Aaron's blog

How to hack your Blackboard login

By aaron.axvig, Thu, 09/13/2007 - 03:00

Here at NDSU we use the content portal known as Blackboard.  A few years back I was on my slow internet connection at home and noticed a URL full of POSTDATA in the address bar that would appear momentarily each time I logged in.  The connection was slow enough that I was able to copy and paste it into a bookmark.  Seeing as it contains fields like "&encoded_pw=XXXXXXXXX" and "&user_id=XXXXXXX" it was only natural I would try it as something to keep me from having to login manually every time.  And it works still, 2 years later.

Here's how you can hack your own Blackboard login so that you never have to type in your username and password:

  1. Download Paessler URL Recorder.
  2. It will start automatically after installation, so just put your school's Blackboard address in the address box of the program.
  3. You will see the webpage that you normally get in your browser, and just login normally.  Several links will appear in the bottom pane of URL Recorder.
  4. One of them will contain a query string that stores your login information (you have to scroll to see the entire thing).  Don't let this fall into the wrong hands because anyone who has this text can login to Blackboard as you.
  5. Right-click anywhere in that lower pane and do the "Copy All to Clipboard" option.  Open Notepad and paste it in there.  One of the lines will be something like this: https://bb.ndsu.nodak.edu/webapps/login/ action=login&remote-user=&new_loc=&auth_type=&one_time_token=&encoded_pw=XXXXXX&encoded_pw_unicode=XXXXXXXXX&user_id=XXXXXXXXX&password=&Login.x=37&Login.y=9
  6. Your link will have random letters and numbers instead of the XXXXXXX that I replaced mine with.  Also notice how there is some space between "webapps/login/" and "action=login".  Replace that space with a question mark so that it is more like this (attention to the bolded area): https://bb.ndsu.nodak.edu/webapps/login/?action=login&remote-user=&new_loc=&auth_type=&one_time_token=&encoded_pw=XXXXXX&encoded_pw_unicode=XXXXXXXXXX&user_id=XXXXXXXXX&password=&Login.x=37&Login.y=9
  7. Copy and paste that into your favorite browser and see if it logs you in automatically.  If it does, make a new bookmark and copy the long link we just made into the destination of it.
  8. Now clicking that bookmark will log you in to Blackboard from any computer.  Once again, be very careful with it, because you don't want other people logging in as you.

This is very handy for a tablet PC where you would have to key in the username and password using an onscreen keyboard.  I'm sure you can find other sites out there that this would work for too.


Windows Photo Gallery - Facebook integration

By aaron.axvig, Tue, 09/11/2007 - 03:00

As I dragged some photos out of Windows Photo Gallery into a folder so that I could upload them all to Facebook, where I then manually tagged them and added captions, I wondered why there isn't a program that could do this.  It should be possible now given Facebook's Application Platform.


  • Can upload any grouping of photos from WPG as an album to Facebook.  If more than 60 pictures are there, due to Facebook's 60/album limit, automatically break them into separate albums (Example 1, Example 2, etc.).  Also prompt for a name name of the album(s).
  • Carry tags, names, and captions over to Facebook.  For example, if I have a tag for Aaron Axvig in WPG, it should automatically tag me as in the picture on the Facebook side.  Ideally WPG would support placement of tags like Facebook does, but that might be tricky, so I'd settle for some sloppiness on the Facebook side.
  • Keep track of what's been uploaded to Facebook already, so I could potentially have it automatically keep all my photos on there.
  • Is a plugin for WPG (assuming WPG supports plugins or extensions of some form, otherwise a standalone app could work but would have to re-implement a lot of stuff that's already in WPG).


Also, how about something that adds in support for creating albums in WPG?  (Again, assuming some sort of plugin model exists.)


Hibernation trickery in Vista

By aaron.axvig, Wed, 08/29/2007 - 03:00

So I was annoyed by the blinking light that my desktop has when it's sleeping, and decided to put it into hibernation.  I was then further annoyed by the lack of a hibernation option in the Vista shutdown menu, and even more annoyed when I couldn't find a way to re-enable hibernation.  Via Google I then found several sites confirming that there is no way to enable or disable hibernation in Vista using the GUI (I think I disabled it by removing the hibernation file in Disk Cleanup).  However, it is possible to enable or disable it via the command line, and you can read about it at those sites I linked to above.

Instead of doing this though, I have found it just as convenient to use the command shutdown -h.  Just type that in the search box in the start menu and hit enter, and the computer will drop into hibernation, whether the menu option is there or not.


Exchange 2007 OWA login shortcut

By aaron.axvig, Mon, 08/27/2007 - 03:00

I had been using https://example.com/exchange to login to Outlook Web Access, but starting with Exchange 2007 this added numerous steps.  I had to accept an unsigned security certificate, fill out a pop-up login box, accept another certificate (because it transferred me to https://servername.example.com/owa), and then login to the actual application.  If you're like me and looking for a shortcut, just use https://example.com/owa.  Only one sign-in.


RAID 5 HDD benchmarck

By aaron.axvig, Sun, 08/26/2007 - 03:00

I just finished running a benchmark on the new server's RAID 5 array.  Nothing really surprising but decent performance I think.  There are 4 500GB Seagate ST3500630AS drives in a RAID 5 using the built-in NVRAID on a Asus M2N-E motherboard.  The OS is on a separate drive.


How to use MMC Administration Tools remotely (over the WAN)

By aaron.axvig, Thu, 08/23/2007 - 03:00

I know, I know, this may seem painfully obvious to some people, but it is something I hadn't thought of doing before.  Say you have a domain controller on one network, and you have your laptop on another network across the WAN.  As long as your domain controller is open to the Internet (DMZ or on a routable address or something) just set your primary DNS server to the IP address of your domain's DNS server.  I suppose your domain controller has to be on a routable address then too (meaning you can directly ping it from anywhere in the world).

Now you should be able to open up any MMC tool, like AD Users & Computers, and use it to remotely administer your domain.  It would make sense that you could even set a computer's DNS entry and even join it to a domain from a remote location.

One implication of doing this is that now all your name resolution (converting google.com into an IP address, etc.) is now relying on your DNS server staying up.  Which makes me wonder how Windows uses the secondary DNS server entry.  Does it wait for the first one to time out?  How long would it wait?


Summer in Medora - the Nitevision episode

By aaron.axvig, Wed, 08/22/2007 - 03:00

Nitevision: a name which strikes fear into the hearts of many a Medora call-center workers.

To be fair, it's not that bad of a program.  It's what Medora has used for motel reservations for many years.  Written by REMco Software out of Dickinson, ND, Nitevision is a client/server application which keeps tracks of motel reservations, who is checked in, which rooms are clean, etc.  As near as I can tell the client sends raw SQL queries to the server which then spits back some data for the client to display.  A workable strategy, I think.  However, there are some problems.

I started working in Medora's call center at the beginning of the summer of 2005, as a lowly Customer Service Representative (don't be fooled, I have really really really enjoyed all of my jobs in Medora).  I vaguely remember how the Nitevision server had to be restarted quite often because all the clients on the workstations would simply lock up.  I remember more closely how this also happened in the summer of 2006 when I was a team leader, supervisor of CRSs.  At one point I was even trained in as to how to restart the server because the IT guy wanted a day off.  I don't think I ended up having to restart it, but the Internet connection did go down at one point while he was gone, which is another story on its own (credit card processing requires an Internet connection).  Anyways, the restarts were so frequent that Nitevision got its own server so the ticketing system could stay up while it was rebooting.

Enter me (again), in the summer of 2007, as the IT assistant.  Now instead of crossing my fingers in hopes that it didn't crash, I had half of the workers asking me why Nitevision crashed on them all the time.  I didn't really know, but us two IT guys spent a lot of time thinking about it.  Many hours were spent on the phone with REMco support, and they even remoted into the server to delete some rows in a logging table that looked like they were taking a lot of space.  The problem went on though, with crashes becoming a daily occurrence, and often-times hourly during busy times of the day (early morning: lots of reservations, and mid afternoon: lots of checkins).  We poured over all the diagnostics we could find: CPU usage, RAM usage, HDD activity (which is actually difficult to monitor), network activity, and the Event Viewer.

Finally I cracked open the SQL Server logs.  I should have done this sooner, but SQL Server Management Studio wasn't installed on the server and I didn't have it on my desktop.  When I got it installed on my laptop though, I found the following error message repeated tens of times in the minutes leading up to each server crash: "This SQL Server has been optimized for 8 concurrent queries. This limit has been exceeded by xx queries and performance may be adversely affected."  xx would be a 1 or 2 for about 20 minutes (always spaced evenly exactly one minute apart) and then it would jump to 20 or 30 for the last few minutes before the crash.

Shortly thereafter we discovered that the server was running the Microsoft Data Engine, better known as MSDE, also well-known for being limited to 8 concurrent queries.  We have 10 call center computers, 6 front desk computers, call accounting, online reservations, accounting staff, and 3 group sales computers fighting for database access. REMco would not really acknowledge that this was the problem, and it's quite possible that they had no experience with this scenario, because judging by a list on their website of their customers, I suspect that we are their largest.  In the end though they did decide to help us move to a trial version of full-blown SQL Server 2000.

Migration day was quite exciting.  I arrived for work at 1:00pm to discover that they had taken down the server at 10:00am to start the migration.  And it still wasn't up.  I found a number of funny things going on:

  • They had backed up the databases and were then restoring them.  One backup was corrupted, and they were going to restore to the backup made during the night, losing an entire morning of new reservations.  So I taught the REMco tech how to detach and attach a database.

  • They were using "SQL Editor."  I had seen this tool before on the Nitevision server.  It seems like some watered down version of Management Studio.  I suspect the tool does not have functionality for attaching and detaching databases, which may be why they weren't doing that before.  I don't think it supports Windows authentication either, because they weren't able to connect to the new database engine...and that's because...

  • They installed the new engine with only Windows authentication.  Yes, the entire Nitevision program runs using SQL authentication.  SQL Editor uses SQL authentication also.  Upon pointing this out, it seemed that it wasn't merely an oversight on their part.  Rather, I think they genuinely did not know the difference between the two authentication methods.

We finally got the thing running around 3:00pm.  Since then it has only required reboots every other week as it gradually begins to more frequently freeze up for 30 seconds at a time.  End result?  Nitevision humming along acceptably, except for some annoying accessory apps running on the server that are poorly setup.  I'll elaborate on them some other time...along with several other interesting stories as I remember them.

How to to setup a server the easy way

By aaron.axvig, Tue, 08/21/2007 - 03:00

Well here we go; I'm going to detail the unpleasant experience of setting up our new server as best as I can remember it.

Problem 1:  Floppy disk with drivers needed for RAID functionality.  We actually had a floppy drive, and even a computer to connect it to, but no floppy disks could be found.  So we drove a couple miles to someone's house and found one floppy--and old Intel motherboard driver disk.  We fired up the ancient computer there, put the disk in, put the CD-ROM from Asus in the optical drive...and got stuck.  It wouldn't read the disk.  Closer examination revealed that it was actually a DVD disk, which the 5+ year old computer couldn't read.  We took the floppy home and made the disk there.

Problem 2:  Getting the computer to boot correctly.  Having not dealt with a floppy drive for several years, we were both unfamiliar with the cause of those cryptic "failure to find boot disk" messages, which were very vexing.  We initially blamed it on the RAID and how that fit into the boot order.

Problem 3:  Not having disk 2.  Server 2003 64-bit comes on two CDs.  We had 2 MSDN-iso burned disks, one labeled disk 1 and one labeled disk 2.  The second one was most certainly not disk 2.  Off to MSDN to download...and in the meantime we went ahead and installed updates and Service Pack 2.

Problem 4:  We ran disk 2, only to get a warning that Service Pack 2 had already been installed.  We proceeded on anyways.  Around this time we started getting random lockups.  Then a message popped up detailing that the RAID had entered a degraded state.  After messing around in the RAID software for a couple minutes, we decided that one of the drives was bad, and that we would have to reinstall on a RAID composed of the three remaining disks.

Problem 5:  Windows installed again, everything updated, RAID fails again.  So this time I backed up an image of everything we had setup to another computer, re-installed Windows on one of the SATA HDDs (not in a RAID) and restored from the backup.  This seemed to work alright, until we started to have a LOT of problems installing Exchange Server 2007.

So we re-installed again (fourth time if you're counting).  By now I figured that something was up and these disks weren't actually failing.  But we were also sick of the RAID idea so just installed Windows on a spare IDE HDD we had laying around.  In the meantime, we figured out that the disks probably hadn't been given adequate time to rebuild (although I'm still not sure why a new RAID with empty disks needs to be built).

This is the install we are currently running on, and it's working quite well.  After the RAID was given time to build (I went into the BIOS RAID control panel and told it to rebuild) it has been running fine.  We had quite a lot of trouble again with Exchange Server 2007, but that is another story altogether...

New axvius.com server

By aaron.axvig, Sun, 08/19/2007 - 03:00

Yep, we finally did it.  After inching along for two years on 1.0 GHz servers (one or two or three as we saw fit at the time) we have finally invested in some big iron.  $800 got us the following:

  • 2x 1GB DDR2 667MHz RAM
  • 4x 500GB Seagate 7200.10 HDDs
  • 400-watt Rosewill PSU
  • 4U Rackmount Case
  • 2.2GHz AMD Athlon 64 X2 ProcessorAsus M2N-E Motherboard

I managed to get the HDDs for $100 through some sort of error on Tigerdirect's website I think.  They had ones with 16MB cache listed there for $120 (and the same price was at Newegg), but 8MB ones for $100.  I didn't really care that much about that so I ordered them.  Then I read online that those drives aren't available with 16MB cache so I clicked on the link in the shipping confirmation e-mail they had given me and that lead me to a non-existant page.  Then 16MB cache drives showed up at the door, which made me happy.  But the HDDs still made up 1/2 of the total price.

Buying the RAM second-hand from my boss in Medora also helped stay under budget as I got it for $60.  The power supply was pretty cheap ($35) and I have some doubts about it (it's not very heavy) but it had lots of good reviews on Newegg.

I got that motherboard because it's an Asus and it has 6 SATA ports with RAID 5 support.  So the HDDs are in a RAID 5 with an end total capacity in Windows of 1.36TB.  Unfortunately due to some initial issues installing Windows I ended up not putting the OS in the 60GB partition on the RAID that I had planned.  I threw in an old 160GB drive for that, and we are now using the RAID solely for file storage.

I also threw in one out-of-budget expenditure: an 8-port gigabit switch which I picked up for ~$60.

Tomorrow I will detail all the headaches that we had installing everything.


ASP.NET/SQL Server key manager application

By aaron.axvig, Fri, 04/27/2007 - 03:00

This is a project I worked on mostly a few months ago: an application to keep track of license keys and which computers certain keys have been activated on.  It is primarily designed for internal use by an organization.  Being quite simple, it does not have a lot of features, but this also makes it easy to use I hope.  Here is a screenshot of the main page:


And then there are a couple of different screens for adding items; here is one of them:


You can view details of a key, software, computer, or installation:


Lastly, there are a few different list views for various things, like all the keys that you have for a certain software package:


A few caveats regarding the quality of the application:

  • There is no protection against dumbness.
  • No limits on data input, and database fields are varchar(max).
  • Should be relatively save against SQL injection attacks, as all data is passed as parameters to stored procedures.
  • No foreign key checking.  So if you delete a software from the database that still has keys that refer to it, bad things may happen.
  • Delete is permanent.  Be careful.
  • I'm quite sure something will be discovered to be broken for this first release.  So there is room for improvement.

Now some positives:

  • Activation is not permanent.  If you change something to not be activated, it will update the software's activation totals.  So you could use this field to track how many computers the key is used on if you really wanted to.
  • In fact nothing is permanent.  You can all of the data you have entered as you need to.
  • Clean design.
  • Database is simple if you really need to go in and edit something by hand.
  • Released under GNU General Public License.

You can get the application here.  You should have a machine with ASP (probably 2.0 is required) installed, and SQL Server (tested on SQL Server 2005).  Unzip the precompiled files into a web directory.  One file is called procedures.sql, and you must run the text of this in a SQL Server Management Studio window in order to create the 4 tables and 27 stored procedures.  Delete or move it when you are done.  Then you must modify the connection string in the web.config file to allow for a connection to your SQL Server.  While in the web.config file you can change the text that appears as the main logo (doubling as the home button) of each page.

To keep everyone on the Internet from viewing your keys, you should implement some security.  I do this by disallowing anonymous access in IIS and requiring Integrated Windows Authentication.  Then any domain users that have NTFS permissions to the files in that directory can view the keys.  Users only need read access to the directory.  In my testing the page could not be shown unless the viewer was authenticated as something, but I wouldn't rely on that keeping everyone out (I think it was the web.config authorization setting that was doing this).  Much better to set those NTFS permissions.

The lack of complete automation and difficulty of setup means that unless you have some experience with web servers, ASP, and SQL you are probably going to find it difficult to get it to work.  I plan to add more documentation and make it easier in the future.  Of course if you ask questions or leave thanks in the comments I will answer them to the best of my ability, and also be greatly encouraged to know that someone else is out there using this.  :)