--- Log opened Sun Oct 30 00:00:39 2016 00:34 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-pakiiiushploisio] has quit [Quit: Connection closed for inactivity] 06:04 -!- rpifan_ [~rpi@73.106.73.36] has joined #se2600 06:06 -!- rpifan [~rpi@73.106.74.192] has quit [Ping timeout: 244 seconds] 06:33 -!- rpifan_ [~rpi@73.106.73.36] has quit [Remote host closed the connection] 09:37 <@brimstone> _NSAKEY: https://cyberkryption.wordpress.com/2016/09/25/how-to-build-metasploitable-3/ 09:37 <@brimstone> that's what i was trying to do last year 09:37 <@brimstone> nifty! 09:38 < xray> Thanks, I need to add that to NetKotH 09:38 <@brimstone> xray: it looks like it uses the trial version of windows 2k8, so you'll have to rebuild it every 90 days 10:06 < xray> Thanks for the heads up. 10:07 < xray> Will also have to have a script to change all the default passwords https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities 10:07 < PigBot> Title: Vulnerabilities · rapid7/metasploitable3 Wiki · GitHub (at github.com) http://tinyurl.com/zzrhvby 10:08 <@brimstone> will you? i mean, that's kinda part of the fun, finding defaults that work 10:08 <@brimstone> you well know that happens in the field all the time 10:09 <@brimstone> there's an interesting PR for a "normal mode" that enables the firewall so only port 80 is open 10:10 < xray> I leave the defaults for the start but at some point the admin changes the. Of course they are still really bad passwords. 10:10 <@brimstone> it'd be neat if the script was setup as a scheduled job, so the passwords change themselves after a bit 10:11 < xray> That would be doable. Change from default to password to password1 to . . . 10:11 <@brimstone> a random one once, from c:\docs and sets\admin\documents\wordlist.txt would be enough 10:12 < xray> Goog idea 10:12 <@brimstone> or is it c:\users now? 10:12 < xray> C:\users 10:13 <@brimstone> what's the MS08-067 for 2k8? 10:13 < aestetix> xray: have a chance to watch the video? 10:13 < aestetix> I'm partly asking because I forgot what video it was :p 10:13 < xray> Checking now 10:14 < xray> Here are the CVEs for 2008 10:14 < xray> https://www.cvedetails.com/google-search-results.php?q=windows+2008 10:14 < PigBot> Title: CVE security vulnerability database. Security vulnerabilities, exploits, references and more (at www.cvedetails.com) http://tinyurl.com/h2a436h 10:14 < xray> http://www.cvedetails.com/metasploit-modules/product-11366/Microsoft-Windows-Server-2008.html 10:14 < PigBot> Title: Metasploit modules related to Microsoft Windows Server 2008 (at www.cvedetails.com) http://tinyurl.com/jkp425g 10:15 < xray> so many to chose from. 10:15 <@brimstone> that's a great link 10:15 <@brimstone> thanks! 10:15 < xray> I got it from SANS 504 10:15 <@brimstone> apparently MS08-067 works on 2k8 10:15 < xray> No way 10:15 < xray> LoL 10:16 < xray> https://technet.microsoft.com/en-us/library/security/ms08-067.aspx 10:16 < PigBot> Title: Microsoft Security Bulletin MS08-067 - Critical (at technet.microsoft.com) http://tinyurl.com/mr3olb6 10:16 < xray> There it is 2008 32 and 64 bit so I guess not R2 10:17 < xray> Can we still get Vanilla demo version of 2008 10:18 < xray> Maybe https://www.microsoft.com/en-us/download/details.aspx?id=5023 10:18 < PigBot> Title: Download Windows Server 2008 Standard from Official Microsoft Download Center (at www.microsoft.com) http://tinyurl.com/gpbjc4u 10:18 <@brimstone> for R2: http://download.microsoft.com/download/7/5/E/75EC4E54-5B02-42D6-8879-D8D3A25FBEF7/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso 10:18 < PigBot> brimstone: That URL appears to have no HTML title within the first 30480 bytes. 10:18 < xray> So we have two builds of metasploitable 10:18 <@brimstone> from that link 10:19 < xray> One that has 2008 and one with r2 and swap them out at some point in the ctf 10:19 < xray> So at first MS08-067 works and later it doesn't 10:19 < xray> We could also do snapshots with different patch levels so the vulns change over time. 10:21 < xray> I found out about cvedetails when I was looking for the open vuln database referenced in SANS 504. OVDBS went down and the replacement also went down so I contacted a SME and he pointed me to cvedetails. 10:21 <@brimstone> snapshots, or store the patches offline, and unattended install them after a bit 10:22 < xray> If we snapshot and then install patches and revert the snapshot it will go back to a vulnerable state. Which can happen in real life. 10:23 < xray> The machine goes down so they rebuild and forget or delay installing patches. 10:23 <@brimstone> yup 10:23 <@brimstone> are you coming to phreaknic this year xray? 10:23 < xray> Personally I build servers behind a firewall and never place them on the internet until they are fully patched and hardened. 10:24 < xray> I can't make it this year. 10:24 < xray> I talked to NSAKEY about it and we are planning to do some NetKotH development over the next year. I'll include you in on the talks. 10:25 <@brimstone> that's cool, thanks! 10:25 <@brimstone> i'm curious what they've cooked up this year 10:25 < xray> NSAKEY said you bailed them out one year and rebuilt NetKotH at the last minute. 10:25 <@brimstone> yeah, last year 10:26 < xray> The scoring engine really needs some work. It is XSS vulnerable. 10:26 < xray> I have code I use on another project I have that will harden it nicely. 10:27 <@brimstone> i almost rewrote the scoring engine last year in go, so it could be a single self-contained binary 10:27 <@brimstone> and not have files all over 10:27 < xray> Very nice. 10:27 < xray> I haven't played with go yet. 10:27 <@brimstone> go's very nice 10:27 <@brimstone> but languagistas will say it has problems 10:27 <@brimstone> linguists? 10:28 < xray> All languages have problems. 10:28 <@brimstone> true that 10:28 < xray> Actually I like languagistas better. Activists Linguists. 10:29 < xray> English is like Perl. It steals words and syntax form all the other languages. 10:30 < xray> I have a friend who says that Perl is a swiss army chainsaw with lots of syntactic sugar. 10:30 < xray> he has a point 10:31 <@brimstone> a co-worker commented about some language having syntactic hot sauce, but i don't remember the context 10:31 < xray> It's getting to be you have to learn the new hot language of the day. 10:31 < xray> I like that 10:31 <@brimstone> yeah, tons of new jobs in new languages, but plenty in cobol still 10:32 < xray> and perl 10:32 < xray> Never studied cobol 10:32 < xray> Fortran, Forth, and ANSI BASIC are a few I have learned over the years. 10:32 < xray> Also BASIC A and TI BASIC 10:33 < xray> C 10:33 <@brimstone> i'd like to study writing a forth compiler from memory, but only for the academic aspect 10:33 < xray> Although C was so long ago I can barely compile Hello World. 10:33 <@brimstone> there was a thing: you're trapped with only an assembler, what do you? and one answer was to write a forth compiler from memory, then use it to write C or something 10:34 < xray> I did one project in Forth in the mid 80s. 10:34 < xray> The last time I did anything with it was hacking on the SUN boot loader 10:35 < xray> I have plans to see how much I can get Bash on Windows to do. 10:35 < xray> I might be able to port Narknet to Windows using Bash. 10:36 < xray> But at that point is it really windows? 10:37 < xray> https://www.cvedetails.com/cve/CVE-2016-3319/ 10:37 < PigBot> Title: CVE-2016-3319 : The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge (at www.cvedetails.com) http://tinyurl.com/zlodgzd 10:37 < xray> Will compromise Windows 10 10:37 <@brimstone> hurray! 10:37 < _NSAKEY> xray: No, brimstone bailed us out last year. 10:37 < xray> So we could include some modern OS' in netKotH 10:37 <@brimstone> i know what i'm putting in my resume now 10:37 < _NSAKEY> None of my work got used. 10:38 < xray> Used for what? 10:38 < _NSAKEY> NetKotH. 10:38 < xray> You mean this years setup? 10:38 < _NSAKEY> Nobody told me that my VMs were non-functional until saturday afternoon. 10:38 < xray> Or last years? 10:38 < _NSAKEY> But this year's set-up is 100% me, unless someone else brings stuff. 10:39 < xray> Excellent. 10:39 < _NSAKEY> brimstone = savior of last year's netkoth. 10:39 <@brimstone> i wasn't planning on bringing anything 10:39 < _NSAKEY> brimstone: I'm not going to do the 5 minute VM resets you had going last year. 10:39 < _NSAKEY> That was hilarious, but just a wee bit sadistic. Hahahaha. 10:39 <@brimstone> they just reset when they got popped :) 10:39 < xray> NASKEY you need to check out https://www.cvedetails.com/ 10:39 < PigBot> Title: CVE security vulnerability database. Security vulnerabilities, exploits, references and more (at www.cvedetails.com) http://tinyurl.com/hujuefu 10:40 < _NSAKEY> I've got enough VMs that I can just kill them after they are popped a while. 10:40 < _NSAKEY> xray: I was on that last year and this year. I stopped counting when I racked up 119 CVEs that weren't just kernel priv esc. 10:40 < xray> I recently found out about the site. 10:41 < xray> It is like shopping in a candy store with an unlimited budget. 10:41 < _NSAKEY> Yeah, it's a fantastic resource for plotting out a game like this. It's baked into the slides ben and I are going to be presenting. 10:41 < _NSAKEY> Something else you might want is snapshot.debian.org. 10:41 < _NSAKEY> Debian makes snapshots of all the packages every 6 hours, and you can add repos specific to a snapshot to /etc/sources.list. 10:41 <@brimstone> TIL 10:41 <@brimstone> nifty 10:42 < _NSAKEY> I didn't go that far, but I did downgrade some kernels to the "gold" aka release version. 10:42 < _NSAKEY> I'm also sprinkling in some older stuff for flavor. 10:43 < _NSAKEY> Corydon hooked me up with this ancient paid Linux distro that will boot with my KVM setup, I just wasn't home to put my hands on the retail box. 10:43 < _NSAKEY> So, I couldn't get the license key. 10:43 < _NSAKEY> (I was attempting to install it on my home VM box while I was at work last night.) 10:48 < _NSAKEY> Who was it that was talking about bringing a bunch of IoT gear? 10:49 < _NSAKEY> This is utterly hysterical. https://bugs.gentoo.org/show_bug.cgi?id=597800 10:49 < PigBot> Title: 597800 emerge-webrsync: Downloads .gpgsig by default, but doesn't verify it. (at bugs.gentoo.org) http://tinyurl.com/gtcjkcf 10:49 < _NSAKEY> Glad I haven't tried building Gentoo in a while. I would be pissed. 11:32 -!- rpifan [~rpi@73.106.74.174] has joined #se2600 11:35 -!- rpifan [~rpi@73.106.74.174] has quit [Read error: Connection reset by peer] 11:36 -!- rpifan [~rpi@73.106.74.174] has joined #se2600 12:21 -!- rpifan [~rpi@73.106.74.174] has quit [Remote host closed the connection] 12:32 -!- rpifan [~rpi@73.106.75.101] has joined #se2600 12:50 -!- rpifan [~rpi@73.106.75.101] has quit [Remote host closed the connection] 13:37 <@Dagmar> Someone probably ran into the same mess I did 13:38 <@Dagmar> GPG isn't picky about _whose_ signature you're verifying with, so without using a specific keyring, those aren't as useful as one might think 13:38 <@Dagmar> THEN you wind up playing Chicken&Egg with how the fuck one updates the signature keyring 14:49 <@brimstone> the bootstrap problem is real :( 15:09 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:b85d:f6ce:4d03:6fff] has joined #se2600 17:07 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-cfculmkpcgtlzwgg] has joined #se2600 17:07 -!- mode/#se2600 [+o klixa-cloud] by ChanServ 17:11 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-cfculmkpcgtlzwgg] has quit [Ping timeout: 245 seconds] 17:13 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-eyxqilfmfecvwkza] has joined #se2600 17:13 -!- mode/#se2600 [+o klixa-cloud] by ChanServ 18:11 < aestetix> wow 18:11 < aestetix> https://twitter.com/Mbhokie97/status/792528439282589696 18:11 < aestetix> this is awful 18:12 < aestetix> I want so badly to like hillary 18:27 -!- klixa-cloud is now known as smoothklixa 18:32 -!- smoothklixa is now known as pirateklixa 18:38 -!- Dolemite [~scott@96-38-108-153.dhcp.jcsn.tn.charter.com] has quit [Ping timeout: 250 seconds] 18:47 <@brimstone> i want to vote for a candidate, not against one 18:52 < aestetix> brimstone: I've been voting against candidates for years, this time it's so bad I can't even do that 18:53 < cyberanger> I had to write in Bart Simpson this time, a year ago I thought it was a joke when I said it. 18:58 < aestetix> jesus 18:58 < aestetix> http://www.wsj.com/articles/laptop-may-include-thousands-of-emails-linked-to-hillary-clintons-private-server-1477854957 18:58 < PigBot> Title: FBI in Internal Feud Over Hillary Clinton Probe - WSJ (at www.wsj.com) http://tinyurl.com/z75nrgr 18:58 < aestetix> they found 650,000 emails on the weiner computer 18:58 < aestetix> total, not all related to hillary 18:58 < aestetix> also hahah weiner 19:15 -!- xray [~xray@c-73-43-4-206.hsd1.ga.comcast.net] has quit [Quit: Leaving.] 21:00 -!- rpifan [~rpi@73.106.75.62] has joined #se2600 22:09 -!- klixa [~klixa@unaffiliated/klixa] has joined #se2600 22:10 -!- mode/#se2600 [+o klixa] by ChanServ 23:16 -!- rpifan [~rpi@73.106.75.62] has quit [Remote host closed the connection] 23:24 -!- rpifan [~rpi@73.106.75.62] has joined #se2600 23:31 -!- rpifan [~rpi@73.106.75.62] has quit [Remote host closed the connection] 23:41 -!- rpifan [~rpi@73.106.73.174] has joined #se2600 23:45 -!- klixa [~klixa@unaffiliated/klixa] has quit [Quit: if I were a bot, why would i be wearing this hat? lolz] 23:47 -!- rpifan [~rpi@73.106.73.174] has quit [Remote host closed the connection] 23:47 -!- rpifan [~rpi@73.106.73.174] has joined #se2600 --- Log closed Mon Oct 31 00:00:42 2016