dc414 is proud to produce the “Know your rights event” on July 1st 2011 at Candlelight Collective. The goal of this event is to educate the people and teach them how they can preserve their civil liberties during police encounters with confidence. The event will start with a viewing of the 40 minute film “10 Rules for Dealing with Police” from FlexYourRights.org followed by a few words from Waring R. Fincke attorney at law. After which there will be time for any questions the audience might have.
Help us spread the word! Download this flyer, make copies and post them around!
More info HERE
The RV042 is a Dual WAN, 4 port switch, VPN Router. Work just got it in to do a little load balancing and for fail over protection. One of my favorite things to do with new toys like this guy is give them a nice once over. Which of course is how i found a XSS in the login logging functions of this device. I was originally looking for weaknesses in the login scheme and notice that my attempts are being logged, notably the user name i was trying to login as was being logged, along with a brief description of the failure. I then put non-standard characters in there which broke the UI, after some more playing around i found i was able to get html to render, from there i just started messing with XSS payloads till i found one that worked.
Here is my working XSS at the login screen:
The string i used is < iframe src="https://dc414.org" >
For password i just put in some junk
Here is what it looks like after i submit:
Here is the XSS in action 🙂
K thats it, enjoy, peace.
We have switched places again, but i hope for the last time. The new venue is Brewing Grounds for Change on Farwell Avenue. For directions or more info check out the Meetings page. Another new thing we are starting is we are asking people that plan on coming to meetings to bring $5 or a non-perishable food item. The money will go toward paying for prizes “the ones we give away at meetings/events”, events and other stuff dc414. The food will go to the food pantry 🙂 We will see you at the next meeting!
A big congrats to ngharo for being named JQuery champ by jquery.org!! He got recognized for his hours of idling in #jquery and helping out n00bies “yeah dude has too much time on his hands i know” 🙂 Every one give ngh a big round of applause and a pat on the back for being so 1337. Keep up the good work brother!
Another awesome meeting with dc414 this month. dw5304 pwned us all with his GPS jammer, and a ardunio RFID reader. The laser mic from last months meeting was busted out for a while and ngharo brought his oscilloscope which we used to mess with the RFID reader. Vladimir had some killer lasers, one of which we used to light a cig 😀 Check out the vids below to see some of the fun 🙂
The laser lighter – https://www.youtube.com/watch?v=FRFPO2X-Mao
Ardunio RFID reader demo – https://www.youtube.com/watch?v=PfCxP5Huoxw
oscilloscope + RFID play time – https://www.youtube.com/watch?v=4c5NK9idhtA