Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - lucid

Pages: [1] 2 3 ... 112
1
General discussion / Re: Lazy fucker
« on: December 16, 2014, 07:43:38 pm »
Heh I'm sort of half in on each method. I figure it might be because it's winter, and I'm sort of hibernating. Whether or not that makes it ok is not for me to decide. Also it's not like I'm doing literally nothing useful all day, I just spend less time on it then I should. Like 2 - 4 hours instead of more like at least 5 or 6.

2
General discussion / Lazy fucker
« on: December 16, 2014, 07:09:51 pm »
That's who I've been the past few weeks.

I work from 5pm to 1/2am every time that I work. So generally the earliest I can get up is around 10am or so since I don't end up getting to bed until 3 or 4 in the morning. This means that, if I ever want to get anything done, I need to be productive all day before work. Recently, this has been a lot easier said then done.

I'm trying to cut back on smoking pot before work, this just adds to the lack of productivity for me, and I'm better off waiting until night time. Unfortunately this is more difficult to actually achieve also. As of now, my current schedule has me waking up at around 10am, but I don't actually get started on anything productive until around 12 or 1pm. The time in between then is spent walking the dog, and then afterwards smoking weed and watching a TV show epidsode or two. THEN I finally get to work on something, but that only leaves me around 3 hours after taking time to get ready for work and eat. Three hours daily IMO isn't enough time to really spend on something you want to become really good at.

What do you guys to when you go through bouts of laziness/lethargy and all you want to do is watch TV or something? This has been going on for weeks now...

3
General discussion / Re: Some strange thing about m0rph on IRC
« on: December 07, 2014, 08:30:21 pm »
I think I do....

Did anyone read the pastebin?

4
Operating System / Re: Custom public wifi connect script | DHCP issues
« on: December 02, 2014, 09:03:24 am »
Here's a more complete version for private public wifi
Code: (bash) [Select]
#!/bin/bash
# Quick public wifi connect tool
# Usage: sudo wifi <ssid> <psk>
# Don't forget sudo!

CONFIG=/home/lucid/sec/wifi/wpa_supplicant.conf
error=/home/lucid/sec/wifi/wpa_errors.log

# Spoof mac because fuck off
ifconfig wlan0 down
macchanger -r wlan0
ifconfig wlan0 up

# Clean up dhcp leases and process files
killall dhcpcd &>/dev/null
killall wpa_supplicant &>/dev/null

if [[ -e /var/lib/dhcpcd/dhcpcd-wlan0.lease ]]; then
  rm /var/lib/dhcpcd/dhcpcd-wlan0.lease
fi

# Easy creation of wpa_supplicant
echo "ctrl_interface=/var/run/wpa_supplicant" > $CONFIG
echo -e "ctrl_interface_group=root\n" >> $CONFIG
wpa_passphrase "$1" "$2" >> $CONFIG

# Connect
wpa_supplicant -B -Dwext -i wlan0 -c $CONFIG 2> $error
dhcpcd wlan0

# Test the connection
echo "Running a quick ping test.." && sleep 2
ping -c 2 8.8.8.8
echo -e "\nDone!"

EDIT: Everyone should note that dhcpcd transmits some identifying info when soliciting a lease, and can be easily spoofed. Perhaps I could add something like that in my script.

5
Operating System / Re: Custom public wifi connect script | DHCP issues
« on: December 02, 2014, 07:13:17 am »
That did it! I guess it's my fault for not knowing how to debug wpa_supplicant. Thanks for the tip proxx. Here's the output:
Quote
wpa_supplicant v2.0
random: Trying to read entropy from /dev/random
Successfully initialized wpa_supplicant
Initializing interface 'wlan0' conf '/home/lucid/sec/wifi/wpa_supplicant.conf' driver 'wext'
ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/home/lucid/sec/wifi/wpa_supplicant.conf' ->
'/home/lucid/sec/wifi/wpa_supplicant.conf'
Reading configuration file '/home/lucid/sec/wifi/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group='root'
Priority group 0
   id=0 ssid='redacted'
WEXT: cfg80211-based driver detected
wext: interface wlan0 phy: phy0
rfkill: initial event: idx=1 type=1 op=0 soft=0 hard=0
rfkill: initial event: idx=2 type=1 op=0 soft=0 hard=0
SIOCGIWRANGE: WE(compiled)=22 WE(source)=21 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0x1f flags 0x0
netlink: Operstate: linkmode=1, operstate=5
wlan0: Own MAC address: redacted
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wlan0: RSN: flushing PMKID list in the driver
wlan0: Setting scan request: 0 sec 100000 usec
WPS: Set UUID for interface wlan0
WPS: UUID based on MAC address - hexdump(len=16): 13 d9 02 08 31 51 5c a6 b7 ec 82 9b 35 1a b1 bd
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: Supplicant port status: Unauthorized
EAPOL: Supplicant port status: Unauthorized
Using existing control interface directory.
ctrl_interface_group=0 (from group name 'root')
wlan0: Added interface wlan0
wlan0: State: DISCONNECTED -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
Daemonize..
dhcpcd[4462]: version 6.0.5 starting
dhcpcd[4462]: wlan0: waiting for carrier
dhcpcd[4462]: wlan0: carrier acquired
dhcpcd[4462]: wlan0: soliciting an IPv6 router
dhcpcd[4462]: wlan0: soliciting a DHCP lease
dhcpcd[4462]: wlan0: offered 172.20.1.7 from 172.20.1.1
dhcpcd[4462]: wlan0: leased 172.20.1.7 for 86400 seconds
dhcpcd[4462]: wlan0: adding host route to 172.20.1.7 via 127.0.0.1
dhcpcd[4462]: wlan0: ipv4_addroute: Network is unreachable
dhcpcd[4462]: wlan0: adding route to 172.20.1.0/24
dhcpcd[4462]: wlan0: adding default route via 172.20.1.1
dhcpcd[4462]: forked to background, child pid 4485

I ended up looking around more in /var/run, and realized that killing wpa_supplicant and dhcpcd was a much more efficient way to clean up then deleting files. It working now  :D

Also, might as well show you the code:
Code: (bash) [Select]
#!/bin/bash
# Quick public wifi connect tool

CONFIG=/home/lucid/sec/wifi/wpa_supplicant.conf
error=/home/lucid/sec/wifi/wpa_errors.log

# Clean up dhcp leases and process files
killall dhcpcd
killall wpa_supplicant

if [[ -e /var/lib/dhcpcd/dhcpcd-wlan0.lease ]]; then
  rm /var/lib/dhcpcd/dhcpcd-wlan0.lease
fi

# Easy creation of wpa_supplicant
echo "ctrl_interface=/var/run/wpa_supplicant" > $CONFIG
echo -e "ctrl_interface_group=root\n" >> $CONFIG
wpa_passphrase "$1" "$2" >> $CONFIG

# Connect
wpa_supplicant -B -Dwext -d -i wlan0 -c $CONFIG 2> $error
dhcpcd wlan0

*lucid gives proxx a cookie

6
Operating System / Custom public wifi connect script | DHCP issues
« on: December 02, 2014, 04:04:58 am »
This would also fit in the Scripting Language board as well, but I think it's more fitting here.

In the past, I've used wicd, NetworkManager, and things of that nature. However, I always had issues with both of them disconnecting constantly and hardware compatibility or whatever. This was a long time ago. Ever since I've simply been using wpa_supplicant + dhcpcd, or netctl on Arch. Simple is better, and I've never had connection issues doing it manually. The only trouble is that it's not always so convenient to do this  when you are on the move connecting to public wifi here and there. So I wrote a simple bash script to automate this. It takes the ssid and password as command-line arguments.
Quote
wifi_util Jimwifi password123
For some reason, even though it appears to do the same thing as when I connect to my home network with wpa_supplicant and dhcpcd, it fails with varied results. Here's the code first:
Code: (bash) [Select]
#!/bin/bash
# Quick public wifi connect tool

CONFIG=/home/user/dir/dir/wpa_supplicant.conf

# Clean up dhcp leases and process files
rm /var/lib/dhcpcd/* &>/dev/null
rm /var/run/dhcpcd-* &>/dev/null
rm /var/run/wpa_supplicant/*

# Easy creation of wpa_supplicant
echo "ctrl_interface=/var/run/wpa_supplicant" > $CONFIG
echo -e "ctrl_interface_group=root\n" >> $CONFIG
wpa_passphrase "$1" "$2" >> $CONFIG

# Connect
wpa_supplicant -B -Dwext -i wlan0 -c $CONFIG
dhcpcd wlan0

This is what I normally see:
Quote
dhcpcd[2065]: version 6.0.5 starting
dhcpcd[2065]: wlan0: waiting for carrier
dhcpcd[2065]: wlan0: carrier acquired
dhcpcd[2065]: wlan0: soliciting an IPv6 router
dhcpcd[2065]: wlan0: soliciting a DHCP lease
dhcpcd[2065]: wlan0: offered 172.20.1.7 from 172.20.1.1
dhcpcd[2065]: wlan0: leased 172.20.1.7 for 86400 seconds
dhcpcd[2065]: wlan0: adding host route to 172.20.1.7 via 127.0.0.1  < these seem related
dhcpcd[2065]: wlan0: ipv4_addroute: Network is unreachable           < and significant
dhcpcd[2065]: wlan0: adding route to 172.20.1.0/24
dhcpcd[2065]: wlan0: adding default route via 172.20.1.1
dhcpcd[2065]: forked to background, child pid 2107

The rest of the time it times out with this:
Quote
dhcpcd[1994]: version 6.0.5 starting
dhcpcd[1994]: wlan0: waiting for carrier
dhcpcd[1994]: timed out
dhcpcd[1994]: allowing 8 seconds for IPv4LL timeout
dhcpcd[1994]: wlan0: carrier acquired
dhcpcd[1994]: wlan0: soliciting an IPv6 router
dhcpcd[1994]: wlan0: soliciting a DHCP lease
dhcpcd[1994]: timed out
dhcpcd[1994]: exited

I'm not sure why this isn't working. Right before any error messages, I see that it successfully initializes wpa_supplicant, every time. So the problem seems to lie with DHCP somehow. Normally, I would connect simply with /etc/rc.d/rc.local:
Code: (text) [Select]
#!/bin/sh
#
# /etc/rc.d/rc.local:  Local system initialization script.
# Put scripts you want executed on shutdown in:
# /etc/rc.d/rc.local_shutdown

# Load alternative modules
modprobe rtl8188ee

# Connect to wireless internet
wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf < Same thing my script does
dhcpcd wlan0                                                              <
As you can see it's the same thing really. It just initializes wpa_supplicant and runs dhcpcd on startup. Both /etc/wpa_supplicant.conf and my custom wpa_supplicant.conf file are valid and get initialized successfully. I don't get it.

7
News and Announcements / Re: 9447 CTF
« on: December 02, 2014, 03:39:54 am »
I was on vacation and was on far too many drugs to participate. Looking forward to the next one though  ;D

8
Anonymity and Privacy / Re: Posting code - How much do we want to let them see?
« on: November 25, 2014, 10:26:15 pm »
I like your mental firewall. I should develop something similar. Also I hadn't really considered modularity as a form of privacy. Thanks.

I see what you are saying madf0x. I've often thought that it would be extremely easy for people to blow the NSA's capabilities out of proportion. First it's, "The NSA purposely put backdoors in popular algos, and regularly intercept computers and technology while en route in order to install hardware backdoors." To, "The NSA is under your bed."

I obviously don't believe that the NSA has the time and resources to hire an analyst for every wannabe hacker and criminal in the world like some people believe. I know there isn't some person who is currently watching me type this post in real time or anything. However, I do believe that with automated systems like XKeyscore and whatnot, and with the large amount of access they've tailored, they don't need to care about me or waste time watching me in order to have a log or dossier or whathaveyou on posts and searches I've made. So sometimes I worry that posting, say, a script that bruteforces random IP addresses SSH servers  :-X, on Github might land me in perhaps a slightly more exclusive list then any that I already may be on if you know what I mean.

EDIT: Come to think of it, I've probably issued enough unique searches looking for solutions to code problems I've had, that they could probably figure out what I was coding without me even having to post it somewhere.

9
Anonymity and Privacy / Posting code - How much do we want to let them see?
« on: November 25, 2014, 08:52:01 pm »
I feel like it's been months since I've actually posted anything besides moderator comments and such, so well get back into it with a new question I've stumbled on.

What with all the government spying and whatnot, it feels like anonymity is completely and entirely dead and we should all just give up. I mean let's be honest. Not that I matter much to them, but I'm sure that the NSA or whoever may be watching knows already that the IRL me is lucid on the internet, and probably has a pretty good idea of my beliefs, ideals, and behaviors to an extent.

However, this doesn't mean we should just lay down and die right? I came across an interesting question related to privacy and watching your back online when I got stuck decided whether or not to post code I wrote that contains some...... questionable features. Actually, I think it would be more appropriate to say downright illegal as fuck. Now I realized I could put disclaimers in the code comments, and always post the code with a message like:
Quote
WARNING: THIS IS FOR EDUCATIONAL PURPOSES ONLY AND NOT TO BE USED FOR ANYTHING ILLEGAL
and while that should legally protect me to some small degree, we all know that it's actually not just what they can prove, and that it does matter what they know.

My question is this; GIven that the NSA is watching us and at some point will or has seen everything we do on the web, is it no longer safe to post code that you've created if it has some sort of illegal features in it?

What do you guys think?

10
Hacking and Security / Re: [Help] Web Hacking
« on: November 16, 2014, 08:18:43 pm »
Quote from: Kiuhnm on November 15, 2014, 02:35:08 pm
I completely agree with you!
Now give me back my cookie  ;D
Just joking!  :)
I don't take cookies. Obviously someone else also disagreed with something you've said.

11
Hacking and Security / Re: [Help] Web Hacking
« on: November 15, 2014, 05:16:01 am »
Quote from: Kiuhnm on November 14, 2014, 09:53:07 pm
Are you saying that if I had read a few quick tutorials by now I'd be an expert? I doubt that.
No. I said that a little bit of hands on practice can be worth more then ten books. I promise you that.

Quote
I only said that, for me, reading a good book, when available, is the best way to start learning something. That doesn't contradict what you said.
This is a fair statement. If that's how you learn best then do it by all means. I must've gotten caught up in the idea..

12
Hacking and Security / Re: [Help] Web Hacking
« on: November 14, 2014, 08:28:58 pm »
See that's exactly the problem. If all your info is based on books then you end up making ridiculously broad generalizations like that one. Reading is good, but there's only so much you can take from a book. Nothing substitutes for a little hands-on experience.

Also, reading is not the best way to learn. It's the best way for some people to learn. Some people learn by hearing, some learn by seeing, some learn by doing.

13
Hacking and Security / Re: [Help] Web Hacking
« on: November 14, 2014, 07:11:18 pm »
Quote from: Kiuhnm on November 13, 2014, 08:58:54 pm
This means that I should be able to discover a large spectrum of vulnerabilities while a black hat hacker might focus on just a few (say SQLi and XSS).
Did you read that in a book?

14
Hacking and Security / Re: [Help] Web Hacking
« on: November 13, 2014, 07:40:12 pm »
Quote from: Kiuhnm on November 13, 2014, 02:09:57 pm
Why are you assuming that that book is of lower quality?
To some people, reading a pdf on hacking is MUCH lower quality information then reading a quick tut and getting your hands dirty.

15
Hacking and Security / Re: [Help] Web Hacking
« on: November 13, 2014, 04:34:08 am »
Quote from: Kiuhnm on November 03, 2014, 05:26:20 pm
I'm not sure I agree with you on this. That's a 900-page book. I doubt some quick tutorials can offer the same amount of information.
Quality of information is not measured in the quantity of words.

Pages: [1] 2 3 ... 112