Forgiven
-
Posts
59 -
Joined
-
Last visited
Posts posted by Forgiven
-
-
This part on the coin must be the encrypted message: U2FsdGVkx19j+O7Yg/IuLAXxN8GmCyLiDU/bDhmo2ZqygAwDWvZOWfT1c3OIvHSO
I looked at the raw makeup of the format for email messages in the underlined section below, note the + / / symbols and those in the message above. Maybe the Elements table is the PGP private key and the Letters near the Domaindotcom star might be the password that could decrypt the above message?
EMAIL MESSAGE EXAMPLE FORMAT
In this example, the "Sender" mt.kb.user@gmail.com wants to send an email to the "Receiver" user@example.com. The sender composes the email at gmail.com, and user@example.com receives it in the email client Apple Mail.
Here is the example header:
From: Media Temple user (mt.kb.user@gmail.com)
Subject: article: How to Trace a Email
Date: January 25, 2011 3:30:58 PM PDT
To: user@example.com
Return-Path: <mt.kb.user@gmail.com>
Envelope-To: user@example.com
Delivery-Date: Tue, 25 Jan 2011 15:31:01 -0700
Received: from po-out-1718.google.com ([72.14.252.155]:54907) by cl35.gs01.gridserver.com with esmtp (Exim 4.63) (envelope-from <mt.kb.user@gmail.com>) id 1KDoNH-0000f0-RL for user@example.com; Tue, 25 Jan 2011 15:31:01 -0700
Received: by po-out-1718.google.com with SMTP id y22so795146pof.4 for <user@example.com>; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Received: by 10.141.116.17 with SMTP id t17mr3929916rvm.251.1214951458741; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Received: by 10.140.188.3 with HTTP; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=+JqkmVt+sHDFIGX5jKp3oP18LQf10VQjAmZAKl1lspY=; b=F87jySDZnMayyitVxLdHcQNL073DytKRyrRh84GNsI24IRNakn0oOfrC2luliNvdea LGTk3adIrzt+N96GyMseWz8T9xE6O/sAI16db48q4Iqkd7uOiDvFsvS3CUQlNhybNw8m CH/o8eELTN0zbSbn5Trp0dkRYXhMX8FTAwrH0=
Domainkey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=wkbBj0M8NCUlboI6idKooejg0sL2ms7fDPe1tHUkR9Ht0qr5lAJX4q9PMVJeyjWalH 36n4qGLtC2euBJY070bVra8IBB9FeDEW9C35BC1vuPT5XyucCm0hulbE86+uiUTXCkaB 6ykquzQGCer7xPAcMJqVfXDkHo3H61HM9oCQM=
Message-Id: <c8f49cec0807011530k11196ad4p7cb4b9420f2ae752@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3927_12044027.1214951458678"
X-Spam-Status: score=3.7 tests=DNS_FROM_RFC_POST, HTML_00_10, HTML_MESSAGE, HTML_SHORT_LENGTH version=3.1.7
X-Spam-Level: ***
Message Body: This is a KnowledgeBase article that provides information on how to find email headers and use the data to trace a email. -
Domain.com hint:
LiSeNb NiPtHe HeGaAt HeGaRa
ScZrH FNeK 0YbZn Fm0H
HBaCo AlNdHe CdCaH RhCaH
SrSeLi CCsBi TaMd
OLuCr OTeBi ULv PuRf
I received a coin about a week ago. been to that website, curl'd it. The best clue thus far was the 5 digit numbers and the domain.com clue posted by midnitesnake.
I am a chemist. These are not random letters. They are the symbols for the elements on the periodic table. The 5 digit numbers above represent the atomic numbers for those elements. But a search of twitter showed that this was known back in July...We might be too late to the party folks.
Domaindotcom clue in June: NSFNSMWN
July 18:
Darren Kitchen @hak5darren 18 Jul
RT @Domaindotcom: LiSeNb NiPtHe HeGaAt HeGaRa ScZrH FNeK 0YbZn Fm0H HBaCo AlNdHe CdCaH RhCaH SrSeLi CCsBi TaMd OLuCr OTeBi ULv PuRf #Hint
-
A price might be helpful.
-
I did it on Mountain Lion. Mavericks and ML are pretty much still the same. Give it a try...all the basics on connectivity should still apply.
-
Excellent!
-
Or you could watch Chris' excellent tutorial for configuring your WP for use on a mac. The steps for the MkIV will work on the MkV, I have done it on my MBPro.
-
Thank you. Always good to hear positive feedback. Coming next... a tutorial on how to manage your Pineapple remotely via SSH and the web interface. It'll include setting up a relay server but it's through a paid service- you can pay $5 flat for the month or $0.007 hourly. So it costs approximately 17-cents per day if you leave your server running 24-hours a day. It's very affordable. I decided to use the paid service for the tutorial because the free servers are far more difficult to configure, and would make the tutorial much more complex. I've never created a tutorial that requires my viewers to sign up for a paid service so I'm curious to see the reactions I get. At the very least, my viewers will gain an understanding of relay servers and why they're necessary for remote management.
Also, I have some new Kali Linux and Android tutorials coming soon as well.
Just one less coffee per month...a value.
-
I've been on the name/password page. I disagree with that going anywhere as an vector.
I looked at the binary code on the site you linked. Using Hex-Editor, I was able to open the file. The text, when viewed in UTF-16, is Chinese. For me, that's tough...I tried the google translate terms for "password", "key", "unlock", "shell." No luck.
I wonder if putting a different ROM on there would get me in the driver's seat...
-
I'm with digip on this. Get a VPN service. Anything else is a child's game of finger pointing.
-
At toorcon SD there was an interesting talk about the Femtocell and Smartphone hacking:
For fair use from: http://sandiego.toorcon.net/seminars/
Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
I have a box on my desk that your CDMA cell phone will automatically connect to while you send and receive phone calls, text messages, emails, and browse the Internet. I own this box. I watch all the traffic that crosses it and you don’t even know you’re connected to me.This box is a femtocell, a low-power cellular base station given or sold to subscribers by mobile network operators. It works just like a small cell tower, using a home Internet connection to interface with the provider network. When in range, a mobile phone will connect to a femtocell as if it were a standard cell tower and send all its traffic through it without any indication to the user. Inside, they run Linux, and they can be hacked.
During this talk, we will demonstrate how we’ve used a femtocell for traffic interception of voice/SMS/data, active network attacks, and explain how we were able to clone a mobile device without physical access.
Doug DePerry
Doug DePerry is a Senior Security Consultant at iSEC Partners in New York City. In addition to his day-to-day consultant duties, Doug is also responsible for helping manage employee/new hire training as well as the summer intern program.
At iSEC Doug has recently taken a deeper interest in iOS and crypto assessments as well as architecture reviews. He has also written a whitepaper on HTML5 titled, ‘HTML5 Security:The Modern Web Browser Perspective’.
Prior to joining iSEC, Doug worked for various defense contractors and the US Army.Andrew Rahimi
Andrew Rahimi is a Security Engineer for iSEC Partners in New York. He is a recent graduate of Bucknell University with an undergraduate degree in Computer Science & Engineering. His interests primarily include CDMA mobile phone research, satellite TV/Radio, WiFi, and other consumer network-oriented technologies. -
I started my attempt to hack the Sandisk by seeking to use the methods that worked for the Transcend, to no avail. The next best pathway for exploitation is directly attacking through the USB, IMHO. To that aim, I have acquired a FaceDancer21, created by the neighborly genius of Travis Goodspeed ($70 int3.cc) (yes that's more than the drive...money isn't really an issue when it comes to me wanting to know how to get in). I spent the day today flashing the firmware on the FD21. Tomorrow, I will begin my attack....(queue evil genius laugh with old pipe organ dududuuuus).
-
man, if you can add this to the Rubber ducky.. you could modify it to be able to change the scripts on on the fly.. have a base system, change it on the fly.. all from the convienience of a phone or tablet on hand..!!!!!!!
B) Yep.
-
Seems folks have really opened up the Transcend Wifi SD card...here is a link from Dmitry.
-
The infusions drive hardware changes which lead to even more infusion...true technolust is insatiable. You can quote me on that. :D
-
Stackoverflow is always a helpful place to go. I found this,
For Fair Use from:
http://stackoverflow.com/questions/6933626/android-how-to-emulate-swipe-gestures-in-avd
An interesting answer was this:
"One easy way is blind copying!
Instead of reading getevent output and figuring it out, then give to sendevent which is really slow. Simply blind copy the gestures from a real device with the same Android version, then blindly paste them.
You can copy the touch input in real device by:
1- In adb shell run dd if=/dev/input/event2 of=/sdcard/left.
2- Do the gesture you like to simulate (swipe).
3- This wall create a file (/sdcad/left) named file with the data generated by your real touch.
4- Move the file to any location in your AVD, lets say (/sdcad/left).
5- In AVD adb shell, run dd if=/sdcard/left of=/dev/input/event2
Viola! the simulated touch event will happen.
NOTE: In my device the file who has touch events is /dev/input/event2 , it might differ from a device to another, so you may use trial and error first.
In short, if you record and play on the same device:
1- dd if=/dev/input/event2 of=/sdcard/left
2- Do the touch for real
3- dd if=/sdcard/left of=/dev/input/event2
4- Repeat step 3, as much as you need.
Cheers :)"
-
Try the Amazon EC2 service...it has all the power you could ever want to rent - at low cost!
-
Does your version minimize the terminal upon execution and then close the terminal when it's done?
-
Links are in the original post.
-
Here's the HTML of the login section of twinspires
<div class="column col1" id="sidebar-left">
<div id="sidebar-outer-wrapper">
<div class="bottom-wrapper">
<div class="sidebar-container">
<div id="logged-in-user">
<div class="ajax-loading"></div>
<div class="panel-pane pane-type1 anonymous-content" id="pane-login-block">
<h2 class="pane-title">Login</h2>
<div id="login-section" class="pane-content">
<form method="post" action="https://www.twinspires.com/php/login.php">
<input type="hidden" name="destination" value="">
<input type="hidden" value="user_login" name="form_id">
<input type="hidden" value="2800" name="affid">
<input type="hidden" value="0" name="blocklogin">
<input type="hidden" value="1" name="wager">
<input id="edit-redirect" type="hidden" value="http://www.twinspires.com/wager" name="redirect">
<ul class="field-set">
<li>
<label for="username">Username:</label>
<input type="text" name="acct" id="username" class="text-box" maxlength="100" size="20">
</li>
<li>
<label for="password">Password:</label>
<input type="password" name="pin" id="password" class="text-box" maxlength="16" size="20">
</li>
<li>
<span id="reset-login-link"><a href="http://www.twinspires.com/account/password/request">forgot your login information?</a></span>
<input type="submit" class="button" value="Login" id="Login" name="Login">
</li>
</ul>
</form> -
The bash scripts you guys shared are so tight! I'm going to have to learn me some of that...science is my gig.
Here's a question for you gurus: lets say that I want to logon to my favorite horse wagering site, twinspires.com from the command line. Is there a script that will pass the username and password through the form so that I can gain access to live toteboard odds when the page redirects to the wagering home page? I can't find live odds data for horsetracks anywhere else. I want to pass the odds to an app I'm writing. OR once I have already logged onto a website, a simple script that will scarf the data I need and pass it to a .csv or .txt file?
...Requests and Mechanize are pretty awesome, the BASH is way awesomer.
-
wget http://www.somesite.com/page.html -O file.txt
would work too but good to see someone writing scripts since I'm a n00b at scripting and nice to see how python works since I mostly just do simple bash scripts for things.
Gotta love linux man.
-
I don't know, maybe somebody will find this useful in their pentesting arsenal.
#!/usr/local/bin/python
# HTMLgetter v1.0 by Forgiven
# This is a handy bit of python that will reap the HTML code of any page
# and output it to a txt file of your choice.
import urllib2
urlStr = raw_input('Input the full URL of the webpage whose HTML code you which to reap:')
fileName = raw_input("Input the *.txt filename for the output:")
fileName = fileName + ".txt"
fileOut = open(fileName, "w")
try:
fileHandle = urllib2.urlopen(urlStr)
str1 = fileHandle.read()
fileHandle.close()
print '-'*50
print 'HTML code of URL =', urlStr
print '-'*50
except IOError:
print 'Cannot open URL %s for reading' % urlStr
str1 = 'error!'
fileOut.writelines(str1)
print str1
fileOut.close()I thought it was cool, creates a nice txt file of the HTML from a web page...I guess I don't have permission to upload the .py for this above. But the code is small and simple enough to cp.
You can find it on github at the link.
-
add this to the toolset for the Rubber Ducky.. and you now have a pocket full of everything you need.
Too bad there wasnt a microsd one of these.. you could change the Rubber Ducky scripts on the fly...!!
The sandisk connect has a microsd... you read my mind!
-
I just posted that Pablo hacked the Transcend wifi enabled SD disk which comes equipped with BusyBox linux. It seems these little wireless disk drives have all the makings of a cool mini AP. I noticed that Sandisk now has a 32G wifi enabled flash drive. It has a built in battery, usb connection pin (for connection and recharging), a replaceable microSD card, and a wifi transmitter (albeit short range). Imagine hacking it and enabling it with the wifi pineapple features, all in a device the size of a lipstick dispenser!
Hak5 Darknet?
in Hak5
Posted
The coded message is the U2Fs...+..../....../...... thing. The digits that became elements are the key and the HSDWE QZORZNCG YGL WXO GDEK might be the passphrase. Off to bed for me now....EDT