Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - srirachasauce

Pages: [1]

Scripting Languages / Re: [Python][HELP] Practice Multithreaded Simulated DOS Tool Proxied through TOR.

« on: March 30, 2015, 09:35:13 AM »

It's SOCKS5, so you can use it for pretty much anything (to my knowledge anyway). I know you can use it for nmap, so that would lead me to believe it can be used for many protocols since nmap is of course a port scanner, banner grabber, and service discovery tool.

Post the code, why not. I'm doubtful your particular script would bring down all of TOR. People are already doing this anyway

Do it for yourself and to learn the deep inner workings of TOR and programming with SOCKS.

Scripting Languages / Re: [Python][HELP] Practice Multithreaded Simulated DDOS Tool Proxied through TOR.

« on: March 27, 2015, 07:34:36 PM »

Quote from: TETYYS on March 27, 2015, 11:52:13 AM

Are you seriously trying to DoS someone through a proxy? You realize that you DoSing porxy first, right?

It's a pretty slick idea if he pulls off the DDoS. Having a lot of zombies initiating connections through TOR would be fun because it would be so fucking hard to trace the origins of infected machines. However, that hurts TOR. And we love TOR <3

Other / Re: Setting up you Golang Environment

« on: March 27, 2015, 06:34:16 AM »

Me gusta. I'd like to see more Golang stuff on this forum

Beginner's Corner / Re: Anyone used the WIFI PINEAPPLE MARK V?

« on: March 27, 2015, 06:20:01 AM »

I like my pineapple because it's just a fun toy. Sure you can do that all on your laptop but with the pineapple you can get a battery pack and stash it somewhere with script that automatically connects to a remote offshore VPS over SSH tunnel for remote administration. Or attach it to a quad copter and fly it over unsuspecting buildings to sniff precious packets.

Not only that, but the firmware is written in PHP, so it's easily customizable. They also have the bar which has all kinds of plugins the community has made. Sure you can do all of this on your own by getting a Raspberry pi and the antennas, plus a camouflage case for stashing -- but for the price and modular firmware it's not a bad deal. It's also REALLY hard to break. Like...damn near un-brickable.

Also, for lulz check this article:

http://www.networkworld.com/article/2462478/microsoft-subnet/hacker-hunts-and-pwns-wifi-pineapples-with-0-day-at-def-con.html

General discussion / Re: Novel Ideas for Ransomware

« on: March 27, 2015, 06:12:35 AM »

Have the user record an "I got owned" message and send you the mp3. Then, make rap music sampling said messages.

Projects and Discussion / Re: Is learning python a wise choice when you already know C++ ?

« on: March 27, 2015, 04:17:06 AM »

Strong understanding C++ means that you can flexibly jump to other languages with ease. You will find yourself becoming spoiled with scripting languages like Python, but when you need razor sharp performance the answer will be C++. But it also depends on what you'll be doing. Not like you'll want to design a web application in C++, but you can do that and more with something like Python.

Wide adoption of community tested and designed modules v.s. from the ground up and in most cases from scratch. Not like anybody ever got mad that they knew more than one programming language. Fuck it -- learn them all.

Quote from: kenjoe41 on March 09, 2015, 03:23:58 PM

You should come try out some Golang. Syntax is simpler than even the python syntax, faster than python and nearly approximating the other C family langs.

But you have to declare types way more often D: Lazy people like me hate that. I do love me some golang though -- multi-platform for the win.

Hacking and Security / Re: Equation Group is NSA in Disguise New evidence by Kaspersky researchers suggests

« on: March 27, 2015, 04:11:39 AM »

How else could this group intercept mail in-transit? They were crafty as fuck and state sponsored by a federal agency within the United States. Intercepting disks from science conventions to infect scientists with malware as well as intercepting networking equipment to huge companies and backdooring them for tailored access... What we DON'T know about these guys yet sort of freaks me out.

Hacking and Security / Re: Reverse engeneering a sos@anointernet.com ransom

« on: March 27, 2015, 04:09:20 AM »

I would say move the binary over to a bash shell and use the string and file commands to get more information about the file. You can also use binwalk to try and extract more meta data / other information about the modified file:

http://binwalk.org/

http://malwaremusings.com/2012/09/07/the-usefulness-of-strings-during-static-malware-analysis/

http://linux.die.net/man/1/strings

Hacking and Security / Re: Potential idea for a software for credit card processing

« on: March 27, 2015, 04:05:07 AM »

Software like this sort of kind of exists, but for the purpose of "security". I would recommend you take a look at how PoS (Point of Sale) systems work, as well as AVS (Address Verification System). You remember that one time you changed addresses but forgot to change it with your bank and Pizza Hut said your credit card information was incorrect? Well that's AVS:

http://en.wikipedia.org/wiki/Address_Verification_System

Here is a fucking fantastic book that I think would go well with your research into how a lot of these systems work (hacking point of sale):

http://it-ebooks.info/book/3764/

Good luck, and I hope some of my input helps you out.

Scripting Languages / Re: [Python][HELP] Practice Multithreaded Simulated DDOS Tool Proxied through TOR.

« on: March 27, 2015, 03:56:52 AM »

Are you going to be using this for strictly HTTP? If so I would recommend using python's requests module with requesocks.

Here's an example:
https://gist.github.com/jefftriplett/9748036

I would recommend you implement functions for specific protocols for uber efficiency. Also, txtorcon (uses Twisted) can be used to interact directly with TOR.:

https://github.com/meejah/txtorcon

Web Oriented Coding / Re: MySQL enter as user problem

« on: March 27, 2015, 03:51:24 AM »

Another thing that you can do if you did not want to type the passphrase each login is use the ~/.my.cnf file to store it locally. One thing to note is that storing a password in clear text on the system is typically bad practice. So avoid adding root / super user credentials there. Just like you wouldn't use the root user to login to mysql every time from your application. I see that you're on windows...I haven't done much windows MySQL stuff. But here's some additional reading on implementing these files if you were interested, it does make some things easier and faster:

http://dev.mysql.com/doc/refman/5.1/en/option-files.html

Scripting Languages / Re: [BASH] One-liner to encrypt & decrypt from STDIN/STDOUT

« on: March 27, 2015, 03:14:10 AM »

I encourage it!

Scripting Languages / [BASH] One-liner to encrypt & decrypt from STDIN/STDOUT

« on: March 26, 2015, 07:39:38 PM »

I've found it quite useful to use STDIN/STDOUT to pass data to openssl for on the fly encryption in the BASH shell. Here is an example.

First we'll echo the strings in 'Some epic fucking secret', and BASH pipe that into openssl to transport the data we want to encrypt:

Code: [Select]

$ echo "Some epic fucking secret" | openssl aes-256-cbc -a -salt -in /dev/stdin -out /dev/stdout
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX1+ugOlIal5TM8fd/zy2IzLlRSR0WDaf+gARZUS47wIdyK1D41IbCOyF

So now you can pass the encrypted secret to someone. But in this case we're wanting to decrypt from STDIN just as we used STDOUT to encrypt our secret strings.

Let's decrypt the secret:

Code: [Select]

$ echo "U2FsdGVkX1+ugOlIal5TM8fd/zy2IzLlRSR0WDaf+gARZUS47wIdyK1D41IbCOyF" | openssl aes-256-cbc -d -a -in /dev/stdin -out /dev/stdout
enter aes-256-cbc decryption password:
Some epic fucking secret

Let's now say that you wanted to use wget to fetch a remote file, but save it in encrypted form:

Code: [Select]

$ wget "https://www.whitehouse.gov/robots.txt" -O /dev/stdout | openssl aes-256-cbc -a -salt -in /dev/stdin -out /dev/stdout
enter aes-256-cbc encryption password:--2015-03-26 12:35:56--  https://www.whitehouse.gov/robots.txt
Resolving www.whitehouse.gov (www.whitehouse.gov)... 23.214.186.191, 2a02:26f0:8:196::fc4, 2a02:26f0:8:180::fc4
Connecting to www.whitehouse.gov (www.whitehouse.gov)|23.214.186.191|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1521 (1.5K) [text/plain]
Saving to: ‘/dev/stdout’

/dev/stdout                                                 100%[==========================================================================================================================================>]   1.49K  --.-KB/s   in 0s     

2015-03-26 12:35:57 (194 MB/s) - ‘/dev/stdout’ saved [1521/1521]

enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX1+4xeCT0RPxeTCb7r72sHV861cOUKDFSFc/Q4e37vCsEU8pd3EkP2Q/
PaE4hyfU2+eN21YpA27BTk1XLDW4D2bbEyZUQX7Hmj8CDq20mtWM8DDMdcqKIh6E
tNVx2BByvT6q1ubzu46wNyKJW7z16jBOm4TGAAOeHUyNDIsRDdSiNV7fSJNJ7r3I
vFSxFI9gfocxFrO23DdAvZVx5bLJBaEMvPWBrnKGf4+pKWNX3vPlvO0ygOxYBpSy
uL5xYhLcMaCXQ8eFUv0T8lGv1Yy5mmEw+4QsMSZY61BIIS3zy+EakbFi8FyTJGqN
CqYv+iIL/JbjvH9n6h81VX79QZgM/cCgyTtirTh+5EZK5NBAaMY8EZYPzPUzSuFW
uUggk3kYJQX0qzPxeGgA72DkorD+il5awB8ld9f7vl8hwfXHKnz/Q9K5khKs3n8/
C2p/yTfdKzbktRBAMlRjFG0YJLUJxIYQL9WzucMF8tklFpCxc7wvXOygJEAfd2c9
tw9jRgJegvMR7ZxKRaJPV/jViI/fXX3GgrVagGUKIcdsYHVeV4KjQvgYh3amDdcQ
2bTp/VXT2CFBEfmcu/ntipvc6yBaf0kLFo6mXoa+DAw5u37PtZYqotVwBe5srX2K
/OoOe2zj32NM4Ka6RG+OCLCso67E6EnEoXMHwL9zE/q2vzcoMjziBQFsFJHY0HlG
dLyB8KO57f4Fu4xgeRIU+e+P8M+bknKjaoquhLRSQOnVmKYg565aKHgB7D6IAlAT
rMexMpbHMlsi/IKN80vUAafnB2OZWA1QMFoc0UckUeFQitLhQA/lsaJop4t6h13g
6ZjQq+5MmVO2Ih82GhSEvJ1zJw6GBNJKahki/ByKN4pZwdZE+c5p5Rnj7z+FNdX0
JxzFQpxb29XDqXBB/ONFBSK3NZC6jiONzxX8pOtIkwWeerfOCGdx/v8Ddj9cPm+2
h5wfjAoxtbkLfNcUzAZYBFPuwkI2gFo6STM/rJKi+HDPPO+J4JSloXB/20c/yDqP
1oviW9zpM1DIXODHFsUuaWKiR45cksyE3PyIk3ySlD0rLGcuu+u403kyAkiOvyo6
0i7O48DiQAG1YmFAlhYSng9LlJvpHSlSh9BEjE58yE4Zu6SibMUZhfGu/FixHNpe
aiBmJzOm/T6Z0xFqXGMwqb69A1/HGbXYp1pe/ePtJ2Pbz2JxqstsGPcjIvhpoI1i
EXa6rA9FIu694E1yJFTNjfj1k8jCpbkgW6o7sN/5XgvQLoPYRXXRIL97+vr5Uu5P
vEA6CJfpG83d1iwNDbjVKZBBcApURo2xnpe9LyW/LDLZ8ySdLDBs95ass0hTRTXS
4NpsK3eBwn+ttoGl9LGZanTQmg8Gxr1j5o4IVA3YGbxP3rvNeU6P0Lb/bDLhuRzR
BtX6zI9dkvTtGkCbmiXcA1kZo4RZ8jbCZ3MqQO7vGLZp/GxYvLX53VV2T7cXINPm
H+XvsygFFzF5TsVzvpsoYsPTgflo8uxu0EffktGzbHl8141YBKw20HwUFj3AMpXV
GMwiLTPH68zT6XixVjAZmzaD/lFO/2wyRLf6JR3QL4dR6avLj7/vQLWCNWsrpHzX
Gp66S+VvnO5TAhbcmWP4vSmo4fx0s2D7vB/fCXM8gP/NVM8Jw7/4UYMRAqi8VZhF
oIWP8uLhlPCNHSkH5OLNrWOvp7dKtAwAeWmSotzDs3LaRyFXhr8piO+AVfdpOy5J
hGX9hbH6I4LF2StJY1UJQCuoVxwhAt2d9zpwmdZfVcindhns9lT/v3J51JCvnKiD
3w1qaeq8krqjth3LP9CgM5kABcrY5/L81JrqgthTxtI09hiXYzUp8Bxbel769Do/
epYbDGZHvAZXmnj/wvfxnHUT3oZSja+vbvVP5S3znl1qxkEZhbl4na4eBvx3gzC5
e5t2zh/v7Nl/k/lbKwvWi5c1Z3R9NXG7H9BBosl2Ad5JbUBmsk/VIX6So+GXMpwk
B3M6nnRAhA0pj0rZ9gYNOlaCzvoyjePxnSvI2y2BGWM9sOtaRzoMLf/LGtfvH1bw
0gsuCsuhmkryukZkU2AQgQ==

You can see how this could be potentially useful if you're recursively fetching remote files that you want to store encrypted at-rest on disk. Hope you found this interesting

Pages: [1]