The lack of updates in 2011 was nothing short of embarrassing. Well I have some exciting news, I-Hacked is evolving into a community-driven web application with a simple mission: Provide the most up-to-date and correct process for hacking all of your consumer electronics.
In order for this to happen, I am reaching out to the hacking community for help. I am looking for people who are interested in joining a select team who will create a new internet application to fill this requirement. Specifically I am looking for:
This presentation will explore the multiple security issues within Evite and exploit them using Social Engineering attacks for huge lulz. Grab a beer and sit back as you watch the fireworks while the bride confronts her "friend" who just called her fat. Go ahead, click "YES" to that Evite because after this presentation there will be no more dull parties! From taking over accounts, impersonating guests or banning them forever, Evite just got a whole lot more fun.
So @ihacked turned ten, and this is my entry to win. Retweet this for a chance at a free defcon ticket (http://bit.ly/bOsqSL 4info)
Here are the rules:
Each time you tweet the COMPLETE phrase above, it counts as an entry into the contest
You can enter as many times as you want
However, You can only enter ONCE per day
You need to be following @ihacked to win
The winner will be chosen randomly, so the more entries you have the better your chances.
The winner will be notified via a Twitter direct message on Wed July 28th,
You DO NOT need to be present in Vegas for Defcon to win. However, if you win and you are not in Vegas, you will be mailed a badge. I mean, it isn't our fault you were not there to use it. =)
No purchase necessary, please click here for a free entry
Recently I needed a way of building an executable on a remote machine using only a keyboard. Basically I needed to "type out an executable" (think of it as I had a very basic "ah-hem" shell that I wanted to make more secure). Because my target host was Windows based, it is not as easy as uploading and compiling from source. I could of course simply use tricks found at http://commandlinekungfu.com to download the file, however I wanted to find a solution where this system didn't create any outgoing requests that resulted in the downloading of an executable. The technique described below is already being used by some very common cyber-security tools such as Fasttrack and sqlmap. It is an interesting solution, one that might help you out with a project in the future.
The problem is that you cant simply type out an executable binary. There are multiple characters that are not printable ascii, so your binary will fail if you try. However there are some tools that will allow us to convert the already compiled binary into ascii printable debug scripts, which can be reassembled using the native debug command on windows machines. Thus creating a "portable" binary that is Ascii printable, therefore gives us the ability to "type out an executable"
For this article we will be using the windows Ncat binary (http://nmap.org/ncat/) and since my machine is OSX, the python based tools in our example.
Ncat
Ncat is a feature-packed networking utility which will read and write data across a network from the command line.
Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP
and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to
other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless
number of potential uses.
Because our target is a windows host, we need to download and unpack nmap for Windows (ncat now is packaged with nmap). Because we are going to communicating this executable via ?keyboard? or some other slow method, we would be smart to compress this file as much as possible before we convert it. We will need to use a packer that self decompresses and retains the ability to execute.
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks for most of the formats supported, because of in-place decompression.
Take a second and open the ncat-upx.scr in whatever your favorite text editor is. As you can see, you now have a portable executable that is in printable ASCII.
Upload nc_upx.scr to the target Windows system (either by pasting in your shell, or however you need to do it) and then reconvert your binary to an executable with the following command: debug<DEBUGSCRIPT.scr
This debug script will write a new file named #TEMP#. Simply rename this file to ncat-upx.exe and execute. Better get your ncat-fu ready, because your super over complicated, slow, ninja file upload is complete!
ShmooCon for Hope For Haiti Ticket ALL PROCEEDS TO GO TO RED CROSS FOR HAITI
DONATIONS
For sale: 1 ShmooCon 2010 Entry
Barcode. (via ebay) Please bid it up, because I will donate 100% of all proceeds
of this action to help the unfortunate victims of the earthquake in
Haiti via Red Cross. Do the right thing, bid often and please help
spread the word via Twitter using hashtag #IhackedHaiti
What
you will Receive:
1 Unused Shmoocon 2010 Barcode which
will allow you entry to one of the best security conferences in the
world. You will receive this via email within one day of the auctions
completion.
FREE access to the exclusive Shmoocon party
(featuring free drinks of course). Get to meet all the security celebs
you have heard of!
Free back-rub and lapdance from the DNS
man himself, Dan Kaminsky!*
Product Information Title:
ShmooCon Event Type: Security Conferece Venue Name: Wardman Park
Marriott Date: Feb 5 - 7 2010 Event Name: ShmooCon City:
Washington D.C. State: D.C. *Note: Dan pretty much
does this to everyone, so chances are you will get it -- but I am
not promising anything.
For those who don't know, TOR stands for the The Onion Router. TOR provides anonymous (FYI this differs from secure) access to the internet by bouncing your communications around a distributed
network of relays run by volunteers all around the world: it prevents
somebody watching your Internet connection from learning what sites you
visit, and it prevents the sites you visit from learning your physical
location. Tor works with many of your existing applications, including
web browsers, instant messaging
clients, remote login, and other applications based on the TCP protocol. (src) Think of it like every movie which has an evil hacker "He is untraceable, he is bouncing from USA to Africa to France etc..)
I have been an off-and-on again user of TOR for several years, however I really never found the "killer purpose" for using it -- After all I no longer pretend to be that bad guy hacker in a poorly written movie. However this weekend, @Surbo brought up an interesting situation: He noticed that a malicious site (which happened to be actively targeting our company) disappeared and changed tactics as soon as he started investigating it. He was concerned that the bad guys were watching THEIR logs, and took action when they saw him knocking on their door. That got me thinking, it would be nice if we had a centralized TOR server that my team could use every time we wanted to "investigate" a foreign site.
The following tutorial will walk you through setting up this centralized TOR proxy, which allows for multiple computers to easily connect and disconnect with a simple click of the mouse (and very little software to install).
By now, pretty much everyone has heard that it is easy to hack into WEP protected networks.
As we have seen in our Cracking WEP article, it is terribly easy. (There have been advances in cracking WEP since that article was published, it is even easier now) Yeah, WiFi is inherently insecure, but we need it... Right? Well if you ask your local security guy how you can protect your home WiFi network, surely they will come back and say: "WPA or WPA2 cannot be cracked, use it". They are wrong.
By simply installing a patch to your existing hardware, WPA came in as the "Saving Grace" for wireless networking. It corrected almost every security problem either created or ignored by WEP. However, WPA was not perfect. The method in which WPA initializes its encryption scheme is subject to capture and offline brute force attacks. Consequently, it's actually easier to crack WPA which uses a weak password than it is to crack WEP. This article will walk you through the process of retreiving and cracking a WPA network key.
If you see information here that you know is inaccurate, out of date, misleading, confusing, or just blatantly wrong, please let us know. Updates and corrections are reviewed and updated as they are received.
Disclaimer
I-hacked.com
does not take any responsibility with the information presented. Any
information provided on this site is not guaranteed in any way. Some
articles may discuss topics that are illegal, so this information is
provided for educational purposes only, use at your own risk. If you
blow up your car, home, computer, or anything else -- it's not our
fault, use good judgement and play nice.
I-Hacked just turned 10 and we want YOU to win.. How about a free entry to 
For those who don't know, TOR stands for the The Onion Router. TOR provides anonymous (FYI this differs from secure) access to the internet by bouncing your communications around a distributed
network of relays run by volunteers all around the world: it prevents
somebody watching your Internet connection from learning what sites you
visit, and it prevents the sites you visit from learning your physical
location. Tor works with many of your existing applications, including
web browsers, instant messaging
clients, remote login, and other applications based on the TCP protocol. (
