Saturday, December 29, 2007

Santa sucks!


or so my little girl thought. She just now got around to opening her "Magic Spin Art" toy from xmas only to find it didnt work. She got all upset i mean water works and everything and saying Santa something something i couldnt really make out. cmoney said we will get a new one but that didnt make her feel any better plus we didnt have the box nor the receipt anymore so i looked at it for a min. and said i can open it up and see if i can fix it. as you could imagine it was a very easy set up just the bat. case red going to a on/off switch that went to a motor and black from bat case to motor. as it turned out the red wire was not connected right and a good part of it was going past the connector and touching the motor which was shorting the connection. so i just bent the wire back and poof it works. Then while putting it back together the fucking red wire broke off the switch!! So i just stripped off both ends of the red wire bypassing the switch so the only way to turn it off is taking out the bat. I plan on getting a new switch but for now it works. She gave me a big old kiss and everything is good now, Santa is no longer on her shit list. I also started work on the next rev. of AHG.

Friday, December 28, 2007

Crazy, crazy

Its been a nice fast short week at work but for the last to days the network has been on the fritz fucking with the phone system and everything, man it was bad. Well i finely got it tracked down to our 3 month old Linksys 40port? switch. One of the ports was jabbering to the network and just killing out networks bandwidth so we went to office max and got some crappy dlink as a short term fix. Not sure what they picked for the replacement. I made this post only cuz i have never seen this before where the switch was the one jabbering like it was. It was a major bitch tracking it down.

Your Ad Here

Monday, December 24, 2007

A merry christmas message ...

follow the link below for a nice holiday message from me "AA" and Warner Bros.

click here

Saturday, December 22, 2007

w00t w00t

HTTP Request Forager v1.1 made 100 downloads today!! Im hoping AHG will make that soon as well. I know with your help it can be done!!

Friday, December 21, 2007

JaFUN

I just started playing around with javascript, i guess its about time really. I made a little user info box at the bottom of the nav but im still working on the ip part as you can tell it doesnt work :( If you can help out drop me a line.

Sunday, December 16, 2007

A Hackers Gadget beta 1 is ready

I made a little Vista gadget that has the HTTP request forager i made builtin to it as well as a port scanner i made but never put out. I hope to be making some updates to this soon. For now however you can DL it, try it and tell me what you think.

::DOWNLOAD::

Monday, December 10, 2007

They never learn

I saw a news posting on SecurityFocus that pissed me off to no end. Short is this company Autonomy is trying to sue a security firm for posting a exploit to the web that has already been fixed, i guess to uphold their sense of integrity perhaps or security thou obscurity. So in other words they want snoopy security firms to keep their mouths closed about their findings so....Maybe we should just stop telling them about our findings and start showing them like crackers have been going for years.

Friday, December 7, 2007

...crap

Got a new attack in the dbase, sorry i havnt been making many updates but i only have internet at work. my home connection is out for now and i have no idea when ill be getting it back :*(

Wednesday, November 28, 2007

HTTP Request Forager v1.1

Heres a script I made to forage HTTP requests for pen-testing

Download

Monday, November 26, 2007

Useful Things

Posted the sites first "Useful Things" plunder. a JavaScript Shell, very "Useful" thing for pen-testing XSS holes.

Wednesday, November 14, 2007

Think Thin

Think Thin
The skinny on thin clients
Part 1

::Intro::
In this installment of the series we will be looking at the What, Why, How, of thin clients. I made this in a two part series because this is a fairly new piece of network device technology that is popping up in our libraries, Internet Cafes, and production floors or offices all over the world. I just feel an in-depth look at thin clients and thin client technology is needed.

::What is a thin client::
In a thin client environment, clients act as terminals providing access to application and data on the servers. Rather than holding data individually on each node, applications are instead held centrally with users accessing them across the network. This way most of the data handling and processing is done on the server side.

A thin client may process only keyboard input and screen output, leaving all application processing to the server. This dedicated main server provides applications and other resources to a large number of terminals. The terminals often have just enough intelligence to operate the mouse, keyboard, monitor, and Ethernet. A thin client generally does not have a hard drive, or any other kind of drive for that matter.

Many of the latest developments at IBM *www.ibm.com* and WYSE *www.wyse.com* operate with Windows XPe, Windows CE, or embedded Linux. They have integrated Wireless, embedded network testing tools *ping and trace* and Internet Explorer or Net Scape for the linux clients, printer ports, USB 2.0, FireFox and a small amount and free ROM space to upload programs that can be accessed directly from the thin client.

::Why are so many people using thin clients::
The use of thin clients are first and for most because it can reduce annual total cost of ownership by $1000 per device per year or more in harsh environments!! This of course has IT maintenance time and replacement costs figured in, in fact a large portion of that cost reduction comes from less IT cost to maintain the network and the nodes/devices with in. Nice easy upgrading, and easy deployment of security policies, these are due to the fact that every thing is done on the server for the most part. In some situations a admin is on site maybe 10% of the time if that.

Another unique quality of the thin client is its super small foot print. About the size of a cable modem, the thin client can go places a typical desk top can not like smaller places and makes it much more mobile and less cumbersome.

::How does all this work?::
A preconfigured unit when first turned on with network access will go to the FTP server specified in the network config panel, then download the following files: a global user file usually called wlx.ini, a single user file username.ini *this file is always kept in the sub dir of /ini, that is if the global file is in c:/thin then the single user file is in c:/thin/ini and generally supersede the identically named global parameters, * and a add on files *these are kept in the addon sub dir*. These files must be created and maintained in plain text. If the thin client cant find the wlx.ini file it default to wnos.ini. DHCP can also be used to direct the thin client to the FTP server.

Users have three privilege levels of access to thin client resources:
High (default) - No restrictions.
Low - This is the level assigned to a typical user and is the thin client default.
None – The System Setup selection on the desktop menu is disabled. The Connection Manager is available, however, the user cannot create a new connection or edit an existing connection.
These privileges are in effect before login and governs access to system facilities even when the login dialog box is displayed.

The Login:
Guest – No password and no access
Stand-alone User - Makes operation of the thin client possible when user profiles or
PNLite apps are not available.
PNLite-Only User - This is similar to a Stand-alone User except that apps published by PNLite services are available (the IP address of a PNLite server is entered into the ICA Network Setup dialog box).

Ok now that the thin client has everything it needs to work you will see icons on your thin clients desk top, the icons act like short cuts to the app you want to use from the server, such as a web browser. After you click on the icons, you then will be logged on to the network and given access to the app the icon points to, as you red earlier the config for the icons are sent in the ini files the thin client gets from the FTP server. Now while its connect to the network and using the server app its operates over the net work using Microsoft’s RDP or Citrix’s version of RDP, so even if all you seem to have access to is a web browser, underneath you could have access to everything on the server that is hosting the app you are using.

That’s it for now, the next installment will be about hacking the thin client network to shreds.

Think Thin: The skinny on thin clients part 1
By: Anarchy Angel
anarchy.ang31@gmail.com
Thanx to: ibm.com, wyse.com, and google.

Saturday, November 3, 2007

Party time you gouls

My brother had a Halloween party at his house today. It was a great time, my kids really enjoyed it. Great food + great beer = great time :) I want to thank Dave and Mary for doing such a great job with the decor and setting up the kids games with prizes at the last minute, you guys did a hell of a job.

Wednesday, October 31, 2007

Tor, tor, tor...

I now have two Tor servers up and running. One at home here on mah cable and one at work on a T1!! :) What ya think bout that??

Saturday, October 27, 2007

NMAPbat

DOWNLOAD

Name: NMAPbat
By: Anarchy Angel
URL: aahideaway.blogpost.com
EMail: anarchy[DOT]ang31 [AT] gmail [DOT] com

This comes with NMAP v3

Scan types:
sS - TCP SYN stealth scan
sT - TCP connect() scan
sU - UDP scan
sP - ping scan
sF, sX, sN - Stealth FIN, Xmas, or Null scans

You can also Set a range from port 1 to whatever you want

Sample: c:/nmapbat 192.168.0.1 sS 80
That sting will scan target 192.168.0.1 using a TCP
SYN stealth scan port 1 to 80

Defualt port range is 1-31337

I got sick of having to input these commands and anti-IDS settings while pen-testing the comps at work. You can use NMAPbat to get the most out of NMAP and its awsome abilities.

DOWNLOAD

Friday, October 26, 2007

OMG!! part 2

So I got it fixed kinda. It turns out I had to download usbstor.inf to c:/windows/inf directory. Only now i have to go to device manager remove my thumb drive and make shista look for new hardware. . . GOD I hate M$.

Monday, October 22, 2007

R.I.P. Jade

My little Jade got killed today as she ran across the street in front of my house. I have had her as a pet for almost 6 years now, she was still just a baby. She loved the out doors, and hunting mice, rabbits, and birds. She also enjoyed picking on Cody "our dog" and sleeping in his bed and my chair. She leaves behind her brothers Kory, Joey, Jobe, and Cody. One Sister Kaylayn, and two loving parents, Christina, and Adam. She will be greatly missed by those she loved and those who loved her.

Wednesday, October 17, 2007

OMG!!

Holy shit Vista is pissing me off!!!!! For the life of me i cant get flash drives to work in the POS, from what i have been reading from M$ forums lots of ppl are feeling the same woes i am. I have tried every thing i can think of and everything in the forums. I fear i will be w/o my trusty flash drives until M$ gets around to making a fix for it :o(

Monday, October 15, 2007

Inboxdollar$$

Got mah first check from inboxdollars.com today :o)!!!!!!! it only cost about 6 dollars for a offer to get 28 bucks from them. You can do surveys, read emails, get cash back for shopping online @ stores they are affiliated with and they have tons of stores to pick from so you can get anything you want get cash back and in some cases they have deals running so you get money off as well. You can also play games and get paid for it, and tons of great free and cash offers. If your a first time user you also get a 5 dollar sign up bonus. If you want to get paid for doing as little as possible and start with inboxdollars click the link below.

Thursday, October 11, 2007

Ubuntu saves the day!

Ok so i told you about the new laptop for work and the issues with Vista, well when i got to work this morning me and mah boss talked about it and decided to give that laptop another try since the hardware as so bad ass and dual boot it with ubuntu which worked great! it got done around 5 so i didnt get the wifi working in ubuntu just yet and is was going to do it tonight but i had to go to mah kids open house at school and mah other kids PT conferences so mah night was all spent. I did find a nice little video on youtube on how to install Vista in about 2 min.

see the install vid here

Wednesday, October 10, 2007

Ima go to the Microsoft and take a Vista

So at work today we went and got me a new acer loptop! Its nice, AMD 64 x2, one gig RAM, and Vista. Well we get it back to the office and i get to work on setting up some network devises and what do ya know, Vista takes a crap!!!!! I mean i cant even get this manure to boot at this point so i reinstall and what do you know i get a blue screen of death WHILE IM INSTALLING!!! So i start all over, reinstall worked great this time. Only i cant use the built in wifi and the screen rolls when it comes out of hibernation :*( imma take this bitch back.

Tuesday, October 9, 2007

PBX junk

We have a PBX server at work which consists of Ubuntu with Asterisk and FreePBX. As for now the box isnt exposed to the Internet so that side of the security we have covered, the physical security is our biggest issue. I mean we dont want someone waiting in our lobby unattended to unplug the phone and hook up his laptop and have access to our network. Now while we do have a firewall between the voice and data network we took it a step further by using MAC filtering on both the firewall and on the PBX server it self. We also put PWs on the extensions to prevent someone from routing calls that way.

Monday, October 8, 2007

Samba Madness

We are setting up a new network at work to go along with the new office we are moving to, they want to have access to file shares on the main intranet server which is running ubuntu server with webmin and they dont want to have to use any IDs & PWs. So I set it up to allow all access from anyone using webmin. The down side is this also opens 139 to the net. So I "for now" am going to just block the port at the firewall. I want to set some security in Samba it self but cant seem to find anything that doesnt force the user to input IDs & PWs. Using the firewall is a nice little fix that isnt to messy but any idas are welcome.

Sunday, October 7, 2007

Firsties!!!1

With my first post I give you Asterisk/FreePBX default feature codes and the config files they come from.
As well as a link for install help for FreePBX on many platforms

Install help link [HERE] - lots of ppl use these so they can be a great place to look for passwords, or getting help installing FreePBX

Default feature codes:
extensions.conf
*411 — Directory
*78 — Do Not Disturb activate
*79 — Do Not Disturb deactivate
*98 — Check voicemail (enter extension)
*98nnn — Check voicemail (extension nnn)
*97 — Check voicemail (for calling extension)
*70 — Call Waiting activate
*71 — Call Waiting deactivate
*72 — Call Forward activate
*73 — Call Forward deactivate
*90 — Call Forward on Busy activate
*91 — Call Forward on Busy deactivate
*69 — Call trace
*11 — Log in (not used for fixed devices)
*12 — Log out (not used for fixed devices)
888 — Barge-In (unconfirmed)
8nnn — Meet-Me conferencing (nnn = 1 to 4-digit extension number)
*77 — Record announcement
*99 — Playback announcement
7777 — Simulate incoming voice call
666 — Simulate incoming fax call (unconfirmed, please update wiki)
*43 — Echo test

extensions_custom.conf
*60 — Time
*61 — Weather
*62 — Wakeup call
*65 — Playback extension
300 3nn 91npanxxxxxx — Set speed dial nn to 9-1-NPA-NXX-XXXX
3nn — Dial speed dial entry nn
*3nn — Listen to / dial speed dial entry nn

features.conf
#70 — Call Parking (Will park call on ext#71-79 and announce)