Forgiven

Or you could watch Chris' excellent tutorial for configuring your WP for use on a mac. The steps for the MkIV will work on the MkV, I have done it on my MBPro.

Just one less coffee per month...a value.

I've been on the name/password page. I disagree with that going anywhere as an vector. I looked at the binary code on the site you linked. Using Hex-Editor, I was able to open the file. The text, when viewed in UTF-16, is Chinese. For me, that's tough...I tried the google translate terms for "password", "key", "unlock", "shell." No luck. I wonder if putting a different ROM on there would get me in the driver's seat...

I'm with digip on this. Get a VPN service. Anything else is a child's game of finger pointing.

At toorcon SD there was an interesting talk about the Femtocell and Smartphone hacking: For fair use from: http://sandiego.toorcon.net/seminars/ Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell I have a box on my desk that your CDMA cell phone will automatically connect to while you send and receive phone calls, text messages, emails, and browse the Internet. I own this box. I watch all the traffic that crosses it and you don’t even know you’re connected to me.This box is a femtocell, a low-power cellular base station given or sold to subscribers by mobile network operators. It works just like a small cell tower, using a home Internet connection to interface with the provider network. When in range, a mobile phone will connect to a femtocell as if it were a standard cell tower and send all its traffic through it without any indication to the user. Inside, they run Linux, and they can be hacked. During this talk, we will demonstrate how we’ve used a femtocell for traffic interception of voice/SMS/data, active network attacks, and explain how we were able to clone a mobile device without physical access. Doug DePerry Doug DePerry is a Senior Security Consultant at iSEC Partners in New York City. In addition to his day-to-day consultant duties, Doug is also responsible for helping manage employee/new hire training as well as the summer intern program. At iSEC Doug has recently taken a deeper interest in iOS and crypto assessments as well as architecture reviews. He has also written a whitepaper on HTML5 titled, ‘HTML5 Security:The Modern Web Browser Perspective’. Prior to joining iSEC, Doug worked for various defense contractors and the US Army. Andrew Rahimi Andrew Rahimi is a Security Engineer for iSEC Partners in New York. He is a recent graduate of Bucknell University with an undergraduate degree in Computer Science & Engineering. His interests primarily include CDMA mobile phone research, satellite TV/Radio, WiFi, and other consumer network-oriented technologies.

I started my attempt to hack the Sandisk by seeking to use the methods that worked for the Transcend, to no avail. The next best pathway for exploitation is directly attacking through the USB, IMHO. To that aim, I have acquired a FaceDancer21, created by the neighborly genius of Travis Goodspeed ($70 int3.cc) (yes that's more than the drive...money isn't really an issue when it comes to me wanting to know how to get in). I spent the day today flashing the firmware on the FD21. Tomorrow, I will begin my attack....(queue evil genius laugh with old pipe organ dududuuuus).

B) Yep.

Seems folks have really opened up the Transcend Wifi SD card...here is a link from Dmitry.

The infusions drive hardware changes which lead to even more infusion...true technolust is insatiable. You can quote me on that. :D

Stackoverflow is always a helpful place to go. I found this, For Fair Use from: http://stackoverflow.com/questions/6933626/android-how-to-emulate-swipe-gestures-in-avd An interesting answer was this: "One easy way is blind copying! Instead of reading getevent output and figuring it out, then give to sendevent which is really slow. Simply blind copy the gestures from a real device with the same Android version, then blindly paste them. You can copy the touch input in real device by: 1- In adb shell run dd if=/dev/input/event2 of=/sdcard/left. 2- Do the gesture you like to simulate (swipe). 3- This wall create a file (/sdcad/left) named file with the data generated by your real touch. 4- Move the file to any location in your AVD, lets say (/sdcad/left). 5- In AVD adb shell, run dd if=/sdcard/left of=/dev/input/event2 Viola! the simulated touch event will happen. NOTE: In my device the file who has touch events is /dev/input/event2 , it might differ from a device to another, so you may use trial and error first. In short, if you record and play on the same device: 1- dd if=/dev/input/event2 of=/sdcard/left 2- Do the touch for real 3- dd if=/sdcard/left of=/dev/input/event2 4- Repeat step 3, as much as you need. Cheers :)"

Try the Amazon EC2 service...it has all the power you could ever want to rent - at low cost!

Does your version minimize the terminal upon execution and then close the terminal when it's done?

Links are in the original post.

Here's the HTML of the login section of twinspires <div class="column col1" id="sidebar-left"> <div id="sidebar-outer-wrapper"> <div class="bottom-wrapper"> <div class="sidebar-container"> <div id="logged-in-user"> <div class="ajax-loading"></div> <div class="panel-pane pane-type1 anonymous-content" id="pane-login-block"> <h2 class="pane-title">Login</h2> <div id="login-section" class="pane-content"> <form method="post" action="https://www.twinspires.com/php/login.php"> <input type="hidden" name="destination" value=""> <input type="hidden" value="user_login" name="form_id"> <input type="hidden" value="2800" name="affid"> <input type="hidden" value="0" name="blocklogin"> <input type="hidden" value="1" name="wager"> <input id="edit-redirect" type="hidden" value="http://www.twinspires.com/wager" name="redirect"> <ul class="field-set"> <li> <label for="username">Username:</label> <input type="text" name="acct" id="username" class="text-box" maxlength="100" size="20"> </li> <li> <label for="password">Password:</label> <input type="password" name="pin" id="password" class="text-box" maxlength="16" size="20"> </li> <li> <span id="reset-login-link"><a href="http://www.twinspires.com/account/password/request">forgot your login information?</a></span> <input type="submit" class="button" value="Login" id="Login" name="Login"> </li> </ul> </form>

The bash scripts you guys shared are so tight! I'm going to have to learn me some of that...science is my gig. Here's a question for you gurus: lets say that I want to logon to my favorite horse wagering site, twinspires.com from the command line. Is there a script that will pass the username and password through the form so that I can gain access to live toteboard odds when the page redirects to the wagering home page? I can't find live odds data for horsetracks anywhere else. I want to pass the odds to an app I'm writing. OR once I have already logged onto a website, a simple script that will scarf the data I need and pass it to a .csv or .txt file? ...Requests and Mechanize are pretty awesome, the BASH is way awesomer.

Gotta love linux man.

I don't know, maybe somebody will find this useful in their pentesting arsenal. #!/usr/local/bin/python # HTMLgetter v1.0 by Forgiven # This is a handy bit of python that will reap the HTML code of any page # and output it to a txt file of your choice. import urllib2 urlStr = raw_input('Input the full URL of the webpage whose HTML code you which to reap:') fileName = raw_input("Input the *.txt filename for the output:") fileName = fileName + ".txt" fileOut = open(fileName, "w") try: fileHandle = urllib2.urlopen(urlStr) str1 = fileHandle.read() fileHandle.close() print '-'*50 print 'HTML code of URL =', urlStr print '-'*50 except IOError: print 'Cannot open URL %s for reading' % urlStr str1 = 'error!' fileOut.writelines(str1) print str1 fileOut.close() I thought it was cool, creates a nice txt file of the HTML from a web page...I guess I don't have permission to upload the .py for this above. But the code is small and simple enough to cp. You can find it on github at the link.

The sandisk connect has a microsd... you read my mind!

I just posted that Pablo hacked the Transcend wifi enabled SD disk which comes equipped with BusyBox linux. It seems these little wireless disk drives have all the makings of a cool mini AP. I noticed that Sandisk now has a 32G wifi enabled flash drive. It has a built in battery, usb connection pin (for connection and recharging), a replaceable microSD card, and a wifi transmitter (albeit short range). Imagine hacking it and enabling it with the wifi pineapple features, all in a device the size of a lipstick dispenser!

Just found out that Sandisk has come out with a 32G wireless usb flashdrive. It acts like a wireless AP, has an internal battery, and small form factor. Seems like the perfect hack project. I just bought one.

It seems to me that a hacked Transcend could be a very small battery-powered Karma device. For instance, plug it into one of these: SD to USB Adapter Then the usb end goes into one of these for power: Anker external battery backup, small. Then tape the whole thing to the water cooler and have fun picking up beacon requests or whatever floats by.

For Fair Use: http://hackaday.com/2013/08/12/hacking-transcend-wifi-sd-cards/ "[Pablo] is a recent and proud owner of a Transcend WiFi SD Card. It allows him to transfer his pictures to any WiFi-enabled device in a matter of seconds. As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded. His clear and detailed write-up begins with explaining how a simple trick allowed him to browse through the card’s file system, which (as he guessed correctly) is running busybox. From there he was able to see if any of the poorly written Perl scripts had security holes… and got more than he bargained for. He first thought he had found a way to make the embedded Linux launch user provided scripts and execute commands by making a special HTTP POST request… which failed due to a small technicality. His second attempt was a success: [Pablo] found that the user set password is directly entered in a Linux shell command. Therefore, the password ”admin; echo haxx > /tmp/hi.txt #” could create a hi.txt text file. From there things got easy. He just had to make the card download another busybox to use all the commands that were originally disabled in the card’s Linux. In the end he got the card to connect a bash to his computer so he could launch every command he wanted. As it was not enough, [Pablo] even discovered an easy way to find the current password of the card. Talk about security…" Seems like an interesting miniature AP could be made from this...thoughts?

For those of you using this, can we get someone to review it?