dc414 November meeting’s awesomeness

Well Novembers meeting was one of our best for sure! Many thanks to James and Bucketworks for putting the safe opening event together and letting us play with your locks and junk, you are the best! It all started with everyone just fucking off enjoying some snacks, cold beers, and some tunes. Then Klaiviel and James got the party started.

Klaiviel gave us a little intro to the safe, its lock, and some of the history all the while James was playing the roll of Geraldo all too well and dropping the lulz like no one. Once the safe was open there was a mad dash to see what was inside!! Lots of brooms, paper and some beta tapes suspected to be vintage pron. Cmoney took lots of pictures and video “below” of the safe opening.

After the party died down a little bit we talked about a issue one of our members is having with china and how to resolve them. Then ngharo and I gave a small demo on physical security and some of the tools one might use. We focused on Switchblade and an Arduino USB keyboard emulator “this is a post for another day” to pwn the shit out of windows, man that was fun. Ok thats it, peace.

F4r4d4y jr won an IE6 admin pack
Winner of free dc414 junk

The following videos are just og the safe opening and viewing of the contents:
pt1

pt2

Full video of the party
http://www.ustream.tv/recorded/18313140

 

My lame IR copy toy pt2

Some of you might remember the first post on my lame IR copy toy. Well I have tweaked the code a little and put it all on a nice little PCB board that fits great over the Arduino, here is the “finished” project:

Heres some video of it working:

Heres it being used to control a helicopter:

Here is the code:

One thing I left out of my first post is in order for this to work you have to use this IR remote library from Ken Shirriff. Thats it, peace.

October meeting recap.

October’s meeting was awesome as always and we had a few new faces which is always a good thing! We all hacked away at Windows Server 8 for a bit and found a few bugs, but unfortunately for the n00bs the meeting didn’t really get popping until after they let :/

ngharo gave us all a great talk on the wall of sheep. How he coded it, what he coded it in, what other software was used, and all the challenges that came up along the way. Dark Wind brought a toy remote controlled helicopter that uses IR for control, we found out my IR copy toy could be used to copy codes from the remote and take control of the helicopter 🙂 I was excited to finally get to use my 1337 IR copy toy on something!!

After all the IR fun there was a little talk about making a arduino based safe cracker to get into the safe at Bucketworks, that should be a cool project once its all done. Then I showed everyone how to make their own resisters with little more the a piece of paper and a pencil. The DIY fun didn’t stop there, I also demo’ed how to make capacitors using just tin foil, cling wrap, tap and some wire! Then while trying to make the home made capacitor blow up we did found out that if you expose it to high voltage, like the kind coming out of a wall outlet, it will start buzzing and expanding 🙂

A congrats to Dark Wind on winning the dc414 free junk give away, he got Red Hat Linux 6.1 enterprise with the extended support package 😛 Here is some pictures courtesy of cmoney “tyvm cmoney”, I didn’t get a pic of Dark Wind with his winning because, idk, I failed. Ok thats it see you next time.

BarCamp – Post Conference Report

DC414 got a lot of exposure at BarCamp.  We were the only peeps that setup in “the commons” where most everyone would pass through while entering the building.  This was also the area that lightning talks, introductions, and closing events took place.

Wall of Sheep
The wall was a great success for the most part.  Initially, we had to manually sniff and enter sheep onto the wall.  This was becoming a pain in the ass.  We finally got it automated by taking a log from ettercap and piping it into a ruby script which would post to simple webservice.  The source can be found here.  In the afternoon we started getting flooded with fake logins to gmail.com from a user on the network.  Some nerd had scripted this to create chaos upon us!  Unfortunately, we were tapped onto the network at such a point were we would not see local IPs for the source of traffic.  I lol’d and set dw5304 on the hunt to track the user down.  We knew he was using ruby as that’s what the user-agent string was.  dw5304 quickly found him and we all had a laugh.  The scripter gave a lightning talk on his mischief later in the evening.  We’d like to expand on the current scripts and tweak our filters to automate even more types of insecure communications.

The overall atmosphere was very, very hacker friendly.  I had fun listening in to Klaiviel, Vlad, and darkwind troll some unfortunate hotel workers on their radios.  We also did a bit of urban exploration in Bucketwork’s basement … with a 1w laser 😉  Klaiviel did an awesome job presenting on lock picking/etc.  It was funny how Klaiviel showed up with like 5x as many locks and equipment as the guy who was hosting the lockpicking session.  There is safe at Bucketworks that they need assistance opening … Klaiviel did a bunch of research and came to the conclusion that he will need to brute force it.  I’m hoping dc414 can come together and make this happen.  dw5304 dropped a lot of knowledge to people coming by our setup.  Much thanks to all the equipment and dedication he brought to BarCamp.

Some very smart folks were creeping around and while I personally did not see many presentations, I still learned a lot.  We gave out a ton of stickers, flyers, window clings (thanks cmoney and Anarchy).  With that we should see new peeps start showing up to meetings.

dc414 @ barcamp mke

We are proud to announce that dc414 will have a little area at barcamp mke this year! We will be selling stickers, taking orders for shirts, handing out fliers, showcasing some of our past projects and running a DEFCON style wall of sheep “with a dc414 twist”!! Should be lots of fun so come check out our area and barcamp!

To keep up to date with dc414’s activities at barcamp mke you can follow us on our mailing list, facebook, and twitter. Hope to see you there.

Introducing ENCOSH

dc414 is happy to bring you ENCOSH, a online encoding and hashing app. You just feed ENCOSH a string and it will hash it using MD4, MD5, SHA1, SHA256, SHA384, SHA512, LM, NTLM and encodes it using Base64, ROT13, HEX, URL, RawURL then spits them all out for you. I had used it as a personal tool for a long time and got lots of use out of it for sql injections and what not so im sure someone else will as well, so enjoy 🙂

Know you rights event post…..blog post and news

The know your rights event was a huge success!! We took a bunch of pictures which we will be uploading later. I big thanks to Candlelight Collective, Waring R. Fincke, M.Peters Trucking, and the dc414 crew for making the event happen!!

And in other news, because most of us will be at DEFCON at the time our normal dc414 meeting takes place we will be moving the date to August 12th. Things will be back to normal in September.

June 2011 meeting recap

I know this post is a little late but we have been busy with other stuff, and my mom always said better late then never. Valdimir started us off with a fun demo of his magnetic card reader “vid below”, which could also write to a card but he didnt have the right software, he said he will be getting the right stuff soon. Then he came out with the big guns, a 3G/cell phone jammer!! This thing was all kinds of fun, and i uploaded a little vid of one of the demos we did with it “bellow”. The awesomeness didn’t end there, dw5304 gave us a nice demo of ZFS and showed off some of its more robust features. One of my personal favorite features was being able to pipe snap shots to anything!! Congrats to Darkwind for beeing last meetings winner of free junk from dc414!! Here are some pics taken at dc414.

Darkwind and his winnings!

Vlad reading cards:

Vlad be jammin:

Defend Online Anonymity – Set Up a Tor Relay

Got this in a email from the good people over at EFF:

Dear Anarchy,
We use Tor to access our website and to publish to our blog, which is blocked inside of our country. — Iranian human rights activist
If you could do something to make the Internet safer and more private for activists, investigative journalists, and humanitarian aid workers around the world, would you?

You can.

Today EFF is launching the Tor Challenge—a campaign to encourage Internet users all over the world to support the Tor network by operating relays.

Tor is a service that helps you to protect your anonymity while using the Internet and allows you to circumvent Internet censorship. When you use the Tor software, your real IP address remains hidden. Activists all over the world depend on Tor to maintain anonymity when communicating and accessing websites that have been blocked by their governments.

The Tor software depends on the Tor network, which is made up of Tor relays operated by individuals like you. The more Tor relays we have running, the faster, more secure and more robust the Tor network becomes.

Are you ready to help Internet activists all over the world?

Click here to see how and learn more.
Defending your digital rights,

The EFF Activism Team

This is a great idea and more ppl should run tor exit relays, but it does not come with out some pains. I kept on getting DMCA notices so i had to employ a few exit policy rules on my relay. Here is the ones im using.

ExitPolicy accept *:20-23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464-465 # kpasswd, SMTP over SSL
ExitPolicy accept *:543-544
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:587 # SMTP
ExitPolicy accept *:706
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904
ExitPolicy accept *:981
ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL
ExitPolicy accept *:1194 # openvpn
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082-2083 # Radius
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6666-6667 #IRC
ExitPolicy accept *:6679
ExitPolicy accept *:6697
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:19638
ExitPolicy reject *:*

So anyway, yes everyone should run a tor relay and should also use the above for your tor relay config. On ubuntu boxes just search for ExitPolicy in /etc/tor/torrc and past it in. Be sure to comment out any pre-existing exit policies. Ok go set up a tor exit relay already!!

May 2011 meeting

Another awesome meeting with dc414 this month. dw5304 pwned us all with his GPS jammer, and a ardunio RFID reader. The laser mic from last months meeting was busted out for a while and ngharo brought his oscilloscope which we used to mess with the RFID reader. Vladimir had some killer lasers, one of which we used to light a cig 😀 Check out the vids below to see some of the fun 🙂

The laser lighter – https://www.youtube.com/watch?v=FRFPO2X-Mao

Ardunio RFID reader demo – https://www.youtube.com/watch?v=PfCxP5Huoxw

oscilloscope + RFID play time – https://www.youtube.com/watch?v=4c5NK9idhtA