I just found a new tool on OWASP site webslayer, this tool is only w32 right now, which bites but the tool is AWESOME!

the payload generator is awesome, as well as the complex rules you can quickly define to test a site. 31337

Im sure we all know of slurping by now but I just came across this site for windows command ninja skills. with that I took the time to update my slurp tool with some hacks I just didnt think about using. As well as some uses for NET that I didnt know about.

I have attached a copy of one of the slurp scripts I run, your milage will vary but you should get a lots of Ideas from it if you know whats going down. (I also just fixed that my server wasnt serving up batch files)

File Attachment: slurp.bat (14 KB)

here is a fun site that keeps a record of all the speed traps, cameras, and red light cameras

you can export the data into a CVS file that you can then put into your various device (garmen, blackberry …) anything with a GPS ability. even the uniden scanners have a hack nifty…

So I got hooked into LinkedIn as I went crazy adding all my co-workers to get a friend base, I thought… I have been here before. I remember back in 2002 Adding friends to MySpace account. This is funny, adult myspace for the working professional. You can even upload a picture of yourself for what, to date?

All the funny social aside, this is a gold mine for social engineering. You have CxO level people all over the place adding each other and making connections.

Hello Mr.Thompson, My Name is Kelly I got your contact from John Doe who referred me to you for a security audit. I was wondering if i could find some time to meet with you next week. “Sure”

// or “yes kelly what is your last employer …google google”

…awesome

I was just in the conference trying to swipe the memory from a laptop someone left there. Problem is that I had to remove the keyboard, then I broke my little screwdriver and when I did all this I realized I forgot my can of air. Then it was too late my memory had gone muy loco

This isn’t a "holy crap my shit is 3137 h4xor pwnd" but a "wow that’s a cool hack" sort of like Xbox running Linux or an oscilloscope that can print vector graphics from pong. This would be a cool Spy trick or uber 31337 bad guy. But if you wanted to get around it. You just use encrypted file mounts. I woudl imagine that the protection on the temporary mounts is protected or you just time out unmount the encrypted mount.

A elementary way to do this is the old keylogger. Works every time. I bet you arnt checking your docking station keyboard every morning? (thankyou centas for the use of the building custodial jumpsuit for access to your office)

I think the big thing here is dont let bad guys finger your ram!

Did you see all the things that will cause problems....

http://citp.princeton.edu/memory/faq/

I do want a copy of the RAM2USB boot application they have, as that would be handy in uses other then just hacking "secret keys"

or be totally insane and check this out

Things are very slow in the security world, I havent seen anything that is interesting lately. However in hardware hacking there is this way coool scope hack.

http://blog.makezine.com/archive/2007/08/youscope_oscilloscope_dem.html

Some Sites and things to hack in the new year…

WarGames

De-ICE Penetration Distro

OWASP Web Application hacking

You can do all this with the new Beta of BackTrack3 (late news post but better then never)

here is a fun hack for website robot.txt files.

site:google.com "robots.txt" "disallow" filetype:txt

run that in a search string and you will get back the disallow strings for forced browsing, you can drop the site: modifier to get more data or change it to your target site.

Here is a cool tool (OWASP WegGoat) that will test you on your hacker skills, from 31337 to nub3 you can see where you rank, I got to the last 4 modules and I didn’t have the skillz to continue (mostly the time to keep going)

I strongly recommend that if your interested in security / web security that you check out this project and run around the site to get learned. BTW a lot of my browser plug-ins will help you pass the quizzes.

Other things to hack, wargames, de-ice distro

damn, someone beat me to this, I have been working on this for a long time. I hope to get the source so that I can see where I was wrong…

Wireless Keyboard DeCryption

I wanted to make a list of browser plug-ins that I use and find quite important to security and daily ops work.

First, for IE (I accidently upgraded to 7.0 and didn't feel like un-installing the behemoth)

• Bayden Systems' TamperIE offers HTTPS form-tampering
• sort of a mac-daddy tamper application to change your post data on the fly, must have.
• Microsoft's IE Developer Toolbar
• Change values on the fly also get header info and more right away
• Microsoft's IE Powertoys for WebDevs
• was cool but appears the highlight and show source dont work with IE7, however still works for DOM data so I keep it.

Now the giant list for FireFox (where all the 31337 users are)

• AdBlockPlus
• This is like going from dial up to DSL, the internet all the sudden becomes “sweet”
• BlogJet
• This is also in my IE, its my blogger application
• DOM Inspector
• handy for webdev and de-construction
• DownloadThemAll
• I dont like to click and this is a price-less tool for saving clicks.
• GoogleBrowserSynch
• I dont like how big google is and I dont like the idea of google watching what I browse, this was just an interesting tool since I am on lots of computers, I just dont have the guts to sign-in yet.
• GoogleToolBar
• this is a must, duh.
• HttpHeaders
• handy for webdev and de-construction
• ModifyHeaders
• handy for webdev and de-construction, and user-agent mods
• NoScript
• The only “security” leo laporte knows with out steve giving him a script. Handy for hacking things.
• RefControl
• spoof the referrer to the server.
• PDF Download
• sometime I like to download pdf’s sometimes I like to view them live, this lets me choose.
• Tamper Data
• same as TemperIE but for zilla
• ULRParms
• Different type of TamperData type plugin
• User Agent Switcher
• mac-daddy agent switcher, here is my browser list in XML for import
• File Attachment: useragentswitcher.xml (9 KB)
• WebDev
• This tools is mostly a must for anyone, you can quickly shut on and off and mod parts of sites.

Im not saying hack a hotel for porn. But I will say you can hack it for free pay per view hbo movies they have. BYOTV (bring your own tv) poor Marriott, you must not enjoy the web. I dont know what's worse people that pay for porn. or that people actually watch hotel porn. yuck.

this site get grandpas files will help you write letters to make some paper pusher mail you back FBI records of dead people. Most interesting is the fact that you can just prove someone is dead  no reference that you must be related. So you have a neighbor that died years ago and you can drum up some information on him or find on wikipedia that he is dead? better yet, you happen to come across a death record in the trash? find out if they were dooin bad things. Or just mail letters off and see what happens.

I was browsing a pile of stuff in my room the other day to come across a package of sea-monkeys, I was reading the back of the package about a 2 year guarantee they have on those brine shrimp. The guarantee states that if you mail one dollar to the address shown they will replace your seeds for free (minus the handling of course) At no time the notice states that you must provide proof of purchase of the original monkey pack. So it stands to reason that if you mail one dollar you get what they state is a six dollar value. So I investigated sea monkey guarantee on line turns out they have the same deal on line however you must mail three dollars. The online version also states that you get some free literature about the monkeys. Im not saying that anyone should exploit the financial stability of the brine shrimp business, but its a good example of what you can find if you bend rules. So its up to you, pay 1–3 dollars and see what they mail back to you. Or buy it in the store.

(Access Point)——Irongeek Ettercap Script———Gateway

This is something sort of fun that I just installed on my home wireless. Its actually very educational you can learn what type of code sends clear text passwords and what will not. Most interesting is using sites that attempt to prevent this type of attack and put fun data in the password fields. I installed ettercap in bridge mode so I have layer1 access to the data. (granted that ettercap did this all along this is just a fun way to show it off)

a simple trick to get elevated command line from the screen saver, there are many ways to enter this data one fast trick is to use a linux reg editor its simple as making the logon script the command window. also works to do a command line of “copy cmd.exe logon.scr” this will work anywhere  but on domain controllers not booted in recovery mode. This is preventable with PGP disk encryption.

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="15"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="cmd.exe"

OEM data you changed

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="600"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="C:\\WINDOWS\\System32\\logon.scr"

not hacking like warez

http://pinouts.ru

google added patent search to the engine. this is just cool to refresh and look at random patents.

here are some weird ones

wetting doll   shark suit   underwear   brain cooler   skateboard   pocket protector   skunk

haha this is a funny idea, proxy someones internet and just be mean. this is an example where they just flip images.

http://www.ex-parrot.com/~pete/upside-down-ternet.html

there is something I hate as much as the RIAA now-a-days its this automated phone menu systems. whichever moron thought up the idea to talk to a computer rather then press 1,2,3 can get kicked. here is a healthy alternative to dealing with the computers, swear at them.

some moron at Thoshiba thought it would be nice to light up the front of the SD-4980 DVD unit with a bright blue LED. Thats nice, I came to watch a movie not be distracted by your annoying DVD player. So as lame as this hack is, its a hack all the same. I haven't posted any hardware-mods for a while and I read on digg all the time how people get credit for putting a laptop HDD in a NES Game and thats lame. This is at least useful. idea is easy open it up and chop out the blue LED’s (red arrow) I included a picture for the fun of it.

A simple yet needed hardware hack for the Toshiba SD-4980 DVD Player

if you pretend to cancel with game fly you get this message

 This was a FYI from KellyKeeton.com for gamefly discount coupon code or money saver what ever you want to call it.

So as you might know i have a large movie set up in my room allowing for Big Screen movie watching. Well this is very nice except there is a street light out my window. If you have a street light you know that its nice and a pain. Its only a pain when I don't want light. So I thought – what if i could turn off my street light at will?

Thats what I went to work doing. First one night I went out and broke open the service panel for the light, I then voltage tested the wires to figure out if I was working with 220v which I wasn't (this is good)

First step was obtaining a remote device such as this requirements are needed to be RF and able to handle 15 amps (not wanting to ever have it fry) I found one on ebay for $5

Then cutting off all the plastic and getting just the guts I tested to see if it shut off each leg of power or just the Hot (it was just the hot) so I chopped it up and ended up with this.

Now was the tricky part late one night I went in and wired this into the circuit. Be aware – I cant shut off the mains so if you do this at home, your actually wiring this into a hot circuit. Don't be dumb and watch your tools and watch where the wires run when you arnt using them (cap them when your not working with the hot wires so you don't hit them)

after I had the unit plugged in and tested for voltage I covered it with waterproofing spray on wax then electrical tape. (all while hot)

Then since it was night I tested (boo yea it works) I then went to my house and it didn't work. Well after opening up the remote and finding the antenna lead (the obvious output from the RF modulator circuit) I soldered a two inch wire (antenna) on the unit to extend the ability for output. That fixed my range issue. Now I can watch movies or have fun with local kids playing soccer!

Don't try this at home.

today i finished up a “draft” install of my stereo still have a few large bugs to work out but its coming along. here is a photo of the most noticeable features.

uh oh Real-ID Passes U.S. Senate 100-0

anyone else have this long agreement for hotmail today? looks like new pasport services. make sure when you log into hotmail you go to the “security settings” then look for Marketing preferences and opt out of all the advertisment

fun of the day – hack your honda/acura Nav.

been a slow week. time to start the “kelly to days” countdown again 2 weeks and counting now. 10 days for those of you who operate on a 5day week. I will be travelling to WWU(b-ham) this weekend for a Disco party so look for the pictures later, they should be good.

Go hack something this weekend.

IIS6

Pepsi machine

coke machine

another night on the town. Fernando came to town and we went and had some fun in belltown. it was fun evening. started off at erin’s bro’s then went and paid 10 cover (damn Seattle) Chris and i danced so much that i was sweaty as high school PE. then we found a purse and i put my business card in the wallet in the purse. no idea whos it was. then i took some artsy pictures. then chris and i danced like mad men and we owned the club. crazy chicks would stare but they dug us. one girl told me i wasn't for real. not sure what she ment. i told her i usta back up dance for shakeria. seriously we rocked. i should be 3 lbs lighter form all the dancing. out of 5 stars this gets a 3 star evening. even got a cream cheese hot dog… mmmmmm.

also finished a very successful Fiberglas job to modify the factory sob box in my car to fit a 10” diamond sub. i am very happy with this