February Meeting Recap

Media is done, our Year of the Hack is posted above

We had about 25 Hackers from the Greater Milwaukee Area attend February’s meeting.  I mention this because it was pointed out that our event RSVPs are not an indicator of how many show up at the meetings.

Cree.py Demo

To start us off, DW5304 did a demo of cree.py

Creepy is a geoloaction OSINT Tool, that offers geolocation information gathering through social networking (twitter, instagram, etc) platforms.

SNMPwalk and SNMP shenanigans

DW5304 also conducted more shenanigans with SNMPwalk and reviewed some SNMP results he had uncovered.  There is not a whole lot I have to document within this recap, but you can start learning about SNMPwalk here

DEFCON Groups DC414 video

DEF CON Groups is holding a contest:  Year of the Hack

For this, DC414 needs to submit a link to a 3- minute (at least!) YouTube video from DC414 as a whole describing what we’re planning on accomplishing over the year

This was our most difficult demo yet.

Planning?  Accomplishing?

And furthermore…video?

We’ve been on video before.  We brought up and showed our past appearance on CBS58 (watch it for either nostalgia or the lulz).

Yet we hashed out a plan for the year.  We will put together another Know Your Rights event, as that has continued to be our most popular event, and our most popular page on dc414.org.  This time the event will be bigger and better, and we will use that as a means to laison with the community.

We had 20+ hackers participate to some level in our video submission.  We are not actors, we are very ADD/ADHD.  Getting more than 5 hackers on the same page is a feat.  Like herding cats.

We got it all done.  Some group shots, and some individual interviews.  It is all recorded now, and we have a lot of footage that will be slimmed down to both a usable submission and a blooper reel (probably more footage for the blooper reel than anything).

Links to the videos are SUBMISSION and BLOOPER REEL

Format string $20 challenge

At the last meeting I showed everyone how to use a format string vulnerability in a password storage app to bypass the master password and pull data out of memory. That is just one way to exploit this type of vulnerability so I challanged everyone at the meeting to get the app I used “code below” to execute their supplied input. The first person to let me know they got it and do a demo get $20! So it pays to be a little early.

#include < stdio.h >
#include < string.h >

int main (int argc, char *argv[])
{
char** spw = "dc414 pwnz";
char text[1025];
strcpy(text, argv[1]);
if (strcmp(text, "asd123")==0) {
printf("Correct the password is %s \n",spw);
return 0;
}
printf(text);
printf(" is wrong\n");
return 0;
}

dc414 @ barcampmke7

Last years barcampmke was awesome, everyone had lots of fun and met some great people. Some of you might remember we had a little stand last year and ran the good old wall of sheep, well we liked it so much that this year we decided to become an official sponsor of barcampmke and expand our operations. This year we will not only be doing the the wall of sheep, but we will also be running a lockpick and tamper evident village, cat5 cable making couples contest, plus giving away free beer!! To get a free beer you have to either pick a lock from the village in under 2 minutes or reveal the secret message contained in a package secured with tamper evident lables, tape, lock seals, and tug tights, or beat your competitor to making a working cat5 cable! So sharpen up on your skills and win some free beer! See you at barcamp.

July meeting sweetness

July’s meeting was hot in more then one way! First I would like to thank genero again for his genorous donation for the raffle, which put a solid $200 in the 3d printer fund!! Also congrats to faraday for winning both the raffle and the Photoshop and WIN contest!! I know it took forever to pick a winner but we did it damnit 😛

ngharo started the demos off with talking about how he set up dc414’s new astrisk server using google voice as the SIP trunk! Then showed us how he set it up to use NMAP to scan IPs from asterisk and speak the results to you over the phone! Klaiviel took over and made Ngharo a case for his raspberry pi and a penny launcher with his sweet 3d printer. Then I stepped in and showed everyone how to send spoofed emails from the dc414 server using the email spoofer web app, then how to send spoofed txt messages using the same app 🙂 Then Tony used a SIP provider that allowed for spoofing CID to spoof a call to Vlad. Then dw5304 wowed us all with a SNMP scanner he made, showed us some of the results like accessing a routers, modems, and windmills!!

Here are some pics from the meeting thanx to cmoney and congrats to Castor for winning the dc414 free junk giveaway!

Here is Faraday with his raffle winnings!

Here is Castor and his free junk from dc414

Get Your Raffle Tickets!

The super awesome genero donated a box of goodies to dc414 and we decided to raffle the entire box off at the next meeting. Tickets are $20 each, or three for $50. The more you buy the better your chances of winning are! You can secure your tickets now by clicking the donate link on the right (make sure to include your contact information) or get them at the next meeting.

We will be raffling the goodies off next meeting.

Here is a list of what’s inside:
RadioShack scanner radio, needs 12v power supply – img
Fiber to Ethernet converter – img
Finger print reader – img
PC fan still in the box – img
Bluetooth Mouse – img
Cisco Wifi antenna – img
Cable box – img
belkin video switch – img
LAN cable tester – img
IP Camera with two way audio – img
cell jammer, broken power button – img
PS3 camera – img
Linksys switch, needs power supply – img
InFocus projector, MIGHT need bulb – img
Slingbox, needs to be reset – img
Intel Core 2 Duo 2.33Ghz 4M Cache 1333Mhz FSB – img
Veo PTZ IP Camera x2 – img
Ethernet card for desktop – img
Parallax Basic module – img
Wireless Ethernet Bridge, needs reset – img
Linksys WAP, needs power supply – img
VX-5 ham radio, needs new batteries, charger, and antenna – img
Dlink ip cam x2 – img

That is a lot of stuff for just 20 bucks, but you can’t win with out a ticket so be sure to get yours and have a chance to walk away with that treasure trove of electronics!

Photoshop and WIN!

Show off you leet photoshop skillz and win a dc414 t-shirt!! Make a image for the Web Hacker skills badge and submit it by May 1st for a chance to win. A winner will be picked by all attendees at Mays dc414 meeting for the shirt and as well as 10 runners up who will all get a free random sticker!! 🙂

When you submit your entry be sure to use anarchy at dc414 dot org with a subject of “Web Hacker Skills badge image entry” to make sure I get it. Remember the badges are all one inch circles so you can be sure this contest is a test of your skills. So get gimp or what ever you use fired up, show us what you got, and good luck.