Hacking with ODiG

Posted on by
2

Some of you maybe have seen this before, I had this post/tool on one of my old sites a long time ago. I am going to show you how to do a zone transfer using my online tool ODiG. Ok so its not really hacking but it can help you get a foot in the door. Wikipedia says a zone transfer also sometimes known by its (most common) opcode mnemonic AXFR, is a type of DNS transaction. It is one of the many mechanisms available for administrators to employ for replicating the databases containing the DNS data across a set of DNS servers. Zone transfer comes in two flavors, full (opcode AXFR) and incremental (IXFR). Nearly universal at one time, it is now becoming less popular in favor of the use of other database replication mechanisms that modern DNS server packages provide.

Ok so what all that means is a DNS zone transfer will give us all the subdomains a DNS has on record for a given domain. Like if we did a zone transfer on a DNS server that servces google we would get mail.google.com, code.google.com, images.google.com and so on. In other words giving you more access points into the network, now instead of just the www.target.com and what ever links you can find on the site you can attack anything they may have that goes out to the net. You might get lucky and find some test servers and who knows what else.

For testing I will be using morainepark.edu a local tech college. Now goto ODiG and use morainepark.edu as the target and in the query drop down select NS (nameserver), leave the rest as is, enter in the captcha and hit submit. Now we are looking for what ever DNS server holds records for the domain morainepark.edu so we will be looking in the “;; AUTHORITY SECTION:” and we see “morainepark.edu. 9863 IN NS dns.uw-mad.wiscnet.net” Here we see that dns.uw-mad.wiscnet.net is the DNS server that holds the records we want so now again go back to ODiG. Again put morainepark.edu as the target only this time put dns.uw-mad.wiscnet.net in the DNS server field and change the Query drop down box to AXFR (zone fransfer) enter in the captcha hit submit and you will be given all the records that DNS server holds for the morainepark.edu domain, now you can really get some scanning done!!

If you did the same thing to wisconsin.edu you would get a transfer failed message which will be the case with any secure DNS host. Now for the sake of security I wold hope ppl are pen-testing things before they expose them to the net, but more often then not they dont and that can get really messy! Securing BIND against this kind of information leak just edit /etc/bind.conf and add this line:
allow-transfer{192.168.1.4; 172.16.1.5; };

Where 192.168.1.4 and 172.16.1.5 are the only address you will allow transfers to and from. To secure other DNS server software look here: HERE

DIY 3 port powerless hub

Posted on by
5

Ever need a few extra ports for your network and didn’t want to spend more then a few dollars? Well dw5304 did, so he found a bunch of shit laying around his crib, made a little trip to radio shack and a few hours later he gives us the DIY 3 port powerless hub 😀 He was even nice enough to provide us with a easy follow along tut “complete with a list of tools/materials needed”, and some pics. Heres a few pics to start off with:


Download the tutorial HERE and make your own!! More pics inside. Many thanxs to dw5304 for all his hard work, dc414 wouldn’t be the same with out ya 😛

PHP Shadow released!

Posted on by
Reply

PHP Shadow obsfiacates a php script for you making it harder to detect on a system. One possible use would be to hide a php shell from IDS/IPS and other systems as well. So how does it work? Well you start with some php code like so:


function go()
{
$txt="hello world";
echo $txt;
}
go();

Then you submit it to PHP Shadow and you should get this back:

< ? eval(str_rot13(base64_decode('c2hhcGd2YmEgazM0cTFzOTFzbzJyNTE0bzg1NzZzbm8xbjc1bjg5bjZvKCl7JGtwNzgyNHMzcTRxNXM3bzJzMjJxMDM0NzU4cDFyOTQ1ND0idXJ5eWIgamJleXEiO3JwdWIgJGtwNzgyNHMzcTRxNXM3bzJzMjJxMDM0NzU4cDFyOTQ1NDt9azM0cTFzOTFzbzJyNTE0bzg1NzZzbm8xbjc1bjg5bjZvKCk7IHJwdWIgIjxwcmFncmU+PG92dD5HdXZmIGZwZXZjZyBqbmYgcmFwYnFycSBvbCA8biB1ZXJzPVwidWdnY2Y6Ly9xcDQxNC5iZXRcIj5xcDQxNDwvbj5mIENVQyBGdW5xYmo8L292dD48L3ByYWdyZT4iOw=='))); ? >

Now paste that code into a blank php file and it will run as normal. So we can see that PHP Shadow base64 encodes and rot13s your code and adds another layer of protection that cant be seen until you decode it. So here is what our code looks like after we rot13 and base64 decode it:


function x34d1f91fb2e514b8576fab1a75a89a6b(){$xc7824f3d4d5f7b2f22d034758c1e9454="hello world";echo $xc7824f3d4d5f7b2f22d034758c1e9454;}x34d1f91fb2e514b8576fab1a75a89a6b(); echo "< center >< big >This script was encoded by < a href=\"https://new.dc414.org\" >dc414< /a >s PHP Shadow< /big >< /center >";

We see that all vars and functions are MD5 hashed to make it harder to follow and see whats going on. The code in italics is added by PHP Shadow to help spread the word 🙂 Thats all i got, enjoy.

My lame IR copy toy.

Posted on by
Reply

I got a sweet arduino for my bday and it kind of just sat around till i got a few things together to start work on my first project. Well i finally got off my ass, got all the shit i needed and got to work! I am about half way done and i thought i would share my progress so far. heres a little video of my toy in action and i go over the operation and components.

Here is a better view of how its put together:

And here is my uber 1337 code 😛

#include < IRremote.h >

int IRRECV = 11;
int READYLED = 9;
int PLAYBUTTON = 5;
int IRLED = 3;
int RESETBUTTON = 7;
int PLAYLED = 2;
decode_results results;
IRrecv irrecv(IRRECV);
IRsend irsend;

void setup()
{
Serial.begin(9600);
irrecv.enableIRIn();
pinMode(READYLED, OUTPUT);
pinMode(PLAYBUTTON, INPUT);
pinMode(RESETBUTTON, INPUT);
pinMode(PLAYLED, OUTPUT);
}
int codeType = -1;
unsigned int rawCodes[RAWBUF];
int codeLen;
void rec(decode_results *results)
{
int count = results->rawlen;
codeLen = results->rawlen - 1;
for (int i = 1; i <= codeLen; i++) { if (i % 2) { rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK - MARK_EXCESS;
Serial.print(" m");
}
else {
rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK + MARK_EXCESS;
Serial.print(" s");
}
Serial.print(rawCodes[i - 1], DEC);
}
Serial.println("");
digitalWrite(READYLED, HIGH);
}

void play()
{
digitalWrite(PLAYLED, HIGH);
Serial.println(rawCodes[0]);
irsend.sendRaw(rawCodes, codeLen, 38);
delay(800);
digitalWrite(PLAYLED, LOW);
}

void reset()
{
int codeType = -1;
unsigned int rawCodes[RAWBUF];
int codeLen;
digitalWrite(READYLED, LOW);
setup();
}

void loop()
{
if (irrecv.decode(&results) && digitalRead(READYLED) == LOW) {
rec(&results);
irrecv.resume();
}
if (digitalRead(PLAYBUTTON) == LOW && digitalRead(READYLED) == HIGH)
{
play();
}
if (digitalRead(RESETBUTTON) == LOW)
{
reset();
}
}

Ok thats all i got, peace.

Anonymous Press Release: #OpWisconsin

Posted on by
Reply

OP: http://anonnews.org/?p=press&a=item&i=585

ANONYMOUSDear Citizens of the United States of America,

It has come to our attention that the brothers, David and Charles Koch–the billionaire owners of Koch Industries–have long attempted to usurp American Democracy. Their actions to undermine the legitimate political process in Wisconsin are the final straw. Starting today we fight back.

Koch Industries, and oligarchs like them, have most recently started to manipulate the political agenda in Wisconsin. Governor Walker’s union-busting budget plan contains a clause that went nearly un-noticed. This clause would allow the sale of publicly owned utility plants in Wisconsin to private parties (specifically, Koch Industries) at any price, no matter how low, without a public bidding process. The Koch’s have helped to fuel the unrest in Wisconsin and the drive behind the bill to eliminate the collective bargaining power of unions in a bid to gain a monopoly over the state’s power supplies.

The Koch brothers have made a science of fabricating ‘grassroots’ organizations and advertising campaigns to support them in an attempt to sway voters based on their falsehoods. Americans for Prosperity, Club for Growth and Citizens United are just a few of these organizations. In a world where corporate money has become the lifeblood of political influence, the labor unions are one of the few ways citizens have to fight against corporate greed. Anonymous cannot ignore the plight of the citizen-workers of Wisconsin, or the opportunity to fight for the people in America’s broken political system. For these reasons, we feel that the Koch brothers threaten the United States democratic system and, by extension, all freedom-loving individuals everywhere. As such, we have no choice but to spread the word of the Koch brothers’ political manipulation, their single-minded intent and the insidious truth of their actions in Wisconsin, for all to witness.

Anonymous hears the voice of the downtrodden American people, whose rights and liberties are being systematically removed one by one, even when their own government refuses to listen or worse – is complicit in these attacks. We are actively seeking vulnerabilities, but in the mean time we are calling for all supporters of true Democracy, and Freedom of The People, to boycott all Koch Industries’ paper products. We welcome unions across the globe to join us in this boycott to show that you will not allow big business to dictate your freedom.

U.S. Product Boycott List

Vanity Fair
Quilted Northern
Angel Soft
Sparkle
Brawny
Mardi Gras
Dixie

European Product Boycott List

Demak’Up
Kitten Soft
Lotus / Lotus Soft
Tenderly
Nouvelle Soft
Okay Ktchen Towels
Colhogar
Delica
Inversoft
Tutto

To identify these brands, please look for the following logo anywhere on the packaging:

Anonymous.

We are Legion.

We do not forgive.

We do not forget.

Expect us.

Flytouch/wowPad 2 Adhoc hack

Posted on by
24

So i got my sweet ass Flytouch 2 “Android 2.1” last week, after rooting it and updating the firmware i was off having all kinds of fun with my new toy. Then i tried to connect to a Adhoc network “my phone” and was a bit taken back that not only could i not connect to adhoc networks but i couldn’t even see them in my network list. After some time on google and breaking of my wireless i found the right set up to get it working, but it wasn’t very user friendly to say the lest. So i put together a few scripts i/you/someone can use to turn adhoc support on and off with ease 🙂

DOWNLOAD
QR code
After you download to your sdcard and unzip this go into the adhoc folder and edit the wpaon.conf file to point to your AP. Then turn your wifi off get into a term with root access, cd to the adhoc dir and run ahon like so “sh ahon” Then just turn your wifi back on and it should connect right up with the AP you put in wpaon.conf. In order for this to work you must have already rooted your device and have busybox installed.

Stuff i still need to do on this is getting flash to work and upgrading to android 2.2/2.3. If anyone can help me out please drop me a line. Ok thats it enjoy.

Contents of zip:
ahon #The script to turn Adhoc on
ahoff #The script to turn Adhoc off
wpaon.conf #The file you have to edit to point to your Adhoc AP
wpaoff.conf #File used by ahoff, just leave this guy alone
wpabackup #This script will back up your current wpa_supplicant.conf file, run this before using any other tool for the first time.

USBwake

Posted on by
2

USBwake is a little Android app that just listens for the device to start charging, then while its charging does not let it go to sleep. I was using the wifi tether a lot lately and it would kill my connection everytime my fone would go to sleep so i made this little guy. I hope some one can get some use out of it, enjoy 🙂

DOWNLOAD: USBwake
USBwake QR

Last nights meeting.

Posted on by
Reply

Last nights meeting was great as always! Trying out the new spot went well, it was a little iffy at the start but everything worked out good. Lots of new faces which is always welcome and plenty of chatter. Lots of lock picking mayhem, as always, and dw attempted to wow us with some wifi magic but was being plague by gremlins, maybe i can get him to stop by and blog about it. By the next meeting he promised to have all the bugs worked out and give it another go, i cant wait!! I didnt take any pictures this time around, sorry i was busy 😛 ngh did some war driving on our way to the spot, about 47 miles a-b, and found a ton of aps. Ill upload the log when ever ngharo gets them to me. Ok thats it, enjoy and i hope to see everyone at the next meeting!

UPDATE: 2.7.11 – Here is the log from ngharo’s drive. Over a thousand aps in that log 😀 A big thanx to ngharo!!

Material related to operation Tunisia

Posted on by
Reply

First the why:

Yeah i hope someone finds the ppl in that van and gives them a slow death!

Anonymous care package for the poor ppl of Egypt – www.bit.ly/hsAjGq

This from – http://typewith.me/optunisia
´===========================================
( ),,( )                         irc.anonops.ru:6667 #optunisia                                        ( ),( )
( ‘;’ )                                                                                                                            (‘;’ )
-(. )-                                                                                                                           -(‘.’)-
I I CENTRAL COLLECTION PAD FOR OPERATION TUNISIA RELATED MATERIAL I I
============================================
If you started a pad about something related to Operation Tunisia, add it to this list.
Please save with Nick!!!

Anonymous Press Declarations
[2011-01-15] Tunisia and its chance… (not completed; need rework!)
http://piratenpad.de/APR20110115

Guide to Protecting the Tunisian Revolution, Part One: Initial Security
http://typewith.me/how-to-protect-tunisian-arabic-french yo
Guide to Protecting the Tunisian Revolution, Part Two: Safety in Confrontation
http://www.dailykos.com/story/2011/1/16/936793/-Please-distribute-to-Tunisians:-Safety-in-Confrontation

Guide to Protecting the Tunisian Revolution, Part Three: Transforming National Politics (still in progress, please assist)
http://www.typewith.me/qdjqeFFu8O

Stuff about the families who’re stealing Tunisia: (Arabic->English Translation needed!!)
http://piratepad.net/lMiNqsnZfi
copy at http://typewith.me/MvarLgc6u6

Manifesto from tunisian protesters:
http://typewith.me/stDHppshwJ <

Video footage of Tunisia (add your own!)
http://typewith.me/TunisiaVideoFootage

Tunisians needs FTPs for mirror – #ftp (died?)no #ftp
Info-List: http://piratenpad.de/6V13pN0sxM

Untrusted Twitter accounts spreading false news
http://piratepad.net/GGYVc6RtnA < reverted

Translation pad for Tunisia IRC project
http://typewith.me/TunisiaIRCTranslation

Tunisians, tell your stories here! (need translators)
http://piratepad.net/G9CvOF3dbg
copy at http://typewith.me/wzfsEVIx7B

Manifesto from Anon about Tunisia:
http://piratepad.net/5d891ABcBW

Video ideas and links:
http://piratepad.net/VJhU2KXfMQ

“Video site” zip and mirrors
http://pad.telecomix.org/tnvideos-mirrors

Video about a man put out of his country, and subtitle translation (need an incruster for the subtitle)
http://piratepad.net/7eT1ozHLSN
copy at http://typewith.me/7fc5aYZ2LW

Anon Video to be subtitled: http://www.youtube.com/watch?v=BFLaBRk9wY0
http://piratepad.net/XZtZlf3acf

French Pdf to be translated: Relating to the familie who Reign over Carthage.
http://i3.makcdn.com/wp-content/blogs.dir/14986/files//2009/11/la-regente-2-carthage.pdf
http://piratepad.net/VyLDOHVMyD

Diary of Tunisia:
http://typewith.me/3koSuMGO8O

Related Stuff:
Anonymous PR Pad
http://piratenpad.de/AnonymousPR

Swift Assist – helpful notes on establishing secure networks for Tunisian revolutionaries
http://typewith.me/owA6rmGfP6

What the fuck is freedom of speech, anyway? – introduction via IHRL
http://piratepad.net/whGudXWEmM

Using Unetbootin to create bootable USB drive from iso

Posted on by
1

I had used Unetbootin to create a USB installer from a Ubuntu ISO image. All went OK in creating and installing the USB image following UNetbootin instructions, so I thought.

The Problem
UNetbootin created menu entries in the bootloader containing invalid arguments.
When booting, it would load the kernel, then kick me to a shell stating
init not found pass init= to kernel
Googling reveals many other users having the same issue.

The Solution
Bootable Linux CDs usually always contain a configuration file for the bootloader. I mounted the ISO image loopback (# mount -o loop image.iso /mnt/mountpoint) and found Ubuntu 10.x is using Grub, which is pretty standard across all Linux distros. Looking at this config file in /boot/grub/loopback.cfg in my instance, I was able to see how Ubuntu was expected to boot.

Here’s what the default menu entry in Ubuntu Netbook image looks like:
menuentry "Try Ubuntu Netbook without installing" {
linux /casper/vmlinuz file=/cdrom/preseed/ubuntu-netbook.seed boot=casper iso-scan/filename=${iso_path} quiet splash --
initrd /casper/initrd.lz
}

Passing kernel=/casper/vmlinuz initrd=/casper/initrd.lz boot=casper to UNetbootin’s bootloader and it booted right up.