overwraith
-
Posts
742 -
Joined
-
Last visited
-
Days Won
5
Posts posted by overwraith
-
-
Cracking with the ducky is generally not a good idea. It can only hold so much keys, is only relegated to about 4 character pin cracking on phones/tablets. Everything else quickly becomes rediculous. The ducky is also generally slower than a computer cracking program. Yeah, generating randoms is usually simple in coding languages. As far as cracking goes though, generating a random would create collisions, and be much too inefficient for cracking a password. Usually a hacker grabs a password hash somehow, and uses a cracking program to guess the hash, usually by guessing all possible combinations of characters, or by reading from a list of passwords, etc. You encypher the password, and it spits out a hash, when they match you have found the password. Either that, or if it is an online web service you could do an online crack, in which case the cracking program detects when it has reached a userprofile page instead of running a comparison on a hash. Online cracks are usually tracable though, and pretty noisy to anybbody who reads their web server logs.
The brute force algorithims I've seen work a little bit like the odometer in your car, steadily scrolling up, and then they reach zero again and iterate the next row. I found a java program a while back that showed me an algorithim implemtation.
I think somebody did generate a script a while back for like 4-6 chars or something on the ducky forums a while back using bash or something. Might wanna run a search for a phone crack.
-
I prefer higher level languages these days as opposed to the older stuff. For me these include C#, Java, etc.
Background
I first got coding in Java, most of the tools/IDE's related to java are free and open source. When I was in high school I think we used Jbuilder or something(can't remember the name), I found later that Eclipse was probably a better, if not more complex alternative. Even more recently there was the Netbeans IDE, but I think I still prefer eclipse due to the fact that you can use it with other languages such as python/C++ with the right plugins. In college I made a mean batch processing/transaction program in C. It was insainely efficient, due to returning pointers to structs from some reader functions I wrote, as well as static local variables for storing the file pointers I was using. The program only contained two objects at any given time, which made it memory efficient, and since it was essentially parsing CSV files only two objects were ever required. CSV file processing usually locks you into processing a record at a time, unless you take the time to write to a collection, which probably would have slowed the program down in my case. I have kind of jumped around while learning languages, but I think that has been benificial in many ways. I absolutely hated my first language Java, but now I understand that it's syntax is a whole lot better than some languages, and I am back to liking it again. I am especially happy with it now since it supports lamabadas. C# also supports lamabdas (safe callback functions). This allows for better pipeline systems (essentially querying operations on in language data). Later I was introduced to web development tools such as JavaScript (not java, this one is a Microsoft thing), CSS, HTML (markup lang, not actually a programming language per-say), etc. Honestly these web languages have so many dialects I am still a novice with them, but they will probably be more essential as time goes on. I was introduced to ASP.NET, but the book I read emphasized more of the drag and drop Visual Studio features, and less on the actual code syntax, I consider this a failure of the literature. There are probably at least a few languages I have completely foregot to write down here, especially the ones that I learned on my own. I am a little tired tonight.
Point being...
You should start with a more recent language like C# or Java etc, not so much the old, nearly dead languages like Basic, Assembly, Cobol, etc. I have seen some cobol programmers around, but it isn't one to persue. All the programmers in those languages are old dinosaurs. I heard some company managers put it this way, "We don't want any more Cobol programmers." The reason being, the applications need upgraded, or replaced with modern, maintainable code. They don't need more old code generated. One point about ASM, it is probably good to learn for reverse engineering, hacking/shellcode, etc. One isn't going to go out and deliberately code a project with it though unless it is an operating system. The new languages, even though they loose a little bit of power, can get a lot more done with less code due to the fact that you are coding things whith high level abstractions. That's the real power behind the new languages. Avoid the old stuff, try to choose something which is cutting edge, and will proably be supported for a while (Microsoft is usually a safe bet C#). You don't want to learn Basic. You will also proabably learn dozens of languages as you progress along your career if you choose to develop one. It is not a bad thing, each language is a tool for specific jobs.
Syntax
C#, and Java are very clear to me syntactically, and they have enough syntactic sugar to keep you interested. They are object oriented, which means that you use objects, which are basically a fusion between functions, and data, composed into a self contained unit, class member variables, and "methods". Methods operate on the data members. C, the old way was Procedural/Functional. Everything was coded inside a function. Functions called functions called functions... Data was declared inside functions, and passed as parameters to functions. Though you may find functions more direct, object oriented pays huge dividends when implemented right. C/C++ also have a reputation for being more convoluted. Even Python, an object oriented language has some pitfalls. Whitespace in python is essentially their way of using braces in other languages. The whitespace changes the flow of the program. The syntax is also a little harder to understand in some cases. C# can be used to make server backends, which basically act as a go-between between the database and the outside world on a website, and it can also be used as a standalone desktop application. Java can be used for desktop applications, it is portable, and I believe it can also be used for backend/web related work. PHP is a good website backend, but I find it to be convoluted in some instances as well. This doesn't stop lots of people from using it however. C/C++ are used much of the time for desktop/operating system related programs. Everything the user sees from the website is implemented in javascript, CSS, and HTML, the user interface, which talks to the server backend, the C# etc, which in turn talks to the database. Web applications are therefore an ecosystem of sorts. I find Visual Basic to have way too many ugly code blemishes, for instance instead of declaring variables you dim them (int i = 0; versus dim i = 0). In VB everything has an end statement instead of a much more succinct curly brace. I guess I sometimes add comments to the end of some of my structures anyway, but I prefer to have a choice in the matter.
-
The thing is, when you say system hooks, that is actually a very specific phrase. What you are saying is that you are using drivers, and system calls to get the OS to do your bidding. That is mostly the C arena. This is what I thought you meant.
I attempted to read the malware analysts cookbook, I got some useful recipies from it, but was largely unsuccessful. They use this term "hooking the OS" very specifically.
I agree that we should use some of the already built in windows features to schedule our code, unless there is a very compelling reason to make a generic cross platform scheduler.
The advantage of encapsulating the command in code is that it cannot be tampered with by others as easily as the string is compiled into the class files, and in the case of making an installer etc, you don't have to manually input the command into the command line such as if you are making an installer etc. You can use the command prompt to make sure you got the syntax correct.
Command line is actually very different, you are calling a program via the command line. Is essentially interpretation, which is indirect, and therefore is a level of indirection. I would also presume due to the interpretation it is a bit slower.
Yeah there are ways to send command line commands to other processes etc.
http://stackoverflow.com/questions/8496494/running-command-line-in-java
http://www.dotnetperls.com/process
I borrowed the excel code from the last link in a program recently to open two excel files in an excel file matching program for final display.
-
That's true, there would be blind spots. The camera isn't very well situated for this type of situation. My point however is that most people would try to catch the drone somehow instead of trying to shoot it down. I am banking on the fact that people generally don't bring guns to work.
I am also observing that people are reactive in nature. Trying to catch the drone is more or less equivalent to an event of the drone has been seen. Sure they can be far away and see it and just not care, but in that case you wouldn't need to move anyway.
One alternative would be to incorporate a level of swivel into the camera, but you're right, most drones wouldn't incorporate this. The algorithim would need to take into account the need to turn off the algorithim until the camera comes to a stop, and then turn it on again, and keep rotating the camera.
Also I just found something out, instead of using ultrasonic sensors or IR sensors, use instead sonar sensors. I am reading through an arduino book, but basically both arduinos and raspberry pi's have pins for hardware dev.
I wouldn't generally make the drone hover anywhere anyway, It uses a lot of energy, which would be better saved in a park and stare mode. Perhaps you could have it do some quick operations while en route to another stare location.
-
If you're on the roof however, and you park in the center (flat roof), then it cuts off some of your visual range. If it is a temple'd roof, then there would probably be problems. I am thinking that the size of the swarm, aka how close the person is to the drone would have to be taken into account. Bigger(visually) moving objects are generally closer to a drone than further away smaller moving objects. The algorithim you use would essentially need to not be too sensitive. Now actually flying and gathering this type of swarm processing data would be practically impossible due to the fact that everything would be moving since you are flying. You would have to turn on the algorithim while you were parked on the roof, and turn it off again when you fly.
I am actually thinking more in terms of park and observe instead of fly and gather.
-
Well, apparently it wouldn't work if you were moving, but if you were parked on a roof or something with landing gear down you could use what is called swarm pixel processing. Look it up, If a person is represented to a camera as a swarm of pixels, then you can program the drone to react to movement. It is a thing, and it is typically implemented in security cameras, and robotics. Just google it. Apparently if you see movement, it is larger than a certain dimension/closer to the drone than a certain amount of feet, then you have been seen. Another option would be an ultrasonic rotating distance sensor. Is composed of an ultrasonic sensor and a motor, proabably a servo motor.
It's not so much what is going through the other guys head, oh, i see that!, it's how do they react/are they reacting to the drone, for example by trying to catch the drone.
-
You could have some sort of swarm video processing, and program the drone to fly away if anybody actually sees it... Don't know how much other processing you could program the drone to do though. This way it is more automated to keep the drone out of danger, and you don't have to monitor it. I would like to make my own drone sometime, it just seems a little bit complex at the moment, and I can't shell out that much money for one all in one go.
-
It depends on whether you want to make the ducky inject random characters, or make a batch script which the ducky runs generate a random string...
The Ducky reads from a static inject.bin file, which contains binary bytes which the ducky injects as keystrokes. As the firmware is at the moment it cannot inject variable data, because the file is static, unchanging. Conceivably it might be possible to make the ducky do things based on the data in the file, for example, what if we made a special byte which when read by the ducky would kick off a function which would preform the random keystroke injection? It would be really neat to essentially make a higher level scripting language or different compiler which would take additional functionality into account. I don't know that much about the C/firmware, what I wrote, I basically tweaked from midnight snake's code, I am not that good at modding it. Another thought I had was the ducky seems to have a limit on the size of scripts, and every delay(1000) basically inserts a no operation byte into the ducky code file 1000 times, which makes these no-operation sections really long. So what I was thinking was wouldn't it be cool to have a byte, like the no-op byte used on the ducky, but always to use two bytes to express this in the file. The second operand could be the number of times you actually want the no-op to execute. This would mean instead of [no-op, no-op, no-op, no-op, no-op, no-op, no-op... n] you would have [no-op, 100]. This cuts down the number of bytes from n to 2. Bytes have a limited size though, so repeated values might be necessary. Another alternative to this would be reading from a different format like unicode(multiple bytes represent a character) or something else, where bytes are represented as multiple byte values. This would give us higher number values to play with, (bytes normally 0-255, so with another format would have higher nums to support this operand idea, unicode is 4 bytes, so would probably be 0 to 1020 operations) but I don't know if the current library supports it. Another thing that bugs me is the fact that the ducky can only read a limited number of file bytes into memory. Shouldn't it be able to parse the file one byte at a time until it reaches the end? Whatever format is used one has to not break the functionality for other cultures, even if it means you have to roll your own format.
If we could associate more values with other 'functions/code' on the ducky we could make the ducky do more however this relys on a lot of assumptions, and I don't have a large abundance of time to chase down these assumptions and become a better microcontroller programmer. Some of the things I have said in this post could in fact be completely wrong. Just take everything with a grain of salt as I don't have much time to vet what I am writing here. (entry level web developer here...)
What I would see this random operation being useful for would perhaps be generating a random filename/variable name in batch scripts/programs.
Now what I know you can do is you can tote around a batch script which you call like a method and returns a random string for use in your other drop programs. This batch script could be injected via the ducky, or it could be on the micro-sd with the correct firmware reflashed. You could even use some sort of powershell script/vb script etc.
-
Off topic but curious why using Java vs hooking the OS itself for built in services?
Because most new coders aren't that into C...
I know I'm not that into C. Am a little addicted to object oriented. I did make one interesting C program back when I took my class. It was basically a batch processing program which could run at the speed of the disk from which it read (pretty fast considering). Actually I believe that the Windows API is the problem, and it is not generally taught in schools any more because we have more abstract tools these days (we loose a little bit of granularity these days). Socket objects basically wrap the Windows API in most modern languages. This usually makes things a lot easier to use.
One might be able to hook the OS in Java/C#, I haven't ever actually tried...
Using the Windows Task Scheduler is probably the way to go. Slightly related, I actually coded a "TimeBomb" class a while back in C# to do something similar. The way I did it was to make a class member variable which is a low priority thread, and I used "Detonation" events/delegates to preform the requested operation (modern java has lambadas now, but you could use an observer model), and I made persistant by writing to a crypted binary file. I would pass in Symmetric algorithim objects to the class for the decryption. The objective of my program was to make a time bomb object which would run every time a program which uses it runs. I was basically interested in figuring out how trial ware works etc. Wanted to make an interesting little class. Actual trial ware probably has many more techniques, or slightly different ones. One could put an exe in the startup folders, and have it run on boot, or one could make a system service to do the same thing, but I actually like your windows task scheduler solution for your particuar problem.
If I remember correctly java system services, are basically just java programs run with a special "silent" version of the java runtime executable, and I think you actually need to put a batch or exe file in startup or something to kick off the program. That's one of the reasons I prefer C#, you can actually make a system service, instead of this hacky work around.
-
I'm thinking that depending on SD card size, that could take a lot of energy/time (most storage is slow). What could make it require a little less time perhaps would be perhaps, partitioning the sd card, so a bootloader/os is on one partition, and most of the other stuff/data is on another parition, and is crypted. This way you only need to overwrite a small part of the sd in order to obliterate the keys. I don't have a LAN turtle, so I have no idea if something like this is even possible, just adding a suggestion to the pot. Would you requre more crypto chips? Somebody look into that.
One should test out normal operation with the crypto however, I wouldn't want to make a bad suggestion, and end up making them too slow to operate effectively.
Would really like to get a lan turtle to try out, probably a few pay days down the road.
-
On an aside, you say you want to be more of an 'innovator', I cannot judge your situation, however I know from experience that some people think they are doing 'innovation', and wind up using some third party product who'se support base is actually waning. I am debugging some code right now where the original author was a little bit scatter brained, and now I have to chaise his logic through all sorts of little nooks and crannies, and restructure the programs to be a little more sane. The project looked ok when I started debugging it, but the deeper I read the code, the more I found that not everything third party is 'good software'. For that matter, not everything Microsoft is good software either. You really have to take into account what is everybody else learning, whereas what is just a fad.
This may not apply exactly to what you are doing, just give some thought to the other guys who will be using your software/systems after you leave.
-
You're right, and I knew other OS's did it too, it was not an oversight on my part. It would require a lot of wait time in order to re-write the bits, hard drives are comparatively slow. Now what you have said about time overwriting all bits, that is kind of true, but you have to take into account that hard drives are terrabytes these days. It could take months for a file to be overwritten, if ever (depends on your file system usage). I have taken a forensics class, the problem is if you decide to give one away (don't do it) there will be lots of info left on the drive. You should do some kind of forensic overwrite.
An interesting idea would be to have special file metadata which could tell the OS which files are actually sensitive, but this would probably require API rewrites, etc.
I remember I used autopsy once to do a forensic analysis of one of my own flash drives for a class, and I discovered a lot more data than probably should have been there, and it was only a 2 gb one.
-
amaranthe digital world
Check out on youtube.
-
Why not simply ask permission first, and run VMWare on your computer, or some other virtual machine program so that you can access the other OS through a "Window"?
-
Went to a shooting range in Michigan a while back, guess what I found? somebody had taken their laptop/netbook out there and blew it full of holes... Wonder what was on that computer? Doesn't matter to me, forensically destroying data requires a disproportionate amount of force, especially since windows doesn't actually delete the data by default, it just deallocates the space, bits still intact. Picked up and still have the 'END' key cuz I thought it was so funny and unique.
-
You might want to go back and restructure your sentence in your first post via "edit". You seem to be asking how to encrypt/decrypt data via C#. There is actually a Crypto API, is some very cool stuff. I am learning about it myself. So what you need to know is that there are basically 3 kinds of crypto algorithims, Symmetric which allows for the encrypting, and decrypting of data, HashAlgorithims which are to say one way functions (password goes in, non-reversible crypto text comes out, good for authentication schemes), and AsymmetricAlgorithims which are basically public key algorithms, like SSH/HTTPS/TLS. You are asking about symmetric algorithms, for the transfer of data, you encrypt on one side, and decrypt on the other. Here is some MSDN documentation on the SymmetricAlgorithim class, I would read it, especially since it lists some inheriting classes:
Here is some of the Encryption algorithm classes you asked for:
https://msdn.microsoft.com/en-us/library/system.security.cryptography.aes%28v=vs.110%29.aspx
https://msdn.microsoft.com/en-us/library/system.security.cryptography.des%28v=vs.110%29.aspx
Concerning RC4, I could only find a Microsoft/.NET class for RC2. I would not recommend implementing your own RC4 class unless you absolutely know what you're doing. They warn in Practical cryptography books that programmers are not supposed to implement crypto algorithms without a cryptanalyst due to the inevitability of completely messing it up. I am reading the following book, and it seems to be the most current C# crypto book, and is a pretty good read:
If you are going to learn about crypto, make sure you buy the most current book you can about it. Last time I checked no more current books existed, but double check.
Since you are going to be sending via email, you will probably need to convert your cypher text to a text format at some point, so do a quick msdn search for a base64 converter function. Recently I figured out what Base64 does in programming, it converts the naturally "binary data" nature of cypher text (or anything else) to a text readable format (binary data chars usually fall outside of the ranges of legible characters). You need to convert to and from base64 on both the decrypt and encrypt sides of the process. encrypt->base64->data->from base64->decrypt.
Another thing you should know is that an Initialization Vector in crypto is basically like another password, or a shim, it makes things a lot more difficult to crack since the crypto algorithm then has a starting point (an initialization) other than what it would normally have.
If you really wanted to you could pick up a C# sockets book also to figure out how to make a "client" program that could exfiltrate the data less noisily. You could for instance create a web client which would send data via posts (don't take my word on this, some of my web experience is a little rusty) or something. Ultimately there would still be a network log, but it would be a little less noisy. Who checks the logs honestly?
-
What you seem to need is some kind of honeypot software so you can safely acquire malware samples as they try to infect you. You need something which is pretty much iron clad, and you can upload malware samples to another computer with, and that you can roll back when it is infected. Once your computer is infected you cannot trust it again unless you have something which is capable of rolling it back. Plugging into the internet directly will infect you good in like 5 min. Most routers have a firewall built in, and many businesses have stand alone firewalls to protect users from these types of shenanigans. It basically doesn't allow inbound traffic which wasn't initiated by the the computers on your network. You can call out, people can't call in unless they have an invitation. If you get your computer infected without special software roll stuff back, then you will never be able to trust that computer again. Hackers change DLLs, EXEs, etc, basically the foundation of the OS. There are so many places to hide things in the Window's gray matter that it just isn't funny. For instance have you ever heard of alternate data streams? That's the one reason you don't put NTFS on your flash drives. A few years ago I bought the Malware Analyst's Cookbook, and a lot of it went over my head. If you go that route you will need some supplemental material, or perhaps a better written book. Good luck reversing!
-
So it is more of a formatting thing than an actual cracking program? I don't know somebody else might know.
-
The only "algorithim" that can crack passwords is called a "brute force". If you want to do it in C# you will have to learn about the crypto api (is not as scary as it sounds, buy a data security book for C#, the most current one, will be a little bit old), and you will also have to learn how brute force algorithms work. Think like the odometer in your car. I tried a while back, I am thinking one would get better performance out of a C++ program however. You see, encryption of passwords is made via a one way hash, so there is no reversing it unless you have some Q-bits (like that will ever happen...). Brute force is guessing all possible outcomes. Although you could also do a wordlist crack, is essentially the same thing, except slightly more efficient.
Learn this from my trials, threads are very inefficient to load up, so they can slow things down.
-
If they start requiring that Hak 5/ the devs should really consider open sourcing it, and dumping the designs on the internet.
Just a suggestion. You know use an anonymous upload etc. That would put a fly in the ointment of any would-be politician! Of course then the devs would loose revenue, so I am only suggesting it as a last resort. -
I think given the closed source nature of the project nobody really "want's" to join if you know what I mean.
-
It depends. If there is some sort of NIO programming in python it would be essentially processing all of the received packets a little bit at a time. It is a hard concept to explain, you may have to do a little bit of reading on it. It works just as well as threading does, except with a little less overhead. Understand I like threading, but I am just wondering if the object creation in this particular instance is a little bit much for the pineapple. Don't single thread it if you aren't going to use Non-blocking IO. Just read a few articles on Non-Blocking IO, I think you should be able to understand it, and whether or not it is actually in python. Also look for some example code.
...
I just saw the exporter code, there seems to be a call to sleep if something goes wrong. Just realized that if something tends to go wrong a little too often you will have a case of a lot of threads waiting for something. That wait is essentially telling the thread to wait, ... wasted CPU cycles, is it really necessary?
You might also be able to buffer data you send, but I don't think it is really necessary, and am unsure whether it would be detrimental to pineapple memory.
-
Ok, so I'm a C# coder, haven't done python in a while, so understand that I haven't ran your code. I am essentially firing from the hip here.
So I notice that you seem to be creating a thread each time you intercept a packet. Does this intercept happen very often? If it does you should know that threads have very high object creation times comparatively. You can think of a thread as essentially forking another run time or something (the details of this might be a little bit different, investigate it), so the object is necessarily complex. You might want to check if there is a thread pool associated with python, so then you could essentially reuse already created threads. This is in the pineapple forum, so make sure you remember that the pineapple is not really optimized for complex CPU tasks, you should try to think of it more as a "sensor", not a cracker or processing node.
You might want to check into Non-blocking IO (learned about NIO in a java book), I have only read about it in server software for java, but essentially it is another way of doing asynchronous server operations, and it is supposed to be an alternative to threading on the server. NIO is very complex however, and I am not sure if python supports it. Essentially it is a process whereby the program through use of a clever API can process many inbound/outbound connections via some very specific control structures/algorithms. Modern servers might have been very different today if people would have had better API's/algorithims etc for NIO when servers were first being built. Also, hardware today typically makes threading tremendously cheaper (so long as you don't stomp the connection). The overhead of threading today is one of the reasons we have problems with DoS attacks. The servers spawn threads each time a connection is made, so if you stomp the connection enough you deplete CPU cycles etc.
It also looks like every time you receive a packet you are printing to the console possibly more than once. This is great for debugging, but you should really consider not making an overly gabby program. Screens/Console out also suffer from slowing the program down. Consider only one print operation per packet.
400 MHz MIPS processor, 16 MB ROM and 64 MB RAM
I am pretty sure that this is only a single core processor, so your threads will probably be running serially (which proposes to me that some kind of non-blocking IO algorithm would help here).
Why don't you try running this program on a laptop, python is cross platform, so this should work. I would be interested in knowing how slow this program actually is in terms of modern CPUs.
-
The thing that worries me is that you posted earlier that you thought that the creator of BadUSB was justified in not releasing his source code because it was supposedly "too powerful", or something along those lines. How do we know that your intentions truly are to release said code/devices. I would really love OS detection baked into something like the usb rubber ducky, or a similar device, I just have reservations based on your previous post.
In my opinion, the developer of penetration testing tools should not be held liable for what they create, how else should the pen-testers get their tools for testing network security? Holding out on people because you are unsure of the fallout essentially just reinforces the status quo giving companies little impetus to change.
I can't pay any money right now, but I probably would if I had more money saved up, something low, so there was no real loss of investment if things went south. Good luck. I will definitely buy one if they ever come out, even at full market value.
Just a suggestion. You know use an anonymous upload etc. That would put a fly in the ointment of any would-be politician! Of course then the devs would loose revenue, so I am only suggesting it as a last resort.
A drone that can steal data just by hovering above you
in Security
Posted
A blimp? But those aren't sexy! I would probably just park a drone on the roof and have it return home when battery is low. Would probably try to roll my own, or follow a tutorial online if one existed. Don't have all that money to blow all at the same time. I suppose the trick would be all the hacking code that would need automated. You would need a dashboard or something to show you which procedures had completed, etc.