Dandies.org - RSS

python - howto create a hidden executable

dandies.org — 2010-03-13T15:23:35+01:00

Goals:

Compile a python script to a single executable
Hide the console window
Execute hidden shell commands

1. subprocess.call() - execute a system command. Don`t use os.system()!

outofsight.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import subprocess

if __name__ == '__main__':
subprocess.call("md C:\\asdf", shell=True)

2. windows=[] - suppress opening the console window.

setup.py

from distutils.core import setup

import py2exe

setup(windows=["outofsight.py"],zipfile=None)

2. --bundle - build a single executable.

buildexe.bat

python setup.py py2exe --bundle 1

Oh! Sweet Nuthin'

dandies.org — 2010-02-03T20:51:43+01:00

February 5-7 2010, time for the ShmooCon!

ShmooCon Live Streaming Video - https://www.shmoocon.org/video.html

Democracy under corporate control

dandies.org — 2010-01-24T16:27:51+01:00

The Supreme Court of the United States ruled that the government may not ban political spending by corporations in candidate elections. With the argument that the 5-to-4 decision was a vindication of the First Amendment’s most basic free speech principle, everything they want is control and ironically it is now legal to accumulate the power to control.

Allowing corporate money to flood the political marketplace would corrupt democracy and lead us to the dark future of your favorite cyberpunk movies. Is it really that bad? I don`t know. Maybe, maybe not. Keep thinking critically and your spirit alive.

References:
http://www.supremecourtus.gov/opinions/09pdf/08-205.pdf
http://www.cyberpunkreview.com/news-as-cyberpunk/corporations-are-people-too-according-to-the-us-supreme-court/

Cyberpunk Collage

dandies.org — 2009-12-05T13:15:10+01:00

Google launches Skynet

dandies.org — 2009-10-29T20:20:42+01:00

Sources:
http://www.collegehumor.com/article:1793643
http://blog.auinteractive.com/google-building-skynet-artificial-intelligence
http://www.threadwatch.org/node/12313
http://googleisskynet.blogspot.com/

sex.py 2.0

dandies.org — 2009-10-17T11:43:47+02:00

Smashing Email eXtractor 2.0

Extract valid e-mail addresses from all kind of files. With sex.py you can extract a list of emails from a defaced text file or even scan recursively through a directory and all its content.
A scenario could be to download a website to your local hard-drive and use sex.py to harvest all email addresses. Once you have an output-file including some email addresses you can also use sex to verify the accounts. Works great with MetaGooFil! ;)

Highlights:

Switch the search pattern to match valid email addresses
Scan a single file or multiple files form a directory (including subdirectories)
Sort the addresses of the output file
Remove duplicated emails
Change output mode
exclude files by their extension
verify email accounts

Requirements:

python (tested with python 2.6.2)
dnspython

Changelog:

improved CLI
-y verify email accounts
-e exclude extensions
various code improvements
fancier output

Configuration:
You can set default values by editing the source file.

verbose = n
0 no output
1 print the email addresses e.g. if you want to pipe them
2 output email addresses, current file and grand total

sort = n
0 write email addresses to destination file as found
1 sort addresses in alphabetical order

remove_duplicates = n
0 capture all addresses
1 remove duplicated emails

exclude_ext = ["x","y",...]
x,y = file extensions you want to exclude

Usage:

sex.py [options]
sex.py [-lqsr] [-e ext1,ext2]
sex.py -y

source: absolute path to a file or directory
destination: path to write the output file
file: output-file including a list of email addresses

Options:

-l display email addresses only
-q silent output mode
-s sort addresses in alphabetical order
-r remove duplicated emails
-e EXTENSION exclude files by extension
-y FILE verify emails from file

Example:

$ python metagoofil.py -d microsoft.com -l 20 -f all -o micro.html -t micro-files
...
[ 19/21 ] http://research.microsoft.com/pubs/79881/siggraph2008.ppt
[ 20/21 ] http://www.microsoft.com/hk/msdn/download/MSDN_011214.ppt
[ 21/21 ] http://research.microsoft.com/pubs/73115/wsdm09_dcm.ppt
[+] Process finished
$ python sex.py -sr -e xls micro-files/ addresses.txt
>> FILE: micro-files/03SecEnh.doc
>> FOUND: exchdocs@microsoft.com
>> FOUND: exchdocs@microsoft.com
>> FILE: micro-files/5176.cff.pdf
>> FILE: micro-files/advreport.doc
>> FILE: micro-files/Age_of_Mythology_Strategy_Sample_Chapter.pdf
!> EXCLUDE: micro-files/australia.xls
>> FILE: micro-files/Benchmarks.ppt
...
>> Extraced email addresses: 43
$ python sex.py -y addresses.txt
NSWish@microsoft.com,mail.messaging.microsoft.com,550,5.7.1 Service unavailable; Client host [86.32.184.116] blocked using Spamhaus PBL, mail from IP banned; To request removal from this list see http://www.spamhaus.org/lookup.lasso.
....
!> FAILED: 2.WV
....
$ äähhh i think they don`t like me

Download:
sex-2.0.1.tar.gz

dandylicious

dandies.org — 2009-10-14T18:41:11+02:00

Brothers and Sisters,
We must confront ourselves.
We know that all men and women are created good.

We must understand why you have gone bad. You can not play checkers with your life, jumpin' around like an 'ol whirl wind.

Wrapping your dishes and plates and then unpacking them and placing them back on the shelf.

This is not the way Jehova One has designed you to act.

Unless.. you are willing to admit, that you are a normal, a pink boy, a ninny, a twit.

Only then can you decide where your path shall lead you. We know in head, that we are all created good by Jehova One.

Some of you got such bad luck sometimes in your life, you couldn't hang yourself with your own neck tie.

This is when you should look to Bob.

When you look to Jehova One, and say "Bob, come into my life" and you shall see, one set of footprints in the sand.

And that is when you will know, that Bob has charged you $5.99 to carry you to the nearest taxi.

Praise Bob in his divine ways.

You got to know, that life is like a vanishing twin. A baby inside of a twin inside of a woman's belly.

That's how confusin' this wiggly world can be. You got to raise up above this wiggly world and grab the hand of Bob!

Praise him and all that flows through Bob!

yaev.py - yet another email verifier

dandies.org — 2009-10-10T11:25:47+02:00

Yet Another Email Verifier 1.0

Verify emails by checking the "RCPT TO" return code from the SMTP server.

Hints:

The output is separated by commas, so you can easily import it to another application (e.g. MS Excel).
Create an address list by using the Smashing Email eXtractor!
Failed checks are added at the bottom (! )

Requirements:

python (tested with python 2.6.2)
dnspython

Usage:

yaev.py

file: absolute path to email-address list

Example:

$ cat addresses.txt
...
wolfgang.schaeuble@wk.bundestag.de
gm.schulz@gmail.com
jan.sipocz@gmail.com
brigitte.kopinits@gmail.com
r.buchmann@amag.at
annimarie.schaffer@gmail.com
iggy.popovic@gmail.com
erich.gabis@gmail.com
Kovacs.maria4@gmail.com
andreas.schimon@gmail.com
barbarajungreithmair@gmail.com
michael.gabis@gmail.com
$ ./yaev.py addresses.txt > checked_emails.txt
$ cat checked_emails.txt
...
wolfgang.schaeuble@wk.bundestag.de,mail1.dbtg.de,554,5.7.1 Service unavailable; Client host [83.187.177.131] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.187.177.131
gm.schulz@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 6si6034pxi.95
jan.sipocz@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 13si2013478pxi.35
brigitte.kopinits@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 27si2008921pxi.56
r.buchmann@amag.at,srxx0055.amag.at,503,5.0.0 Need MAIL before RCPT
annimarie.schaffer@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 35si2021257pxi.2
iggy.popovic@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 37si2019611pxi.5
erich.gabis@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 2si2010789pxi.52
Kovacs.maria4@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 42si2017013pxi.17
andreas.schimon@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 9si2018016pxi.13
barbarajungreithmair@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 40si2003494pxi.87
michael.gabis@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 37si2019846pxi.5
!gmx.de

Download:
yaev.py

Anthrockcentric Art

dandies.org — 2009-10-06T17:43:22+02:00

click to enlarge

I don`t know who did this photography but it includes everything I like ;) Keep your spirit alive guys!

Can You Dig It?

dandies.org — 2009-09-22T18:57:40+02:00

"The MAFIAA has spent millions of dollars and endless amounts of time to get this ban in order. Our guess is that they also bribed a bit to get it since it violates so many laws not only in Sweden but also in the EU, not to mention violations against human rights. And what do they have to show for it? 3 hours of partial downtime."

Hehe. I love you TPB! Read the full entry...

Your are a terrorist.

dandies.org — 2009-08-02T12:43:11+02:00

Du bist Terrorist (You are a Terrorist) english subtitles from alexanderlehmann on Vimeo.

Du bist Terrorist! A campaign against terrorist! I mean...you! Information is really important, so please spread this link. Thank you dubistterrorist.de! You did a great job.

exlex - passive host harvester

dandies.org — 2009-07-24T12:37:51+02:00

exlex passively collects IP Addresses on your network. You can use it for various different scenarios. See when and who is connecting, like a simple intrusion detection. Or get a list of all active clients — silent. Use at your own risk, very interesting information gets revealed!

Highlights:

Import existing IP list
Check input for valid IP Address
Timestamp when host was discovered
Sniff in promiscuous mode
Counter

Help:

exlex_win.py --help

Example:

exlex_win.py -i existing_ip_list.txt hosts_log.txt

Requirements:

Windows Platform (tested on Windows XP SP3)
python 2.6.x (tested on python 2.6.2)

Building a singe executable:

1. Install py2exe

2. Create a setup.py:

from distutils.core import setup
import py2exe
setup(console=["exlex_win.py"],zipfile=None)

3. Build your executeable:

python setup.py py2exe --bundle 1

For more information on building an executable read the py2exe Tutorial.

Download:
exlex_win.py

sex.py

dandies.org — 2009-07-12T15:25:45+02:00

Smashing Email eXtractor 1.0

Extract valid e-mail addresses from all kind of files. With sex.py you can extract a list of emails from a defaced text file or even scan recursively through a directory and all its content. A scenario could be to download a website to your local hard-drive and use sex.py to harvest all email addresses.

Highlights:

Switch the search pattern to match valid email addresses
Scan a single file or multiple files form a directory (including subdirectories)
Sort the addresses of the output file
Except duplicates
Change verbosity level

Configuration:
To configure Smashing Email eXtractor edit the variables in the source file.

verbose = n
0 no output
1 print the email addresses e.g. if you want to pipe them
2 output email addresses, current file and grand total

sort = n
0 write email addresses to destination file as found
1 sort addresses in alphabetical order

remove_duplicates = n
0 capture all addresses
1 remove duplicated emails

Usage:

sex.py

source: absolute path to a file or directory
destination: path to write the output file

Example 1:

$ wget --mirror -p --restrict-file-names=windows --html-extension --convert-links -v http://www.wolfgang-schaeuble.de/
$ python sex.py www.wolfgang-schaeuble.de/ addresses.txt
>> File: www.wolfgang-schaeuble.de/Audioplayer/swfobject.js
...
>> File: www.wolfgang-schaeuble.de/fileadmin/user_upload/PDF/050625nordkurier.pdf
Margareta.Moertl@cducsu.de
...
>> Extraced email addresses: 10
$ cat addresses.txt
Bruno.Kahl@cducsu.de
Margareta.Moertl@cducsu.de
aki-108@gmx.de
forum@welt.de
heike.nieske@cducsu.de
poststelle@bmi.bund.de
sebastian.pieper@cducsu.de
wolfgang.schaeuble.ma02@bundestag.de
wolfgang.schaeuble@bundestag.de
wolfgang.schaeuble@wk.bundestag.de

Example 2:

$ python sex.py shitty_formatted_list.txt shiny_email_list.txt

Download:
sex.py

Pics

dandies.org — 2009-07-09T11:21:21+02:00

Got new stuff for you! Enjoy it!

keytweeter - a twitter keylogger

dandies.org — 2009-07-02T13:41:14+02:00

Kyle McDonald coded a c++ keylogger that tweets every 140 characters you type. As an additional feature you can specify filtered words (config.xml) which are not posted to twitter. Security whitehats agree, twitting passwords wouldn`t be a good idea. :)

original forum post:
http://www.openframeworks.cc/forum/viewtopic.php?f=12&t=2227

twitter url:
http://twitter.com/keytweeter

Download - Binary & Readme
keytweeter_bin.zip

Download - Source
keytweeter_src.zip

phrack 66 released!

dandies.org — 2009-12-23T13:19:14+01:00

Be prepared for some awesome hacking stuff and nice ascii art. Here are the table of contents:

Introduction
Phrack Prophile on The PaX Team
Phrack World News
Abusing the Objective C runtime
Backdooring Juniper Firewalls
Exploiting DLmalloc frees in 2009
Persistent BIOS infection
Exploiting UMA : FreeBSD kernel heap exploits
Exploiting TCP Persist Timer Infiniteness
Malloc Des-Maleficarum
A Real SMM Rootkit Core
Alphanumeric RISC ARM Shellcode
Power cell buffer overflow
Binary Mangling with Radare
Linux Kernel Heap Tampering Detection
Developing MacOs X Rootkits
How close are they of hacking your brain

Update:
Uploaded a tar.gz version of phrack 66 to my server.

phrack66.tar.gz (local mirror)

hackthiszine #7

dandies.org — 2009-06-10T22:51:42+02:00

Hack This Zine Issue #7: Hack the Gibson released! Get it and spread it!

The topics:

Meta

Letters
News in the Briefs

Tech

Hacking your GPS (by Kuroishi)
Alternative PHP include vulnerabilities (by Flatline)
Obfuscating IP addresses (by Flatline)
Sucking Signal (by Sally)
Hardware Hacking (by Frenzy)

Philotics

On Using Technology to Dismantle the Industrial Beat (by Anonymous)
Oscar Grant and Copwatch 2.0 (by Flatline)

Bumping High-Security Locks

dandies.org — 2009-06-08T20:36:22+02:00

The Big Takeover

dandies.org — 2009-05-13T22:00:09+02:00

Cryptohippie has published a report on the situation of mass surveillance in 52 countries. They include 17 factors with regard to how close they are already to an electronic police state. The results are explained in a map (yes, with some nice colors!) displaying their rankings.

As a read the report a song popped up in my mind. It`s from the Bad Brains called “Big Takeover”.

“No one dared to show for that shower, when nobody turned out to be clean, was not even touched by the water, just another Nazi scheme.

Yeah, The Big Takeover yeah-ah-, My, big Takeover yeahh,yeahhh.

All throughout this so-called nation, prepare yourself for the final quest. This world is doomed with its own integration, just another Nazi test!

Yeah, The Big Takeover yeah-ah-, My, the big Takeover yeahh-yeah-yeahhh.

So understand me when I say, there's no love for this U.S.A. This world is doomed with it's own integration, Just another nazi test.

Yeah, The Big Takeover yeah-ah-, My Big Takeover yeahh,yeah-yeah.”

Cryptohippie - Report

PS: Spray paint the walls! Show the schemers how pathetic their attempts to control things really are!

sad.py

dandies.org — 2009-05-11T20:12:55+02:00

Search And Replace tool for the pythonist.

Walk recursively the directory. Look for matching file extensions. Find and replace your strings.

Usage:

sad.py

Example 1:

sad.py old_text new_text txt

Example 2:

sad.py "" "" php

Download:
sad.py

hacking founts #1

dandies.org — 2009-04-28T20:24:45+02:00

Scene releases, code, news, information, expressions, style, anarchy, cyberpunk, communities and much more. All these things I will provide you in a few dandy links. Don`t miss them!

Hacker's Hideaway
Flyninja Dot Net
Null Area
proge.net
DarkTrix Arena
0x3a
thoughtcrime.org (Damn! I love this site!)

I caught this links via progenic. Keep it up guys!

regwalker.py

dandies.org — 2009-04-17T15:08:31+02:00

regwalker is a python script for Windows to walk the registry on a specified key und look for a subkey that matches a string. If a subkey is found return the value of the defined entry name.

I wrote it because Inno Setup allows multiple applications to be installed to the same directory. When that happens, the first application's uninstaller is named unins000.exe, the second application's uninstaller is named unins001.exe, and so on. If you want to use a script to uninstall a application you can use regwalker to fetch the current UninstallString in the registry.

Usage:

regwalker.py

Example:

regwalker.py HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall adobe UninstallString

This will return the UninstallStrings of every installed Adobe Product.

Requirements:

Windows Platform (tested on Windows XP SP3)
python (tested on python 2.6.1)

Building a singe executable:

1. Install py2exe

2. Create a setup.py:

from distutils.core import setup
import py2exe
setup(console=["regwalker.py"],zipfile=None)

3. Build your executeable:

python setup.py py2exe --bundle 1

For more information on building an executable read the py2exe Tutorial.

Download:
regwalker.py

Who are we to call ourselves civilized?

dandies.org — 2009-03-21T20:48:45+01:00

TorrentFreedom Client

dandies.org — 2009-03-20T17:58:00+01:00

TorrentFreedom.py is a simple python script to connect to the Torrentfreedom VPN Service.

Highlights:

You do not need wget
Proxy support
You can use special characters in your password

Requirements:

*nix platform
python (MacOS/X Leopard comes with python 2.5.1 pre-installed)
openvpn 2.1

Download:
TorrentFreedom-01.tar.gz

Urban Hacking

dandies.org — 2009-02-12T19:31:59+01:00

Yeah! That`s what I`m talking about!

Some hackers turned a building into a big urban space invaders game. Watch the clip:

Now show us how you did it, so we can demonstrate these guys at the ISS (International Space Station) some Ping-Pong with the Planet! You guys are totally awesome! I love it!

Pics

dandies.org — 2009-02-09T18:39:35+01:00

Here are some pictures I have harvested over the years (thank you illmob!). I hope I can share them without breaking some shitty copyright, if I do, please let me know.

Python Code Examples

dandies.org — 2009-01-19T14:55:02+01:00

Learning from the source! Here are some dandy links to python recipes which may help if you stuck or need some inspiration. Darkc0de, Packetstormsecurity and R00tsecurity are especially security/hacking related. Enjoy it!

ActiveState Code - covers a lot various stuff
Vaults of Parnassus - categorized python resources
Darkc0de - scanner, fuzzer, exploits, brute forcer, logger,...
Packetstormsecurity - several python projects
R00tsecurity - security forum
pypi - Python Package Index
directory.google.com - Python Google Directory

hackthiszine #6

dandies.org — 2009-01-16T22:25:02+01:00

Good e-zine`s are getting rare nowadays and there is a lot of time to pass between the next Phrack release. To keep it short (as I always do)
I want to recommend you reading HackThisZine. It covers many topics related to activism and technology. The latest issue is #6 which was released on 08/19/2008, I know this isn`t brand new but this should not always be the main reason of blogging.

Sometimes I try to keep up with this fast spreading, fast forgotten meaningless news but mostly I`m to lazy to copy & past all of this shit, there are more important things in live I want to spend my time with. I feel a little bit sorry and want to apologize of being so damn slow. :) I hope I can provide you quality instead of fast food news. Now, back to the zine.

HackThisZine Issue 6 - The topics:

Political Articles: Views and Opinionated Articles

On the Necessity of Direct Action (by Nomenumbra)
Hacking Freight Trains Part 2 (by Haifleisch)
Berkeley Tree Sit (by frenzy)
SF Community Colo Project (by ryan)
Callout for electronic action at the DNC & RNC (by hackbloc)
39 Lashes a poem (by Ardeo)
RNC Comms Analysis (by CGB)

Hacking / Technology: Articles for Digital Resistance

Cryptographic Education for the Militant Activist Part 1 (by Nomenumbra)
Crabgrass: A Social Network for the Rest of Us (by Flatline)
The PE File format and its Darkside Part 2 (by Nomenumbra)
Full Disk Encryption Attacks (by hackbloc)
All Your Face(book) Are Belong To Us (by flatline)
Communications Systems and Technology (by Impact)
Anonymity with Wireless Networking (by Impact)

First Recorded Usage of "Hacker"

dandies.org — 2008-10-18T20:11:58+02:00

1963 _The Tech_ (MIT student newspaper), published in 1963, used the first known recored of the word “hacker” in connection with computers.

Impressing this is over four decades ago! Hard to believe what consequences such a publication has. What I found very interesting is the fact that “hacker” is also related to black-hats since this article. At the moment we know that the word “hacker” is extremely ambiguous. But that`s not bad. I also have my own interpretation of the word, a very positive one, which is worth to aspire.

Information found on:
cyberpunkreview.com
duartes.org

Gas Mask Buddha

dandies.org — 2008-08-11T18:24:39+02:00

Damn! I love this picture!

Source: http://www.ectomo.com/index.php/2008/08/01/gas-mask-buddha/

Cybertek Zine

dandies.org — 2008-07-25T17:37:32+02:00

Once again, the Doktor made me call attention to a Cyberpunk-Zine called: Cybertek. You think the end of the world is near? Maybe you are right! Then this zine is exactly right for you. It covers various stuff about hacking, phreaking, plenty tech tipps, survival techniques...etc. Everything you need to know to dare this cruel new world. I was really impressed about the fact that it`s actually active scine 1990! Great style, that`s what I call dandy. So who claims that the underground is dead? The heart is still beating.

habitats of interests:

W I R E D T O P 10
streettech.com - cybertek review
Cybertek Issue #25

Tor security compromised?

dandies.org — 2008-07-11T20:02:41+02:00

Just found some really interesting stuff i want to share with you:

“Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems
We present a novel, practical, and effective mechanism for identifying the IP address of Tor clients. We approximate an almost-global passive adversary (GPA) capable of eavesdropping anywhere in the network by using LinkWidth, a novel bandwidth-estimation technique. LinkWidth allows network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. By modulating the bandwidth of an anonymous connection (e.g., when the destination server or its router is under our control), we can observe these fluctuations as they propagate through the Tor network and the Internet to the end-user's IP address. Our technique exploits one of the design criteria for Tor (trading off GPA-resistance for improved latency/bandwidth over MIXes) by allowing well-provisioned (in terms of bandwidth) adversaries to effectively become GPAs. Although timing-based attacks have been demonstrated against non-timing-preserving anonymity networks, they have depended either on a global passive adversary or on the compromise of a substantial number of Tor nodes. Our technique does not require compromise of any Tor nodes or collaboration of the end-server (for some scenarios). We demonstrate the effectiveness of our approach in tracking the IP address of Tor users in a series of experiments. Even for an under-provisioned adversary with only two network vantage points, we can accurately identify the end user (IP address) in many cases. Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes.”

Links:
Security and Privacy Day @ Stony Brook
Core.onion - Talk 703 (tor hidden service)

Papers:
Approximating a Global Passive Adversary against Tor
LinkWidth: A Method to Measure Link Capacity and Available Bandwidth using Single-End Probes
Towards a stronger Peer-to-Peer Anonymous System