INIT_6

In December I did a talk about Bitcoins at DHA  and CryptoParty.

The slides can be found here. With some links in the notes. If anyone has any question feel free to contact me.

Registry fix so each time you open a Excel document it opens in a new instance instead of opening in the same window. This makes it easier to copy information from one excel to another.

This is an updated reg fix for Excel 2010 64bit. If you have another version let me know and I can help you out.

Excel 2010 64bit.

Excel 2007 32bit. 

Simply save the file as  ExcelRegFix.reg. Right click on the file and choose merge.

Disclaimer: The following information is for educational uses only. Only preform testing on your own equipment or that which you have permission to. If you don't understand what TOR is. How TOR network works. The risk of information going through TOR networks. You should really not follow these steps as most likely you will fuck something up and get your self in trouble. bitches.
/Disclaimer.

When Pen-testing a web application you may need to stay anonymous. This could be for many reasons. Mainly making sure your scans and testing doesn't trigger an investigation into the origin of the traffic.

One of the main tools I use along with almost everyone else is Burp Suite. They have a free version but if you are using this for commercial reasons make sure you buy a copy as it has some features that are really useful (i.e. Automated XSS/SQL injection testing.).

Other tools of the trade, Nikto, OWASP DirBuster, NMAP, etc.

Now its time to setup an environment in which we can use all these applications and more through TOR.

Install your favorite Virtual machine software. I will be using Virtual Box  in this blog post as its free. However, I have VMware workstation that I mostly use.

Install your favorite Linux distro. I suggest using xubuntu or ubuntu server.  I will reference this install as VMtor for the rest of this post.

Once you have your linux box running in virtual box do all your updates/patches. Make sure everything is running smoothly. Install a few needed apps. "curl, screen, htop, openssh-server, privoxy, default-jre (or your favorite opensource java)"

$ sudo apt-get update
$ sudo apt-get install curl screen htop openssh-server privoxy default-jre

Now on your host machine (has to be Linux). Open a terminal and ssh into your VMtor with forwarding X windows. (This will let you open VMtor apps inside your host desktop.)

$ssh -X <user>@ip_address_of_VMtor

We are going to be using someone elses script to install TOR, and configure iptables to forward all traffic on the machine through TOR. Download it here: https://github.com/ericpaulbishop/iptables_torify

Direct link: https://github.com/ericpaulbishop/iptables_torify/archive/master.zip

Unzip it, run the script as root.
$ sudo ./debian_install.sh

Once its finished. open fire fox and go to https://check.torproject.org
Make sure you are on the TOR network.

Now we need to configure the local web proxy privoxy that you installed above.
edit /etc/privoxy/config

uncomment the following line:
forward-socks5  /     127.0.0.1:9050   .

Or just add it to the end of the file.

Now start the privoxy service.
$ sudo /etc/init.d/privoxy start

Privoxy runs on 127.0.0.1:8118

I use screen so I have better control of whats running and keep applications running on SSH disconnects. Learn more about screen here.
$ screen -S burp
$ java -jar burpsuite_free1.5.jar
screen command CTL+A+D to detach from screen.

Go to the proxy tab and than options tab. Double check proxy listener is setup on 127.0.0.1:8080

Go to Options Tab along the top. Click on Add under Upstream Proxy Servers.
Leave Destination host empty
Proxy host: 127.0.0.1
Proxy port: 8118
Authentication type: None
Click okay.



Now lets open a web browser on VMtor and configure it.

$ screen -S firefox
$firefox
screen command CTL+A+D to detach from screen.

Go to edit -> preferences.
Advanced -> Network tab -> Click on Settings...
Select Manual proxy configurations:

HTTP Proxy: 127.0.0.1 Port: 8118
SSL Proxy: 127.0.0.1 Port: 8118
FTP Proxy:  leave empty
SOCKS Host:  127.0.0.1 Port: 9050


Browse to a site. It should be captured in burp now.

That is it.

Now any time you use a application from within VMtor it will be routed through the TOR network.

Other Tips & Notes:

Use proxychains for nmap or zmap traffic:
http://www.commondork.com/2009/06/26/tunneling-nmap-through-tor/

Don't use the same browser on the host as you do in VMtor. For example in my host I only use google-chrome and in VMtor I only use firefox. This is to insure I don't make a mistake and use the wrong browser.

Take a snapshot of your VM after you set it up.

Why not just use tails either directly or in a VM? Yes it does to torify everything using IP Tables like above. Also, it is way more secure then the setup I have suggested above. It is also a lot easier to setup and use. However, the web proxy installed in tails wont work with burp. I had tried many of nights and hours trying to get it to work. Also, because its so customized installing third party apps like privoxy to make it work could cause damaged unknown.

Use duckduckgo.com as your search engine. Google tends to block TOR connections due to abuse.

Finally, Don't be stupid.

Only work if your phone is rooted.

Tested on Excel 2007 and 2010; windows 7 only; 32bit and 64bit.

Each time you open excel document  it opens inside the same window. However, us people with dual screens need to read from one excel document and write into another at the same time this just wont work. I made a simple excelfix.reg file that will fix this. I have had this for a while just never posted anything about it. Can also fix issues with opening documents from e-mail open to a blank document instead of opening the file.

Code can be found here: http://pastie.org/8260514  just save it as .reg. double click on it and run it. or right click and choose merge.

About 5 months ago I got the idea to create a botnet style password cracking program. This blog post is about what I was trying to do and how I failed. Along with version 2 outline showing whats next.

It took a little over 2 months to get people at DC214 (DEFCON Group in Dallas, TX) moving on the project. Mostly because this is the first project I have tried to lead. So that left us with about 3 months to complete the project. Another limitation I had I didn't know how to distribute the coding to other people. So I programmed everything my self. Working a normal job 7am to 5pm only had a couple hours a day. with about 3 weeks wasted on how to preform asynchronous subprocess communication with out blocking named pipes.

We ended up naming it: ID-PCB ( IRC distributed password cracking bot )

I have added the license GPLv3 and made the repo public. You can access the files here: https://github.com/DC214/pwcrack

What resources we had:

16x GPU's all but 2 were 7950's or 7970's

I know several people didn't even connect because we were having problems. I am thinking we had another 5 or 7 GPU's.

Roughly 140 CPU cores. plus 3 boxes with 12 CPUs each that didn't make it online.

How it was spouse to work:

The user would download the client software for pwcrack.init6.me. Run the setup.py. This would create a sysinfo file with all the hardware information. Also, the client ID represented the power of the computer. So the better the GPU and the more you had your client ID would be higher.

Then you would run the client software. It would read in the sysinfo file. Connect to the IRC server. Register with the server with all its info. It would than wait for commands to execute. Before executing any commands it would make sure the binary file was on the whitelist of apps. It would also do a md5sum on the binary and compare it with the read-only file on pwcrack.init6.me to make sure no "DEFCON hackers" messed with our stuff.

I had a regServer that kept track of all the clients and their status.
I had what I called crack programs that would query regServer database and grab clients to use and distribute the commands to each client.

Once the client executed the command it would hit the status key and send a update through IRC. Once it finished if passwords were found it would upload them to the FTP site and tell the crack program it was ready in which it would send the next command.

The problems:

I had only wrote and tested the brute force crack program. I wrote the Rule based crack program on the road while driving towards vegas.

Once I started a bruteforce command I had no way of stopping it nicely.

Didn't get to this point but all the clients would have stopped at the wrong time. I put a time bomb in it as on Saturday night it would have stopped whatever it was doing and upload what it had. However, it was checking local time not PDT.

IRC, IRC, IRC. It sounded great to start with because that's what I knew. I had programmed other IRC bots in the past. The IRC server had buffer problems both sending and receiving. During testing it didn't lag because I only had a couple clients on at once. However, once everyone jumped on and started talking the lag became really high.

Not enough testing.

No nvidia cards to test so some nvidia users couldn't connect correctly.


The conclusion:

It failed and that is okay. I learned a lot. This is the first python program I have wrote that was this complex.

I know why and how I failed so I have quickly moved on and designed a new approach.

A rough draft of the direction I would like to move this project in: [gdoc]

Made a python script to search twitter based on keywords, hashtags, from:user, and to:user.  It then creates a unique word list based on these searches. Used as a fingerprint attack.

https://github.com/initiate6/twatScrape.py

I decided it would be a good idea to start a GitHub to hold all my scripts.

https://github.com/initiate6