hexlax

So, I started to look in to the Jasager project and really liked what I saw there. Instead of attacking the client side, I was thinking about the AP side of the house. You know how most wireless routers have built in web management interfaces? I'd like to work on some code that would interject our own network configuration which could include DNS or static-route poisoning. I'm asking the forum for advice on the best implementation for this program. I have prototyped this already on a xp box by: 1) Zero Wireless Config automatically connects to an AP (based on Preferred Networks). 2) Currently only connects to SSID of "Linksys". 3) Launches wget at the default gateway URL to change router configuration (all a POST statement). 4) Brings down the interface then brings it back up which XP automatically reconnects to another Linksys access point, taking us back to step 1. I could see how I would be able to launch this attack at multiple vendors, all because they all use a single POST statement to change router configuration. This of course implies that the router has the default user/pass, no encryption, and a simple network topology behind a public IP address (what I like to call out of the box security). Although I have only implemented this on XP, I'm sure there are some Linux gurus out there who could shed some light on some APIs or something to implement this by. The only thing I am using wget for is the authentication to the web management interface and launching the config change. I could see how this could already be implemented in the BOOST libraries, making it nice for crossplatformability. I got kinda wordy, but please, I'm interested in what ya think.

woot!

Also, check this irongeek vid

Just a couple things to caveat: 1) Is there a reason why you are trying to compute Pi? Why not use M_Pi as defined in cmath? 2) Depending on your printing routine, cout only displays for the first six digits beyond the decimal. You may want to look in to setting the precision. ~hexlax

Hey group! Here's a hacksnack I coded in c++. AVdetect takes a current process list and lets you choose to run two different programs based on whether it found AV. Better explanation: avdetect -c <AV found program> -d <AV not found program> -f <AV process list> -v I believe this program would be an added contribution to the current payloads floating around. This program has the ability to be verbose too with the -v option. Please let me know if you have any ideas/suggestions/critique as to how to make this program better. download RapidShare 7zip archive And the source.

I know it's past due, but I was bored. So here it is: /* Sorting using a linear algorithm. / Programmer: hexlax / Language: C++ (gcc) / The following program takes an array of integers and sorts it from greatest to least. */ #include &lt;iostream&gt; using namespace std; // The following function is passed the array by reference since no changes are being made. void print(int&amp; array[]){ for( int x = 0; x &lt; array.length(); x++) cout &lt;&lt; array[x] &lt;&lt; " "; } //Our main function int main(){ //Our array of integers: int array [ 50, 25, 30, 10, 49, 23, 54, 82, 19, 28 ]; //Used for array swapping: int temp = 0; //Initial output: cout &lt;&lt; "The current array contains "; print(array[]); cout &lt;&lt; "." &lt;&lt; endl; // Sort using linear algorithm. // Usually I would use a log algorithm like quicksort, but since // there are so few numbers in our array, linear will suffice. for( int x= 0; x&lt; array.length(); x++) for( int j = 0; j &lt; array.length(); j++){ if(array[x] &lt; array[j]) { //perform the swap temp = array[j]; array[j] = array[x]; array[x] = temp; } } // Final output cout &lt;&lt; "Now the sorted array contains "; print(array[]); cout &lt;&lt; "." &lt;&lt; endl; return 0; }

AT&T has been buying up hotspot contracts with companies such as Barnes and Noble, Starbucks, and McDonalds. They have recently allowed iPhone users access to these hotspots for no charge. So the hacker mind quickly asks, how do they ensure it's an iPhone? Perhaps a MAC address lookup? Nope, not even that complicated: they ensure that the browser's agent string matches that of the iPhone's Safari web browser. So just fire up firefox and type about:config in the address bar. Now type in general.useragent.extra.firefox and change the string to: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3 The website also asks you for a valid iPhone phone number. This should be easy to find too. You can now use these hotspots for free.

Check out episode 3x09. They discuss how you can accomplish this with iexpress and some other commercial software.

Thanks...

In the episode 3x09 blooper reel, there was mention of a "hacksnack" key logger and mailer called 'Time Machine.' Does anyone know what they were referring to? I only ask because I am currently working on a similar c++ program. Please let me know if you have any info regarding this project... Thanks in advance, ~hexlax

I couldn't recreate the process above. What does the piping to NUL accomplish? I think a simple prog is in order that given a known filename on our USB stick will output the drive letter associated, like: Input: C:> findDrive go.bat Output: G:

Short of coding your own parsing routine in perl or c, you may want to look into running cygwin and utilizing the amazing power of Unix programs like sed and grep... Actually, you don't even need to install the full image of cygwin, just keep the cygwin.dll in the directory of the program you're using. Then you can create a Windows batch file that parses the output files into temp files and operates on those.

Exactly, you could do a reg add before unpacking/launching the tool. Sysinternals uses the REG_DWORD for a boolean check that the EULA has already been accepted in: HKCUSoftwareSysinternals<program> with the name: EulaAccepted EDIT: Not all of the Sysinternal's pstools accept the flag /accepteula...

How does this program handle directory names? Also, does this program erase the index.dat histories? Side bar: Would you be willing to share the source? I'd love to see your implementation... You could also add a line that cleans out the last logged on user in: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon AltDefaultUserName & DefaultUserName

This becomes tricky because you never know what drive letter will be assigned on a foreign computer, but you can call explorer with any directory of your choosing: ::test.bat explorer C:WindowsSystem32 ::end However, there are some vbs scripts floating around (check the hacksaw package) that, given a file that exists on the usb drive, iterates the drive letters until it exists. I am currently cleaning this project up and will post the U3 ISO and nonU3 images soon...