Summer may be coming to a close, but that doesnt mean the hacking fun will stop
We are meeting again this month, same time and place as always!
(That time and place being Dicken’s on Friday Sept 2nd, at 7pm)
Hack the Planet!
-P1nky
༼ つ ❍_❍ ༽つ
Belouve did a presentation on OSINT and TraceLabs. Here are some links relevant to that talk, or from the slide deck:
Join TraceLabs (You will likely need to register and join their Slack)
Hunchly Tool and Hunchly Training
IntelTechniques Menu (select items over on the left side). Also this site is where you can download Buscador OS
CherryTree (To take notes, is cross-platform) and Freeplane (mapping out connections)
I (Belouve) will probably keep this list updated as I get more resources dug up.
Boop. Under construction for now.
An administrative header:
Okay, so on to a summary of cool things we did this past meeting. I’ll update with video and images when I can.
Under construction.
Lots of chatter
This meeting was a lot more social. Less demos, and more talking with each other. Seems to just be the December motif, and that’s fine if it is more social than demos. Lots of beer swapping, candy, and candy corn beer.
Nothing that a good probing can’t fix
There was discussion over tracking down a possible break in an ethernet cable at someone’s place of business. Another hacker was kind enough to bring in an amplifier probe, and demo’d how that would track down a break.
Safe Dial
Messed around with a safe dial that was mounted on an orange acrylic stand. We didn’t know the combination, but we figured it out. And then set a new one.
And in a first for DC414, I will include the details of that combination:
We chose to do the square of 414. 414 x 414. Which is 171396. So the combination is 17-13-96. Congrats, you know the combination to a lock on an acrylic stand, that secures nothing. It is a really janky combination, and talk to one of us and we’ll go over why.
This lock will also probably be tuned and updated. We’ll practice safe dial manipulation later.
But can you pick it with a fork?
This will be the writeup on the lock that we picked with a plastic fork. Pictures and video support this, and will be put here in a fun writeup.
So, again, under construction, but I’m getting something out there as soon as I can.
dc414’s next meet is tomorrow, 2/02/2018. Will the hacker see his shadow? I hope so, because that means he’s at dc414!
Meetings are always 1st Friday of the month. See Locations for details!
-darkwind
Whoa. A meeting recap.
So what did we all do?
Caleb – Presented on Crafting Digital Radio Signals, to Control Things
He has a blog post about his Digital Radio Signals, and that was a majority of what was presented. He was able to do a live demo of the capture of a remote outlet, and replay of the capture.
There was also “a peculiar signal hiccup”, wherein the signal to the remote outlet would not be received. It would be similar to a jamming signal, if jamming radio signals were allowed. Good thing we abide by all RF rules.
He demonstrated the ability to observe vehicle remote locking, and showed the lock and unlock signal.
njRAT v0.7d – Part Two
A part two would make sense with part one, but ::shrug::
Showed off the njRAT v0.7d that came along for the ride on a torrent. njRAT is a remote-access Trojan that has been used for the last few years. A 2013 report from General Dynamics / Fidelis Cybersecurity Solutions goes over detailed indicators, domains, and TTP’s in conjunction with attacks using njRAT. It is also apparently up to version 0.9. The malware is making a comeback, and maybe due to some evasion techniques shown. (or people just continue to be dumb in downloading from torrents. That could be it too)
If njRAT is run, Hey, Look! It’s detected as a virus!
Instead, do some tech magic (someone can add detail) using Base64 in Microsoft Visual Studio. Runs now, the EXE is loaded, and it doesn’t trigger alerts or errors.
And hey, we have a remote desktop!
If we turn on the remote webcam function…
…hey! This is why you should tape over your webcams! And we had keyloggers, microphone access, and chats available too!
So, just don’t trust things that are pirated from the Interwebz.
Do you want this for yourself? Do a search for njRAT or njRAT v0.7d, and you can have it yourself. (or, it seems 0.9 is around) You will have to compile/tinker/tech magic it yourself, though.
Picking on Level 3
Well, not directly. We were shown a few links to see Internet health
Dynatrace , Dynatrace Keynote, and DownDetector
We just couldn’t help noticing how bad Level3 looked at the time.
Hacking the HooToo HT-TM05
So this is a $40 Travel Router, and we can HACK THE SHIT OUT OF IT
Has WiFi built in, (added?) a 128GBD SSD, and it has a full Linux kernel on it now, OpenWRT, and Powered by LuCi. Portable power that also lasts a good portion of the day.
Can do a File Server, put movies onto it, or put a web forum on it. We plan to set one or more of these up and carry them around DEFCON 25.
Relevant GitHub that may be useful
Some were also interested in the PirateBox , that can be built on different hardware for about $35.
Something something CYPHERCON
Yeah. See @cyphercon or cyphercon.com if you have no clue here.
If you have a better recollection of things from our meeting, good for you! Also, we could probably use that info in this update. Comment or edit, or e-mail some DC414 folk about your contributions.
7625 S Howell Ave Oak Creek, WI 53154
Here’s a photo of the building exterior
7625 S Howell Ave, Oak Creek, WI 53154
You can subscribe (ICS) to our Google calendar to be kept up to date with all DC414 events
Thanks to DW5304 for the venue
Media is done, our Year of the Hack is posted above
We had about 25 Hackers from the Greater Milwaukee Area attend February’s meeting. I mention this because it was pointed out that our event RSVPs are not an indicator of how many show up at the meetings.
Cree.py Demo
To start us off, DW5304 did a demo of cree.py
Creepy is a geoloaction OSINT Tool, that offers geolocation information gathering through social networking (twitter, instagram, etc) platforms.
SNMPwalk and SNMP shenanigans
DW5304 also conducted more shenanigans with SNMPwalk and reviewed some SNMP results he had uncovered. There is not a whole lot I have to document within this recap, but you can start learning about SNMPwalk here
DEFCON Groups DC414 video
DEF CON Groups is holding a contest: Year of the Hack
For this, DC414 needs to submit a link to a 3- minute (at least!) YouTube video from DC414 as a whole describing what we’re planning on accomplishing over the year
This was our most difficult demo yet.
Planning? Accomplishing?
And furthermore…video?
We’ve been on video before. We brought up and showed our past appearance on CBS58 (watch it for either nostalgia or the lulz).
Yet we hashed out a plan for the year. We will put together another Know Your Rights event, as that has continued to be our most popular event, and our most popular page on dc414.org. This time the event will be bigger and better, and we will use that as a means to laison with the community.
We had 20+ hackers participate to some level in our video submission. We are not actors, we are very ADD/ADHD. Getting more than 5 hackers on the same page is a feat. Like herding cats.
We got it all done. Some group shots, and some individual interviews. It is all recorded now, and we have a lot of footage that will be slimmed down to both a usable submission and a blooper reel (probably more footage for the blooper reel than anything).
Links to the videos are SUBMISSION and BLOOPER REEL
TENS Demo
To start us off, Vlad brought a special guest to do a demo for us.
Dr. Charles S. Tritt, Ph.D, from MSOE, did a presentation on Human-Human Interface, using a TENS (Transcutaneous electrical nerve stimulation) unit and simulation electrodes. Taken from his document:
This device mimics a relatively common approach to controlling powered prosthetic limbs. Electromyogram signals are picked up from the surface of the skin, amplified, digitized, processed and used to effect the desired control. In this case, the control is via nerve stimulation using a TENS unit.
The ZIP file containing his handout from the meeting (which has the parts list), MSOE lab handouts, and Matlab and Arduino code, can be found here
The total cost of the build is $98
We have some media of the device being used. More will be posted as it is processed. If you have media, videos, or pictures, that’d you’d like to share, please let me know.
Bubbles controlling Belouve (do note that they are husband and wife)
Vlad controlling Bubbles
Cyphercon
Korgo and Belouve presented on the upcoming Cyphercon. DC414 can still get in, though it seems most of DC414 are already attending or volunteering. If you still want to get in, contact Korgo or Belouve.
There will be a booth/space for DC414 and Milwaukee Hackers (basically anyone I recognize as a Milwaukee area hacker) at the Friday part of the convention. We’ll keep it a corporate no-fly zone.
We got a peek at one of the electronic badges for Cyphercon.
Puzzle Lock
Belouve brought a puzzle lock that he received from India. It is claimed to be from the era of Shivaji Maharaj, who reigned from 1674 to 1680. I’m investigating this claim to its age further. Regardless, it’s a cool lock.
I have no video or images for my lock (yet), but I plan to make a video in English of its function and any more details I can find out. However, I found a video of a similar lock here
It’s almost Friday, and as mentioned previously, due to the Holiday falling on a Friday we have moved the meeting to 1/08/2015.
Vlad has a special guest, Dr. Charles Tritt from MSOE will be joining us, and will be giving a demonstration with a TENS unit, somehow facilitating a human-to-human interface. It’ll definitely be a meeting to remember!
See you there!
-darkwind
darkwind tried to show off a pager hacking demo. I believe we were getting some new and unknown interference on the RF band he was trying to hack. Not going to call this one as a demo fail, since the new RF interference is interesting.
DAS BOOT. We lockpicked a TRIMAX car boot, using a BIC pen. I think time from the package being opened to it being picked was less than 30 min. Once we got a process going, we could pick it in under 17 seconds, just a BIC pen. Video exists of this, we’ll try to get it put up soon. TRIMAX: your product sucks, BIC: your products rule.
Watch a video of the TRIMAX fail
<REDACTED2> showcased a hack to Southwest’s boarding zone/boarding number system. Want to be in line as A17 and not B47? <REDACTED2> showed us how.
We also discussed a new DC414 DEFCON Groups point-of-contact. That has now been set and communicated to the DEFCON person responsible. We’ll once again be recognized as an active group!
Titles are updated. If you look under the contact portion of our page, most of the goofy titles will be updated there.
You’ll note I left some names out as <REDACTED>. If you want your name/nickname there, let me know. I don’t want our recaps to be a blast of “CRASH OVERLOAD HAXXORD THE GIBSON” to the Internet and anyone who may see it and cause trouble for the person who did the hack. (Some names have since been approved to be un-redacted)
That’s all the demos I can recall.
Next meeting: Jan 8th, 2016.
