This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Superflu0usRoot

Pages: [1]
1
Hacking and Security / Re: [question] Sniffing cleartext passwords on monitor interface.
« on: September 28, 2013, 01:45:06 PM »
I've seen a few programs that are built to specifically parse down information looking for specific passwords.

Cain has worked for me before, as well as some modules in wireshark.

What specific protocols are you wanting to get passwords from?

2
Hacking and Security / Re: Social Engineer Vector
« on: September 28, 2013, 01:32:53 PM »
Legal help is not an option for being scammed in a joint venture by someone in India.

I guess the story wasn't entirely necessary .

TL;DR?
"Trying to pack a metasploit payload to get around Avira anti-virus."

3
Hacking and Security / Social Engineer Vector
« on: September 28, 2013, 01:16:40 PM »
Hello one and all, I have returned (not that I was missed, but I plan to be around more consistently hopefully can help someone else out)
I checked the forum rules and don't think is not allowed. Hopefully I can post this clearly enough to prevent this from turning into a troll thread.

I was recently scammed by someone via WesternUnion. We were doing a joint venture project, after he got my money he "disappeared" for a week. When he came back, he claimed that he got scammed and doesn't have his half of the money, but he already put mine down as a down payment. I was able to trace his IP and the "guy who had the down payments" IP, and found out they're one in the same (I was already certain it was a scam, but after this proof wanted to lock down my plan to take my money back). I have cause to believe the guy has plenty of bitcoins on his machine, and I plan to recover enough to pay myself back.

In my course of social engineering the guy, I found out the following:
His IP address (It's in India, which makes sense. He also has no ports open, but a bunch filtered)
-He runs windows 7 x64
-He uses Firefox 24 or Internet Explorer 10 (I would assume pretty patched)
-He uses Avira anti-virus
-He uses Adobe Reader 11 (not sure if it's 11.0.4 yet or not).

So I don't think I'm gonna find an exploit (unless someone wants to point me where to search for zero days)

I'm planning on using metasploit, already built a payload and tested it on my VM machine. I figure if I can get it into his machine, I can set it up to persistent and with enough time keylogger him and get his bitcoin wallet.

Problem I'm having is with getting the .exe to NOT set off Avira. I've looked into packers and other methods, but they all seem out of date.

Any suggestions or points in the right direction would be helpful.

4
Anonymity and Privacy / Botneting Public Computers for Proxying?
« on: February 16, 2013, 08:58:49 PM »
I have a theoretical idea, and setting aside ethics (there's a pun in there I'm sure) I think this may provide more true anonymity?


Those who know my current situation (read my intro post) know that I don't have a computer of my own right now. I use the public library, and feel pretty safe. In fact, I have to use proxies to get OUT of the public library onto fine sites such as evilzone (they think it's evil. go figure).


What I am curious about, is why not install a botnet on the library computers? I know there's a lot of technical aspects to bypass (I don't have admin access, and it's using deepfreeze or something similar which would need to be circumnavigated) but if I chained a few different public library computers together, say in a city/state I will never visit again, and then use a VPN to access THAT network, wouldn't it theoretically be anonymous?


I'm sure I've missed something, please enlighten me :-).

5
General discussion / Re: received a "file0.txt"
« on: February 16, 2013, 07:49:38 PM »
Two simple ways to find out:

an online service such as:
http://textuploader.com/?p=7

or in a linux environment (if you really want, use someone elses linux environment, and wget the file) do a:
Code: [Select]
cat file0.txt
I'm sure it IS possible to create an exploit using cat (anything is possible) though I haven't seen it and it would be a VERY specialized attack.

6
Hacking and Security / Re: Any Advice here?
« on: February 08, 2013, 09:27:16 PM »
If you've gotten down network architecture, that's not a bad start. Something that will be a huge benefit to you is learning how an operating system works, and how the security there works. Hacking isn't so much of a science as an art. There is ALWAYS a way in, and the way you get in has a lot more to do with style than anything else.


Python isn't a bad way to start, but depending on what it is you want to do, you will have to learn how that can interface with what you're wanting to "hack". Want to keylog? probably not going to use python for that (though I'm sure you could). Want to find an exploit in a web server? Python may help you find it, but you'll need to either SQL inject or learn linux well enough to get what you want.


Hope that helps, check out the tutorial section for more, and remember, Google is your friend.

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.