall, I’m very impressed so far with just an hour or so of usage.  I’m pretty sure this browser will be pulling market share pretty significantly in the coming months.  Google is really in a pretty good spot to dent Microsoft hard.  If i were google, i’d be putting a ton of resources into making a lightweight, web-focused operating system.  With the reputation Google has built up, and the quality of the products they have put out continuously, releasing an OS would completely shake up the tech industry at the consumer level.

Keep up the good work Google!

Hacking with Metasploit

Have you ever thought to yourself “Hmm… I wonder if I could ‘hack’ into another computer” ?

Trust me, you can.

But before telling you how, I want to state that the tactics described in the following text could very easily be used for malicious and/or illegal activities.  With that said, this information should only be used for educational and/or testing purposes.  Metasploit is a very valuable security research and exploit testing tool.  I am not responsible should you decide to use it in negative ways.  Never apply this information to access a system you are not authorized to use.

With the politics out of the way, let’s get down to business.

1.  Find your “target” – in this case, I have built a toshiba laptop to run a completely vanilla Windows XP installation with no service packs or updates of any kind.

2.  Download Metasploit and install it per the installation instructions.  There are versions for Linux, Windows, and Mac OS.  The remainder of these steps will be shown using the Linux version (Ubuntu 8.04).

3.  Launch Metasploit. Version 3 actually has a GUI tool to make things PAINFULLY easy, so we’ll keep with command line to show some respect.  Launch the GUI if you wish…  many of the options are the same, it’s just offendingly easy to use.  You can see below that my linux command prompt at the top of the window, and the metasploit console at the bottom where we can get started.

4.  Pick your exploit of choice. This will depend greatly on your target’s OS and patch levels.  type “show exploits” at the metasploit command prompt to get a full listing.  To use an exploit, just type “use exploit_name”.  I picked a Windows SMB exploit as you can see below.  Notice how the command prompt changes to reflect the exploit you’ve chosen.

5.  Set your options and payload.  Type “show options” and look for anything that migh need to be set.  Most likely you’ll at least have to set the target (RHOST) to the IP of your hacking target.  Set the options by typing “set optionname optionvalue” – or in this case: “set RHOST 192.168.1.144”.  Now our exploit attempt will be directed at that IP address.

You’ll also need a payload – a way to use the exploit to get access to the target machine.  This is usually a command shell, VNC session, or could even be dll injection or adding an administrative user.  To see a list of all payloads, just type “show  payloads”.  Once you find one you like, just type “set payload payload_name”.  For this test, I’ve used the windows tcp shell bind.

6.  Double check everything and exploit.  Type ‘show options’ one last time and make sure there are not any required options left blank.  Sometimes a payload will require additional settings.  Once you’re sure everything has been set correctly, just type the magic word:  exploit.  Watch as the exploit code runs; and look for the “Command Shell Session 1 Opened” text as shown below.  This means the hack has been successful.

7. Connect to the hacked target.  If you are using Metasploit for Windows; you’re automatically taken to the command shell of the hacked target.  However, in Linux we have to connect to the session manually.  To see your hack session, type “sessions -l”  (dash lowercase L).  You’ll see your list of sessions shown in the output.  Once you see your shell session, just type “sessions -i 1” to connect to session number one.  See below:

Notice how the prompt has changed to a windows command prompt? Yeah, that means you’ve just hacked a computer.

Online Overload

Last week when I had trouble sleeping I spent a fair amount of time surfing the internet for whatever I could find. This eventually lead me to Drist’s myspace page where I fully intended on sending them a ‘myspace message’ telling them they had to put some of their songs on RockBand ASAP.

Back up just a bit – for those of you who do not know me, I despise myspace.  I’ve always hated it.  HATED it.  Almost unexplainably.  I can’t even really put my finger on why – but part of it is people that put 8 million pictures/videos/songs on their ‘space’ and crash my dual core 2GB RAM computer.

Anyway – In order to send Drist a message, I would have to take the ultimate plunge of debauchery and create my own ‘space’.  After some reluctance, I did the unthinkable  Vanberge, the eternal hater and shunner of myspace fire death created a myspace account.  I then added Vanbergs as a friend and sent one of my favorite bands in the world a myspace message pleading them to put songs out for RockBand downloadable content.

That was just the beginning…

In the last 4 days I have signed up for and begun using a plethora of online services.  This includes (see sidebar) Digg, Twitter, Last.fm, LinkedIn, and of course… Myspace.

Until now, I’ve really sort of avoided the ‘online community’ side of the internet.  I’ve stuck to things I know and really haven’t tried anything new – primarily I’m an emailer and then I maintain this website – and that’s been it.  And actually, it’s too bad I’ve waited so long to start exploring the further reaches of the internet.  I’ve found myself enjoying embracing these communities and will no doubt continue to do so (well, I may not keep my ‘space’).  But things like last.fm, twitter, and linkedin will probably stay part of my daily web activity for some time to come.

With the expansion into the online world, I began also looking for ways to consolidate my online activity into a more efficient means.  Typing URL after URL into the address bar is a very inefficient means of getting things done online.  Google reader has already helped me with this, but I felt there was more room for improvement.  In the end, I added and reorganized bookmarks into folders that I can easily ‘open all in tabs’.  I then used FoxMarks to continuously sync my bookmarks between all of my firefox browsers (since Google browser sync has been discontinued) – and then finally I downloaded Opera mini, a much improved web browser for my Blackberry 8830 which installs in seconds and absolutely dwarfs the default RIM browser.

Thanks to everyone who no doubt accepted the several invite/friend requests for these various online accounts I’ve finally decided to start using.

Overteched

This week has been nothing short of an overload on my sensory nervous system from a technical standpoint.

The week started with a drive to Detroit, where I proceeded to reside for the remainder of the workweek. I was attending a VMware training course since my company is going to invest fairly heavily in virtualization this year. The class was an ‘advanced’ course with accelerated curriculum. Long story short, I had VMware jammed at me from 8a.m.-6p.m. 5 days straight. Normally a structure like this would be result in a distinct lack of sanity – however, with VMware the class was actually very enjoyable and interesting for me. The entire concept of virtualizing operating systems is fascinating to me, and it really is changing (or, has already changed) the entire IT industry.

In a sense, this course almost motivated me. The very second I got home on Friday evening I started to mess around with my own home network. Here I sit on Saturday evening with an upgraded Destkop computer (Ubuntu 8.04), a new Ubuntu 8.04 server running on a spare 2 ghz workstation we have, and a fairly cool home network.

I now have all my media and documents centralized on this Ubuntu server, and I’ve published that using NFS so the files are accessible from both my laptop and my desktop computers. It’s been a learning experience for me because I’ve worked with Windows server systems for so long, but it’s been really fun for me to tinker around with Ubuntu from a server OS perspective.

I went even further and also set the server up to take over DHCP and DNS (vs my netgear router giving out IPs and resolving names), installed apache web server, added a web based management front end called eBox, installed MediaWiki, and finally added a cool little “Chat with Eric” applet that I had noticed Google published for their Google talk service. (click on the About page, it’s there too)

A little odd for me to start on a tech bender like this, especially since I was over-loaded with tech info all week long.

Either way, it’s been fun.

Clientless

For over 10 years, I’ve embraced an email client..

During that timeframe, the elder VanBergen fought and conquered these demonic beasts with poise, confidence, and heavy optimism.  From the taming of Outlook express 5, to the lashing of Eudora 6.0, across the lands of Novell’s GroupWise, through the sea of Outook Professional, and finally up the hill of the Thunderbird…  Many an email clients have been fought, hacked and re-configured to do my worst biddings.

These days of yore – of olde tymes – of clients and email – are no more.

I have been using Google’s Gmail since sometime in 2004.  However, I’ve almost always used a client to download the messages via POP3.  I can’t really say why… I guess old habits die hard.  Even in the first part of this year I was using thunderbird to pull down my gmail, as well as my RSS feeds.  As Google continues to improve their products and expand their capabilities, I see more of a benefit to going “ClientLess”.  Oddly enough, it was discussions over this weekend with a couple friends (flo, vanlandw) that really got me thinking about this switch.

I now have an iGoogle home page with front page gadgets giving me access to my email, my rss feeds, and all kinds of extra content like Netflix releases, weather, calendaring, and even a pac-man game.  Now, I’ve only been using this setup for about a day now – but so far there are no downsides to absorbing electronic content in this fashion vs. a client.

Google continues to amaze me with their products, and I continue to drink the kool aid.