Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - grap3_ap3

Pages: [1] 2
1
General Discussion / Looking for some input on VPN/VPS services
« on: November 18, 2013, 08:58:52 pm »
So I'm always doing some form of research or another and recently I've come across the need and desire to find a new VPN and/or VPS service. I've been looking around to compare several providers but was curious who here has used one or some and what your thoughts are- are they worth the expense? Are they trustworthy? Are they pricey?

As always, your input would be greatly appreciated.

2
General Discussion / So what are you up to?!
« on: November 18, 2013, 08:55:51 pm »
Hey guise!

Been a while since I've been active here, life has kept me pretty busy and pushing myself to advance my skills. I see that activity has slowed which makes me a little sad because Connection is a hell of a d00d and this community is one of the best I've ever found!

Let's revive it. What are you up to? What are you working on? What have you learned recently? Hopefully we can get some good conversation going and revive the creative juices of the membership!

Looking forward to hearing from you!

3
So first let me say that this is NOT my paper. Also, note that it's kinda old, but the concepts still apply and have come in useful to me on some projects I've been working on. What's really cool to me, is that I've been working on some signal interception outside of the "normal" wireless spectrum that we think about and the concepts still apply. This paper was quite helpful to me and I wanted to share it here. I hope you find it useful and/or interesting.


4
Python/Ruby/Perl / Extracting Data from SQLite3 Databases
« on: May 09, 2012, 02:58:50 pm »
It's been a while since I've posted much so I wanted to share this as it came in handy for me recently.. Upon compromising a device, I found several sqlite3 databases ripe for the picking. Rather than messing with sqlitebrowser (which isn't in the Fedora repos under that name, if at all, BTW) or struggling with extracting data, I just built this quick dirty little tool to help get me what I need.

Code: [Select]
#!/usr/bin/python
#Author: Phil Grimes @grap3_ap3
#Python 2.7.2 (default, Oct 27 2011, 01:36:46)
#[GCC 4.6.1 20111003 (Red Hat 4.6.1-10)] on linux2
#Date: Thu 26 Apr 2012 12:22:28 AM EST
#Revision: 1 $
#Description: This code pulls desired data from SQLite3 database.

#Import the SQLite3 modules
import sqlite3

#Define some stuff
DATABASE_FILE = 'database.rsd' #Change this to YOUR database name
TABLE_NAME = 'alert' #Change this to the table you want to query
FIELD_NAME = 'hash' #Change this to the field you want to query
con = sqlite3.connect(DATABASE_FILE) #create a connection pointer to our DB
c = con.cursor() #Create reference to the pointer
list = [] #Create an empty list

c.execute("SELECT * from alert where hostname=diadem") #Call the execute method of the pointer reference to pass our SQL query

file = open('dump.txt', 'w') #open our output file with the intent to write
for i in c: #for each row returned in our query
list.append(i) #append that row to the list as a list item

for i in list: #For each item in the list
file.write("%s\n" % i) #Write the item as a line in the file with a CR/new line char at the end
file.close #Close the file
#Close the file

The comments are much cleaner in  the text file, this web formatting is a bitch and I just don't feel like playing with it to fix, sorry!

This script is pretty simple and there's really nothing to it, but hopefully it's useful to you or maybe sparks you to write some code!

Happy Hacking!

5
General Discussion / All work and no play...
« on: May 06, 2012, 09:32:55 pm »
O hai!

I've been super busy with some really awesome stuff lately but the shitty part of work is that more often than not, I can't share much about the coolest things I'm doing! My team has gotten some incredible opportunities in the SCADA world that has me getting to research and assess some crazy-cool technologies and learning things I'd never thought I would have cause or reason to learn! I walked into my office one morning and was like p00f "you need to become an electrical engineering jedi by next week"! o_O So I learned how electric works and the differences between electric and electronics.. then how to build circuits and work on PCB to solder components into what I needed.. I also got a crash course with the Arduino Uno- a freaking great device which allows one to interact with almost anything electrical. Hopefully after the project is over I can start building and sharing some fun projects with the Uno. I've also gotten to use my moderate coding skills (I'd say I'm about a blue belt) to write my own exploit for a system - something I'm extremely proud of since it really is the first time I didn't use someone else's sploit or a shell/snip of someone else's code. By leveraging a vulnerability in the physical case of the device, I was able to obtain the memory card and review all the code. By understanding the app, I was able to write my own exploit that shut down the security countermeasures, opened the firewall, and gave me control of the device.. fucking PWNSAUCE! I've gotten to play with different protocols (building sniffers and fuzzers for them) and radio frequencies where I've learned some new interception and manipulation techniques as well. This has been a LOT of content to learn in a very little time and it's taken up nearly all of my time.

I'm still here. I am hoping that once these projects conclude, my team will be able to write and build some talks out of the work we've done. But until that happens, I can only share in generalities but I wanted to post something to let you guys know I'm still alive and kickin'! It's been great to see the community grow and I'm regularly reading the updates!

 

6
General Discussion / Phishing tools
« on: February 23, 2012, 11:24:13 pm »
So, for those of you who missed it's release, my team put out a http://microsolved.com/?page_id=275']little phishing tool[/url] for organizations who want to test their internal security. Well this has been a hit but it really is pretty simple and wasn't meant to be very robust. However, I was contacted by a friend of mine who is the president of an ISSA chapter in Tennessee and had a group in to talk about their tool called http://www.sptoolkit.com']SP Toolkit[/url] which seems much more robust and quite useful on several levels.

I watched their video, engaged the development team on twitter, and have downloaded the software for testing. I just thought I would share here too in case others found it useful.

7
RAWR ..

So this is something I'm dealing with in the wild and need to talk in theory, rhetoric, and what-ifs.

So what if I have this application that is some CMS-type app that is used for INTERNAL use only but we are just hell fucking bent on exposing it to the world?! And what if I want to make sure the app is safe from unauthenticated attacks, so I start banging on it with all my might. Along the adventurous journey I happen to discover what looks like I might be on to something which at first seems like the SQL server squealing for mercy and offering me an error page, but on further investigation looks more like the server has verbose logging turned on- perhaps for debugging? Anyway, the extent of it is that I can only generate this "error" looking page when injecting a null byte into the query. I can NOT seem to break out of this query and execute any actual sql injection. While the "error" page looks scary, and it might even allow an attacker to formulate valid and possibly damaging sql injection statements, the app seems to balk at the actual execution of the sql query when anything other than the expected input is received. Even more puzzling is that in order to reproduce the "error" page, I must use a null byte and a null byte only. Nothing else seems to have any effect on the query- "normal" injection attempts seem to fail gracefully.

Any ideas on how to make something of this weakness??

8
General Discussion / Lots of lurkers..
« on: February 08, 2012, 08:57:23 pm »
So, I'm fairly new here... but it's a damn ghost town in them thar forums..

I've been looking through the member list and not quite sure what the fuck is up with so many people with not one single post. Maybe we clean out the inactive members and try to promote forward momentum as a group and as individuals by actually erm, IDK, participating?! If not getting rid of them, perhaps we have an area where either post count or rep points gives you access to view/post? I'm all for a strong community and user base but I feel like so many people are complacent with just lurking.. snakes lurk. I don't like snakes.

If I'm off base here, someone please correct me, but when I came here I was happy to see several members who actually DO shit. We have people writing blogs on proof of concept, guys CODING some really cool stuff, and great ideas coming from this community- but some are just bumps on a log. I like that this is a place open to anyone where we actually live by the "hacker" mentality that knowledge and access to information should not be restricted, within reason. Where we could think and learn and help each other grow. For several of us I think that's what it is becoming. For the rest of you, WHY ARE YOU HERE?  I mean seriously.. if you have NO posts, I implore you to make THIS THREAD the one that pops your cherry. Talk to us. Tell us what you're about and what you're here for. Help make this place better or make a donation and say thanks to connection for his work keeping this thing going despite nearly rm-ing the whole shebang  ;) (srsly, them apache dirs can be slippery lil bastards).

Anyway.. I hope to hear from someone who isn't the same people who normally post. In fact, if you have a post count higher than 10, I'll ask you NOT to comment on this. If you choose not to comment or become active, maybe reach out to me one on one or even a good ol' fashioned "FUCK OFF" would be nice.

See you around the internet ..  HiSsSsSsSsS.

9
General Discussion / One project dies off in light of another...
« on: February 05, 2012, 12:47:12 pm »
Hello again!

Seems pretty dead in here through the weekend so I wanted to share something that seems to be taking shape on my project list and would probably make a great HackTalk Community project- if any admin or mod wants to move this to the projects board, that's cool but I didn't want to post there unless it's an "approved" community project.

Anyway, a short time ago Emery and I were talking about building a BackTrack-ish distro based on Fedora but that is stagnant at the moment, clinging to life and hoping to not get scrapped completely. Well I started thinking that while this needs to mature as an idea a little more, perhaps there was some other similar project that would be fun to build and would help get the HackTalk name out there and to provide a useful tool to the InfoSec community. As this thought rolled around in  my head I started building some VM test beds for some attack testing which led me to start searching out tools similar to DVL, DVWA, BadStore and the like, but to have ONE  VM package that is config'd and all set up so users can deploy the tool and start attacking it instantly with valid attacks that will be encountered in the field.

My quest led me to a VMWare stack called UltimateLAMP which was created some time ago to offer users "Evaluation of Popular Open Source LAMP Stack Products including Blog, Wiki and CRM applications." Well it turns out there are a lot of packages that are now vulnerable to some pretty cool attacks so this seemed like an instant winner for me to set up an easily replicated vulnerable testing environment. Well getting this setup in VMWare was a bitch. On top of the struggle of getting such an old OS (Ubuntu 5.10) working, many of the installed packages were bitching about there being dependency issues from the jump. This turned out to go from a project where I should have had a pretty damn quick setup, to taking me 2 days of fucking with just to get it running.

The UltimateLAMP stack is nice in theory. It is supposed to come all set up with data already in the apps so you can see how they're supposed to work, then go to town harassing the thing to pillage whatever you can. But it's such a pain to get working that once I actually had it up, I didn't want to look at it anymore. So I took a break and thought, maybe this would be a good project to put out in the HackTalk name- we revive the distro, tune it a little, and ship it as a hacker's playground- a plug & play solution for sitting down with Execs, new sec people, or anyone who wants to understand what an attack looks like. You simply sit down with your audience and a laptop, fire up the VM, and set to demonstrating any number of attacks against the system.

I reached out to the original creator and he said that no one has done much with the project since like 2006 and was more than happy to see me interested in picking up the ball. While I Intend to finish this project for my personal benefit, if there is interest I think we should brand and release it as a HackTalk tool.

Here is the current tool list.

Linux (Ubuntu 5.10)
Apache HTTPD Server (2.0.54)
MySQL (4.0.24)
PHP (5.0.5)
WordPress (2.0.2)
TextPattern (4.0.3)
Serendipity (0.9.1)
MediaWiki (1.6.5)
TikiWiki (1.9.3.1)
PHP Gallery (2.1.1a)
Moodle (1.5.3)
OsCommerce (2.2m2)
Zen Cart (1.3.0)
PhpWebSite (0.10.2)
Joomla (1.0.1)
eGroupWare (1.2.1)
Drupal (4.7.0)
Php Bulletin Board (2.0.20)
Sugar CRM (4.2.0)
Owl (0.90)
WebCalendar (1.0.3)
Dot Project (2.0.2)
PhpAdsNew (2.0 . 8  )
Bugzilla (2.22)
PhpMyAdmin (2.8.0.3)
Webmin (1.270)

If this gets launched "officially", I will be looking for some help in gathering the listed packages above. I have *MOST* but some of them I either had to grab newer/older packages or omit all together. So if any of you can help me to resolve that by either finding the missing shit or just helping me to provide alternative applications which offer a similar experience and attack vector.

I've finally got the base system up and running so will be spending most of the day installing and config-ing shit to get it going. Look forward to your input.

10
hai guise!

As most of you know, I've been working on the "Pwning with BackTrack" video series lately, we're happy to announce that ALL of the DNS Enumeration tools have a high level tutorial video that will be making their way to the HackTalk youtube channel (if you don't subscribe, you're an idiot and you should) ! I have started staging for the next series, "Identify Live Hosts", which looks to be a lot of fun.

I'm posting here to keep you up to speed on the status of the project but also to look down the road as we move more into the other tool sets. I'm looking to find someone who has the time, resources, and inclination to help me build the target environments that are needed for these tools and stand them up when needed for the various testing. Most of the tools I can do on my own as they work just the same internally and externally. There are still a great number that I can run against hacktalk.net, my own domains, or if they are "safe enough", I can run them against big sites which are likely to yield good results (I did this with several of the DNS enum vids). But there are some tools that will respond better and make the attack look more authentic on the video if done across the internet. Anyone with the time/skill/ability/willingness to work with me to set up some VMs for these situations? As much or as little help as I can get would be appreciated. 

11
I was recently dispatched to do a physical assessment of a financial institution who wanted to test 3 branches, their data center, and the administration building. It was a nice change of scenery, a good time of year to travel, and would prove a good test bed for some old tactics put to use in some new ways.

So I got settled in and had a teleconference with my site contact to discuss the details. I would be attacking the branches as a "new employee". I would be trying to talk the people into letting me into any sensitive areas within the branch- anywhere a "normal person" isn't supposed to be would be considered a win. Same goes for the data center and admin facilities but I would be changing tactics just a bit for these.  For the admin branch, I would be impersonating a boar member's lacky who was bringing donuts into a meeting. The hope would be that while my hands were full and with dropping a few names, someone would let me tailgate them into a sensitive area. And for the data center, I was authorized to go full-on mission impossible to infiltrate the facility. There was to be a guard on duty for 24 hours and I was tasked with getting into any part of the building after hours by any non-destructive means. Just to be clear I wanted to make sure that lock picking was not out of scope and I was happy to be told to pick to my heart's content!

So we start the branch assessments with me dressing like the other workers- business casual with khakis and a nice polo shirt. I used a blank ID badge to seem like I belonged as I approached the smoking area with a new pack of cigarettes I planned to pretend to chain smoke until I found the right time to make my move. In testing 3 branches with this attack, I was shut down at the gate for the first- rather discouraging actually! I tried to talk my way around it but the woman who intercepted me escorted me to HR where the pretense was blown and I was kindly escorted off the property. The second branch I felt a sense of redemption. After smoking half my pack of cigs, I found a gaggle of women clucking about some nonsense and decided that would be my chance to move. I faked a call on my cell and started talking to my "MOM" about my first day on the job. The hens kindly held the door and let me into the building where I quickly made a b-line for the john. I'm not sure why I feel so comfortable in the bathroom, but that seems to be my safe place to regroup upon breaching a perimeter! After I was able to regain my composure, I exit the bathroom and start wandering to see what I can find. Well I turn the first corner and meet the branch manager who realizes I don't belong there and before long I'm in the manager's office showing my get out of jail free card to get her to call my site contact and not the cops. As much as I hate loosing, good for them. They caught me before I could do any real damage. So on to the final branch and my ploy works again but this time I was able to flirt my way into the building playing on a middle aged woman who was more than happy to talk shop with a new guy who paid her a little attention. She tried to do the right thing, waiting for me to beep us in the door with my key card. Well the door beeped with the chip but of course it wasn't recognized, so after explaining my card hadn't been working since I'd gotten it, she led me in the door and we continued talking about her tenure and experiences with the organization- right up on to the 3rd floor where the payment processing and wire transfers were handled. As she exited the elevator, I told her I was going to ride back down to the first floor to get HR to fix my badge. As the next person summoned the elevator, I faked another call on my phone and walked out of the car just as they were coming in, the doors closing behind me, them going down toward the lobby and me free to wander another floor which turned out to be the customer service call center. I wandered this floor for about 30 minutes unmolested. No one questioned me. No one stopped me to talk. I was able to shoulder surf several social security numbers, phone numbers, addresses and more, as well as watching reps logging into various utilities to help assist customers. I took some notes, a few pix, and a couple videos before realizing I'd won as much as I could and moving on to the next target.

The data center was supposed to be the most fun. I was planning to pick the lock to the external door, lure the guard out of the data center, and take advantage of the super slow closing industrial steel door to let me into the win zone. Well they want this done before work hours and want me to have enough time to complete the task before other employees show up but not too late my site contact looses sleep... so I'm sitting in the parking lot of this data center at like 0430 and waiting until 0500 when we agreed I could attack. As I'm sitting in the car listening to some craptastic radio, I get a knock on the driver's side window and see a chulo standing there asking me for a ride through the pane of glass. I explain to him I'm not planning to go anywhere at the moment and as that sentence crosses my lips I realize there is another person standing at the front of the car- essentially trying to stop me from driving forward out of the parking space I'd backed into. In that same instance I found yet another person, this one at the rear passenger door and trying to open the door which thankfully had been locked due to a safety feature of the car. Well about this time I realized that the proverbial defecation had impacted the radial oscillator and it was time to make my grand exit. I dropped the car in gear and lightly stepped on the gas- politely brushing the gentleman at the front of my vehicle out of my path of forward motion and onto the soft cushion of the parking lot pavement. Seeing as how there was nothing of personal interest to protect, I was on the other side of the country from home, and due to having to fly was unarmed (a rarity for me), there was no reason to take unnecessary risk. We left the area and that was the end of that -crazy shit to think of possibly being car-jacked during a work exercise!

I got to the hotel and had a nice long rest after the whole parking lot fiasco. When I woke up it was time to prepare for the final phase of the attack- the admin building. I had planned the trip this way to play on the business of the organization having a board meeting on the day of my arrival. I did a little linked in recon and found several names of board members, then suited up, grabbed myself a dozen donuts and headed for the site. I approached the admin building with a bunch of people and the security officers were too busy helping a vendor set up a display in the lobby to question the people passing. They were apparently trusting the RFID key card system to keep people like me out of the places they shouldn't be. Well, again I was faking a call on my cell phone telling my made up boss/board member that I was on my way to the board room and making it seem like I was being hassled for being late. Well, as naieve as human nature is, the mousy little man who was hearing my conversation as he walked in front of me was kind enough to not only let me tailgate him, but to HOLD THE DOOR for me through not 1 but 2 RFID access points. The look on the faces of the CISO and my site contact as I walked into the board room with my donuts was priceless!

Anyway.. thought this would be interesting to share. Hope you find it as entertaining as I did. I love social engineering!

12
General Discussion / A right way and a wrong way for everything..
« on: January 21, 2012, 07:58:59 am »
I  can't help but put this out there..

After the recent events surrounding SOPA/PIPA this week, it makes me wonder if this can and mouse game that Anon and the various Govt's around the world are engaged in is going to turn things for the worse rather than help. There is a right way and a wrong way to do everything. I am an advocate of standing up against big business and the current "powers that be". I'm not a sheep and I believe everyone should question authority. BUT that doesn't mean we should be out looting in the streets (at least not yet).

There are a lot of talented people online who choose to use this skill set for evil rather than good. Whatever, to each his own. But when the government starts trying to goad these groups into illicit actions, and the youth of Anon's leadership can't see that when engaged with an enemy who re-defined the tactics related to espionage, psy-ops, and information warfare. Nothing is impossible but that's a damned challenging task. So MegaUpload goes down then the anon skids are directed to fire up LOIC and blast several sites out of the clouds (see what I did there, PUN intended muh fukk)- and surprisingly they have a noteworthy effect. But will this result in the desired reaction? I'm doubtful.

Our government was founded on lies, backstabbing, and bribery. It's good to see the traditions continue. I'm not just bashing MY government here, I'm saying in my  opinion, all government is guilty of corruption on some level- the Americans are just major players in the overall game. I'm not saying this to bash but just saying that these people are experts in crafting situations which seem legit but have some jackhole on the back end ultimately pulling the strings. So it seems that Anons take down these sites while those with skill are doing more damage under the cover of the DDoS attacks- holy shit they really DO have some talented people! But even though there is some merit to the attack, was it a wise battle strategy in this war? I'm not so sure. It seems to me that this will give "The Man"
 entirely too much ground to stand on that will let the uneducated, average Facebook/FarmVille/FishVille/WhatEverTheFuckVille user be misguided to approve or even worse to NOT INPUT on such important legislation. I'm worried that the FUD will push people to be so scared of surfing the web that SOPA/PIPA becomes the precursor to digital equivalents of the Patriot Act and NDAA.

Stand up! Be counted. Tell your government that WE want the right to decide what is right/wrong, good/bad on the Internet. I don't need some old-ass (STFU Emery) rich, fat, white n00b who can't even check his email to tell ME that tubgirl, lemon party, blue waffle, or anything else is inappropriate. I am PERFECTLY capable of telling you that I have NO interest in seeing more than about 2 seconds of 2 girls 1 cup, but if some d00d likes that shit (did it again :D), more power to 'em!

Shit. Sorry. I just let my fingers and brain wander. No filter in place.
</soapbox>
</rant>


13
I love my work. I love being involved in the InfoSec community and I love that organizations are actually allowing consultants to seriously and thoroughly test their security processes and procedures.

I recently got to test security at a fairly large insurance provider- they asked me out for a week to test physical sec of their corporate office and 2 smaller branches in the area. I gladly jumped on the opportunity. Who doesn't like to travel and get to do some mission impossible type shit to break the week of report writing monotony...

Anyway, I flew out to this place and get set up in a NICE hotel. I love travelling for work because I can book suites without feeling bad about it. If I have to spend a week with this as my base of operation, I expect to be comfortable! So I settled in to sleep early after a long ass travel day and several little whiskey bottles on the planes. Waking in the morning, I head to the restaraunt in the lobby to meet my contact and discuss the plan of action. We were supposed to meet at 7am. He called me at 7:20 to tell me he was running late, how considerate?! When he finally arrives we start to hash out the plan...

This place is a huge building occupied only by the target. All doors are protected by RFID key-card access which is logged. There are cameras strategically placed around the property and foot traffic is high throughout the day due to the varied work shifts at the facility. Sadly theft was out of bounds so I couldn't snatch me a card to just get in and after building a RFID scanner I found online (but didn't have time to test) so I wasn't able to just walk in. I contemplated doing the phone-guy attack which is almost always successful for me, but considering what was waiting on the inside and my goals being to get in and stay in as long as possible, I needed something to make me look like I belonged there. I spent the first day doing recon on all 3 target locations, observing traffic and watching how things operate.

As the second morning started I decided to sleep in. My attack was going to play on a busier time of day, people's natural instincts to be helpful and panic under pressure, & the fear of reprimand :) As I got started, I suited up- a rare pleasure when Social Engineering in my experience. After finishing my morning Monster Drink I hopped in the car and headed toward target #1. I grabbed my briefcase and dialed the google voice number my team created in this area code. My teammate answered and I went into my spiel as I approached the door with lunch time foot traffic racing in and out. I started having a conversation with the "CEO" explaining that I had my badge at another branch 30 minutes away, dropping names of people I knew worked at the branch, and frantically explaining I can't get into the building to deliver the financial reports because I have to go get my badge. Oh, and the financials were to be presented to the board in 20 minutes.

A sweet young girl was sitting outside talking to some friends as I was pacing the entryway in near panic. I continued my conversation, my teammate talking dirty to me phone-sex style to try and make me break character... it's a game we like to play! So after about 3 minutes this girl and her friends break conversation, they head to the parking lot and she toward the door. Without skipping a beat I tailgated her and as she went to stop me, I said "wait, an angel appeared and is saving the day.. I'll be up in a minute" as she second guessed herself and let me walk right in the front door. This is where it gets fun...

So there isn't much on the first floor. A RFID protected elevator bay, a couple small waiting rooms, meeting room, a vending room and a couple locked doors- I KNEW I should have brought the picks.. WTH was I thinking! As I scoured the ground floor I found access to the stairwell but upon further investigation it was almost a trap- I could open the door into the stairwell from the ground floor but inside the stairwell all the doors have RFID scanners to require a card to access.... DAMN. Thinking a little more and camping out in my meeting room that became my FOB for this facility I remembered seeing a cardboard box in one of the empty rooms that had some paint rollers, stir sticks, masking tape and other paint supplies in it- so I grabbed the masking tape and learned quickly that if I push in the door latch and taped it down, the masking tape was strong enough to stay! I tapped down the first floor latch, entered the stairwell, and let the door close silently behind me. The tape held as I tested it and then I started doing recon on the stairs. What could I see? Do all doors have locks? Is there traffic in the stairwell? Next I booby trapped all the doors with masking tape in hopes that when the door opened, the tape would catch and hold the latch- this, sadly, didn't work at all! I spent several hours in the stairwell with my shoes off to ninja-creep the steps if people came through and as the afternoon wound down there was actually some traffic on the stairs. One employee saw my tape trap and took it off but apparently didn't report the oddity- WHY THE FUCK NOT?! What she didn't realize was that I was just out of sight on the next flight of stairs and when she passed through the door, it closed slowly enough for me to get down to it and hold it open. I ducked out of view and with my tape ready I tapped down the latch and let the door close. Then I jumped back up the stairs and out of sight to let any possible awareness of my presence subside. After letting my heart rate and body temperature returned to normal, I put my shoes on, approached the door, opened, and walked right through. I had officially breached the target - #WINNING!

I made a B-line straight for the bathroom and hid in a stall for about 10 minutes while I texted my contact "Hello from the 6th floor bathroom". Walking the floor there were very few employees. No one approached me and few even noticed I was there. I wandered room to room finding case after case of GLBA/HIPAA/HITEC violations- copies of drivers licenses and social security cards, source code to the org's applications, account numbers of people's HSA's- I could easily have stolen and sold more than 1000 identities of unsuspecting people in a real attack --> Sometimes I wonder why I'm on the good guy's side.. Will they ever learn?

This was just the beginning of their downfall. I used the phone guy to attack the branches. The first branch was actually on point but I attribute this to the 2 employees on their smoke break who spotted me in the parking lot -- NOT to secure processes of the organization. Had these chicks not taken their butt break at just the right time, they never would have seen the "Phone Repair Guy" getting out of a fucking rental car- NOOB! So I pretty well failed this but in my defense, the car I was beside had an employee badge in it that was ripe for the picking. Damn these morals and ethics.

The final target was the single funnest experience I've had doing SE work. I approached the target and walked into the branch man trap. After explaining through the speaker box why I was there, the girl let me in and told me security would have to escort me to the wiring closet and I would not be given any access without a chaperon. When the security guard approached me his gate told me he is/was a cop instantly. You can always spot a cop by their walk- they look like they have a gun belt on at all times... Anyway, the guard asked me a few questions then told me to follow him as he led me to the elevators and eventually into the wiring closet.  This guy was breathing fire down the back of my neck as I used a polarity tester against the wires and spit jargon at him about how dangerous a voltage spike on the phone lines could be. I added that we've pinned the spike down to this building and one more as I slipped the battery out of my polarity tester and turned it around. "Crap, my tester died," I said "do you happen to have a battery I could use or have?" The guard fell for it and started off for a utility closed just around the corner. I bought myself about 30 seconds which let me snap some pix and look for something devious to do inside this wiring closet.. several places that PWNIE Express or Teensy or something could come in handy!! I just snapped the last picture when the guard came around the corner and saw me with my phone. I tried to talk around him but as it turned out this guy WAS a cop and he knew  the right questions to ask, was able to poke holes in my stories, and after checking my badge and drivers license to realize they represent different states, the plan rapidly unfolded after that.

So I'm sitting in the back of this police car...

No seriously. This guard called the cops. I'm waiting in this cruiser and finally get these assholes to listen to me and to go retrieve the engagement contract from my car. When they come back I get some bullshit "Anyone could print off a letter" and they insist on calling my contact -- who was still in this damn board meeting. After about an hour, we get things sorted out and the cops actually lighten up a little bit. Once they realized I'm not the "average bad guy" they joked, asked questions, and even gave me some suggestion for improving the scenario.

I love this work. It's fun, exciting, and I get to meet a lot of cool people. Just thought I'd share. Sorry it's so long but I hope you got a chuckle out of it.

14
General Discussion / What are you working on?
« on: January 11, 2012, 11:27:21 pm »
Happy freakin' hump day!

Everyone has been so quiet but I know (especially those from IRC) that we're all plugging away on our own little projects. So what are you working on? If you're like me you have professional obligations, personal commitments, and still pile on project after project when you see a cool idea ~ OoO .. shiny! So share and lets talk. I actually have a project that your feedback might be helpful on...

So what am I working on?

Well, in 2012 I have changed my work processes. No more working 70-80 hour weeks. I miss my family, I miss my motorcycle, and I miss being lazy and relaxing or sleeping in because I saccrifice to work. So I'm changing how I bill my time and it's working great. I'm developing this method with a collegue aiming to help people automate, simplify, and reduce time spent on tasks directly while maintaining if not increasing output. From those of us who are testing this method, while there has been an increase in workload at the beginning of anywhere from 80-130% (over the first 90 days), the results are phenomenal! We're finding an overall reduction in workload of 40-80% when consistently implementing this method.

I'm also working on helping to make fake shit protect organizations. My team produces a honeypot product and I am currently working to implement "plugin" code which takes the data recieved when an attacker interacts with it and <INSERT SOMETHING COOL HERE>. This is the project I'm thinking you smart SOB's might be able to help me get creative with in designing new cool stuff to do with an attacker's data. So.. keeping in mind that we have to be leagal-ish .. and ethical-ish.. what would you DO with an attacker's data? If you had access to IP addresses, Bot code, IRC servers/chans/creds, popped hosts/sites, or exploit code what would you DO with it? I love talking about this stuff and you can almost always find me on the #hacktalk IRC channel on freenode so stop by there or hit me on twitter.

So really.. what are you DOING. It's easy to leech and  just soak up information but what you do with that information is what matters! I'd love to hear about what you're working on and get involved. The damned thing about hacker culture is we're introverts.. I'm trying to CHANGe that shit! Someone recently told me that those in the community who do hax/sec well and can make it look good are the true 1%.

I'm sexy and I know it!

15
Tutorials/Guides / Free programming resources.
« on: January 09, 2012, 04:10:38 pm »
Came across this while reading and thought it would be worth sharing.

30 free programming eBooks

http://citizen428.net/blog/2010/08/12/30-free-programming-ebooks/


I know most of us have a pretty good grasp on programming but if you're looking to advance your skills or learn something new, these may be useful.

Pages: [1] 2

SimplePortal 2.3.3 © 2008-2010, SimplePortal