Vote for us in Top 100 Security Sites
|
|
|
Written by hevnsnt
|
|
Wednesday, 07 July 2010 |
 I-Hacked just turned 10 and we want YOU to win.. How about a free entry to Defcon18?
I-Hacked will be giving away a free Defcon18 Human Badge which gives the holder entry to the "World's largest hacker conference" to a lucky winner!
All you have to do to enter is: So @ihacked turned ten, and this is my entry to win. Retweet this for a chance at a free defcon ticket (http://bit.ly/bOsqSL 4info)
Here are the rules: - Each time you tweet the COMPLETE phrase above, it counts as an entry into the contest
- You can enter as many times as you want
- However, You can only enter ONCE per day
- You need to be following @ihacked to win
- The winner will be chosen randomly, so the more entries you have the better your chances.
- The winner will be notified via a Twitter direct message on Wed July 28th,
- You DO NOT need to be present in Vegas for Defcon to win. However, if you win and you are not in Vegas, you will be mailed a badge. I mean, it isn't our fault you were not there to use it. =)
- No purchase necessary, please click here for a free entry
|
|
Last Updated ( Saturday, 24 July 2010 )
|
|
Read more...
|
|
|
Written by hevnsnt
|
|
Sunday, 02 May 2010 |
|
Recently I needed a way of building an executable on a remote machine using only a keyboard. Basically I needed to "type out an executable" (think of it as I had a very basic "ah-hem" shell that I wanted to make more secure). Because my target host was Windows based, it is not as easy as uploading and compiling from source. I could of course simply use tricks found at http://commandlinekungfu.com to download the file, however I wanted to find a solution where this system didn't create any outgoing requests that resulted in the downloading of an executable. The technique described below is already being used by some very common cyber-security tools such as Fasttrack and sqlmap. It is an interesting solution, one that might help you out with a project in the future.
The problem is that you cant simply type out an executable binary. There are multiple characters that are not printable ascii, so your binary will fail if you try. However there are some tools that will allow us to convert the already compiled binary into ascii printable debug scripts, which can be reassembled using the native debug command on windows machines. Thus creating a "portable" binary that is Ascii printable, therefore gives us the ability to "type out an executable"
In order to do this we need a few things:
For this article we will be using the windows Ncat binary (http://nmap.org/ncat/) and since my machine is OSX, the python based tools in our example.
Ncat
Ncat is a feature-packed networking utility which will read and write data across a network from the command line.
Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP
and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to
other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless
number of potential uses.
Because our target is a windows host, we need to download and unpack nmap for Windows (ncat now is packaged with nmap). Because we are going to communicating this executable via ?keyboard? or some other slow method, we would be smart to compress this file as much as possible before we convert it. We will need to use a packer that self decompresses and retains the ability to execute.
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks for most of the formats supported, because of in-place decompression.
Install UPX on your system:
As you can see below, ncat can be compressed over 32% - totally worth it. (be warned, UPX packing executables decreases the stealthyness)
hevnsnt$ upx -9 -o ncat-upx.exe ncat.exe
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2009
UPX 3.05w Markus Oberhumer, Laszlo Molnar & John Reiser Apr 27th 2010
File size Ratio Format Name
-------------------- ------ ----------- -----------
175104 -> 57344 32.75% win32/pe ncat-upx.exe
Next we need to convert the UPX packed binary into a ASCII debug script, using the dbtool listed above:
python ./dbgtool.py -i ncat-upx.exe -o ncat-upx.scr
Take a second and open the ncat-upx.scr in whatever your favorite text editor is. As you can see, you now have a portable executable that is in printable ASCII.
Upload nc_upx.scr to the target Windows system (either by pasting in your shell, or however you need to do it) and then reconvert your binary to an executable with the following command: debug<DEBUGSCRIPT.scr
C:\>debug<ncat-upx.scr
There will be some debug output such as this:
e df00 57 53 32 5f 33 32 2e 64 6c 6c
e df0c 4c 6f 61 64 4c 69 62 72 61 72 79 41
e df1a 47 65 74 50 72 6f 63 41 64 64 72 65 73 73
e df2a 56 69 72 74 75 61 6c 50 72 6f 74 65 63 74
------SNIP------
This debug script will write a new file named #TEMP#. Simply rename this file to ncat-upx.exe and execute. Better get your ncat-fu ready, because your super over complicated, slow, ninja file upload is complete!
|
|
Last Updated ( Sunday, 02 May 2010 )
|
|
|
Written by hevnsnt
|
|
Monday, 25 January 2010 |
|
ShmooCon for Hope For Haiti Ticket
ALL PROCEEDS TO GO TO RED CROSS FOR HAITI
DONATIONS
For sale: 1 ShmooCon 2010 Entry
Barcode. (via ebay) Please bid it up, because I will donate 100% of all proceeds
of this action to help the unfortunate victims of the earthquake in
Haiti via Red Cross. Do the right thing, bid often and please help
spread the word via Twitter using hashtag #IhackedHaiti
What
you will Receive: - 1 Unused Shmoocon 2010 Barcode which
will allow you entry to one of the best security conferences in the
world. You will receive this via email within one day of the auctions
completion.
- FREE access to the exclusive Shmoocon party
(featuring free drinks of course). Get to meet all the security celebs
you have heard of!
- Free back-rub and lapdance from the DNS
man himself, Dan Kaminsky!*
Product Information
Title:
ShmooCon
Event Type: Security Conferece
Venue Name: Wardman Park
Marriott
Date: Feb 5 - 7 2010
Event Name: ShmooCon
City:
Washington D.C.
State: D.C.
*Note: Dan pretty much
does this to everyone,
so chances are you will get it -- but I am
not promising anything.
|
|
Last Updated ( Monday, 25 January 2010 )
|
|
|
Written by hevnsnt
|
|
Sunday, 24 January 2010 |
For those who don't know, TOR stands for the The Onion Router. TOR provides anonymous (FYI this differs from secure) access to the internet by bouncing your communications around a distributed
network of relays run by volunteers all around the world: it prevents
somebody watching your Internet connection from learning what sites you
visit, and it prevents the sites you visit from learning your physical
location. Tor works with many of your existing applications, including
web browsers, instant messaging
clients, remote login, and other applications based on the TCP protocol. (src) Think of it like every movie which has an evil hacker "He is untraceable, he is bouncing from USA to Africa to France etc..)
I have been an off-and-on again user of TOR for several years, however I really never found the "killer purpose" for using it -- After all I no longer pretend to be that bad guy hacker in a poorly written movie. However this weekend, @Surbo brought up an interesting situation: He noticed that a malicious site (which happened to be actively targeting our company) disappeared and changed tactics as soon as he started investigating it. He was concerned that the bad guys were watching THEIR logs, and took action when they saw him knocking on their door. That got me thinking, it would be nice if we had a centralized TOR server that my team could use every time we wanted to "investigate" a foreign site.
The following tutorial will walk you through setting up this centralized TOR proxy, which allows for multiple computers to easily connect and disconnect with a simple click of the mouse (and very little software to install).
|
|
Last Updated ( Monday, 25 January 2010 )
|
|
Read more...
|
|
|
Written by Notlist3d
|
|
Tuesday, 04 August 2009 |
By now, pretty much everyone has heard that it is easy to hack into WEP protected networks.
As we have seen in our Cracking WEP article, it is terribly easy. (There have been advances in cracking WEP since that article was published, it is even easier now) Yeah, WiFi is inherently insecure, but we need it... Right? Well if you ask your local security guy how you can protect your home WiFi network, surely they will come back and say: "WPA or WPA2 cannot be cracked, use it". They are wrong.
By simply installing a patch to your existing hardware, WPA came in as the "Saving Grace" for wireless networking. It corrected almost every security problem either created or ignored by WEP. However, WPA was not perfect. The method in which WPA initializes its encryption scheme is subject to capture and offline brute force attacks. Consequently, it's actually easier to crack WPA which uses a weak password than it is to crack WEP. This article will walk you through the process of retreiving and cracking a WPA network key.
|
|
Last Updated ( Tuesday, 04 August 2009 )
|
|
Read more...
|
|
|
Written by hevnsnt
|
|
Monday, 27 July 2009 |
Yes, it is that time again -- Defcon17 is quickly approaching. If you have been following my twitter stream you already know that I have been down in the CCCKC hackerspace Caves working feverishly to finish some toys/gadgets/hackerstuffs before we leave.
 If you plan on being at Defcon this year, try to find either myself
(hevnsnt) or Surbo.. We will be posting out locations via twitter, so make sure you are following ihacked on twitter because "Good things come to those who follow i-hacked". :)
Also this year our very favorite DJ, DJ Great Scott, has somehow managed to finagle his way to being in charge of the music this year, if you have not already checked out the set-list, it is looking SICK.
I look forward to seeing you all in Vegas!
-Bill (hevnsnt)
|
|
Last Updated ( Tuesday, 28 July 2009 )
|
|
Read more...
|
|
|
Written by hevnsnt
|
|
Thursday, 23 July 2009 |
People go crazy for free stuff. When you shoot it at them they love it even more.
After a couple trips to the local "Home Improvement Store" you too can build this DIY Compressed Air T-shirt Cannon and launch t-shirts, hot dogs, or really any else you can fit it the 3" wide barrel at your friends and neighbors.
Or take it with you the next time you go to "The Big Game" and shoot the T-Shirts BACK at the cheerleaders! Now that's Team Spirit! (Don't blame me if you spend the entire game in the Police station explaining exactly what your intentions where)
Features of this model:
- Interchangeable Barrels!
- Multi-Sources for compressed air (CO2 or Bike Pump)
- Lots of safety features! (Multiple ball valves, and a safety release valve)
Oh, yeah please be responsible -- dont hurt anyone
 |
|
Last Updated ( Saturday, 25 July 2009 )
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 1 - 8 of 205 |
|
|
2006 I-Hacked T-Shirts |
I-Hacked T-Shirts Have been released, Now with 3 versions! Check them out here 
|
|
