tag:blogger.com,1999:blog-57213229620394475192024-03-14T08:16:24.028-07:00Before I Forget Securitychao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-5721322962039447519.post-59449528626000668332011-10-13T07:51:00.000-07:002011-10-13T07:51:54.491-07:00Scanning for bypassable reverse proxiesContext recently wrote an interesting <a href="http://www.contextis.com/research/blog/reverseproxybypass/">article</a> on a new technique to bypass reverse proxies. I, of course, got right to work on writing a Metasploit scanner module to check for vulnerable servers. This is a quick log dump of using that module.<br />
<br />
<pre>chao@blog:/opt/framework3$ ./msfconsole -L
...
msf > use auxiliary/scanner/http/rewrite_proxy_bypass
msf auxiliary(rewrite_proxy_bypass) > info
Name: Reverse Proxy Bypass Scanner
Module: auxiliary/scanner/http/rewrite_proxy_bypass
Version: 13886
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
chao-mu
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
BASELINE_URI / yes Requested to establish that EXPECTED_RESPONSE is not the usual response
ESCAPE_SEQUENCE @ yes Character(s) that terminate the rewrite rule
EXPECTED_RESPONSE 502 yes Status code that indicates vulnerability
INJECTED_URI ... yes String injected after escape sequence
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
Description:
Scan for poorly configured reverse proxy servers. By default, this
module attempts to force the server to make a request with an
invalid domain name. Then, if the bypass is successful, the server
will look it up and of course fail, then responding with a status
code 502. A baseline status code is always established and if that
baseline matches your test status code, the injection attempt does
not occur. "set VERBOSE true" if you are paranoid and want to catch
potential false negatives. Works best against Apache and mod_rewrite
References:
http://www.contextis.com/research/blog/reverseproxybypass/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3368
msf auxiliary(rewrite_proxy_bypass) > set rhosts 10.0.0.1
rhosts => 10.0.0.1
msf auxiliary(rewrite_proxy_bypass) > exploit
[+] 10.0.0.1:80 is vulnerable!
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(rewrite_proxy_bypass) > set verbose true
verbose => true
msf auxiliary(rewrite_proxy_bypass) > exploit
[*] 10.0.0.1 took 0.0856 seconds to respond to URI /
[*] 10.0.0.1 responded with status code 302 to URI /
[*] 10.0.0.1 took 0.056552 seconds to respond to URI @...
[*] 10.0.0.1 responded with status code 502 to URI @...
[+] 10.0.0.1:80 is vulnerable!
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
</pre>chao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com6tag:blogger.com,1999:blog-5721322962039447519.post-68551473531357136642011-07-14T17:25:00.000-07:002011-07-14T17:25:43.522-07:00Release notes for revision 13181."Committed revision 13181...."<br />
<br />
Improvements to testing <br />
<ul><li>Railgun::UnitTest now has tests for .const, .method_missing, .get_dll, in addition to the new known_dll_names</li>
<li>ApiConstants::UnitTest now has a test for the new get_manager function</li>
<li>DLLHelper::UnitTest is now ruby 1.8.6 compatible</li>
<li>DLL::UnitTest became cleaner after adjusting for the changes to DLL</li>
<li>DLLWrapper::UnitTest was added to test the newly added class DLLWrapper.</li>
<li>railgun.rb.ts.rb contains tests that should have but weren't added</li>
</ul>Performance Tweaks <ul><li>DLLs with definition classes (railgun/def/Def_*) are loaded once and shared across instances (railgun.add_function makes a local copy so you can still thread-safely make changes to just that instance)</li>
<li>No calculations are performed when the railgun instance initializes. All loading is done lazily.</li>
</ul>Changes that affect you <ul><li>Support for dlls with a corresponding Def_ class is added by adding the DLL's name to BUILTIN_DLLS instead of editing code in get_dll</li>
<li>Def classes load dlls by creating them explicitly (as in DLL.new) and then adding functions directly instead of going through the railgun instance like before. </li>
<li>Def classes now have the ability to control what WinConstManager a given DLL will contain. Will be important later.</li>
<li>Documentation scattered throughout railgun.rb</li>
<li>Styling in railgun.rb was redone to match my target style for railgun</li>
<li>Removed some code silliness from various places</li>
</ul>Neat! <ul><li>ApiConstants now has a class-scoped WinConstManager that is accessible through ApiConstants.get_manager and is lazily loaded. </li>
<li>Added method to display the names of dlls available to be loaded. (This was needed in areas that wanted to show what was available, but instead only showed what had been loaded so far)</li>
<li>method_missing now returns a wrapper class that acts as an interface to the underlying Railgun::DLL instance. This helped remove Railgun::DLL's dependence on Client</li>
</ul>chao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com0tag:blogger.com,1999:blog-5721322962039447519.post-4783437641073247542011-07-14T17:22:00.000-07:002011-07-14T17:22:36.343-07:00New way to add DLLs to railgunIf you are reading this, I probably submitted to the Metasploit repository directly for the first time! That's right, I have commit rights now. My first round of changes closed bug #3073 "Railgun DLL cache/definition loader needs a rewrite." This lead me to rewrite large chunks of code including how DLLs are defined and handled behind the scenes. This tutorial is a complement to those changes.<br />
<br />
And here we go.<br />
<br />
If the DLL you want to access is shipped with Windows and its API remains somewhat consistent, then you should NEVER load the DLL/Functions on the fly. Instead, benefit everyone and expand Railgun itself by adding support at a framework-level. This practice leads to better performance (the DLLs/Functions will be cached), cleaner code (the definitions will have their own place), and greater accessibility (the DLLs will be accessible wherever you can type client.railgun). In this blog post, I will show you how.<br />
<br />
In our example we will be adding support for the DLL ws2_32.<br />
<br />
1. Create a file to contain your definition class<br />
<br />
DLL definition classes can be found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def. The file name should be "def_" followed by your DLL's name. In our example, our file would be lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb<br />
<br />
2. Declare the definition class<br />
<br />
The class name should start with Def_ followed by your DLL name (case sensitive, underscores). In our case we would end up with thhe following code:<br />
<blockquote>module Rex<br />
module Post<br />
module Meterpreter<br />
module Extensions<br />
module Stdapi<br />
module Railgun<br />
module Def<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>class Def_ws2_32<br />
end; end; end; end; end; end; end</blockquote>3. Add the create_dll method<br />
<br />
The create_dll class method is responsible for returning a fully functional DLL. Within it, we will have the oppertunity to specify the DLL's path, what constants should be defined, and what functions will be available.<br />
<br />
3.1 declare the method<br />
<blockquote>def self.create_dll(dll_path = 'ws2_32')<br />
end</blockquote>3.2 Instantiate the DLL<br />
<blockquote>dll = DLL.new(dll_path, ApiConstants.manager)</blockquote>3.3 Add some functions<br />
<blockquote>dll.add_function('WSACleanup', 'DWORD',[])</blockquote>3.5 Love it!<br />
<blockquote>def self.create_dll(dll_path = 'ws2_32')<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>dll = DLL.new(dll_path, ApiConstants.manager)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>dll.add_function('WSACleanup', 'DWORD',[])<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>return dll<br />
end</blockquote>4. Make the DLL available<br />
<br />
Making the DLL available to be used (client.railgun.my_dll_name) is straightforward. Open railgun.rb and add the name of your dll to BUILTIN_DLLS. Be sure to read the comment.<br />
<br />
5. Enjoy!<br />
<br />
Yep, that was it.chao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com1tag:blogger.com,1999:blog-5721322962039447519.post-44928877659691479542011-07-11T13:07:00.000-07:002013-10-12T18:20:26.884-07:00Urban Dictionary Wordlist<b><br /></b>
<b>EDIT: Unfortunately my VPS went down and took with it the list. If you have a backup PLEASE let me know. </b><br />
<br />
Hello all!<br />
<br />
I have built a wordlist that includes all terms defined on UrbanDictionary.com. I have already tweeted a link to it and almost 1500 have downloaded so far, with the rate of downloads increasing exponentially. I am now posting about it on my blog so that I can both bring it to a wider audience and get feedback from those downloading it.<br />
<br />
Was it useful? What did you use it for? Discover anything interesting? Run some kind of statistical analyses? If used for cracking, what word mangling rules did you find useful with it? Etc? If I get enough interesting comments, I will hurry up and post some of my other lists/scripts/rules as I develop them.<br />
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<br /></div>
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
Find it here: http://cloudbitch.com/mirror/wordlists/urbandict.lst </div>
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<br />
I dedicate this wordlist to the great folks at <a href="http://hackerspaces.org/wiki/SkullSpace">SkullSpace</a> and to <a href="https://twitter.com/iagox86">iagox86</a> who is kind enough to share even coolor wordlists with us.<br />
<br />
NOTE: There may be a slight flaw in the word list. Due to a bug, perhaps two or three of the lines are garbage, consisting of half of the next line. To be honest though, this is trivial considering how big the collection is. With the possibility of that tiny exception, it should be rock solid.<br />
<br />
Happy hacking friends!</div>
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<span class="Apple-style-span" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">chao-mu@blog:~$ logout</span></div>
chao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com2tag:blogger.com,1999:blog-5721322962039447519.post-7996109285797926232011-06-04T08:52:00.000-07:002011-06-04T08:52:18.183-07:00Railgun Update: Milestone 1 Reached!This is a well overdue post and I apologise for my lateness. However, I have some cool stuff to point out on the horizon.<br />
<br />
<br />
Milestone 1, as a reminder, was to increase test coverage. Well, the ticket tracking it (https://dev.metasploit.com/redmine/issues/4015) is now officially closed. In other words, I am satisfied with railgun test coverage to an extent that I feel comfortable moving on to implementing features again. (As for that matter, I have already started to do so.) This certainly doesn't mean I wont stop writing new test cases; it just means that I wont feel like I am constantly "playing catch-up."<br />
<br />
One of the coolest new additions is "mock_magic.rb". I will dedicate the rest of this blog post to talking about it, in fact. Railgun::MockMagic is a mixin that provides mock objects and staging to help facilitate thorough (and easy) testing.<br />
<br />
Open lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb up and take a look! I would like to draw your attention particularly to the function "mock_function_descriptions". This method returns an array of hashes each representing a function. The hash contains everything needed to recreate the function and full lifecycle of it being called. This is remarkably useful when testing. It obviates the need for a living client when testing! It also provides an input and output snapshot of sorts, giving us some level of confidence that changes in how we encode/decode values is backwards compatible. Quality here, however, is dependent on quantity and diversity therein.<br />
<br />
So how are such snapshots generated and <b>how can you help</b> expand them or <b>make sure I don't break your changes</b>?<br />
<ol><li>edit lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb</li>
<li>Search for "=== START of proccess_function_call snapshot ==="</li>
<li>Uncomment from the start of the "puts" call to its end</li>
<li>Make some Railgun calls in your Metasploit post modules</li>
<li>Add the output to mock_magic.rb and/or email it to me</li>
</ol>Okay, enough of this for now.<br />
<br />
Finally, I conclude this post with a sample of some output:<br />
<blockquote><span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;"></span></span><span style="font-family: "Courier New",Courier,monospace; font-size: x-small;">chao@blog:/opt/framework3/lib/rex/post/meterpreter/extensions/stdapi/railgun$ ls *.ut.rb | while read x; do ruby $x; done<br />
Loaded suite api_constants.rb.ut<br />
Started<br />
.<br />
Finished in 0.045200 seconds.<br />
<br />
1 tests, 1 assertions, 0 failures, 0 errors, 0 skips<br />
<br />
Test run options: --seed 16551<br />
Loaded suite buffer_item.rb.ut<br />
Started<br />
.<br />
Finished in 0.000417 seconds.<br />
<br />
1 tests, 4 assertions, 0 failures, 0 errors, 0 skips<br />
<br />
Test run options: --seed 3861<br />
Loaded suite dll_function.rb.ut<br />
Started<br />
.<br />
Finished in 0.000417 seconds.<br />
<br />
1 tests, 0 assertions, 0 failures, 0 errors, 0 skips<br />
<br />
Test run options: --seed 36917<br />
Loaded suite dll_helper.rb.ut<br />
Started<br />
......<br />
Finished in 0.000889 seconds.<br />
<br />
6 tests, 15 assertions, 0 failures, 0 errors, 0 skips<br />
<br />
Test run options: --seed 56098<br />
Loaded suite dll.rb.ut<br />
Started<br />
..<br />
Finished in 0.001357 seconds.<br />
<br />
2 tests, 18 assertions, 0 failures, 0 errors, 0 skips<br />
<br />
Test run options: --seed 15811<br />
Loaded suite railgun.rb.ut<br />
Started<br />
..<br />
Finished in 0.001458 seconds.<br />
<br />
2 tests, 4 assertions, 0 failures, 0 errors, 0 skips<br />
<br />
Test run options: --seed 5062<br />
Loaded suite win_const_manager.rb.ut<br />
Started<br />
....<br />
Finished in 0.000555 seconds.<br />
<br />
4 tests, 10 assertions, 0 failures, 0 errors, Any ways, I will ping you again when I update 0 skips<br />
<br />
Test run options: --seed 5801</span></blockquote> chao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com0tag:blogger.com,1999:blog-5721322962039447519.post-52486542463052828072011-04-18T12:42:00.000-07:002011-04-18T12:42:52.073-07:00Railgun update: 1st Milestone almost reached!Hello again!<br />
<br />
A few posts back I proposed a "timeline" of sorts to organize my focus on Railgun development. The first one, logically, was to increase test coverage:<br />
<br />
<blockquote>1. Huge increase of test coverage alongside organisational changes to facilitate the effort</blockquote><br />
When I wrote the above, test coverage for railgun was zilch and the majority of classes were crammed into a single file. And now, a month later, that file has been broken up and there is test coverage for every single class that was in it! Let's show that off now:<br />
<br />
<blockquote>chao@blog:/opt/framework3/lib/rex/post/meterpreter/extensions/stdapi/railgun$ ls *.rb.ut.rb | while read test; do ruby $test; done | grep -P 'Loaded|assertions'<br />
Loaded suite api_constants.rb.ut<br />
1 tests, 1 assertions, 0 failures, 0 errors, 0 skips<br />
Loaded suite buffer_item.rb.ut<br />
1 tests, 4 assertions, 0 failures, 0 errors, 0 skips<br />
Loaded suite dll_function.rb.ut<br />
1 tests, 0 assertions, 0 failures, 0 errors, 0 skips<br />
Loaded suite dll_helper.rb.ut<br />
6 tests, 15 assertions, 0 failures, 0 errors, 0 skips<br />
Loaded suite dll.rb.ut<br />
2 tests, 18 assertions, 0 failures, 0 errors, 0 skips<br />
Loaded suite win_const_manager.rb.ut<br />
4 tests, 10 assertions, 0 failures, 0 errors, 0 skips<br />
</blockquote><br />
Sexy? I think so. That's a total of 48 assertions testing 15 ruby methods in order to supply coverage for 6 out of 8 core Railgun classes. /me takes a bow <br />
<br />
Okay, enough of me bragging.<br />
<br />
So why did I say "almost reached"? Because no one has applied my latest submitted patch yet! Also, I anticipate some tweaking after I get feedback from jcran and others (hopefully that includes you). <br />
<br />
For more details you can see the ticket I filed for this: https://dev.metasploit.com/redmine/issues/4015<br />
<br />
Stay Froody!<br />
chao-mu@blog:~$ logoutchao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com0tag:blogger.com,1999:blog-5721322962039447519.post-26153360880939228242011-03-19T16:10:00.000-07:002011-03-19T16:11:41.063-07:00Die railgun/model.rb!A super trivial update... <br />
<br />
rex/post/meterpreter/extensions/stdapi/railgun/model.rb contained about 5 different classes, linked only by the commonality that they were part of the Railgun API. Well, I just hacked it into smaller pieces! This should make finding files easier. I feel more organised already and I am celebrating by writing unit tests :-)<br />
<br />
rex/post/meterpreter/extensions/stdapi/railgun/ now contains...<br />
<br />
api_constants.rb<br />
buffer_item.rb<br />
buffer_item.rb.ut.rb<br />
dll_function.rb<br />
dll_helper.rb<br />
dll_helper.rb.ut.rb<br />
dll.rb<br />
multi_caller.rb<br />
multicall.rb<br />
railgun.rb<br />
tlv.rb<br />
util.rb<br />
win_const_manager.rb<br />
<br />
My remaining gripe is that multicall.rb is the file for MultiCaller. I would rename it, but I don't yet have a handle on its usage outside of the checked-in framework. Does anyone use it?<br />
<br />
Stay Froody!<br />
chao-mu@blog:~$ logoutchao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com6tag:blogger.com,1999:blog-5721322962039447519.post-36636279968970553442011-03-19T08:54:00.000-07:002011-03-19T15:20:45.961-07:00My Railgun RoadmapFor awhile I was hacking my ass off and being quite vocal about it (as I usually do), but then went (relatively) silent. I few disruptive events occurred at around the same time and I ended up without productive time to work on personal projects. I am starting to gain some time again, so hopefully I'll be able to pick up my pace.<br />
<br />
Briefly, here is a quick run through my current mental roadmap, summed up in 8 milestones:<br />
<br />
1. Huge increase of test coverage alongside organisational changes to facilitate the effort<br />
2. Clear out some performance bottlenecks and address a few concurrency bugs<br />
3. Introduce the new type system I have been working on. For this iteration only make available to struct reading utility<br />
4. General maintenance (bug fixes, optimisation, testing, etc.)<br />
5. Integrate the new type system into the rest of railgun<br />
6. Major documentation effort.<br />
7. Introduce code for *writing* data structures<br />
8. General maintenance<br />
<br />
I will try to post once midway through each milestone and then again after each so I can announce the changes.<br />
<br />
Obviously I am not an authority and these goals are subject to the thoughts and opinions of not only the "real" Metasploit developers, but also all of you.<br />
<br />
I would enjoy your feedback/questions so I can flush out this post...<br />
<br />
Stay Froody!<br />
chao-mu@blog:~$ logoutchao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com0tag:blogger.com,1999:blog-5721322962039447519.post-23266652080343177042011-02-16T21:00:00.000-08:002011-02-26T15:53:45.541-08:00Finding The Right Metasploit ModuleWhen trying to find or chose a Metasploit module there are 5 tricks that I use. I will briefly go over each.<br />
<br />
<b>#1 Google</b><br />
I start with the base <i>site:metasploit.com inurl:modules</i> then add search criteria or play with "inurl" to zoom in on what I am looking for (e.g. add <i>inurl:windows</i> or <i>inurl:exploits/windows/iis</i>). If you don't want to search through the source code, wiki, and tickets you can add <i>-inurl:redmine/projects</i><br />
<br />
<b>#2</b><i> </i><b>msfconsole's search command</b><br />
Type "<i>search -h</i>" next time you are sitting in front of the console. The Option searching was broken for awhile, but I submitted a patch that fixed it. It's pretty cool. Type "<i>search -o URIPATH,RPORT=8080</i>" to search for all modules that have an option "URIPATH" and that have another option RPORT that defaults to port 8080.<br />
<br />
<b>#3 aut<tab><tab></b> <br />
The auto-complete feature of msfconsole is fairly useful for listing modules. Since modules are organised in a tree like structure (at the base you have module type, then platform, then category, and only then the specific module), it is easy to narrow down the results before getting a list. And the results are paginated! Type "<i>info post/windows/gather/</i>" and then hit tab twice<br />
<br />
<b>#4 Ctrl</b><b>-r</b><br />
To do an incremental search backwards through your history, use control+r<b>. </b>This is useful when trying to cycle through past "use"ed modules (or any command for that matter!) Hold down the Ctrl key<b> </b>then hit r, type 'use', hit control+r again to go backwards through time. I am not sure if this works in Windows.<br />
<br />
<b>#5 find and/or grep</b><br />
Back in the day (and by that I mean before I wrote this blog post and got this idea) I would issue find and grep commands when a little Google magic might have done a better job. <i>site:metasploit.com inurl:redmine/projects/framework/repository/ </i>Although, if you want to use regular expressions there still is <i>grep -rP 'some regex here' modules/ --exclude-dir=.svn</i><br />
<br />
Have fun!<i> </i><br />
<br />
PS.<br />
A thank you to egypt who pointed out that I could/should use --exclude-dirchao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com2tag:blogger.com,1999:blog-5721322962039447519.post-92075089800608421252010-12-15T10:58:00.000-08:002010-12-15T10:58:55.669-08:00Leaked Gawker .bash_logout file!!!11<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8h19yqy-sdP_cb5G3EX-HONXCe3zKZXikjB81HdLd2IxiGUCMaQVy9CzpJXttjDtx8-lFaM2bwdCb9taXv8dEkpXUyAj5Lwj_FcaKW5DmoO_fZf9zWlhcsIR5qt45cnrfD9eSNfM7sJc/s1600/logout_file.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8h19yqy-sdP_cb5G3EX-HONXCe3zKZXikjB81HdLd2IxiGUCMaQVy9CzpJXttjDtx8-lFaM2bwdCb9taXv8dEkpXUyAj5Lwj_FcaKW5DmoO_fZf9zWlhcsIR5qt45cnrfD9eSNfM7sJc/s400/logout_file.png" width="400" /></a></div><br />
That'll show those commie-bastard capitalists at Gawker!chao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com1tag:blogger.com,1999:blog-5721322962039447519.post-56029699285893728592010-10-15T18:51:00.000-07:002010-10-15T19:36:32.513-07:00Hack your EardrumsI was delighted to discover that <a href="http://www.backtrack-linux.org/">BackTrack Linux</a>'s default installation of Firefox contains a bookmark to <a href="http://soma.fm/">Soma.FM</a>. If you haven't checked them out, I would suggest doing so right now. It's an independent (Internet) radio station (?) that is entirely community funded. They have a great selection of stations and are well worth the few mouse clicks it takes to tune in.<br />
<br />
At this moment I am listening to the station "<a href="http://somafm.com/popup/?cliqhop">cliqhop idm</a>" described as "Blips'n'beeps backed mostly w/beats. Intelligent Dance Music.<i>"</i><br />
<i> </i><br />
<i> </i><br />
<br />
<b>Or</b> you could always just...<br />
<br />
<i>yes > /dev/dsp</i><br />
<br />
10 points to the person who leaves a comment explaining how to pipe infinite bits of /dev/urandom to /dev/dsp!<br />
<br />
~ noise ~chao-muhttp://www.blogger.com/profile/15791296109722572012noreply@blogger.com0