P1nky’s Cool Sh*t #1

Are you troubled by strange hacks in the night?
Do you experience feelings of dread in your basement or attic?
Have you or your friends actually seen a phreak, script kiddie, or fed?
If the answer is yes, then don’t wait another minute. Just pick up the phone and ask for the Pwnton Pack!

And don’t forget, we will be meeting again soon (whether you-know-who wants us too or not ;] )

December Meeting Recap

Whoa. A meeting recap.

post-30210-neo-woah-gif-whoa-mind-blown-t-ikvq

So what did we all do?

Caleb – Presented on Crafting Digital Radio Signals, to Control Things

He has a blog post about his Digital Radio Signals, and that was a majority of what was presented.  He was able to do a live demo of the capture of a remote outlet, and replay of the capture.

There was also “a peculiar signal hiccup”, wherein the signal to the remote outlet would not be received.  It would be similar to a jamming signal, if jamming radio signals were allowed.  Good thing we abide by all RF rules.

He demonstrated the ability to observe vehicle remote locking, and showed the lock and unlock signal.

njRAT v0.7d – Part Two

A part two would make sense with part one, but ::shrug::

Showed off the njRAT v0.7d that came along for the ride on a torrent. njRAT is a remote-access Trojan that has been used for the last few years. A 2013 report from General Dynamics / Fidelis Cybersecurity Solutions goes over detailed indicators, domains, and TTP’s in conjunction with attacks using njRAT.  It is also apparently up to version 0.9.  The malware is making a comeback, and maybe due to some evasion techniques shown. (or people just continue to be dumb in downloading from torrents.  That could be it too)

If njRAT is run, Hey, Look! It’s detected as a virus!

Instead, do some tech magic (someone can add detail) using Base64 in Microsoft Visual Studio.  Runs now, the EXE is loaded, and it doesn’t trigger alerts or errors.

njRAT_panel-3

And hey, we have a remote desktop!

If we turn on the remote webcam function…

…hey!  This is why you should tape over your webcams! And we had keyloggers, microphone access, and chats available too!

So, just don’t trust things that are pirated from the Interwebz.

Do you want this for yourself?  Do a search for njRAT or njRAT v0.7d, and you can have it yourself.  (or, it seems 0.9 is around) You will have to compile/tinker/tech magic it yourself, though.

Picking on Level 3

Well, not directly.  We were shown a few links to see Internet health

Dynatrace , Dynatrace Keynote, and DownDetector

We just couldn’t help noticing how bad Level3 looked at the time.

Hacking the HooToo HT-TM05

So this is a $40 Travel Router, and we can HACK THE SHIT OUT OF IT

HT-TM05-wireless-router

Has WiFi built in, (added?) a 128GBD SSD, and it has a full Linux kernel on it now, OpenWRT, and Powered by LuCi.  Portable power that also lasts a good portion of the day.

Can do a File Server, put movies onto it, or put a web forum on it.  We plan to set one or more of these up and carry them around DEFCON 25.

Relevant GitHub that may be useful

Some were also interested in the PirateBox , that can be built on different hardware for about $35.

Something something CYPHERCON

Yeah.  See @cyphercon or cyphercon.com if you have no clue here.

If you have a better recollection of things from our meeting, good for you! Also, we could probably use that info in this update.  Comment or edit, or e-mail some DC414 folk about your contributions.

 

 

Having fun with my Ham

I recently got a radio that I have been playing around with but there isn’t much for traffic in my area and while I can receive a few repeaters I can not transmit to them so I quickly got board and started looking for other things I can do with it.

Thats when I remembered some 2 way radios my brother got me a while back for hunting and such. I knew it had 3 channels but I had no idea what frequency they used or if it fell in the range of my new toy. Not knowing much about the 2 ways I did find a FCC ID on the back of each hand held.

After doing a quick search on the FCC ID I was delighted to see the 2 way radios operated in my toys range 🙂 So I punched the frequency in my ham radio as fast as I could, turned on the 2 way and started transmitting on my ham. I was over joyed to here my sexy voice loud and clear on the 2 way 😀

Now this is nothing new. Its not even hacking, but it sure feels like it. It was fun going from not knowing anything about it to making it work. So that was my first little adventure with radio, I hope you enjoyed it as much as I did.

November meeting recap.

First, many thanks to The Meetupery for hosting our meeting. You guys rock! Klaiviel got things going with his thingy that he plans on trying to make more of “I hope to get one!”. Then we went around the room and found out what everyone is up to. I made a few announcements that will be repeated here on a later date and Ngharo talked about his big plans for the new and improved dc414 PBX! I can’t wait for that to get done 🙂 Then dc5304 attempted to show us a super sweet SDR but ended up showing us how to brick one 😛 Then we talked about a old ass UHF/VHF scanner that you programmed with crystals I found at a yard sale. The one I got had 8 ports but only 5 crystals 4 of which had been identified with the fifth one unknown. We attempted to find the frequency of it but did not have all the right equipment. Anyway I thought it was a cool little piece of radio history so we gave it away along with a few other things. Here are a few pictures from the meeting. Congrats to the big winner college boy!

First 2012 meeting recap

January’s meeting had a few kinks but all in all everything went well and we had a few new faces in the crowd. We had some issues with the G+ hangout, but it was our first time and i’m sure it will go smoother the second time around. Then i had video issues while trying to give my LFI attacks demo and had to give a backup demo, but everyone else was awesome.

Darkwind gave his first presentation with dc414 and it was a good one for sure. He showed us some of his modded radio equipment and how to decode all sorts of transmissions, from HAM faxes, pagers, DTMF tones and more being broadcast in the air ways. Talked a little about cell tower emulators and software radios. dw5304 and Klaiviel gave us a run down of how they hacked the new xbox 360 to play ripped games off the HDD in just a few not so easy steps 😛 Then dw5304 have a little demo on resetting passwords on any windows box with just a few key strokes. I gave the last presentation of the night and after my LFI demo fail i was able to give a nice little demo of how the ODiG tool works and how it can aid in pwning networks.

One of the coolest things about the meeting, it was our honor to have Jayson Street join us via G+. We hope to see him at the next meeting. Cmoney couldn’t join us but I was able to snap a few shots here and there which you can view here. The big winner of free dc414 junk was Stephanie, here she is with her winnings: “ALFA usb 802.11n card”
Stephanie and her winnings