||||Hacking Europe

So I got my hands on a Alfa Wireless-N 500mW and decided to play around with some wireless foo … I’m impressed with the new Alfa. It’s got built-in support Backtrack and it’s capable of monitor mode and packet injection.

Also I wanted to share this really simple clean guide on airodump-ng, aireplay-ng, and aircrack-ng.

http://ryanunderdown.com/linux/cracking-wep-using-backtrack.php

He makes cracking wireless so simple I think my mom could do it. ( She recently asked me if she should place a CD in the tray shiny side up or down! )

I’m sure there are a billion ways to do this better but in the mean time, here it is. BarCrawl, the pastebin crawler/dumper!

Feel free to send me your thoughts or improvements.

barcrawlv1.py

keep hacking!

http://twitter.com/str0ke

He appears to be tweeting so … I think thats the last time I’m going to http://bl4cksecurity.blogspot.com

http://bl4cksecurity.blogspot.com/2009/11/str0ke-milworms-funeral-is-this-friday.html Is reporting that str0ke from milw0rm has passed away. Although it would explain his absence, I think we need to see some more official sources.

So I was recently on PaulDotCom’s Episode 173 and it was a good experience. I was a little nervous the first part, then got interrupted by Security Justice and did a bit better when I was talking about BarCrawl. In anycase I’m still working on BarCrawl and I’ll release it soon in the next week or so.

However on a different note, have you seen the updates on Milworm … or the lack there of? The last exploit was posted in September.

keep hacking

So we’ve all heard about the pastebin Hotmail password leak … This might come as a surprise to some, but people have been using pastebin for all sorts of craziness. My friends over at Pastebinfail.com have been documenting some of the more wilder posts. Everything from base64 encoded jpegs of owl’s to botnet command and control. I’ve been toying with a python script that crawls pastebin’s Recent Posts and pops out various posts of interests. Right now it’s pretty basic, but I need it to send the data in various mediums. Using gmail was pretty stupid on my part. Google temporarily banned my account for sending myself more then 700 messages in the 24 hr. limit. But in anycase after it gets a little bit more mature I’ll release it.

I’m also scheduled to go on the PaulDotCom Podcast on the 29th of this month. I’m sure pastebin will come up.

anyways, keep hacking

ftp

Information Gathering seems to really be at the front of the list from recent talks and conferences. So I guess everyone has their own way or method when it comes to pen-testing. But I would almost guarantee that information gathering is one of the first things you do. There are a ton of tools out there starting to automate this, link relevant data together and in general make this task faster and more fruitful. Chris Gate’s talk at BruCon is pretty solid and has a great over view of open source tools.

Pick a mirror and his talk is labeled “Open-Source-Information-Gathering_Chris-Gates.ogg”
Brucon Videos
And the presentation is at
Brucon Presentations

Some of my personal favorites:
Robtex.com
And
Serversniff.net

Anyways I’m still toying with the site and trying to figure out what my goals are. But for now, keep hacking

Well, my trip through Europe is long over. I’ve had to come back to the US, graduate and figure out what to do with my life. I got a pretty solid job in the security field. I’m almost where I thought I would end up. The only gotcha’s is that thing called student loan debt. In any case I think I’m going to leave the site up as long as I can afford to. Perhaps I will post various security related news, tools, etc. I know the market is pretty flooded but, over the few months I’ve won two CTF’s and I think my personal views might be fresh to the industry. We will see.

Until I feel the need, keep hacking.

I hate looking for apartments. There is always that dream loft apartment just out of my price range. I’m going to go thrifty this time tho, I’m going to move in with some old roommates that I can stand and know pretty well. I gotta run for now, another few days of work and then DefCon! Woot!

I speak out … I don’t really have anything to say right now so I’m just saving the title.