The March meeting was no let down, we had lots of people and as always great demos. Ngharo got it started with a make your own pringles can cantenna. 9 luck attendees got to make and take home their own cantenna! Then he kept it going with a quick demo of radio Mobile and how to use it to make a long range wireless mesh network. Then the professor gave a demo on metasploit using a java exploit to root a windows box. dw5304 took over and gave a little demo of a hacked xbox360 and using a laptop to control everything the console does. Here are some pictures from the meeting. Congrats to uberushaximus for winning 100 free hours to AOL high speed!!
Last meeting was awesome as always, we had some good demos and new faces which is always great. Ngharo started it off going around the room and asking ppl what they hacked last month and what they plan to hack next.
I gave my fakeAP demo to get credit card numbers or sniff traffic. The CC part failed :/ but the sniff part worked like a charm!! Then dw5304 gave a demo titled “Cable hacking for fun” and talked about how to get online anonymously with cable modems, getting almost unlimited bandwidth, modem cloning and lots more. Faraday came packing with some lithium ion batteries and big ass LEDs he gave out “to make flash lights out of” and stuff for making your capacitors which is always fun.
Then I spent the rest of the night drinking beer and yelling in to a ham radio, so I didn’t take any pictures. Congrats to uberushaximus for winning the dc414 free junk giveaway!
Here is a link to the github fakeAP pwnage project, it only works with Backtrack 5 and could use some improvement.
Here is the slides to dw5304’s Cable hacking for fun:
A while back we started using a bucket to collect cash donations at meetings and for a while I have been wanting to trick it out. So I was keeping an eye out for things to add other then blinking lights, then cmoney came home with a powerball advertisement thing from her gas station that has a electric pendulum thing. I wish I had a picture of it but I didn’t have the for site to take one before I took it apart.
So anyway I got right to work on making the bucket pimp. First I made a little board
with a 555 timer blinking light circuit on it.
put some lights on it and wired the pendulum thing to it.
And hot glued it all to the lid of the bucket.
Here is what it looks like all together.
Ok thats it, I hope you think its cool. If you don’t, go fuck your mom.
Klaiviel started us off by giving us a nice show of binary key card hotel locks popular over seas, showed us a 3d printed key for one of his locks, explained pick proof locks from the 40s that are no longer used but highly effective and how to make them today using regular locks. Then he showed us why he is the second best key impressionist in the world, and made a working key for a lock right in front of us and giving us step by step instructions on how to do it our selves.
I stepped in and gave a quick demo of how I made our new and improved donations bucket which I will be making a blog post on later. Darkwind came packing with a alfa wifi antenna hooked up to a satellite dish! This made a killer directional wifi antenna, we took it up to the roof of bucketworks and got signals from all over including the moon 😛 Ngharo hooked it up to his lappy and cracked a few networks 🙂
After the roof party was over and we got back down stairs Castor gave a DEFCON20 badge hacking demo and showed us how to turn our badges into any other badge type we wanted, then showed us how to make the LEDs on the badge flash out words and stuffs. Then we all just started bull shitting and talking about up coming projects.
Cmoney couldnt make it out so I took a few picture that you can view here. Congrats to darkwind and faraday for winning the dc414 free junk giveaway!!
July’s meeting was hot in more then one way! First I would like to thank genero again for his genorous donation for the raffle, which put a solid $200 in the 3d printer fund!! Also congrats to faraday for winning both the raffle and the Photoshop and WIN contest!! I know it took forever to pick a winner but we did it damnit 😛
ngharo started the demos off with talking about how he set up dc414’s new astrisk server using google voice as the SIP trunk! Then showed us how he set it up to use NMAP to scan IPs from asterisk and speak the results to you over the phone! Klaiviel took over and made Ngharo a case for his raspberry pi and a penny launcher with his sweet 3d printer. Then I stepped in and showed everyone how to send spoofed emails from the dc414 server using the email spoofer web app, then how to send spoofed txt messages using the same app 🙂 Then Tony used a SIP provider that allowed for spoofing CID to spoof a call to Vlad. Then dw5304 wowed us all with a SNMP scanner he made, showed us some of the results like accessing a routers, modems, and windmills!!
Here are some pics from the meeting thanx to cmoney and congrats to Castor for winning the dc414 free junk giveaway!
Here is Faraday with his raffle winnings!
Here is Castor and his free junk from dc414
A few meetings back I demoed my Arduino Windows attack tool. The Arduino and shield emulate a keyboard when plugged into a PC. Once triggered it opens the DOS edit program, writes some vbscript to a file called go.vbs, then runs it using wscript. The script downloads a payload from a web server. In the case of the demo it was a reverse shell that connects back to a nc listener from msf. I got the idea from the Social-Engineering Toolkit Teensy USB HID Attack but I dont have/want a teensy so I looked and looked for an Arduino version but all I could find was a USB keyboard lib, so my value add was porting it to the Arduino.
Here is the schematic for the shield: *I added a button on pin 12
Here is the code for the Arduino:
And there you have it, my Arduino Windows attack tool. Its a little messy and hacked together, but it works. Enjoy 🙂
There has been a lot of buzz about 3D printers over the last year. Prices are coming down and resolution has been increasing. Klaiviel, our resident lockpicking guru, is attempting to start a business around it. We feel that DC414 as a whole needs their hands on this technology. We’re starting a 3D printer fund starting now.
There are many options to go with but we want to get the ball rolling while research is happening in parallel. Price range we’re looking at is between $500 and $1,000 for quality printers.
This won’t happen without help from people like you. Once purchases / assembled / hacked, our goal is to make the printer accept jobs from online. We’d queue up jobs and have a webcam feed to view progress when printing remotely. Notifications would be sent out to the author upon start, completion, and possibly other metrics we can get out of the printer.
- Donate $25+ gets you free stickers
- Donate $50+ gets you a free shirt
- Donate $100+ gets you free prints for 6 months
- Donate $150+ gets you free prints and priority for 6 months
Any size donation gets you on the thank you list.
As of now we have $233 in the fund. Make your donation now (look to the right) and lets get this ball rolling.
June’s meeting was great! More new faces, lots of beer, and plenty of pizza 🙂 Ngharo got things started by making a few announcements like our new VPN that is available for donating members, and asking everyone what they are hacking ATM and what they wanna hack next. I was up next and talked about the new server and some of the sections of the site. Then Ulic gave us all the 411 on the Flamer virus sweeping the middle east and some of its unique features. dw5304 took over and gave a sweet demo on how to hack/mod the xbox360, complete with code and points of solder. We got some great pictures this time thanx to cmoney which you can view here. Congrats to nikto, Tony, and Ulic for winning the dc414 free junk giveaway.
Here is nikto and his dc414 junk 🙂
May’s meeting was off the hook, one of our best yet! Lots of new faces which is always nice, good demos, and good beer. Ngharo started it off by talking about the hackathon and THOTCON. Klaiviel did his lock master thing and said a few words about TOOOL. Darkwind gave a awesome demo on sniffing pagers. Its crazy to see all the pager traffic that is still out there. Then I showed off my Arduino windows attack tool and pwned a windows 7 box, There will a blog post about that later. Congrats to Genero for winning the dc414 free junk giveaway! I did take a bunch of pictures but my phone was full of fail and didn’t save any of them 🙁 so no pictures of the meeting this time, sorry. I promise to do better next time 😛 later.
This was the best THOTCON I have been to yet! Awesome talks, awesome beer, awesome food, and awesome people kinda sums it up for this year. Mine and ngharo’s talk went really well, and so far I have had lots of good feed back. I was a little drunk by the time we did our talk so that helped a lot, lol. My favorite talk was “Owning Payphones: 3650-Day Exploits” from savant, dude did a wonderful job and violated payphones in dirty ways! The one I learned the most from was “You put what in your DNS record?” from Mubix, yeah zone transfers are old school and I been using it for ever, but I had no idea you could do it to com and stuff, lol. Here are some pics of the swag and the con. Enjoy.
Me and ngharo giving our talk: