Welcome to my personal space on the Web

Last updated: May 13, 2014 at 06:15 GMT Created: Exactly 2 years ago

IMAGE: Welcome to my personal space on the Web
Come, step over the threshold; welcome to my humble home!

Greetings, fellow mortal in the universe! Welcome to my personal space on Mr. Tim's World Wide Web. This website is several things, but in short, it's a personal homepage; so expect to find many of the things you would find on other personal homepages. It serves as an outlet for me to express ideas and attempt to communicate with others. Such ideas may be intended to inform, educate, inspire debate, or merely to intrigue. The contents vary from thoughts of an African programmer to just about anything. It is not always straight and engrossing. It is not always about programming or even computers. However, there is constantly enough variation to keep it going.

My goal is not to present an artistic HTML7 website or to force your web browser to execute some arbitrary JavaScript code I copied from somebody's website to beautify stuff. Rather, the interface of this site is meant to be a flexible one for conveying content. My favorite sites—the ones that draw me back and make me think—are those that are easy to navigate, work without JavaScript, and are full of content. So for this site, I have decided to worry less about presentation, and concern myself more with what I am writing. The best way to browse these essays and articles is via the writings page, where they are categorized into their year of publication.

Latest essays and articles

  1. EC103: Jobs.com.gh's multiple vulnerabilities

    5 months, 2 weeks ago · May 13, 2014 at 06:15 GMT

    Jobs.com.gh is a Ghanaian job portal launched in 2013 by Ringier Ghana, a subsidiary of the Swiss multinational media enterprise Ringier AG. The website lists job vacancies on a daily basis and claims to be "Ghana's number 1 jobs portal." In this third case study of the Exploit Chronicles campaign, we are putting Jobs.com.gh on the radar. One distinguishing feature of this case study, however, is the absence of an SQL injection vulnerability. For the first time, we are exploiting a logical flaw in the design, implementation, and functioning of an application.

  2. EC102: Backdooring Bank of Ghana's website

    7 months, 1 week ago · March 21, 2014 at 20:55 GMT

    The Bank of Ghana (BoG) is the central bank of Ghana. It was formally established on 4th March, 1957, two days before the declaration of Ghana's independence. In 2012, one Romanian gray-hat hacker compromised the systems of several African banks, most of them Ghanaian, including that of SG-SSB, UT Bank, and Fidelity Bank. But it seems not every bank learned a lesson from those incidents. So in this case study of Exploit Chronicles, we are exploiting an SQL injection vulnerability in BoG's website to install a backdoor onto the web server.

  3. EC101: Trilion IT Services in the spotlight

    8 months, 2 weeks ago · February 13, 2014 at 14:33 GMT

    Trilion IT Services is a small website development and web hosting reseller company based in Ghana, situated at Community 12 in Tema. The company develops and maintains a content management system called Trilion CMS. The software has been installed for at least a dozen of its clients to manage their websites, spanning from simple company websites to complex web directories. In this case study of Exploit Chronicles, we are looking at how to exploit an SQL injection vulnerability in this web software to gain administrative privileges.

  4. [POEM] I deserve nothing!

    8 months, 2 weeks ago · February 7, 2014 at 22:39 GMT

    I was thinking this afternoon and there came to my mind my childhood days. When I would be called from among my congregated schoolmates to come forward and recite a poem written by my class teacher. But today I have grown up to become a man. My very adorable facial features have long been lost and totally forgotten. No one is extending invitations to me to recite a poem or even sing a song anymore. So what would I do then? I picked up a pen and began writing a poem, about someone I hardly know, which I am presenting in this piece.

  5. Introducing the Exploit Chronicles campaign

    9 months, 2 weeks ago · January 10, 2014 at 02:26 GMT

    Exploit Chronicles is the name of a campaign that I'm about to start to expose bad code (and for that matter bad software) that I managed to put up with in the past year - 2013. Over the last couple of months, I have been bitterly amazed at how some so-called Ghanaian programmers write software, especially with applications that are exposed to the Internet. Nowadays, it seems one only needs to know how to install Wordpress on a web server to call himself a "software engineer." But does good enough code even make good enough software?

For geeks—technical talk

Just in case you are the kind who care about such things, the underlying software of this web server is a hacked version of Apache. It is installed with a PHP CGI engine and configured to use MySQL as the back-end DBMS. The overall architectural design is flat—all pages are simply posts. These are written in a special markup language which outputs highly optimized and cacheable HTML, and even binary data like images! I reinvented the wheel because all the already-made solutions were too bulky for my simple needs. In reality, this whole website runs from a single PHP script, has no client-side dependencies, and does not leave any chocolate chip cookies on your device!

# Server information
CPU Family: x86_64
Software: Linux/2.6.32 PHP/5.4.33
Uptime: 28 days, 14 hours, 52 minutes, 44 seconds
Memory Usage: 768 KiB

# TCP connection info
Server IP:
Server Port: 80
Client IP:
Client Port: 34536

# HTTP request headers
GET / HTTP/1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: x-gzip, gzip, deflate
Accept-Language: en-us,en-gb,en;q=0.7,*;q=0.3
Host: www.kwayisi.org
User-Agent: CCBot/2.0 (http://commoncrawl.org/faq/)

DISCLAIMER: The opinions expressed on this website (that is, those that originate with me) are my own; they do not represent the plans, thoughts, or strategies of my employer, family, friends, religion, or even that my beautiful future wife. Likewise, the opinions expressed in public comments on some parts of this site are those of their respective authors and do not reflect my point of view on the matter. The world already has enough of its conspiracy theories, don't you think? Meh.

More: Related content

  1. IMGMyself: Almost everything about me

    Who be I? I be stompin' yo ass if you ask me that again!
  2. IMGWritings: My musings, essays, and articles

    A generic log of written works on just about anything
  3. IMGProjects: Shareable things that I've made

    May you share freely, never taking more than you give
Copyright © 2014 Michael Kwayisi