Jump to content

tbstuntz

Active Members
  • Posts

    36
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by tbstuntz

  1. Can't wait to try this out. Thanks dude
  2. As the title suggests, Can anyone advise on the best solution (if any) to encrypting my macbook's entire hdd. True crypt works for windows and there are loads of tutorials on achieving this with linux OS's but I am struggling to find anything for OSX? Cheers
  3. If anyone else has similar problems to this I updated it to v1.0.2 and karma was fixed.
  4. Take the SD card out of the ducky and plug the SD card into your computer with a micro sd card adapter of some kind. When you mount the SD card, the files are there to encode your inject.bin. Once done eject the SD card and plug it back in the ducky. Now when you plug the ducky into a device it will execute the inject.bin commands:)
  5. http://forums.hak5.org/index.php?showtopic=21103 & http://forums.hak5.org/index.php?showtopic=21125 Darren, " Brilliant! I could see adding to the firmware a function that captures capslock and numlock states. That way you could, albeit slowly, send data back to the duck without using conventional means. For example, if capslock represented 1 and numlock 0, with the right payload you could extract hash data from a target machine and send their binary equivelents back to the ducky."
  6. Everyone has probably come across GODMODE on windows 7 before. This loads it so you can select lots of tools simply by using the down arrow and enter. REM Author : Stuntz REM Description : Opens up GOD Mode on windows 7. Allows you to access tools with down arrow and enter:) GUI d MENU DELAY 100 STRING w DELAY 100 STRING f DELAY 100 STRING GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} ENTER ENTER
  7. This idea was to set a scheduled task to run on logon, in this case load an HTML page. Instead of the content/exploit being setup instantly, i.e when your still near the target machine, it would be scheduled to run later to erase any suspicion that you were involved. Just another concept for the ducky community:) REM Author : Stuntz REM Description : Creates index.html stored in C:/ and automatically opens it when user logs in. REM Version : 0.1 CONTROL ESCAPE DELAY 200 STRING notepad.exe DELAY 200 MENU DELAY 100 STRING a ENTER DELAY 200 LEFT ENTER DELAY 500 STRING <html> ENTER STRING <body> ENTER STRING <h1>Your windows machine needs to be upgraded</h1> ENTER STRING <input type="submit" value="Update Now" /> ENTER STRING HAK5 DUCKY ENTER CONTROL s DELAY 100 STRING index.html TAB DOWNARROW DOWNARROW TAB TAB TAB TAB TAB ENTER STRING C:/ ENTER SHIFT TAB DELAY 100 SHIFT TAB DELAY 100 ENTER DELAY 100 ALT F4 DELAY 100 CONTROL ESCAPE DELAY 200 STRING cmd DELAY 200 MENU DELAY 100 STRING a ENTER DELAY 200 LEFT ENTER DELAY 1000 STRING schtasks /Create /TN Hak5Update /SC ONLOGON /TR "C:\index.html" ENTER DELAY 100 STRING exit ENTER Just read on another post from Darren that with the new firmware the Ducky will support on board file storage so that kind of eliminates the need of this to download a file.Oh well might be of some use.
  8. this is a really popular topic but I never see anyone suggest http://www.thenewboston.com/ Its excellent if your wanting to start a new language:)
  9. So just out of interest what do you guys do to secure and lock down your fresh ubuntu install? Any tips?
  10. I always thought about a fire detector
  11. got this email from sony PlayStation®Network Valued PlayStation Network/Qriocity Customer: We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have: 1) Temporarily turned off PlayStation Network and Qriocity services; 2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and 3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information. We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable. Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports. We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions. Sincerely, Sony Network Entertainment and Sony Computer Entertainment Teams Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data
  12. Just downloaded and installed the new ubuntu 11.04 and it is sweet! You should Check it out punkz! Plus is it just me or is nobody on here talking about the PSN hack? Could'nt find any threads on it?
  13. I'm running backtrack 4 R2. Armitage is installed along with metasploit. I start MYSQL with /etc/init.d/mysql start then the credentials msfrpcd -f -U msf -P test -t Basic. But when I try to connect via armitiage I get an incorrect driver error. After some googling I found a fix that said I was to load up msfconsole then change the metasploit database with db_driver mysql. I only have the other two though?
  14. Would anyone know how to install just the MYSQL driver for metasploit? I have the other two but I cant run armitage because the MYSQL isnt present?
  15. Ahh I see sorry mate. I stupidly thought you were just meaning the sql injection was stupid. Thanks
  16. Guessing thats a no then? It's another venture that I have never played about with and I am not just going to start trying it on any old site I can find.
  17. Does anyone know of any sites that can be downloaded or other ways to legally practice sql injection techniques?
  18. Thanks I had done a few examples with php and a mysql backend. I have come across Drupal which so far looks like what am after.
  19. I am really new to web development I know basic html and PHP. The question I have is how to websites integrate the "blog" style idea. I mean once you have set up the basic web layout with nested tables how do I create dynamic content i.e If I just want to add a new post of something. Any ideas would be great Cheers Edit: After I read that I realised its nonsense. What I am trying to get is an idea of how web developers create dynamic websites even like the hak5 homepage. Surely the page doesnt have to be recoded everytime they want to add a new video?
  20. Why not just use promox like darren did in recent episodes. Setup some virtual machines and let them have some fun. I would make the main objective relativity simple , like some xp machines, but hide harder stuff for people to prove they are the sh*t.
  21. Not sure about the law in the us but in the uk there cant be any moving images on the screen whilst the car is in drive. Dunno if car computers are the same but with in car dvd screens they should be fitted up to the handbrake so that when the hand brake is up the screen works and when its off a message is displayed. Easy cheap fix is to wire a small switch from here to under the seat or hidden away so when the cops pull you give the magic switch a wee flick and good times. A like the idea of wireless. Would be cool if you could park your car in the garage and wirelessly sync with your media automatically. No more burning disks every time you want more music.
  22. Other than tunnelling through ping or dns is there any other techniques to bypass login pages? Without the use of mitm attacks?
×
×
  • Create New...