Digital Offensive

Posted on Wednesday, 18th January 2012 by Michael

Today is January 18^th 2012. This is an important date in history as today is the day that thousands of websites are blacking out in protest to two very controversial bills that are written in hast that will censor the internet. At a high level the government plans to use these two bills to legally hijack websites / domains that they deem inappropriate or to be dealing with piracy. They will do this through techniques that can jeopardize your internet security. This will not only affect Americans but everyone as the US has much of the internet infrastructure.

A revised bill putting the burden to protect copyrighted material on the entity is what is required not giving the government the ability to make the decision what to block and what not to block. Our government has more important issues to deal with then doing the legal leg work that these entities should be doing to protect their content.

Watch the video below for more information:

http://www.youtube.com/watch?v=n0X5WCmyokw

To get more information on the bill from a more reliable source (EEF):  https://www.eff.org/deeplinks/2012/01/how-pipa-and-sopa-violate-white-house-principles-supporting-free-speech

To sign the petition click here:

https://blacklists.eff.org/

Posted in Blog | Comments (0)

Posted on Friday, 13th January 2012 by Michael

Daemon Reality

Daniel Suarez wrote in his book Daemon about a man that upon his death a strategically crafted computer system that would launch a mulitude of events that range from something extremely simple to murder. In the book he mentions how there are a multitude of systems monitoring different resources for this person’s death. What if we eliminated the need for such a vast system and used the number one social media site and a simple application. What if we stream line the process?

Today I stumbled upon an application for the social media giant Facebook called “If I Die” (http://www.ifidie.net). This application allows you to record a message or a post that upon your death and verification of your three trustees will be posted to your Facebook account. Wow now over several million people will know I am dead before the newspapers even have the first obituary with my death printed.

So you are now thinking how does this line up with the book the Daemon? Well let’s go back a few months to my Facebook bot I wrote (http://www.digitaloffensive.com/2010/08/facebook-bot-fbcbot-pl/). This bot would monitor my Facebook account for key word posts then launch commands locally to carry out my wishes. So right now you are probably thinking that’s all fine and dandy if you have a system you can guarantee will be up and running all the time as well at least for a short time after your death. Well what about cloud computing? How about Amazon cloud? They offer you a free cloud system as long as you stay below a certain usage each month. From my past usage of the system they charge you at the end of the month or in increments for usage of the cloud. So even if you are dead and your bill can’t be paid it does not matter cause after your bot detects your death it can now do whatever you want, such as create a bot net.

So the process would be this. Upon my death (if this application still exists) my bot running on the cloud will see my post that will give it my final command. It will then check several sites like ww.exploit-db.com for new vulnerabilities. It will then use key Google Dorks from what it found on exploit-db.com to build a list of vulnerable servers and to use the code found on that site to start attacking and infecting these hosts. Right now you are wait this is illegal! What do I care I am dead! Once the infection spreads to multiple hosts it does not matter if my cloud is shut down for nonpayment as my bot net has started.

Now that you have an idea where I am going with this train of thought think about other things you can do? You have a life time to prepare your master piece

Pictures and code for fbcbot.pl ” I am dead code will be posted shortly”

Posted in Blog | Comments (0)

Posted on Friday, 23rd September 2011 by Michael

Simple powershell script to automate Acuentix command line scans:

Requirements:
1. Windows vista or higher (preferably 7)
2. Powershell 2,0
3. user access control disabled
4. Acuentix installed (v7 or higher)
5. List of sites to scan

Adding functionality:

To add functions to the wvs_console call edit the variable $scan

Code:

################################################
## Automate Acunetix Console Scans
## Edit $scan to add more function (profile, report type, etc)
## Created by Michael LaSalvia
## http://www.digitaloffensive.com for http://SecurityonLocation.com
###############################################

Set-Location “C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7″
# Add my directory to the current PATH
$x = (Get-Location).ProviderPath
$env:path = “$env:path;$x”
write-host “Current directory added to ENV:PATH”
##################################################
##Edit below but be careful
##################################################

$sites= Get-Content c:\mytest\sites.txt
foreach ($i in $sites) {
$scan = “/scan $i /generatereport”
Start-Process ‘wvs_console.exe’ -WindowStyle hidden -Wait -ArgumentList $scan -PassThru

}
exit

How to run:

Place code in a file called whatever you want .ps1 and make sure to sign so you can execute it with powershell. Also make sure to edit the variable sites and variable scan to meet your requirements.

Any questions or concerns feel free to contact me.

Posted in Code | Comments (0)

Posted on Wednesday, 20th July 2011 by Michael

Ruby exploit for FreeFloat FTP Server ACCL Buffer OverFlow and remote Shell

The original vulnerability was published here: http://www.exploit-db.com/exploits/17550. The FreeFloat FTP server is a free standing executable FTP server requiring no installation on a computer system. The application itself is riddled with buffer overflows and is extremely simple to crash. Though the trick is not to make it to crash but to gain shell access, Mortis original published the working exploit in python. What we have done here is converted it into a ruby exploit. Why? Simply cause while learning ruby I took it as a challenge to test what I have learned.

Exploiting the vulnerability

To test the actual exploit download the vulnerable software and install it on a Windows XP SP3 machine: http://www.freefloat.com/software/freefloatftpserver.zip. Next on a Linux machine copy the ruby code provided and save it to a file called ftpexploit.rb and chmod it to 777. To run the exploit type in ./ftpexploit.rb and enter the victims IP. If the exploit is successful you will get a windows shell.

The Exploit

#!/usr/bin/ruby

Read the rest of this entry…

Posted in Security Advisories | Comments (2)

Posted on Monday, 18th July 2011 by Michael

Simple Ruby banner grabber and port checker:

This is a simple script I wrote in ruby to scan ports to see if they are open and grab the banner of the service.  The script has error handling built in so it is able to continue on to the next port if the port before is closed. Port banners are displayed to the screen. If you want to log them to a file just alter the print statement to redirect to a file. To change the port ranges to scan alter the line where the “for loop” is 0…65536. This script will only do tcp and not udp. The script was written for fun but when you are doing an actual audit sometimes you cannot install tools on the machines or with in the network you are auditing. This will allow you to use a piece of software that is installed on most new Linux machines.

Read the rest of this entry…

Posted in Code | Comments (0)

Posted on Saturday, 25th June 2011 by Michael

Nettalk chooses not to protect Client’s data / Privacy

A little over a year ago Nettalk came on the scene as a competitor to Magic Jack. They were not only a competitor, but a neighbor having their corporate office located extremely close to Magic Jack’s office. Their claim to fame was you did not need to have your PC on to use their device to make calls.

Since day one there was a group of people that were dead set to find the coveted SIP Credentials that would allow them to bring their own device and not have to use the nettalk device. Magic Jack has successfully, for the most, part made this impossible for the users which drove more clients over to Net talk and other services.

Read the rest of this entry…

Posted in Blog | Comments (1)

Posted on Wednesday, 30th March 2011 by Michael

Detecting malicious code in webpages iScanner and iScan Script

iScanner is developed by the folks over at iSecur1ty.org. The latest update of code was in September of 2010. The iScanner application is ruby based application that has many features:

Current Features:

• Ability to scan one file, directory or remote web page / website.
• Detect and remove website malwares and malicious code in web pages. This include hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares.
• Extensive log shows the infected files and the malicious code.
• Support for sending email reports.
• Ability to clean the infected web pages automatically.
• Easy backup and restore system for the infected files.
• Simple and editable signature based database.
• You can easily send malicious file to iScanner developers for analyzes.
• Ability to update the database and the program easily from iScanner’s server.
• Very flexible options and easy to use.
• Fast scanner with great performance.
• Yes, it’s FREE!!

I found this tool extremely interesting and started playing with it. Overall it is a great tool though I found it was missing some functionality that I wanted.

Read the rest of this entry…

Posted in Code | Comments (2)

Posted on Thursday, 3rd March 2011 by Michael

A Hacker’s Proposal:

A little over two years ago I met the girl of my life, not knowing at the time she would one day be my wife.

Social Engineering: The Ring

One day while out shopping she found the ring she would later on wear. The only issue I had was it was more then what I planned on. Though how could you say no to the one you love. I did not let her know at the time and continued to ask what she thought of other rings making sure her heart was definitely set on that one.
Then one evening as I was getting ready to leave work I called her letting her know I was going to stop at the store to get some water. She told me since I did not feel well that she would stop at the store for me and meet me at home. I figured this be the best opportunity to surprise her. Though I was super ill I ran to the store and bought the ring knowing that she would stop by there on the way to get the water to look at it like she normally did. I got to the store and purchased the ring to find that this is a one of a kind ring with no others available like it from that store. Nor did any other stores have one. I spent the last several months visiting jewelers showing them pictures of the ring and asking if they had one like it, all of them were amazed by the design. Once I heard this I knew she would call me tonight to let me know that the ring was gone. Like clockwork the call came through and you can hear the disappointment in her voice.

Phase 1 was completed she had no idea that I bought it for her or what was to come.

DNS Poisoning and ARP Spoofing: The Proposal

Before continuing to read, for those non technical people out there or in the event that the owner of Hip2Save ever reads this, NOTHING malicious was done to their site and all the below took place on my own personal network using our own personal equipment.

What is a better way to say I love you then poisoning the one’s you love DNS to send her to a false site that looks like the original site but has a personal deal, poem and directions. I decided to use the site www.hip2save.com. The site offers daily deals and she loves to visit the site and get free / discounted products, I know we will have to work on her giving away her info so freely. I used wget –m to download a mirrored copy of their site to my apache directory on my backtrack box and altered the page to look like the below image:

That was the easy part. The next part was carrying out the actual spoof and poisoning. Remember it is a race condition to see what DNS server answers first. So I cheated here and set my firewall to my malicious DNS server that I installed on my backtrack so I knew I would win. When I think about it, it would have been easier to setup my own zones for the sites I wanted to hijack, but where would the challenge be there. With that in place I used Dsniff’s arpspoof to take care of the arp s this did not take out my wireless switch like ettercap did. Then I used ettercap –T –q –P dns_spoof (after editing the etter.dns file of course). I also enabled IP forwarding so the packets could be forwarded out and I used my DNS server to handle all the non hijacked sites. The above took several days of testing and researching before I knew without a doubt that it would all work.

Exploitation: Popping the question

Several hours after she got home from work we were both sitting on the couches watching TV and surfing the net when she said “what is this” and started to cry (Happy tears). I was like what’s wrong as I got off the couch and approached her to see what she was talking about (already knowing).  I pulled the ring out and asked her to marry me while getting down on one knee.
She said: Yes and was extremely impressed with my idea for the proposal and even though she doesn’t know anything about hacking she asked that I explain to her how I did it.

Posted in Blog | Comments (1)

Posted on Thursday, 16th December 2010 by Michael

How to root the Droid version 2.3 code

Tonight I got an OTA (over the air update) from code 2.1 to 2.3 and wouldn’t you know it broke my existing root. You would figure since rooting is now legal they would not touch files that don’t belong to them or change your security settings but they do. So a quick Google lead me to Z4Root, unfortunately it has been removed from the market place but it can be downloaded from http://www.droid-life.com/2010/12/09/z4root-will-root-the-droid-x-2-3-340-update/ .

Once you download the file follow these easy steps to get root back or get root for the first time.

1. Connect the phone to the USB of your computer and choose mass storage mode.
2. Copy the file to the root of the SD card
3. Unplug the phone and let the SD card become ready
4. Use the files app to browse the Phone files and locate z4root.1.3.0.apk
5. Click on z4root.1.3.0.apk you will be prompted with a security warning that you can’t run applications from a non-market source. Simply change that setting when the setup brings you to that screen
6. Next you will need to enable USB debugging.
7. Once you enable USB debugging re-run the app and overwrite the existing configuration
8. Click on permanent root and be patient.
9. Once done your phone will reboot and you now have root.

With root you can run apps like barnacle a free wifi tether app that I think is better than the tether app. Also you can run apps like shark (wire shark for the droid) and many other cool apps that Verizon does not want you to run.

Posted in Papers | Comments (1)

Posted on Tuesday, 7th December 2010 by Michael

VoIP My Way is offering free VoIP phone service. There is no cost and they provide you with your SIP credentials so there is no hacking involved. Head over to http://www.voipmyway.com to sign up now and start placing free calls.

Posted in Blog | Comments (0)