mubix

No, actually he turned 19 and I got him a present:

Posted. Finally... http://www.room362.com/archives/236-USB-Goodies-2008.html I'll get the torrent out a bit later with some of the "Freeware" stuff included.

All done guys. Sorry for the delay. Life loves to give you everything all at once. Anyways, I'll have the list and links posted tomorrow. The time will probably be 9 PM EST, although with any luck I'll have them out sooner. Feel free to barrage my email (mubix@hak5.org) if they aren't posted at some point tomorrow.

Originally Posted: http://www.paterva.com/forum/index.php/topic,47.0.html

Just wanted to put my two cents in. The newest version of Kismet has some wicked abilities to detect "cloaked" ssids. Yes, you will still need to have a client connected, it definitely doesn't take as long any more. They will show up in Kismet as blue ESSIDs when you get them. An easy way to generate that traffic that will reveal a ESSID is the old school blanket deauth.

Ok, SSL Certs in browsers are verified via a 3rd Party. Usually Verisign. The only way to make a cert come up green and valid is to also spoof the verification of the SSL cert. But here inlies the problem. The public keys for those sites are installed in browsers by default and will not accept any false verification site. So, to make this a complete hack, you have to: 1. Replace the public cert that is installed on the targets browser with your fake verification cert 2. Set up a fake verification server 3. Generate your key so that the fake verification server will validate the request. Oh yeah, and not all sites certify through Verisign. Possible, definitely. Worth the effort?, maybe. Difficult and extremely targeted, absolutely. I don't mean to scare you away from this project, it is actually one that taught me a lot when I had the same question. I suggest VMware and a weekend dedicated to the project. Good luck.

Now that is the hotness right there. Love the charger/battery

Originally posted: http://www.room362.com/archives/233-Jasage...and-Future.html If you haven’t heard already about Jasager.. well you probably don’t read this blog, but for those who want to know a bit more about the history of Jasager - Karma on the Fon, where the project is now, and where it’s headed, then buckle up, and hang on while we first travel down memory lane. History: The time was ShmooCon 2006. It was my very first “HACKER” convention. I was there with my buddies from Hak5 and SploitCast. I just so happened to sit in a talk by Dino (A. Dai Zovi). He was talking about Karma, his project that basically sat in the middle of wireless connections and instead of picking out the special bits directed his way, Karma accepted and responded to them all. I was in love, no not with Dino, but the project. I wrote theta44.org in my notebook (the site Dino noted to find out more) and continued on with the craziness that is any con. Having no money to invest in a wireless card that could handle Karma that page with theta44.org kept hounding me. In early 2007, boxgamex (a gentlemen from the Hak5 community) sold me a little Fonera router. What’s the first thing I did? Hack it, put OpenWRT and DD-WRT on it. But one day that page in my notebook showed up again and reminded me of Karma. I looked on Dino’s page and was appalled to find that the project hadn’t gone anywhere. Did no one see the potential that this project had? Putting 2 + 2 (=5) I decided to put Karma on the Fon for an ultra portable wifi attack tool. Well, I am by no means the Killer Coding Ninja Monkey that either Dino or Robin Wood are. I scripted my way into it working for one target at a time. The problem? I did all the work on the Fon. You can see where this is going. At DEFCON 15, I brought my scripted up Fon to test it out in the shark infested waters (Wall of Sheep addition?). Got excited to be there, booted the Fon up in my room, connected to the Fon and change a setting. The Fon bricked. No proof that I had done anything, didn’t even get the chance to test it out. I explained what had happened to my friend Darren Kitchen, and the project really sparked in him. He talked to the Killer Coding Ninja Monkey that I mentioned before, Robin Wood, and before you know it, the project was renewed under a new name “Jasager”, and this time with a better hand at the wheel. What was the point of this history lesson? If you have idea, and someone else has done it. Take it to the next level, and if you don’t have the time, find a partner who does. Enough history, lets get some information. Here is the home page of Jasager: http://www.digininja.org/jasager/index.php HINT: Robin Wood’s main site, while lacking style has some things that you also want to check out. (digininja.org) If you like reading, here is Darren’s blog post on how to get Jasager going If you are more of a visual person, check out episode 405 of Hak5 And if you have problems or want to discuss options and configurations with other Jasager users, check out the Jasager Forum Back to the Furture: MITM (Man-In-The-Middle) attacks on computer systems have been around since the dawn of time. The natural (rapid) progression of security attacks made it guaranteed that MITM would hit Wireless just as hard. If you have ever talked on a CB Radio, you know the frustration when the kids with the high powered antenna start playing the Mortal Kombat soundtrack over the CB without letting up the talk button. This is a simple example of how Jasager works. It gets in the middle of wireless communications. How do you protect against something like that? I don’t know. I don’t believe that there is a protection for Jasager or Karma (again, released in 2006). Where is Jasager heading? I think that adding the functionality of Karmetasploit (H.D. Moore’s project) to a portable device and then maybe shipping that device like the guys over at Errata Security did with an iPhone, would be one dangerous route. Or putting it in a box like Richard Mogull did. Or in a wall like Larry Pesce did. To the future? What if I could put this whole project on a USB stick that didn’t do anything but draw power so it could run Jasager + Karmetasploit? Maybe running it on the NeoPwn? The possibilities are endless with this project. For all those feed readers out there, you can keep up with the latest and greatest form Robin Wood and the Jasager project via their RSS feed.

Sorry, I have been having a few family issues. It will be out this week, and I will post here, my blog and on links.

Try using the tool that is described in Darren's blog post. It's a automated tool that will catch the Fon in redboot and complete the process for you. All you have to do is specify the root fs and firmware

Can you post exactly what you are putting in each field or just email me with it

I didn't see the comment come across for moderation. Any idea what the problem was? I'll post the reply.

All the info on the swtichblade can be found in the USB Hacks forum. These will all be programs that run from a USB with no installation, most without even needing administrative rights.

Ok, so now that the new season has started I have been getting a lot of requests via email, IRC and sheer volume of site hits for "Mubix USB" via google. So what I am going to do this year is a bit different. Instead of the just the tools I use I want to include the ones that you guys use as well (a.k.a. I'm being selfish and want all yo stuff). So tomorrow night (080912) I will compile a list of tools that I have updated, added, and removed from my last post and set up a new torrent. I will also take this chance to fix that poor excuse for a page I have. To sum up everything I said above: I get it, you can stop kicking my ass to get it done. Look forward to hearing what's new:

I had a guest blogger on room362.com today and I wanted to pimp his article as much as possible. Check it out at: http://www.room362.com/archives/226-Runtim...the-cheese.html He breaks down runtime packers so that anyone can understand them and get started trying them out.

Large Hadron Collider countdown: http://quegrande.org/countdown/

That is just pure awesomeness wrapped in warm home-baked bread.

Not really. This is due to the file it accesses, the SAM file, which is guarded by permissions that only allow administrative access. I welcome you to try out a program called Cain & Able and see what you can find.

Signed up and downloading. w00t! tomorrow it is GAME ON, who else got in?

Dude, Boris, it's a good script, especially if you integrate it with Evilgrade. Yes, rewriting links would be good too but then you are a lot more detectable. Now, if you can download, modify images into GIFs and rewrite links while adding execution to those GIFs. THEN you have something.

Ya'll are hardcore

Anyone using windows have the same problem? EDIT: I am an idiot. Since I never use IE for anything other than testing stuff out through proxies, I forgot that AIR apps usually use the same settings as IE. IE going through non existent proxy = nothing on screen. USER ERROR FAIL!

Everything is blank for me. No juju. Don't know what the issue is.

Use WiFi Assistant. It is in the "Internet" part of the menu

Some how my in-laws were finagled into buying me an iPhone so I will be getting one as well. I just have to deal with the crazy monthly bill.