vailixi
-
Posts
377 -
Joined
-
Last visited
-
Days Won
3
Posts posted by vailixi
-
-
Anyone interested in playing capture the flag? I've started a small group. We have VM hosting being set up over the next couple of days.
Mostly just for fun. Probably prizes in the future. Contact me directly if you are interested. -
Hmmm. Interesting point. I was looking a Flash exploit that used two different encodings. So you encode with the greater bytes but it take the smaller bytes and you can cause an overflow with the different encoding. It's in the TIT tags. I don't know action Flash scripting at all but I remember it because its a TIT tag. (+)(+)
-
Challenge accepted:
To secure myself from government agencies reading my mind I will put on my tin foil hat. Completely secure.
Tinfoil hats only work if you are not wearing rubber soled shoes. You have to grounded or the tinfoil hat will actually be amplifying said eyesight television Frankenstein radio controls. Saw it on YouTube I'm pretty sure.
But on a serious note I would be willing to help develop said chat application. Basically take you favorite book and use that as a wordlist. You know what book it is and your buddy knows what book it is. Each line of the book gets read and used as a salt while hashing each word up to certain length maybe 7 characters bigger words concatenated. So only you and your buddy have the dictionary to create the precomputed lookup cards for messages. Then you create an encrypted container to put the message in put that into another encrypted container and so on for like 500 layers of encryption block cipher send through stream to buddy.
So an attacker would have to know what book what pages you are using for salts. Then they would have to know the hashing algorithm then would have to know which encryptions you are using. Then they would need a LOT of compute power to get the plaintext. The hashing portion of this could be figured out like a very complex cryptogram so you alternate hashing and encryption schemes to make it less susceptible to attacks. Nothing is really secure though.
Whatever type of encryption is less relevant. But in the case it can be bruted just calculate the total hashrate of all of the computers currently in existance combined and multiply that by like several orders of magnitude. So yeah even if it's bruteable it will still take until sun burns out to crack your message.
Anybody want to seriously talk about this hit me up.
-
When you use Unicode the storage space for your password characters doesn't magically become larger. It's 63 bytes. Unicode can use multiple bytes to represent a single character, but your WPA password, represented as bytes, cannot exceed 63. So the keyspace you're, for all intents and purposes, confronted with should be considered 256^63. Which is just ridiculously large. It's a shame so few people manage to pick genuinely good passwords.
So only characters that can be represented by a single byte. So when it's only 8bit characters they're not actually unicode their code page ascii values. Which are languages specific where you are swapping out extended ascii chars ie if it were Greek you are swapping out 80-AF or char(129)-char(175)
α-Ψ
So if you wanted to make a wordlist for said character set you wouldn't need to create a string array of \u 0391-\u03c8 you can want just use regular ascii chars and just look up the OEM code page for whichever language you want to use. so the corresponding byte value of 1000 0000 would be the same where it's in English as A or in Greek as α
80 = U+0391 : α
AF = U+03C8 : Ψ
I was thinking Unicode characters were 32 bits and it wasn't quite making sense. Am I kinda on the right track here?
for (int i=129; i<175; i++){ System.out.println(Integer.toBinaryString(i)); } -
Wow I did not know that. Cooper is right about the Unicode characters. I had to look this up.
You can add your favorite Futhark symbols, Kanji, Sanscrit. तथदधनपᚠᛉᛒ仃仄ण6859So you can use the entire unicode set which is 1,114,112 which would make your password significantly secure than just using ascii characters.
1,114,112^83 possible passwords
And I suppose if you were a total nut job on wifi security you could make your own Unicode character like some companies do. ⌘I typically keep a Latin character dictionary with English, German, and Spanish words.
Brute forcing a full unicode password would fairly difficult. Hypothetically I could write a program to do it. But without the hardware to crunch all of the data it wouldn't be practical. -
If it everything works right out of the box and there is excellent software support it would be worth it. Otherwise a tablet of cell phone has decent battery life and it will run a web server just fine. A cheap phone can be had for $20 these days if you look for deals.
What would make worth $149 would be that it works without me having to spend hours figuring it out.
-
8-63 characters. Printable ascii character including things like !@#$%^&*()~`_-=[]{}\|;':"<>?,./ as well.
-
You can always look on CVE-Details and Exploit-db
for the latest exploits. Then you can look up a tutorial for each of them on YouTube.
You can also start msfconsole and use
search exploits
And by using search you can modules in metasploit. So you find an example you want to try out something like exploit/windows/smb/ms08_067_netapi you can search for that exploit specifically.
You can ad something to it like tutorial, youtube, or rapid7 you are bound to find a tutorial sooner than later. Also check out
Packt Publishing and No Starch PressIf you are looking for a book with a story to follow. Amazon.
-
I decided to create something graphical. Got hung up on some miner details.
I'm trying to pass the value of a QString to in main to a system call in void. Basically take a bunch QComboBoxes and use them to build system call. Which was the simplest way I could think of to make a Linux GUI for a command line program. Keep in mind this is not quite done. I figure someone will take interest because it's a GUI for msfvenom / veil-evasion when it's done. Here's some of the code for the main window.
#include "mainwindow.h" #include "ui_mainwindow.h" #include <QtCore> #include <QtGui> #include <string> #include <QString> #include <QComboBox> int i; MainWindow::MainWindow(QWidget *parent) : QMainWindow(parent), ui(new Ui::MainWindow) { ui->setupUi(this); QStringList payloads; payloads << "Select Payload" << "auxiliary/coldwar_wrapper" << "auxiliary/pyinstaller_wrapper" << "c/meterpreter/rev_http" << "c/meterpreter/rev_http_service" << "c/meterpreter/rev_tcp" << "c/meterpreter/rev_tcp_service" << "c/shellcode_inject/flatc" << "cs/meterpreter/rev_http" << "cs/meterpreter/rev_https" << "cs/meterpreter/rev_tcp" << "cs/shellcode_inject/base64_substitution" << "cs/shellcode_inject/virtual" << "go/meterpreter/rev_http" << "go/meterpreter/rev_https" << "go/meterpreter/rev_tcp" << "go/shellcode_inject/virtual" << "native/backdoor_factory" << "native/hyperion" << "native/pe_scrambler" << "powershell/meterpreter/rev_http" << "powershell/meterpreter/rev_https" << "powershell/meterpreter/rev_tcp" << "powershell/shellcode_inject/download_virtual" << "powershell/shellcode_inject/psexec_virtual" << "powershell/shellcode_inject/virtual" << "python/meterpreter/bind_tcp" << "python/meterpreter/rev_http" << "python/meterpreter/rev_http_contained" << "python/meterpreter/rev_https" << "python/meterpreter/rev_https_contained" << "python/meterpreter/rev_tcp" << "python/shellcode_inject/aes_encrypt" << "python/shellcode_inject/aes_encrypt_HTTPKEY_Request" << "python/shellcode_inject/arc_encrypt" << "python/shellcode_inject/base64_substitution" << "python/shellcode_inject/des_encrypt" << "python/shellcode_inject/download_inject" << "python/shellcode_inject/flat" << "python/shellcode_inject/letter_substitution" << "python/shellcode_inject/pidinject" << "ruby/meterpreter/rev_http" << "ruby/meterpreter/rev_http_contained" << "ruby/meterpreter/rev_https" << "ruby/meterpreter/rev_https_contained" << "ruby/meterpreter/rev_tcp" << "ruby/shellcode_inject/flat"; QStringListModel *model = new QStringListModel(); model->setStringList(payloads); ui->comboBox->setModel(model); QStringList encoders; encoders << "Select Encoder" << "cmd/echo" << "cmd/generic_sh" << "cmd/ifs" << "cmd/perl" << "cmd/powershell_base64" << "cmd/printf_php_mq" << "generic/eicar" << "mipsbe/byte_xori" << "mipsbe/longxor" << "mipsle/byte_xori" << "mipsle/longxor" << "php/base64" << "ppc/longxor" << "ppc/longxor_tag" << "sparc/longxor_tag" << "x64/xor" << "x86/add_sub" << "x86/alpha_mixed" << "x86/alpha_upper" << "x86/avoid_underscore_tolower" << "x86/avoid_utf8_tolower" << "x86/bloxor" << "x86/call4_dword_xor" << "x86/context_cpuid" << "x86/context_stat" << "x86/context_time" << "x86/countdown" << "x86/fnstenv_mov" << "x86/jmp_call_additive" << "x86/nonalpha" << "x86/nonupper" << "x86/opt_sub" << "x86/shikata_ga_nai" << "x86/single_static_bit" << "x86/unicode_mixed" << "x86/unicode_upper"; QStringListModel *model1 = new QStringListModel(); model1->setStringList(encoders); ui->comboBox1->setModel(model1); QStringList platforms; platforms << "Select Platform" << "openbsd" << "javascript" << "bsdi" << "python" << "netbsd" << "nodejs" << "freebsd" << "firefox" << "aix" << "mainframe" << "hpux" << "irix" << "unix" << "php" << "bsd" << "netware" << "osx" << "android" << "java" << "ruby" << "linux" << "cisco" << "solaris" << "windows"; QStringListModel *model2 = new QStringListModel(); model2->setStringList(platforms); ui->comboBox2->setModel(model2); QStringList arch; arch << "Select Architecture"; QStringList format; format << "Select Format" << "asp" << "aspx" << "aspx-exe" << "dll" << "elf" << "elf-so" << "exe" << "exe-only" << "exe-service" << "exe-small" << "hta-psh" << "loop-vbs" << "macho" << "msi" << "msi-nouac" << "osx-app" << "psh" << "psh-net" << "psh-reflection" << "psh-cmd" << "vba" << "vba-exe" << "vba-psh" << "vbs" << "war" << "bash" << "c" << "csharp" << "dw" << "dword" << "pl" << "powershell" << "ps1" << "py" << "python" << "raw" << "rb" << "ruby" << "sh" << "vbapplication" << "vbscript"; QStringListModel *model4 = new QStringListModel(); model4->setStringList(format); ui->comboBox4->setModel(model4); QString var1 = "gnome-terminal -e \"msfvenom --payload \""; QString var2; var1 = ui->comboBox->currentIndex(); QString var3; var1 = ui->comboBox1->currentIndex(); QString var4; var1 = ui->comboBox2->currentIndex(); QString command = var1 + " " + var2 + var3 + var4; } MainWindow::~MainWindow() { delete ui; } void MainWindow::on_pushButton_clicked() { system(""); } -
I wasn't really sure how to list out the architectures for payloads with msfvenom. For platforms there's
msfvenom --help-platforms and for formats there's msfvenom --help-formats but there's no --help-arch. What's odd there's I know there's a way to show target payload architectures but I can't for life of me remember how to list them out.
-
I wanted to write a GUI for msfvenom. I'm doing the GUI with Qt since I've used it before and it makes pretty interfaces. I was going to use a lot of dropdown menus and comboboxes to select options. I wanted to get a list of payloads to populate the combobox by looping through the results of a query like "search windows" or something like that. msfvenom --list almost does what I want except it wants to show the description.
What is the easiest way to get a list of modules? Pretty much I just want to get the modules by type.
I think somewhere in would be the code I need to edit but since I don't know a lick of ruby.
opt.on('-l', '--list [type]', Array, 'List a module type. Options are: payloads, encoders, nops, all') do |l| if l.nil? or l.empty?l = ["all"]endopts[:list] = lenddef dump_payloads init_framework(:module_types => [ ::Msf::MODULE_PAYLOAD ]) tbl = Rex::Ui::Text::Table.new( 'Indent' => 4, 'Header' => "Framework Payloads (#{framework.stats.num_payloads} total)", 'Columns' => [ "Name", "Description" ]) framework.payloads.each_module { |name, mod| tbl << [ name, mod.new.description.split.join(' ') ] } "\n" + tbl.to_s + "\n" end -
I'm just going to throw it out there since I've been thinking about coming up with a way to do it.
Can't you save the reaver session, down your wireless device, change mac address, resume session, Get like three tries per MAC. So you get X tries and after X failed attempts you change your MAC to one that's not locked out and start again.Maybe:
Create a array of wireless devices. I mean like just go and grab a could of 10 port USB hubs and fill them up with wireless adapters. So instead of trying 10,000 PINs on a single device you are trying 500 only about 500 per device and your are running the searches concurrently. It would get done in about 5% of the time. I'm sure there's a maximum number of clients you can run before the AP is overwhelmed and starts crashing. But I think 20 or so clients would be fine.
Just a hypothetical but I think it could work on some access points.
-
People aren't going to register their mini drones. It's going to be like mandatory health insurance. Nobody bought it. Pot was illegal for a while. Everybody still smoked it. Now it's legal. Well at least where I live. This like the ammunition accountability act. Nobody was going to go to the trouble of engraving a serial number on each bullet and registering each box of ammunition. Well except maybe the company that lobbied for it. It was a crackpot idea. There are like 40,000 new laws on the books every year. It's impossible to read them all. You might have broken some law without even knowing it. Who cares?
In my humble opinion statism is getting out hand in the United States.
-
Sheduled tasks, environmental variables, aliases.
You can always write a scheduled task to check if your payload is running if not, start it, stop it, delete it, download and install a new version of the payload.
Maybe install a legitimate remote access tool on the machine. VNC or whatever.
-
So are all of the ESSIDs are something like: UPC2488886
Then from it gets a list of possible serials like: SAAP27334486And all of the passwords are 8 character upper_alpha?
-
Here is a C version.
#include <stdio.h> #include <stdlib.h> #include <time.h> #define RANDOM_STRING_LENGTH 17 #define MAXIMUM_ALPHABET_LENGTH 255 int main(int argc, char** argv) { char alphabet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; char randomString[RANDOM_STRING_LENGTH + 1]; int i; int alphabetLength; alphabetLength = strnlen(alphabet, MAXIMUM_ALPHABET_LENGTH); srand(time(NULL)); for (i = 0; i < RANDOM_STRING_LENGTH; i++) { randomString[i] = alphabet[rand() % alphabetLength]; } randomString[i] = '\0'; printf("%s\n", randomString); return EXIT_SUCCESS; }This is a great example. Much more concise than what I was doing.
-
System calls to native programs will save you a lot of coding. Powershell would be good to learn.
-
So I was thinking about ways to create random directories and file names. I figure first I'll have to create a random string function first. I'm sure there are a ton of ways to do this. So here I'll just post what I came up with. I was messing around with Visual BASIC today. So that's what I coded it in. Any example are great. Don't care what language they are in. I created a string array and just used random numbers to index the array elements, then I concatenated them together to make a single string variable.
I was going to make a random string of a random length by creating a random number and using that to end my loop but VB didn't like the syntax I was using.Module Module1 Sub Main() Dim StringArray() As String = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"} Dim RandomInteger As Integer Dim String1 As String Randomize() RandomInteger = Int(Rnd() * 51) String1 = StringArray(RandomInteger) Dim String2 As String Randomize() RandomInteger = Int(Rnd() * 51) String2 = StringArray(RandomInteger) Dim String3 As String Randomize() RandomInteger = Int(Rnd() * 51) String3 = StringArray(RandomInteger) Dim String4 As String Randomize() RandomInteger = Int(Rnd() * 51) String4 = StringArray(RandomInteger) Dim String5 As String Randomize() RandomInteger = Int(Rnd() * 51) String5 = StringArray(RandomInteger) Dim String6 As String Randomize() RandomInteger = Int(Rnd() * 51) String6 = StringArray(RandomInteger) Dim String7 As String Randomize() RandomInteger = Int(Rnd() * 51) String7 = StringArray(RandomInteger) Dim String8 As String Randomize() RandomInteger = Int(Rnd() * 51) String8 = StringArray(RandomInteger) Dim String9 As String Randomize() RandomInteger = Int(Rnd() * 51) String9 = StringArray(RandomInteger) Dim String10 As String Randomize() RandomInteger = Int(Rnd() * 51) String10 = StringArray(RandomInteger) Dim String11 As String Randomize() RandomInteger = Int(Rnd() * 51) String11 = StringArray(RandomInteger) Dim String12 As String Randomize() RandomInteger = Int(Rnd() * 51) String12 = StringArray(RandomInteger) Dim String13 As String Randomize() RandomInteger = Int(Rnd() * 51) String13 = StringArray(RandomInteger) Dim String14 As String Randomize() RandomInteger = Int(Rnd() * 51) String14 = StringArray(RandomInteger) Dim String15 As String Randomize() RandomInteger = Int(Rnd() * 51) String15 = StringArray(RandomInteger) Dim String16 As String Randomize() RandomInteger = Int(Rnd() * 51) String16 = StringArray(RandomInteger) Dim String17 As String Randomize() RandomInteger = Int(Rnd() * 51) String17 = StringArray(RandomInteger) Dim Str1 As String = String1 & String2 & String3 & String4 & String5 & String6 & String7 & String8 & String9 & String10 & String11 & String12 & String13 & String14 & String15 & String16 & String17 Console.WriteLine(Str1) End Sub End ModuleSo I wrote basically the same function in C++.
#include <iostream> #include <time.h> #include <stdlib.h> #include <stdio.h> #include <string> #include <sstream> using namespace std; string a; string b; string c; string d; string e; string f; string g; string h; string i; string j; string k; string l; string m; string n; string o; string p; string q; int RandomNumber1; int RandomNumber2; int RandomNumber3; int RandomNumber4; int RandomNumber5; int RandomNumber6; int RandomNumber7; int RandomNumber8; int RandomNumber9; int RandomNumber10; int RandomNumber11; int RandomNumber12; int RandomNumber13; int RandomNumber14; int RandomNumber15; int RandomNumber16; int RandomNumber17; string AlphaRandom[] = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"}; int main() { srand(time(0)); RandomNumber1 = rand() % 51 + 0; string a = AlphaRandom[RandomNumber1]; RandomNumber2 = rand() % 51 + 0; string b = AlphaRandom[RandomNumber2]; RandomNumber3= rand() % 51 + 0; string c = AlphaRandom[RandomNumber3]; RandomNumber4= rand() % 51 + 0; string d = AlphaRandom[RandomNumber4]; RandomNumber5= rand() % 51 + 0; string e = AlphaRandom[RandomNumber5]; RandomNumber6= rand() % 51 + 0; string f = AlphaRandom[RandomNumber6]; RandomNumber7= rand() % 51 + 0; string g = AlphaRandom[RandomNumber7]; RandomNumber8= rand() % 51 + 0; string h = AlphaRandom[RandomNumber8]; RandomNumber9= rand() % 51 + 0; string i = AlphaRandom[RandomNumber9]; RandomNumber10= rand() % 51 + 0; string j = AlphaRandom[RandomNumber10]; RandomNumber11= rand() % 51 + 0; string k = AlphaRandom[RandomNumber11]; RandomNumber12= rand() % 51 + 0; string l = AlphaRandom[RandomNumber12]; RandomNumber13= rand() % 51 + 0; string m = AlphaRandom[RandomNumber13]; RandomNumber14= rand() % 51 + 0; string n = AlphaRandom[RandomNumber14]; RandomNumber15= rand() % 51 + 0; string o = AlphaRandom[RandomNumber15]; RandomNumber16= rand() % 51 + 0; string p = AlphaRandom[RandomNumber16]; RandomNumber17= rand() % 51 + 0; string q = AlphaRandom[RandomNumber17]; std::string s = static_cast<std::ostringstream&>(std::ostringstream().seekp(0) << a << b << c << d << e << f << g << h << i << j << k << l << m << n << o << p << q).str(); cout << s; return 0; } -
I learned BASIC as my first language. As a result there is lack of functions in most of my programs regardless of language.
Remember GOTO?
-
Can't [username] be just be variable %USERNAME% and instead of actually having to know the username? Or get the username as variable and concatenate it to the command string you want to use. This might help to automate things a bit.
-
I'm not sure why, but a lot of people really don't like BASIC. Why is that? What's your experience with BASIC?
-
can exe file execute on given date automatically using cron?
lets say i put that exe file in USB and plug that usb in other pc and copy that exe file there
without first executing it by clicking, i just copy it and leave it there, will it automatically execute?
Call schtasks with system(). So somewhere in your payload you ad a line like this:
system("SchTasks /Create /SC DAILY /TN \"The_name_of_your_task\" /TR \"notepad.exe\" /ST 04:00"); -
any also is there a way to program an payload.exe in a way that it executes like a time bomb? i mean you set a date like say
15.01.2016 and thats when it executes automatically?
i really am interested in something like that....
On Linux
#echo new cron into cron file echo "00 09 * * 1-5 echo hello" >> newcron #install new cron file crontab newcron
On Windows scheduled task
SchTasks /Create /SC DAILY /TN "The_name_of_your_task" /TR "notepad.exe" /ST 04:00
There are alot of other task schedulers. None of which I have used.
-
I just like the nice neat 192.168.*.* that normally shows up on my home network.
I realized yesterday that I don't really understand IPv6 addressing so I've been reading about it.
I get that there's 2^128 address available versus the 2^32 addresses available with IPv4. I get that it is more optimal. I just don't understand why my system wants to use all IPv6 for everything now.
Should ballot counting software be open source?
in Everything Else
Posted
Should ballot counting or polling machines be open source? What do you think?