SoldierX.com SquidBlackList - the world's largest porn blacklist! HAX Radio - The stream the FBI Listens to! Offensive Security Wireless Professional PWNIE 2012 Nominations The Hip-Hop Realm

Archive for the ‘Programming’ Category

WARCARRIER for Android Tablets (Update)

Tuesday, March 11th, 2014

)

WARCARRIER for Android Version 1.1

Saturday, March 1st, 2014

Almost complete. WARCARRIER for Android Tablets.



This is the main screen at startup, including the menu options.

Click on “catchMeNG! in the settings bar at the top right and you can input a string to troll for. This includes Bluetooth devices, BSSIDs, ESSIDs, etc.

You can also choose “Plot Waypoint” to plot a new way point onto the Google Map:

If you long-press on a any field (as the “Help” dialog shows from the Settings menu) You can find more information on the specific data that is presented.

And as of 1.1 Beta, you can plot and scan for Bluetooth devices:

This will make my life so much easier as I only have to write this Java code to run on one specific hardware type. Anything that goes wring is the SDKs fault, or the manufacturer for not using standard or compliant hardware (e.g. for radios).

Time to catch up on some R&R
~Douglas

WARCARRIER 802.11 Probe Request Scanner for Android

Monday, February 24th, 2014

The Application

I just finished up coding a simple 802.11 scanning application for Android that uses Probe Requests to ask for all AP info in the vicinity. A station sends a probe request frame when it needs to obtain information from another station. It’s considered an “active” scan since it’s sending a request – using RFMON on your radio is passive and only sniffing. What’s cool about this type of scan is that it is easier to scan for networks when already associated to a service set. In passive scanning, with software like Airodump-ng, you get this same data from the APs just in 0×08 subtype Beacon Frames. I also added some CatchMeNG! functionality as well for searching for devices.

This is the main screen you see above. It is a simple TableLayout (actually two since one is programmatically destroyed upon returning scan results.) within a RelativeLayout user interface. When you start the application, it checks to see if WiFi is enabled and if so it will scan the area using Probe Requests. This is very similar to how the old NetStumbler application worked. The EditText field you see is for CatchMeNG! in which you can troll for any specific string you wish: BSSID, ESSID, channel, WEP, etc.

In this image above I am initializing CatchMeNG! which turns the label green once the “Enable” button is pressed. I had a hard time with the EditText stealing the focus of the app when the onCreate(); method was initially called, but was able to stop that programmatically.


In the screenshot above you can see that the label has turned green for CatchMeNG! inidicating that it is on. I did this simply by creating a TextView object with the Integer ID of the actual Resources ID. e.g.: “R.id.label“.


In the above screenshot you can see what is shown when the object is found. I gave more details so that the RSSI can maybe be used as an indicator for signal strength. Just like in older versions of CatchMeNG!, a sound is played also to alert the users attention. Scanning takes place by hitting the Refresh AP List menu item in the applications menu in the top right side and not automatically.

TODO

Add automatic scanning.
Add case insensitivity.
Create a new section in Programming for Android and cover in depth details on how this project was created.

~Douglas

PHP and JSON Arrays of Password Data

Tuesday, January 21st, 2014

With all of the leaked databases which seem to flood the internet on a daily basis, one can only wonder why we don’t have more sites like leakdb. Recently I have been writing some applications in which require parsing of JSON. JSON Is a Javascript Object Notation which is commonly used as a structured output from a web service. My research proved fruitless the more complex the design of this output. Luckily, I was able to easily come up with an analogy in which may save a few folks some time during development and testing of multidimensional arrays within JSON output. It’s easy: it’s just a big associative array just like in any other language!

So let’s go through a simple example in which one of the results itself is an array.

Let’s use Leakdb‘s API for JSON output from their database. Leakdb allows us to pass a hash or plain text to it and it will differentiate between the two and return anything found. If we go to the main page and search for something like “securepassword” It will return a list of results that can be obtained in JSON format by going to: http://api.leakdb.abusix.com/?j=securepassword The output is pure JSON:

{
 "found": "true",
 "hashes": [
   {
    "gost": "6f85785dc94752933c72e4ad6ff779781ea793546e9cb5...",
    "md4": "11128c94a904b8cac8518a98307866a1",
    "md5": "b0439fae31f8cbba6294af86234d5a28",
    "mysql4_mysql5": "*214c2faf32f109ae748170bfabddfb9b0588...",
    "ntlm": "132a0e327625a4a32c14b5a08912b9f0",
    "plaintext": "securepassword",
    "ripemd160": "08815cd9c4dbbd5e85362f06669ddbe0b64c8446",
   "sha1": "ea0c04513c32717f3a09ff7b1fa882c4d8424b2a",
    "sha224": "5736e684eb72c3d419f1d91c7f2c885a29e056789bd6...",
    "sha256": "e0e6097a6f8af07daf5fc7244336ba37133713a8fc73...",
    "sha384": "5c2e9d4d732687dd790aad47ad6285bdd647f4820de8...",
    "sha512": "54c8e9ed836eb9622f6694876dabd83e44c6f7ce11cb...",
    "whirlpool": "1af2629aa6809f7a480111ebc5bcd43bf11fa4b9e..."
   }
  ],
  "info": "https://leakdb.abusix.com - reverse hash search and calculator",
  "msg": "",
  "query": "securepassword",
  "time": "0.279",
 "type": "plaintext"
}

by “pure” I simply mean that what you see is what you get. Try hitting CTRL+U and checking it for yourself. Now let’s use PHP to get this output from the leakdb API. PHP has a few functions that we will use: file_get_contents(); and json_decode(); You don’t actually have to look at those links, they are just there for reference. I don’t usually refer folks to the actual developer’s documentation. The reason for this is that the user’s experience is so dynamic and organic that it is actually of a higher chance you find more useful information from their “example” or “tutorial” websites than the convoluted and bloated examples by the languages owner. (here’s looking at you Adobe). Anyways, the first function, as you may have guessed, is what I use to get the JSON response from the leakdb API server. The second is what I use to “decode” the output. Let’s take a look at those two in PHP using our example.

$url = "http://api.leakdb.abusix.com/?j=" . $_GET['h'];
$rest_json = file_get_contents($url);
$res = json_decode($rest_json, true);

In the first line I simply get the password from the URL HTTP GET parameter “h” as in http://myserver.com/hash/index.php?h=securepassword Then I create the REST JSON object in the second line, then parse it in the third. Simple! If we dump this output to the screen with var_dump(); we can see the JSON returned from the Leakdb web service. We can easily see that one of the elements, “hashes” is an associative array. The results were returned as an associative array because of the “true” we add into the json_decode(); function.

So instead of looping through each value to find what we want (which, seemingly, is what every other tutorial seems to be about), we can access it directly with simple programming multidimensional array notation. Say we want the NTLM hash only, of the plain text that we send to Leakdb:

echo $res['hashes'][0]['NTLM'];

Will do the trick! The first layer is the hashes array which contains one element labeled “0″ This element contains 13 associative arrays, each of which have two elements. The hash type and the hash itself, including the plain text version for reverse look ups! I have highlighted and bullet-pointed out the list items in the image above. When dealing with JSON, it’s easy to remember that simple object nodes are denoted in {} and array object nodes are within []. Now with a little CSS TLC, we can easily style the returned output to embed in our websites.

Snippet:

if($res['found'] == 'true'){ # has was found
  echo "<div class='content'><h3>".$_GET['h']." (".$res['type'].")</h3><table>";
  echo "<tr><td class='tdTitle'>text:</td><td class='tdVal'>".$res['hashes'][0]['plaintext']."</td></tr>";

We can even use it in our Android applications with getJSONArray(); but I will save that for another long-winded staircase tutorial :)

~Douglas

C Programming Tutorial 9

Friday, July 26th, 2013

Comments

C Comments are hidden messages in the source code that only the developer(s) or anyone with access to the source can see. The generally are used for maintaining code, debugging, and making it easier for expanding your code. Its always good practice to use as much comments as possible when dealing with huge applications. Let’s take a look at how we can add comments into our source code, though we have come across one way already – the // comment.

// Comment

Above we can see someone with a slight obsessive problem to comment small applications in C. The compile simply ignores everything from the double slashes to the end of the line. That’s it. This is a pretty hefty application for what we are used to, but if you have followed along this far you should understand it well enough to know what it does. I just over commented for a nice screen shot :)
Now there’s one more type pf comment I’d like to brush on and that’s the multi-line comment /* */

/* Comment */

The compiler also allows a comment to spread across multiple lines. Once it see’s a starting /* anywhere in our code, it will ignore all lines until it hits a */ end.

And that his how we make a multi-line comment in C. If you were kinda hazy over the meaning of the application from the first example, I completely explain it in this example in a multi-lined comment. This concludes this small tutorial in C comments.

—notes———