Warning ! Your account a Aol was limited

Posted on April 6, 2011 by AnarchyAngel

but… I don’t even have a Aol account, however thats of no concern to the fools that sent me this nice little phishing email:
Delivered-To: XXX@gmail.com Received: by 10.42.218.8 with SMTP id ho8cs188088icb; Sat, 2 Apr 2011 20:49:38 -0700 (PDT) Received: by 10.43.56.140 with SMTP id wc12mr7828120icb.237.1301802578076; Sat, 02 Apr 2011 20:49:38 -0700 (PDT) Return-Path: Received: from cl-t009-331cl.privatedns.com (cp1.likuid.com [64.15.156.140]) by mx.google.com with ESMTPS id xe4si10607558icb.57.2011.04.02.20.49.37 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 02 Apr 2011 20:49:38 -0700 (PDT) Received-SPF: neutral (google.com: 64.15.156.140 is neither permitted nor denied by best guess record for domain of nobody@cl-t009-331cl.privatedns.com) client-ip=64.15.156.140; Authentication-Results: mx.google.com; spf=neutral (google.com: 64.15.156.140 is neither permitted nor denied by best guess record for domain of nobody@cl-t009-331cl.privatedns.com) smtp.mail=nobody@cl-t009-331cl.privatedns.com Received: from nobody by cl-t009-331cl.privatedns.com with local (Exim 4.69) (envelope-from ) id 1Q6EJl-0006w2-N4 for XXX@gmail.com; Sat, 02 Apr 2011 23:49:37 -0400 To: XXX@gmail.com Subject: Warning ! Your account a Aol was limited X-PHP-Script: compagnelic.com/Skpy2.php for 81.192.139.76 From: Service Aol MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: Date: Sat, 02 Apr 2011 23:49:37 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cl-t009-331cl.privatedns.com X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - cl-t009-331cl.privatedns.com



















April 2011

	  











    









		      		        

		      
Dear AOL Customer,

		              As part of our security measures,We regularly check the work of the AOL screen. We demand information to you for the following reason : 
    Our system detected unusual charges to a credit card linked to your AOL account.  
		      
This is the final reminder to log in to AOL as soon as possible. Once you are connected. AOL will provide you with steps to restore access to your account .
  

          

				

				Click here to confirm 	              
				 Once connected, follow the steps to activate your account. Thank you for your understanding as we work to ensure account security .

				We appreciate your attention to this

question. Please understand that this is a security measure aimed at protecting you and your account. We apologize for any inconvenience ..
		      

		        

		        












	      

	        Thank you for using AOL!

            

          






          This notification was sent to you by AOL. To change your notification preferences, log into your AOL account, click the Profile sub-tab, then click the Notifications link under Account Information. Changes take up to 10 days to be reflected in our mailings. AOL will not sell or rent your personally identifiable information to tiers.Pour more information about the security of your information, read our privacy policy at https://www.aol.com/privacy .
          
          
          Copyright © 2011 AOL Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. AOL is located at 2211 First St. N., San Jose, CA 95131.

Well since I dont have a Aol account the first thing I did was take a close look at the headers where I found this little bit of info:
X-PHP-Script: compagnelic.com/Skpy2.php for 81.192.139.76

So I stopped by compagnelic.com/Skpy2.php which happen to be a php script for mass emails from some M£NaBiLo$ss guy. I also followed the link given in the email which takes me to some fake Aol connection page that forwards to a phishing site geared to get all your personal information! The form submits to a “HiTman.php” that when I tried to visit, it just sent me along to aol.com. All in all not a very good attempt “less spelling and loading errors would help”, I have seen better but thanx for the lulz and the online anonymous email app 😀

Aprils meeting run down.

Posted on April 2, 2011 by AnarchyAngel

Last nights meeting was not a let down, dw5403 and Matt wowed us with killer demonstrations of a laser mic setup “pics below” and Van eck phreaking!! (Video). dw also brought his DIY 3 port powerless hub and gave us a little demo of ssl strip. Matt busted out all massive lock collection and we all got to play around a little bit. We also saw the release of ODiG! Bellow is a pic of this months winner of junk from dc414 “dstarar”. (more pics HERE, i took more but they got all fucked up some how)

Hacking with ODiG

Posted on April 1, 2011 by AnarchyAngel

Some of you maybe have seen this before, I had this post/tool on one of my old sites a long time ago. I am going to show you how to do a zone transfer using my online tool ODiG. Ok so its not really hacking but it can help you get a foot in the door. Wikipedia says a zone transfer also sometimes known by its (most common) opcode mnemonic AXFR, is a type of DNS transaction. It is one of the many mechanisms available for administrators to employ for replicating the databases containing the DNS data across a set of DNS servers. Zone transfer comes in two flavors, full (opcode AXFR) and incremental (IXFR). Nearly universal at one time, it is now becoming less popular in favor of the use of other database replication mechanisms that modern DNS server packages provide.

Ok so what all that means is a DNS zone transfer will give us all the subdomains a DNS has on record for a given domain. Like if we did a zone transfer on a DNS server that servces google we would get mail.google.com, code.google.com, images.google.com and so on. In other words giving you more access points into the network, now instead of just the www.target.com and what ever links you can find on the site you can attack anything they may have that goes out to the net. You might get lucky and find some test servers and who knows what else.

For testing I will be using morainepark.edu a local tech college. Now goto ODiG and use morainepark.edu as the target and in the query drop down select NS (nameserver), leave the rest as is, enter in the captcha and hit submit. Now we are looking for what ever DNS server holds records for the domain morainepark.edu so we will be looking in the “;; AUTHORITY SECTION:” and we see “morainepark.edu. 9863 IN NS dns.uw-mad.wiscnet.net” Here we see that dns.uw-mad.wiscnet.net is the DNS server that holds the records we want so now again go back to ODiG. Again put morainepark.edu as the target only this time put dns.uw-mad.wiscnet.net in the DNS server field and change the Query drop down box to AXFR (zone fransfer) enter in the captcha hit submit and you will be given all the records that DNS server holds for the morainepark.edu domain, now you can really get some scanning done!!

If you did the same thing to wisconsin.edu you would get a transfer failed message which will be the case with any secure DNS host. Now for the sake of security I wold hope ppl are pen-testing things before they expose them to the net, but more often then not they dont and that can get really messy! Securing BIND against this kind of information leak just edit /etc/bind.conf and add this line:
allow-transfer{192.168.1.4; 172.16.1.5; };

Where 192.168.1.4 and 172.16.1.5 are the only address you will allow transfers to and from. To secure other DNS server software look here: HERE

DIY 3 port powerless hub

Posted on March 26, 2011 by AnarchyAngel

Ever need a few extra ports for your network and didn’t want to spend more then a few dollars? Well dw5304 did, so he found a bunch of shit laying around his crib, made a little trip to radio shack and a few hours later he gives us the DIY 3 port powerless hub 😀 He was even nice enough to provide us with a easy follow along tut “complete with a list of tools/materials needed”, and some pics. Heres a few pics to start off with:

Download the tutorial HERE and make your own!! More pics inside. Many thanxs to dw5304 for all his hard work, dc414 wouldn’t be the same with out ya 😛

PHP Shadow released!

Posted on March 23, 2011 by AnarchyAngel

PHP Shadow obsfiacates a php script for you making it harder to detect on a system. One possible use would be to hide a php shell from IDS/IPS and other systems as well. So how does it work? Well you start with some php code like so:

function go() { $txt="hello world"; echo $txt; } go();

Then you submit it to PHP Shadow and you should get this back:
< ? eval(str_rot13(base64_decode('c2hhcGd2YmEgazM0cTFzOTFzbzJyNTE0bzg1NzZzbm8xbjc1bjg5bjZvKCl7JGtwNzgyNHMzcTRxNXM3bzJzMjJxMDM0NzU4cDFyOTQ1ND0idXJ5eWIgamJleXEiO3JwdWIgJGtwNzgyNHMzcTRxNXM3bzJzMjJxMDM0NzU4cDFyOTQ1NDt9azM0cTFzOTFzbzJyNTE0bzg1NzZzbm8xbjc1bjg5bjZvKCk7IHJwdWIgIjxwcmFncmU+PG92dD5HdXZmIGZwZXZjZyBqbmYgcmFwYnFycSBvbCA8biB1ZXJzPVwidWdnY2Y6Ly9xcDQxNC5iZXRcIj5xcDQxNDwvbj5mIENVQyBGdW5xYmo8L292dD48L3ByYWdyZT4iOw=='))); ? >

Now paste that code into a blank php file and it will run as normal. So we can see that PHP Shadow base64 encodes and rot13s your code and adds another layer of protection that cant be seen until you decode it. So here is what our code looks like after we rot13 and base64 decode it:

function x34d1f91fb2e514b8576fab1a75a89a6b(){$xc7824f3d4d5f7b2f22d034758c1e9454="hello world";echo $xc7824f3d4d5f7b2f22d034758c1e9454;}x34d1f91fb2e514b8576fab1a75a89a6b(); echo "< center >< big >This script was encoded by < a href=\"https://new.dc414.org\" >dc414< /a >s PHP Shadow< /big >< /center >";

We see that all vars and functions are MD5 hashed to make it harder to follow and see whats going on. The code in italics is added by PHP Shadow to help spread the word 🙂 Thats all i got, enjoy.

My lame IR copy toy.

Posted on March 11, 2011 by AnarchyAngel

I got a sweet arduino for my bday and it kind of just sat around till i got a few things together to start work on my first project. Well i finally got off my ass, got all the shit i needed and got to work! I am about half way done and i thought i would share my progress so far. heres a little video of my toy in action and i go over the operation and components.

Here is a better view of how its put together:

And here is my uber 1337 code 😛
#include < IRremote.h >


int IRRECV = 11;

int READYLED = 9;

int PLAYBUTTON = 5;

int IRLED = 3;

int RESETBUTTON = 7;

int PLAYLED = 2;

decode_results results;

IRrecv irrecv(IRRECV);

IRsend irsend;
void setup()

{

  Serial.begin(9600);

  irrecv.enableIRIn();

  pinMode(READYLED, OUTPUT);

  pinMode(PLAYBUTTON, INPUT);

  pinMode(RESETBUTTON, INPUT);

  pinMode(PLAYLED, OUTPUT);

}

int codeType = -1;

unsigned int rawCodes[RAWBUF];

int codeLen;

void rec(decode_results *results)

{

  int count = results->rawlen;

  codeLen = results->rawlen - 1;

  for (int i = 1; i <= codeLen; i++) {
    if (i % 2) {
      rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK - MARK_EXCESS;

      Serial.print(" m");

    }

    else {

      rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK + MARK_EXCESS;

      Serial.print(" s");

    }

    Serial.print(rawCodes[i - 1], DEC);

  }

  Serial.println("");

  digitalWrite(READYLED, HIGH);

}
void play()

{

  digitalWrite(PLAYLED, HIGH);

  Serial.println(rawCodes[0]);

  irsend.sendRaw(rawCodes, codeLen, 38);

  delay(800);

  digitalWrite(PLAYLED, LOW);

}
void reset()

{

  int codeType = -1;

  unsigned int rawCodes[RAWBUF];

  int codeLen;

  digitalWrite(READYLED, LOW);

  setup();

}

void loop() { if (irrecv.decode(&results) && digitalRead(READYLED) == LOW) { rec(&results); irrecv.resume(); } if (digitalRead(PLAYBUTTON) == LOW && digitalRead(READYLED) == HIGH) { play(); } if (digitalRead(RESETBUTTON) == LOW) { reset(); } }

Ok thats all i got, peace.

Anonymous Press Release: #OpWisconsin

Posted on February 26, 2011 by AnarchyAngel

OP: http://anonnews.org/?p=press&a=item&i=585

Dear Citizens of the United States of America,

It has come to our attention that the brothers, David and Charles Koch–the billionaire owners of Koch Industries–have long attempted to usurp American Democracy. Their actions to undermine the legitimate political process in Wisconsin are the final straw. Starting today we fight back.

Koch Industries, and oligarchs like them, have most recently started to manipulate the political agenda in Wisconsin. Governor Walker’s union-busting budget plan contains a clause that went nearly un-noticed. This clause would allow the sale of publicly owned utility plants in Wisconsin to private parties (specifically, Koch Industries) at any price, no matter how low, without a public bidding process. The Koch’s have helped to fuel the unrest in Wisconsin and the drive behind the bill to eliminate the collective bargaining power of unions in a bid to gain a monopoly over the state’s power supplies.

The Koch brothers have made a science of fabricating ‘grassroots’ organizations and advertising campaigns to support them in an attempt to sway voters based on their falsehoods. Americans for Prosperity, Club for Growth and Citizens United are just a few of these organizations. In a world where corporate money has become the lifeblood of political influence, the labor unions are one of the few ways citizens have to fight against corporate greed. Anonymous cannot ignore the plight of the citizen-workers of Wisconsin, or the opportunity to fight for the people in America’s broken political system. For these reasons, we feel that the Koch brothers threaten the United States democratic system and, by extension, all freedom-loving individuals everywhere. As such, we have no choice but to spread the word of the Koch brothers’ political manipulation, their single-minded intent and the insidious truth of their actions in Wisconsin, for all to witness.

Anonymous hears the voice of the downtrodden American people, whose rights and liberties are being systematically removed one by one, even when their own government refuses to listen or worse – is complicit in these attacks. We are actively seeking vulnerabilities, but in the mean time we are calling for all supporters of true Democracy, and Freedom of The People, to boycott all Koch Industries’ paper products. We welcome unions across the globe to join us in this boycott to show that you will not allow big business to dictate your freedom.

U.S. Product Boycott List

Vanity Fair
Quilted Northern
Angel Soft
Sparkle
Brawny
Mardi Gras
Dixie

European Product Boycott List

Demak’Up
Kitten Soft
Lotus / Lotus Soft
Tenderly
Nouvelle Soft
Okay Ktchen Towels
Colhogar
Delica
Inversoft
Tutto

To identify these brands, please look for the following logo anywhere on the packaging:

Anonymous.

We are Legion.

We do not forgive.

We do not forget.

Expect us.

Flytouch/wowPad 2 Adhoc hack

Posted on February 21, 2011 by AnarchyAngel

So i got my sweet ass Flytouch 2 “Android 2.1” last week, after rooting it and updating the firmware i was off having all kinds of fun with my new toy. Then i tried to connect to a Adhoc network “my phone” and was a bit taken back that not only could i not connect to adhoc networks but i couldn’t even see them in my network list. After some time on google and breaking of my wireless i found the right set up to get it working, but it wasn’t very user friendly to say the lest. So i put together a few scripts i/you/someone can use to turn adhoc support on and off with ease 🙂

DOWNLOAD
QR code
After you download to your sdcard and unzip this go into the adhoc folder and edit the wpaon.conf file to point to your AP. Then turn your wifi off get into a term with root access, cd to the adhoc dir and run ahon like so “sh ahon” Then just turn your wifi back on and it should connect right up with the AP you put in wpaon.conf. In order for this to work you must have already rooted your device and have busybox installed.

Stuff i still need to do on this is getting flash to work and upgrading to android 2.2/2.3. If anyone can help me out please drop me a line. Ok thats it enjoy.

Contents of zip:
ahon #The script to turn Adhoc on
ahoff #The script to turn Adhoc off
wpaon.conf #The file you have to edit to point to your Adhoc AP
wpaoff.conf #File used by ahoff, just leave this guy alone
wpabackup #This script will back up your current wpa_supplicant.conf file, run this before using any other tool for the first time.

USBwake

Posted on February 9, 2011 by AnarchyAngel

USBwake is a little Android app that just listens for the device to start charging, then while its charging does not let it go to sleep. I was using the wifi tether a lot lately and it would kill my connection everytime my fone would go to sleep so i made this little guy. I hope some one can get some use out of it, enjoy 🙂

DOWNLOAD: USBwake
USBwake QR

Last nights meeting.

Posted on February 5, 2011 by AnarchyAngel

Last nights meeting was great as always! Trying out the new spot went well, it was a little iffy at the start but everything worked out good. Lots of new faces which is always welcome and plenty of chatter. Lots of lock picking mayhem, as always, and dw attempted to wow us with some wifi magic but was being plague by gremlins, maybe i can get him to stop by and blog about it. By the next meeting he promised to have all the bugs worked out and give it another go, i cant wait!! I didnt take any pictures this time around, sorry i was busy 😛 ngh did some war driving on our way to the spot, about 47 miles a-b, and found a ton of aps. Ill upload the log when ever ngharo gets them to me. Ok thats it, enjoy and i hope to see everyone at the next meeting!

UPDATE: 2.7.11 – Here is the log from ngharo’s drive. Over a thousand aps in that log 😀 A big thanx to ngharo!!