March meeting madness!

March’s meeting was filled with all sorts of shenanigans. dw5304 started things off with a little demo of Windows Server 8 and some of its improved features and functions.

Ngharo kept the OS ball rolling by going over some Linux 101 and while he was showing us how grep can be used to find wanted data in Apache logs Castor pulled a little prank on Ngharo and left a message in the logs for him 😛 Every one got a big laugh out of it. Ngharo also has promised to give a new Linux demo every meeting!

Then I stepped in and gave a demo on how to use temp XSS attacks to gain access to user accounts on web sites, the target in this case was Daily Motion using a known vector. It was complete with a explanation of the attack string, the payload, how to use it, and how to fix it. I gave the room the opportunity to hack my Daily Motion account, using the cookie stolen during my demo which turned out to be a bad idea, Ngharo thought it was cute to replace my profile picture with the index picture from lemonparty2 😐 Yeah, ok I loled hard at that one 🙂

Then The Professor showed us how to use “The Social Engineering Tool Kit” to phish n00bs and pwn their passwords! He gave us a step by step of how to copy a website, how to access the phish page, and what happens when its used. Then we all talked about how to know when your being phished. It was a great first demo from The Professor.

A big congrats to The Professor for winning the dc414 Free Junk Giveaway “pic below”, Enjoy your new Launchpad 🙂 Here are some other pictures from the awesome Cmoney.

The big winner:

SIDE NOTE:
The next morning with a slight hangover I open my email and find this from Daily Motion:
Hello anarchyang31,

The avatar of your Dailymotion account “anarchyang31” has been deleted due to non respect of the General Terms Of Use (inappropriate content).
In any event, we ask that you observe those conditions. You can review them by clicking here: http://www.dailymotion.com/legal/terms

After 5 deleted avatars, you will no longer be able to change it and it will be replaced with a default avatar.

You can upload a new avatar by clicking here: http://www.dailymotion.com/profile/avatar

Best regards,


The Dailymotion Team

LMAO thanx Ngharo. Ok thats it, later.

Warning ! Your account a Aol was limited

but… I don’t even have a Aol account, however thats of no concern to the fools that sent me this nice little phishing email:

Delivered-To: XXX@gmail.com
Received: by 10.42.218.8 with SMTP id ho8cs188088icb;
Sat, 2 Apr 2011 20:49:38 -0700 (PDT)
Received: by 10.43.56.140 with SMTP id wc12mr7828120icb.237.1301802578076;
Sat, 02 Apr 2011 20:49:38 -0700 (PDT)
Return-Path:
Received: from cl-t009-331cl.privatedns.com (cp1.likuid.com [64.15.156.140])
by mx.google.com with ESMTPS id xe4si10607558icb.57.2011.04.02.20.49.37
(version=TLSv1/SSLv3 cipher=OTHER);
Sat, 02 Apr 2011 20:49:38 -0700 (PDT)
Received-SPF: neutral (google.com: 64.15.156.140 is neither permitted nor denied by best guess record for domain of nobody@cl-t009-331cl.privatedns.com) client-ip=64.15.156.140;
Authentication-Results: mx.google.com; spf=neutral (google.com: 64.15.156.140 is neither permitted nor denied by best guess record for domain of nobody@cl-t009-331cl.privatedns.com) smtp.mail=nobody@cl-t009-331cl.privatedns.com
Received: from nobody by cl-t009-331cl.privatedns.com with local (Exim 4.69)
(envelope-from )
id 1Q6EJl-0006w2-N4
for XXX@gmail.com; Sat, 02 Apr 2011 23:49:37 -0400
To: XXX@gmail.com
Subject: Warning ! Your account a Aol was limited
X-PHP-Script: compagnelic.com/Skpy2.php for 81.192.139.76
From: Service Aol
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Sat, 02 Apr 2011 23:49:37 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cl-t009-331cl.privatedns.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - cl-t009-331cl.privatedns.com



AOL April 2011


Dear AOL Customer,

As part of our security measures,We regularly check the work of the AOL screen. We demand information to you for the following reason :

Our system detected unusual charges to a credit card linked to your AOL account.

This is the final reminder to log in to AOL as soon as possible. Once you are connected. AOL will provide you with steps to restore access to your account .

Secure Server


Click here to confirm

Once connected, follow the steps to activate your account. Thank you for your understanding as we work to ensure account security .
We appreciate your attention to this
question. Please understand that this is a security measure aimed at protecting you and your account. We apologize for any inconvenience ..


Thank you for using AOL!


This notification was sent to you by AOL. To change your notification preferences, log into your AOL account, click the Profile sub-tab, then click the Notifications link under Account Information. Changes take up to 10 days to be reflected in our mailings. AOL will not sell or rent your personally identifiable information to tiers.Pour more information about the security of your information, read our privacy policy at https://www.aol.com/privacy .

Copyright © 2011 AOL Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. AOL is located at 2211 First St. N., San Jose, CA 95131.


Well since I dont have a Aol account the first thing I did was take a close look at the headers where I found this little bit of info:

X-PHP-Script: compagnelic.com/Skpy2.php for 81.192.139.76

So I stopped by compagnelic.com/Skpy2.php which happen to be a php script for mass emails from some M£NaBiLo$ss guy. I also followed the link given in the email which takes me to some fake Aol connection page that forwards to a phishing site geared to get all your personal information! The form submits to a “HiTman.php” that when I tried to visit, it just sent me along to aol.com. All in all not a very good attempt “less spelling and loading errors would help”, I have seen better but thanx for the lulz and the online anonymous email app 😀