Where can I use it?
This program must be used against a domain that deny zone transfer. For instance,
neuro:~ neuro$ host -l 0x0lab.org

;; connection timed out; no servers could be reached
neuro:~ neuro$ dig @ns1.0x0lab.org 0x0lab.org axfr

; <<>> DiG 9.6-ESV-R4-P3 <<>> @ns1.0x0lab.org 0x0lab.org axfr
; (1 server found)
;; global options: +cmd
; Transfer failed.

Is there any dependency?
Yes, you have to install PyDNS Library (http://pydns.sourceforge.net)

Program Usage
Usage: bfdomain.py [options]

Options:
  -h, --help            show this help message and exit
  -t TARGET, --target=TARGET
                        specify a domain name (mandatory)
  -f FNAME, --dictionary=FNAME
                        specify a file to read data (mandatory)
  -d DNS, --dns=DNS     specify a name server
  -T THREADS, --Threads=THREADS
                        specify a number of threads (default=5)

How do I use it?
Suppose that you want to extract valid hosts from "domain.com", using a dict file, i.e. hostname-list.txt and open x threads (default is 5).

python bfdomain.py -t domain.com -f hostname-list -T 10

Note: In this case, system dns will be used.

Furthermore, you can add a dns server.

python bfdomain.py -t domain.com -f hostname-list -d ns1.domain.com -T 10

Downloads
Brute Force Domain (521)
Download dictionaries: https://code.0x0lab.org/p/asphyx1a/source/tree/master/dictionaries

Other Related

https://blog.0x0lab.org/2011/12/dns-brute-nse/

Special Thanks
cirrus, mayhem

The script can be found at: nmap-dns-brute
Arguments and examples of usage can be found at the Usage page.

Example output:
Pre-scan script results:
| dns-brute:
| DNS Brute-force hostnames
| www.foo.com - 127.0.0.1
| mail.foo.com - 127.0.0.2
| blog.foo.com - 127.0.1.3
| ns1.foo.com - 127.0.0.4
| admin.foo.com - 127.0.0.5
| Reverse DNS hostnames
| srv-32.foo.com - 127.0.0.16
| srv-33.foo.com - 127.0.1.23
| C-Classes
| 127.0.0.0/24
|_ 127.0.1.0/24

dns-brute.nse is now included in nmap. Thanks to David Fifield for reworking parts of the script and improving it. The version found in nmap does not include the reverse resolver (they recommend using -sL for reverse lookups).

• Sidguesser
• deforabf
• orabf

sidguesser.py
Tries to guess sids against an Oracle Database according to a predefined dictionary file.

Syntax
[sidguesser]-by neuro [0x0lab.org]
usage: sidguesser.py <ip> <port> <sidlist>

Download: sidguesser

deforabf.py
Tries to guess default oracle accounts against an Oracle Database according to a predifined dictionary file.

Syntax
[deforabf]-by neuro [0x0lab.org]
usage: deforabf.py <defacclist> <ip> <port> <SID>

Download: deforabf

orabf.py
Tries to guess a user password against an Oracle Database according to a predifined dictionary file.

Syntax
[orabf]-by neuro [0x0lab.org]
usage: orabf.py <ip> <port> <SID> <username> <pwdlist>

Download: orabf

oracle client plus cx_Oracle python library is needed!!!!

Download: cx_Oracle Library

Automate monitoring

So I made a php script that starts ddrescue and monitors its output if it is stuck by checking the "last successful read" field if it is more than 1 second. On failure detection the script sent, through libnotify, a message to user to reset hard disk and blocked till the disk was disconnected and reconnected. This made the process even more easier and permitted me to do other things at the PC on the same time. The only thing I had to do is every time the message pop-up I just unplug and re-plug the power on the external case. However after 50 resets this was also too much for me.

Automate power reset

I wanted something that will do everything on its own, so I thought that I should control the power of the hdd through the monitoring software. The first thing that I needed was a relay, and Saturday night is not a good time to go buy one. I remembered that, I had an old router/modem, when it booteed up it did the "click" sound of the relays. So I took it and disassembled it, seeking for a relay on its board. And I found it, it was an TX2-3v. This was perfect for me it was a 3volts controlled relay that could handle 12V at 2A (more than I needed). I took an old Fan with a mole connector and I modified it with the relay on it and two leds for showing state. I used a bit hot silicon to make the whole construction robust.

Control the relay

The next step was to control this relay. The concept is simple, if there is 2.5 - 3.5V 0.40mA at its control circuit (the blue-red cables) the relay will switch, and at our case it will power off the hard disk (by default without power to the relay, the HDD is switched on). I tried to connect relay directly with the system through RS232 on the RTC pin, but the RS232 protocol although it defines a voltage between 7V-12V for ON state, it is not more than 5mA, which is far few than what is need for this relay. I could solve this probably with a couple transistors and external power source like usb, but I had none of them. What I had was a nerdkits kit that I never used it in the past, and from what I knew it was possible to output that voltage with needed current. So following the basic guide I made a small circuit and program for the atmel to control an output pin of it and eventually the relay. The experiment was success and I started building up a complete system.

HDD Kicker

HDD Kicker is an AVR based small circuit and program to reset hard disk through the RS232. It is made in such way to prevent direct control over the power of HDD, so that any software bug does not switch the relay in an abnormal way (well "normal" is redefined already in this project). You can request a reset from the kicker and it will assure that there is a minimum time interval between resets and a minimum time for spin down and spin up. It will also count the resets and time from the last one and the progress of a reset process. All this will be displayed on 2 lines LCD screen that is connected on the circuit. There is also a test button to request reset without the need of RS232 message.

If you have played at least one time with Atmel MCU then the circuit is self explained. Pin PC4 is configured as output pin and the Relay is connect with a small resistor to drop voltage from 5V to ~ 3V. At pin PC5 a push button is connect to trigger test event. Pin PC5 is configured as pullup input, so if it is connected with the ground then you can monitor it from MCU's internal registers. The leds are connected after the relay at the 5V power of the HDD, and they work as a visual confirmation of the current relay state. I will not get in deep of how you can control pins on AVR as there are amazingly numerous articles for almost every bundle/kit.

I made also a video where you can see it working. I used OpenShot video editor for the first time and, being a bit enthusiast, I may overdid it with the directing:P Enjoy.

Download source

I am providing here the source but keep in mind it is more like a POC and not a complete and robust application that is well tested etc...

Monitoring script: ddrescue_kicker.tar.gz

HDD Kicker software: hdd_kicker.tar.gz

P.S. The whole project was made at MircoLab

http://c.itunes.apple.com/us/profile/idXXXXXXXXXX

The request return my profile page, and did contain a cookie. Interested I fired up Burp and repeated the request, removing the cookie, only to find out that the resulting page once again contained my name.
Switching the privacy setting to allow people to follow me (even if "require my approval to follow me" is checked), would also display the "Where I Live" field.
The whole process can be very easily automated in order to harvest ID's, Names and Locations.

The fate was stated leaving me reevaluating my environment. A nice fredo coffee was a good start for this diverted path that I was forced to follow. As I was sitting and drinking my coffee, on the other side of the kitchen, the white box was staring at me. Although it was not looking old, it felt worn out, like an old wounded veteran. It also felt sad and Dead! Death is not nice... and that must change! I said. Following the Hinduism spirit, this soul was ready to be reincarnated.

Dissection

Later that day, I visited the dead body again. It was still there incapable of doing anything. Although it was handy, it always felt bad bombarding my precious food with tiny little waves of something. This could be improved I thought. I took my nice screw driver and I started the dissection.

To my surprise, it was a quite simple device. It had a huge voltage transformer to create high voltage so that the magnetron can work,  the cavity magnetron its self that is the core of the oven and a small circuit board for basic voltage regulations. I ripped all the internal equipment so that I can make it lighter ( The voltage transformer was about 5kilos!). Only the chassis was left and some cables laying down.

Reincarnation

The time has come for its new life to be decided. So I started examining its characteristics again. It was a small cabinet that you could store something, with a good sealing. It is metal, making it handy hard surface. It has electric supply.. I couldn't image where that could be used for. It could be still used in the kitchen as working place and a cabinet at the same time. But no no, this was no the life that I wanted for it. I thought a bit more, and as I was searching for a pen bellow all these cables on my desk from last night electronics tinkering, the idea came!

Electric supply was excellent I thought! I ripped all the cables out of the box and I was investigating on the switches, where I found the door switch. This is the sensor if the door was opened or not. Next to the switch it was the light that was lit when the oven was working. This could be very handy for internal lighting when the cabinet was open. I made a new circuit and used the switch so that when the door was opened the light was open too.

If this was to be used for electronics, I would need more power sockets. So I took a plastic multi-socket and I adapted on the side of my new ... "MicroLab"! I opened a hole on the chassis and I connected the input of the multi-socket on the main power supply of the oven.

Now the top of the box was left to be modified. A metal white surface would be the best for soldering and analysis place. I made a plan with all my tools that I use and I draw a draft of which would be the best place. I putted the soldering tool away from the rest , and I made a corner with crocodile helper clips. A nice place for multimeter would also be nice I thought.

I took the drill and I started implementing the plan. I took hard wire and I adapted some crocodile clips on them. I found some old plastic caps from the bicycle and I made a base for multimeter. With the hardwire I created a nice stand for the multimeter pens.

Voila! My new MicroLab, all I need in one place, on a heat-safe surface. Plenty of electrical supply for the soldering tool and voltage transformers. And a nice storage for all the electronics-related stuff. It may stopped heating my daily food but it will continue to bombard me with micro-ideas!

Most of them are tagged based on classification and subject. It would be difficult and cumbersome to start reading them one by one and trying to find out useful information which may mean something.
As they say a picture is worth a thousand words. First we follow these 3 simple steps:

1. Load all released cables into an RDBMS
2. Create a quick search engine
3. Show the results

Online Cable Search!

All cables are loaded into an RDBMS and the messages are full text indexed. A cable entry in the DB is comprised of:

1. Reference ID
2. Origin Embassy
3. Date created
4. Date released
5. Classification
6. Message

Now that we have all these ready lets start searching for interesting keywords.

Searching for Nuclear

Searching for Bombing

Searching for Globalization

Searching for Recession

Bear in mind that we only have a very small sample of the leaked documents. Proper pattern analysis when the sample is almost complete will yield more interesting results.

Unfortunately I haven't had enough time to analyze the rootkits/ircbots downloaded to the box, but feel free to do so. The files can be downloaded here (password: honeypot).

Below you can see a few videos of the "hackers" in action:

"At 5pm EST Friday 22nd October 2010 WikiLeaks released the largest classified military leak in history. The 391,832 reports ('The Iraq War Logs'), document the war and occupation in Iraq, from 1st January 2004 to 31st December 2009 (except for the months of May 2004 and March 2009) as told by soldiers in the United States Army. Each is a 'SIGACT' or Significant Action in the war. They detail events as seen and heard by the US military troops on the ground in Iraq and are the first real glimpse into the secret history of the war that the United States government has been privy to throughout."

In this post I present this endless insane war in numbers (again). All numbers were taken from "Iraq War Logs" and manipulated using a MySQL database. It must be noted that "Iraq War Logs" was the largest classified military leak in history.

Friendly Killed In Action: 3771

• 2004-->total: 747
• 2005-->total: 856
• 2006-->total: 821
• 2007-->total: 919
• 2008-->total: 282
• 2009-->total: 146

Hostnation Killed In Action: 15196

• 2004-->total: 1031
• 2005-->total: 2256
• 2006-->total: 4370
• 2007-->total: 4718
• 2008-->total: 1948
• 2009-->total: 873

Civilians Killed In Action: 66081

• 2004-->total: 2781
• 2005-->total: 5746
• 2006-->total: 25178
• 2007-->total: 23333
• 2008-->total: 6362
• 2009-->total: 2681

Enemies Killed In Action: 23984

• 2004-->total: 5995
• 2005-->total: 3594
• 2006-->total: 4657
• 2007-->total: 6793
• 2008-->total: 2635
• 2009-->total: 310

Friendly Wounded In Action: 31419

• 2004-->total: 7275
• 2005-->total: 7076
• 2006-->total: 6681
• 2007-->total: 6993
• 2008-->total: 2321
• 2009-->total: 1073

Hostnation Wounded In Action: 39306

• 2004-->total: 2817
• 2005-->total: 5960
• 2006-->total: 9699
• 2007-->total: 12117
• 2008-->total: 6146
• 2009-->total: 2567

Civilians Wounded In Action: 60339

• 2004-->total: 4271
• 2005-->total: 6031
• 2006-->total: 14315
• 2007-->total: 21883
• 2008-->total: 8189
• 2009-->total: 5650

Enemies Wounded In Action: 6494

• 2004-->total: 1533
• 2005-->total: 1004
• 2006-->total: 1422
• 2007-->total: 1960
• 2008-->total: 470
• 2009-->total: 105

Enemy Detained:183991

• 2004-->total: 22461
• 2005-->total: 44710
• 2006-->total: 34071
• 2007-->total: 40326
• 2008-->total: 28832
• 2009-->total: 13591

Total Number of Killed/Wounded

• Total Killed: 109032
• Total Wounded: 137558

In comparison with the "Afghan War Diary In Numbers" that I have posted, let's see some statistics information. According to the Wikipedia site the population of these two countries are:

• Islamic Repubic of Afghanistan: 28,395,716
• Republic of Iraq: 31,234,000

So let's compare the wounded/killed actions:

Afghan War (2004-2009):

• Total Killed: 24155
• Total Wounded: 26667

Iraq War (2004-2009):

• Total Killed: 109032
• Total Wounded: 137558

As we can see from the above numbers, the Iraq War was, more or less, 5 more times as lethal than Afghanistan War (equivalent population size).

If we count the days between the 1st January 2004 until the 31 December 2009, then the number of those days are 2191 (or 313 weeks). If we divide the civilians deaths (66081) with the period in days (2191), then we can see that American Troops and other forces average killed, more or less, ~30/31 Iraqi civilians per day!!!!

Finally, as we can see from the numbers, ~60.5% (66081 of 109032) of the deaths were civilians!!!!

The toolbar items can be customized by right-clicking in the toolbar and selecting customize toolbar.

I have discovered various bugs, which unfortunately I don't have the time to fix at the moment (e.g. POST data not cleaned, the panels sometimes misbehave with multiple windows, etc.), but will do when I get some time.

The javascript used has been 'compiled' with closure, but I will be releasing the full JS source as well in a few days.

This is not in any way a replacement of HackBar and Firefox. Do use them instead of HackAri and Safari.

Download: HackAri