“Stop Dressing Your Six Year Old Like a Skank.”

29 10 2007

LiveLeak.com – New Book:

“Stop Dressing Your Six Year Old Like a Skank.”

This is officially friggin awesome.  While we’re at it, I’d like to add, “Stop Dressing Your Kid In Designer Clothes.” and “Babies DO NOT Give a Crap About What They Wear.”

I heart whoever wrote this book.





AllUc.org – THE Place To Watch All Your Favorite TV Shows & Movies. FREE!!

22 10 2007

If you haven’t heard of it yet, you will. allUc.org is THE place to find all your favorite TV Shows, Cartoons, Movies, Music Videos, Sports Videos and more for FREE!! Just imagine, no more fiddleing with bittorrent or usenet, all your video needs are just a click away where you can watch anything online completely free of charge AND free from the long arm of the law.

Take a look at a little sample of their links:

Cartoons Shows Anime Movies Music Sport Docu
Southpark Friends Yu Gi Ho 13 going on 30 Eminem High Stakes Poke.. Ross Kemp on gan..
Family Guy America\’s Next .. Pokemon Blow Justin Timberlake WrestleMania 23 Episodes
Simpsons, The Sex Guide (Must .. Naruto Simpsons Movie, .. Christina Aguile.. High Stakes Poke.. HBO: Thin (2006)
Justice League Prison Break Yu Gi Ho GX Talladega Knights Pussy Cat Dolls Slam Dunk Contest Dark Side of Por..
Futurama Peep Show FullMetal Alchem.. A walk to rememb.. Cascada Funny Moments Skinheads USA: S..
Banned Cartoons Scrubs Dragon Ball Z Number 23, The Beyonce World Series Of .. 2012 – The Futur..
X-Men Evolution CSI Yu Yu Hakusho Superbad Linkin Park Greatest Fights Secret Societies

And that’s just the tip of the iceberg. AllUc.org aggregates ALL this video content (copyright or not) via members submitting links. Its quite a novel idea because AllUc is at least twice removed from any liability for any of those pesky legal issues related to posting copyrighted material on the net. They sum this up best in their disclaimer:

Disclaimer

The author is not responsible for any contents linked or referred to from his pages – If any damage occurs by the use of information presented there, only the author of the respective pages might be liable, not the one who has linked to these pages.
Allfg.org and Alluc.org doesn’t host any content

All Allfg.org/Alluc.org does is linking to content that was uploaded to popular Online Video hosting sites like dailymmotion.com/Youtube. All youtube/dailymotion users signed a contract with the sites when they set up their accounts wich forces them not to upload illegal content. By clicking on any Links to videos while surfing on Allfg.org you leave Allfg.org, Allfg.org cant take the responsibility for any content hosted on other sites.

Its brilliant!! Now go there and watch some free anything.

Big ups to the peeps over at allUc.org and their generous members.





Tutorial: Create An Auto Hack USB Drive {via IronGeek}

13 10 2007

Hot off the presses from IronGeek (so you know its good):

Creating An Auto Hack USB Drive Using Autorun and Batch Files. By Dosk3n (Hacking Illustrated Series)

During 2005 Sony BMG was discovered to be including Extended Copy Protection (XPC) and MediaMax CD-3 software on music CDs. The software was automatically installed in the background onto users computers systems that used the autorun function to start running the CD. The software could hide itself from the computers process list in the same way a rootkit would. There was over 100 titles in total that included this “rootkit”. Using similar techniques we are going to use the autorun feature with a USB drive to run multiple hacking tools…

As part of IronGeek’s “Hacking Illustrated Series”, this tutorial is a video (by Dosk3n).  Go watch it over at IronGeek (pro tip – click the article title).  There’s even a download link so you can watch it at your leisure over and over again.

Big ups to IronGeek and DosK3n on the tutorial and the sweet sweet “turn their own weapons against them” intro.

Enjoy.





Kevin Everett moving legs… kicks cop?!?! (Video)

5 10 2007

Oops wrong guy…

LMFAO

Vodpod videos no longer available.

from www.youtube.com





The Most Popular YOUTUBE Video EVER!1!1!!!

26 07 2007

Well, here it goes…

Hmpf, and I thought it was gonna be porn… But this’ll do.

Anybody wanna impeach ALL the members of the most horrible administration in US history?

What’s that you say? Too apathetic?

Me too. //**eagle tear**//

follow the jump for more… Read the rest of this entry »





Mac OS X Hacking: InfoSecSellout’s “Rape.osx” Worm and ExploitingiPhone.com “iPhone Exploits”

24 07 2007

If you haven’t read about the latest (as of 7.23.07) Mac exploit/s then you either don’t care or haven’t looked at the intarwebs lately. I’ll give you the short version, with LOTS of links:

Engadget is aflame with comments on their posts, so far THREE, about the alleged “rape.osx” worm that a group of hackers, who call themselves “InfoSecSellOut“, posted some hints about on their blogspot blog as well as a link to a securityfocus.com notice about the “worm”, oh and a hint that they want money for having created the worm. There’s been way too much drama to map out here (death threats much?!?!), but lets just say its gotten out of hand and TMBBITW is totally neutral, we’re strictly grey hat and ALL homegrown Linux. No plans to release the code for the rape.osx worm have been revealed, not even a little bit.
HackZine has a little blurb up about a video that has popped up on www.exploitingiphone.com, which is really a redirect to a slashed Independent Security Evaluators URL. Obviously, ISE has an iPhone exploit on their hands, however they have notified Apple and have some good info up. There’s a truncated white paper out and they plan to reveal their code on August 2nd, at the Black Hat convention in Vegas.

For the Windows folks out there, you haven’t been left out. A win32 version of Safari was released, but hacked in ONE day.

And that’s everything in a nutshell since last wednessday. Now I’ll go on to explain all the information I could gather on all of these, what we like to call, Mac Hacks.

ALL of the malware/exploits/worms/whatever you wanna call them are executed via Safari. That means all three versions (mobile, desktop and Win32).

First is the most interesting, the iPhone exploit. Basically ISE has done a buttload of work, not to mention a bang up job creating this:

If you read the white paper that they have on their site, which is pretty exhaustive, you’ll find out the level of knowledge that this hack took to find and make into a shell script.

Here’s how they started, and what will probably be THE way to find new exploits for the iPhone:

Using jailbreak and iPhoneInterface, the binaries can be extracted from the device and statically analyzed, using a disassembler. Additionally, since the MobileSafari and MobileMail applications are based on the open source WebKit project, a source code audit of that package can be performed. Finally, dynamic analysis, or fuzzing, can be executed against the device. This involves sending malformed data to the device in an effort to cause a fault and make it crash. Such fuzzing can be performed against applications such as MobileSafari or against the WiFi or BlueTooth stack. (you can download the tools mentioned in the above excerpt by clicking on them, as for fuzzers and debuggers just use BACKTRACK and DBG)

NOTE: For a quick tut on how to “activate” an iPhone go HERE: http://www.pqdvd.com/blog/iphone/category/unlock-iPhone/

Get the one click “unlock” kit, via DVD Jon, for yer iPhone HERE: http://therealdonquixote.files-upload.com/393766/iphoneunlocktoolkit.zip.html

Now this is where it gets a bit tricky:

[…] in order to view memory and discover the way the execution flows in the application. However, in this case we were able to utilize the Mac OS X crash reporter. This daemon runs and monitors any programs for crashes. When one is detected it records a log of the crash, including relevant register values. These reports can then be transported to a desktop computer when syncing. The crash reports can also be downloaded directly off the iPhone using jailbreak and iPhoneInterface. While the CrashReporter provides register values and basic memory mapping information, it does not include direct access to the memory. In order to obtain this crucial information, it is possible to modify the iPhone in such a way that the applications will dump core files when they crash. This is accomplished by adding the file /etc/lauchd.conf containing the line “limit core unlimited”
to the iPhone using iPhoneInterface. Core files can be retrieved off the iPhone from the /cores directory, again using iPhoneInterface.

In order to generate valid opcodes for the iPhone, we first installed a Linux x86 to ARM cross compiler. This would compile our ARM assembly to bytecode which we could then extract into shellcode. Besides not having a debugger, developing iPhone shellcode also presented other challenges. Since we didn’t have access to an ARM processor with a debugger, we had absolutely no real way to test the shellcode besides trying it and using the core files obtained.

That’s pretty much where I gave up on trying to go at this on my own. ISE actually has two hacks for the iPhone where one collects data and the other can actually make your phone do whatever they want, dial, ring whatever. That’s all I got, but anyone is welcome to give iPhone hacking a whirl. All the files are linked up there.

Now on to InfoSecSellOut’s “Rape.osx”. To start it is supposed to be a worm which is deployed via Safari. From what securityfocus.com says, it seems to be based on mDNSresponder (yes, click to download). All that I can find out about it is that ISSO (InfoSecSellOut) was able to download a text file using their exploit. However, in reading the white paper for the iPhone hack, I saw that the real problem with Mac OS X (pick one) security is that all applications are run as “root” or with “admin” privilages. So that means that once you are in a Mac OS X machine, you can do whatever you want.

NOTE: Many linux OS’s use mDNSresponder as well, so be on the lookout. However, most people do know not to login as root on their linux machine, right?

I have no code, no apps, nothing on rape.osx other than the code for mDNSresponder. I do have some code for the first Mac virus, the Leap.A virus, as well as some other info I gathered in order to further the purposes of writting worms/viri/malware for Mac OS X.

DOWNLOAD HERE: MAC_osX_Malware_Data_Sourc_codes_papers..zip

The file contains the following:

macosxhacklist

As for the Win32 version of Safari, what were people thinking?!?!? Porting, what is essentially an open source Mac app to Windows? Yeah, no one is going to hack that. Stick to FireFox with all the JS, Flash, AD, PopUp, bad shit blocking extensions that you can shake a stick at.

And that’s all she wrote for now folks.

Keep on keepin on hackers of all hats. I’ll keep you updated.

*Sources – Noted and linked throughout the article, accepting VX CHAOS FILE SERVER where I get ALL my super sweet viri source codes and all the best viri, malware, trojans, RATs, you name it and AZAG has got it!!





The Picard Song!!

19 07 2007

And now for something completely different!!

Which one do you prefer??

LMFAO

Ah, that made my day.