Home » Author: admin
Supper basic here, but I just wanted to write up some notes on a fun little CTF starter I did. The description of this challenge said, here is the executable, get a URL and password out of it. First thing I always run is strings: Well…we see there is a “secret” function we need to find, and we see it gives us the password somehow… Now we need to execute this bad boy in a sandbox, I usually create a vm that I can blow away, copy the executable there then run it with some tools. First we will run objdump on it to see what functions are in this bad boy: This is where we find the function name…is actually called secret! LOL Now we decide what way to run this bad boy, do we put it into gdb to debug it or use ltrace? Lets start with ltrace: […]
Wired up the maglock to the REX, the new one works! Now…I can run some hacking tests but I don’t have a way to unlock the door from the outside, so….I need to get some more parts that I am waiting on….
I have started wiring up my maglock and RCR-REX….I have found that my maglock just isn’t strong enough so I ordered a better quality one…so back on the waiting.
Anyone that knows me….knows that I am not a fan of running windblows as my operating system. BUT….someone presented me with a challenge….and dang…I just can’t stop until I solve certain kinds of challenges, especially when they are related to Security. Anyway, the problem….. You saw one of my previous posts dealing with ProxyTunnel and tunneling ssh connections over an apache server via ssl….well.. A friend tried running proxytunnel on windblows as I described it and it didn’t work for them. My experience with the problem: I downloaded the 1.9.0 windows exe version of proxytunnel, attempted my connection to the https apache proxy just like I had done in the past and I was getting “error: Socket write error.” That certain level of frustration you only get dealing with Windblows…..oh, you know what I am talking about, I felt it. Worked on this for 2 days…or more…I never tell how […]
Well, mostly just photos here. Finally finished the Holocron project.
So many reasons to be able to do this, and I hope the title is descriptive enough. I will admit that most people who want to do this are people who are on a corporate environment that is blocking ssh traffic…. but my purposes are a little darker….like usual (wink). Sometimes ssh is blocked, some times you want to hide your ssh traffic….in my case I wanted a way to hide my ssh traffic from my raspberry pi drop boxes. When I do a pen test engagement and I physically break in I drop off a raspberry pi and the more stealthy I can have it be, as I have it perform tasks, the more dangerous and longer I can leverage it to help identify the vulnerabilities I need to find. Yes, you can also use this method to circumvent corporate firewalls and security systems that are blocking ssh traffic, […]
My hobby time this week has been consumed with a project for my daughter. Her “Activity Days” girls are doing a Pinewood Derby with the Cub Scouts in our ward so I built her a car. Originally she wanted a puppy car….and she and I worked on a few designs but when we found out the race is this week I had to look for something that was a little less time consuming…. so we built one after her second favorite thing…Hershey Chocolate bars!
I have a few theories on how to circumvent the RCR-REX request to exit sensors. Cloud of moisture moving towards/away from sensor along with can of air to trip PIR; long straw/hose with can of air? radio jamming or some other method using the HackRF – it looks like the operating frequency for the RCR-REX-W is 5.8Ghz….. Tinfoil to reflect the 5.8Ghz microwave signals….or an unbrella that has reflection/obsorbsion of the radio waves…. Push rod with pop-up? Or drop down object like unbrella – might trigger both sensors at the same time cover the RCR sensor with tinfoil or something repeater of radio waves, the delay could simulate distance? It uses the doppler method so as an object gets closer the waves will be reflected back at a quicker rate, my understanding is it does not do a signal on that wave just a specific frequency could still try the small […]
Sometimes you just need to push yourself to finish a project….it is a fun project there are just other things I want to work on too…. I remember seeing people around me not finishing projects growing up, and even friends of mine, with partial projects laying all over the place. Ok, it is me, I am notorious for this… A while back I shared some details about a project I started that simulates a Disneyland Holocron. They use RFID inside their Kyber Crystals to change colors of the Light Sabers and the Holocrons. Well, now I have the electronics all together to change light colors based on the different RFID fobs or Kyber Crystals so now to wrap things up I need to put all the electronics in something that looks like a StarWars Holocron… I have a 3D printer, actually had two, so I converted one into a laser […]
Well… all this RFID stuff wasn’t all just because I was trying to be a maker person…. nope, there was still the hacker/pen tester in me that was driving all this RFID shenanigans. I built something, it was actually something I built before I made the RFID holocron raspberry Pi RDM6300 thing…. First I want to give credit where credit is due, I basically used the notes from this wonderful info sec individual named Alex Dib and his post on the RFID Thief v2.0 – Here another great post Here and it is all based on the Wiegotcha code found Here. Parts:– Raspberry Pi 3 – I also made a variation using a Raspberry Pi Zero W but more on that latter – I also got one working with a Raspberry Pi 2 but needed a USB wifi dongle to go into AP mode– HID MaxiProx 5375 – got mine […]