Tuesday, 20 December 2011

The record breaking Lego Christmas tree

I am on my way to Derby and just saw this amazing Lego structure in the London st.Pancras train station.

Friday, 16 December 2011

Install and configure trac on Linux/Ubuntu 11.10

In this blog post I am going to explain about how to install 'trac' on linux. 'trac' is a nice project management tool which is written in python, that can be used to track your projects. And it is open-source :D (Win)

I am using 'trac' with 'git' revision control system, for my project. In my next blog post I will be explain how to use 'trac' along with 'git', using the 'GitPlugin'

 Ok, now if you follow the following instructions hopefully you will have a working 'trac' site.

Install 'trac'
Make sure you have the latest version of python installed, otherwise apt will install an older version of 'trac'

      sudo apt-get install python python-babel trac

Yes, apt may ask you to install few dependencies including apache2. So please install all of them.

'trac' uses SQLite as its default data store. So if you have not already got it installed. Then do the following

     sudo apt-get install sqlite3

It is possible to get 'trac' working with other database systems. If you are interested, click on the following URL.

Upgrade python packages
There are two ways you can do this

With easy_install
 easy_install Babel

 easy_install Trac


With 'pip'
 pip install --upgrade Babel

 pip install --upgrade Trac

If you have not got pip installed, install pip as follows. Please skip this step if you were successfully able to do the previous step.

 sudo apt-get install python-pip

Now you have successfully installed all the software that you need to run 'trac'.

  Change the directory locations as desired.

 Create a directory for 'trac'
 Then change it's access permissions.

sudo mkdir -p /var/local/trac && chown www-data: /var/local/trac
Initialise the 'trac' environment
 sudo trac-admin /var/local/trac initenv

Now create the configuration file using your favourite text editor. I use emacs.
 sudo emacs /etc/apache2/sites-available/trac

Paste the following code in to it.
<VirtualHost *:80>
 ServerName trac.local
        <Location />
           SetHandler mod_python
           PythonInterpreter main_interpreter
           PythonHandler trac.web.modpython_frontend
           PythonOption TracEnv /var/local/trac
           PythonOption TracEnvParentDir /var/local/trac
           PythonOption TracUriRoot /
           PythonOption TracEnv /var/local/trac
            # PythonOption TracEnvIndexTemplate /var/local/trac/templates/index-template.html
           PythonOption TracLocale en_US.UTF8
           PythonOption PYTHON_EGG_CACHE /tmp
           Order allow,deny
           Allow from all
        <Location /login>
          AuthType Basic
          AuthName "myproject"
          AuthUserFile /var/local/trac/.htpasswd
          Require valid-user

 Now you should have a working 'trac' instance. So check if it works.
      sudo tracd -p 8080 /var/local/trac

[-p] flag specifies the port that this particular 'trac' instance belongs to.
Note: the flag [-p] is same as [-port]

And then go to:


Now you should see the 'trac' instance running.

Adding Authentication
Basic Authorisation

In this case we are going to authorise the 'trac' site with a .htpasswd file.

You have to have 'fcrypt' package installed to decode '.htpasswd'

Creating the '.htpasswd'

 sudo htpasswd -c /var/local/trac/.htpasswd admin

To add more users:
 sudo htpasswd -c /var/local/trac/.htpasswd admin

'htpasswd' creates the flat-file with the username and password that you are given.
[-c]  =  create the password file in the given path.

Start tracd:

 sudo -p 8080 --basic-auth="projectdirectory,path/to/the/.htpasswd,mname" /path/to/the/environment/directory

 In my case, it is

 sudo -p 8080 --basic-auth="trac,/var/local/trac/.htpasswd, admin" path/to/the/environment/directory

 Digest Authentication
 'htdigest' will be used to create the digest file.

 sudo htdigest -c /var/local/trac/.htdigest admin admin
  Now start 'trac' with 'tracd':

 sudo -p 8080 --auth="projectdirectory,path/to/the/.htpasswd, admin" /path/to/the/environment/directory

  So it will be,

 sudo -p 8080 --auth="trac,/var/local/trac/.htpasswd, admin" /var/local/trac

  If you have just one project in 'trac', then use the [-s] flag with the 'tracd', so it will skip the environment list when it starts.
      eg: sudo tracd -s ...........

There we go, we are done :D

Trouble Shooting Errors

If you get following error. It is most likely because of permission issues. So make sure you have given root access when you start your 'trac' instance.

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/trac/web/api.py", line 440, in send_error
    data, 'text/html')
  File "/usr/lib/python2.7/dist-packages/trac/web/chrome.py", line 827, in render_template
    message = req.session.pop('chrome.%s.%d' % (type_, i))
  File "/usr/lib/python2.7/dist-packages/trac/web/api.py", line 216, in __getattr__
    value = self.callbacks[name](self)
  File "/usr/lib/python2.7/dist-packages/trac/web/main.py", line 300, in _get_session
    return Session(self.env, req)
  File "/usr/lib/python2.7/dist-packages/trac/web/session.py", line 198, in __init__
  File "/usr/lib/python2.7/dist-packages/trac/web/session.py", line 219, in get_session
    super(Session, self).get_session(sid, authenticated)
  File "/usr/lib/python2.7/dist-packages/trac/web/session.py", line 61, in get_session
    db = self.env.get_db_cnx()
  File "/usr/lib/python2.7/dist-packages/trac/env.py", line 328, in get_db_cnx
    return get_read_db(self)
  File "/usr/lib/python2.7/dist-packages/trac/db/api.py", line 90, in get_read_db
    return _transaction_local.db or DatabaseManager(env).get_connection()
  File "/usr/lib/python2.7/dist-packages/trac/db/api.py", line 152, in get_connection
    return self._cnx_pool.get_cnx(self.timeout or None)
  File "/usr/lib/python2.7/dist-packages/trac/db/pool.py", line 226, in get_cnx
    return _backend.get_cnx(self._connector, self._kwargs, timeout)
  File "/usr/lib/python2.7/dist-packages/trac/db/pool.py", line 146, in get_cnx
    raise TimeoutError(errmsg)
TimeoutError: Unable to get database connection within 0 seconds. (TracError(<babel.support.LazyProxy object at 0x22e47d0>,))

If you need more information, please go to http://trac.edgewall.org.

Wednesday, 17 August 2011

Bicycle new fan back (white) Limited edition playing cards deck

       This is the new member of my card pack collection. It is Bicycle fan back limited edition white deck, gold sealed, by Zenneth Kok. These are really rare, as there are less than 1000 copies that have been produced, and I have got one of them. The new fan back black and white decks will be officially released in September. There are only 5000 copies of black decks that have been produced.

      I bought my deck from Zenneth and there were very limited quantity of both type of decks available. You have to buy at least one of his Metal Jackets along with the decks as it is not available to buy on its own.  Personally I do not think they are still available to buy from Zenneth as he only had a limited amount of stock.You get two gaff cards with the deck, they are a double backer and a 0 heart card.

    I am not going to open this deck and I am just going add this to my collection. Collecting card decks is what I do apart from being a computer scientist. I enjoy the art in the cards and I enjoy doing flourishes.

 I hope you enjoyed the pictures.


Saturday, 2 July 2011

Set up Alpine to work with Gmail

To set up Alpine with Gmail, You have you to have Alpine installed on your computer. To set up Gmail, click here to go to my previous blog post which explains how to install it.

If you have got Alpine installed then, next

To receive emails from your gmail account:

Go to the Main Menu >> Setup >> collectionLists >> Add.

Nickname  : [Your Nickname]
Server        : imap.gmail.com/ssl/user=username@gmail.com
Path           :
View         :

Save your settings

You can add as many accounts you want if you press E and exit, then do the same.

Then you need to change few settings on it.

On Main menu > Set up > Config, find the "Advanced user preferences", Then mark "Save will not delete"

Then scroll down and find Pruning Rule and select "don't rename, don't delete"

To send emails using your gmail account :

Go to Main menu >> Rules and then Add a new rule.

    Add a Nickname
    In the Current Folder Type section, Select "Specific"
    Then select "Folder List" and press "T" and select the specific account folder(Inbox)
    Scroll down and find the section where it says "Action Begin here"
    Insert (Add) your email address to "Set Form" field
    Then to the "use SMTP" server section Add "smtp.gmail.com/tls/user="   (Without the quotes)
    Next Scroll down and find the "Compose Use" value and then select "With Confirmation"
    Then Exit
    You need to Add  a new rule per each account

Now you are ready to go!

Tuesday, 28 June 2011

Read/Receive and Send emails on the linux command line - Alpine/pine

I like to use my command line to do most of the work rather than using GUIs. So I wanted to be able read and send emails using the linux command line. After done much research I have found this free application called "Alpine" developed at the University Of Washington, which the earlier versions of it was called "Pine".

To download you can go to the official website by clicking the the URL below

or if you are a Debian/Ubuntu user you can simply type in the command below

sudo apt-get install alpine

Currently I am using Alpine with my gmail account. I may be do a post about how to configure gmail on Alpine


Monday, 27 June 2011

Secure your Gmail/Google Account

      Are you confidant that your email account is secure anymore? You can never make anything 100% secure but, there are things you can do to make it more secure than it is.

     Gmail has introduced 2-step verification which protects your gmail account little bit more. I recommend that everyone who read this blog, should enable the feature.

To enable: Go to your Google account page and then click on the
                  "Using 2-step verification" And then follow the instructions

Make sure you read the instructions carefully and print out or keep the verification codes safely, which you will need to log in to your account when you haven't got your phone to get a verification code. Never loose them.

The other thing you could do to protect your Gmail account is that to always use HTTPS. To enable this feature.

Log in to your gmail account
Click on the Options symbol
Click on the General tab
Then click on the radio button which says "always use https", under "Browser Connection"
Save Changes

Surf Save!

Thursday, 23 June 2011

Start Dradis in BackTrack 5

Back Track 5 comes with Dradis pre loaded already
But you might not be familiar with the way you start Dradis in BackTrack 5
To start Dradis:

Go to the dradis/server directory 

root@bt:~# cd /pentest/misc/dradis/server

Then run start.sh script in the dradis directory 

root@bt:/pentest/misc/dradis/server# /pentest/misc/dradis/start.sh

No Active Driver when you type in db_driver or db_connect?

Do you get the following error message when you type in db_driver on Metasploit console on BlackTrack5?

[*] No Active Driver
[*]        Available:

[*]     DB Support: Enable the mysql driver with the following command:
[*]                 $ gem install mysql
[*]     This gem requires mysqlclient headers, which can be installed on Ubuntu with:
[*]                 $ sudo apt-get install libmysqlclient-dev

[*]     DB Support: Enable the postgresql driver with the following command:
[*]                   * This requires libpq-dev and a build environment
[*]                 $ gem install postgres
[*]                 $ gem install pg # is an alternative that may work

msf >

And you have tried installing mysql driver but didn't solve the problem ?

This happens because when you start msfconsole by /pentest/exploits/framework3/msfconsole, it does not set the environment variables properly

So all you have to do is, start msfconsole using BT5 menu or by using /usr/local/bin/msfconsole

Thursday, 14 April 2011

The "Anonymous" threats continues against Sony (Update)

The old story Is that Sony has filed a restraining order early this year, against George Hotz A.K.A GeoHot as he has violated copyrights by jail breaking the Sony's play station 3 which allowed him to install custom software on it. Now an independent organisation called 'Anonymous' has threatened Sony by putting up a video on youtube stating their demands (See below). Then this group began to take down Sony website including the Sony main website with DOS (Denial Of Service) attacks. They call this Anti-Sony operation the "Operation Payback".

Sony has demanded popular social media networks such as Youtube and Facebook, to hand over the IP addresses of people who has viewd GeoHot's videos.

Their argument was that you should be able to do what ever you want with the product you bought with your own money. More future, they ask, if its legal to jail break your phones and install unsigned software applications, why not jail break PS3?

In the last video they ask the public to return Sony products if you have bought any and support by join their force, by organising protests against Sony. Anonymous claims

"GeoHot has taken a settlement with sony. The case has been dropped. In the eyes of the law, the case is closed, for anonymous it is just beginning."

Is this just a start of a massive catastrophic cyber war? would it cause many other war's to start?

Wednesday, 13 April 2011

Problem With psexec (Solution)

I do my pentests on a Windows XP sp3 box and I had this problem, that I could not get psexec to work as I kept getting this error message.

[*] Started reverse handler on :4444
[*] Connecting to the server...
[*] Authenticating to :445|WORKGRO[*] Started reverse handler on
[*] Connecting to the server...
[*] Authenticating to :445|WORKGROUP as user ''...

[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.

[*] Exploit completed, but no session was created.UP as user ''...

[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.

[*] Exploit completed, but no session was created.

That was because if your Windows XP Professional based computer is not in a domain, by default all users trying to log in to it over the network, are forced to use the Gust Account. To find out more information go to http://www.windowsnetworking.com/articles_tutorials/wxpsimsh.html

So the solution is to

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
And change the ForceGuest value to 0


Tuesday, 12 April 2011

Text Encryption Application

Under the Computer Security module we did one last assignment at the end of the term, the assignment was to implement the substitute cypher and demonstrate how it can be broken by using Frequency Analysis. So I have written a code to encrypt some text using a key, which the user inputs to the application (Which the application assumes that the key is unique), and to Break the encryption using frequency analysis, using Java. It was required to leave the spaces and non alphabetic characters, and maintain the cases in the cipher text (which makes the cypher text weaker).

I have added another extra feature for the cipher breaking code called The "Advanced Frequency Analysis". Which means that, In frequency analysis it just analyses the frequencies of single characters. But if you turn on this feature if will analyse two and three character combinations as well as single characters, which makes the code breaker more strong.

You will probably wonder that why would I want to add extra code to make the encryption weak. As an example this program passes spaces, non alphabetical characters through to the cipher text. It is because that they are requirements of the assignments so students can write about it on the report and give explanations about how to make it more stronger.

Find the screen shots and examples of the program below.


Plain Text:

Data centres use vast amounts of electricity to run their computer equipment and also to keep it cool.

Environmental group Greenpeace has estimated that their total global energy use will have reached 2 trillion kw/h by 2020.



Cipher Text:

Hjtj koetfor gro bjrt jwdgetr dl osoktfakaty td fge tqoaf kdwcgtof ovgacwoet jei jsrd td xooc at kdds.

Yebafdewoetjs pfdgc Jfooecojko qjr ortawjtoi tqjt tqoaf tdtjs psdmjs oeofpy gro nass qjbo fojkqoi 2 tfassade xn/q my 2020.


Advanced Frequency Analysis = off

Decrypted plain text:

Kata lestier dre wart amodstr oq eheltinlntg to ids tueni lomc1dtei ezdnc1mest asf ahro to veec1 nt looh. Jswniosmestah yiodc1 Xieesc1eale uar ertnmatef tuat tueni totah yhopah eseiyg dre bnhh uawe iealuef 2 tinhhnos vb/u pg 2020.

Advanced Frequency Analysis = on

Decrypted plain text:

Kata lestier the wart amodstr in eheltinlntg of for tueni lomc1dtei ezdnc1mest and ahro of veec1 to looh. Jswniosmestah yiodc1 Xieesc1eale his ertnmatef tuat tueni totah yhopah eseiyg the bnhh uawe iealuef 2 tinhhnos vb/u it 2020.

My Example is just a simple demonstration. As you can see its hard to analyse and decrypt just by using an application/ Algorithm, without having any human help. But This algorithm works better as the plain text gets larger, as it gets more data to analyse so the accuracy of the analysis gets better.

Monday, 11 April 2011

My Tetris

'Tetris' is one of the most popular games of all time. For the last project of Application Programming module at the university, I got to develop this small Tetris game applet. As you can see its very basic and simple as I added more than requirements of the assignment, to the application itself. It would have had more functionalities but I moved on from it to the next assignment so I can finish my assignments and get it everything done way before the deadline. I will add more features to it if I get much time in the future, even though I tried ones and then I got busy with something else and then moved on.

To control the blocks You can use either keyboard or mouse or both.


Mouse Controls:

Right-Mouse Button- Move right
Left-Mouse Button - Move Left

Key Board Controls:

Right Arrow key- Move Right
Left Arrow key - Move Left
'R' key - Rotate

If I develop it more further I will definitely post it on here. Like I have said it earlier its a very simple version of Tetris. But it plays according do all Tetris rules.