Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - imation

Pages: [1]
1
eBooks / REQUEST: Hacking Voip
« on: February 22, 2012, 09:26:16 pm »
http://my.safaribooksonline.com/book/telephony/9781593271633

Anyone got this?  :-*

2
General discussion / Research or Tools or Policy
« on: February 20, 2012, 07:37:21 pm »
So this has been on my mind for a while now and its kinda related to where my career is going to go!

I wanna ask you lot what you prefer!?

Research: Looking at  technologies(old/new), finding vulnerabilities/exploits, writing white papers/presentations etc...

Tools: Coding new/better tools/code for known vulnerabilities/exploits, better ways of working, bug hunting etc...

Policy: Writing Publications/Papers on new Security Management plans, Disaster recovery/CISSP/ISO 27001.....

Myself, im finding im edging towards the Research route!

3
Other / Fragus Crime Pack - Source!
« on: February 20, 2012, 07:21:33 pm »
http://www.offensivecomputing.net/?q=node/1850

*Evilzone or Myself are not in any way responsible for anything that happens from downloading the archive at the given link or what any users do with it*

4
Hacking and Security / XML Injection - Info
« on: January 12, 2012, 12:45:03 pm »
Im currently researching XML Injection
 
I will put together some links and any info i find..
 
https://www.owasp.org/index.php/Testing_for_XML_Injection_(OWASP-DV-008)
 
http://www.securityfocus.com/archive/1/297714
 
https://www.owasp.org/index.php/XPATH_Injection
 
https://www.owasp.org/index.php/Blind_XPath_Injection
 
http://www.ibm.com/developerworks/xml/library/x-xpathinjection/index.html
 
http://www.w3schools.com/xpath/
 
http://saxon.sourceforge.net/

5
C - C++ / [C] - Simple text Crypt
« on: January 10, 2012, 08:40:52 pm »
[C] - Simple text Crypt

so simple,

This is not my code, i cant remember where i got it but it worked for me for what i needed it for..

Code: [Select]
#include <windows.h>
#include <cstdio>

#define cryptkey  1

char sbuff[MAX_PATH];

char *crypt(char *str)
{
 unsigned char i;
 unsigned int size;

 size = lstrlen(str); //size of str

 lstrcpy(sbuff,str); //copy it to sbuff

 if (cryptkey && size < MAX_PATH) //if crypt key != 0 and size < MAX_PATH then
 {
  for (i = 0; i < size; i++)  //loop while i < size of str
    sbuff[i] = sbuff[i] ^ (cryptkey + (i * (cryptkey % 10) + 1));
    //xor curr char with (sum of cryptkey and i) multiplied by (cryptkey
    // and 10 remainder) +1
    //
 }
 return sbuff; //return sbuff
}

int main()
{
    printf(crypt("dwt+`fdeoe{dbk>r}=a~"));
    printf("\n");
    printf(crypt("alkiodmm"));
    printf("\n");
    printf(crypt("jljag6119"));
    printf("\n");
    printf(crypt("ujjmjw"));
    printf("\n");
    printf(crypt("alkiodmm {dbk>r}=a~"));
       
    return 1;
}

6
C - C++ / C - Get Window title - small code
« on: January 10, 2012, 08:28:22 pm »
Code: [Select]
#include <stdio.h>
#include <string.h>
#include <windows.h>

char szCurTitle[1024],szLastTitle[1024];


int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     char*    lpCmdLine,
                     int       nCmdShow)
{
                     
          // Get title of window
        HWND hWnd = GetForegroundWindow(); //get a handle on the current window
        GetWindowText (hWnd,szCurTitle,sizeof(szCurTitle));
          // Titles were different so update the log file and the last title
         printf("%s\n",szCurTitle);
       
       
  char* str2 = "Google";
  char* result = strstr(szCurTitle,str2);
  if( result == NULL ) printf( "Could not find '%s' in '%s'\n",str2,szCurTitle);
  else printf( "Found a substring: '%s'\n", result );
  return 0;
}

7
C - C++ / [C] - RSC - Lap time extractor
« on: January 10, 2012, 08:23:46 pm »
I Wrote this along time ago for a mate who wanted a lap time recorder for a website to publish the best times

Code: [Select]
/*
 * Let's assume that you only want the information printed, that you don't need
 * to have it all in memory at once. The program then takes a different turn...
 */
#include <stdlib.h>
#include <stdio.h>
#include <wchar.h>

/* also ident in <windows.h> too */
typedef struct _FILETIME
{
   unsigned int dwLowDateTime;
   unsigned int dwHighDateTime;
} FILETIME;

struct TrackRecordHeader
{
   unsigned int   version;          /* version == 0x0000000a */
   unsigned int   trackRecordCount; /* Number of track records stored in input */
};

void foo(float value, FILE *file)
{
   int input, hours, minutes, seconds, milli;

   input    = value;
   hours    = input / 3600;
   input   -= hours * 3600;
   minutes  = input / 60;
   input   -= minutes * 60;
   seconds  = input;

   value   -= (int)value; /* get rid of integer portion */
   milli    = value * 1000;

   fprintf(file, "time = %02d:%02d.%03d\n", minutes, seconds, milli);
}

int main(int argc, char *argv[])
{
   if ( argc > 2 )
   {
      const char *infilename  = argv[1];
      const char *outfilename = argv[2];
      FILE *input  = fopen(infilename, "rb"); /* binary input */
      FILE *output = fopen(outfilename, "w"); /* text output */
      if ( input )
      {
         printf("Opened \"%s\".\n", infilename);
         if ( output )
         {
            printf("Opened \"%s\".\n", outfilename);
         }
         else
         {
            perror(outfilename);
         }
      }
      else
      {
         perror(infilename);
      }
      size_t count;
      union /* one of the things that we will be reading */
      {
         struct TrackRecordHeader  header;
         char                      text[128];
         wchar_t                   wtext[128 / sizeof(wchar_t)];
         FILETIME                  dateTime;
         float                     fvalue;
     
      } data;
      unsigned int x, length; /* helpers for the things we are reading */

    //  printf("Opened \"%s\" for input.\n", infilename);
    //  printf("Outputting to file \"%s\".\n", outfilename);

      /*
       * Now, let's get to it. Read the header first.
       */
      count = fread(&data.header, sizeof data.header, 1, input);
      if ( count != 1 )
      {
         puts("problem with fread of header");
         return 0;
      }
    //  printf("version = %u\n", data.header.version);
    //  printf("records = %u\n", data.header.trackRecordCount);
      /*
       * We need to loop about the number of records...
       */
      length = data.header.trackRecordCount;
      for ( x = 0; x < length; ++x )
      {
         unsigned int y, len; /* text length */
         /*
          * First part of record: length of the playerName to follow.
          */
         count = fread(&len, sizeof len, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of playerNameLength");
            return 0;
         }
     //    printf("playerNameLength = %u\n", len);
         /*
          * Next item: the wchar text of playerName.
          */
         count = fread(data.wtext, len, sizeof *data.wtext, input);
         if ( count != sizeof *data.wtext )
         {
            puts("problem with fread of playerName");
            return 0;
         }
         /*
          * The strings in the input, wide or not, are not null terminated.
          * Let's just print it the hard way.
          */
          fputs("[lap time]\n", output);
       //   wprintf("playerName = " L"%s\n", data.wtext);
          fputs("playerName = ", output);
          fputws(data.wtext, output);
          fputs("\n", output);
       
         /* fputs("playerName = ", stdout);
         fputs("playerName = ", output);
         for ( y = 0; y < len; ++y )
         {
            (void)putw(data.wtext[y], stdout);
            (void)putw(data.wtext[y], output);
         }
         puts("\n"); */
         
         /*
          * Next item: the length of the carName to follow.
          */
         count = fread(&len, sizeof len, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of carNameLength");
            return 0;
         }
    //     printf("carNameLength = %u\n", len);
         /*
          * Next item: the char text of carName.
          */
         count = fread(data.text, len, sizeof *data.text, input);
         if ( count != sizeof *data.text )
         {
            puts("problem with fread of playerName");
            return 0;
         }
         /*
          * The strings in the input, wide or not, are not null terminated.
          * Let's just print it the hard way.
          */
       //  fputs("carName = ", stdout);
         fputs("carName = ", output);
         for ( y = 0; y < len; ++y )
         {
       //     putc(data.text[y], stdout);
            putc(data.text[y], output);
         }
      //   puts("\n");
         fputs("\n", output);
         /*
          * Next item: the time/date stamp.
          */
         count = fread(&data.dateTime, sizeof data.dateTime, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of dateTime");
            return 0;
         }

         /*
          * Do something with dateTime if you want.
          * I'll just throw it away and continue on.
          */

         /*
          * Next item: the time.
          */
         count = fread(&data.fvalue, sizeof data.fvalue, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of dateTime");
            return 0;
         }
         
     //     printf("Lap time = %f\n", data.fvalue);

      //   foo(data.fvalue, stdout);
         foo(data.fvalue, output);
       //  puts("\n");
         fputs("\n", output);
      }
      /*
       * Now it's time for the information at the end of the input.
       * Apparently, we've got a number of checkpoint times. Find out how many.
       */
      count = fread(&length, sizeof length, 1, input);
      if ( count != 1 )
      {
         puts("problem with fread of numberOfCheckpointTimes");
         return 0;
      }
   //   printf("numberOfCheckpointTimes = %u\n", length);
      /*
       * Show each of the checkpoint times.
       */
      for ( x = 0; x < length; ++x )
      {
         /*
          * Next item: the checkpointTimes.
          */
         count = fread(&data.fvalue, sizeof data.fvalue, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of checkpointTimes");
            return 0;
         }
         
      //   printf("checkpointTimes = %f\n", data.fvalue);

        // foo(data.fvalue, output);
      //   foo(data.fvalue, stdout);
       
      }
      /*
       * Clean up and leave.
       */
      fclose(input);
      fclose(output);
   }
   return 0;
}

8
Mobile Hacking / QR Code Fun
« on: December 21, 2011, 12:55:26 pm »
Quick Response (QR) Codes are a rapidly emerging and prevalent medium for connecting users of smartphone technologies with online content. The codes, or ciphers, are digitally generated black and white space that when scanned by a capable smart device, will decipher the code and direct the devices web browser to the embedded, associated, URL.
 
QR Codes themselves can be very easily created using a variety of online generators that are becoming increasingly free and available to use. The generation process for a QR Code is no more difficult than inserting a URL into creation tool whereby a code is automatically generated as an image file ready for physical and/or digital distribution.
From an hackers perspective, QR codes ‘potentially’ offer a new medium by which to ‘force direct’ unsuspecting users to a malware laden/malicious sites. The key reason for this is that the site URL represented by the QR code is obviously no longer identifiable/visible to the user, as the code is nothing more than a series of unmeaning black and white blocked spaces.
 
This being said, obviosuly using this combined with BeEF Project could have some awesome results.
 
So, you find a website with a Sql vuln, maybe put a post on the blog or front page with a QR code Picture or link to your malicius site/app, Keep it up for a little while, see how many users process it and have some fun..
 
Just another way of hiding links...
 
Here are some links
 
http://qrcode.kaywa.com/
 
http://www.qrstuff.com/
 
http://www.racoindustries.com/barcodegenerator/2d/qr-code.aspx
 
there are fucking loads tbh... just google
 
Here is an interesting one
 
http://wordpress.mrreid.org/2011/08/06/hacking-qr-codes/
 
http://hackaday.com/2011/08/11/how-to-put-your-logo-in-a-qr-code/
 
http://mashable.com/2011/04/18/qr-code-design-tips/
 
Have Fun
 
*DONT GET CAUGHT* *USE AT YOUR OWN RISK*

9
Hacking and Security / TTF Vuln - Discuss
« on: November 07, 2011, 03:06:37 pm »
Quote
Microsoft has revealed in the advisory that the problem is with the Windows’ TrueType font parsing engine. An attacker who exploits this vulnerability can run their own code in kernel mode and then proceed, unhindered to  install programs; modify data; or create new accounts.

So im doing a bit of research on this vuln that has been pushed and publicisied recently with the duqu virus...
 
does anybody have any info how the true type font can be fettled?
 
Tar
 
iMation

10
Found it on the Webs / Google Cheet Sheets
« on: May 12, 2011, 10:32:24 am »
I use these two sheets, pretty much everyday at work..

Very useful.

The Original Website no longer exists but credit to whoever made it!


11
Projects and Discussion / Source code leaked for pricey ZeuS crimeware kit
« on: May 11, 2011, 12:15:57 pm »
So as the title says, Zeus has been released into the wild.

http://www.theregister.co.uk/2011/05/10/zeus_crimeware_kit_leaked/

Snippets of this have been released over the last year or so and i have a few bits of code from it.

If any body sees this available, please post the link here.

I'm not wanting it for its main use, but to look through the code and learn from it.


12
Video Tutorials / Online Video Tutorials and Info
« on: May 11, 2011, 12:00:19 pm »
http://www.securitytube.net/

A very good website, ever increasing video archive!

There is a very good Wifi Hacking series.

13
Security Tools / Backtrack 5! Revolution
« on: May 11, 2011, 11:48:17 am »
http://www.backtrack-linux.org/

Released yesterday (10 May 2011)

So far, Brilliant update to an outstanding Distro!


14
Members introduction / Hello
« on: May 11, 2011, 11:33:45 am »
Hello all,

My reasons for joining Evilzone are not that of the normal "SKid" thats wanting to L2PHackRuneScapeAcc, but to further my knowledge and expertise within this environment.

I have many years experience within Computer Security and Forensics, Secure Communications and Information Awareness.

I will contribute as much as i can, and try to help people that are genuine.

I have no time for Skids, Lamers, Flamers or total Noobs.. "google is your friend"

Im looking for a "MATURE" environment, that is proactive and has a good knowledge base.

iMation

Pages: [1]


Intern0t SoldierX py1337 SecurityOverride programisiai iExploit
Want to be here? Contact Ande, Bluechill or Kulverstukas on the forum or at IRC.