Laboratory B - Page 17 of 19 - Burlington's Community HackerSpace

Pwn Plug Wireless = Evil AP in a power brick!

Oh yes! Karmetasploit, wepbuster, aircrack, and kismet on a Sheevaplug microserver!
http://www.pwnieexpress.com/

JavaScript Obfuscation of an IE 0day

ms10_xxx_ie_css_clip with AV bypass? Yeah, you’re on the pwnie express.
http://grep8000.blogspot.com/2010/12/javascript-obfuscation-of-metasploit.html

Meterpreter scripts for RunAs privilege escalation & other mischief

send_keystrokes.rb: Meterpreter script to interactively send keystrokes to an open application window using the vbscript SendKeys method. Can be used to escalate privileges into RunAs-invoked command shells on XP.

IE_click_run.rb: Meterpreter script to interactively click “Run” at the IE “File Download Security Warning” prompts. Can be used to escalate privileges into RunAs-invoked IE instances without end-user interaction on XP.

http://code.google.com/p/metscripts/downloads/list

http://grep8000.blogspot.com/2010/04/windows-privilege-escalation-talk.html

Digital Forensics Comes to VT Police

7 Days Newspaper publish an cover story article last week about the developing digital forensics culture in Vermont. [LINK HERE]

Epic. Google. Fail.

Apparently the free, handy Website Optimization code tool provided by Google and used by many thousands of web developers and admins around the world is vulnerable to an XSS attack. Oops. Not very Optimal! [Link Here]

RBL — Presenting the PWN Phone

Rocket Bear Labs is proud to announce the introduction of the PWN Phone — Nokia N900 outfitted with a full, working pentesting suite.

[Details Here]

Just in case you’ve never seen this..

When Lawyers & Financiers attack

Ellis says the city is hoping it won’t have to pull fiber optic cable out of the ground to return the property to leaseholder CitiCapital. Instead, the city hopes to be able to find the same kind of cable and that it can then turn over to CitiCapital.

via Vermont state board hears from Burlington Telecom | The Burlington Free Press | Burlington, Vermont.

Pull fiber from the ground to recoup debt? WTF? Last time I checked recovered fiber wasn’t worth anything. And most of the money spent was in installation. And it cost a ton to remove it in the first place.

And if you can find the “same kind” of cable, why don’t you just give them cash? Or does BT has a secret stockpile of cable.

I’ve always figured that CitiCapital would be pulling equipment from the core. Say some routers & switches? Or something from the IPTV head end. At least there is a resale market for that stuff.

OpenWrt / HOWTO:Run a transparent TOR proxy “Anonymizing Middlebox” on Openwrt

This might be a handy inclusion into the Lab network.

OpenWrt / HOWTO:Run a transparent TOR proxy “Anonymizing Middlebox” on Openwrt.

IE9 to allow Track Blocking

With all the attention being paid to cyber security and online privacy it seems Microsoft may be listening. The next version of Internet Explorer (IE9) is slated to allow users to block certain websites from tracking their activity. [LINK HERE]