#!/zitstif.no-ip.org/

In this post I am simply  doing an update to the ‘THELIST.txt’ file which is essentially a blacklist of web servers that are ad servers or have been found to be malicious. I have added more servers (mostly ad web servers). The file is accessible here:

http://zitstif.no-ip.org/THENEWLIST.txt
SHA1 (THENEWLIST.txt) = 02a2e93167f680a09f5047ef1b081483b680bfde

You can then download this file and append the output of ‘THENEWLIST.txt” to your hosts file.

For Microsoft Windows you will most likely have to do the following:

1.) iexplore http://zitstif.no-ip.org/THENEWLIST.txt
2.) Save the file to a location
3.) Run CMD.exe as an Administrator
4.) ‘cd’ to the directory where you saved ‘THENEWLIST.txt’
5.) Execute the following command: attrib -R C:\WINDOWS\system32\drivers\etc\hosts
6.) Then execute this command: type THENEWLIST.txt >> C:\WINDOWS\system32\drivers\etc\hosts
7.) Execute the following command: attrib +R C:\WINDOWS\system32\drivers\etc\hosts

For *nix hosts do:

1.) Gain root via: su or sudo -i
2.) chmod a+rw /etc/hosts
3.) printf “GET /THENEWLIST.txt HTTP/1.0\n\r\n” | nc -vv zitstif.no-ip.org 80 2>&1 | egrep -v ‘HTTP|Apache|Date:|ETag:|Accept-Ranges:|Content-|Connection:|Modified:|Connection’  >> /etc/hosts
4.) chmod a+r/etc/hosts && chmod a-w /etc/hosts

I hope this is useful to you. I think most people would like nearly ad free web browsing.  In addition to that, legitimate ad servers have been known to serve up malware:

http://news.cnet.com/8301-27080_3-20000898-245.html

So by using this file in tandem with the Adblock extension/plugin you can get for Firefox/Google-Chrome, you will be less annoyed by ads and not have to be too concerned about ads serving up malware for you.

If you have any questions, comments, or concerns feel free to contact me.

With continuing the series of weaponizing the N900 and hoping that Infosec Island will continue with their series as well, I have successfully setup my N900 as a rogue AP point.

Firstly, to effectively deploy it you want to make sure your cell phone service (3G for the N900) is quite strong. You may even want to try pinging google or the like and see what the delay is. With a good connection, it will very for me between 70 and 90 milliseconds.

Second, you want to survey the site you’re going to deploy your portable rogue ap point. Luckily, you can run kismet on the N900. Once you have surveyed the site for other AP points, take note of the MAC addresses of each AP point that is specific to the area and also take note of the names of the AP points. With this mac address you can spoof your wlan0 interface to something that is very similar:

ifconfig wlan0 hw ether 00:XX:XX:XX:XX:XX

You will need to have the extra repos enabled to install an application called mobilehotspot. You will also need prior to this, to install the custom kernel for the N900. You will also need ettercap and sslstrip to carry out this attack. See my earlier post for notes on the two: http://zitstif.no-ip.org/?p=451

1.) Get sslstrip up and running, and make sure you have iptables. For steps on using sslstrip check out:
http://www.thoughtcrime.org/software/sslstrip

2.) Spoof your wlan0 hardware address to what is appropriate for the site.

3.) Run the mobilehotspot application.

4.) Wait for a few seconds

5.) Run ettercap by doing so (modify as needed):
ettercap -i wlan0 -q -T -p -u // //

The reason why we don’t have ettercap forward packets, is because the kernel is already doing so due to the mobilehotspot application.

That is pretty much it. You could also do dnsspoofing to send your victims to a server under your control to do drive by attacks.

I haven’t had much time or energy to work on my website due to work, having a more than usual social life (odd), and school. I’m gong to make an honest effort to keep this website up to date at a higher frequency than what I’ve been doing.

This post is mostly in regards to my reconnaissance websites section. I’ve updated it and organized the websites by category. I’ve also added a link Samy’s geolocation page, which is great for finding actual (or close) locations of AP points, thanks to Google doing ‘legal’ wardriving.

Also, I’m planning on obtaining a Nokia n900, which I plan to ‘weaponize’ it in an original manner, and I will post steps to doing so on my website. I also have some meterpreter script ideas that I’m planning on working on. Additionally to that, I have a meterpreter script that has been laying around that utilizes an old trick for maintaining access to a compromised server, that I will plan on posting for metasploit users to use.

Here’s to a new year in information security! What will 2011 bring? 🙂

More to come as usual..

http://www.google.com/search?q=%22compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%22+inurl%3A%2Fvar%2Flog&btnG=Search&hl=en&

Ah google what can’t you do?? 🙂

More to come.. (Currently working on ettersploit, taking a break).

mashable.com/2010/04/23/blippy-credit-card-numbers/

Alright, sharing information is nothing new, along with sharing information online. We as a society aggregate massive amounts of data for companies to use for targeted marketing and the like.

With that being said, you must ask yourself, “Our we willingly sharing too much information?” Is there such a thing as a too much information? Some would argue no and for the most part I would have to agree with them. Despite this being true, I still strongly believe that reasonable forms of denial are a useful tool for coping with everyday life.

Twitter, facebook, myspace.. and even the faded out xanga, are all websites that are used for basically spying on our social lives. With this being said, Blippy steps up the ante by spying on our buying habits and having a space for us to publicly share this information.

Was I a little surprised to find out about the latest ‘Blippy fail’ ? A little, but the more I took into consideration and remembered how Google can be used in such a way, it wasn’t very hard for me to fathom.

Is there an easy mend for this issue? You have to ask yourself, especially if you’re a Blippy user, “Do I really need to share this information, with this company and the realm of the internet?”.

My mantra on disclosing information is, ‘share information as felt necessary’. I hope more people start taking this into consideration, but it seems that people tend to like to live in the view of the public to an extent via social networking mediums. I believe for some individuals, it gives them a sense of identity and self importance.

Do I really care about who broke up with such and so? Is it necessary for me to learn about unnecessary information about yourself? I don’t think so, but social networking websites seem to think it’s necessary, but it’s also part of their business model.

Consider this simple logic: The more websites that I share personal information with, the more likely a privacy breach of information that I did not intend to disclose will occur.

More to come..