Arduino Windows Attack Tool

A few meetings back I demoed my Arduino Windows attack tool. The Arduino and shield emulate a keyboard when plugged into a PC. Once triggered it opens the DOS edit program, writes some vbscript to a file called go.vbs, then runs it using wscript. The script downloads a payload from a web server. In the case of the demo it was a reverse shell that connects back to a nc listener from msf. I got the idea from the Social-Engineering Toolkit Teensy USB HID Attack but I dont have/want a teensy so I looked and looked for an Arduino version but all I could find was a USB keyboard lib, so my value add was porting it to the Arduino.

Here is the USB lib I used.

Here is the schematic for the shield: *I added a button on pin 12

Here is the code for the Arduino:

And there you have it, my Arduino Windows attack tool. Its a little messy and hacked together, but it works. Enjoy πŸ™‚

Many thanx to SilkyPantsDan, Rancid Bacon, and Practical Arduino

June meeting recap

June’s meeting was great! More new faces, lots of beer, and plenty of pizza πŸ™‚ Ngharo got things started by making a few announcements like our new VPN that is available for donating members, and asking everyone what they are hacking ATM and what they wanna hack next. I was up next and talked about the new server and some of the sections of the site. Then Ulic gave us all the 411 on the Flamer virus sweeping the middle east and some of its unique features. dw5304 took over and gave a sweet demo on how to hack/mod the xbox360, complete with code and points of solder. We got some great pictures this time thanx to cmoney which you can view here. Congrats to nikto, Tony, and Ulic for winning the dc414 free junk giveaway.

Here is nikto and his dc414 junk πŸ™‚

May meeting recap.

May’s meeting was off the hook, one of our best yet! Lots of new faces which is always nice, good demos, and good beer. Ngharo started it off by talking about the hackathon and THOTCON. Klaiviel did his lock master thing and said a few words about TOOOL. Darkwind gave a awesome demo on sniffing pagers. Its crazy to see all the pager traffic that is still out there. Then I showed off my Arduino windows attack tool and pwned a windows 7 box, There will a blog post about that later. Congrats to Genero for winning the dc414 free junk giveaway! I did take a bunch of pictures but my phone was full of fail and didn’t save any of them πŸ™ so no pictures of the meeting this time, sorry. I promise to do better next time πŸ˜› later.

THOTCON greatness

This was the best THOTCON I have been to yet! Awesome talks, awesome beer, awesome food, and awesome people kinda sums it up for this year. Mine and ngharo’s talk went really well, and so far I have had lots of good feed back. I was a little drunk by the time we did our talk so that helped a lot, lol. My favorite talk was “Owning Payphones: 3650-Day Exploits” from savant, dude did a wonderful job and violated payphones in dirty ways! The one I learned the most from was “You put what in your DNS record?” from Mubix, yeah zone transfers are old school and I been using it for ever, but I had no idea you could do it to com and stuff, lol. Here are some pics of the swag and the con. Enjoy.

Me and ngharo giving our talk:

April fun

Aprils meeting wasn’t for fools, it was for hackers πŸ˜› It was another awesome meeting full of beer, pizza, lulz, and hacks. dw5304 got the night rolling with how to bypass windows 7 login password, then went on to talk bout how to pwn Time Warner internet! Then Klaiviel gave us a 101 style schooling on hand cuffs, tumbler, combo, and tubular locks and some others! He also covered some car locks, key impression and stuff. He explained the different picking methods and the tools of the trade. Ngharo and I topped off by giving the talk we have prepared for THOTCON! It went well but it is clear we need a little practice before the big event.

Here are some pictures from the meeting thanx to cmoney. Congrats to Klaiviel for getting so many achievements for the Lock Master badge in one night and to The Professor for winning the dc414 free junk giveaway!! He got a awesome CD/DVD/DVD-R external drive “lol”, enjoy!

Big winner of free dc414 junk πŸ™‚

dc414 HashDB opening.

Here is another goody from dc414. HashDB is our MD5/SHA256/SHA384/SHA512/NTLM/LM cracker πŸ™‚ The hash counts are totally user driven, that is the database only gets bigger if you help make it that way. Aside from the options given on the site to add to the database, every query made using ENCOSH gets added to the database. So do your part and help make it bigger!! Enjoy!!!1

March meeting madness!

March’s meeting was filled with all sorts of shenanigans. dw5304 started things off with a little demo of Windows Server 8 and some of its improved features and functions.

Ngharo kept the OS ball rolling by going over some Linux 101 and while he was showing us how grep can be used to find wanted data in Apache logs Castor pulled a little prank on Ngharo and left a message in the logs for him πŸ˜› Every one got a big laugh out of it. Ngharo also has promised to give a new Linux demo every meeting!

Then I stepped in and gave a demo on how to use temp XSS attacks to gain access to user accounts on web sites, the target in this case was Daily Motion using a known vector. It was complete with a explanation of the attack string, the payload, how to use it, and how to fix it. I gave the room the opportunity to hack my Daily Motion account, using the cookie stolen during my demo which turned out to be a bad idea, Ngharo thought it was cute to replace my profile picture with the index picture from lemonparty2 😐 Yeah, ok I loled hard at that one πŸ™‚

Then The Professor showed us how to use “The Social Engineering Tool Kit” to phish n00bs and pwn their passwords! He gave us a step by step of how to copy a website, how to access the phish page, and what happens when its used. Then we all talked about how to know when your being phished. It was a great first demo from The Professor.

A big congrats to The Professor for winning the dc414 Free Junk Giveaway “pic below”, Enjoy your new Launchpad πŸ™‚ Here are some other pictures from the awesome Cmoney.

The big winner:

SIDE NOTE:
The next morning with a slight hangover I open my email and find this from Daily Motion:
Hello anarchyang31,

The avatar of your Dailymotion account “anarchyang31” has been deleted due to non respect of the General Terms Of Use (inappropriate content).
In any event, we ask that you observe those conditions. You can review them by clicking here: http://www.dailymotion.com/legal/terms

After 5 deleted avatars, you will no longer be able to change it and it will be replaced with a default avatar.

You can upload a new avatar by clicking here: http://www.dailymotion.com/profile/avatar

Best regards,


The Dailymotion Team

LMAO thanx Ngharo. Ok thats it, later.

dc414 meeting lulz – 2.3.12

February’s meeting was another one for the books. We had a full blown G+ hangout setup complete with a projector and a hand cam. A big thanks to bneu for providing the cam and darkwind for the capture device. I started the night off by making few bigΒ announcementsΒ about me and ngharo speaking at THOTCON and how dc414 was picked by OpenDNS as a awesome user group “more on this later”. Then dw5304 informed us of Bucketworks network and finanical situation and I’m proud to say dc414 stepped up right away. bneu is making a huge network equipment donation to Bucketworks, all dc414 donations for the night went to Bucketworks, and dc414 is going to put together a fundraiser for Bucketworks. More on all this later.

I started the presentations off with a big fail on cracking wep “ikr” I felt like a total n00b. I can do it I swear, lol. I did redeem my self by owning a VM system on a PBX by using a 0day I have “No I will not be giving out details on this, other then to those at the meeting and I will never do it again. Its mine!” I didn’t stop there, to further redeem my self I gave a little demo on fimap and opened up a shell on a live compromised server πŸ™‚ The fun wasn’t over yet. Vladimir gave us the 101 on Cat5 cable and a step by step to making your own cables. Then Vladimir and Darkwind had a cable making race and Darkwind smoked Vladimir bad! Thats not all, dw5304 replaced the back light on an old laptop, something I didn’t even know you could do. He took the screen apart and explain each step, then Vladimir schooled us on just how LCD’s and such work. Thank you every one for your hard work!

Thanks to cmoney we have tons of great pictures from our last meeting here. Congrats go out to the free dc414 junk give a way winners, Dan, Darkwind, and to Joel for winning the free THOTCON ticket.

Here is Dan and his new palm one mobile keyboard:

Darkwind and his ALFA 802.11n usb card:

Here is Joel after winning the THOTCON ticket:

Ok thats it, peace out.

Modding a Linksys NAS200 to stay cool.

I got the Linksys NAS200 a while back to hold all my music, movies, and TV shows. For a while it worked great and I really liked being able to do streaming and shit from it but I soon found out that the HDDs I had inside the unit where getting supper hot, even to the point that you couldn’t hold them. I of course had a to lose a HDD before I figured that out πŸ™ I was just a little upset about this so I opened the unit up to find this weak little fan inside that as hard as it tried it just could not keep the drives cool. Then I decided to beef up the cooling system a little by adding another fan to the mix.

So I found 5v PC fan “for the cooling”, a hot iron “to cut/melt a hole for the fan”, a soldering iron and some solder, a screw driver, and hot glue. Now I would like to say I got it all right the first time around, but I can’t. Now the unit it self runs off of 5v so all I had to do was solder it to the board somewhere. My first attempt was a failure. I tried to solder the new fan to the same terminals that the little weak fan was using. While it did power the fan and work, the unit would eventualy stop responding. I figured the fan was drawing to much power to low in the chain. So I opened’er back up and moved the new fan to the start of the chain, I connected it right where the power comes into the unit. The unit it self runs on 5v and the Linksys power supply that came with it only gives out 5v so no worries there. Then all I had to do was put it all back together, hot glue the fan in place to suck the hot air out and turn it on.

My mod works great and it keeps my HDD’s nice and cool now πŸ™‚ The only down side is it makes a little more noise now and I have to unplug the power from the unit to turn the fan off πŸ˜› And now for some pictures.

Here is the hole I made with some info, the stock fan is on the other side of the unit:

Here is the main board:

Another view of the board:

Here is the end result:

Another view of the end game:

K thats it, peace.