BarCamp – Post Conference Report

Posted on October 3, 2011 by ngharo

DC414 got a lot of exposure at BarCamp. We were the only peeps that setup in “the commons” where most everyone would pass through while entering the building. This was also the area that lightning talks, introductions, and closing events took place.

Wall of Sheep
The wall was a great success for the most part. Initially, we had to manually sniff and enter sheep onto the wall. This was becoming a pain in the ass. We finally got it automated by taking a log from ettercap and piping it into a ruby script which would post to simple webservice. The source can be found here. In the afternoon we started getting flooded with fake logins to gmail.com from a user on the network. Some nerd had scripted this to create chaos upon us! Unfortunately, we were tapped onto the network at such a point were we would not see local IPs for the source of traffic. I lol’d and set dw5304 on the hunt to track the user down. We knew he was using ruby as that’s what the user-agent string was. dw5304 quickly found him and we all had a laugh. The scripter gave a lightning talk on his mischief later in the evening. We’d like to expand on the current scripts and tweak our filters to automate even more types of insecure communications.

The overall atmosphere was very, very hacker friendly. I had fun listening in to Klaiviel, Vlad, and darkwind troll some unfortunate hotel workers on their radios. We also did a bit of urban exploration in Bucketwork’s basement … with a 1w laser 😉 Klaiviel did an awesome job presenting on lock picking/etc. It was funny how Klaiviel showed up with like 5x as many locks and equipment as the guy who was hosting the lockpicking session. There is safe at Bucketworks that they need assistance opening … Klaiviel did a bunch of research and came to the conclusion that he will need to brute force it. I’m hoping dc414 can come together and make this happen. dw5304 dropped a lot of knowledge to people coming by our setup. Much thanks to all the equipment and dedication he brought to BarCamp.

Some very smart folks were creeping around and while I personally did not see many presentations, I still learned a lot. We gave out a ton of stickers, flyers, window clings (thanks cmoney and Anarchy). With that we should see new peeps start showing up to meetings.

Meeting place change.

Posted on October 2, 2011 by AnarchyAngel

dc414 has just about grown out of our current meeting space so we are going to start testing out a few new venues starting with Bucketworks. So the meeting will still be on the 10.7.11 at 7pm it will just be at a new location.

Location address:
706 S 5th St
Milwaukee, WI. 53204
Click here for directions and such.

If you plan on coming bring at least $5 (or more) or a non-perishable food item to donate.

dc414 @ barcamp mke

Posted on September 26, 2011 by AnarchyAngel

We are proud to announce that dc414 will have a little area at barcamp mke this year! We will be selling stickers, taking orders for shirts, handing out fliers, showcasing some of our past projects and running a DEFCON style wall of sheep “with a dc414 twist”!! Should be lots of fun so come check out our area and barcamp!

To keep up to date with dc414’s activities at barcamp mke you can follow us on our mailing list, facebook, and twitter. Hope to see you there.

My little hackers

Posted on September 19, 2011 by AnarchyAngel

I have a house full of little n00bs who have been “hacking” each other in the house lately. See we have one laptop in the house that the kids share in the living room and form time to time one kid will get up and not log out of the sites he/she were using and one of the others will sit down, see the sites open and leave little messages like “hacked by so and so”.

It all started when my oldest boy (19) liked a bunch of dick related stuff on my youngest boys (14) face book account. lol. They have even got cmoney a few times! Now normally i would yell at them for things like this but no one got hurt and they are learning a valuable lesson in technology that is normally learned at much greater coast. Plus it might spark an interest in security for them as well, at the very lest they are more aware of it.

So all in all i think its a good thing they jest in this manner, i just hope they keep it as such. One thing i know for sure is i will be scanning that laptop for key loggers on the regular now 😛

September’s meeting was great!!

Posted on September 11, 2011 by AnarchyAngel

The last meeting was awesome as always! My SQLi presentation went well and i even got to do a little demo of iPillage, i took my IR Copy toy but didnt really get to play with it. dw5304, wowed all showing his remote boot system hes working on that needs only a NIC, and gave a little tut on surface soldering! It doesn’t stop there, Klaiviel schooled us all a little in HAM radio, how to track someone with it and how to get your message across the world! He also did a little lock pick demo and GAVE EVERYONE A FREE LOCK! Thanks bro! 🙂 I only took a few pictures this week and here they are.

Everyone got a free dc414 sticker for showing up as well as “Things to know if the FBI show up” cards from DEFCON19 and UCLA. We also got to use our new free junk give away random picker, thanks to ngharo for coding that up, and gave away a few LAN taps, and as always our free junk! Congrats go to Meg again for winning The NORTON Essentials for Mac or more of the crap i don’t want anymore 😛

Meg showing off her free dc414 junk

Introducing ENCOSH

Posted on August 30, 2011 by AnarchyAngel

dc414 is happy to bring you ENCOSH, a online encoding and hashing app. You just feed ENCOSH a string and it will hash it using MD4, MD5, SHA1, SHA256, SHA384, SHA512, LM, NTLM and encodes it using Base64, ROT13, HEX, URL, RawURL then spits them all out for you. I had used it as a personal tool for a long time and got lots of use out of it for sql injections and what not so im sure someone else will as well, so enjoy 🙂

Thanks ngharo

Posted on August 25, 2011 by AnarchyAngel

Mr. ngharo just finished up a big long over due server upgrade for dc414! The online tools are down yet but i should be able to get them back online within the next few days, and now that we are on debian expect many more to come 🙂 So if anyone sees ngharo be sure to thank him for his hard work!

phpMyAdmin upgrade script.

Posted on August 23, 2011 by AnarchyAngel

I got sick of upgrading phpMyAdmin at work every time a new version came out so i made this little script to do it for me. All you have to do is pass the .gz download url to it.

Here is the code:

#!/bin/bash
upgrade() {
    wget $1 -O phpmyadminupgrade.tar.gz
    FILE="phpmyadminupgrade.tar.gz"
    tar zxvf $FILE
    FOLDER=`echo $FILE | awk -F".tar" '{print $1}'`
    cp /usr/share/phpmyadmin/config.inc.php ~/phpMyAdmin*
    rm -rf /usr/share/phpmyadmin/*
    cp -R ~/phpMyAdmin*/* /usr/share/phpmyadmin/
    chmod -R 777 /usr/share/phpmyadmin/
    chmod 644 /usr/share/phpmyadmin/config.inc.php
    rm -rf ~/phpMyAdmin*
    rm ~/$FILE
    echo "Done!!"
    exit 1
}

usage() {
    echo "Use this script to update phpmyadmin"
    echo "to run:"
    echo "./upgradephpmyadmin.sh url"
    exit 1
}

if [ -z "$1" ]; then
    usage;
else
    upgrade $1
fi

Past that into “upgradephpmyadmin.sh”
chmod a+x it and run it as root like so:

user@user:~$ sudo ./upgrademyphpadmin.sh url

NOTE: This bash script assumes phpMyAdmin’s html files, including config.inc.php live in /usr/share/phpmyadmin/ and that you are running this script in your home directory.

Sweet DEFCON19 stuff and pwnage.

Posted on August 15, 2011 by AnarchyAngel

Got some cool shit at DEFCON, here are some pics of the stuff i got. Here is the DEFCON19 cd iso, and here is your mom 😛

While at DEFCON we ran a little hack contest, back at the riv amongst our selves “me, ngharo, black rat, and alex”, to see who could bypass the hotels internet billing system 🙂 I would like to say that i came out on top as leet hacker supreme by getting online first. Yeah im the best hacker ever 😛 dont freak out, we are good people and didn’t actually use the hotels internet in this manner, i personally opted for a slightly more secure method and tethered my phone. ok thats it peace.