Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Sud0x3

  1. This may be of interest, https://github.com/pantsbuild/pex
  2. Glad i could help, some google fu and a little tinkering with the api docs. I did not find any reference to this data source in the docs though, found someone asking on stackoverflow about user rss feed and i figured it out from there.
  3. I was just watching hak5 when they announced that Threatwire was back and i too went hunting for a feed, i came across your post so i thought i would let you know what i found. All videos via `channel_id` https://www.youtube.com/feeds/videos.xml?channel_id=UC3s0BtrBJpwNDaflRSoiieQ All videos via `user` https://www.youtube.com/feeds/videos.xml?user=hak5darren Threatwire playlist via `playlist_id` https://www.youtube.com/feeds/videos.xml?playlist_id=PLW5y1tjAOzI0Sx4UU2fncEwQ9BQLr5Vlu
  4. Im interested to see what you found on this device. Was the number printed on the card associated with an of your friends personal accounts. I have heard of people leaving malicious usb devices in public places but this is taking it to a new level, more likely to be used in targeted attacks i would have though. Once you have done your investigation would be cool to see what is inside the card.
  5. I was under the impression that U3 drives virtually mounted an iso as a disc on windows. as windows used to inherently run the autorun.inf file from a cd when inserted you could configure autrun.inf to run any script application when you inserted the drive. Was great for stealing data as you still had the usb storage available to you on the u3 drive. I don't see how having u3 would benefit you now though. Thinking about implementing your own ducky script alternative you may want to get yourself a teensy from pjrc.com. If you decide to go down this route you may want to look at Adrian Crenshaw's project http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle, he also created his own library called PHUKD which you could learn a lot from.
  6. I like the idea of making this yourself, if you want people to contribute you may get a better response if you make the code your working on open source. The problem i find with current key recovery is thier documentation of supported apps.
  7. Would I be right in saying this infusion will basically try to crack all available wireless networks? I have found that WPS attacks are becoming less prevalent every day now. Even the default ISP routers have rate limiting and lockout periods now. Maybe some kind of phishing attack using karma would yield better results than wps bruteforcing.
  8. I would also suggest linux mint 13 as a good distrobution for starting out in linux. Its very stable and has a familiar interface if your coming from windows.
  9. If you cant achieve this then you have a long way to go and i am assuming no one here is going to do this for you. I will however give you a little information, You need a copy of the login page and a scipt that will take the data entered into user name and password fields and save or send it somewhere. More complex scripts are sometimes able to take the information and log the user into the target site, To use this attack on someone with any knowledge of computing whatsoever you will need to employ attacks like dns spoofing. @loozr you do not require any of the scripts hosted on the target site, you simply need a site that looks like the target.
  10. Really is pointless buying one of these but they are available all over, use google! http://www.cantenna.com/ As for getting long range with the Reaver Pro or Alfa One, they are bot the same device and has an rp-sma connector if you again google "rp-sma yaagi" or directional antenna rp-sma
  11. If your good enough you should be able to determine what anti virus is installed on a machine :) regardless i dont think you get my point, virus total use submitted information to improve anti virus solutions. There are other online malware scanners that do not share thier infomation with anyone. You should really check one of those out for the future. Here is an extract taken from virustotal.com When you submit a file to VirusTotal for scanning, we may store it and share it with the anti-malware and security industry (normally the companies that participate in VirusTotal receive files containing virus samples that their engines do not detect and are catalogued as malware by at least one other engine). The samples can be analysed by automatic tools and security analysts to detect malicious code and to improve antivirus engines.
  12. Google is your friend, "UG802 root" --> http://liliputing.com/2012/09/rooting-the-ug802-android-mini-pc-installing-custom-recovery.html Third search result o Google full guide to rooting your device, wasn't hard to find :)
  13. Could it have been https://code.google.com/p/wifite/, I thinks its included in BT5r3
  14. Heres some reading material to get you started :) http://schierlm.users.sourceforge.net/avevasion.html http://adaywithtape.blogspot.nl/2010/05/creating-backdoored-exe-with-metasploit.html
  15. Why would you run it through virus total? Pick the target anti virus, install it in a virtual machine with full updates, run executable This way the signatures of your executable are not sent to the anti virus companies for analysis Edit: unless you are planning something malicious like infecting hundreds of machines with a binary, this method should work fine.
  16. You will find that questions along these lines do not get answered, reason being that there are many ways to do this and it is relatively easy when you know what your doing. Il give you a hint, metasploit is capable of doing what your asking.
  17. You could set up password cracking nodes for distributed password cracking applications.
  18. Cant access either of the links provied in the first post, requested access last week but still not been granted. If this is what you call definitve im dissapointed. I realise they have probably been protected because of malicious users but why not just export a copy to pdf so we can have access.
  19. I'm also researching a possible project in face recognition using python, you might find these resources useful. http://www.cognotics.com/opencv/index.html http://www.shervinemami.co.cc/faceRecognition.html http://spottedsun.com/face-detection-in-images-using-opencv-and-python/ https://github.com/wragge/Facial-detection http://blog.jozilla.net/2008/06/27/fun-with-python-opencv-and-face-detection/
  20. I bought a teensy a few weeks back and here are some of my thoughts and ideas, im going to try not to ramble on. IDEA 1: Build an executable on the victim pc Here i basically wanted to try and find a way to create, make or build! an executable from instructions sent from the device. The only way of doing this that i could think of was using the windows debug trick. So using a module from http://sqlmap.sourceforge.net/ i converted an executable into a format that windows debug can read and convert this text file into an executable again. So i had the lines of code, i needed to get them onto the pc i decided id use the teensy to write each line from the file into a new notepad doc on the victims pc and then save and do the conversion on the file. source #!/usr/bin/env python """ $Id$ dbgtool.py - Portabltest e executabltest e to ASCII debug script converter Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) Setest e thtest e filtest e 'doc/COPYING' for copying permission """ import os import sys import struct from optparstest e import OptionError from optparstest e import OptionParser def convert(inputFile): fileStat = os.stat(inputFile) fileSiztest e = fileStat.st_size if fileSiztest e > 65280: print "ERROR: thtest e provided input filtest e '%s' is too big for debug.exe" % inputFile sys.exit(1) script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_")) script += "%x\nf 0100 ffff 00\n" % fileSize scrString = "" counter = 256 counter2 = 0 fp = open(inputFile, "rb") fileContent = fp.read() for fileChar in fileContent: unsignedFileChar = struct.unpack("B", fileChar)[0] if unsignedFileChar != 0: counter2 += 1 if not scrString: scrString = "test e %0x %02x" % (counter, unsignedFileChar) else: scrString += " %02x" % unsignedFileChar elif scrString: script += "%s\n" % scrString scrString = "" counter2 = 0 counter += 1 if counter2 == 20: script += "%s\n" % scrString scrString = "" counter2 = 0 script += "w\nq\n" return script def main(inputFile, outputFile): if not os.path.isfile(inputFile): print "ERROR: thtest e provided input filtest e '%s' is not a regular file" % inputFile sys.exit(1) script = convert(inputFile) if outputFile: fpOut = open(outputFile, "w") sys.stdout = fpOut sys.stdout.write(script) sys.stdout.close() else: print script if __name__ == "__main__": usagtest e = "%s -i <input file> [-o <output file>]" % sys.argv[0] parser = OptionParser(usage=usage, version="0.1") try: parser.add_option("-i", dest="inputFile", help="Input binary file") parser.add_option("-o", dest="outputFile", help="Output debug.extest e text file") (args, _) = parser.parse_args() if not args.inputFile: parser.error("Missing thtest e input file, -h for help") except (OptionError, TypeError), e: parser.error(e) inputFiltest e = args.inputFile outputFiltest e = args.outputFile main(inputFile, outputFile) I tried using the Keyboard.print command, Keyboard.print("n WirelessKeyView_exe"); with help put together a script that would put the strings of a file and embed them between a Keyboard.print string. #!/usr/bin/python for line in open('debug.txt', 'r').readlines(): open('output.txt', 'a').write('Keyboard.print("' + line.replace('\n', '') + '");\n') r cx bc00 f 0100 ffff 00 e 100 4d 5a 90 e 104 03 e 108 04 e 10c ff ff e 110 b8 e 118 40 e 13c e0 e 140 0e 1f ba 0e e 145 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 e 159 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 e 16d 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 e 180 12 f2 d9 dc 56 93 b7 8f 56 93 b7 8f 56 93 b7 8f ac b0 f7 8f Keyboard.print("r cx"); Keyboard.print("bc00"); Keyboard.print("f 0100 ffff 00"); Keyboard.print("e 100 4d 5a 90"); Keyboard.print("e 104 03"); Keyboard.print("e 108 04"); Keyboard.print("e 10c ff ff"); Keyboard.print("e 110 b8"); Keyboard.print("e 118 40"); Keyboard.print("e 13c e0"); Keyboard.print("e 140 0e 1f ba 0e"); Keyboard.print("e 145 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61"); Keyboard.print("e 159 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44"); after getting this far i tried to compile the project and it seems to be too many lines of code for the teensy to handle on the software, il be honest i dont have a clue. here is the error i got in compiling IDEA 2: Some ideas for scripts Off my head not all may be viable or sane! + enter bios, run through key combinations to put the PC into the bios configurstion + Bypass Screensaver, again run through key combinations to bypass the screensaver + enumeration, script to do enumeration through the command line using only the pcs programs. teensy would generate a batch file though the same methods discussed above when i converted a file to a readable format for the teensy to use. + Payload switcher on an lcd screen + more to come...
  21. So you have the following setup Internet. <---> Router <---> PC / Host OS <---> VMWARE / Cent OS Are you having issues with accessing the webpage / server locally as well as externally. E.g. via the net If its just problems accessing the site from the internet then id say its your router. However if your having issues accessing the site / server locally as in the host os to vm then there is probably a misconfiguration in the server or the bridging of networks. Have you checked the server logs?
  22. Just read the whole thread and found myself intruiged by this project and I've got some suggestions. My understanding of this project is that the ape toolkit would be used in circumstances where you have brief access to a terminal and you need to quickly plant backdoors, gather information and get out of there unharmed. (I don't condone any illegal activity) Ideas and Sugesstions 1. Run FTP server on a different port, 21 tends to stand out a little. 2. Extract Registry/Copy Registry: usefull for extracting passwords, configurations, installed apps and versions, ect. 3. Copy/Grab firefox, chrome and other sensitive application directories, can be later used to extract passwords. 4. Vnc Payload does not set password correctly in the registry so when you try and connect password policy won't allow it. 5. Automatic nmap scan and dump to txt 6. Enumerate shares and dump info to txt I read that you were thinking of including konboot, memimg, backtrack into this project.
  23. I had a little trouble with them a while back using rcrack so I used cain and abel, imported the tables and it worked. Try sorting the tables maybe.
  24. I've never seen wifi cams being used in permenant locations, usually just used for short term basis. Even if they had cloaked the ssid or obfuscated it by naming it bobs-wifi, you could still brute the ssid and if the wpa key is not well thought through it wouldn't take long till your in. However these cams do have their own ip and web inteface which are password protected, in your case maybe not!
  25. FYou would be much better off putting the apps on a usb stick. As to making applications portable all depends on the application, vmware has a great tool for making apps portable that require registry entries and dependencies. I used to use a small utility called pstart for organising my usb apps so you may want to look into that.
  • Create New...