Tor Exit Nodes

I feel like I needed to help out a little more towards a great project: TOR. I won’t go into what it is here, as I assume my average reader knows. Hacking and Coffee decided to stand up a couple of exit nodes to contribute to the network. They do have a reduced exit policy, however most services are still accessible (notable exceptions being port 25 for SMTP between servers rather than user submissions). The first one to be given an exit flag is set and can be referenced at Atlas.torproject.org  (traffic statistics can be seen at https://tor.hackingand.coffee/stats ).

Read More

Def Con 24 Post Mortem

Now that the dust has settled, and the Vegas alsohol has left my system, time to write the post mortem from Def Con 24.

I solved the Caezar Challenge (albiet I needed a tiny hint on the last stage, as there was a lt of confusion with the hint given which was misinterpreted), and got to chew out the guy who broke my lock (all was forgiven we can 3d print new parts). I came close, but did not successfully defuse The Box. And shenanigans ensued.

Read More

Def Con 24 Caezar Challenges URl Solving

Part of the Caezar challenge involved URL forcing. There were four characters, three unique, that were unsolved in the domain name. Using a combination of scripting and nslookup, it was trivial to solve (though later determined not to be necessary, but was possible after solving via traditional substitution cipher. I wont spoil the preferred method here since it was brlliant and may be used again).

Here I explain this process.

Read More

Def Con Update

Hon1nbo here reporting from Def Con 24. I am taking a break from exploding at “The Box,” and sending this to post via raven carriers.

I got a Caezar’s Challenge badge, and whilst I don’t care to spend all of my time cracking the challegnes for the party, I want to give the person who dropped it a piece of my mind since he broke $150 worth of locks on the table in the process.

If you see someone handing out caezars badges say something. Tweet at me.

Cheers,

~H

Def Con 24

As I write this post, sitting on a plane with my bits flowing through the ether that is tunnels and routers of the networking abyss, I ponder my previous years attending Def Con. My first year, DC 19, was fun with the tamper evident competition yet I could have done more had I a full tool set. So I brought one this year. Pelican makes neat tool chests, so I may be wandering around with it at points.

Anyone who wants to say high feel free to call if you see me. Twitter may be the fastest way to get my attention if you can’t find me.

I have to run fo the moment. The flight attendents are complaining that a purple tail is wagging into the person next to me. I have tried explaining that it must be an optical illusion, as there is no tail, but to no avail.

~H

Homemade Photo Emulsion

(from the Project Archives)

Back when I was in high school, I did a lot of darkroom photography. At one point, I decided to make my own photographic emulsion. I wanted to coat canvas with it and expose my prints to it. With a little bit of chemical preparation, it ended up being a very simple procedure.

Read More

Peach EXE Template

I uploaded the first of my old Peach fuzzer templates to my Github account. This template is for the Microsoft PE/COFF 32bit EXE executable standard. I originally made this at my super-secret-alter-ego job almost 4 years ago. However, we did not have the resources to devote to running it at the time. Should not be too hard to update for 64bit and other newer attributes. May run it on some windows 10 VMs, or through some AVs such as Symantec.

Github Peach Fuzzer Templates

Serving malware via physical legal documents

I have decided to post about a personal trick I created and have used for quite a while. Given that most process servers are private entities, rather than actual members of the court, they are ready for hire without filing an actual legal process. Thus, it is possible for an official looking person to arrive at a target and present the payload in person without ever leaving a trace of your identity. This physical legal document has successfully gained my administrator credentials from targets that normally have a high level of security awareness, and usually catch phishing attempts.

Read More

Site Changes

The site is getting worked on again.

However, since i like to move fast and break things I am bypassing QA right now and, as long as my content is there, letting things happen. So formatting may look weird here and there but unless a link is actually broken, or content missing, please do not bother telling me as I likely know (and am in the middle of fiddling with it).

 

Cheers,

-H