hexlax

So, I started to look in to the Jasager project and really liked what I saw there. Instead of attacking the client side, I was thinking about the AP side of the house. You know how most wireless routers have built in web management interfaces? I'd like to work on some code that would interject our own network configuration which could include DNS or static-route poisoning. I'm asking the forum for advice on the best implementation for this program. I have prototyped this already on a xp box by: 1) Zero Wireless Config automatically connects to an AP (based on Preferred Networks). 2) Currently only connects to SSID of "Linksys". 3) Launches wget at the default gateway URL to change router configuration (all a POST statement). 4) Brings down the interface then brings it back up which XP automatically reconnects to another Linksys access point, taking us back to step 1. I could see how I would be able to launch this attack at multiple vendors, all because they all use a single POST statement to change router configuration. This of course implies that the router has the default user/pass, no encryption, and a simple network topology behind a public IP address (what I like to call out of the box security). Although I have only implemented this on XP, I'm sure there are some Linux gurus out there who could shed some light on some APIs or something to implement this by. The only thing I am using wget for is the authentication to the web management interface and launching the config change. I could see how this could already be implemented in the BOOST libraries, making it nice for crossplatformability. I got kinda wordy, but please, I'm interested in what ya think.

woot!

Also, check this irongeek vid

Just a couple things to caveat: 1) Is there a reason why you are trying to compute Pi? Why not use M_Pi as defined in cmath? 2) Depending on your printing routine, cout only displays for the first six digits beyond the decimal. You may want to look in to setting the precision. ~hexlax

Hey group! Here's a hacksnack I coded in c++. AVdetect takes a current process list and lets you choose to run two different programs based on whether it found AV. Better explanation: avdetect -c <AV found program> -d <AV not found program> -f <AV process list> -v I believe this program would be an added contribution to the current payloads floating around. This program has the ability to be verbose too with the -v option. Please let me know if you have any ideas/suggestions/critique as to how to make this program better. download RapidShare 7zip archive And the source.

I know it's past due, but I was bored. So here it is: /* Sorting using a linear algorithm. / Programmer: hexlax / Language: C++ (gcc) / The following program takes an array of integers and sorts it from greatest to least. */ #include &lt;iostream&gt; using namespace std; // The following function is passed the array by reference since no changes are being made. void print(int&amp; array[]){ for( int x = 0; x &lt; array.length(); x++) cout &lt;&lt; array[x] &lt;&lt; " "; } //Our main function int main(){ //Our array of integers: int array [ 50, 25, 30, 10, 49, 23, 54, 82, 19, 28 ]; //Used for array swapping: int temp = 0; //Initial output: cout &lt;&lt; "The current array contains "; print(array[]); cout &lt;&lt; "." &lt;&lt; endl; // Sort using linear algorithm. // Usually I would use a log algorithm like quicksort, but since // there are so few numbers in our array, linear will suffice. for( int x= 0; x&lt; array.length(); x++) for( int j = 0; j &lt; array.length(); j++){ if(array[x] &lt; array[j]) { //perform the swap temp = array[j]; array[j] = array[x]; array[x] = temp; } } // Final output cout &lt;&lt; "Now the sorted array contains "; print(array[]); cout &lt;&lt; "." &lt;&lt; endl; return 0; }

AT&T has been buying up hotspot contracts with companies such as Barnes and Noble, Starbucks, and McDonalds. They have recently allowed iPhone users access to these hotspots for no charge. So the hacker mind quickly asks, how do they ensure it's an iPhone? Perhaps a MAC address lookup? Nope, not even that complicated: they ensure that the browser's agent string matches that of the iPhone's Safari web browser. So just fire up firefox and type about:config in the address bar. Now type in general.useragent.extra.firefox and change the string to: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3 The website also asks you for a valid iPhone phone number. This should be easy to find too. You can now use these hotspots for free.

Check out episode 3x09. They discuss how you can accomplish this with iexpress and some other commercial software.

Thanks...

In the episode 3x09 blooper reel, there was mention of a "hacksnack" key logger and mailer called 'Time Machine.' Does anyone know what they were referring to? I only ask because I am currently working on a similar c++ program. Please let me know if you have any info regarding this project... Thanks in advance, ~hexlax

I couldn't recreate the process above. What does the piping to NUL accomplish? I think a simple prog is in order that given a known filename on our USB stick will output the drive letter associated, like: Input: C:> findDrive go.bat Output: G:

Short of coding your own parsing routine in perl or c, you may want to look into running cygwin and utilizing the amazing power of Unix programs like sed and grep... Actually, you don't even need to install the full image of cygwin, just keep the cygwin.dll in the directory of the program you're using. Then you can create a Windows batch file that parses the output files into temp files and operates on those.

Exactly, you could do a reg add before unpacking/launching the tool. Sysinternals uses the REG_DWORD for a boolean check that the EULA has already been accepted in: HKCUSoftwareSysinternals<program> with the name: EulaAccepted EDIT: Not all of the Sysinternal's pstools accept the flag /accepteula...

How does this program handle directory names? Also, does this program erase the index.dat histories? Side bar: Would you be willing to share the source? I'd love to see your implementation... You could also add a line that cleans out the last logged on user in: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon AltDefaultUserName & DefaultUserName

This becomes tricky because you never know what drive letter will be assigned on a foreign computer, but you can call explorer with any directory of your choosing: ::test.bat explorer C:WindowsSystem32 ::end However, there are some vbs scripts floating around (check the hacksaw package) that, given a file that exists on the usb drive, iterates the drive letters until it exists. I am currently cleaning this project up and will post the U3 ISO and nonU3 images soon...

dead link homes...

Done... Thanks for the heads up. Oh, and F*** Comcast for dropping the link.

What's the best way to find the u3 r/w drive when trying to save logs? Is is it usually: [read only drive] + 1 character? Or can I specify which drive letter to give the writable disk?

I would greatly appreciate it! Here is the executable: http://mywebpages.comcast.net/dissoluten/scancomp.7z And just run scancomp after you 7zip extract.

Sure if we want to dissect the whole code, but as the first post indicates you can grab the source from here: http://mywebpages.comcast.net/dissoluten/scanComp-src.7z As far as the mechanics behind the AV detection: -inputs a list of known AV processes from config.txt (sorted) -grabs a list of current system processes using sysinternals pslist -takes the current process list and binary searches for each against our known AV list (since logarithmic time is better than linear) -if nothing is found, executes the full payload -if not, executes a payload that scans cleans -the payload switch is determined in the config.txt file as Y/N, converted to boolean on input Does that answer your question? What I might do, based on feedback, is code a 'light' version of the AV detection for other packages - if other's are interested. But please have a look at the source - I commented the hell out of it.

Is there some sort of VC++ Express compiler option that can be used for this?

Did you actually look at the source? It's not something that I can just post because the AV detection is c++ coded. As for the payload, I agree with you that it's not new. But this package addresses the issue that people have brought up time and time again: -AV detection -package encryption

My package addresses this issue. Scans for AV processes and if they are found executes a clean payload... http://forums.hak5.org/index.php/topic,8169.0.html

Hello board! Does anyone have any experience in porting code from 32bit to 64bit? Not even sure where I could begin. Would it be possible to code that determines this? Or do you have to create separate programs?

#include <string> using namespace std; string word1 = "snakey"; string word2 = ""; for(int x=0; x<word1.length(); x++) if(word1[ x ] == 'a') word2 = word1[ x ];