kz26

someone needs to stop asking for money...

Big kudos to Steve8x for posting great material that's not just n00b talk. This is a very elegant method, but I see one potential flaw. Anyone running a sniffer over the net or who could look at the program parameters could see where the log is being posted to. Since a webserver's owner can be traced in most cases, this might have potentially catastrophic consequences for the hacker were he/she to be found out...

Wow guys, I'm impressed (and flattered!) that this thread has been going on for so long. Just to clear up some things: From what they've told me he was trying to steal exams from the teacher since he was more or less failing the class...usually I am against busting people, but this kid had the rep of being a slimeball and the teacher he targeted is one of my favorite...this teacher actually *offered* to write letters of rec for me. The guy would *definitely* fall under the "irresponsible hacker" category. This wasn't just a simple case of changing passwords, since it looks like he had some password dumpers running there was the potential for a full domain compromise. Thankfully he wasn't anywhere near intelligent enough to get that far.

This might have limited success with some of the lower-end AVs like AVG or Avast, but I can tell you right now that this won't work at all against better AVs like NOD32 and Kaspersky. They usually install low-level kernel/system hooks to prevent the process from being terminated from user space.

Well, it just happens that my HS has the exact same type of filter, the R3000 by 8e6 Technologies. It seems to do its job well enough, but apparently our sysadmin forgot to block port 22 (SSH). I have fast shell accounts in a variety of places so I simply use PuTTY to securely tunnel all my activity. If port 22 is blocked, I would just run an SSH server on port 443 instead. That makes SSH traffic resemble HTTPS (how would the filter know?), which isn't blocked as many legit sites use it.

Java: Eclipse Microsoft languages/.NET: Visual Studio for everything else, there's notepad++

Not even worth bothering with, simply because the iPhone/iPod Touch are notorious for their closedness. Apple wants to restrict the platform down to the level where THEY decide what you get to do with the device. And wireless cracking is NOT something they want you to do :D

Um...because I'm not a dick and I respect that teacher and that particular kid was a douche?

Well, aside from the whole school hacking thing being a really bad idea, using something like scar - which is Java-dependent - is very unreliable. You can't guarantee that the target computer will have Java enabled or that the program will run properly...

Hey...don't end up like the kid I called out: http://hak5.org/forums/index.php?showtopic=9150 Hack to learn, not the other way around.

Basically, anything that accesses protected system stuff (pretty much all password dumpers, services, and other such tools won't work) file copy should work, though. If you want it to run completely silently look at one of the U3 payloads. If you don't have/want/need U3 there are many other options. Not trying to advertise myself here, but I actually designed my ZBLADE2 payload with something like this in mind. It uses ROBOCOPY to mirror the file types you select, and detects whether or not admin access is present and runs the appropriate tools. Good luck :)

In my school, there's basically two groups, the smart, cultured people and the dumba$$es. I (and my friends) belong to the former, while this kid was just some piece of trash (screws around with everything, no respect for rules, bad grades, etc). I happen to particularly respect this teacher, plus I later found out that he had copied MY files from MY USB. So why should I have any respect for him? All of this happened during class, with an overhead projector showing the screen, with his username and password in public view Answers to questions: 1. usually they aren't, vast majority of teacher+student accounts have no local admin privileges but this particular teacher's account has admin status for some reason 2. I'm kinda the tech guy around my school, and actually I used msconfig 3. see #1 - result of having admin access. If the teacher's account had been properly locked down this never would have happened 4. what kind of teacher is going to go thru the hassle of logging out and logging in just to get a presentation? and the student kinda has the element of surprise on their side 5. dunno, school is using Symantec Corporate AV w/ really old 2007 definitions

just stumbled across these, I'll bet some of you USB hackers will find this useful :P http://www.f2ko.de/English/b2e/index.php http://www.f2ko.de/English/v2e/index.php

Well, this is a long story. I'll start at the beginning: In my AP Psych class recently, people were giving Powerpoint presentations. The teacher and one group complains that the computer is running really slow. So I go over and take a look at it, thinking it's just a bull**** subjective complaint. I notice that the computer is almost unresponsive - they weren't kidding. Opening up task manager, I try to figure out what's going on. Didn't really expect to find much there, but suddenly a few weirdo processes catch my eye: RAR.EXE, BLAT.EXE, sbs.exe, and stunnel.EXE. Obviously, these are all classic components of the USB Hacksaw. I reboot the comp into safe mode, take a look at the startup entries, and find a link to "sbs" in C:\Windows\$NtUninstall931337$. Bingo. Navigating to this folder I find all the incriminating evidence - programs, file dumps, etc. Of course no Hacksaw is complete without the send.bat. As expected the attacker's username and password are here. I was kind of wary, half-expecting the Gmail credentials to be a fake/throwaway account, but when I saw the inbox and the name on it I realized this was a very real account People confirmed that this was a real student - a senior, in fact. I told the teacher immediately, who called the IT guys. They were swarming over the computer and were shocked by the fact that all the teacher's files were copied. Fortunately, our school blocks outbound SMTP on port 465 (which Gmail uses) so this lo$er's plan wouldn't have worked anyway. I guess he's facing suspension (expulsion?). All this from a computer that was running slow Odd, though - does the Hacksaw really slow down the computer? Perhaps if this kid had written his own code it would have worked out a lot better for him...but now he's gonna be cooling his heels for a while. PWNED.

What's wrong with blat in the Hacksaw? Blat is a lot more configurable and well-known anyway...