Wednesday, March 19, 2008

Dansguardian, Webmin, and Ubuntu.


So i have my Ubuntu box set up as my networks NAT router, DHCP, and DNS server. Now I have a few kids and well i cant keep an eye on them all the time and while i do log their activity online i often miss lots of things in the logs as they seem to go on for ever and it got to the point that i just stopped looking at them are started looking for a better system. A while ago i had a content proxy server running on a XP pro box that seemed to do the job but was really unreliable and stop working all together at one point, so i set out to see if i could find a linux solution. I came across Dansguardian, which from what the website said was %100 better then the ones i had found for winblows. The only down side was all the install help files i could find all had you downloading firehol and tiny proxy, but non of them had a Webmin mod. So i went in and downloaded Squid proxy using Webmin 1.4 i had to edit the mod config to point to the right dir and i was hopping to use Squid as a replacement for tiny proxy. I already have Linux Firewall set up via Webmin to do NATing so thats all good, all that was left was to apt-get dansguardian. The install whent fine. I did have to chmod a few files for install, nothing big. After install i had to edit dan's config file to point it to the address of the proxy "Squid" in the networking section of Dan's config file. Now i have full web content filtering in action so no more boobies on the web for my kids :P the next step is forcing all connections to dan with out making changes to the end user's computer.

Friday, March 14, 2008

Back at it again...


Yep im, for what should be the last time, going to work on another release of A Hackers Gadget. Im going to do a little something to the port scanner and i have a few new little ideas that should make some buz. Dont look for it any time soon however cuz there is lots i plan to put in this baby, the only real hard thing im going to be facing is how to keep the gadget compact to its not taking up all the sidebar space. Along with the reopening of the M$ gadget project im starting to look at google's web gadgets, and i may even play around with firefox addons. Thats last one however is on the far back burner if you know what i mean.

Wednesday, March 12, 2008

OMG, WTF!!!


So i get a call at work from cmoney telling me that she go pulled over by the cops in what ever town on her way back from taking the kids to the dentist office, she also tells me that the van which i told her on many occasions to get registered, isnt registered and thats why she got pulled over, thats not the best of it yet. I my self have been having car trouble and have no way of getting to her, the kids or the van. She then tells me that she also has no licenses so she may be going to sit for a little while and they are going to tow the van if a licensed driver isnt there in 5 minutes!! So i got out of work a hour early, missed class and by the end of the day $360 in fines from her and another $100 to get the van registered, that i had to do despite the fact that in im the van for 15 mins at the most a week and its her "car" and i work all day and have class 3 at night while shes home all day and night with the van. Ok im sure that at this point i am no longer making any sense so ill end this post here.

Saturday, March 8, 2008

M0|23 pA$sword Crack1n6


First if you didnt already go download John The Ripper. Ok now HERES a passwd file i took from on of my old Ubuntu boxes, download it to the unzipped john dir. Now download THIS word list file to the same place you downloaded the passwd file to. Now open a command promt "Start->run->cmd" and goto the dir john is in and the rest of the files you downloaded above. Now type "john --wordlist=n_common.txt --rules passwd.txt" These settings should crack the password in just a few seconds. You just cracked your first DES encrypted password. John can also crack BSDI, MD5, BF, AFS, and LM hashes. You can find word lists from all over the place just ask google for one. As for more passwords to crack well i leave that up two you.

Wednesday, March 5, 2008

So easy even winblows can do it pt2


Another way to make winblows more hacker friendly is to have it run Python. many good hacker programs are coded in python and im sure at one point or another you have come a across a program or two you wanted but thought python = linux, and this just isnt true. Goto python.com and find the Downloads section or something close to it and find the install package for winblows. Python is %100 free and a easy setup, even a kid could do this one, just let it install using the defaults that it picks for you. I know some of you dont like hearing that but to make sure path environment variable is set correctly i suggest you do it that way. The one thing you can change is the install path of python, when you get to the "Select Destination Directory" part of the install you may want to change it to c:\py instead of c:\python25 youll know why in just a moment. Now once you have python installed and you have a py program "called run.py" you want to run just put it in the dir c:\py open a command prompt goto the dir c:\py and type "python run.py" and poof you running python programs just like in linux, just like a hacker LOL. it should look something like

c:\py> python run.py

Saturday, March 1, 2008

Hackin Upnp


I have been doing lots of research dealing with upnp and php with the goal of making a nice little tool to control any upnp enabled device or program. I have been working on this for a while now and decided to put out some small samples of php code. This snippet will discover all devices and programs in a LAN using upnp. This snippet will only send out a discover packet, you will need to be running a packet sniffer to see the replies.



?php
$host = 'udp://239.255.255.250'; //upnp broadcast address
$port = "1900"; //upnp service address
$fp = @fsockopen($host, $port, $errno, $errstr); //socket to send out packet
//start of discover headers
$soap_out = "M-SEARCH * HTTP/1.1\r\n";
$soap_out .= "HOST: 239.255.255.250:1900\r\n";
$soap_out .= "ST: ssdp:all\r\n";
$soap_out .= "MAN: \"ssdp:discover\"\r\n";
$soap_out .= "MX: 3\r\n\r\n";
//end of discover headers
fputs($fp, $soap_out, strlen($soap_out)); // send request
fclose($fp);
?>

Tuesday, February 26, 2008

Goolag buzz


is all over the place, and i have no idea why. All this thing does is scan using dorks, WOW! The person that made it even put all that fancy crap in it cuz they knew it was nothing to get worked up about, but like everything that cDc puts out ppl had high expectations for this release so that had to make up with the pretty iface and some talking bitch. Dont get me wrong i have lots of love for cDc and the ground breaking work that have done in the past but im just not feeling them on this one. I have seen dork scanners that run faster and use less resources then Goolag, but because this is a cDc release it got top story on many sites. I am sure however that cDc's next release will make up for this.

Saturday, February 23, 2008

Mythbuntu, Linksys NAS200 hack


Well ok its not really a hack but more of a work around. I just got a Linksys NAS200 with 2 500gb sata hdds, and i wanted to mount one of the HDDs to my mythbuntu box but for some odd reason you cant mount shares that have spaces in the names. So you make a new folder in PUBLIC DISK # called public. Make sure all the stuff you want to mount is in that share, then make a new share dir using the NAS Admin web interface called disk# and point it to /Disk 1/public make sure you set the access privs you want for the share. I used the PUBLIC DISK dir in this example because its the one i use to share all files to all clients on the network with and you dont need a p/w to access. If you dont have the Linksys NAS200 im sure you have no idea what im talking about but if you do then i hope this can help you out if your trying to mount the NAS200 shares

Thursday, February 21, 2008

So easy even winblows can do it


One way to make your windows box a little more hacker friendly is to have it run perl, many good hacker programs are coded in perl and im sure at one point or another you have come a across a program or two you wanted but thought perl = linux, and this just isnt true. Goto Activestate and find the Downloads section or something close to it and find the package called Activeperl. Active perl is %100 free and a easy setup, even a kid could do this one, just let it install using the defaults that pick for you. I know some of you dont like hearing that but to make sure path environment variable is set correctly i suggest you do it that way. Now once you have Activeperl installed and you have a perl program "lets call it run.pl" you want to run just open a command prompt goto the dir of the perl program and type "perl run.pl" and poof you running perl programs just like in linux, just like a hacker LOL. it should look something like

c:\download>perl run.pl

Tuesday, February 19, 2008

AHG2 hit 200!!!


A Hackers Gadget 2.0 reached 200 downloaded the other day!!! Im happy to see so many people are getting a use of my hard work, now i just need you guys to start clicking the ads in it, vote for me and maybe donate a few pennies via paypal. Thank you all for you support.

Sunday, February 10, 2008

A Hackers Gadget 2


A Hackers Gadget 2 is done and ready for download. AHG2 comes packed with many new functions which include a Mail bomber called Mail p00per, local WiFi info button that displays all your wifi/ipv4/ipv6 information. You can keep up on the latest hacker news around the world with the hacker news button scripting provided by Pen and NewToolkit.com. Another new function is the random password generator to give you fast strong reliable passwords with just a few clicks and one key stroke. AHG's most popular function, the HTTP forager, now has Tor network support!!! Main gadget graphix done by ming5 of mingming5.com. Be sure to open the settings window.

::DOWNLOAD::

Friday, February 8, 2008

Useful Linux commands


This is in no way a complete list of Linux commands, but beginners should find this list very helpful, I would recommend doing a info or man on any of the commands from this list that you use to get a better understanding of what it can do. If you have anything you think should be in this list feel free to email me.

ls :: list files in dir

ls -a :: list all files + hidden in dir

df :: shows free disk space

pwd :: tells you what dir you are in

find [FILE]:: Search for file

ps :: lists running programs and PID

cat [FILE] :: Read a text file

kill [PID] :: Kill the program with what ever PID you input

[FILE] | grep [WORD]:: Searches a file for a string or word

less [FILE] :: to read files that have more then one or two pages.

pico [FILE] :: text editor

rm -rf [DIR] :: deletes dir and all contents

tail [FILE] :: allows you to see the last few lines of a file w/o opening any programs like pico or cat

tar -zxvf [FILE].tar.gz :: untars a .tar.gz file

ifconfig :: shows network info like IP and such

ncftp :: nice FTP client

wget :: Use this to download files over protocols other then FTP

last :: shows a list of last logged in users

shutdown now :: puts the box in maintenance mode

shutdown -r now :: restarts the box

uptime :: shows you how long the system has been running

chmod [MOD] [FILE] :: change file privs

/usr/bin/gpasswd -a [USER] [GROUP] :: assigns USER to GROUP

chown [USER]:[GROUP] [FILE] :: change owner ship of file by user or group

groups [USER] :: shows what groups USER belongs to

su :: become root until exit

su- :: become root till exit and read root's environment settings

usermod -G [GROUP1],[GROUP2] [USER] :: Assign groups to a user

Sunday, February 3, 2008

p@$sw0rd Crack1n6


Cracking passwords is one attack vector that can work %100 with time being the only restraint. If trying to crack a pw on a well prepared system/app you may very well die before you ever see even one success, still it can be done. We will look at two kinds of password cracking, they are very vague so this is in no way will cover all there is to know about cracking passwords. I encourage you to ask google about cracking passwords, password crackers and brute force. In fact I suggest you use google to expand your knowledge of all the other topics that are covered here and ones to come. Ok anyway, so the “two kinds” of cracking we are going to look at are cracking of some kind of encryption protected key that we have access to. Such as liunx's passwd file or winblows SAM file. The other is cracking some kind of network service, device, or web cracking such as a forum login. The first is the kind of cracking I would call the easiest and fastest of the two. Something they both have in common is they both involve the same basic method or idea. They both use a word list known as a dictionary attack or brute force attack. Cracking something like the linux passwd file that isnt shadowed “ask google” you would use a program like Jack The Ripper that takes a word from your word list or string from the BF function “that comes as part of most crackers” encrypts it and see if it matches the encrypted key it does this until it finds a match. So now you would then have to make up your mind, to use word lists or to brute force. The main advantage of using word lists is that most ppl use human readable password making words lists more practical over using a brute force that may break the same password but could take days to finely get to that right combo of letters where as a word list could do it in just a few hours if you get really luck even after using just a few word lists. You can find word lists that cover every subject you could think of from words in Moby Dick to first and last names most common to the US or where ever. A good brute force program will have a built in function that generates the keys on demand some rip offs have you make a list that has stings with every possible combo of letters and what not then run it with the cracker. While it works kinda like a brute force it really is a dictionary attack. Now to attack a network service, device, or web cracking such as a forum login you will still be using a word list or a BF method but the encryption step is replaced with a connection to the server trying the user name and password the cracker program gets from the word list or BF function. Now that we are trying to “crack” a password from a remote location it can get really tricky, most places have all kinds of countermeasures to password crackers. Some places only allow so many attempts per some length of time for each account or IP. Others use CAPTCHAs after so many failed attempts then lock the accounts for a length of time. Thats the two main cracking types and the two basic methods used by both. Hope this helps.

Sunday, January 27, 2008

Nice job ass


It would seem some d!ck in the ass bitch going by name Az3ar "hacked" the HackBloc forums today i guess in some attempt boost his e-ego. I dont know any of the admins there really or any of the regs, i been looking mostly not really a poster there but still there was lots of good info and one hell of a good zine. I dont really know any of the details behind the attack but i hope they will explain what went down, i know ill be keeping a close eye on them for a while. This may even be the making of a hacker war?? LOL dont say it i can hear what your thinking.

Friday, January 25, 2008

Never thought i would live to see...


27 years old. Yes its my birthday today so of course it had to be a shitty cold snowy day. Needless to say i cant wait for this day to get over with...

Monday, January 21, 2008

sh!t its sping already


Well its spring semester anyway so that means work on the hacking 101 section may tapper off a bit as well as my posts. Work on AHG2 may suffer a little as well but i still plan an releasing it soon. Other then obtaining more information one good thing about all this is i have access to the online course software which i have already found a few interesting things about, come back soon im sure ill be talking about this more in the future

Tuesday, January 15, 2008

Think Thin - The skinny on thin clients p2


::Intro::
In this installment of the series we will be looking at ways to exploit a thin client based network and ways to exploit the thin client unit it self.

NOTE: If you didn’t read part one of this series I suggest you do so or you will be lost!!
Read it @ here

::FTP::
Ok here we are going to see where the thin client is getting the configuration file from. To do this we have to disconnect it from the network by removing the network cable from the back of the client. Then press and hold the power button so it turns off, then turn it back on. Right click on the desk top and select Network Manager, look to the bottom of the window that pops up. Here we should see the address to the FTP server and the home directory for that thin client. Now hoping that one of the apps your thin client is running is a web browser, connect to the FTP server and see if there are any other configuration files available. If there is great lets see what they got. Again remove the network cable from the back of the client, and power the unit down and back on again. Right click the desk top and go to Network Manager. Now at the bottom of the Network Manager window we once again see our FTP server and our home directory. Just replace our home directory with one of the others we found on the FTP server. Plug the network cable back in and get access to the apps linked to that user.

NOTE: Thin clients by default connect to FTP using anonymous login and more often then not the admin would rather setup a anonymous account on the FTP server then put usernames and passwords in all his/her thin clients.

::Pwn::
Ok we are on our clients using an app, now remember we are really connected to the server using RDP or ICA protocol. So when we send commands while using the app in the apps window it is processed by the server. Try hitting “Ctrl + Alt + Delete” and see if you get that windows pop up with buttons on it for logging off and stuff. Look for “Task Manager” If you have access to that we are up for a gold mine! Once in Task Manager hit the “ New Task…” button and start any program you want off the server!!!! That’s not all, on top of that you get dumped to the desk top of the account the client is logged on as on the server!!!! If your really lucky it will be an admin account.

::Apps::
If one of the apps you have access to is a web browser then there are lots and lots of fun things you can do. In the address bar try putting c:\ and it should dump you to the c drive of the server. See if you can access sites out side of the networks intranet. If you have shitty luck and don’t have a web browser see if you can get to anything from on the server. An app might have a “Open file” option or a search option. If you look around the apps you have access to you most likely will be able to break out of the shell and up to a higher level. If not try to make the app you do have access to error, that might dump you somewhere with better access.

::Theories::
Now that we know how to get access to the Network Manager menu and can change where the configuration file comes from, lets take it a step up. If you managed to get access to the FTP server and downloaded one of the config files to the thin client server then emailed it to your self. Then edit it, setup a FTP server with anonymous access with your edited config file. Now set the thin client up to get the config file from your FTP server and poof the thin client is using your config file!!

Why do we need to get a config file from the FTP server to edit?
The config file holds user names and passwords in plan text that are needed to gain access to the network so we can connect to the apps.

NOTE: This theory has never been tested; I got as far as needing a FTP server with anonymous access that runs on port 21 “My ISP blocks port 21 :*(“. I was however able to get access to the FTP server, download a config file and send it to my gmail account from no access at all!! This theory could very well work but until it has been tested it stays a theoy.

Here is the config file I downloaded:
SIGNON=0
AUTOLOAD=1
PRIVILEGE=None
INACTIVE=60
CONNECT=ICA \
Description="Jacrux - Jackson" \
Icon=default \
Username=jdcuser \
Password=jtest \
Domainname=office \
Browserip=192.168.1.102,192.168.1.88 \
Application="JACRUX - JACRUX" \
Autoconnect=yes \
Fullscreen=1

Here is the edited version:
SIGNON=0
AUTOLOAD=1
PRIVILEGE=High ==NOTE== I changed the priv level to high.
INACTIVE=60
CONNECT=ICA \
Description=" JACRUX pwned by Anarchy " \
Icon=default \
Username=jdcuser \
Password=jtest \
Domainname=office \
Browserip=192.168.1.102,192.168.1.88 \
Application="JACRUX pwned by Anarchy" \
Autoconnect=yes \
Fullscreen=1

Keep in mind this is the info in the .ini “configuration” file. This should give you admin access to the thin client and maybe the server.


::That’s all folks::
That’s all I have for you on this topic, feel free to email me about it. Please help me out and click the adds thanxs

Think Thin: The skinny on thin clients part 2
By: Anarchy Angel
anarchy[dot]ang31 [at] gmail
http://aahideaway.blogspot.com

Sunday, January 13, 2008

Sp00fin 3Ma1l


I made this because I couldnt find anything worth adding to the Hacking 101 section on this subject so here we go. Follow the steps below.

First you need a SMTP server, Try searching your ISPs subnet for port 25 “The defualt SMTP port”. If you dont already have a port scanner google one.

Once you have a SMTP server, if your using XP “In vista you have to open a command prompt”, goto the start button then run and in run type:
telnet smtp.ip.addess.here 25
Hit enter, once the window opens you should see some kind of 220 message, thats good. Now type:
MAIL FROM: any@email.address
You should get a 250 ok message, if you get some other message saying something about helo or hello type:
HELO
then mail from. Now set the target address by typing:
RCPT TO: target@f00.com
If you get some error try another SMTP server.
Hit enter then type: DATA and hit enter again, now start typing your message. At end of message hit enter, then type a “.” by it self w/o the “” and hit enter again. You should get a 250 email sent message. You can test this best by sending a email to your self.

More on spoofing HERE

Saturday, January 12, 2008

Site update


Well i didnt do any work on the gadget today, again i just didnt have it in me i did how ever start a new section for the site called hacking 101 to help out a friend of mine and i hope some other ppl can some use from it as you can tell it not done by a long shot but its a good start. I also added a full "as full as i could find" TCP/UDP port list and the deamons that run on them "for the most part".

Friday, January 11, 2008

Blah!


I was going to work on AHG today but i just dont feel like it, its been a long week at work and things on the home front haven't really been all that great so i just dont have it in me to any thing ATM i did do some good reading on the other hand @ GNUCITIZIN about UPnP hacking that was really a fresh look at a really misunderstood and overlooked attack vector.

Wednesday, January 9, 2008

AHG dev update

AHG development is going well, some new functions and the old ones remade with a little more power. The next rev should have some nice eye popping graphixs pending on how my graphixs bitch helps out or not. And i might be putting out a DC414 edition which will come with a few more options you cant get from the current RC. So come back soon to see what we been up too!

Wednesday, January 2, 2008

Hell yeah!!


A Hackers Gadget beta 1 reached 100 downloads today!!! Some of you may know i have already started work on AHG 2 and already reached a deal with NewsToolkit.com and Pen of NTk to use a feed from NTk crafted just for the AHG gadget!!