Forgiven
-
Posts
59 -
Joined
-
Last visited
Posts posted by Forgiven
-
-
-
Yes I wrote the original post on trying to hack the Sandisk Connect to make an Evil AP or for other giggles. Nice job. The post has long since fallen off search. I found it like on page 5 or 6.
-
I'm actually a little scared to click the links ;) Seems very cool!
-
-
I am well aware of the price on the store. The Mark V has been out of stock since September 7th and there has been no news on the restock. That being said, I am still interested in purchasing one at an inflated price.
I have a Mark V, the original box, I'd be consider parting with for that price.
-
I got it. Never mind.
-
The youtube video showing how to flash uses WinSCP and Putty. Isn't there some terminal kungfu that can allow me to load my /desktop/upgrade.bin onto that bugger directly? I'm not sure what file to transfer the upgrade.bin into and quite frankly I'm an SSH idiot. Some scripts for this would be dandy.
Note...v1.0.0 doesn't do firmware upload online :(
-
Hi, Does anyone know how long it takes to get a Keybase account? Anybody have any invites they'd like to spread around?
-
The best place for your question above is in the Rubber Ducky forum.
-
I was an original K
k starter supporter. I have a Nexus 7 running Kali Net Hunter. Anywho I see on the website for Net Hunter that it appears to be ready to roll for the HackRF. It's not. I have loaded the libhackrf and hackrf_info now sees my device, but I can't get startx to run. I'm thinking my gnuradio-companion is not properly installed. Anyone have this running properly in Net Hunter that can share how to get rolling?
Updated to add: apt-cache show hackrf-tools gave a description of the tools as a "transitional dummy package."
Error I get:
root@kali:~# gnuradio-companion
/usr/lib/python2.7/dist-packages/gtk-2.0/gtk/__init__.py:57: GtkWarning: could not open display
warnings.warn(str(e), _gtk.Warning)
/usr/lib/python2.7/dist-packages/gnuradio/grc/gui/Actions.py:30: GtkWarning: IA__gdk_keymap_get_for_display: assertion `GDK_IS_DISPLAY (display)' failed
_keymap = gtk.gdk.keymap_get_default()
/usr/lib/python2.7/dist-packages/gnuradio/grc/gui/Colors.py:24: GtkWarning: IA__gdk_screen_get_system_colormap: assertion `GDK_IS_SCREEN (screen)' failed
_COLORMAP = gtk.gdk.colormap_get_system() #create all of the colors
Traceback (most recent call last):
File "/usr/bin/gnuradio-companion", line 67, in <module>
from gnuradio.grc.python.Platform import Platform
File "/usr/lib/python2.7/dist-packages/gnuradio/grc/python/Platform.py", line 24, in <module>
from FlowGraph import FlowGraph as _FlowGraph
File "/usr/lib/python2.7/dist-packages/gnuradio/grc/python/FlowGraph.py", line 22, in <module>
from .. gui.FlowGraph import FlowGraph as _GUIFlowGraph
File "/usr/lib/python2.7/dist-packages/gnuradio/grc/gui/FlowGraph.py", line 22, in <module>
import Colors
File "/usr/lib/python2.7/dist-packages/gnuradio/grc/gui/Colors.py", line 27, in <module>
HIGHLIGHT_COLOR = get_color('#00FFFF')
File "/usr/lib/python2.7/dist-packages/gnuradio/grc/gui/Colors.py", line 25, in get_color
def get_color(color_code): return _COLORMAP.alloc_color(color_code, True, True)
AttributeError: 'NoneType' object has no attribute 'alloc_color'
root@kali:~#
-
Seems like devilsclaw has been making some good progress on this hack. I'm inspired to head back in!
-
Heartbleed modules are readily available for frameworks such as Metasploit, which we inherently support as a layer 3 device. Yes, an infusion would be cool (perhaps an official meterpreter infusion would be of more value) but as our team is very tiny we're not keen on reinventing the wheel in this regard.
Darren, I certainly can appreciate not wanting to reinvent the wheel and know that a small team has limits on activities. My thoughts were geared more towards the community of contributors. The Wired article describes a recently reported wild variant of heartbleed: Snippet follows
"On Thursday, the OpenSSL Foundation published an advisory warning to users to update their SSL yet again, this time to fix a previously unknown but more than decade-old bug in the software that allows any network eavesdropper to strip away its encryption. The non-profit foundation, whose encryption is used by the majority of the Web’s SSL servers, issued a patch and advised sites that use its software to upgrade immediately.
The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSL’s “handshake” for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a “man-in-the-middle” snoop to decrypt and read the traffic.
“This vulnerability allows malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes,” reads an FAQ published by Kikuchi’s employer, the software firm Lepidum. Ashkan Soltani, a privacy researcher who has been involved in analyzing the Snowden NSA leaks for the NSA and closely tracked SSL’s woes, offers this translation: “Basically, as you and I are establishing a secure connection, an attacker injects a command that fools us to thinking we’re using a ‘private’ password whereas we’re actually using a public one.”"
It almost seems like a side-door....
-
Boy this would be a creepy exploit to deploy on the Mark V as an infusion.
Heartbleed Redux from Wired.
-
The only thing I had to modify with the rsync method was type in sudo before your script. THANKS A TON. It worked great.
-
Not yet Hoodoo.
-
Hi folks. I have some funky stuff going on. I recently loaded some new modules, but they appear in a new and different path than my other modules.
To be clear I have a working set of python modules for scientific computing in /Users/myname/Library/Python/2.7/site-packages. The new modules I loaded using pip install sent them to /usr/local/lib/python2.7/site-packages. I want all of them in /Users/myname/Library/Python/2.7/site-packages. How can I move all the site-packages from the /usr...path to the /Users...path using the kind of command-line kung fu some of you know? AND make sure any future installs all go to my desired /Users...site-packages path?
OR: what is the cleanest way to uninstall all the stuff (delete) in /usr...site-packages path and force all the reinstall to the /Users..site-packages path? I didn't find the answers I need on StackOverflow. If you can help with script kiddie line-by-lines that would really lower my blood pressure. I'm a chemist not a coder :)
Thanks in advance.
-
Since we all know the risks of stopping at a certain website to download code, be a good neighbor and put the python code into a thread so that we can check it out. :)
-
Would you mind posting the hexdump? in ascii that is. UTF-16 is kinda a pain to use on linux, and id like to take a look at it.
I just returned to this and saw your request. I will have to go back and re-open it.
-
Nice...
-
MODS - DELETE THIS.....I just saw a payload exists for shutdown.
Thanks.
-
There's a pretty funny prank that many of you may already know about, that would be cool to turn into a USB Rubber Ducky prank attack. The concept is based upon creating an infinite boot loop in the target windows system. The physical access method for creating the attack without a ducky is described on this YouTube video. Essentially the command sequence: shutdown -r -t 10 -c "Your Message Here"
Is created as a shortcut and saved into the startup folder so that when the victim turns off and then restarts their machine, it goes through an annoying reboot loop. It was hidden in the video as a shortcut named Internet Explorer and having the icon to match....clever.
The prank is harmless since simply holding down the SHIFT key can cease implementation of startup folder actions to allow the victim to clear the shortcut script from their STARTUP folder.
Being able to use the power of the Mighty Rubber Ducky to quickly automate the prank on a target would be cool. Having the Duck do the prank via Powershell would be nice. That's the concept...I'm off to make a stab at my first ducky payload. If you beat me to it, please share your results.
-
Hint from Domain.com June 2013: NSFNSMWN
Just to muddy the water: Routen der Geleitzuge (codes)
NS
Nordafrika - Neapel
(NSF - NSM - NSS)
WN
Oban - Loch Ewe - Methil
So maybe they're going to Hack Across the globe... ;)
-
The babylonian numerals resolve to 14, 5, 38, 33
Which is exactly the same as the two "clock faces" on 38° and 122° display (minutes and seconds, when 0° is top-most)
The co-ordinates becomes 38° 14' 5" - 122° 38' 33" which is a place Darren is quite familiar with.
But I still have not figured out what is the important information that is located there.
The twit brick house, according to this link is located there. The picture posted by COows that SNUBS put on Instagram is found there.
-
echo -n 'someStringIWantTodecrypt' | openssl enc -d -salt -out test.txt -aes-256-cbc -pass pass:mySecretPass
Sandisk Wireless Connect 16G Flash Drive
in Hacks & Mods
Posted
Yeah, I posted about this a long time ago.
https://forums.hak5.org/topic/30273-hack-a-sandisk-32g-wifi-enabled-flash-drive/
A new poster was able to brute force into it:
https://forums.hak5.org/topic/41977-sandisk-connect-32gb-wireless-media-drive-root/