KellyKeeton dot Com v3.0 reverse engineering life

21Aug/080

speed trap data

here is a fun site that keeps a record of all the speedtraps, cameras, and red light cameras

you can export the data into a CVS file that you can then put into your various device(garmen, blackberry …) anything with a GPS ability. even the unidenscanners have a hack nifty…

Filed under: Hack No Comments
12Jul/080

robots.txt file reporter

So if you didnt know, over the holiday weekend I fell off a 15ft clif and messed up my foot real good. Well as I was sitting on the couch all weekend I wanted to make a script to convert robots.txt files that are on webservers inito a nice little clickable HTML map for reporting and pen-testing. A little bash hacking and I Have a nice little working script. so I present - I think the worlds first robots.txt to HTML page converter.

update: changed the raw code to a file as Im tired of google hits with linux commands

robotReporter.sh(1.73 KB)

Filed under: Hack, Internet, Linux No Comments
1Jul/080

security tool notes

so to update on a few fun tools I have found lately..

If you didnt know Backtrack3 isout get a copy
a strange search tool http://www.rapleaf.com\

http://www.rapleaf.com\

PEBKAC -a fun tool to pull out the fat finger users

Filed under: Hack No Comments
1Jul/080

hacking the DOL traffic flow systems

I have to sit at a traffic flow system every day, you know the ramp meter system. So today I just noticed that they are easy to hack. If you give a car length away from a car infront of you (keep off the Tar filler for the sensor in the pavment) and the other car in traffic, and then once they get the green light and it turns red again pull foward over the sensor and bam green light. I assume they all work the same or close to it. give it a try and mess up the traffic a little more.

Filed under: Hack No Comments
4Jun/080

www.HackMe

found a fun set of tools for firefox (to addto my prior post about browser plugins

addto my prior post about browser plugins
)

http://www.securitycompass.com/exploitme.shtml

Filed under: Hack, Internet No Comments
22May/080

Unlock Windows with no Password

So lets pose a problem, you have a computer with encrypted HDD and you cant reboot the PC. Or a comptuer has something worth getting in memory (encryption key) and you want it. But the computer is locked. well you can now hack this.

winlockpwn

winlockpwn
-tool to connect to windows with firewire and inject a dll hack into memory to bypasspasswords on the "windows lock screen" and allow you access to windows with no passwordwhen locked.

if your not a linux power user, or just want to cheat here is a setupquide and if you use backtrack here is a postabout it.

So a lot of people say it works, I agree that it will - it uses dll hacking for passwords,you can dothis with the computer powered off orjust hack it

so what did I get, nothing...

i get this error

IOError: [Errno 22] Invalid argument

from firewire.py, line 693: "If a node doesn't feel like fulfilling a request, itwill raise an IOError."

now if you unplug the fw and plug it back in repeatedly running the script it willstart scanning memory only to end with a device busy

seems that the "money time" is when the device is detected as a "Hard Drive" you startscanning the memory at that point. then the ipod comes in and all work ends

same issue on two computers

but who's to say Im just odd.

UPDATE: May22

I got it to work, who knows if I was sleepy or a reboot fixed it. But when I poweredup. Started from "step 5" and followed steps exactly.

Dell630 fully patched on the domain and it worked! I had full access as advertised.

something I noticed was that this morning businfo has 1 on the node 0 and not 0 forall the data it spits out on what will and wont work.

12May/080

LinkedIn or MySpace?

So I got hooked into LinkedIn asI went crazy adding all my co-workers to get a friend base, I thought… I havebeen here before. I remember back in 2002 Adding friends to MySpace account. Thisis funny, adult myspace for the working professional. You can even upload a pictureof yourself for what, to date?

All the funny social aside, this is a gold mine for social engineering. You have CxOlevel people all over the place adding each other and making connections.

Hello Mr.Thompson, My Name is Kelly I got your contact from John Doe who referredme to you for a security audit. I was wondering if i could find some time to meetwith you next week. “Sure”

// or “yes kelly what is your last employer …google google”

…awesome

Filed under: Hack, Social No Comments
22Feb/080

Decrypt BitLocker FileVault and TrueCrypt Whole disk Encryption!!!

I was just in the conference trying to swipethe memory from a laptop someone left there. Problem is that I had to remove the keyboard,then I broke my little screwdriver and when I did all this I realized I forgot mycan of air. Then it was too late my memory had gone muy loco

 

This isn’t a "holy crap my shit is 3137h4xor pwnd" but a "wow that’s a cool hack" sort of like Xbox running Linux oran oscilloscope that can print vector graphics from pong. This would be a cool Spytrick or uber 31337 bad guy. But if you wanted to get around it. You just use encryptedfile mounts. I woudl imagine that the protection on the temporary mounts is protectedor you just time out unmount the encrypted mount.

 

A elementary way to do this is the old keylogger.Works every time. I bet you arnt checking your docking station keyboard everymorning? (thankyou centas for the use of the building custodial jumpsuit for accessto your office)

 

I think the big thing here is dont let badguys finger your ram!

 

Did you see all the things that will causeproblems....

http://citp.princeton.edu/memory/faq/

 

I do want a copy of the RAM2USB boot applicationthey have, as that would be handy in uses other then just hacking "secret keys"

 

or be totally insane and checkthis out

15Feb/080

technology and security is slow

Things are very slow in the security world, I havent seen anything that is interestinglately. However in hardware hacking there is this way coool scope hack.

http://blog.makezine.com/archive/2007/08/youscope_oscilloscope_dem.html

 

Filed under: Hack, Hardware No Comments
8Jan/080

Xbox Software Upgrade

if I ever helped you with your xbox1 there are a lot of updates you should find me for.

Filed under: Hack No Comments