Tutorial: Create An Auto Hack USB Drive {via IronGeek}

13 10 2007

Hot off the presses from IronGeek (so you know its good):

Creating An Auto Hack USB Drive Using Autorun and Batch Files. By Dosk3n (Hacking Illustrated Series)

During 2005 Sony BMG was discovered to be including Extended Copy Protection (XPC) and MediaMax CD-3 software on music CDs. The software was automatically installed in the background onto users computers systems that used the autorun function to start running the CD. The software could hide itself from the computers process list in the same way a rootkit would. There was over 100 titles in total that included this “rootkit”. Using similar techniques we are going to use the autorun feature with a USB drive to run multiple hacking tools…

As part of IronGeek’s “Hacking Illustrated Series”, this tutorial is a video (by Dosk3n).  Go watch it over at IronGeek (pro tip – click the article title).  There’s even a download link so you can watch it at your leisure over and over again.

Big ups to IronGeek and DosK3n on the tutorial and the sweet sweet “turn their own weapons against them” intro.

Enjoy.





How To: Avoid Being “Tracked 100% of The Time” When Using P2P and Bittorent (Noob Friendly)

12 10 2007

According to researchers at UC Riverside, “use a blocklist or you will be tracked… 100% of the time“. That’s an awful statistic. It comes from an article found on Ars Technica, so you know its pretty darn reputable information. I recommend you read the whole article (already linked up there). However, here is a small excerpt:

Title: P2P researchers: use a blocklist or you will be tracked… 100% of the time
The old cliché “You’re not paranoid if they really are out to get you” turns out to apply quite nicely to the world of P2P file-sharing. A trio of intrepid researchers from the University of California-Riverside decided to see just how often a P2P user might be tracked by content owners. Their startling conclusion: “naive” users will exchange data with such “fake users” 100 percent of the time.

Sources: ARS TECHNICA via HACK THE PLANET rss

Basically, at the very least, you need to use a blocklist or you are gonna get ThomASS’d (aka sued). I can just imagine many users out there thinking, “What’s a blocklist? Where do I get one? How do I use it? OMG, OMFG, WTF DO I DO?”

CALM DOWN!!! JUST TAKE A DEEP BREATH, TMBBITW is here to help. And by help we mean, offer up some information. Below we will lay out some resources, links and downloads that, when used, will ease you worries.

Now, a blocklist in and of itself is simple, its a list. A list of IP addresses, and some IP ranges, that are known to be essentially bad. By “bad” we mean that those IP’s are people or machines that are either tracking what you are doing or passing data to you that you do not want. An application on your computer uses a blocklist to stop those IP’s from connecting to your computer. Are you getting that warm fuzzy feeling of being informed yet? Well, keep reading.

Here are the most basic blocklist/P2P safety resources:

  • P2PNet: The original daily p2p and digital news site. Always First!
  • Slyck: Great site to learn how to use P2P services safely.
  • PhoenixLabs: These guys have been creating blocklists since forever and they also run blocklist.org.
    • Created (Windows/Mac Only): Peerguardian (app that keeps your blocklists updated and integrates with your P2P app)
  • Blocklist Manager : A free utility to download, merge, sort, and export IP lists in a variety of formats.
  • Protowall: A free utility that blocks undesired connections, to and from your computer via blocklist.
  • Protowall Mods: Cleric’s Protowall Mods

Now you’re wondering what P2P or BitTorent clients should I use. See below:

  • Azureus: BT Client that can update its own blocklists.
  • uTorrent: Small fast BT client with great traffic encryption.
  • BitCommet: BT app, written in C++, best for people behind a school firewall. Encrypts packet headers. This is for those that can not use port forwarding.
  • LimeWire: P2P app using the Gnutella network, that is great for small files. However you will need Peerguardian or Protowall, because it does not natively support any ipfilter or blocklist.
  • FrostWire: Based on LimeWire Pro, a free open source app that comes with some linux distributions. Still need Peerguardian or Protowall.

At the very least, those two lists above contain all you need. Something to go all P2P with, and a way to use a blocklist. You can use peerguardian and uTorrent, or Azureus and set up its IPfiltering option, or if you’re all Gnutella is good BT is hard… you can use FrostWire and peerguardian. As you can see there are lots of options.

For the sake of speed: You will probably need to open a port, via your firewall application or router software, in order for uTorrent or Azureas to let connections in using DHT (distributed hash tables, google it). This WILL speed everything up alot.

So you’re all done, you can go out and not ever be tracked, right? Well, sort of. You are pretty safe. However, there are some applications that you can use to actually try and mask your real IP address. Its an extra measure of security instead of just keeping the bad IPs out. These are the best, free, anonymity apps out there:

  • TOR: The Onion Router – Can help to hide your IP.
  • Privoxy: Helps to secure TOR even more.
  • Putty: Telnet/SSH client that can be used to secure your traffic going out to a Tor node.
    • NOTE: Using Putty and Tor together is a pretty complicated process, so you may want to skip this. If you’re up to it, read this tutorial.
    • Thanks to dBlackshell here are two more links on proxies from InsaneSecurity: one and two
  • JAP: Java based anonymity app. Some like it better than TOR some don’t.

In order for the above applications to work, you need to configure your P2P or BT client to connect to the internet THROUGH them. Tor has great instructions for this on their site. You can also configure your browser to go through those anonymity apps. The big drawback here is loss of speed. Any proxy based application will slow down your internets. Its a trade off that’s totally up to you.

You MUST know by now that you will eventually need more information, but you are afraid. Why? Because search engines like google and yahoo keep tabs on what you are searching for. For anonymous searching use:

As one can see, there are alot of resources out there to TRY and make your P2P life safe from being tracked. However, as with anything you do on the net, you will never be 100% anonymous. Its like having sex, sure there’s no 100% effective safe sex, but a condom is damn close enough to let you go at it. Just remember to keep your lists updated as well as your software. Now go be safe.

Got questions? Post them in the comments. (Note: This needs some Major editing, cause it was late and I got too tired to finish polishing it up)

*TMBBITW does not condone or support illegal file sharing in any form. In fact, TMBBITW and its writers promote, and fully support, Free Open Source Software, legal DRM-free music, Open Music and all sorts of nice legal things. Things that keep programmers employed and running your internets and creating games and all that good stuff.




Tutorial: “Unlock” Your iPhone With SuperSim via Hackint0sh

6 08 2007

So far this hack is only reported to work in Europe.  Basically all you need is a blank SIM card and a SIM card reader/writer, oh and the instruction posted at the link below:

Tutorial: “Unlock” your iPhone with SuperSim – Hackint0sh

Sure its old news, but I just thought some peeps would like to know.





On: Tech Republic’s “10 Things You Can Do When Windows XP Won’t Boot”

1 08 2007

Tech Republic has a great little article, even if its a bit old, for those of us that need a little help when it comes to WinXP. The article, entitled “10 things you can do when Windows XP won’t boot” written by Greg Shultz, is just what it claims to be.  My article here will dive a little deeper into the instructions posted in Shultz’s article, including some insights of my own and some extra tools that might help.

To be perfectly honest, I have learned all I know about “Windows troubleshooting” from trial and error while poking around WinXP for shits n giggles.  This means that I made alot of self imposed of cock ups, wasted months of time, experienced hair pulling frustration, and had too many complete drive reformats and re-installations to number.  Hence the interest in this article for anyone out there, who doesn’t have the time or patience to dick around with Windows for hours on end.

Here’s a peek at Greg Shultz’s list of ten. (My Comments are in parenthases)

Source – Tech Republic

  1. Use a Windows startup disk (The article was written in ’06.  So replace “floppy disc” with USB stick, or any removable media that you don’t mind wiping clean to use as a boot device and “startup disk”, including a CD-R if you want to waste one.)
  2. Use Last Known Good Configuration (Ok, I dunno about you, but I have never seen regular old OEM PC, WinXP boot screen with this text on it, “Please select the operating system to start“.  Most OEM systems (PC’s like Dell, HP, anything that you didn’t build yourself) will start with a screen that shows their logo while the BIOS is telling your system what to do.  Usually in this screen, before you see the Windows Logo/boot screen, you get a logo in the center and some F# options, like F8, that you can use before the system executes the boot sequence set in the BIOS.  Note: Some OEM systems do have different selections for different buttons, but they will tell you what they do on the screen.  You will see them, the options, either in the upper right hand corner of the screen or at the bottom, usually in gray letters)
  3. Use System Restore (Note: Sometimes Ctrl-Alt-Del won’t work to restart your system, you may have to do a “hard restart” by holding down the “power button” either on your tower or wherever it is on your laptop, and hold it until the system powers down.  There may even be times when a hard restart won’t work, which means you are pretty screwed, the absolute last resort is to pull the power plug.  However, most modern PC’s will succumb to the hard restart.)
  4. Use Recovery Console (This is really just a start point for many of the following “Things You Can Do“, as there is no explanation of what to do after you get the recovery console started.)
  5. Fix A Corrupt Boot.ini (Note: Won’t work if you F’d up a GRUB bootloader by wipeing a partition without fixing the GRUB partition map first, a personal experience of mine.)
  6. Fix A Corrupt Partition Boot Sector  (The functionality of this one may depend on just how many partitions you have.  Windows doesn’t allow for more than 9 (I think), and if you have more than two OS’s… lets just say I had a problem with this one. GRUB problem can also screw this one up.)
  7. Fix A Corrupt Master Boot Record (Same problems as 5 and 6)
  8. Restore From Backup (In my opinion, this is your best option.  Of course, not all people regularly backup their systems with Norton Ghost or whatever back up software anyone likes.  However, even if you haven’t been backing up your windows partition, you can still retrieve information, or even copy whole partitions, with a live CD like UBCD, Hiren’s Boot CD, or even a linux distro like BackTrack2)
  9. Disable Automatic Restart (Damn good idea.)
  10. Perform An In-Place Upgrade (Also known as a repair install.  You might get full functionality back with this and you may not, but at least you will have access to your data.  Oh, and depending on how up to date your Windows XP install disc is, you might wind up having to re-update to SP2 as well as other updates that were applied that are not on your disc.  Note: The GRUB problem described before will also screw this up.)

*I mentioned a couple tools up there in my comments, I’ll supply links after the jump.

From what I can tell there doesn’t seem to be any order of which things you should try first when your XP won’t boot.  In my opinion your easiest point and click options, in the order of what you should probably try first, are numbers 2, 3 and 10.  Number 9 is really just a good thing to do.  Now if you are a bit more adventurous, or knowledgeable, you can try the other options.  Number one is really just to get access to your windows partition.  However, if the start disk works, you will know that the files you copied from another  system (boot.ini, NTLDR and ntdetect.com) are involved with the problem on your system AND that your MBR (master boot record) is probably ok.  So then you’ll wanna try fixing your boot.ini file, number 5 in the list, which requires that you know how to do number 4.  However, if your start disc from number one doesn’t work, then you will have to delve into numbers 6, 7 and 8.  Number 8, backup restore, is really a great way to go, if you have your system backed up, including your boot sector.  This is all hindsight, but its a good idea to keep a system backup handy on some sort of removable media.  One thing to think of when you first install Windows, or right after you get your new PC or laptop, is to partition your hard drive so that the core system files reside on the default partition “C” with the minimum possible size allowed for a WinXP.  This will make it alot easier to back up your core system, because that “C” partition will be ALOT smaller than say your whole hard drive, and only contain files that your system needs to run.  You can use the other partition/s as storage for documents, videos, whatever you want.  If you don’t have partition magic, you can use Parted Magic or Gparted on a live cd.  Lastly, if you don’t remember your Administrator password, which is fairly common, you can use Offline NT PW & Reg-Edit Bootdisk to reset the admin password to blank.

That’s all I have to say about that one.  Remember, for links and info on the tools I mentioned in this article follow the jump.  Happy troubleshooting!!

Read the rest of this entry »





Mac OS X Hacking: InfoSecSellout’s “Rape.osx” Worm and ExploitingiPhone.com “iPhone Exploits”

24 07 2007

If you haven’t read about the latest (as of 7.23.07) Mac exploit/s then you either don’t care or haven’t looked at the intarwebs lately. I’ll give you the short version, with LOTS of links:

Engadget is aflame with comments on their posts, so far THREE, about the alleged “rape.osx” worm that a group of hackers, who call themselves “InfoSecSellOut“, posted some hints about on their blogspot blog as well as a link to a securityfocus.com notice about the “worm”, oh and a hint that they want money for having created the worm. There’s been way too much drama to map out here (death threats much?!?!), but lets just say its gotten out of hand and TMBBITW is totally neutral, we’re strictly grey hat and ALL homegrown Linux. No plans to release the code for the rape.osx worm have been revealed, not even a little bit.
HackZine has a little blurb up about a video that has popped up on www.exploitingiphone.com, which is really a redirect to a slashed Independent Security Evaluators URL. Obviously, ISE has an iPhone exploit on their hands, however they have notified Apple and have some good info up. There’s a truncated white paper out and they plan to reveal their code on August 2nd, at the Black Hat convention in Vegas.

For the Windows folks out there, you haven’t been left out. A win32 version of Safari was released, but hacked in ONE day.

And that’s everything in a nutshell since last wednessday. Now I’ll go on to explain all the information I could gather on all of these, what we like to call, Mac Hacks.

ALL of the malware/exploits/worms/whatever you wanna call them are executed via Safari. That means all three versions (mobile, desktop and Win32).

First is the most interesting, the iPhone exploit. Basically ISE has done a buttload of work, not to mention a bang up job creating this:

If you read the white paper that they have on their site, which is pretty exhaustive, you’ll find out the level of knowledge that this hack took to find and make into a shell script.

Here’s how they started, and what will probably be THE way to find new exploits for the iPhone:

Using jailbreak and iPhoneInterface, the binaries can be extracted from the device and statically analyzed, using a disassembler. Additionally, since the MobileSafari and MobileMail applications are based on the open source WebKit project, a source code audit of that package can be performed. Finally, dynamic analysis, or fuzzing, can be executed against the device. This involves sending malformed data to the device in an effort to cause a fault and make it crash. Such fuzzing can be performed against applications such as MobileSafari or against the WiFi or BlueTooth stack. (you can download the tools mentioned in the above excerpt by clicking on them, as for fuzzers and debuggers just use BACKTRACK and DBG)

NOTE: For a quick tut on how to “activate” an iPhone go HERE: http://www.pqdvd.com/blog/iphone/category/unlock-iPhone/

Get the one click “unlock” kit, via DVD Jon, for yer iPhone HERE: http://therealdonquixote.files-upload.com/393766/iphoneunlocktoolkit.zip.html

Now this is where it gets a bit tricky:

[...] in order to view memory and discover the way the execution flows in the application. However, in this case we were able to utilize the Mac OS X crash reporter. This daemon runs and monitors any programs for crashes. When one is detected it records a log of the crash, including relevant register values. These reports can then be transported to a desktop computer when syncing. The crash reports can also be downloaded directly off the iPhone using jailbreak and iPhoneInterface. While the CrashReporter provides register values and basic memory mapping information, it does not include direct access to the memory. In order to obtain this crucial information, it is possible to modify the iPhone in such a way that the applications will dump core files when they crash. This is accomplished by adding the file /etc/lauchd.conf containing the line “limit core unlimited”
to the iPhone using iPhoneInterface. Core files can be retrieved off the iPhone from the /cores directory, again using iPhoneInterface.

In order to generate valid opcodes for the iPhone, we first installed a Linux x86 to ARM cross compiler. This would compile our ARM assembly to bytecode which we could then extract into shellcode. Besides not having a debugger, developing iPhone shellcode also presented other challenges. Since we didn’t have access to an ARM processor with a debugger, we had absolutely no real way to test the shellcode besides trying it and using the core files obtained.

That’s pretty much where I gave up on trying to go at this on my own. ISE actually has two hacks for the iPhone where one collects data and the other can actually make your phone do whatever they want, dial, ring whatever. That’s all I got, but anyone is welcome to give iPhone hacking a whirl. All the files are linked up there.

Now on to InfoSecSellOut’s “Rape.osx”. To start it is supposed to be a worm which is deployed via Safari. From what securityfocus.com says, it seems to be based on mDNSresponder (yes, click to download). All that I can find out about it is that ISSO (InfoSecSellOut) was able to download a text file using their exploit. However, in reading the white paper for the iPhone hack, I saw that the real problem with Mac OS X (pick one) security is that all applications are run as “root” or with “admin” privilages. So that means that once you are in a Mac OS X machine, you can do whatever you want.

NOTE: Many linux OS’s use mDNSresponder as well, so be on the lookout. However, most people do know not to login as root on their linux machine, right?

I have no code, no apps, nothing on rape.osx other than the code for mDNSresponder. I do have some code for the first Mac virus, the Leap.A virus, as well as some other info I gathered in order to further the purposes of writting worms/viri/malware for Mac OS X.

DOWNLOAD HERE: MAC_osX_Malware_Data_Sourc_codes_papers..zip

The file contains the following:

macosxhacklist

As for the Win32 version of Safari, what were people thinking?!?!? Porting, what is essentially an open source Mac app to Windows? Yeah, no one is going to hack that. Stick to FireFox with all the JS, Flash, AD, PopUp, bad shit blocking extensions that you can shake a stick at.

And that’s all she wrote for now folks.

Keep on keepin on hackers of all hats. I’ll keep you updated.

*Sources – Noted and linked throughout the article, accepting VX CHAOS FILE SERVER where I get ALL my super sweet viri source codes and all the best viri, malware, trojans, RATs, you name it and AZAG has got it!!





16 Ways To Get Fired, And How To Avoid Them (Office 2007 Edition)

23 06 2007

After reading 11 Causes and Cures for Procrastination over at johnplaceonline.com, I thought it might be helpful to write a small list of things that seem to piss people off at the office and how to avoid them.  I know it may seem unprofessional to say “piss people off” in a fairly professional article on how not to get fired, but its the only phrase that seems to capture the idea with any accuracy.  So, please forgive the language, because it was indeed pertinent to the article.

Getting yourself “fired” from an office bureaucracy is actually kind of hard to do these days.  No one wants to go through all the paper work and red tape that it takes to get someone terminated with cause, but it can be done with the greatest of ease if you really piss people off.  You can be the most worthless employee since that guy who has an IQ of 80 and not get fired, but piss people off and you WILL get fired.  You’d be amazed at the extent a company will go in order to get you GONE, just for being a bit of a nuisance to the wrong person.

This list may seem trite or even funny, but its not a joke.  All of these “ways to get fired” have been tested and combined with the result of termination.  I am making this list as much for some old friends of mine as for myself or anyone.  I hope it can help.

16 Ways To Get Fired, And How To Avoid Them:

  • Sitting In Weird Positions at Your Desk/Cube: Sit like a “normal” person and people will not notice you.
  • Looking “Bored” at Meetings/In General: Sit up straight, walk tall and take notes.  Doesn’t matter what everyone else is doing, you are trying to escape being singled out.
  • Wearing Headphones/iPod While Walking Around:  Only wear headphones at your desk if its even politically OK at your office.
  • Asking Questions When People Say “Any Questions?”: Just keep you trap shut.  Everyone wants out of the meeting/presentation ASAP and the higher ups don’t like to be questioned.
  •  Animated GIFs in Your Email Signature: Don’t even think about it.  You have no idea what people can be offended by and they make the email’s larger in size which fills up Windows Exchange servers in minutes.
  • Using The ‘Net Send’ CMD To Say “Hello World” To Everyone in Your Network’s Domain:  It’s fun, but it is just a bad idea.  However, in hindsight its hilarious, of course you’ll be fired by then anyway.
  • Coming In Late:  Always be on time and call before you are supposed to be there if you are going to be UNAVOIDABLY late.  People hate waiting and someone is always watching/waiting.
  • Frequently Calling In Sick:  Yes you are allowed to be ill every once in a while, but all those sick days you accrued aren’t for frivolous use.  People get all weird if you are sick alot, even if you have a legitimate illness AND a doctor’s note in with HR.  You have to be visibly reliable or else you run the risk of being labeled as the opposite.
  • Calling in Sick…Two Hours Late: Not a good idea.  If you even think you are probably going to be sick, call the night before.  Oh and calling in sick does NOT make up for having slept in.
  • Taking 2 Hour Lunches/Naps In Your Car:  You may very well need that nap in the car, but someone is always watching you and you WILL eventually get caught.
  • Automating ALL Your Repettitive Tasks, Then Goofing Off:  Even if you have all your work done, do SOMETHING to look busy.  They’re still watching.  I once read that you should carry a piece of paper wherever you are walking just to look like you are going somewhere.
  • Saying “I’m Bored”: Even if you have all your work done, just never say this out loud or write it down.
  • Wearing an Eye Patch, or Getting A “FauxHawk”: Just don’t.  Trust me on this one.
  • Writting “KILL” As Many Times As You Can In Your Meeting Notebook:  Even if you hide secret “happy messages” in the giant list of “KILL”, its not funny to anyone else.  Yes they are YOUR notes, but people can see them and tell on you.  No “Tic Tac Toe” either.  Sorry.
  • Reading a Book At Your Desk:  Even if its a programming book that will help you save the company millions of dollars, people want you to look like you are working on COMPANY work.  If need be, take the book home and finish your code there.
  • Asking Anyone to “Back You Up”:  This is a persons JOB you are putting on the line here, even if you really are in the “right”, that’s what people will see it as.  No one has your back.  First rule of business, “Cover Thine OWN Posterior At All Times”.

If your wondering, yes I know the people who did these acts and which combinations got them fired, a few have high paying office jobs right now after recovering from getting fired.  You also may notice that I use the phraise “someone is always watching YOU” several times.  That’s because its true.  Even if you don’t know it, somebody hates you at your office.  They hate you and they are watching you ALL THE TIME, just so they can tell “the boss” or a high powered friend about how much YOU piss them off and why.

Its all horribly true.  You may feel like you can’t be YOU at the office after reading this, but you can.  The key is to stay off everyone’s radar.  If your cube is in a high traffic area, try to get moved.  If you need to express yourself, do it with office toys and other knick knacks that stay in your cube and don’t offend or bother anyone.  If you get bored, that means you need a better challenge, perhaps a bigger assignment or task bosses love people who ask for a bigger chunk of work.  It may also be time to move on to a new job.  Who knows, your dream job may be just around the corner, but you can’t get that dream job while trying to collect unemployment insurance.  Jobs are like houses or girlfriends, you don’t want to lose your current one until you have another one in your grasp or at least in your sights, and you never want to leave the old one in a poor disposition.  You never know who you’ll wind up needing in the future.

Playing along with the political games that go on at the office, or “playing ball”, may seem like a waste of energy and time, probably because these games are wastes of time and effort, but they must be paid lip service at the least.  “Playing ball” is the equivalent of cleaning your toilet at home, it sucks big time, but it has to be done in order for life to move on.

One last thing, turn your IM notification sounds OFF!





How To Hack A Voting Machine In 60 SECONDS!!!! (VIDEO)

13 06 2007

This vid posted on youtube by stemcomputerssuck, shows you how to replace the ROM (aka Read Only Memory) of a voting machine, like the ones you are going to use to vote against the GOP reign of terror. This isn’t the first hack we’ve seen for voting machines, but its the first I’ve seen done in 60 (SIXTY) FRIGGIN SECONDS!!!

NOTE: One commenter said that you could speed the physical hack up with an electric screw driver. I agree, as long as you keep everything grounded to avoid any electrostatic shocks, it could be done even faster!!

Here’s the little bit of description that stemcomputerssuck left with the vid:

A detailed technical analysis of this e-voting machine can be found on http://www.wijvertrouwenstemcomputers…

But don’t worry, you’re perfectly safe. We have top men working on becoming completely apathetic towards US politics as I type!!

evil banana








Follow

Get every new post delivered to your Inbox.

Join 45 other followers