Wednesday, December 23, 2009

configure: error: cannot check setpgrp when cross compiling

DOH!!!! ... Cross-Compiling always always sucks because you almost never know the exact flags you need. Sure you have some idea, but there tends to always be that one little thing that trips you up. Sadly sometimes the only way to bypass it is to modify the source.... NOT THIS TIME! lol

I found this nifty little command buried under about 5 google pages :p

ac_cv_func_setpgrp_void=yes

And yes one of my new years resolutions is to start posting more!

Thursday, December 3, 2009

Metasploit and Wifi - Lorcon Driver

Metasploit doesn't come pre-configured so that your wifi card will automatically work. I made the mistake earlier in thinking that it did .. foolish of me i know. Guess im paying for all those years with windows. Anyways here are the steps you need to get it up and running.

cd /tmp
svn co https://802.11ninja.net/svn/lorcon/trunk/ lorcon
"press p here"

cd lorcon
./configure
make
make install
cd ..
rm -rf lorcon

cd /pentest/exploits/framework3/external/ruby-lorcon2
ruby extconf.rb
make
make install

cp /usr/local/lib/liborcon2-2.0.0.so /usr/lib/

The last command had me a little stumped because ruby-lorcon was working fine, but by checking the paths i was able to figure it out rather quickly.

Thursday, November 19, 2009

NSA is down?

There is this really cool article about cyber-warfare here

So i went to look up some info on nsa.gov and guess what .. site is down. 0.o

I think thats rather interesting considering the FAA problems that are taking place today. Makes you wonder if the networks are interconnected, and what actually is bringing them down if they are.

FAA - Hacked?

Was getting some coffee when i saw a "breaking news report" about faa computers being down.

Linky

So im wondering if its just a glitch or if someone decided to give the a POC on the house. Cant say they weren't warned.

Linky

Tuesday, November 10, 2009

SQL Injection via Credit Card Magnastrip

I just finished reading this AMAZING pdf about Gift Card attacks. "complete doco here"

As with everything the beauty is in the details so let me just copy a small little passage that really peaked my interest.


In summary, it would not be possible to modify the card balance by altering the track data, as the balance value is not stored on the card. However, there are other types of attacks where it might be possible to change the card’s balance by tampering with the track data, even when the card’s balance is not stored on
the track data.

An attacker could exploit weaknesses within the system by inserting malicious SQL statements that update the card’s balance in the back-end DB servers when an online transaction is performed; i.e. when a gift card is swiped at a retail POS terminal.


I sincerely hope the major credit card company's are wise enough to update there Oracle boxes.

mysql> SELECT * FROM CARDS WHERE CARD_NUMBER = 1;UPDATE CARDS SET BALANCE=999 WHERE CARD_NUMBER=633780558663425245;#;

Google's gift: Free MITM attacks at 47 airports

So i just read that google is going to be sponsoring free wifi in 47 of the nations airports until Christmas Link. That got me thinking of what "essentials" i would be taking with me if i was planning a trip this Christmas.

2 alpha antennas
aircrack-ng
tcpdump
sslstrip or some of the new poc ssl code
and mdk3

For those of you who are clueless to this sort of thing allow me to spell it out. You locate a legit "Google Free WiFi" network. Load up your spankin new copy of Backtrack and connect to it, at the same time you open airbase-ng and make a FakeAP with the same name tunneling all traffic through sslstrip/tcpdump "or whatever else you use" Then just use mdk3 to deauth all clients from legit AP's forcing them to connect to yours.

Seriously it would take less than 10min to setup if i was to do it now and thats only because i haven't used aircrack-ng in so long.

Also let us not forget a few other things.

1. Allot of business people pass through airports on a daily basis, which means plenty of "high profile targets"

2. Its the holiday season and that means people have other things on there mind, and also it raises the possibility of CC purchases.

3. I haven't even mentioned the possibility of Meta / db_autopwn or even browser injection and other more advanced tools.

Monday, November 9, 2009

Free Microsoft Mouse!

Yes the title is correct, fresh outta the hospital "damn swine flue" and the first thing i do is get myself a free mouse. Well this one isnt exactly free since i did at one point pay for it but here is a rather easy way to get one 100% free.

For legality reasons im going to say everything below is strictly theory, with that outta the way...

First you need to scrounge up $50-$100 bucks "ya mice are expensive" then drive to the local Best Buy, Walmart or wherever you like. Pick yourself out a fancy new mouse, in fact you can even get one with a keyboard. The only thing you really need to be mindful for is the fact that its microsoft. Now when you check out BE SURE TO KEEP THE RECEIPT!

Once you get home grab your phone, and give this number a call 1-(800)-360-7561 explain to them that you purchased the mouse about 3-4 months ago and its not working correctly. Just make sure you say its more than 30 days and less than the "made on date". Be nice and mention that you still have the reciept and package and youll be more than willing to mail it back if they need you to. Now you dont have to say that but its nice as it removes almost any doubt from there head that your legit. They will ask for a serial number so just act dumb and let them tell you where to find it. After you give it to them, aswell as your address your good to go. I managed to get mine within 2-3 days after the call.

After you hang up feel free to go ahead and take the one you purchased back for a refund. Just say it wasnt the one you thought it was, or that it makes your hand cramp when using it.

Last but not least, enjoy your free mouse.

Thursday, November 5, 2009

ssh cheat sheat

Allot of stuff i do involves ssh, in fact if i had to choose it would be 'ssh > vpn' .. so awhile ago when i was still learning i wrote this up to help me remember it all.

ssh uname@hostorip.com -p 22
will get you connected to your sshd box

ssh uname@hostorip.com ls
will run the command "ls" once you login on your sshd box

ssh -L 8080:google.com:80 uname@hostorip.com
will tunnel port 8080 on YOUR pc to port 80 at google.com through your remote box running sshd

ssh -R 8080:localhost:80 uname@hostorip.com
will redirect port 8080 on your sshd box to port 80 on your sshd box "great if you want to host a site and mask it with your remote"

ssh -D 2000 uname@hostorip.com
will create a socks5 proxy on your local box and tunnel all traffic through your sshd box "its a great web proxy"

ssh -D 192.168.1.100:2000 uname@hostorip.com
will bind the socks5 to whatever address you give it rather than the default local host, this is nice so you can access it from other comps in your internal net "also the -R and -L flags work the same way"

scp /root/textfile.txt uname@hostorip.com:/root/newtextfile.txt
this will transfer textfile to your sshd box

scp -r /root/directory uname@hostorip.com:/root/newnewdir
this will transfer a whole directory

scp uname@hostorip.com:/root/testfile.txt /root/newtext.txt
this will transfer testfile from the sshd box to yourself

ssh -X uname@hostorip.com
will forward any X window over ssh, once your in just do "startx"

And with that i should probably start writing my ssh guide that ive been meaning to do.

Saturday, September 5, 2009

Ahhh the first post.

First postings always suck no matter what your doing. Sure i could probably create a bunch of crap by coping over a bunch of other peoples work, but really what fun would that be?

So here it is the first shiny new post to my crappy blog.