Sud0x3
-
Posts
42 -
Joined
-
Last visited
Posts posted by Sud0x3
-
-
Glad i could help, some google fu and a little tinkering with the api docs.
I did not find any reference to this data source in the docs though, found someone asking on stackoverflow about user rss feed and i figured it out from there.
-
I was just watching hak5 when they announced that Threatwire was back and i too went hunting for a feed, i came across your post so i thought i would let you know what i found.
All videos via `channel_id`
https://www.youtube.com/feeds/videos.xml?channel_id=UC3s0BtrBJpwNDaflRSoiieQ
All videos via `user`
https://www.youtube.com/feeds/videos.xml?user=hak5darren
Threatwire playlist via `playlist_id`
https://www.youtube.com/feeds/videos.xml?playlist_id=PLW5y1tjAOzI0Sx4UU2fncEwQ9BQLr5Vlu
-
Im interested to see what you found on this device. Was the number printed on the card associated with an of your friends personal accounts.
I have heard of people leaving malicious usb devices in public places but this is taking it to a new level, more likely to be used in targeted attacks i would have though.
Once you have done your investigation would be cool to see what is inside the card.
-
Indeed, I agree. On the bright side, at least this "simple ducky script" lets us craft payload's easily and quickly within minutes (or perhaps even seconds). It would be great if the ducky script gave more flexibility however.
So, does U3 still work or has Microsoft disabled autorun on these U3 interfaces?
I was under the impression that U3 drives virtually mounted an iso as a disc on windows. as windows used to inherently run the autorun.inf file from a cd when inserted you could configure autrun.inf to run any script application when you inserted the drive.
Was great for stealing data as you still had the usb storage available to you on the u3 drive. I don't see how having u3 would benefit you now though.
Thinking about implementing your own ducky script alternative you may want to get yourself a teensy from pjrc.com.
If you decide to go down this route you may want to look at Adrian Crenshaw's project http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle, he also created his own library called PHUKD which you could learn a lot from.
-
I like the idea of making this yourself, if you want people to contribute you may get a better response if you make the code your working on open source. The problem i find with current key recovery is thier documentation of supported apps.
-
Would I be right in saying this infusion will basically try to crack all available wireless networks?
I have found that WPS attacks are becoming less prevalent every day now. Even the default ISP routers have rate limiting and lockout periods now.
Maybe some kind of phishing attack using karma would yield better results than wps bruteforcing.
-
I would also suggest linux mint 13 as a good distrobution for starting out in linux. Its very stable and has a familiar interface if your coming from windows.
-
If you cant achieve this then you have a long way to go and i am assuming no one here is going to do this for you.
I will however give you a little information, You need a copy of the login page and a scipt that will take the data entered into user name and password fields and save or send it somewhere. More complex scripts are sometimes able to take the information and log the user into the target site, To use this attack on someone with any knowledge of computing whatsoever you will need to employ attacks like dns spoofing.
@loozr you do not require any of the scripts hosted on the target site, you simply need a site that looks like the target.
-
can we buy a Can antenna yet ?
Really is pointless buying one of these but they are available all over, use google! http://www.cantenna.com/
As for getting long range with the Reaver Pro or Alfa One, they are bot the same device and has an rp-sma connector if you again google "rp-sma yaagi" or directional antenna rp-sma
-
If you know the antivirus on the target machine, then yeah fine, use a VM. However, if you don't know, then VirusTotal is really your only option. Besides, if you're good enough, surely you could get the detection rate to 0? ;-)
If your good enough you should be able to determine what anti virus is installed on a machine :) regardless i dont think you get my point, virus total use submitted information to improve anti virus solutions. There are other online malware scanners that do not share thier infomation with anyone. You should really check one of those out for the future.
Here is an extract taken from virustotal.com
When you submit a file to VirusTotal for scanning, we may store it and share it with the anti-malware and security industry (normally the companies that participate in VirusTotal receive files containing virus samples that their engines do not detect and are catalogued as malware by at least one other engine). The samples can be analysed by automatic tools and security analysts to detect malicious code and to improve antivirus engines.
-
Google is your friend, "UG802 root" --> http://liliputing.com/2012/09/rooting-the-ug802-android-mini-pc-installing-custom-recovery.html Third search result o Google full guide to rooting your device, wasn't hard to find :)
-
Could it have been https://code.google.com/p/wifite/, I thinks its included in BT5r3
-
Ok, thanks I will get a metasploit book.
Heres some reading material to get you started :)
http://schierlm.users.sourceforge.net/avevasion.html
http://adaywithtape.blogspot.nl/2010/05/creating-backdoored-exe-with-metasploit.html
-
As is often the case with binary dropping onto machines, AVs tend to pick them up. You should try looking into metasploit and building your own meterpreter/shell spawning binaries. There are many different methods to hide your binaries, encryption, EXE templates, custom shell code, Hyperion to name a few. You'll probably need to find your own, because most people tend to keep their methods to themselves for precisely this reason - making them public results to patches to stop them working.. :/
For a quick fix, try out Hyperion, and run it through VirusTotal to see who picks it up..
Why would you run it through virus total?
Pick the target anti virus, install it in a virtual machine with full updates, run executable
This way the signatures of your executable are not sent to the anti virus companies for analysis
Edit: unless you are planning something malicious like infecting hundreds of machines with a binary, this method should work fine.
-
You will find that questions along these lines do not get answered, reason being that there are many ways to do this and it is relatively easy when you know what your doing. Il give you a hint, metasploit is capable of doing what your asking.
-
You could set up password cracking nodes for distributed password cracking applications.
-
Cant access either of the links provied in the first post, requested access last week but still not been granted. If this is what you call definitve im dissapointed. I realise they have probably been protected because of malicious users but why not just export a copy to pdf so we can have access.
-
I'm also researching a possible project in face recognition using python, you might find these resources useful.
http://www.cognotics.com/opencv/index.html
http://www.shervinemami.co.cc/faceRecognition.html
http://spottedsun.com/face-detection-in-images-using-opencv-and-python/
https://github.com/wragge/Facial-detection
http://blog.jozilla.net/2008/06/27/fun-with-python-opencv-and-face-detection/
-
I bought a teensy a few weeks back and here are some of my thoughts and ideas, im going to try not to ramble on.
IDEA 1: Build an executable on the victim pc
Here i basically wanted to try and find a way to create, make or build! an executable from instructions sent from the device. The only way of doing this that i could think of was using the windows debug trick.
So using a module from http://sqlmap.sourceforge.net/ i converted an executable into a format that windows debug can read and convert this text file into an executable again. So i had the lines of code, i needed to get them onto the pc i decided id use the teensy to write each line from the file into a new notepad doc on the victims pc and then save and do the conversion on the file.
dbgtool.py - Portabltest e executabltest e to ASCII debug script converterCopyright © 2006-2010 sqlmap developers
source
#!/usr/bin/env python """ $Id$ dbgtool.py - Portabltest e executabltest e to ASCII debug script converter Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) Setest e thtest e filtest e 'doc/COPYING' for copying permission """ import os import sys import struct from optparstest e import OptionError from optparstest e import OptionParser def convert(inputFile): fileStat = os.stat(inputFile) fileSiztest e = fileStat.st_size if fileSiztest e > 65280: print "ERROR: thtest e provided input filtest e '%s' is too big for debug.exe" % inputFile sys.exit(1) script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_")) script += "%x\nf 0100 ffff 00\n" % fileSize scrString = "" counter = 256 counter2 = 0 fp = open(inputFile, "rb") fileContent = fp.read() for fileChar in fileContent: unsignedFileChar = struct.unpack("B", fileChar)[0] if unsignedFileChar != 0: counter2 += 1 if not scrString: scrString = "test e %0x %02x" % (counter, unsignedFileChar) else: scrString += " %02x" % unsignedFileChar elif scrString: script += "%s\n" % scrString scrString = "" counter2 = 0 counter += 1 if counter2 == 20: script += "%s\n" % scrString scrString = "" counter2 = 0 script += "w\nq\n" return script def main(inputFile, outputFile): if not os.path.isfile(inputFile): print "ERROR: thtest e provided input filtest e '%s' is not a regular file" % inputFile sys.exit(1) script = convert(inputFile) if outputFile: fpOut = open(outputFile, "w") sys.stdout = fpOut sys.stdout.write(script) sys.stdout.close() else: print script if __name__ == "__main__": usagtest e = "%s -i <input file> [-o <output file>]" % sys.argv[0] parser = OptionParser(usage=usage, version="0.1") try: parser.add_option("-i", dest="inputFile", help="Input binary file") parser.add_option("-o", dest="outputFile", help="Output debug.extest e text file") (args, _) = parser.parse_args() if not args.inputFile: parser.error("Missing thtest e input file, -h for help") except (OptionError, TypeError), e: parser.error(e) inputFiltest e = args.inputFile outputFiltest e = args.outputFile main(inputFile, outputFile)
I tried using the Keyboard.print command, Keyboard.print("n WirelessKeyView_exe");
with help put together a script that would put the strings of a file and embed them between a Keyboard.print string.
#!/usr/bin/python for line in open('debug.txt', 'r').readlines(): open('output.txt', 'a').write('Keyboard.print("' + line.replace('\n', '') + '");\n')
r cx bc00 f 0100 ffff 00 e 100 4d 5a 90 e 104 03 e 108 04 e 10c ff ff e 110 b8 e 118 40 e 13c e0 e 140 0e 1f ba 0e e 145 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 e 159 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 e 16d 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 e 180 12 f2 d9 dc 56 93 b7 8f 56 93 b7 8f 56 93 b7 8f ac b0 f7 8f
Keyboard.print("r cx"); Keyboard.print("bc00"); Keyboard.print("f 0100 ffff 00"); Keyboard.print("e 100 4d 5a 90"); Keyboard.print("e 104 03"); Keyboard.print("e 108 04"); Keyboard.print("e 10c ff ff"); Keyboard.print("e 110 b8"); Keyboard.print("e 118 40"); Keyboard.print("e 13c e0"); Keyboard.print("e 140 0e 1f ba 0e"); Keyboard.print("e 145 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61"); Keyboard.print("e 159 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44");
after getting this far i tried to compile the project and it seems to be too many lines of code for the teensy to handle on the software, il be honest i dont have a clue.
here is the error i got in compiling
elf section .data is not within region dataelf section .bss will not fit in region data
elf section .data is not within region data
./desktop/arduino-0018/hardware/tools/avr/bin/../lib/gcc/avr/4.3.2/../../../../avr/bin/ld.exe: region data overflowed by 43740 bytes
IDEA 2: Some ideas for scripts
Off my head not all may be viable or sane!
+ enter bios, run through key combinations to put the PC into the bios configurstion
+ Bypass Screensaver, again run through key combinations to bypass the screensaver
+ enumeration, script to do enumeration through the command line using only the pcs programs. teensy would generate a batch file though the same methods discussed above when i converted a file to a readable format for the teensy to use.
+ Payload switcher on an lcd screen
+ more to come...
-
So you have the following setup
Internet. <---> Router <---> PC / Host OS <---> VMWARE / Cent OS
Are you having issues with accessing the webpage / server locally as well as externally. E.g. via the net
If its just problems accessing the site from the internet then id say its your router. However if your having issues accessing the site / server locally as in the host os to vm then there is probably a misconfiguration in the server or the bridging of networks.
Have you checked the server logs?
-
Just read the whole thread and found myself intruiged by this project and I've got some suggestions.
My understanding of this project is that the ape toolkit would be used in circumstances where you have brief access to a terminal and you need to quickly plant backdoors, gather information and get out of there unharmed. (I don't condone any illegal activity)
Ideas and Sugesstions
1. Run FTP server on a different port, 21 tends to stand out a little.
2. Extract Registry/Copy Registry: usefull for extracting passwords, configurations, installed apps and versions, ect.
3. Copy/Grab firefox, chrome and other sensitive application directories, can be later used to extract passwords.
4. Vnc Payload does not set password correctly in the registry so when you try and connect password policy won't allow it.
5. Automatic nmap scan and dump to txt
6. Enumerate shares and dump info to txt
I read that you were thinking of including konboot, memimg, backtrack into this project.
-
I had a little trouble with them a while back using rcrack so I used cain and abel, imported the tables and it worked.
Try sorting the tables maybe.
-
I've never seen wifi cams being used in permenant locations, usually just used for short term basis.
Even if they had cloaked the ssid or obfuscated it by naming it bobs-wifi, you could still brute the ssid and if the wpa key is not well thought through it wouldn't take long till your in.
However these cams do have their own ip and web inteface which are password protected, in your case maybe not!
-
Episode 6x18
in Hak5
Nice show as always!
For those of you intrested in modding your android check out the xda developer forums. I have an android G1 running a modified donut rom by a developer called cyanogen.
As for hacking with the android there is some nifty apps available on the market e.g. portscanners and wardriving apps.
However the real fun comes with running a fully working debian shell, you can find more about this on xda dev.
Warning: Root apps have access to all your files and the android platform and most developers are saving all app info in clear text.
Python Portability
in Applications & Coding
Posted
This may be of interest, https://github.com/pantsbuild/pex