User Controls
What are you hacking on?
-
2016-02-11 at 11:22 AM UTCI thought I'd make a thread similar to the immortal "What are you reading?" thread from the book nook so that people can post what they're tech stuff theyre working on from time to time.
I've gotten back into infosec, mainly webapp/browser stuff and I've been scanning sites for vulns - already got some minor hits. It's hard for me to admit this, but I'm reading up on PHP because hurr durr, there's so much of it in the wild.
How bout you's? -
2016-02-11 at 3:21 PM UTCSo I'm still in the process of making my network as secure as possible. I got a new modem / router, only to find that it didn't have a Coax cable port (yeah I know that was stupid). So now I have to buy a new one.
I'm also building my network. I designed and built a solar powered "micro computer" thing that I built and I'm probably going to turn it into a linux server for a pentesting lab.
I have two older computers that I'm fixing up and selling.
Beyond that I'm trying to work on some python because I joined a club dedicated to making duckduckgo better or something. -
2016-02-12 at 5:52 AM UTCThere's this dumb proprietary DB we use at work and the only way to query it is through this shitty late 90s era windows legacy app. All it does is send off SQL and wait for a response. And since it's an ugly ass GUI there's no way to automate anything with it. People ask me to run daily reports using this thing which is a drag. I'm working on a CLI client to the same DB that will, gods willing, at least let me rig this thing up to a cronjob and take out some of the tedium of generating reports done.
The more interesting project I'm working on is an implementation of Yinsh. I'm trying to make it as purely functional as possible (drawing to the screen is obviously not pure, but everything up to rendering is) and that's pretty fun. I have the rules implemented and a 2D representation of the game but now I want to write a webGL frontend to it because I want to do at least one 3D graphics project before I die. -
2016-02-12 at 7:56 AM UTC
The more interesting project I'm working on is an implementation of Yinsh. I'm trying to make it as purely functional as possible (drawing to the screen is obviously not pure, but everything up to rendering is) and that's pretty fun. I have the rules implemented and a 2D representation of the game but now I want to write a webGL frontend to it because I want to do at least one 3D graphics project before I die.
I'd be kind of cool if you put the finished game on this site. Also, you may want to look into https://libgdx.badlogicgames.com/ (this has grow a bit since I've used it back before an official release). That's what I used to make my first game, and I used it to start others including two 3D games, but never finished any of these.
I'm personally messing with some routers at free wifi hotspots and messing around with a little VirginMobile hotspot I have. I have come across one router where I a response from a high port that says "Vty password is not set". -
2016-02-13 at 7:26 AM UTC
I'd be kind of cool if you put the finished game on this site. Also, you may want to look into https://libgdx.badlogicgames.com/ (this has grow a bit since I've used it back before an official release). That's what I used to make my first game, and I used it to start others including two 3D games, but never finished any of these.
I'm personally messing with some routers at free wifi hotspots and messing around with a little VirginMobile hotspot I have. I have come across one router where I a response from a high port that says "Vty password is not set".
That's pretty cool shit, looking forward to reading about your findings. I think that these public wifi routers can't be all that secure, especially since you're on the same network and it'd be relatively easy to brute force stuff.
I found the ftp server on my ISP's router doesn't work because it expects a USB drive - Imma going to plug one in and try to authenticate with anonymous:anonymous.There's this dumb proprietary DB we use at work and the only way to query it is through this shitty late 90s era windows legacy app. All it does is send off SQL and wait for a response. And since it's an ugly ass GUI there's no way to automate anything with it. People ask me to run daily reports using this thing which is a drag. I'm working on a CLI client to the same DB that will, gods willing, at least let me rig this thing up to a cronjob and take out some of the tedium of generating reports done.
The more interesting project I'm working on is an implementation of Yinsh. I'm trying to make it as purely functional as possible (drawing to the screen is obviously not pure, but everything up to rendering is) and that's pretty fun. I have the rules implemented and a 2D representation of the game but now I want to write a webGL frontend to it because I want to do at least one 3D graphics project before I die.
Ugh, that proprietary DB stuff sounds fucking annoying. How did you figure out how to connect to the db to make your CLI client work? I'd assume the protocol would be proprietary as well. Ditto on the 3d game project.So I'm still in the process of making my network as secure as possible. I got a new modem / router, only to find that it didn't have a Coax cable port (yeah I know that was stupid). So now I have to buy a new one.
I'm also building my network. I designed and built a solar powered "micro computer" thing that I built and I'm probably going to turn it into a linux server for a pentesting lab.
I have two older computers that I'm fixing up and selling.
Beyond that I'm trying to work on some python because I joined a club dedicated to making duckduckgo better or something.
Pics man, pics! Who do you sell these computers to if you dont mind me asking?
Me, I'm wrapping up that PHP resource and trying my hand at analyzing code to find vulnerabilities that way. I gotta get better at blackbox testing if I wanna make any cash money off of bug bounties.
-
2016-02-13 at 4:02 PM UTC
Pics man, pics! Who do you sell these computers to if you dont mind me asking?
Me, I'm wrapping up that PHP resource and trying my hand at analyzing code to find vulnerabilities that way. I gotta get better at blackbox testing if I wanna make any cash money off of bug bounties.
Sure. I'll post some stuff up once I get it working. As of now all I have are laptops because I destroyed my apache web server by short circuiting it.
Expect a network thread here in a few weeks.
-
2016-02-16 at 8:58 AM UTCHaving finished fucking around with PHP, I'm focusing on a toy python project that I can show off and that might net me in some contracts or at least - github stars. I also got some bug bounties, but nowhere near enough to support myself, so Im trying to figure out a way to get mo' money. Maybe sometime this week I'll actually post some code that cant be linked back to me but that's still worth sharing.
-
2016-02-18 at 10:33 AM UTCSup dawgs. I made a little greasemonkey script to enhancement out the shitty forums from this beautiful site and also to move TT way up top so I don't have to scroll. I'm thinking of adding some more enhancementing, perhaps based on topic titles or usernames and definitely gonna add a "click this button to load this image which is from http://..." function.
(function() {
var parentGetter = function(node, parentTag) {
if (node.nodeName == parentTag) {
return node;
} else {
return parentGetter(node.parentNode, parentTag);
}
}
var whiteList = ['Help and Suggestions', 'Nigga News', 'DIY', 'Flora & Fauna',
'Money Money Money...', 'STEMpremacy', 'Games People Play',
'Gearheads', 'Oh the Humanities!', 'Politics: Left, Reich, and Center',
'Printed Matter', 'Reinvent Yourself', 'Technophiliacs & Technophiles'];
var forums = document.querySelectorAll('.forum-title');
var tt = document.querySelector(
'.forum-title[href="http://niggasin.space/forum/technophiliacs-technophiles"]');
var ttClone = parentGetter(tt, 'TR').cloneNode(true);
var tbodyParent = parentGetter(forums[0], 'TBODY');
tbodyParent.insertBefore(ttClone, parentGetter(forums[0], 'TR'));
for (var i = 0; i < forums.length; i++) {
if (whiteList.indexOf(forums[i].text) < 0) {
var row = parentGetter(forums[i], 'TR');
row.remove();
}
};
})();
Im also trying to cancel image loading before the browser starts making GET requests, but no luck with greasemonkey yet, most likely because the event triggers come too late. Here's what I got so far though:
(function() {
MutationObserver = window.MutationObserver;
var observer = new MutationObserver(function(mutations) {
mutations.forEach(function(mutation) {
var addedNodes = mutation.addedNodes;
for (var i = 0; i < addedNodes.length; i++) {
if (addedNodes[i].nodeName == 'IMG') {
addedNodes[i].src = '';
}
}
});
});
// pass in the target node, as well as the observer options
observer.observe(document, {childList: true, subtree: true, attributes: true});
setTimeout(function() {
observer.disconnect();
}, 2000);
})();
-
2016-02-18 at 5:52 PM UTCOk, one last thing today, I promise - you can drain someone's phone battery by running an aggressive nmap scan again the phone when it's on a wifi network. Just run
nmap -A -T5 <phone's ip>
And sit back.
-
2016-02-18 at 6:02 PM UTC
Ugh, that proprietary DB stuff sounds fucking annoying. How did you figure out how to connect to the db to make your CLI client work? I'd assume the protocol would be proprietary as well. Ditto on the 3d game project.
Yeah, but the protocol is pretty simple, no encryption so I just watched a few requests through wireshark. Auth is done through LDAP so that can be handed off to a library. The actual protocol is text/linebased, Basically HTTP but the status line has a different format. I haven't tried it out on large query results so there may be some custom mechanism for row-chunking but I want to get the simple case done first, hopefully I can demonstrate value with that and get my employer to pay me to develop/maintain this thing. -
2016-02-22 at 11:02 AM UTC
Yeah, but the protocol is pretty simple, no encryption so I just watched a few requests through wireshark. Auth is done through LDAP so that can be handed off to a library. The actual protocol is text/linebased, Basically HTTP but the status line has a different format. I haven't tried it out on large query results so there may be some custom mechanism for row-chunking but I want to get the simple case done first, hopefully I can demonstrate value with that and get my employer to pay me to develop/maintain this thing.
Purty cool. Mind if I ask what are you using for networking? I've had good experiences with Python's Twisted library, but I'm aching to mess around with Elixir for networking purposes.
-
2016-02-22 at 3:25 PM UTCI'm working on learning malware analysis with Immunity Debugger and trying to understand malware on a more deeper level, awesome program by the way, also good for developing exploits it would seem. Pic related:
Also to begin with i chose to analyze a piece of malware i made myself to get familiar with the debugger and better understand everything that is going on. The malware i wrote operates as follows: When it gets clicked it asks for admin privilege(Usually it would be bound to an innocent binary so this would not be suspiscious) after that it copies itself to a certain folder and adds a registry entry for persistence, then it starts to listen on port 8899 for incoming connections. Once a connection is made it will spawn an OS shell, to be controlled by metasploit's payload handler.
If you're interested in the piece you can download/clone it as per usual directly from my github.
https://github.com/NullArray/Shellware
I also am always up for getting better at python so give me a problem of intermediate difficulty and i will try to solve it programatically or just a fun project or an idea for malware. -
2016-02-22 at 4:41 PM UTC
I'm working on learning malware analysis with Immunity Debugger and trying to understand malware on a more deeper level, awesome program by the way, also good for developing exploits it would seem. Pic related:
Also to begin with i chose to analyze a piece of malware i made myself to get familiar with the debugger and better understand everything that is going on. The malware i wrote operates as follows: When it gets clicked it asks for admin privilege(Usually it would be bound to an innocent binary so this would not be suspiscious) after that it copies itself to a certain folder and adds a registry entry for persistence, then it starts to listen on port 8899 for incoming connections. Once a connection is made it will spawn an OS shell, to be controlled by metasploit's payload handler.
If you're interested in the piece you can download/clone it as per usual directly from my github.
https://github.com/NullArray/Shellware
I also am always up for getting better at python so give me a problem of intermediate difficulty and i will try to solve it programatically or just a fun project or an idea for malware.
Nice! The only debugger's I've ever used were ollydb and radare, but RE never seemed to stick with me. I'll write more later, gotta run now. But, here's something I stumbled upon today that sounds like it might interest you: https://blindseeker.com/blahg/?p=730
-
2016-02-23 at 2:35 AM UTC
Nice! The only debugger's I've ever used were ollydb and radare, but RE never seemed to stick with me. I'll write more later, gotta run now. But, here's something I stumbled upon today that sounds like it might interest you: https://blindseeker.com/blahg/?p=730
The main reason why i want to be able to analyze malware is to be a better malware dev myself. Plus it's interesting to see what goes on behind the scenes so to speak. Also i follow that blindseeker guy on Twitter he also goes by the handle da_667 and is a pretty big deal in the twitter infosec scene, if you want i can PM you my infosec twitter. Basically what i do is post reports on hacks, programs i'm working on or are done for distribution and sometimes a joke or two. I tend to post once or twice a week depending on what i got cooking at the time. -
2016-02-23 at 2:46 AM UTC
Purty cool. Mind if I ask what are you using for networking? I've had good experiences with Python's Twisted library, but I'm aching to mess around with Elixir for networking purposes.
Just Java's wrapper around OS sockets. I'm probably the furthest thing there is from a "java person" but at work if you want to run something on a server it's a pain in the ass if it's not java. Well it's a pain in the ass if it is, but everything has to go through "architectural review" and most our dumbass architects can't read anything else so that's how it goes.
I've never been a huge fan of Twisted although I admit it's been a number of years since I've used it. Gevent, while not a networking library per se, is one of my favorite pieces of software of all time so when I need to do async IO in Python it's pretty much a no-brainer to go with gevent. Elixir does sound cool, I've been wanting to pick up a language from erlang-land for a while now. -
2016-02-23 at 6:13 PM UTC
The main reason why i want to be able to analyze malware is to be a better malware dev myself. Plus it's interesting to see what goes on behind the scenes so to speak. Also i follow that blindseeker guy on Twitter he also goes by the handle da_667 and is a pretty big deal in the twitter infosec scene, if you want i can PM you my infosec twitter. Basically what i do is post reports on hacks, programs i'm working on or are done for distribution and sometimes a joke or two. I tend to post once or twice a week depending on what i got cooking at the time.
Ha, shouldve known you were deeper in that scene than me. No offense, but I'd like to keep my online personas as separate as possible. I'd love to checkout malware one day, but now I'm focusing on web/browser stuff, hoping to start my infosec career off of that, then once I get a decent foothold, start exploring stuff like malware.Just Java's wrapper around OS sockets. I'm probably the furthest thing there is from a "java person" but at work if you want to run something on a server it's a pain in the ass if it's not java. Well it's a pain in the ass if it is, but everything has to go through "architectural review" and most our dumbass architects can't read anything else so that's how it goes.
I've never been a huge fan of Twisted although I admit it's been a number of years since I've used it. Gevent, while not a networking library per se, is one of my favorite pieces of software of all time so when I need to do async IO in Python it's pretty much a no-brainer to go with gevent. Elixir does sound cool, I've been wanting to pick up a language from erlang-land for a while now.
Oh man, I've never had to go through that kinda review process, I've only heard about it from people 10 years my senior. I should hunt down a job like that just to see what it's like.
Funny enough, I've never had a chance to use gevent, but now you made me wanna try it out. I've been exploring Python 3's asyncio module and it's quite a joy - I wonder how those two compare, or even if they can compare (apples, oranges, maybe?).
-
2016-02-26 at 9:23 AM UTCWell, I just caved and got two of these Zsun wifi+card reader bundles from http://www.gearbest.com/zsun-_gear/ . 20$, but gotta wait a month until it gets here. Well, just enough time to make some plan on how to use these. (wifi repeater / solar powered / mobile AP for MITM / piratebox / wifi beacon reader, whatevs)
~400mhz, 16mb flash, 64mb memory, runs openwrt -> https://wiki.hackerspace.pl/projects...fi-card-reader