Jump to content

hexlax

Active Members
 View Profile  See their activity

  • Posts

    38

  • Joined

  • Last visited

 Content Type 

Posts posted by hexlax

    Change-Driving

    in Applications & Coding

    Posted

    So, I started to look in to the Jasager project and really liked what I saw there. Instead of attacking the client side, I was thinking about the AP side of the house.

    You know how most wireless routers have built in web management interfaces? I'd like to work on some code that would interject our own network configuration which could include DNS or static-route poisoning.

    I'm asking the forum for advice on the best implementation for this program. I have prototyped this already on a xp box by:

    1) Zero Wireless Config automatically connects to an AP (based on Preferred Networks).

    2) Currently only connects to SSID of "Linksys".

    3) Launches wget at the default gateway URL to change router configuration (all a POST statement).

    4) Brings down the interface then brings it back up which XP automatically reconnects to another Linksys access point, taking us back to step 1.

    I could see how I would be able to launch this attack at multiple vendors, all because they all use a single POST statement to change router configuration. This of course implies that the router has the default user/pass, no encryption, and a simple network topology behind a public IP address (what I like to call out of the box security).

    Although I have only implemented this on XP, I'm sure there are some Linux gurus out there who could shed some light on some APIs or something to implement this by. The only thing I am using wget for is the authentication to the web management interface and launching the config change. I could see how this could already be implemented in the BOOST libraries, making it nice for crossplatformability. I got kinda wordy, but please, I'm interested in what ya think.

    finding Pi with C++

    in Applications & Coding

    Posted

    Just a couple things to caveat:

    1) Is there a reason why you are trying to compute Pi? Why not use M_Pi as defined in cmath?

    2) Depending on your printing routine, cout only displays for the first six digits beyond the decimal. You may want to look in to setting the precision.

    ~hexlax

    AVdetect

    in USB Hacks

    Posted

    Hey group!

    Here's a hacksnack I coded in c++. AVdetect takes a current process list and lets you choose to run two different programs based on whether it found AV. Better explanation:

    avdetect -c <AV found program> -d <AV not found program> -f <AV process list> -v

    I believe this program would be an added contribution to the current payloads floating around.

    This program has the ability to be verbose too with the -v option. Please let me know if you have any ideas/suggestions/critique as to how to make this program better.

    download RapidShare 7zip archive

    And the source.

    Coding challenge

    in Applications & Coding

    Posted

    I know it's past due, but I was bored. So here it is:

    /* Sorting using a linear algorithm. 
/ Programmer: hexlax
/ Language: C++ (gcc)
/ The following program takes an array of integers and sorts it from greatest to least.
*/

#include &lt;iostream&gt;
using namespace std;

// The following function is passed the array by reference since no changes are being made.
void print(int&amp; array[]){
    
    for( int x = 0; x &lt; array.length(); x++)
        cout &lt;&lt; array[x] &lt;&lt; " ";
}

//Our main function
int main(){

    //Our array of integers:
    int array [ 50, 25, 30, 10, 49, 23, 54, 82, 19, 28 ];

    //Used for array swapping:
    int temp =  0;

    //Initial output:
    cout &lt;&lt; "The current array contains ";
    print(array[]);
    cout &lt;&lt; "." &lt;&lt; endl;


    // Sort using linear algorithm.
    // Usually I would use a log algorithm like quicksort, but since 
    // there are so few numbers in our array, linear will suffice. 
    for( int x= 0; x&lt; array.length(); x++)
        for( int j = 0; j &lt; array.length(); j++){
            if(array[x] &lt; array[j]) {
                //perform the swap
                temp = array[j];
                array[j] = array[x];
                array[x] = temp;
            }
        }

    // Final output
    cout &lt;&lt; "Now the sorted array contains ";
    print(array[]);
    cout &lt;&lt; "." &lt;&lt; endl;

    return 0;
}

    AT&T free wi-fi for iPhones Hack

    in Security

    Posted

    AT&T has been buying up hotspot contracts with companies such as Barnes and Noble, Starbucks, and McDonalds. They have recently allowed iPhone users access to these hotspots for no charge. So the hacker mind quickly asks, how do they ensure it's an iPhone? Perhaps a MAC address lookup? Nope, not even that complicated: they ensure that the browser's agent string matches that of the iPhone's Safari web browser. So just fire up firefox and type about:config in the address bar. Now type in general.useragent.extra.firefox and change the string to:

    Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3

    The website also asks you for a valid iPhone phone number. This should be easy to find too.

    You can now use these hotspots for free.

    Key logger + Mailer

    in Applications & Coding

    Posted

    In the episode 3x09 blooper reel, there was mention of a "hacksnack" key logger and mailer called 'Time Machine.' Does anyone know what they were referring to? I only ask because I am currently working on a similar c++ program. Please let me know if you have any info regarding this project...

    Thanks in advance,

    ~hexlax

    hexlax's package = encrypted payload + AVkilla

    in USB Hacks

    Posted

    Include this "code" into your switchblade [go.bat I think]

    It outputs the name of the drive [which has just been inserted] into a batch file which is then run, popping up the explorer window.

    No vbscripts are necessary.

    ::[open.bat]

    echo explorer "%~d0" >"c:driveletter.bat"

    "c:driveletter.bat"

    ping -n 5 localhost > NUL

    del "c:driveletter.bat"

    I couldn't recreate the process above. What does the piping to NUL accomplish?

    I think a simple prog is in order that given a known filename on our USB stick will output the drive letter associated, like:

    Input:

    C:> findDrive go.bat

    Output:

    G:

    Sorting windows Command Line programs output

    in Applications & Coding

    Posted

    I was wondering if theres any program out there that can sort the output from command like net share, netstat etc. into proper tables, or csv files etc..

    Short of coding your own parsing routine in perl or c, you may want to look into running cygwin and utilizing the amazing power of Unix programs like sed and grep...

    Actually, you don't even need to install the full image of cygwin, just keep the cygwin.dll in the directory of the program you're using. Then you can create a Windows batch file that parses the output files into temp files and operates on those.

    Bypass Eula on PStools?

    in Applications & Coding

    Posted

    I recall there's a switch that can be used with it which accepts the EULA.  Accepting the EULA makes a change in the registry so at least acceptance is remembered on that particular computer.

    Exactly, you could do a reg add before unpacking/launching the tool. Sysinternals uses the REG_DWORD for a boolean check that the EULA has already been accepted in:

    HKCUSoftwareSysinternals<program>

    with the name: EulaAccepted

    EDIT: Not all of the Sysinternal's pstools accept the flag /accepteula...

    UPDATED quickclean.exe to support VISTA !!!

    in Applications & Coding

    Posted

    How does this program handle directory names? Also, does this program erase the index.dat histories?

    Side bar: Would you be willing to share the source? I'd love to see your implementation...

    You could also add a line that cleans out the last logged on user in:

    HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

    AltDefaultUserName & DefaultUserName

    hexlax's package = encrypted payload + AVkilla

    in USB Hacks

    Posted

    All works according to plan, however is there a way that I can get the explorer to come up too? Instead/aswell as the console window?

    This becomes tricky because you never know what drive letter will be assigned on a foreign computer, but you can call explorer with any directory of your choosing:

    ::test.bat

    explorer C:WindowsSystem32

    ::end

    However, there are some vbs scripts floating around (check the hacksaw package) that, given a file that exists on the usb drive, iterates the drive letters until it exists. I am currently cleaning this project up and will post the U3 ISO and nonU3 images soon...

    hexlax's package = encrypted payload + AVkilla

    in USB Hacks

    Posted

    With reguard to 64 bit conversion... not really needed as 32 bit applications run fine for the most part (unless they are some form of system process). If its of interest I have Vista 64 bit running on my... 3 rd partition I'd be happy to run anything you'd like by it. Just drop me a PM with the method you'd like it ran and where to get it.

    I would greatly appreciate it! Here is the executable:

    http://mywebpages.comcast.net/dissoluten/scancomp.7z

    And just run scancomp after you 7zip extract.

    hexlax's package = encrypted payload + AVkilla

    in USB Hacks

    Posted

    Post the C++?  Or an example of what the C++ contains?

    Sure if we want to dissect the whole code, but as the first post indicates you can grab the source from here:

    http://mywebpages.comcast.net/dissoluten/scanComp-src.7z

    As far as the mechanics behind the AV detection:

    -inputs a list of known AV processes from config.txt (sorted)

    -grabs a list of current system processes using sysinternals pslist

    -takes the current process list and binary searches for each against our known AV list

    (since logarithmic time is better than linear)

    -if nothing is found, executes the full payload

    -if not, executes a payload that scans cleans

    -the payload switch is determined in the config.txt file as Y/N, converted to boolean on input

    Does that answer your question? What I might do, based on feedback, is code a 'light' version of the AV detection for other packages - if other's are interested. But please have a look at the source - I commented the hell out of it.

    hexlax's package = encrypted payload + AVkilla

    in USB Hacks

    Posted

    Just add whatever special thing you did in the config settings to the wikis 'package' page and point people there (regarding your post in another thread).

    Honestly I don't see a lot of 'new' ideas in the payload, maybe you should try and find something unique, something that has never been done before.  A lot of payloads now seem to have one minor change, and that's it.  Look at all the other recent 'payloads'.  You have the usbdumper payload, which is really a package, the keylogger payload, again just a package, and then you have payloads built around nothing new at all.  The 7zip payload just seems to be an alternate form of already done ideas, encrypting the files, much like the pocket knife payload did.  People need to learn when they only have a package, and are simply wrapping it around or sticking it in a vanilla generic switchblade payload.  I'm not saying that anyone should stop working on their own personal payload, they can do whatever they want, and I'm sure someone will learn something along the way, however, it might be worth it to think about whats been done already before cloning off already existing payloads.

    Sorry about all the commas/run on sentences....

    Did you actually look at the source? It's not something that I can just post because the AV detection is c++ coded. As for the payload, I agree with you that it's not new. But this package addresses the issue that people have brought up time and time again:

    -AV detection

    -package encryption

×
×
  • Create New...