Getting Physical..



Hackers aren’t exactly known for there physical ability or fortitude. But in recent years a number of hacker types have started doing some pretty impressive, dare I say athletic achievements. Bruce Potter and the Cycle Override teams are about to kick off a a mega ride across the country. While I used to ride my bicycle a lot I can’t say I’m up for a ride of that length. Instead I did the Goruck Challenge, right here in Burlington Vt with a bunch of folks. 4 of them were from the local Crossfit box.

It was epic to say the least.

There is often a perception that hackers fit into a certain stereotype…it’s changing, just you watch.


Champlain Maker Faire Wrap Up!

The Laboratory B crew had a great time at Champlain Valley Maker Faire. It was a gleeful marathon of teaching kids & adults to solder using the Sparkfun kits. Labortory B would like to thank in short order.

To all the folks that stopped by the soldering station and wanted to come by the Lab; Open hours are 5:00 pm to 8 pm Tuesday and Thursday. Email [email protected] or call us at 802.540.2524. We would love to meet with you where it is warm & dry.

Finally: It’s the first of the month, so that means it’s 2600 time on Friday! Meeting will be at the usual place the Game Lounge at 178 Main Street in Burlington Vermont from 5-8. It’s on the third floor, so just keep going up. There will be signs to point the way.

Free Press Covers Art Hop & Lab B

Here is what The Burlington Free Press has to say about Laboratory B

From the iPad to the printed page

Funkiness gives way to what might well be a scene from a Frankenstein movie at Laboratory B, where Alec Brecher and about a dozen others tinker with computer security information research. The location, which has been dubbed a “secure bunker,” is inside in the freezer at the back of the old Hood Plant on south Winooski Avenue.

“It’s windowless and airless,” he said, “but no longer freezing.”

Members of the non-profit are hackers generally devoted to computerprogramming. At the Hop, their project is called “Who’s Got your Digital Booty?” According to Brecher, this means “an ad hoc collaboration that will reflect the trail of information leakage.”

In layman’s terms, he said, “visitors who bring their devices can opt into being hacked. We’ll encourage them to send Tweets or email messages. There’ll be network snooping tools, so they can visualize whatever communication is coming across.”

In techno-challenged language, maybe the Frankenstein monster of the 21st century looks like code instead of a lurching giant with plugs coming out of his neck.

 Full Article Here

Labortory B gets a write up in Vermont Art Zine..

The Laboratory B crew had a great time Friday and Saturday night at Art Hop. We didn’t really get to leave our show to see all the awesome stuff other people were doing, but playing host is always fun. Bunches of new and old friends dropped by to play with a variety of the pieces we showed. We event got a write up in Vermont Art Zin

…”One of my favorite stops was Laboratory B, a self-described “hacker space” set up at 187 South Winooski. Jesse Krembs who showed us the work on display, says that Laboratory B is a group of tech-interested people who get together on Tuesdays and Thursdays from 5-8. Most of them have related day jobs (he said he’s at Fairpoint Communications), but they’re all interested in privacy issues and the interesting things that can be made with imagination, microcontrollers, and apps. He said Laboratory B is “not a straight-up art group, but hacking can sometimes look like art.” For example, a piece called Walk Don’t Walk picks up information from cards on your person that aren’t shielded and changes the walk signal. Another piece used “throwies” (a LED light and magnet packet), a metal sheet, and an amplifier to make a species of music when the throwie “…

Read the rest here.

2600 Meeting & Lab B Hangout!

Next Friday is the first of the month. That’s this Friday. It’s 2600 time! Meeting will be at the usual place the Game Lounge at 178 Main Street in Burlington Vermont from 5-8. It’s on the third floor, so just keep going up. There will be signs to point the way.

Afterwards we will probably head over to Laboratory B our new hacker space just  1.5 blocks away for further hijinks! We’ve made a lot of improvements since we moved in 2 weeks ago!

5-8 is prime dinner time, Pizza can be grabbed from downstairs
It’s also free bus ride day too!

Laboratory B ReLaunch!

It's an empty room...but it's our empty room!

We’re back! Lab B is back in physical space! At the Hood Plant in downtown Burlington. The new bunker of research and education is roughly ~550 Sq ft of tech adventure time!

We’re planning and plotting a ton of great things to kick off our new space! What you might ask?!

Classes: Learn to solider! Assemble some electronics kits! Code up some software!
Showings: We’re going to be doing two types of awesome showings!  One being documentaries of the nerdy type and two being the fun of a hacker con with out the travel and expense!
Open Nights: Wondering what this is all about..well come to one of our open nights in which hack stuff! woot!

We still have to do some cleanup and of course move in! Stay Tuned!


A little trick to extract stored FTP details – DigiNinja

A little trick to extract stored FTP details – DigiNinja.

You are on a test and pop a box which has an FTP client on it. On investigation you find it has credentials stored but the boxes they are for aren’t in scope. Knowing the passwords could be reused on other boxes that are in scope you really want to collect them.

You could try grabbing the credentials file and trying to crack it but this might be an easier way…

Set up an FTP server on your machine then modify the hosts file on your popped box to point all the hosts with credentials to your machine. Then start a TCP sniffer on your machine and ask the client to connect.

The client will find the server and send the credentials which you can simply pull out of the packet capture.

This will also work with other plain text protocols such as HTTP basic auth and POP3 as long as you can get your own “fake” server to respond with enough initial info to trigger the details to be sent.

That is a cute little trick isn’t it!