Hacking Mode Trick and Video Download

Wireless Hacking - Cracking WEP

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:55:00 -0800

The second episode of Full Disclosure is now released. This episode includes how to crack WEP encryption, and why it is so easy to crack. The shownote are published in the wireless hacking section of the forums.

Download video here

Wireless Hacking - DeAuth

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:54:00 -0800

The third episode of Full Disclosure is a short one; however, it is a necessary step in cracking WPA-PSK which will be our next video. Basically this attack just disconnects all the users on a wireless network. The attacker does not need to know the WEP or WPA key or be connect to the network. This attack is illegal in many states, so this video is for education reasons only.

Download video here

Lock Picking - Bump Key

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:53:00 -0800

This is the first of our Lock picking series. In this episode we describe how to make and use a bump key to quickly unlock most residential grade locks.

Download video here (Right Click -> Save Link as)
Video Shownotes here

Phone Phreaking - Beige Box

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:51:00 -0800

This episode of Full Disclosure we are demonstrating how to tap a phone line with the old school Beige Box! We are planning to have many Phone Phreaking (telephone hacking) episodes like Sniffing VOIP, Hacking COCOT, and Red Boxing to name a few.

Download video here (Right Click -> Save Link as)

Phone Phreaking/Network Hacking - Sniffing VoIP

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:50:00 -0800

Our seventh episode is a mix between Phone Phreaking and Network Hacking. In this episode we demonstrate how to sniff Voice Over IP conversations, which basically means how to tap an internet phone. We thought that this would be a good video to follow the beige box.

Download video here (Rig

Lock Picking - DIY Padlock Shims

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:46:00 -0800

This is our second video in our Lock picking series. In this video we explain how to make and use Padlock Shims. Padlock Shims are used to unlock spring latch Padlocks.

Download video here (Right Click -> Save Link as)

Lock Picking - Mult-Disc Combo Locks

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:45:00 -0800

This is our third video in our Lock Picking series; after this video we will return to computer hacking videos for a while. In this video we demonstrate how to unlock the Master Lock 653D, Targus Defcon CL, and the Master Lock 175. The different methods shown in this video to unlock these three locks will help you not only unlock these locks; but also, help you develop your own way to crack other mult-disc combo locks that you may come across.

Download video here (Right Click -> Save Link as)

Local Privilege Escalation Vulnerability in Cisco VPN Client

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:43:00 -0800

Recently a local privilege escalation vulnerability was found in Cisco’s VPN Client. When Cisco VPN Client is installed, a windows service “Cisco Systems, Inc. VPN Service” is created. The service runs the binary C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe as Local System. Therefore, if you replace cvpnd.exe with another executable, then that program will be ran at startup with root privileges! I fond this vulnerability interesting because it is used at my college to authenticate students when they connect to the wireless network. For that reason, almost every student with a laptop has this software installed, and students are allowed to borrow school laptops from the student center to use the wireless internet. Consequently, anyone could borrow a laptop, gain root access thought the vulnerability, and install a keylogger that sends every keystroke to the attacker’s email! Its been 5 days seen this vulnerability was discovered, and Cisco has already issued a patched version. However, how long will it take for the school to update all their computers? This is just another reason why you should be careful when using school computers!

Video Demonstration: (shows how to gain root access and change the Admin password with this vulnerability)

Hacking Basics - MD5

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:41:00 -0800

In this episode of Full Disclosure we will demonstrate how to crack MD5 password hashes. MD5 (Message-Digest algorithm 5) is a hash function commonly used by websites to encrypt passwords. MD5 is a one-way hash; therefore, to crack the password you most try every possible dictionary word and if that does not work, every possible letter/number/symbol combination. The programs we use to crack the passwords are Cain and MDCrack-NG.

Download video here (Right Click -> Save Link as)

Website Hacking - Sql Injection

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:39:00 -0800

For Infinity Exists Full Disclosure’s first Website Hacking episode, we demonstrate how to exploit a security vulnerability occurring in a website’s database to extract password hashes. Sql (Structured Query Language) is a computer language designed for the retrieval and management of data in a system’s database. The Attack, known as Sql Injection, manipulates Sql statements before they are sent to the Sql Server, allowing the Attacker to create, change, or retrieve data stored in the database. Sql Injection is a hard concept to understand, so we made a video that encompasses all our knowledge on the subject to make it easier for our viewers to grasp.

Download video here (Right Click -> Save Link as)

Hacking Basics - Backtrack

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:28:00 -0800

On the forums, there has been many questions concerning Backtrack. Therefore, we decided to make a video that tries to answer as many as these question as possible. In this episode we cover: Where to get Backtrack 2, How to burn an .ISO file, How to boot Backtrack 2, How to login, and start the GUI interface. Also, we illustrate basic Linux commands, and how to set up your Network Interfaces.

Download video here (Right Click -> Save Link as)

How to use Intel Pro/Wireless 3945ABG in Backtrack 2

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:21:00 -0800

The Intel Pro/Wireless 3945ABG (IPW3945) is a popular wireless card that is build-in many laptops. However, the drivers included in Backtrack 2 do not allow you to do packet injection. To fix this problem you need to install the IPWRAW drivers. The easy way to do this is to use Backtrack 2 module. A module adds additional components to Backtrack 2. To add a module, you copy the .LZM file into the modules folder in the BT2 .ISO. After adding the IPWRAW module to the BT2 .ISO, boot up Backtrack and click the “IPW3945 RAW load.sh” script on the desktop to install the IPWRAW Drivers. After the drivers are installed your wireless card will be lock in monitor mode, and you will be able to do packet injection with aireplay-ng. If you want to put your wireless card in managed mode and connect to a wireless network click the “IPW3945 load.sh” script on the desktop. That script will load the default IPW3945 Drivers.

Video Demonstration

Download IPWRAW Module Here
Discuss Here

Credit:
IPWRAW package made by: -~operator~-
Module made by: Genius

How to use Intel Pro/Wireless 3945ABG in Backtrack 2

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:21:00 -0800

Video Demonstration

Download IPWRAW Module Here
Discuss Here

Credit:
IPWRAW package made by: -~operator~-
Module made by: Genius

Sql Injection Challenge!

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:18:00 -0800

I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11. Tips to help you get started:

Watch Full Disclosure Episode 11!
Download Wp-Forums Source Code
The variable that is used to manipulate the Sql Statement is a POST variable.

Good Luck!
—————————————————————————————————————————–
Update!
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!

Sql Injection Challenge How-to

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:14:00 -0800

The Sql Injection Challenge has already been completed, so here is a video demonstration on how to find this Sql Injection flaw and exploited it to extract password hashes. In this video I use a firefox plugin ‘Data Tamper’ that can be download here

Full Size Video
Download Here

SIUC’s Network

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:11:00 -0800

I currently attend Southern Illinois University at Carbondale, and I am taking Digital Circuit Design with Dr. Weng who also teaches Network Processing Systems Design. Today in class he invited all his students to go a tour of SIUC’s computer network with his Network Processing Systems class. Of course I took up his often because it is not every day a regular student can walk into the core networking room and server mainframe of a large University. Basically, the network is system up on a three layer infrastructure (Core Layer, Distribution Layer, Access Layer). At the Access Layer (which is the layer that provides network access to client computers) the University uses Cisco Catalyst 2950 switches. Those switches are connected via cross-over cable to the Distribution Switch which is a Cisco Catalyst 3524. In turn, the Distribution switch connects via fiber wire to the Core Switch which is a Cisco Catalyst 6509. The entire can network runs at 1 Gigabyte; however, the internet bandwidth is capped at 300 Mb! Furthermore, only 90 Mb of bandwidth is dedicated to the Residence Halls!! All the Core Switches goto the student center where the internet point of entry is located. Also, internet traffic is filtered through a SourceFire firewall. Some more interesting networking facts: SIUC has 9 Wireless AP (I believe) which are managed by a Cisco Wireless LAN Controller, for access control they use Cisco 1111, for VPN they use Cisco VPN Concentrator 3000, and for their servers they use Sun System SunFire. A interesting security fact is that they only use SSH to configure switches remotely because the web interface has security issues. Lastly, you probably noticed that most of their networking devices are Cisco this is for compatibility reasons, they had problems in the past for using multiple vendors. Well thats about it, hope you enjoyed hearing about SIUC’s Network.

Typical Network Layout of a SIUC Building:

My Dorm’s Network Layout:

Infinity Exists Featured On 60 Minutes

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 20:08:00 -0800

CBS’s 60 Minutes ran a segment on internet insecurities and they showed the ease of finding tutorials on youtube to exploit them. They chose our video on cracking WEP to demonstrate and showed a short clip of it. The segment is up on the CBS website and you can check it out here. Thank you CBS for the free publicity!
—————————————————————————————————————————– Update - Live Stream

Website Hacking - XSS

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 19:03:00 -0800

In this episode of Full Disclosure we are explaining the website attack known as Cross-Site Scripting (XSS). Cross-Site Scripting is a type of security vulnerability that affects web applications that do not sanitize user input properly. This kind of vulnerability allows an “attacker” to inject HTML or client side script like JavaScript into the website. Cross-Site Scripting is most commonly used to steal cookies. Cookies are used for authenticating, tracking, and maintaining specific information about users; therefore, by stealing a user’s cookies an attacker could bypass the website’s access control. There are three types of XSS attacks: Persistent, Non-Persistent, and DOM-Based. In this episode we will cover Persistent and Non-Persistent Cross-Site Scripting attacks.

Download video here (Right Click -> Save Link as)

The 60 Minutes Effect

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 18:27:00 -0800

As most of you already know, Infinity Exists’ Full Disclosure Ep. 2 Wep Cracking was featured on CBS’s 60 Minutes “High-Tech Heist” for about 10 seconds. Those few seconds on Nation Television gave us about 40,000 hits on YouTube, and about 750 unique hits on InfinityExists.com. Weeks after the 60 minutes episode aired Infinity Exists is still getting an average of 300 unique hits a day. This is pretty good compared to our 200 hit average before.

However, 60 Minutes brought Infinity Exists to the attention of a few unwanted people. For Example:

People that do not understand what it is to be a hacker, just simply think we are criminals. A Hacker truly is a computer enthusiast that enjoys exploring various computer systems in the pursuit to gain more knowledge. A hacker’s goal is never to harm anyone or anything as the media would like you to believe. The goal of Infinity Exists’ video series Full Disclosure is to inform people about specific security flaws. If there was no one to disclose this information to the general public then everyone would still being using insecure technology and would be at the mercy of criminal crackers.

Exploit Hacking

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 18:26:00 -0800

Since Infinity Exists hasn’t had time to release a new episode, I decided to revamp a two part series, Exploit Hacking and Exploit Hacking 2 - Privilege Escalation, that I made a year before Infinity Exists was created. It may be a little dated, but it provides great information on how a hacker can find an vulnerability on a remote computer and exploit it to gain remote access. Also, the video shows how a hacker can raise their privileges on the remote machine to administrator. I added text throughout the video to make it easier to understand. Furthermore, Infinity Exists plans to do a more up-to-date and more detailed series of episodes on “exploit hacking.”

Full Scale Video Here
Download Here

USB Worm (Jamesgo.dll)

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 18:24:00 -0800

The other day my computer was infected by a USB Worm known as Jamesgo.dll. I received the virus when I inserted my girlfriend’s USB thumb drive. The worm modified the autorun.inf file on the thumb drive, so it was able to automatically transfer itself to all my hard disk drives (Click Here to view autorun.inf). There is little information on the internet about this virus, so I had to figure out my own way to remove it. By analyzing the autorun.inf (which the virus cleverly changed to a system hidden file, and later I found out that it modified the registry so system hidden files are never displayed) I disclovered that each drive contains the Visual Basic Script, test.vbs (Click Here to view Test.vbs). Basically what the file does is copies test.bat, test.reg, autorun.inf, autorun.ico, and itself to every hard disk in the system. Also, it runs every 60 seconds, so if you delete it from one drive in 60 seconds it will recopy itself from a different drive. Futhermore, the test.reg simply edits the registry so test.bat runs on start up and prevents system hidden files from being displayed. Test.bat runs the VB script and changes the files to system,hidden,achieved, and read-only (Click Here to view Test.reg and Click Here to view Test.bat). To remove the virus I crafted a batch file changes all the test files and autorun to normal files (attrib -s -h -r test.*, attrib -s -h -r autorun.*), and then deleted them. Since the batch file can delete all the files quickly it does not have a chance to recopy itself to all the disk drives. Also, I manually removed all entires of test.bat from the registry (Click Here to view Fix)

To prevent a USB Worm from infecting your computer:
1) Goto Start -> Run
2) Type “gpedit.msc” (This is the group policies editor)
3) Click “Administrative Templates” under Computer Configuration
4) Then click “System”
5) Select “Turn off Autoplay”
6) Set it to “Enable” and choose to “Turn off Autoplay on All Drives”

In conclusion, the Jamesgo.dll USB Worm is not a risk for your computer, but it is really annoying! Also, it is a perfect example on how easy it is to create a Worm for travels though removal media. If you want to mess around and modify the Jamesgo.dll script you can download it here. If you want to learn more on how to use Autorun and Batch files to create a “Auto Hacking USB Thumb Drive” go here.

Interesting Note: The Jamesgo.dll USB Worm was created in the Philippines which is stated in test.vbs, and the Thumb Drive that infected my computer was purchased in the Philippines and brought back to the US by my girlfriend’s mother.

Staying Secure - SSH Tunnel

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 11:12:00 -0800

The wait is finally over! This new episode of Full Disclosure shows you how to use a SSH Tunnel to secure your data when you are on an untrusted LAN (ex. Coffee Shop, School’s network, or Defcon). Furthermore, you can use the SSH Tunnel to bypass the LAN’s internet filters. The SSH tunnel protocol works by encapsulates your data into an encrypted payload and transmitting it to the SSH Server which is setup on a trusted LAN.

Live Stream Here
Download Here

Links:
OpenSSH for Windows, Putty, Proxifier

Wireless Hacking - Cracking WPA

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 11:06:00 -0800

This episode of Full Disclosure illustrates the progress of Cracking weak WPA Preshared Keys. Before you can crack the Preshared Key you must capture the four way handshake between the Access Point and a client; to accomplish this you must force the client to reconnect to the AP with the DeAuthentication attack we showed in episode 3. If you are using the Linksys WUSB54GC you will have to update your drivers to RaLink RT73 USB Enhanced Driver. In this episode we show you how to do this, and I also made a Backtrack module to automate the process. The module works in the same way as the IPWRAW Module for the Intel Pro/Wireless 3945ABG card, so you can watch that Vblog if you are having troubles.

Live Stream Here
Download Here

Download RT73 Module Here
Watch IPWRAW Vblog Here

Singing Tesla Coil

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 11:04:00 -0800

This weekend was UIUC’s annual Engineer Open House, and last night there was a Singing Tesla Coil show. The Tesla coils were built by Steve Ward, a EE student at UIUC. “Steven has developed Tesla Coils with high levels of control allowing audio modulation of their lightning-like display. Interfacing the Continuum Fingerboard with this technology will generate a musically expressive and highly energetic, multi-voiced performace” (EOH Exhibit Guide).

Full Scale Video Here
Download Here

McAfee SiteAdvisor

noreply@blogger.com (Unknown) — Fri, 5 Dec 2008 11:01:00 -0800

An anonymous viewer brought to my attention that McAfee’s so called “SiteAdvisor” had labeled Infinityexists.com with the big evil red X

It turns out that McAfee SiteAdvisor scanned Infinity Exists and found the Jamesgo.dll Worm, which I uploaded so you guys can see how it works. Not only is the virus zipped to prevent anyone from accidentally running it, but also, there is an explanation on how to remove the virus in the blog post.

(I have to agree with the Nuisance ‘O Meter. Jamesgo is definitely an 8!)

Don’t get my wrong, I think it is a good idea for McAfee to try to inform non-techie computers users that those free screensavers are going to mess up their computer. I just think McAfee should take into account the content of the website instead of just blindly scanning the internet for viruses. Now people interested in computer hacking will be disinclined to visit Infinity Exists because they’ll see this:

Well anyways, that my rant on McAfee SiteAdvisor