April fun

Aprils meeting wasn’t for fools, it was for hackers ๐Ÿ˜› It was another awesome meeting full of beer, pizza, lulz, and hacks. dw5304 got the night rolling with how to bypass windows 7 login password, then went on to talk bout how to pwn Time Warner internet! Then Klaiviel gave us a 101 style schooling on hand cuffs, tumbler, combo, and tubular locks and some others! He also covered some car locks, key impression and stuff. He explained the different picking methods and the tools of the trade. Ngharo and I topped off by giving the talk we have prepared for THOTCON! It went well but it is clear we need a little practice before the big event.

Here are some pictures from the meeting thanx to cmoney. Congrats to Klaiviel for getting so many achievements for the Lock Master badge in one night and to The Professor for winning the dc414 free junk giveaway!! He got a awesome CD/DVD/DVD-R external drive “lol”, enjoy!

Big winner of free dc414 junk ๐Ÿ™‚

dc414 HashDB opening.

Here is another goody from dc414. HashDB is our MD5/SHA256/SHA384/SHA512/NTLM/LM cracker ๐Ÿ™‚ The hash counts are totally user driven, that is the database only gets bigger if you help make it that way. Aside from the options given on the site to add to the database, every query made using ENCOSH gets added to the database. So do your part and help make it bigger!! Enjoy!!!1

March meeting madness!

March’s meeting was filled with all sorts of shenanigans. dw5304 started things off with a little demo of Windows Server 8 and some of its improved features and functions.

Ngharo kept the OS ball rolling by going over some Linux 101 and while he was showing us how grep can be used to find wanted data in Apache logs Castor pulled a little prank on Ngharo and left a message in the logs for him ๐Ÿ˜› Every one got a big laugh out of it. Ngharo also has promised to give a new Linux demo every meeting!

Then I stepped in and gave a demo on how to use temp XSS attacks to gain access to user accounts on web sites, the target in this case was Daily Motion using a known vector. It was complete with a explanation of the attack string, the payload, how to use it, and how to fix it. I gave the room the opportunity to hack my Daily Motion account, using the cookie stolen during my demo which turned out to be a bad idea, Ngharo thought it was cute to replace my profile picture with the index picture from lemonparty2 ๐Ÿ˜ Yeah, ok I loled hard at that one ๐Ÿ™‚

Then The Professor showed us how to use “The Social Engineering Tool Kit” to phish n00bs and pwn their passwords! He gave us a step by step of how to copy a website, how to access the phish page, and what happens when its used. Then we all talked about how to know when your being phished. It was a great first demo from The Professor.

A big congrats to The Professor for winning the dc414 Free Junk Giveaway “pic below”, Enjoy your new Launchpad ๐Ÿ™‚ Here are some other pictures from the awesome Cmoney.

The big winner:

SIDE NOTE:
The next morning with a slight hangover I open my email and find this from Daily Motion:
Hello anarchyang31,

The avatar of your Dailymotion account “anarchyang31” has been deleted due to non respect of the General Terms Of Use (inappropriate content).
In any event, we ask that you observe those conditions. You can review them by clicking here: http://www.dailymotion.com/legal/terms

After 5 deleted avatars, you will no longer be able to change it and it will be replaced with a default avatar.

You can upload a new avatar by clicking here: http://www.dailymotion.com/profile/avatar

Best regards,


The Dailymotion Team

LMAO thanx Ngharo. Ok thats it, later.

dc414 night out and other news

Join me and the rest of the bunch at Dave & Busters at 5pm on February 19th for some food, drinks, and fun! Come pimping your dc414 shirt for a chance to win $10 in free game play!! I hope to see everyone there!!

D&B addr:
2201 North Mayfair Road
Wauwatosa, WI 53226

In other news I have completed the Badge Program spread sheet, so now you can track yours and other peoples status in the program. So if you haven’t started on your badge yet, get to it now!

dc414 meeting lulz – 2.3.12

February’s meeting was another one for the books. We had a full blown G+ hangout setup complete with a projector and a hand cam. A big thanks to bneu for providing the cam and darkwind for the capture device. I started the night off by making few bigย announcementsย about me and ngharo speaking at THOTCON and how dc414 was picked by OpenDNS as a awesome user group “more on this later”. Then dw5304 informed us of Bucketworks network and finanical situation and I’m proud to say dc414 stepped up right away. bneu is making a huge network equipment donation to Bucketworks, all dc414 donations for the night went to Bucketworks, and dc414 is going to put together a fundraiser for Bucketworks. More on all this later.

I started the presentations off with a big fail on cracking wep “ikr” I felt like a total n00b. I can do it I swear, lol. I did redeem my self by owning a VM system on a PBX by using a 0day I have “No I will not be giving out details on this, other then to those at the meeting and I will never do it again. Its mine!” I didn’t stop there, to further redeem my self I gave a little demo on fimap and opened up a shell on a live compromised server ๐Ÿ™‚ The fun wasn’t over yet. Vladimir gave us the 101 on Cat5 cable and a step by step to making your own cables. Then Vladimir and Darkwind had a cable making race and Darkwind smoked Vladimir bad! Thats not all, dw5304 replaced the back light on an old laptop, something I didn’t even know you could do. He took the screen apart and explain each step, then Vladimir schooled us on just how LCD’s and such work. Thank you every one for your hard work!

Thanks to cmoney we have tons of great pictures from our last meeting here. Congrats go out to the free dc414 junk give a way winners, Dan, Darkwind, and to Joel for winning the free THOTCON ticket.

Here is Dan and his new palm one mobile keyboard:

Darkwind and his ALFA 802.11n usb card:

Here is Joel after winning the THOTCON ticket:

Ok thats it, peace out.

WIN a free pass to THOTCON 0x3 and go with dc414!

Ngharo and I will be giving a talk at THOTCON 0x3 in April and one “maybe two” lucky dc414 member(s) are coming with us! Our talk is titled “How I fucked your grandma”. It’s about the security implications of social communication, activity/wellness monitoring and home automation technology we are putting in the homes of the elderly designed for aging in place and the risks that go with it. It should be a good time and I know a good number of other dc414 members already have tickets so im sure we will also be raising some hell as well! ๐Ÿ™‚ As a speaker I will have access to free beer….I hope our talk is early… if not I hope I’m not too wasted to stand by the time we go up, lol, and I hope to see you there!

For a chance to win a free ticket to THOTCON 0x3 just be at the next dc414 meeting, it will be part of the dc414 free junk give away.

First 2012 meeting recap

January’s meeting had a few kinks but all in all everything went well and we had a few new faces in the crowd. We had some issues with the G+ hangout, but it was our first time and i’m sure it will go smoother the second time around. Then i had video issues while trying to give my LFI attacks demo and had to give a backup demo, but everyone else was awesome.

Darkwind gave his first presentation with dc414 and it was a good one for sure. He showed us some of his modded radio equipment and how to decode all sorts of transmissions, from HAM faxes, pagers, DTMF tones and more being broadcast in the air ways. Talked a little about cell tower emulators and software radios. dw5304 and Klaiviel gave us a run down of how they hacked the new xbox 360 to play ripped games off the HDD in just a few not so easy steps ๐Ÿ˜› Then dw5304 have a little demo on resetting passwords on any windows box with just a few key strokes. I gave the last presentation of the night and after my LFI demo fail i was able to give a nice little demo of how the ODiG tool works and how it can aid in pwning networks.

One of the coolest things about the meeting, it was our honor to have Jayson Street join us via G+. We hope to see him at the next meeting. Cmoney couldn’t join us but I was able to snap a few shots here and there which you can view here. The big winner of free dc414 junk was Stephanie, here she is with her winnings: “ALFA usb 802.11n card”
Stephanie and her winnings