Jump to content

operat0r_001

Active Members
 View Profile  See their activity

  • Posts

    327

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by operat0r_001

  1. operat0r_001
    first off it needs to run as system ... so you would need to use something like " http://rmccurdy.com/scripts/procexp%20as%20system.exe or http://rmccurdy.com/scripts/RUNAS_SYSTEM.vbs ( xp ) I would startover and use something like getcountermeasure script and work backward to a .bat: http://www.google.com/search?q=metasploit++getcountermeasure http://rmccurdy.com/scripts/quickclean.txt ( some M$ batch foo )
  2. operat0r_001
    NMAP FOR ANDROID CROSS COMPILE ARM # from android root prompt wget http://rmccurdy.com/nmap.sh sh nmap.sh cd /data/local/bin nmap -v -iR 50 -PN -p 80 -n -A This MAY work for other platforms but tested on cygonmod as of 2/18/2010 on Android G1 plan to APK package this up with other security tools ruby/metasploit etc .. • SYN scans may not REALLY be working … along with other ‘features’ of nmap .. • Copy eveything in http://rmccurdy.com/stuff/G1/BINS/NMAP/ to /data/local/bin on the Android and cd /data/local/bin • You may need to ‘mount -o remount / /` and put sh or bash ( the busybox bash ) in /bin/sh • Or alternative export SHELL=/system/bin/sh may work .. • http://delicious.com/operat0r/android reference • Some tips for cross compiling: - Start with simple! bash or ‘hello world’ - Make sure the file is ARM / STATIC nmap: ELF 32-bit LSB executable, ARM, version 1 (SYSV), for GNU/Linux 2.6.14, statically linked, not stripped - If you get ‘not found’ it may be the /bin/sh issue or missing libs - You can use strace and gdb from my site or http://ortegaalfredo.googlepages.com/android - For nmap and others I had to pre compile the libs and or hack up the configure and/or make file so if something fails try to compile each lib in the folder take it folder by folder EXAMPLE OUTPUT: uname -a Linux localhost 2.6.29.6-cm42 #11 PREEMPT Sun Jan 3 23:10:50 EST 2010 armv6l GNU /Linux # Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2010-02-18 19:04 UTC Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Interesting ports on diecastaircraftshop.com (63.249.18.249): PORT STATE SERVICE VERSION 21/tcp open tcpwrapped 25/tcp open smtp? 80/tcp open http Microsoft IIS webserver 7.0 443/tcp open https? Device type: general purpose Running (JUST GUESSING) : FreeBSD 5.X (85%) Aggressive OS guesses: FreeBSD 5.3-STABLE (85%) No exact OS matches for host (test conditions non-ideal). Uptime 43.977 days (since Tue Jan 5 19:39:44 2010) Service Info: OS: Windows Nmap finished: 1 IP address (1 host up) scanned in 141.397 seconds # MINI HOWTO: # you need sun-java5-jdk echo 'deb http://us.archive.ubuntu.com/ubuntu/ jaunty multiverse' >> /etc/apt/sources.list echo 'deb http://us.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse ' >> /etc/apt/sources.list apt-get update apt-get install build-essential -y apt-get install m4 -y aptitude install git-core git jfsutils xfsprogs quota isdnutils-base nfs-common oprofile -y apt-get install sun-java5-jdk -y # toolchain for cross compile wget "http://www.codesourcery.com/sgpp/lite/arm/portal/package3696/public/arm-none-linux-gnueabi/arm-2008q3-72-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2" http://zenmachine.wordpress.com/cross-comp...not-so-zen-way/ http://android-dev.g.hatena.ne.jp/takuma104/ # download nmap-4.01.tar.gz # precompile dftables cd ./libpcre/ ; ./configure ; make;cp dftables /usr/local/sbin/ # make clean and cp /usr/local/sbin/dftables ./libpcre/ # precompile libpcap I got libpcap-0.7.1 to compile OK for AM ' --with-libpcap=/home/operat0r/libpcap-0.7.1/ ' change to your path # before you make vi the Main Make file to STATIC = -static # my last line after make looked like: arm-none-linux-gnueabi-g++ -Llibpcap -Lnbase -Lnsock/src/ -static -o nmap main.o nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o output.o scan_engine.o timing.o charpool.o services.o protocols.o nmap_rpc.o portlist.o NmapOps.o TargetGroup.o Target.o FingerPrintResults.o service_scan.o NmapOutputTable.o MACLookup.o tty.o nmap_dns.o -lnbase -lnsock libpcre/libpcre.a -lpcap libdnet-stripped/src/.libs/libdnet.a -lm export ac_cv_linux_vers=2.6.31 export CC=/usr/local/arm-2008q3/bin/arm-none-linux-gnueabi-gcc -static export LD=/usr/local/arm-2008q3/bin/arm-none-linux-gnueabi-ld export AR=/usr/local/arm-2008q3/bin/arm-none-linux-gnueabi-ar export RANLIB=/usr/local/arm-2008q3/arm-none-linux-gnueabi/bin/ranlib export PATH=$PATH:/usr/local/arm-2008q3/bin export PATH=$PATH:/usr/local/arm-2008q3/ export PATH=$PATH:/usr/local/arm-2008q3/lib export ac_cv_func_getpgrp_void=yes export ac_cv_func_setpgrp_void=yes ./configure --host=arm-none-linux-gnueabi --target=arm-none-linux-gnueabi --with-libpcap=/home/operat0r/libpcap-0.7.1/ --without-nmapfe --with-pcap=linux
  3. operat0r_001
    UPDATED: http://hak5.org/forums/index.php?s=&sh...ost&p=88306
  4. operat0r_001
    Video Download Capture portable Replay Media Catcher portable MediaCoder portable http://rapidshare.com/files/335751302/Vide....0_portable.exe http://rapidshare.com/files/336245780/Repl...tcher_v3.11.zip http://rapidshare.com/files/338371999/Medi...82_portable.exe ready for USB 1337ness
  5. operat0r_001
    No and no ?? its not a theory ... usboot.org .. you would only need to remember WPA key and if you and the WGA can be crack easy this has been tested on 4 different desktop and 5 different laptops I can only assume you need to keep the original IMAGE because its installing drivers every time you change the system and I assume that would cause problems eventually but none for me so far I got a blue screen but it worked fine on reboot for one of the desktops
  6. operat0r_001
    * dont patch the wii ! * find out what version you got 4.2 I am running * http://delicious.com/operat0r/wii http://rmccurdy.com/stuff/wii2/ for 4.2 .. this will give you an idea .. of what you need http://rmccurdy.com/stuff/wii older wii stuff be sure to also add the Preloader for if and WHEN you brick your wii :)
  7. operat0r_001
    windows XP SP3 installed to USB usboot with NIC and WIFI driverpacks *** THIS IS NOT BART,ERD OR UBCD4WIN ETC THIS IS A REAL FULL XP PRO SP3 INSTALLED AND BOOTING FROM USB DRIVE *** This is working and tested USB boot image using partimage * get a 4gig or higher usb drive * download RMPrepUSB and format fat32 with boot * make sure you can boot from the USB device * extract the zip using 7-zip.org etc * use partimage to dump the ~2 gig image to the usb drive etc * http://www.sysresccd.org/Screenshots for partimage if you do not have it also on Backtrack or any number of live linux distros this is how I did it thank usboot.org * the host mashine MUST have NFTS partiton on it for this to work it uses drive shadowning etc to clone the C: * made sure the USB drive was bootable * formated the USB drive FAT32 not on VMware but on the host mashine * did base install of my windows XP with driverpacks on a VM * extract the NIC and WIFI drivers from driverpacks.net * ran phase 1-3 ok on the VM * you can even put this on cell phone and boot windows from minisd etc .. :) * the image can be pushed and booted in under 4min on a USB or HDD for a quick hack rmccurdy.com/usboot.txt -o p r e a t 0 r - r m c c u r d y . c o m
  8. operat0r_001
    * try a different box * buy some contact cleaner itsl ike WD-40 but for tronics :) * http://delicious.com/operat0r/backtrack ( look for USB )
  9. operat0r_001
    random psycho babble * not sure but something about flash media over say 8gigs is 'different' maybe <8 is flash and >8 is 'removal disk' I just have had issues with boot/etc with larger flash drives * as far as USB forensics for windows I use HandyRecovery.exe GetDataBack for NTFS portable.exe GetDataBack for FAT portable.exe (PhotoRec - CGSecurity) * also look into dd_rhelp but normally flash works or does not so its more a matter of what tools to aim at it then reading from it with IDE/SATA you can buy PCI cards that can read at a lower level * for more info pop it in a *nix box and google the device is picksup to answer your Q: lookinto WMI you can monitor and query event logs etc anything ... you could http://www.google.com/search?q=GPO+%22usb+flash%22
  10. operat0r_001
    you can do this with ping yahoo.com and error levels ( exit codes for *nix users ) http://www.robvanderwoude.com/errorlevel.php :loop Timeout.exe 30 ping yahoo.com if errorlevel 1 goto restartvnc Timeout.exe 30 goto loop something like that
  11. operat0r_001
    if the ssid is the same as factory defualt likly he has never even logged into it .. if not default try xhydra and friends to brute force it with a small wordlist
  12. operat0r_001
    http://shodan.surtri.com/?q=Www-authentica...2000&page=5 http://rmccurdy.com/scripts/myipneighbors.bash.txt wikto http://rmccurdy.com/scripts/videos/rmccurd..._Wikto_Aura.swf
  13. operat0r_001
    noobs http://74.125.47.132/search?q=cache:f8ldos...lient=firefox-a I rember a article about Macs and HID on flash drive allowing FORCE autorun type of shanagins ?? is there such a thing for windows ? "not autorun.inf
  14. operat0r_001
    just google rat or "remote access tool" also google on splitting files to circumvent malware scanners or ( packers ) or just write your own using MSF and bundle it with something
  15. operat0r_001
    Hijetter.exe great for open HP printers :) * replace the error message with "please deposit $.25 to complete print job"
  16. operat0r_001
    this is a retarded thread ... and I am hijacking it to replace it with useful info ..: * http://www.wpacracker.com/cracker/upload * http://cracker.offensive-security.com/ * http://www.md5decrypter.co.uk/ * http://www.freerainbowtables.com/en/download/ * http://rmccurdy.com/scripts/packetstorm_dic_john_1337.tar.gz * http://forums.remote-exploit.org/pentestin...e-wordlist.html * http://www.remote-exploit.org/codes_wyd.html
  17. operat0r_001
    goto my site play with the portable download :) skiddie powers activate ! learn a programing lang the rest will come
  18. operat0r_001
    giganews/ssl + truecrypt = DONE 15$ a month charge it to yer moms CC
  19. operat0r_001
    11/12/2009 - UPDATED/FIXED feeds.rmccurdy.com - 30 feeds ( to be added secunia.com if I can ) http://www.securityfocus.com/rss/vulnerabilities.xml http://seclists.org/rss/bugtraq.rss http://seclists.org/rss/fulldisclosure.rss http://seclists.org/rss/pen-test.rss http://seclists.org/rss/incidents.rss http://seclists.org/rss/dailydave.rss http://seclists.org/rss/webappsec.rss http://seclists.org/rss/vulnwatch.rss http://feeds.feedburner.com/HelpNetSecurity http://www.us-cert.gov/channels/alerts.rdf http://www.us-cert.gov/channels/techalerts.rdf http://www.kb.cert.org/vuls/atomfeed?OpenV...=1&count=30 http://milw0rm.com/rss.php http://www.net-security.org/dl/bck/vuln.rss http://news.securitytracker.com/server/aff...1D319BD39309004 http://feeds.feedburner.com/darknethackers http://feeds.feedburner.com/schneier/fulltext http://www.professionalsecuritytesters.org/backend.php http://www.f-secure.com/weblog/weblog.rss http://www.gossamer-threads.com/lists/full...-disclosure.xml http://feeds.feedburner.com/Vitalsecurity-org http://taosecurity.blogspot.com/feeds/posts/default http://securityvulns.com/informer/rss.asp http://www.vupen.com/exploits.xml http://osvdb.org/feed/vulnerabilities/latest.rss http://rmccurdy.com/scripts/vupen-security.rss http://rmccurdy.com/scripts/vupen-linux.rss http://feeds.feedburner.com/SansInstituteA...kAll?format=xml http://feedity.com/rss.aspx/ath-cx/UldUWlFU http://www.securinfos.info/english/securit...-advisories.xml
  20. operat0r_001
    * ettercap * echo www.google.com A 75.131.195.228 > etter.dns easy rickroll OR WHAT EVER RMCCURDY.COM IP IS AT THE TIME .. http://75.131.195.228
  21. operat0r_001
    I search for usboot and did not see any post so I did this real quick .. USBOOT.ORG ( the idea behind it creates a image of the current OS and tweaks it for you ) * load up a new clean VM with what ever MS OS you like ( MUST BE NTFS ! tested with windows XP ) * download driverpacks.net ( I just used LAN and WIFI ) * install usboot.org on the VMware image ( just extract to c:\ ) * place the driverpacks extracted into the c:\extra drivers folder of the usboot.org install * read the readme file for basic idea of how it works ... * run phase 1 ( phase-I ) * while phase 1 is running format and make the USB flash drive bootable ( I downloaded WinSetupFromUSB and format the use stick FAT32. NTFS should work to but not sure ) after its all said and done you end up with ~ 1.6gig install of windows with LAN and WIFI drivers .. you can add more drivers etc but partiamge it came out to a 777meg image ! you can DUMP that image to a HDD and boot all in under like 4min ... beats Nlite by 50min :) * sometimes I get bluescreen but reboot it works ok * sometimes I have to reboot for it to boot off the usb stick or plug it into the back
  22. operat0r_001
    Wow .. really ? dont even bother .. its like hacksaw but some how worse .. only good thing about it prob not picked up by malware scanners ... .. This "Computer Online Forensic Evidence Extractor (COFEE)" is no more then just old windows exe all compiled into a dump log with some www.sysinternals.com utils added on ... w0w really .. ? this is joke right ?!? --operat0r AKA rmccurdy.com //----------------------------------------------- // Check Requied Files //----------------------------------------------- Finding uptime.exe ... found Finding config.txt ... found Finding folders.txt ... found Finding pausep.exe ... found Finding NW3C_SHA1.exe ... found //----------------------------------------------- // Load Config //----------------------------------------------- //----------------------------------------------- // Read Disk Label //----------------------------------------------- //----------------------------------------------- // Find COFEE Drives //----------------------------------------------- //----------------------------------------------- // Detect OS //----------------------------------------------- The OS of this system is Windows XP //----------------------------------------------- // Create Output Folders //----------------------------------------------- F:\out-PANSY-8349E3157-20091110214413 is created F:\out-PANSY-8349E3157-20091110214413\network is created F:\out-PANSY-8349E3157-20091110214413\process is created F:\out-PANSY-8349E3157-20091110214413\services is created F:\out-PANSY-8349E3157-20091110214413\users is created F:\out-PANSY-8349E3157-20091110214413\password is created F:\out-PANSY-8349E3157-20091110214413\policy is created F:\out-PANSY-8349E3157-20091110214413\registry is created F:\out-PANSY-8349E3157-20091110214413\log is created F:\out-PANSY-8349E3157-20091110214413\file is created F:\out-PANSY-8349E3157-20091110214413\memory is created F:\out-PANSY-8349E3157-20091110214413\opt_tool is created F:\out-PANSY-8349E3157-20091110214413\misc is created //----------------------------------------------- // Run Command //----------------------------------------------- Start COFEE Verifying ... Success Start... Commandline : at.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : autorunsc.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : arp.exe -a [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : getmac.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : hostname.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : ipconfig.exe /all [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : msinfo32.exe /report F:\out-PANSY-8349E3157-20091110214413\misc\1b 7c1a3b3ded3e610cdb046ddbdf2c22.txt [Press Space to KILL the Process] ************************************ Pause... Select Process to kill : 0 ... Resume 1 ... msinfo32.exe ************************************ ************************************ Killing msinfo32.exe /report F:\out-PANSY-8349E3157-20091110214413\misc\1b7c1a3b 3ded3e610cdb046ddbdf2c22.txt ************************************ Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -A 127.0.0.1 [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -S [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -c [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -n [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe user [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe file [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe accounts [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe view [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe start [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe session [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe localgroup administrators /domain [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe localgroup [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe share [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe use [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe localgroup administrators [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe group [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : netdom.exe query DC [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : openfiles.exe /query /v [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : psfile.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : pslist.exe -t [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : pslist.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : psloggedon.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : psservice.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : pstat.exe [Press Space to KILL the Process] Calculating Hash ...
  23. operat0r_001
    FIXED :) backups were 3 days old and I made this just yesterday
  24. operat0r_001
    my 80gig drive died last night still gettting things up .. some how I guess I misread it as snuggie or something .. 08:57 &lt;+Dfg&gt; where is snubs :( 08:57 &lt;+Dfg&gt; Who cares! 08:58 &lt;+Dfg&gt; I will come my flying Camel and take you away 08:58 Dfg goes to fuel up his Camel 09:11 &lt;operat0r&gt; Dfg: that gave me a a great IDEA ! 09:11 &lt;operat0r&gt; LOL 09:11 &lt;operat0r&gt; HOLD ON give me like 15min ..lol 09:11 &lt;operat0r&gt; photoshop psd: http://rmccurdy.com/public_images/snuggie.psd
  25. operat0r_001
    man arp
×
×
  • Create New...