Know your rights event!!

dc414 is proud to produce the “Know your rights event” on July 1st 2011 at Candlelight Collective. The goal of this event is to educate the people and teach them how they can preserve their civil liberties during police encounters with confidence. The event will start with a viewing of the 40 minute film “10 Rules for Dealing with Police” from FlexYourRights.org followed by a few words from Waring R. Fincke attorney at law. After which there will be time for any questions the audience might have.

Help us spread the word! Download this flyer, make copies and post them around!

More info HERE

Cisco Small Business RV042 XSS

The RV042 is a Dual WAN, 4 port switch, VPN Router. Work just got it in to do a little load balancing and for fail over protection. One of my favorite things to do with new toys like this guy is give them a nice once over. Which of course is how i found a XSS in the login logging functions of this device. I was originally looking for weaknesses in the login scheme and notice that my attempts are being logged, notably the user name i was trying to login as was being logged, along with a brief description of the failure. I then put non-standard characters in there which broke the UI, after some more playing around i found i was able to get html to render, from there i just started messing with XSS payloads till i found one that worked.

Here is my working XSS at the login screen:
The string i used is < iframe src="https://dc414.org" >
For password i just put in some junk

Here is what it looks like after i submit:

Here is the XSS in action 🙂

K thats it, enjoy, peace.

New meeting spot: Brewing Grounds for Change

We have switched places again, but i hope for the last time. The new venue is Brewing Grounds for Change on Farwell Avenue. For directions or more info check out the Meetings page. Another new thing we are starting is we are asking people that plan on coming to meetings to bring $5 or a non-perishable food item. The money will go toward paying for prizes “the ones we give away at meetings/events”, events and other stuff dc414. The food will go to the food pantry 🙂 We will see you at the next meeting!

May 2011 meeting

Another awesome meeting with dc414 this month. dw5304 pwned us all with his GPS jammer, and a ardunio RFID reader. The laser mic from last months meeting was busted out for a while and ngharo brought his oscilloscope which we used to mess with the RFID reader. Vladimir had some killer lasers, one of which we used to light a cig 😀 Check out the vids below to see some of the fun 🙂

The laser lighter – https://www.youtube.com/watch?v=FRFPO2X-Mao

Ardunio RFID reader demo – https://www.youtube.com/watch?v=PfCxP5Huoxw

oscilloscope + RFID play time – https://www.youtube.com/watch?v=4c5NK9idhtA