P1nky’s Cool Sh*t #1

Are you troubled by strange hacks in the night?
Do you experience feelings of dread in your basement or attic?
Have you or your friends actually seen a phreak, script kiddie, or fed?
If the answer is yes, then don’t wait another minute. Just pick up the phone and ask for the Pwnton Pack!

And don’t forget, we will be meeting again soon (whether you-know-who wants us too or not ;] )

February meeting awesomeness and sadness

February was another great meeting. It started with me and ngharo running late then doing the introductions, which there was a lot of. Its always good to see new faces at meetings. Then I broke the sad news that I will be leaving Wisconsin and so dc414 as well, appointed ngharo as new prez and stepped down. Then ngharo said a few words and gave us a glimpse of some of the changes he will be making. Everyone be sure to congratulate ngharo, I can’t wait to see what he does with the place.

Rob started the demos off with hacking a used disposable flash camera and a halogen light bulb to make a handy improvised flash light. I perfect zombie apocalypse type hack. Then he busted out materials for everyone to make their own zombie caution light. It did’t take long for people to start hacking it up even more and did all kinds of crazy things. Vlad was the first to turn things up to 10 by doing something to the transformer in the camera to pump out more voltage and get a brighter light. Then dw5304 and others did their best to blow the capacitors and other things up! Then using the flash bulb that came with the camera and capacitors over 9000 we tried to do some UV tattooing. Next up was Klaiviel doing a key impressioning demo for the newbies in the crowd. Here are some photos of the meeting.

So here it is, my last post on dc414. It has been a fun ride and I will miss everyone. You can still find me on the dc414 irc chan and I will be at meetings via G+ or what ever ngharo sets up for the group. See you out there.

-AA

Format string $20 challenge

At the last meeting I showed everyone how to use a format string vulnerability in a password storage app to bypass the master password and pull data out of memory. That is just one way to exploit this type of vulnerability so I challanged everyone at the meeting to get the app I used “code below” to execute their supplied input. The first person to let me know they got it and do a demo get $20! So it pays to be a little early.

#include < stdio.h >
#include < string.h >

int main (int argc, char *argv[])
{
char** spw = "dc414 pwnz";
char text[1025];
strcpy(text, argv[1]);
if (strcmp(text, "asd123")==0) {
printf("Correct the password is %s \n",spw);
return 0;
}
printf(text);
printf(" is wrong\n");
return 0;
}

Some awesome useful irssi scripts.

If you dont already know to use scripts you have to put any scripts in:

/home/< your_user >/.irssi/scripts/

And to load it into irssi use:

/script load < script_name.pl >

adv_windowlist.pl – If you have lots of windows open in irssi like me this script will make your life much easier. It adds a permanent advanced window list in a statusbar by default. You can configure it to put it on a sidebar if you like.

trackbar.pl – This little script will do just one thing: it will draw a line each time you switch away from a window. This way, you always know just up to where you’ve been reading that window 🙂 It also removes the previous drawn line, so you don’t see double lines.

nickcolor.pl – In channels with lots of activity, all nicks having the same old white color can get a little crazy, this script gives each user is own color and put a little organization to the chaos.

spell.pl – Spell check for irssi. This script takes a little setup. first you have to install Lingua::Ispell and Ispell using the following commands:

$ sudo apt-get install ispell liblingua-ispell-perl

It should pull in a number of other packages including a dictionary. I actually received an error as well, but it seems safe to ignore:

error in control file: `Index' value missing for format `info' at /usr/sbin/install-docs line 709, line 16.

Now load the script into irssi and bind Alt-s as a short cut to check the line you wish to send.
to bind Alt-s type the following into irssi:

/bind meta-s /_spellcheck

Also set the max guesses:

/set spell_max_guesses 3

Now your ready to use this script. After you type a message before you hit enter hit Alt-s and this script if you have any misspelled words and give you up to three guesses for correction.

dc414 donations bucket 2.0

A while back we started using a bucket to collect cash donations at meetings and for a while I have been wanting to trick it out. So I was keeping an eye out for things to add other then blinking lights, then cmoney came home with a powerball advertisement thing from her gas station that has a electric pendulum thing. I wish I had a picture of it but I didn’t have the for site to take one before I took it apart.

So anyway I got right to work on making the bucket pimp. First I made a little board

with a 555 timer blinking light circuit on it.

put some lights on it and wired the pendulum thing to it.

And hot glued it all to the lid of the bucket.

Here is what it looks like all together.

Ok thats it, I hope you think its cool. If you don’t, go fuck your mom.

August meeting awesomeness

Klaiviel started us off by giving us a nice show of binary key card hotel locks popular over seas, showed us a 3d printed key for one of his locks, explained pick proof locks from the 40s that are no longer used but highly effective and how to make them today using regular locks. Then he showed us why he is the second best key impressionist in the world, and made a working key for a lock right in front of us and giving us step by step instructions on how to do it our selves.

I stepped in and gave a quick demo of how I made our new and improved donations bucket which I will be making a blog post on later. Darkwind came packing with a alfa wifi antenna hooked up to a satellite dish! This made a killer directional wifi antenna, we took it up to the roof of bucketworks and got signals from all over including the moon 😛 Ngharo hooked it up to his lappy and cracked a few networks 🙂

After the roof party was over and we got back down stairs Castor gave a DEFCON20 badge hacking demo and showed us how to turn our badges into any other badge type we wanted, then showed us how to make the LEDs on the badge flash out words and stuffs. Then we all just started bull shitting and talking about up coming projects.

Cmoney couldnt make it out so I took a few picture that you can view here. Congrats to darkwind and faraday for winning the dc414 free junk giveaway!!

Arduino Windows Attack Tool

A few meetings back I demoed my Arduino Windows attack tool. The Arduino and shield emulate a keyboard when plugged into a PC. Once triggered it opens the DOS edit program, writes some vbscript to a file called go.vbs, then runs it using wscript. The script downloads a payload from a web server. In the case of the demo it was a reverse shell that connects back to a nc listener from msf. I got the idea from the Social-Engineering Toolkit Teensy USB HID Attack but I dont have/want a teensy so I looked and looked for an Arduino version but all I could find was a USB keyboard lib, so my value add was porting it to the Arduino.

Here is the USB lib I used.

Here is the schematic for the shield: *I added a button on pin 12

Here is the code for the Arduino:

And there you have it, my Arduino Windows attack tool. Its a little messy and hacked together, but it works. Enjoy 🙂

Many thanx to SilkyPantsDan, Rancid Bacon, and Practical Arduino

Modding a Linksys NAS200 to stay cool.

I got the Linksys NAS200 a while back to hold all my music, movies, and TV shows. For a while it worked great and I really liked being able to do streaming and shit from it but I soon found out that the HDDs I had inside the unit where getting supper hot, even to the point that you couldn’t hold them. I of course had a to lose a HDD before I figured that out 🙁 I was just a little upset about this so I opened the unit up to find this weak little fan inside that as hard as it tried it just could not keep the drives cool. Then I decided to beef up the cooling system a little by adding another fan to the mix.

So I found 5v PC fan “for the cooling”, a hot iron “to cut/melt a hole for the fan”, a soldering iron and some solder, a screw driver, and hot glue. Now I would like to say I got it all right the first time around, but I can’t. Now the unit it self runs off of 5v so all I had to do was solder it to the board somewhere. My first attempt was a failure. I tried to solder the new fan to the same terminals that the little weak fan was using. While it did power the fan and work, the unit would eventualy stop responding. I figured the fan was drawing to much power to low in the chain. So I opened’er back up and moved the new fan to the start of the chain, I connected it right where the power comes into the unit. The unit it self runs on 5v and the Linksys power supply that came with it only gives out 5v so no worries there. Then all I had to do was put it all back together, hot glue the fan in place to suck the hot air out and turn it on.

My mod works great and it keeps my HDD’s nice and cool now 🙂 The only down side is it makes a little more noise now and I have to unplug the power from the unit to turn the fan off 😛 And now for some pictures.

Here is the hole I made with some info, the stock fan is on the other side of the unit:

Here is the main board:

Another view of the board:

Here is the end result:

Another view of the end game:

K thats it, peace.

First 2012 meeting recap

January’s meeting had a few kinks but all in all everything went well and we had a few new faces in the crowd. We had some issues with the G+ hangout, but it was our first time and i’m sure it will go smoother the second time around. Then i had video issues while trying to give my LFI attacks demo and had to give a backup demo, but everyone else was awesome.

Darkwind gave his first presentation with dc414 and it was a good one for sure. He showed us some of his modded radio equipment and how to decode all sorts of transmissions, from HAM faxes, pagers, DTMF tones and more being broadcast in the air ways. Talked a little about cell tower emulators and software radios. dw5304 and Klaiviel gave us a run down of how they hacked the new xbox 360 to play ripped games off the HDD in just a few not so easy steps 😛 Then dw5304 have a little demo on resetting passwords on any windows box with just a few key strokes. I gave the last presentation of the night and after my LFI demo fail i was able to give a nice little demo of how the ODiG tool works and how it can aid in pwning networks.

One of the coolest things about the meeting, it was our honor to have Jayson Street join us via G+. We hope to see him at the next meeting. Cmoney couldn’t join us but I was able to snap a few shots here and there which you can view here. The big winner of free dc414 junk was Stephanie, here she is with her winnings: “ALFA usb 802.11n card”
Stephanie and her winnings

dc414’s badge program project.

The badge program project is a little game for hackers, crackers, and phreaks. The goal is to facilitate learning in a fun and interesting way. Each badge has a list of achievements you must obtain to be eligible to get the badge. Some achievements will be as easy as clicking a like button for FB, another might be as hard as having to try and social engineer a password out of a random person. Every time you get a badge you also get a mystery prize!!

The badges them selves are still under development so expect future posts about them as we finish them up. For a list of the badges and their achievements go here. So get started and get your 1337 badge now!