Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - lucid

Pages: [1] 2 3 ... 11
1
Scripting languages / Ruby Host Grabber
« on: April 11, 2014, 09:28:31 pm »
Figured I'd post it here because variety is nice, and this utility is the start of a bigger project I intend to work on. The idea was inspired by frog from another thread.

This utility takes nmap output from a text file and prints all the IP's to the screen. It's quite small and featureless at the moment, but fuck you go fuck yourself fucker.  ;D

Code: Ruby
  1. #!/usr/bin/ruby
  2.  
  3.  
  4. puts "Which file should we scan?"
  5.  
  6.  
  7. file = gets.chomp
  8. reg = IO.read("#{file}")
  9.  
  10.  
  11. puts "Retreived IPs from #{file}:"
  12. puts reg.scan(/(?:\d{1,3}\.){3}\d{1,3}/);
  13.  

Example file to scan:

Code: Text
  1. Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-05 00:37 UTC
  2. Nmap scan report for c-10-0-0-1.hsd.blah.comcast.net (10.0.0.1)
  3. Host is up (0.020s latency).
  4. Nmap scan report for c-10-0-0-2.hsd.blah.comcast.net (10.0.0.2)
  5. Host is up (0.026s latency).
  6. Nmap scan report for c-10-0-0-4.hsd.blah.comcast.net (10.0.0.4)
  7. Host is up (0.027s latency).
  8. Nmap scan report for c-10-0-0-6.hsd.blah.comcast.net (10.0.0.6)
  9. Host is up (0.027s latency).
  10. Nmap done: 256 IP addresses (4 hosts up) scanned in 6.47 seconds
  11.  

Output:
Code: [Select]
10.0.0.1
10.0.0.2
10.0.0.4
10.0.0.6

Thanks to Daxda for helping me get a better understanding of regex.

2
General discussion / It has come!
« on: April 09, 2014, 09:42:21 am »
It, in this case, is a Lenovo T420s. It's sleeker then I imagined, and so far it seems oh so perfect. Well I'll just post teh specs:

model name      : Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
MemTotal:          8 gb
HardDrive:         300 gb
Wifi:             Intel Centrino Advanced-N 6205
Pretty much all chipsets: Intel

It only cost around $400, and on the website it said it only had 4gb of RAM. I was very pleasantly surprised to find that it has double that! This thing was $200 less then my Asus which many of you have been hearing so much about, and it has double the RAM and a faster processor. Not to mention the fact that it's a Lenovo, so it's solid. I think my favorite part about it is that the network chipsets are all Intel. No fucking Realtek or Broadcom. Honestly didn't think that was possible. I checked online before placing the order, it's been confirmed that this laptop is quite linux compatible as per this link:  http://www.ubuntu.com/certification/hardware/201102-7326/

Sure that's just Ubuntu but it is obviously linux compatible. One thing I did observe however, is that when I fire up a live Kali usb on it(Ihaven't installed a real *nix on it yet) it frequently disconnects from the internet and then reconnects within a few seconds. I am not entirely worried about it however. I've experienced problems like this before with NetworkManager as well as wicd. So I expect that when I install Linux on it and just use netctl or wpa_supplicant to connect that it'll do just fine. I hope so at least...

It came installed with Windows 7 professional, but I intend to wipe that completely in favor of linux. No dual-boot since I already have another laptop with a dual-boot. I'm thinking Slackware since I also already have an Arch box.

EDIT: Eh, unfortunately it seems that there has been a fair few who experience the same disconnect problem with the same wifi card. Bummer, however I'm still not all that worried. Seems just about everyone is running some Debian flavor, and almost all of these people are using Wicd or NetworkManager. I hate both these utilities and don't intend on using them. I'm hoping the issue won't be there when I install Slackware and use netctl. If it does persist, there's sure to be a patch out there I can use. I won't let a little wifi trouble get in the way. This laptop is too badass.

3
Hardware / Which motha fuckin laptop motha fucka?
« on: March 31, 2014, 01:48:03 am »
Which one should I get:

http://www.newegg.com/Product/Product.aspx?Item=N82E16834313687

or

http://www.newegg.com/Product/Product.aspx?Item=N82E16834257258

The bottom one(HP) has better specs then the top one(Lenovo) to a non-negligible degree, but the only thing is that I hear really good things about Lenovo's hardware, and I'm so fucking sick to death of hardware issues that it would be worth it, even if the HP's CPU is faster and the hard drive is bigger. I don't know about HP really, but at least it's not a Dell right?

I don't know why websites never include the NIC chipset in the specs. I would REALLY like to know that info before buying a laptop. Seems everything in the world runs fucking Broadcom.

EDIT: Just realized every single review on the Lenovo said that the battery that came with it was either wrong, or non-existent. Fuck that noise. I don't know what the fuck they are doing over there at Newegg but they need to get their shit together. Every time I've ever ordered anything from Newegg, the order always get's sent back at least once before I get it. Sometimes twice due to stupid phone number issues. Like that matters so damn much. Plus I've heard lot's of stories pertaining to Newegg's inability to send the correct equipment, or parts of the whole package are missing.

I mean seriously, everyone else can do it just fine Newegg, what the fuck are you doing. Shit, maybe I should scrap both these and go to tigerdirect or something.

4
General discussion / I can haz job?
« on: March 28, 2014, 10:30:50 pm »
Many of you here have jobs working as sys admins, network admins, security analysts/researchers, etc. I am completely eluded by the process which one must go through in order to get a job in this field. Obviously I don't just walk in and grab a little application like at Burger King :P.

Of course I'm sure most of you are going to tell me that you got lucky and stumbled upon some random dude at a strip club who you then somehow started a conversation about hacking with, and he found out that you can "pwn shit real hard!" so he gave you a job.

But for those of us who aren't super lucky, I want to know how you get a job in the network/security field..... with a high emphasis on security.

5
Hardware / I can't do it anymore
« on: March 26, 2014, 02:31:58 am »
Ok. So as some of you know I've gone through three broken screens on this fucking Asus shit in under four years. The first time was dead pixels and it happened only a month or so after I bought the laptop. The second time was a year after I replaced the first laptop under warranty because of the broken screen. It was again, dead pixels, so I bought a new screen and replaced it myself. Then, only four months later(a few days ago) the screen started acting weird. It was flasshing black and sometimes would just stay black and I could see anything on the screen. Eventually it just comes back on it's own or I mashed the keyboard out of desperation. Eventually it went black and never came back on. So, I just got my third new screen yesterday after the second one lasted only four months. I replaced it yesterday.

Today, it started flashing again, just like the other one. I've had it for ONE FUCKING DAY and it's already going to shit. I'm sure it's only a matter of a few days before this screen breaks in the same fashion as the other one. What a waste of $55. I'm extremely sad and angry.

I don't get it. What the fuck is the problem? I doubt it has to do with my video card because I was able to plug it in to an external monitor(hdmi) just fine after the previous screen went black. Am I really just that unlucky and I bought 3 fucking duds? I've checked the connection to the screen and to the motherboard. They are both solid. I'm also pretty sure that I got the right screen. I mean, how hard could it fucking be? There's only a few criteria:

Does it fit?
Absolutely. Otherwise I wouldn't of even gotten it in in the first place.

Resolution?
Is 1366768, and I bought a WXGA 1366768 screen..

LED?
Duh. It has a 40 pin connector, and if I had bought the wrong one I'm sure it wouldn't have fit at all.

So what the fuck is going on. The laptop is all I have and I take good care of it. I've only had it a little under four years. So it's not like it's and old piece of shit or something. It's an Asus K53e. If I'm not buying the wrong screen, then what the fuck is the issue here? I'm getting sick to death of fucking screen issues.

6
Hardware / Other Reasons for Broken Lenovo Fan
« on: March 18, 2014, 01:22:26 am »
So I bought a fan for my old ass Lenovo IBM Thinkpad because the old one wasn't spinning which is obviously bad. I opened it up originally and found that when I turn it on, the fan spins for a few seconds and then slows to a halt.

Got my new fan in today, it fits perfectly. So I plug it in and start up the laptop. Sure enough, it did the same thing :(

First of all, I want to cry myself to sleep. Money is very difficult for me to come by, so it's wonderful news that I just wasted some. Second, does anyone know what the problem WOULD BE then? I didn't just buy a new fan, it came with the heatsink and everything. So unless I am literally the most unlucky mother fucker in the world(starting to seem highly possible), then why would the fan not spin, if it didn't have anything to do with the fan or heatsink?

7
eBooks / Assembly Language Step by Step 3rd Edition
« on: March 16, 2014, 04:49:55 am »


amazon.com
Quote
The long-awaited third edition of this bestselling introduction to assembly language has been completely rewritten to focus on 32-bit protected-mode Linux and the free NASM assembler. Assembly is the fundamental language bridging human ideas and the pure silicon hearts of computers, and popular author Jeff Dunteman retains his distinctive lighthearted style as he presents a step-by-step approach to this difficult technical discipline.

He starts at the very beginning, explaining the basic ideas of programmable computing, the binary and hexadecimal number systems, the Intel x86 computer architecture, and the process of software development under Linux. From that foundation he systematically treats the x86 instruction set, memory addressing, procedures, macros, and interface to the C-language code libraries upon which Linux itself is built.

    Serves as an ideal introduction to x86 computing concepts, as demonstrated by the only language directly understood by the CPU itself
    Uses an approachable, conversational style that assumes no prior experience in programming of any kind
    Presents x86 architecture and assembly concepts through a cumulative tutorial approach that is ideal for self-paced instruction
    Focuses entirely on free, open-source software, including Ubuntu Linux, the NASM assembler, the Kate editor, and the Gdb/Insight debugger
    Includes an x86 instruction set reference for the most common machine instructions, specifically tailored for use by programming beginners
    Woven into the presentation are plenty of assembly code examples, plus practical tips on software design, coding, testing, and debugging, all using free, open-source software that may be downloaded without charge from the Internet.
I searched fairly thoroughly and didn't find this on the forum already so I hope this isn't a dupe.

This is simply the best book on assembly I can say that I've read. This book gives a solid four chapters (at least) explaining exactly how a computer works from the cold hard metal and silicon to the soft ones and zeros. Really gave me a clear picture of all it all worked and fit together. Plus it's not a dull book like most others I've read. I highly recommend this book if you want a thorough and easy to understand book on assembly and computers. Also, thanks to TurboBorland for recommending this to me.

EZ upload:
http://upload.evilzone.org/download.php?id=4954&type=rar

and added to the index.

8
Scripting languages / [Ruby]Connect to Socat Listener for Redirection
« on: March 12, 2014, 04:56:38 am »
So, here's what I'm attempting to do. I have an HTTPS enabled webserver set up in a VM. I also have an HTTP script, with no SSL functionality. What I'm trying to do is set up a socat listener to forward requests to port 1234 on localhost to port 443 on the VM webserver. The idea is that my http client script will still successfully connect to the HTTPS server and print the page contents, by connecting to port 1234 and having socat forward the connection, allowing me to use the http script to connect to the https server without having any ssl functionality coded in. So, I start by setting up the socat listener:
Code: [Select]
socat tcp-listen:1234,fork tcp:vulnerable:443
vulnerable is the hostname of the https server. I have it configured in my /etc/hosts file. Here's the script I'm using:
Code: Ruby
  1. #!/usr/bin/ruby
  2.  
  3. require 'net/http'
  4. require 'uri'
  5.  
  6. puts "HTTP Client for Ruby!"
  7. puts "Enter the URL"
  8. $url = gets.chomp.to_i
  9.  
  10. proxy_addr = 'localhost'
  11. proxy_port = 1234
  12.  
  13. page = Net::HTTP.new($url, proxy_addr, proxy_port).start { |http|
  14.   http.get('/')
  15. }
  16.  
  17. puts page.body
  18.  
I'm currently getting this error:
Code: [Select]
/usr/lib/ruby/2.1.0/net/http.rb:879:in `initialize': no implicit conversion of Fixnum into String (TypeError)
from /usr/lib/ruby/2.1.0/net/http.rb:879:in `open'
from /usr/lib/ruby/2.1.0/net/http.rb:879:in `block in connect'
from /usr/lib/ruby/2.1.0/timeout.rb:67:in `timeout'
from /usr/lib/ruby/2.1.0/net/http.rb:878:in `connect'
from /usr/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
from /usr/lib/ruby/2.1.0/net/http.rb:852:in `start'
from http_client.rb:13:in `<main>'
Apparently, the only solution in the entire world for this error is adding .to_i at the end of gets.chomp. This doesn't fix the solution whatsoever. I'm fairly confident that I'm doing everything else correctly however, in terms of the socat listener and whatnot.

9
Scripting languages / Fucking Stupid Coding PDF's
« on: March 09, 2014, 03:31:57 am »
Let me start by saying I hate nothing more in the world then trying to learn a coding language by reading a PDF. It's slow and inefficient and I don't fucking learn anything. All they ever do is just show you a thousand examples for you to copy and see the result, which, they show you in the book. It sucks. I hate it. Goddamnit.

But, you need to learn the very basics somehow and I don't really see another way. People say that you should just start a tiny project and that's the best way to learn. Well, that doesn't exactly work if you know absolutely nothing about the language constructs and data types and whatnot. So, seems you have to learn it from a fucking book. The other thing I hate, is that there seems to be no such fucking thing as a coding book that actually teaches you the up to date language. It's always a book written in the early 2000's which is 10 versions old. Normally it's not a huge problem, but I think I might be having that problem right now. Here's an example. I'm reading the "Learning Ruby" pdf to get the very basic basics down before I start just trying to code something. Now, this little snippet:

Code: [Select]
#!/usr/bin/ruby

lang = :fr

dog = case lang
  when :en: "dog"
  when :es: "perro"
  when :fr: "chien"
  else      "dog"
end

Is taken from the book. I tried making it my own at first but got unexpected errors, so I just copy pasted directly as a test and sure enough, it still didn't work. I get this error:

Code: [Select]
case.rb:6: syntax error, unexpected ':', expecting keyword_then or ',' or ';' or '\n'
  when :en: "dog"
           ^
case.rb:7: syntax error, unexpected keyword_when, expecting end-of-input
  when :es: "perro"
Ruby 2.1 doesn't seem to like :'s. I've gotten the same error when trying to do this:

Code: [Select]

if lang == :en: puts 'dog'
    elsif lang == :es: print 'perro'
....
So how the fuck am I supposed to learn a language, from a pdf, which is incorrect? It's such a fucking unfun and poor/slow learning process. Makes me hate coding.

EDIT: Oh, and as a side note, it really fucking sucks that the vast majority of resources out there for Ruby are strictly Ruby on Rails. That's it. That's the only fucking reason anyone wants to learn Ruby ever. Ruby on Rails. I wanted to learn Ruby because I wanted a fairly simple general purpose scripting language that wasn't Python. I generally dislike web dev. I just want to learn fucking Ruby.

10
Hacking and Security / DNS Amplification Maybe?
« on: February 25, 2014, 05:20:14 am »
Ok, so some of you have heard about my recent experience with a Nigerian 419er and how he's been unsuccessfully DDoSing me for literally days(I turned off my firewall for a second to see that he's surely still goin at it).

Then today suddenly my internet went out again. I noticed in wireshark that I was receiving absolutely nothing but outbound DNS requests to two different IP's, but many different name servers. After some basic network troubleshooting and about 1000 more DNS requests, all outbound, I started thinking that this was a DNS amplification attack. Seems there isn't much one can do about such attacks. At least, according to le interweb. I tried a couple different iptables rules to no avail. I don't understand DNS amplification as well as I should, but I guess iptables doesn't do much against this.

Anyway, after some time of almost calling it quits because I was tired and feeling stupid, I went it to my router to poke around. I noticed that in the settings I had it set to a static DNS address. All I did was switch that to get dynamically from ISP, as well as my IP address, and suddenly everything went back to normal. Does this make sense?

11
Scripting languages / [RUBY]Email Bomber
« on: February 21, 2014, 09:15:10 am »
I know it's pretty lame but I don't know much about ruby yet, and I it was a good learning experience. Also, I think it might be fun to use this on spammers and scammers. Anyway, here's the code.

Code: Ruby
  1. #!/usr/bin/ruby
  2.  
  3. require 'net/smtp'
  4.  
  5. i = 0
  6. loop = 1000
  7.  
  8. message = <<EOF
  9. From: SENDER <from@domain.org>
  10. To: RECEIVER <to@domain.org>
  11. Subject: TeeHee
  12. Enjoy a bomb
  13. EOF
  14.  
  15. smtp = Net::SMTP.new 'smtp.gmail.com', 587
  16. smtp.enable_starttls
  17. smtp.start('gmail.com', 'sendingemail', 'passwd', :login) do |smtp|
  18.     while i < loop do
  19.         smtp.send_message message, 'sendingemail', 'receiving email'
  20.         sleep 2
  21.       i += 1
  22.     end
  23. end
  24.  
As you can see it uses Google, which is why the two second sleep is thrown in there. It would only allow me to send around 50 emails before getting blocked, but once I added the sleep it seems to allow much more. Not sure how much yet.

For some reason, I couldn't get a working email script with anything other then gmail, which would be preferable since this is a good way to get banned.

12
Scripting languages / [RUBY]Another HTTP Client
« on: February 20, 2014, 06:51:03 am »
This should be extremely simple and straightforward. Yet somehow I'm still managing to fail.

Code: Ruby
  1. #!/usr/bin/ruby
  2.  
  3. require 'net/http'
  4.  
  5. uri = URI('www.evilzone.org/index.php')
  6.  
  7. Net::HTTP.get(uri)
  8.  
Returns nothing. I've also tried:

Code: Ruby
  1. require 'net/http'
  2.  
  3. source = Net::HTTP.get('evilzone.org', '/index.php')
  4.  

This also returns nothing. I've read up on this on ruby-doc.org. There doesn't seem to be anything complicated about it or anything I'm missing. It just isn't returning anything, including errors.

13
Hacking and Security / Free training. Does it exist?
« on: February 11, 2014, 03:16:05 am »
In light of the fact that I'm going to be building a little home lab for pentesting, I have decided I need some resources for a little guidance. Simply put, I have two requests.

The first request; Does anyone know of/have any books related to penetration testing/exploiting networks in particular that would be a good read to go along with a lab? I'm really not looking for a book that contains nothing but using various metasploit modules against a network. I'm looking for a book that is a high/professional quality resource on pentesting a network. I've searched, but all books I find pretty much involve installing Metasploitable in a VM and using metasploit(go figure).

The second request; Are there any good hands on courses that are free involving the same topic? Does that even exist? Places like edX and Coursera don't seem to have much in that regard. Something kind of like: https://www.pentesterlab.com, but instead of web pentesting it involves network pentesting. Thank you.

14
Hardware / IT HAS COME!
« on: February 05, 2014, 10:31:32 pm »
My computer crap! My mother's husband has some old shit that I asked for, so he sent me a big package. In it were some old cables that don't really apply anymore so.. meh, some cat 5 cables, not bad, about 4 different mice, two of which are old as fuck and the other two are nice wireless ones, but don't have the adapters so, useless. There was also a USB hub with four USB slots, awesome. Finally there was not one old Lenovo like I expected, but two! The other laptop is a compaq presario. Some details:

The first one is a Lenovo IBM thinkpad. The Lenovo has Win XP on it but I wasn't gonna keep windows on that bitch anyway so, no matter. It doesn't get past the Windows logo screen, it just hangs there for ever. However, I popped in a live Arch CD and it booted right in. AWESOME!! It works quite speedily with linux in it. Haven't actually installed Arch yet, I'm thinking about installing BSD on it instead and turning it into a router/server.

I was quite surprised about this computer. It makes not a sound whatsoever when it's running. Not only that, but I discovered that it has a whopping 2gb of RAM! Which to me seems like a lot for it's relatively old age. The only downside I'm seeing right now is that it has a Broadcom ethernet controller :/. That, and I think it has a bad CPU fan, considering that about 5 minutes after starting it up with the LiveCD the bottom of it got incredibly hot.

The other one is a quite different story. While the first one doesn't make a sound, this one sounds like an airplane taking off when it starts up. It's also running Win 98 :D. It takes about 5 minutes to get to the login screen, and I don't know the password so I haven't gotten past that as of right now. Haven't paid as much attention to that one, but there is one last detail. It has a floppy drive lol.

So, I'm not really sure what to do about the old Win 98 PC yet. The Lenovo looks promising and useful, except for the part about the probable fucked CPU fan. Have any of you ever replaced a CPU fan before? The most I've done as far as laptop repairs is fixing my laptop screen, and I imagine replacing a CPU fan would be harder.

15
Scripting languages / [Perl]Grab Page With Socket
« on: February 05, 2014, 03:57:21 am »
Any particular reason why this doesn't return anything? It also prints no errors either.

Code: [Select]
#!/usr/bin/perl

use strict;
use warnings;
use IO::Socket;

my $socket = IO::Socket::INET->new(
   PeerAddr => 'www.google.com',
   PeerPort => 'http(80)',
   Proto    => 'tcp',
) or die 'Unable to get site';

print $socket "GET / HTTP/1.1";

Don't really have anything else for you, sorry.

Pages: [1] 2 3 ... 11


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Bluechill or Kulverstukas on the forum or at IRC.