dc414 meeting lulz – 2.3.12

February’s meeting was another one for the books. We had a full blown G+ hangout setup complete with a projector and a hand cam. A big thanks to bneu for providing the cam and darkwind for the capture device. I started the night off by making few big announcements about me and ngharo speaking at THOTCON and how dc414 was picked by OpenDNS as a awesome user group “more on this later”. Then dw5304 informed us of Bucketworks network and finanical situation and I’m proud to say dc414 stepped up right away. bneu is making a huge network equipment donation to Bucketworks, all dc414 donations for the night went to Bucketworks, and dc414 is going to put together a fundraiser for Bucketworks. More on all this later.

I started the presentations off with a big fail on cracking wep “ikr” I felt like a total n00b. I can do it I swear, lol. I did redeem my self by owning a VM system on a PBX by using a 0day I have “No I will not be giving out details on this, other then to those at the meeting and I will never do it again. Its mine!” I didn’t stop there, to further redeem my self I gave a little demo on fimap and opened up a shell on a live compromised server 🙂 The fun wasn’t over yet. Vladimir gave us the 101 on Cat5 cable and a step by step to making your own cables. Then Vladimir and Darkwind had a cable making race and Darkwind smoked Vladimir bad! Thats not all, dw5304 replaced the back light on an old laptop, something I didn’t even know you could do. He took the screen apart and explain each step, then Vladimir schooled us on just how LCD’s and such work. Thank you every one for your hard work!

Thanks to cmoney we have tons of great pictures from our last meeting here. Congrats go out to the free dc414 junk give a way winners, Dan, Darkwind, and to Joel for winning the free THOTCON ticket.

Here is Dan and his new palm one mobile keyboard:

Darkwind and his ALFA 802.11n usb card:

Here is Joel after winning the THOTCON ticket:

Ok thats it, peace out.

Modding a Linksys NAS200 to stay cool.

I got the Linksys NAS200 a while back to hold all my music, movies, and TV shows. For a while it worked great and I really liked being able to do streaming and shit from it but I soon found out that the HDDs I had inside the unit where getting supper hot, even to the point that you couldn’t hold them. I of course had a to lose a HDD before I figured that out 🙁 I was just a little upset about this so I opened the unit up to find this weak little fan inside that as hard as it tried it just could not keep the drives cool. Then I decided to beef up the cooling system a little by adding another fan to the mix.

So I found 5v PC fan “for the cooling”, a hot iron “to cut/melt a hole for the fan”, a soldering iron and some solder, a screw driver, and hot glue. Now I would like to say I got it all right the first time around, but I can’t. Now the unit it self runs off of 5v so all I had to do was solder it to the board somewhere. My first attempt was a failure. I tried to solder the new fan to the same terminals that the little weak fan was using. While it did power the fan and work, the unit would eventualy stop responding. I figured the fan was drawing to much power to low in the chain. So I opened’er back up and moved the new fan to the start of the chain, I connected it right where the power comes into the unit. The unit it self runs on 5v and the Linksys power supply that came with it only gives out 5v so no worries there. Then all I had to do was put it all back together, hot glue the fan in place to suck the hot air out and turn it on.

My mod works great and it keeps my HDD’s nice and cool now 🙂 The only down side is it makes a little more noise now and I have to unplug the power from the unit to turn the fan off 😛 And now for some pictures.

Here is the hole I made with some info, the stock fan is on the other side of the unit:

Here is the main board:

Another view of the board:

Here is the end result:

Another view of the end game:

K thats it, peace.

WIN a free pass to THOTCON 0x3 and go with dc414!

Ngharo and I will be giving a talk at THOTCON 0x3 in April and one “maybe two” lucky dc414 member(s) are coming with us! Our talk is titled “How I fucked your grandma”. It’s about the security implications of social communication, activity/wellness monitoring and home automation technology we are putting in the homes of the elderly designed for aging in place and the risks that go with it. It should be a good time and I know a good number of other dc414 members already have tickets so im sure we will also be raising some hell as well! 🙂 As a speaker I will have access to free beer….I hope our talk is early… if not I hope I’m not too wasted to stand by the time we go up, lol, and I hope to see you there!

For a chance to win a free ticket to THOTCON 0x3 just be at the next dc414 meeting, it will be part of the dc414 free junk give away.

First 2012 meeting recap

January’s meeting had a few kinks but all in all everything went well and we had a few new faces in the crowd. We had some issues with the G+ hangout, but it was our first time and i’m sure it will go smoother the second time around. Then i had video issues while trying to give my LFI attacks demo and had to give a backup demo, but everyone else was awesome.

Darkwind gave his first presentation with dc414 and it was a good one for sure. He showed us some of his modded radio equipment and how to decode all sorts of transmissions, from HAM faxes, pagers, DTMF tones and more being broadcast in the air ways. Talked a little about cell tower emulators and software radios. dw5304 and Klaiviel gave us a run down of how they hacked the new xbox 360 to play ripped games off the HDD in just a few not so easy steps 😛 Then dw5304 have a little demo on resetting passwords on any windows box with just a few key strokes. I gave the last presentation of the night and after my LFI demo fail i was able to give a nice little demo of how the ODiG tool works and how it can aid in pwning networks.

One of the coolest things about the meeting, it was our honor to have Jayson Street join us via G+. We hope to see him at the next meeting. Cmoney couldn’t join us but I was able to snap a few shots here and there which you can view here. The big winner of free dc414 junk was Stephanie, here she is with her winnings: “ALFA usb 802.11n card”
Stephanie and her winnings

Badge program update

We have added a few achievements here and there and changed how you get badges. We also changed up the badge idea it self a little, now once you finish up the achievements for a badge you get a cloth badge for free and become eligible to buy an electronic badge. Work on the badges them selves are still in the design phase but it is coming along nicely, lots of great ideas flying around. Lastly, thanks to a awesome donation by Black Rat we now have wireless access points for the badge program! Ok that is it for now, get working on pwning your own badge and enjoy.

dc414 hangout

Starting at the next meeting we will be streaming everything to the web via Google+ hangout! So even if you can’t make it to MKE you can still join the meeting. You wont be able to get in on any prize giveaways or beer drinking, but you can do some drinking of you own and you can of course take part in the discussions. While it is free to join in on the fun we do ask that you give a few bucks via PayPal to help keep dc414 going. I hope to see you there 🙂

New Years Eve PARTY!!!!

dc414 is hacking up a party for new years and we want to see you there. We plan on getting drunk, blowing stuff up, playing some games, playing with a Tesla coil and who knows what else! There will be some free food and beer but don’t be a bitch, bring your own to share 🙂 The festivities will start around 7pm at ngharo’s place. Email anarchy at dc414 or the mailing list for more information. I will see you there!

dc414’s badge program project.

The badge program project is a little game for hackers, crackers, and phreaks. The goal is to facilitate learning in a fun and interesting way. Each badge has a list of achievements you must obtain to be eligible to get the badge. Some achievements will be as easy as clicking a like button for FB, another might be as hard as having to try and social engineer a password out of a random person. Every time you get a badge you also get a mystery prize!!

The badges them selves are still under development so expect future posts about them as we finish them up. For a list of the badges and their achievements go here. So get started and get your 1337 badge now!

December meeting recap

Decembers meeting was awesome! Vlad gave a great in depth wi-spy demo. He showed us what a Bluetooth file transfer looks like, what microwaves look like and access points looks like, and gave good detail of just what exactly was going on. Before the meeting he asked people to bring in any wireless devices to see what they looked like in wi-spy while operating. dw5304 came packing with a some directional wireless access points, one so powerful it completely took over the entire spectrum that wi-spy displays.

Then i gave my presentation on using sql injections to bypass logins to sites and admin areas. I showed what should be sent to the sql server, how it looks in php and how to identify exploits. Then showed what a sql injection looks like when passed to the server. I didn’t stop there, we broke into gmtoday.com to take a look at the news paper, then used a google dork to pwn a few more logins. I also talked about dc414’s new badge program project, more on this later, and announced dc414’s new year eve party! More on this later as well.

dw5304 finished off the presentations with a killer demonstration of just how weak time warners security is. He showed us how to take complete control of one of their cable modems with just a few requests, even how to build your own private proxy network made out of time warner modems! Then to top it off demoed a never ending DoS on a modem, kicking this client off line for as long as he wished!

Other then the normal junk i bring to give away, ngharo donated a portable dvd player for cars and F4r4d4y donated a arduino “thanx guys”. All of which went to a good home. Here are some pics cmoney took at the meeting “thanx cmoney”, and a big congrats to Castor for winning the anti-M$ poster and pantsme on snagging the arduino!

Castor and his winnings:

rootkit hidden in millions of cellphones

Another email just surfaced …

rootkit hidden in millions of cellphones

Rootkit found in Android, Symbian, BlackBerry, webOS and even iOS handsets …. but not windows phone’s

The rootkit belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust.

The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart.

Here’s a video showing how everything, including text messages and encrypted web searches, are being logged. It’s truly horrifying.

NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset.

According to Carrier IQ the company is ‘not recording keystrokes or providing tracking tools.’ The video above seems to suggest otherwise.

When Eckhart initially labeled the software as a rootkit, Carrier IQ threatened him with legal action. Only when the Electronic Frontier Foundation stepped in did the company back off from this threat.

“Every button you press in the dialer before you call,” Eckhart says on the video, “it already gets sent off to the IQ application.”

Like I said earlier, there’s a version of Carrier IQ on Apple’s iOS, but it doesn’t seem to be quite the same and doesn’t seem to access as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning off Diagnostics and Usage under Settings seems to be enough.

You might have noticed that I didn’t list Windows Phone 7 OS earlier. That’s because it seems that Windows Phone handsets don’t have Carrier IQ installed.

Here’s a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQ’s vice president of marketing explaining how the company sees this as being completely legal.

 

[UPDATE: According to a statement from Apple to AllThingsD, Apple stopped supporting Carrier IQ with iOS 5.0:

“We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”

When begs the question … what’s collecting all the information on the iPhone? Is this a mechanism developed by Apple for Apple?]

Bit shocked that your iPhone has that Carrier IQ logging feature built into the OS? You can switch it off … in fact, I’ve shown you how to do this before!

Here’s how!

Buried in the Settings menu is an option to choose not to send what Apple calls ‘diagnostic and usage data.’ This option is buried real deep:

Settings > General About Diagnostics & Usage

Here’s the screen you’re looking for:

Set this to Don’t Send and you can stop worrying about where your data is going and who’s looking at it.

Note that this feature is only present on handsets running iOS 5.0 or later (so the iPhone 4S and upgraded iPhone 4 and 3GS handsets.