I-Hacked.com syndication http://www.i-hacked.com Fri, 20 Nov 2009 21:59:25 +0100 FeedCreator 1.7.2 http://www.i-hacked.com/images/M_images/joomla_rss.png http://www.i-hacked.com I-Hacked.com syndication http://www.i-hacked.com/content/view/285/42/ Cracking WEP article (http://www.i-hacked.com/content/view/231/42/), it is terribly easy. (There have been advances in cracking WEP since that article was published, it is even easier now) Yeah, WiFi is inherently insecure, but we need it... Right? Well if you ask your local security guy how you can protect your home WiFi network, surely they will come back and say: WPA or WPA2 cannot be cracked, use it . They are wrong.By simply installing a patch to your existing hardware, WPA came in as the Saving Grace for wireless networking. It corrected almost every security problem either created or ignored by WEP. However, WPA was not perfect. The method in which WPA initializes its encryption scheme is subject to capture and offline brute force attacks. Consequently, it's actually easier to crack WPA which uses a weak password than it is to crack WEP. This article will walk you through the process of retreiving and cracking a WPA network key. Computer Components - Video Cards Tue, 04 Aug 2009 22:59:25 +0100 http://www.i-hacked.com/content/view/284/2/ Yes, it is that time again -- Defcon17 is quickly approaching. If you have been following my twitter stream (http://twitter.com/hevnsnt) you already know that I have been down in the CCCKC hackerspace (http://cowtowncomputercongress.org) Caves working feverishly to finish some toys/gadgets/hackerstuffs before we leave.If you plan on being at Defcon this year, try to find either myself (hevnsnt) or Surbo.. We will be posting out locations via twitter, so make sure you are following ihacked (http://www.twitter.com/ihacked) on twitter because Good things come to those who follow i-hacked . :)I-Hacked will be co-hosting an INVITE ONLY party with the PaulDotCom crew (http://pauldotcom.com) in Skybox 207 on SATURDAY AUG 1st. The party starts immediately after the Podcaster's Meetup (http://podcastersmeetup.com), which I suggest you check out as well. (there is some awesome prizes being given away -- so you might as well hit that first anyways)Also this year our very favorite DJ, DJ Great Scott (http://djgreatscott.com/), has somehow managed to finagle his way to being in charge of the music this year, if you have not already checked out the set-list (http://defcon.org/html/defcon-17/dc-17-dj-info.html), it is looking SICK. I look forward to seeing you all in Vegas!-Bill (hevnsnt) News - Latest Mon, 27 Jul 2009 19:16:10 +0100 http://www.i-hacked.com/content/view/283/48/ People go crazy for free stuff. When you shoot it at them they love it even more. After a couple trips to the local Home Improvement Store you too can build this DIY Compressed Air T-shirt Cannon and launch t-shirts, hot dogs, or really any else you can fit it the 3 wide barrel at your friends and neighbors. Or take it with you the next time you go to The Big Game and shoot the T-Shirts BACK at the cheerleaders! Now that's Team Spirit! (Don't blame me if you spend the entire game in the Police station explaining exactly what your intentions where)Features of this model:Interchangeable Barrels!Multi-Sources for compressed air (CO2 or Bike Pump)Lots of safety features! (Multiple ball valves, and a safety release valve)Oh, yeah please be responsible -- dont hurt anyone Misc - Random Stuff Thu, 23 Jul 2009 17:44:28 +0100 http://www.i-hacked.com/content/view/282/42/ PaulDotCom Security Weekly (http://pauldotcom.com) have this thing for wireless of all kinds. Wireless cards, cables, antennas, 802.11, RFID...the list goes on. Always on the lookout for something neat and useful they found the Asus EEE line of netbooks. They are small, usually feature Atheros wireless cards, and have a huge modding community. The small form factor is also something that works well for wireless assessments, whether covert or sanctioned. The size is conducive to easy transport in a small space or as a second laptop while traveling. To those aims, the Asus 4G Surf (http://usa.asus.com/products.aspx?l1=24&l2=164&l3=0&l4=0&model=2006&modelmenu=1) (amongst others in the EEE family (http://usa.asus.com/products.aspx?l1=24&l2=164)) works well, however the small internal wireless antennas don't offer much flexibility or range. We need to take some cues from the EEE modding community and extend the hardware to support a better antenna. So, here's how to add an external RP-TNC antenna connector to the Asus EEE 4G Surf. Computer Components - Networking Tue, 07 Jul 2009 23:59:05 +0100 http://www.i-hacked.com/content/view/280/42/ This paper is written to introduce you to the design and theory of how a Structured Exception Handler (SEH) exploit can be written to target a Windows host. We use the buffer overflow vulnerability in the ESF EasyChat Server software as a detailed example of this exploit type. While the paper attempts to cover the topics for those new to writing exploits, it still makes some assumptions about the reader's related experience. For instance, the paper does not go into detail about how to write assembly code and how it is used for shellcode as the exploit payload. It also does not talk about the difference between hexadecimal and decimal number systems which is required to understand many of the numeric values used throughout the document. Here is a list of topics you should be familiar with before continuing to read this paper: ➢ Hexadecimal number system ➢ Basic understanding of how Assembly language is used ➢ Basic understanding of Assembly Opcode Mnemomics ➢ Understanding of memory pointers ➢ General idea of memory registers and their use ➢ Some experience with writing program functions of any language Likewise there are some requirements that you will need should you want to complete the exercise. I highly suggest that you finish the exercise, as this will solidify a lot of the concepts that are discussed. You will need: ➢ A WindowsXP SP1 machine (Virtual Machine is Ok) (Victim) ➢ Ollydbg (http://www.ollydbg.de/download.htm) installed on XP SP1 box ➢ OllySSEH (http://www.openrce.org/downloads/details/244/OllySSEH) Ollydbg Plugin installed on XP SP1 box ➢ ESF EasyChat Server 2.2 (http://www.echatserver.com/) (Free)➢ Another machine with Python (http://www.python.org/download/) installed. (can be any os) (Attacker) One of the most important concepts to understand when writing functional exploits is that they are the result of a software bug. If all programs were perfectly written such that there were no flaws, there would be no vulnerabilities to exploit. In many cases, an attacker may be able to cause a program to crash due to insufficient error checking within the program. Causing the program to crash would be considered a Denial of Service (DOS) attack. However, causing a DOS condition in a program does not mean it can be fully exploited, but it does indicate that it could be possible. While there are several different types of attack vectors available to create a fully functional exploit, there are many cases where the conditions of the program or environment do not provide a viable exploit using any of the known vectors. This article is written with the assumption that an SEH attack vector is possible in the target software, and it is important to understand that this vector may not always be present in other vulnerable software. Before we get started, take note that we will be mostly discussing the operation of two different software routines that are running simultaneously. One routine will be the vulnerable software program and it's supporting function libraries that we are attempting to corrupt. For us, this first routine will be the EasyChat server software. The second routine is the Windows system exception dispatcher which constantly runs waiting for an error condition to occur. The dispatcher routine attempts to handle any exceptions (errors) that may occur in the first routine (EasyChat). As we go through this paper, try to keep these two routines separate in your mind. Computer Components - Software / Internet Fri, 03 Jul 2009 01:43:31 +0100