Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - imation

Pages: [1] 2
1
http://www.theguardian.com/world/2013/sep/25/nsa-reform-bill-surveillance-congress
 
i lol'd... Hard!
 
Quote
 
It would prohibit the NSA's bulk collection phone records of Americans under section 215 of the Patriot Act, the most controversial aspect of US surveillance revealed by documents supplied by Snowden to the Guardian.

So the NSA wont "collect data" they will request it from service providers that do!
 
Quote

 There is limited, if any, support in Congress for limiting the NSA's ability of monitor or gather evidence on foreigners.

Is this not the reason the NSA exists... as long as its for legitimate reasons.
 

2
Hacking and Security / IOS Dependant WIFI Hotspot?
« on: September 23, 2013, 01:20:59 pm »
So, i was doing a Wifi discovery for a client with Kismet.. a few normal home routers were being picked up but there was one that confused me.
 
"Free Public WIFI"... For some reason this could only be picked up by IOS devices..
 
KISMET couldnt see it?
 
My Iphone could..
 
Now how the fuck does that work?
 
 

3
Interesting artical!

PETERSON AIR FORCE BASE, Colo. – Air Force Space Command officials here declared Initial Operational Capability on the first of six Air Force Cyber Weapon Systems June 11.
 
The Cyberspace Vulnerability Assessment/Hunter Weapon System was declared IOC after all operational testing was successfully completed and it was determined that the CVA/Hunter Weapons System was capable of fully serving warfighter needs.
 
The mission of the CVA/Hunter Weapon System is to find, fix, track, target, engage, and assess known threats to achieve a degree of mission assurance on critical networks supporting projection of air, space, and cyberspace.  The newest Air Force Cyber Weapons System conducts active Defensive Counter-Cyberspace Operations to identify and counter Advanced Persistent Threats and perform Cyberspace Vulnerability Assessments to ensure the reliability of the Air Force’s network and mission systems.
 
The CVA/Hunter Weapon System consist of a six person crew of cyber professionals made up of a Cyberspace Crew Commander, one Cyberspace Operator, and four Cyberspace Analysts.  The teams conduct vulnerability, compliance, defense and non-technical assessments, best practice reviews, and testing to provide the 24th Air Force Commander (AFCYBER), and Combatant Commanders with a mobile precision capability to find, fix, track, target, engage, and assess cyberspace threats impacting critical links and nodes within a defined portion of the Department of Defense Information Network.
 
A weapon system includes mission equipment, certified and qualified mission ready crew force, mission support personnel and mission essential supplies.
 
The weapon system construct allows Air Force Space Command to manage operational cyber capabilities to achieve organize, train, and equip responsibilities in line with current Air Force methods.  In addition, the weapon system construct ensures these weapon systems are standardized, sustained, and available to combatant commanders and mirror the approach taken for other Air Force weapon systems aligning AFSPC with other Air Force Major Commands in the way they manage operational capabilities.

5
General discussion / Research or Tools or Policy
« on: February 20, 2012, 07:37:21 pm »
So this has been on my mind for a while now and its kinda related to where my career is going to go!

I wanna ask you lot what you prefer!?

Research: Looking at  technologies(old/new), finding vulnerabilities/exploits, writing white papers/presentations etc...

Tools: Coding new/better tools/code for known vulnerabilities/exploits, better ways of working, bug hunting etc...

Policy: Writing Publications/Papers on new Security Management plans, Disaster recovery/CISSP/ISO 27001.....

Myself, im finding im edging towards the Research route!

6
Other / Fragus Crime Pack - Source!
« on: February 20, 2012, 07:21:33 pm »
http://www.offensivecomputing.net/?q=node/1850

*Evilzone or Myself are not in any way responsible for anything that happens from downloading the archive at the given link or what any users do with it*

8
C - C++ / [C] - Simple text Crypt
« on: January 10, 2012, 08:40:52 pm »
[C] - Simple text Crypt

so simple,

This is not my code, i cant remember where i got it but it worked for me for what i needed it for..

Code: [Select]
#include <windows.h>
#include <cstdio>

#define cryptkey  1

char sbuff[MAX_PATH];

char *crypt(char *str)
{
 unsigned char i;
 unsigned int size;

 size = lstrlen(str); //size of str

 lstrcpy(sbuff,str); //copy it to sbuff

 if (cryptkey && size < MAX_PATH) //if crypt key != 0 and size < MAX_PATH then
 {
  for (i = 0; i < size; i++)  //loop while i < size of str
    sbuff[i] = sbuff[i] ^ (cryptkey + (i * (cryptkey % 10) + 1));
    //xor curr char with (sum of cryptkey and i) multiplied by (cryptkey
    // and 10 remainder) +1
    //
 }
 return sbuff; //return sbuff
}

int main()
{
    printf(crypt("dwt+`fdeoe{dbk>r}=a~"));
    printf("\n");
    printf(crypt("alkiodmm"));
    printf("\n");
    printf(crypt("jljag6119"));
    printf("\n");
    printf(crypt("ujjmjw"));
    printf("\n");
    printf(crypt("alkiodmm {dbk>r}=a~"));
       
    return 1;
}

9
C - C++ / C - Get Window title - small code
« on: January 10, 2012, 08:28:22 pm »
Code: [Select]
#include <stdio.h>
#include <string.h>
#include <windows.h>

char szCurTitle[1024],szLastTitle[1024];


int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     char*    lpCmdLine,
                     int       nCmdShow)
{
                     
          // Get title of window
        HWND hWnd = GetForegroundWindow(); //get a handle on the current window
        GetWindowText (hWnd,szCurTitle,sizeof(szCurTitle));
          // Titles were different so update the log file and the last title
         printf("%s\n",szCurTitle);
       
       
  char* str2 = "Google";
  char* result = strstr(szCurTitle,str2);
  if( result == NULL ) printf( "Could not find '%s' in '%s'\n",str2,szCurTitle);
  else printf( "Found a substring: '%s'\n", result );
  return 0;
}

10
C - C++ / [C] - RSC - Lap time extractor
« on: January 10, 2012, 08:23:46 pm »
I Wrote this along time ago for a mate who wanted a lap time recorder for a website to publish the best times

Code: [Select]
/*
 * Let's assume that you only want the information printed, that you don't need
 * to have it all in memory at once. The program then takes a different turn...
 */
#include <stdlib.h>
#include <stdio.h>
#include <wchar.h>

/* also ident in <windows.h> too */
typedef struct _FILETIME
{
   unsigned int dwLowDateTime;
   unsigned int dwHighDateTime;
} FILETIME;

struct TrackRecordHeader
{
   unsigned int   version;          /* version == 0x0000000a */
   unsigned int   trackRecordCount; /* Number of track records stored in input */
};

void foo(float value, FILE *file)
{
   int input, hours, minutes, seconds, milli;

   input    = value;
   hours    = input / 3600;
   input   -= hours * 3600;
   minutes  = input / 60;
   input   -= minutes * 60;
   seconds  = input;

   value   -= (int)value; /* get rid of integer portion */
   milli    = value * 1000;

   fprintf(file, "time = %02d:%02d.%03d\n", minutes, seconds, milli);
}

int main(int argc, char *argv[])
{
   if ( argc > 2 )
   {
      const char *infilename  = argv[1];
      const char *outfilename = argv[2];
      FILE *input  = fopen(infilename, "rb"); /* binary input */
      FILE *output = fopen(outfilename, "w"); /* text output */
      if ( input )
      {
         printf("Opened \"%s\".\n", infilename);
         if ( output )
         {
            printf("Opened \"%s\".\n", outfilename);
         }
         else
         {
            perror(outfilename);
         }
      }
      else
      {
         perror(infilename);
      }
      size_t count;
      union /* one of the things that we will be reading */
      {
         struct TrackRecordHeader  header;
         char                      text[128];
         wchar_t                   wtext[128 / sizeof(wchar_t)];
         FILETIME                  dateTime;
         float                     fvalue;
     
      } data;
      unsigned int x, length; /* helpers for the things we are reading */

    //  printf("Opened \"%s\" for input.\n", infilename);
    //  printf("Outputting to file \"%s\".\n", outfilename);

      /*
       * Now, let's get to it. Read the header first.
       */
      count = fread(&data.header, sizeof data.header, 1, input);
      if ( count != 1 )
      {
         puts("problem with fread of header");
         return 0;
      }
    //  printf("version = %u\n", data.header.version);
    //  printf("records = %u\n", data.header.trackRecordCount);
      /*
       * We need to loop about the number of records...
       */
      length = data.header.trackRecordCount;
      for ( x = 0; x < length; ++x )
      {
         unsigned int y, len; /* text length */
         /*
          * First part of record: length of the playerName to follow.
          */
         count = fread(&len, sizeof len, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of playerNameLength");
            return 0;
         }
     //    printf("playerNameLength = %u\n", len);
         /*
          * Next item: the wchar text of playerName.
          */
         count = fread(data.wtext, len, sizeof *data.wtext, input);
         if ( count != sizeof *data.wtext )
         {
            puts("problem with fread of playerName");
            return 0;
         }
         /*
          * The strings in the input, wide or not, are not null terminated.
          * Let's just print it the hard way.
          */
          fputs("[lap time]\n", output);
       //   wprintf("playerName = " L"%s\n", data.wtext);
          fputs("playerName = ", output);
          fputws(data.wtext, output);
          fputs("\n", output);
       
         /* fputs("playerName = ", stdout);
         fputs("playerName = ", output);
         for ( y = 0; y < len; ++y )
         {
            (void)putw(data.wtext[y], stdout);
            (void)putw(data.wtext[y], output);
         }
         puts("\n"); */
         
         /*
          * Next item: the length of the carName to follow.
          */
         count = fread(&len, sizeof len, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of carNameLength");
            return 0;
         }
    //     printf("carNameLength = %u\n", len);
         /*
          * Next item: the char text of carName.
          */
         count = fread(data.text, len, sizeof *data.text, input);
         if ( count != sizeof *data.text )
         {
            puts("problem with fread of playerName");
            return 0;
         }
         /*
          * The strings in the input, wide or not, are not null terminated.
          * Let's just print it the hard way.
          */
       //  fputs("carName = ", stdout);
         fputs("carName = ", output);
         for ( y = 0; y < len; ++y )
         {
       //     putc(data.text[y], stdout);
            putc(data.text[y], output);
         }
      //   puts("\n");
         fputs("\n", output);
         /*
          * Next item: the time/date stamp.
          */
         count = fread(&data.dateTime, sizeof data.dateTime, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of dateTime");
            return 0;
         }

         /*
          * Do something with dateTime if you want.
          * I'll just throw it away and continue on.
          */

         /*
          * Next item: the time.
          */
         count = fread(&data.fvalue, sizeof data.fvalue, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of dateTime");
            return 0;
         }
         
     //     printf("Lap time = %f\n", data.fvalue);

      //   foo(data.fvalue, stdout);
         foo(data.fvalue, output);
       //  puts("\n");
         fputs("\n", output);
      }
      /*
       * Now it's time for the information at the end of the input.
       * Apparently, we've got a number of checkpoint times. Find out how many.
       */
      count = fread(&length, sizeof length, 1, input);
      if ( count != 1 )
      {
         puts("problem with fread of numberOfCheckpointTimes");
         return 0;
      }
   //   printf("numberOfCheckpointTimes = %u\n", length);
      /*
       * Show each of the checkpoint times.
       */
      for ( x = 0; x < length; ++x )
      {
         /*
          * Next item: the checkpointTimes.
          */
         count = fread(&data.fvalue, sizeof data.fvalue, 1, input);
         if ( count != 1 )
         {
            puts("problem with fread of checkpointTimes");
            return 0;
         }
         
      //   printf("checkpointTimes = %f\n", data.fvalue);

        // foo(data.fvalue, output);
      //   foo(data.fvalue, stdout);
       
      }
      /*
       * Clean up and leave.
       */
      fclose(input);
      fclose(output);
   }
   return 0;
}

11
Mobile Hacking / QR Code Fun
« on: December 21, 2011, 12:55:26 pm »
Quick Response (QR) Codes are a rapidly emerging and prevalent medium for connecting users of smartphone technologies with online content. The codes, or ciphers, are digitally generated black and white space that when scanned by a capable smart device, will decipher the code and direct the devices web browser to the embedded, associated, URL.
 
QR Codes themselves can be very easily created using a variety of online generators that are becoming increasingly free and available to use. The generation process for a QR Code is no more difficult than inserting a URL into creation tool whereby a code is automatically generated as an image file ready for physical and/or digital distribution.
From an hackers perspective, QR codes ‘potentially’ offer a new medium by which to ‘force direct’ unsuspecting users to a malware laden/malicious sites. The key reason for this is that the site URL represented by the QR code is obviously no longer identifiable/visible to the user, as the code is nothing more than a series of unmeaning black and white blocked spaces.
 
This being said, obviosuly using this combined with BeEF Project could have some awesome results.
 
So, you find a website with a Sql vuln, maybe put a post on the blog or front page with a QR code Picture or link to your malicius site/app, Keep it up for a little while, see how many users process it and have some fun..
 
Just another way of hiding links...
 
Here are some links
 
http://qrcode.kaywa.com/
 
http://www.qrstuff.com/
 
http://www.racoindustries.com/barcodegenerator/2d/qr-code.aspx
 
there are fucking loads tbh... just google
 
Here is an interesting one
 
http://wordpress.mrreid.org/2011/08/06/hacking-qr-codes/
 
http://hackaday.com/2011/08/11/how-to-put-your-logo-in-a-qr-code/
 
http://mashable.com/2011/04/18/qr-code-design-tips/
 
Have Fun
 
*DONT GET CAUGHT* *USE AT YOUR OWN RISK*

12
Hacking and Security / TTF Vuln - Discuss
« on: November 07, 2011, 03:06:37 pm »
Quote
Microsoft has revealed in the advisory that the problem is with the Windows’ TrueType font parsing engine. An attacker who exploits this vulnerability can run their own code in kernel mode and then proceed, unhindered to  install programs; modify data; or create new accounts.

So im doing a bit of research on this vuln that has been pushed and publicisied recently with the duqu virus...
 
does anybody have any info how the true type font can be fettled?
 
Tar
 
iMation

13
Found it on the Webs / Google Cheet Sheets
« on: May 12, 2011, 10:32:24 am »
I use these two sheets, pretty much everyday at work..

Very useful.

The Original Website no longer exists but credit to whoever made it!


14
So as the title says, Zeus has been released into the wild.

http://www.theregister.co.uk/2011/05/10/zeus_crimeware_kit_leaked/

Snippets of this have been released over the last year or so and i have a few bits of code from it.

If any body sees this available, please post the link here.

I'm not wanting it for its main use, but to look through the code and learn from it.


15
Video Tutorials / Online Video Tutorials and Info
« on: May 11, 2011, 12:00:19 pm »
http://www.securitytube.net/

A very good website, ever increasing video archive!

There is a very good Wifi Hacking series.

Pages: [1] 2


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Bluechill or Kulverstukas on the forum or at IRC.