Jump to content


Most Liked Content


#360356 Has everyone been down repped or is it just me?

Posted by Powermaniac7 on 11 February 2012 - 08:01 AM

Hi all,

Been busy for a while and was distracted by other facets of life. Signed in today was reading some of the posts to see if anything major or interesting has happened and not much has changed as I expected (no offence). So it seems no harm there in being temporarily gone.

Now as I was reading some of the posts and a reply to my "Everything is Assumed" thread I noticed I had been down rep to -6 so I checked the Binary Revolution forum index page where it has a list of where you were down repped and which it was in like each thread over a long past with no replies as to why...I in some ways don't care but was wondering has another spam bot got lose or some dumb-ass, or did I make a thread that offended some community and they say it and one of them joined and down repped me for that. Anyway I was also wondering if this had happened to anyone else as well.

Thanks in advance for any replies.


#357224 Dell Laptop Password Issue ???

Posted by heisenbug on 18 February 2011 - 03:47 PM

Truth is i found the Laptop and intend keeping it but can't access the system without the password. In this case whats the best tool to use to hack the password?


After seeing your post #4, I withdrawal my advice.


After reading your comment #4 I also got really annoyed. I agree with Berzerk on this. Correct me if I am wrong, but it seems you don't know the difference between petty theft and hacking.

Here is what I consider the difference:

HACKING -
  • Taking a computer, and figuring out a way to bypass the password.
  • Disseminating the contents of the drive to find the owner's name, address, and pictures of them to identify them.
  • Being nice and installing programs to help them find their PC if they lose it again.
    • VNC - (to view the system)
    • An SSH server - (to help retrieve their files)
    • An IP beacon - (To say when the PC is online and what the IP address is)
  • Returning the laptop to the owner.
  • Occasionally checking in on the PC to make sure the system is ok, and they didn't lose it again. (What a good citizen!!!)

PETTY THEFT -
  • Not using google to find a simple kiddie script.
  • Being an idiot and telling everyone you are committing a crime.



#342859 Take down websites. [Dos tool]

Posted by Aghaster on 19 July 2009 - 08:32 AM

I swear to God that if you ever mature you'll look at this post in a couple of years with SHAME.


#361501 Understanding the Tandem Network

Posted by ThoughtPhreaker on 07 September 2012 - 04:44 AM

Hey Samo! Good to hear from you again. Sorry to give you a wall of text here, there's really no concise way to explain this.

In short, if you want to explore a long distance tandem, your best bet is to use a PIC code. There's a very simple trick that lets you push any destination you want directly into the tandem. We'll use Worldcom as an example, since it works from basically anywhere in the United States.
Ready? Dial 101-0555. That's it; no zero, nothing. What you get next is a dialtone straight from the tandem. In the case of the ex-Worldcom tandems, it's not quite as fun as it could be; it wants an authorization code a-la 950 calling card.

Here's an example of what you might find - http://thoughtphreak..._800223110.flac

That's from a DMS (500, I think) owned by Integra, one of the local CLECs. Most long distance tandems (AT&T's aside - we'll get into that in a bit) don't like terminating toll-free calls, so you'll end up getting weird messages that you'll never be able to hear normally unless your switch loses it's mind. What's so great about this is you're completely free from the dialing restrictions of a normal end office. Want to dial an NXX starting with 1 or 0? A code starting with #? *? There's nothing standing in your way. Sprint in particular stuck a speed dial function on their tandem for some weird reason in the #xx range. #99+anything seems to be it's own little exception - it'll wait for a very large amount of digits before eventually giving you a generic CBCAE recording. This might indicate they're hiding something else here.

There's one downside to this technique; if you're not subscribed to a carrier, they won't always let you play with the tandem. ex-MCI (0222) and Sprint are a couple good examples of this, but Sprint will give you a cool message as a consolation prize. Depending on your area, you might have better luck too. For example, the Qwest long distance network has a combination of DMS-250 and Sonus switches.

Sonus isn't fond of letting people have fun on the phone, so you'll just get a generic error recording. If you encounter Global Crossing's Sonus switches, you won't even get a custom recording, you'll get the Sonus stock one. It's worth a laugh if you ever hear it. It's under three seconds, and was clearly made last minute by an engineer.

Speaking of Global Crossing, like MCI/0222, they have a number of Alcatel DEX switches floating around. Dialing 101-0444 will just get you an error, though. The solution? 950-1044! What dialplan they're using is absolutely beyond me, though, so you're on your own there. There's suggestions - like 800-223-1104 (but only without a 1) going to an invalid code recording that suggest it might be for calling card use, but most things I can think to try just go to a CBCAD.

And then we come to AT&T's 0288 network. I'll level with you, this is something I haven't figured out at all. Whenever I've been fortunate to get a dialtone back, it's always been from one of their 5ESS toll tandems. If there's such thing as a pushy phone switch, this is it. It'll let you know right away if it thinks you're doing something wrong. And putting a 1 in front of your destination number is wrong. I haven't had time or an opportunity to just sit down and investigate this, but what I do know is it's unique from a lot of other switches. For one, it'll terminate toll-free calls, but only on specific carriers. I believe just AT&T and Global Crossing toll-frees. Sometimes, it gets a little weirder - like, if you dial 800-244-1111, you'll get a recording from a McLeodUSA DMS. What this means I'm not sure exactly, but my guess is since the 5E toll tandems are responsible for lending a hand in connecting toll-frees, they'll store translations for those toll-frees. If it happens to have one - outdated or not, it'll just use that instead of doing an SMS-800 dip.

Also of note on the AT&T tandems is the 600 NPA. Instead of just intercepting it like any invalid NPA, it'll pass this onto the 4ESS. This might indicate AT&T stashed something in there.

As for your question - is SS7 relevant to phreaks?

Absolutely. The very core practice of phreaking - introducing unorthodox input into the phone network - is fair game to everything, in or out of the speech channel. In the past, we've proved ISDN cause codes can trigger calls to take a different route, and it's been demonstrated that originating a ghost call (in short, an ANI fail on steroids - a call originated with no field other than the destination number) can be enough trouble that phone companies would probably scratch their heads as to whom they should send the bill to. It's understandable that figuring these things out is a challenge, but if anything, that should be a motivator. We're phone phreaks, we've got the resourcefulness to identify a piece of telco hardware by nothing more than vague sounds, and have fun in the process. This should be a reminder that there's always more to explore, and always another limit to break.


#361318 New to network hacking

Posted by phr34kc0der on 08 August 2012 - 02:37 PM

It's a mindset.

You hack to learn, you don't learn to hack.


#357578 YOUR ATM CARD CAN PAY YOU REAL MONEY

Posted by tmwhtkr on 22 March 2011 - 03:33 PM

That sounds like a lot of work! Can I just send you my bank account numbers and social and have you help me out?


#351481 password generator

Posted by SigFLUP on 22 March 2010 - 06:53 PM

So I just logged into binrev using this:
Posted Image
it automatically generates, stores, and types passwords and looks like a usb-keyboard to your computer.

That's a at89c5131 dev-board, this mcu is pretty much an 8051 with usb hardware. I'm probably going to keep touching up the code a little before I start printing boards.


#349663 Spoofcall/Trapcall

Posted by decoder on 21 January 2010 - 10:02 PM

Not to stir shit up, but I certainly agree that this forum shouldn't be a place where fake accounts come along and post allegations which result in people being terminated from their employment.

If "unlucky" was indeed the victim of a violation of his privacy by an employee of trapcall/spoofcard then he should have contacted them.

Also, if Lucky was fired without any evidence of a particular account being accessed by an employee, then he worked for a piece of shit company.

If I were a mod, i would have deleted this thread because even if the allegations were true, there was not a shred of evidence provided, and I do not believe that this is a place for such things. perhaps if "unlucky" simply voiced a concern over the privacy expectations when dealing with a particular service, but he didn't - he made an accusation directed at one man, without anything to back it up.

That being said, it's probably all true. :laugh: ...seriously.


#344876 I need to manipulate my cable tv.

Posted by R4p1d on 06 September 2009 - 11:50 PM

Every time i needed a channel on my cable tv, the company always ask for more money. Is there a way i could manipulate my cabletv without a hole in my pocket? Oh, i have direct tv.


Stop paying for tv service

Look into "FTA" or "FTA Receivers" Etc.

Just read up on the "Free to Air broadcasts"

You just buy a receiver, point your satellite at the orbiting satellite and you can get over 1,000 channels

Free.


#344337 Apparently SCO owns UNIX again

Posted by Colonel Panic on 28 August 2009 - 03:37 AM

SCO doesn't own UNIX, at least not yet. The actual "ownership" and copyright to UNIX is a very complicated issue. All this court decision did was "reverse material aspects" of the earlier verdict from 2007 that found Novell to be the rightful copyright owner. Now there's going to be yet another trial case to determine whether SCO does in fact own the copyright.

I don't think anybody seriously gives a shit about System V UNIX, UnixWare or any of SCO's other crappy, outdated products.

But a company like SCO, which has been in bankruptcy for over 2 years, has virtually no market share and appears to exist these days only for the purpose of suing other companies, might well gain legal ownership of the original System V UNIX code. In other words: they might gain a legal "leg to stand on" and cause more trouble for OSS creators and vendors.

For years, SCO has been bitching that Linux infringes on a copyright for the original UNIX code that it assumes it holds. They have sued companies like IBM and Novell which produce Linux-based software and distribute Linux as an OEM OS. They have disseminated propaganda to Linux users, accusing them of copyright infringement and alleging they could be liable for damages simply by running Linux. They have sued their own (former) customers who switched from using their products to using Linux. SCO is also known to have received financial backing from other, far more powerful interests whose goal is to ruin the open source software movement by any means possible. At this point, SCO clearly has nothing to lose, and Microsoft doesn't have to dirty their hands or risk hurting their own public image by attacking open source developers in court. Microsoft can just sit back and bash the OSS movement in the press, allege IP infringements, negotiate cross-licensing agreements and provide financial support to companies like SCO to file anti-OSS suits.

This may not be a potent threat to the very existence of Linux, but it could definitely harm Linux in the business market and lead to some very bad precedents regarding OSS and software copyright/patents in general.


BTW, I'm not the one who voted down your post. It's an interesting bit of news on a case I haven't really followed in awhile. Thanks for posting it.


#343963 Postage Machine Hacking

Posted by Phail_Saph on 21 August 2009 - 01:02 AM

Posted Image

The above is the 'offical' Postal Regulation for an IBI or Information Based Indicia. All this information is contained in the 2-D barcode to the upper left of a piece of metered mail. Look at some of your junk mail and it will be very clear what I mean. It's that box that looks like Lattera's avatar. The column that says barcode are all of the data items in that 2-D barcode that I'm talking about and the Human Readable is what you can decipher when you look at it...date, time, etc.

The information is digitally signed so that when the Post Office reads the mail it can be fairly certain that it came from a particular licensed meter.

What's crazy is that the meter internally communicates with 'itself' using an asymetric key system...public/private. That is the meter contains a postal security device which is tamper resistant (of course resistance is a relative term) that sends out commands to create and sign the indicia with all the signals being encrypted. Think of it like an HTTPS setup for internal communications or more appropriately like each command being digitally signed. Digital signatures use the public/private key system so this is closer to what is happening.

The whole postage meter industry is so wacky. What I mean is that to actually attack the meter directly is incredibly hard but not impossible;however, there are far easier ways to 'hack' a meter. The meter itself and access thereof is fairly easy due to primitive security. If you have physical control of a meter and a system that can interface with it you can do pretty much whatever you want. But not to be too much of a worry wort...printing postage is printing money; stamps are a legal form of tender so if you play games with this stuff the penalties are insanely harsh because of that. I know some smartass is saying to himself, "Oh then I can use it to buy my groceries?" Not exactly...unclaimed stamps can and must be refunded by the post office. If you show up with a stamp that is legally yours or if you can 'somehow' prove that that is a stamp of yours the post office refunds the amount on the stamp. Of course it isn't an immediate refund. You can't just show up with a meter label for a hundred bucks and walk away with a c-note.



#341651 RIP Pirate Bay

Posted by .solo on 01 July 2009 - 11:30 AM

Ohm, you obviously get off on policing binrev. Seriously, I've seen you crush countless topics with your sense of superior morality. The only thing that impresses me about you is that you always find some way to condescend. You've got a real talent.


#340641 New Operating Systems

Posted by Ohm on 12 June 2009 - 11:42 PM

Clearly the best was Windows 95. Don't you miss 3 reboots a day?

As for XP, it was received pretty badly at first. Pre-SP1, XP was quite buggy. Also, for the time it was resource heavy, so a lot of people complained they couldn't run it on their current machines. I always got a chuckle when people bashed Vista, yet praised XP which had similar problems at the start. Of course people were willing to bite the bullet since the alternative was Windows 98 (or for the enlightened few, Windows 2000). Now, you have XP which works and is stable, so you can sit back and poo Vista all you want.

I've also had no problems with Vista. If you have a fast enough machine, there's just not much to complain about. It works, what more do you want?

As long as you're listing future OSs, why not list Ubuntu 9.10?


#326986 Technical Books Online

Posted by Ohm on 03 January 2009 - 10:03 PM

Great link. Who wants to mirror this and stick up a torrent?


#361301 New to network hacking

Posted by Beave on 05 August 2012 - 05:24 PM

Hey guys, I am rather new to hacking but I am looking to step into the world. I've done some basic stuff like getting a war-dialer (thc-scan) to work and messing around with Low Orbit Ion Cannon (I wouldn't call that hacking) but I want more. I would like to try setting up a botnet/getting involved in DDOS but I am not sure what software I need or which is the best. I also am not sure how put packets onto other users computers. I would greatly appreciate any help. Thanks!


Hrmph. DDoS isn't "hacking" and it's lame. Botnets can be interesting, but not for what you want to do (malicious activity). You'd be better off spending your time on better ventures. IE - "real hacking". There's a ton of ways you can get involved which don't involve destruction and disturbance of services. Hardware hacking, System & network security, etc.


#351168 Verifone CC Processing Software

Posted by VeriPhony on 13 March 2010 - 05:03 AM

So the most interesting flash drive fell into my lap the other day (or out of someone's pocket maybe? not sure, it was on the floor) and like any good citizen I plugged it into a laptop that I didn't care about running off a BT4 liveCD with no hard drives mounted (I'm not dumb) with the intent of perhaps identifying the owner and returning it. I didn't find any identifying information on the drive, which was odd since it had transcripts of emails etc with names redacted, like it was intentionally anonymized or something... Anyway once I started reading this stuff I couldn't stop. Long story short it appears to be the property of some Verifone employee who has gone to great lengths to let people know how broken their software is and keeps getting shot down.

Maybe I'm interpreting a lot of this the wrong way but it's almost like this person wanted this stuff to make it out. Whether that was the intent or not, it's happening :)

Here's the thing though, I'm guessing about 80% of what's on this drive is Verifone's intellectual property and the other 20% they probably wouldn't be too happy about seeing on the internets. I don't want to violate any of BR's policies either and I'm not sure what the stance is on stuff like this. I'll post, in my own words, what appears to be the original research of this drive's owner and I'll gladly send anything on this drive to anyone who wants copies assuming you have a safe anonymous way to get them to you. I might just start an eepsite or something with all this stuff on it, let me know what you all think I should do and I'll respect your opinions and policies.

Anyway, on with the stuff I think I'm safe to post here.

The docs in here seem to be about 3 products: pc charge, ip charge, and payware pc. They're all credit card processing apps sold by verifone (ip charge seems to be more of a service, very paypal-esque). There's some good stuff that looks like internal documents, training and such, for ip charge and payware, but the majority of this stuff seems to be about pc charge. There are docs labeled "capture spec" and "auth spec" for a couple dozen companies which google tells me are credit card processing companies and various documents outlining how point of sale systems communicate with verifone's stuff. It's all quite fascinating and I'm sure it could've been RE'd anyway so it's probably safe to post here, but this is me asking nicely before pissing people off.

The cool stuff though was in its own separate folder, this is where our tech outlines all the security problems found in several versions of the software (there's installers on the drive too for like 4 versions and a zip file that's got what I hope are test accounts - haven't checked if they work, too scared). Here's what was documented:


* The software apparently has open SQL injection bugs, and apparently that's enough to get the app's certification yanked on the spot - at least according to the tech... Management seems to disagree in some of the emails...

* The software encrypts most of the data it stores, and everything it encrypts is using the same algorithm and key and the data is never hashed, and the key never changes, ever, it's always the same for every installation of the software. There's a spreadsheet in here that appears to be a rainbow table of expiration dates. It's referenced in one of the emails as a proof of concept that threatens the possibility of such a table being made for card numbers too.

* The software, apparently, stores its password data encrypted rather than hashed, and uses the same algorithm as it does for everything else. One of the docs shows how you can copy and paste the password field into other database fields and use various menu options and reports to decrypt the password for the root user, who is apparently always named "System"

* The software stores absolutely everything in an unlocked unencrypted unpassworded access database. The only protection on this thing is that the version of access they use is so damned old you can't actually do anything with the file in new versions without converting it and making it inaccessible to the app. Of course they circumvent this one and only layer of security by including an old copy of M$ VisData with the app so you can SQL your heart out.

* Apparently compliance only requires CC data to be encrypted once it reaches a "public" network like the internet, so nothing between this app and a point of sale system is ever encrypted. Everything is sent either via everyday TCP to an arbitrary port or by a method called "file drop" which according to the docs is more common. "File drop" consists of putting all the CC and transaction info into an XML file, copying that file into a shared folder over the network, and then watching for a file that contains the response. Real secure guys, real secure. Technically speaking I think this is supposed to happen on a separate network segment than the free WiFi you give your customers but who wants to place bets on how many small business owners know a subnet from a fishnet?

* The emails seem to indicate that a lot of large chains use this broken app and does list several scarily big names. Not sure if this forum is the appropriate place to drop such a bombshell so I'll await your response on yet another item.

There's lots more here. Again please advise on what would be the best method to send this stuff around, assuming you're all even interested.

I'm still digging through a lot of this stuff, and some of it is honestly a bit over my head. Until I can get this stuff spreading ask questions and I'll see if there's an answer in here for you. I've spent probably two weeks combing this stuff and playing with the software on VMs that are intentionally disconnected from the 'net, there's a ton of stuff here and I'm just beginning to comprehend it all...


#347293 Law enforcement forensic app 'leaked' onto internet

Posted by totallyAunti on 12 November 2009 - 11:00 PM

Has anyone seen this news?

I'll paste this article on it below (with link) :

Microsoft Cofee leaks onto the web

Microsoft Cofee leaks onto the web

No use crying over it
By Alexandra Pullin
Monday, 9 November 2009, 14:18

MICROSOFT'S DIGITAL FORENSICS software has been spotted on a file-sharing site, available for all to download.

Computer Online Forensic Evidence Extractor (COFEE) is a forensics tool that fits on a USB drive for the police to use in PC forensics.

The software is free to police forces around the world and helps access details about crimes such as identity theft, online fraud, child pornography and illegal filesharing before criminals can wipe the information.

It's reportedly illegal for unauthorised people to download and use the software.

According to the Vole it takes the average bobbie "with even minimal computer experience" less than ten minutes to master the program.

"This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer," said Microsoft.

The Vole and police are worried that cyber criminals could analyse COFEE and write code that would identify and intercept it, securely wiping incriminating data from their hard drives.

COFEE requires Windows XP but it does have some Windows Vista support. According to company insiders, Microsoft is developing a new version of COFEE that will be released next year for Windows Vista and Windows 7. ยต
--------------------------

Microsoft's page on this app :
COFEE

There are in fact several sites featuring it for download, including a few torrents I found.

Anyone have an opinion on this?

Edit : I've seen this program on a certain torrent site which has 1 downloader's comment. The comment was a fake, claiming the torrent seems fake because it contains various zips with lots of rar files in it. I happen to know this particular download has none of this in it and was legit, therefore the downloading party is either stoned and was seeing things or more likely someone "concerned" who was trying to discourage people from downloading it (a.k.a. hoping to scare criminals away thinking it's a bad download).

Very interesting.


#343144 Binrev Hacked 2009-07-29

Posted by Ohm on 30 July 2009 - 05:57 AM

I'd also like to mention that since the password database was stolen you should consider the password you used on these forums to be compromised. The passwords were hashed of course, but we all know hashes can be reversed. If you use this password anywhere else, change it as soon as possible. I'm not sure how Invision hashes passwords and if rainbow tables will be able to break them, but it's safer to assume they're all compromised.


#342229 Confcon

Posted by Seal on 08 July 2009 - 06:14 PM

Here it is /with/ the text:
phreakconf3.png


#326968 Technical Books Online

Posted by duper on 03 January 2009 - 08:31 PM

Lots of old books (copyright expired) about analog electronics, amateur radio, telephones, etc.:

Technical Books Online


BinRev is hosted by the great people at Lunarpages!