SquidBlackList - the world's largest porn blacklist! HAX Radio - The stream the FBI Listens to! Offensive Security Wireless Professional PWNIE 2012 Nominations The Hip-Hop Realm

Archive for the ‘Uncategorized’ Category

xssPlay Updates

Friday, August 10th, 2012

Updates! I added some new functionality thanks to the suggestions of M33b0. First, the application now crawls all links embedded into pages if the ‘-r’ argument is specified at runtime. Also, you can randomly choose a new User Agent for each http request! This will severely falsify and ruin “data” in http access/error logs. You can randomly choose mobile, standard, or any. IN THE EXAMPLE IMAGES BELOW, I DID NOT HACK WT4.COM. I SIMPLY CHANGED MY /ETC/HOSTS FILE TO REFLECT WT4.COM AS LOCALHOST SINCE MY HOSTNAME IS WT4 The pWeb Suite has been updated to have three new files in it also, two html files for the new output logs for xssPlay, and one new file that is filled to the rim with User Agents :)

That’s a sweet looking output, if I do say so my damned self.

There’s the new arguments, there will be a few more to come.

There’s the new “html” output. I got this idea from Havij. Each link goes to the defaced page.


WeakerThan 5 ALPHA Release!

Monday, April 16th, 2012

UPDATE 5/18/2012 : It’s been re-released. Read more here.
Download page here.
MD5: ed94cd61637c38f960b19f849c2b2180


UPDATE 4/19/2012 : A slightly less crappy ALPHA has been uploaded. I took away some unneeded stuff like tint2, wicd-gtk, my personal email and password in the conky gmail script (#FAIL), etc. And some things were replaced with more superior counterparts, such as Firefox being raplaced with Uzbl. Chntpw was also added (and I think there’s a few more added tools but I can’t remember off the top of my head). I’m not sure why the ISO grew in size from 878MB to a whopping 914MB (hell, I thought it would get smaller with the changes!) but It’s definitely something that will be investigated.

I’m happy to announce the release of WeakerThan 5 ALPHA! We need ALPHA testers! This is the fist (hopefully first of many) Arch-based pentest distro from WeakNet Laboratories. Sorry for the lack of tools in the “WeakNetLabs” section – it seems trevelyn is still working on some; I will include them when I have them. And I’m also aware that only about half of the tools in the “Web H4CK1N6″ section also don’t work (they required Perl modules and/or Ruby gems which are causing dependency hell). Airpwn WILL work as soon as I make/submit a PKGBUILD for lorcon-old as it’s no longer in the AUR – I just haven’t gotten around to it yet. Please also bear in mind that not even trevelyn has tested WT5 ALPHA yet so he likely won’t be able to answer many questions – please contact m33b0 for any questions or concerns regarding WT5 ALPHA.

If you have a flash drive we advise you to “dd” WT5 ALPHA onto it instead of burning WT5 ALPHA onto a DVD. It’s much, much faster, smoother, and you won’t have to reboot it if you bump your computer.
[root ~]# dd if=/path/to/wt5alpha.iso of=/dev/sdb
Please be careful and replace “/dev/sdb” with your USB device. MAKE SURE YOU DON’T CHOOSE YOUR HARDDRIVE!

Below is a short video of what I imagined WeakerThan 5 would look like. Since I recorded the WT5 “concept” video not a whole lot has changed. A few tools were upgraded, a few were removed, and a few that still have issues.

If anyone has the Arch Linux knowlege to help me along with bugs, development, ideas, whatever, etc., then please make it known!

Rooting Samsung Galaxy SII EPIC 4G Touch After Android Update to 2.3.6

Tuesday, December 13th, 2011

After the update to 2.3.6 my phone was unrooted, as usual. This time I tried the one click method of rooting it as describe here: And it was as easy as pie. Now, I’m back to root, with the original stock ROM.


WPA2 Brute Force (no dictionary list)

Friday, August 19th, 2011

Short and easy-to-follow demonstration of brute forcing WiFi with WPA(TKIP)+WPA2(AES) encryption. This method of real brute forcing involves piping Crunch through Aircrack-ng. This is more of a “proof-of-concept” tutorial. You can find more information about different options and what they do on their websites. But if you follow along, you should be able to get the gist of what’s going on.


Wardriving is not a crime

Monday, April 25th, 2011

Ethics are something which cannot be forced upon someone. They just happen. They result from you as an individual, your environment, and well, anything that influences you. Media, like the news, music, sitcoms, movies, and such can all have a deep effect on the psychology that goes into ethics and what decisions you as an individual make.

Imagine you walk through a bar where people are all yelling at the bartender like so:

man: “RTS!?”
bartender: “CTS!”
man: “I would like a drink, here is my credit card number! 1234-1234-1234-1234!! Sec code: 123!! expiration: 11-12!!!”
bartender: “ACK!”

and this is how drinks are ordered in the bar. Well, you may think to yourself, why are these people okay with yelling their cred card numbers? Well, what about the people who run the bar? They are okay with the customers yelling it out loud too? Well. I wouldn’t. I would go somewhere else. But imagine if they where yelling in different languages you could understand. They knew you couldn’t understand because you’re a dumb fat American. But with a dictionary, or a few classes, you could understand the language just fine. it’s not like the language is a secret.

What if you went into the bar with a tape recorder. you recorded everything for about 1 hour and left. You paid for classes in what ever languages you recognize don the tape. You then decifered the languages and were able to “hear” the credit card information of each customer. <-- You did nothing illegal up to this point. That is, unless there's a huge sign on the wall in the bar that says "no tape recorders." But then, what if you were blind? you relied on your senses to "hear" the communications only. This is similar to wardriving to an extent. The act of wardriving usually entails a lot of movement though, hence the "driving" part. You wouldn't really "hear" enough data to get a lot of credit card numbers, or even tell what language those people are speaking. The key to deciphering what language is being used comes from statistically analyzing 40 to 250 thousand words, minimum.

To make this analogy more realistic, let's say every person had a megaphone in their hands and used it to speak the credit card information in their native language (which you don't understand yet.) Now, you don't have to enter the building with the tape recorder, you can just sit outside. Well, because wireless mediums are shared, and most access points and network data can actually be "heard" from outside of the building - you are seriously not breaking any laws yet, no matter if there is a "no tape recorders in building" or if you were blind. Well, I guess if you were loitering in the back alley, or trespassing onto the bar's lawn, you would be busted.

With this in mind, read this article: ComputerWorld:Wardriving

“WEP has well-documented security flaws and has been considered for years to be unsecure, but was widely used in routers built between about 2000 and 2005.”

VeriZon’s own Actiontec routers STILL to this day come preloaded with WEP.

Here is the key statement:

“Because WEP’s encryption can be cracked using easy-to-find tools, even unsophisticated hackers can break into WEP networks and mine them for data.”

I retweeted this over the weekend and realised that you don’t necessarily have to “break into … networks” to get this data. The data is there. WEP’s IV, or initialization vector used for the PRGA keystream during RC4 is transmitted in plain text. So, here’s another example to get your gears going:

I can watch my neighbors (I don’t I assure you) as they watch Netflix for 15 seconds to 1 minute in HD and produce enough Data packets with Initialization Vectors to crack the key offline. No intrusion needed. Now, what if after they watch Netflix, or during that time, one of their computers running Thunderbird transmits a plain text password for IMAP or POP? Whoops, I can now see that using Wireshark and putting their key into the settings for packet decryption.

Another quote:

“…got many of the card numbers by wardriving retailers including TJX Companies, OfficeMax and Barnes & Noble”

This is where our bartender comes in. He owns the place and he was told by security standards officials (we’ll call them the PCI compliance people) to not use the megaphone / different language technique. But to use a far more secure technique called “WPA2″

What these people did wrong was misuse the data. The distributed it, abused, or sold it. That’s completely unethical. The fact that wireless signals go all over the place in 3 dimensions is not a flaw either. It’s how RF works with the dipole antennas. If your equipment is tool old to process the cipher block code (CCMP) used by WPA2 and you need to use WEP, use a weaker antenna. One that is directional to the receiver. Not one that will broadcast outdoors. What Google did in the past, wardriving and seeing your information wasn’t illegal either. In fact, they told everyone that they saw the data to teach them to not use unencrypted networks! And they got in trouble over it!!

“They confessed that emails, passwords and other sensitive public data had been collected by the fleet of cars from unsecure wireless networks.”

You can limit your libpcap based sniffing application to only capture beacon frames if you want too!