e-Sanctus

A washingtonpost.com article from: Elektra@trashymail.com

2008-06-26T09:34:00.004+02:00

Message from sender: Germany - a leader in photovoltaics

Cloudy Germany a Powerhouse in Solar Energy

By Craig Whitlock

ESPENHAIN, Germany -- When it opened here in 2004 on a reclaimed mining dump, the Geosol solar plant was the biggest of its kind in the world. It is so clean and green that it produces zero emissions and so easy to operate that it has only three regular workers: plant manager Hans-Joerg Koch and his...

USB hacks

2008-06-25T20:09:00.004+02:00

Nice USB tricks to tune up your USB stick or drive.

clipped from www.informit.com

Home > Reference Guides > Security Reference Guide

Security Reference Guide

Hosted by Cyrus Peikari and Seth Fogie

USB Hacks

Last updated Jul 13, 2007.

How many times have you used a USB stick to transfer files to or from someone else? In this day an age, you are probably guilty of this on numerous occasions. With the ability to just plug your stick in and transfer huge amounts of data, it is just too good of a tool to leave unused. However, the use of these sticks can also be a very risky proposition. In this section we are going to look at some of the ways malicious hackers are abusing this user friendly method of passing data to attack your computers.

Most people think of a USB stick as a passive form of memory. You stick it in your computer, and after a few seconds a popup window appears asking 'What do you want Windows to do?' For all practical purposes, the stick looks and acts like an extra hard drive. While the price is a bit more than a hard drive with the same capacity, the fact that you can keep your files on you at all times is worth any additional cost.

However, a USB stick can be used for more than just a file storage device – you can also run programs from the device. In fact, one software company (U3) has created a business model off this concept and has developed a solution that turns your USB stick into a launch platform for software programs. You can install browsers, Skype, image editing software, document software, and much-much more right onto the stick. Then using a U3 software component that is embedded on the device, you can launch the programs directly from the USB stick without having to install the software on the host PC. While this is a great idea, it also opened up a huge can of worms with regard to autorun capabilities and simplified the process to turn a USB stick into a malicious hackers attack tool.

Building the Autorun Process

There are two main ways to turn a USB stick into an attack tool. The first is to trick the user into executing the payload by convincing them to select the launcher from Windows option menu. This is accomplished by creating an autorun.inf file and placing it on the root of your USB stick. In addition to this file, you need a convincing icon that the victim will click on, and a solid label. When you put all these parts together, you get the following – which is the fake?

Figure 1: Malicious autorun

Figure 2: Malicious autorun

As you can see, most people would probably not suspect something was wrong and would readily click on the drive that states "Open Files On Folder". The following is the 'magic' contents of an autorun.inf file on the root of the USB stick that makes this happen. It states the value placed into the Autorun box, lists the icon to be used (you must have this icon on the stick), and specifies the action to be performed when the victim clicks on the icon. Note that this still all requires user interaction.

[autorun]  action=Open Files On Folder icon=icons\drive.ico shellexecute=payload.exe

The second method is much more dangerous and powerful. If you recall, U3 has created a software solution that automatically launches its program when the drive is inserted. This is because their software emulates a CD-ROM and USB stick when it is plugged into a computer. Since the Autorun functionality of a CD-ROM is automatic, and requires no user interaction to execute, U3 can ensure that their program will run each time the stick is inserted. Obviously, if U3 can do it, so can an attacker.

In order to setup this type of attack, a person must first obtain a specific type of USB stick. We selected a $20 SanDisk Cruzer with U3 support. Next you have to download or build an ISO containing the autorun files you wish to have executed when the 'CDROM' is created. You can download an ISO from http://www.hak5.org, or build your own with Nero or another type of ISO creating software. We recommend that you download a package from hak5.org and then use the included files to build your own custom solution.

There are two main types of U3 loaders available. The first is the batch script loader that uses the command shell to get the job done. This is pretty much guaranteed to work on any system, but does show a few black boxes very quickly. The second method uses the scripting engine of the operating system, which must be enabled. This method is invisible and as such is the better of the two for covert operations.

If you are going with the batch script option, then in the ISO you will need to place an autorun file that contains the following:

[Autorun] open=start.bat

You will need a start.bat file on the root directory of the stick to make this work. The start.bat file has to contain the code necessary to move the focus of the attack script over to the USB stick. This is only necessary if you need to save files onto the device. Since the emulated CDROM is read-only, any programs that collect information (e.g. passwords) must have the ability to write to the UthSB stick. However, this is where things get a bit tricky because you have no way of knowing what the USB stick's drive letter is. That is why the following code is needed in the start.bat file.

@echo off for %%i in (B C D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:\youwillbehackedsoon.txt set dir=%%i cd /d %dir%: cd /d WIP nircmd.exe execmd \WIP\CMD\go.cmd

This script simply scrolls through each letter until it finds a valid drive. Then once it does, it looks for a file named 'youwillbehackedsoon.txt' on the drive to ensure it is the USB stick. Once the file is located, the script jumps to the drive with a CD command and executes the payload (nircmd.exe execmd \WIP\CMD\go.cmd). Nircmd is a program that processes the content of the specified cmd file as a Windows command.

Alternately, you can also use a loader that contains a go.vbe file that is called from the autorun. This go.vbe file is an encrypted 'program' that does pretty much the same as the previous script, except it looks for the file \WIP\cmd\go.cmd, as the following code illustrates.

Figure 3: Decrypted go.vbe file.

In this case, the contents of the cmd file are executed by the script shell, which remains invisible.

While most PC's will automatically execute the code, it is best to create your stick with support for U3 autorun and for icon trickery. This way, you can always revert to the more manual option if something goes wrong with the U3 approach.

A modified USB stick can perform many different types of attacks. The actual payload will depend on how the stick will be used. For example, if you are doing a 'drive by' against a PC, you will want the code to be quick, leave behind no indication it ran, and show no popups. In this kind of attack, passwords and information on the PC will probably be the target. However, if you create rouge USB devices and send them to a group of potential victims, then you might want to insert a backdoor with some phone home feature that will allow a remote attacker access to the device, or perhaps just mail out some sensitive information.

USB Payloads

We are going to assume that you will be looking at one of the solutions provide on the Hak5.org site. This means you are going to end up with a stick that scans your computer for sensitive information and saves it to the USB stick.

Thankfully, hak5.org has put together a collection of programs that you can select ala carte at http://wiki.hak5.org/wiki/Switchblade_Packages. The following is a very brief list of the tools that can be included:

System Info: Obtain information some general information about the target system. Dump SAM: Extracts the users/password hashes for off system cracking. Product Key: Extract product keys of installed software programs. IE, Firefox, Messenger Password Grabber: Extract stored passwords of various programs. Windows Update List: Dumps the installed updates. Cachedump: Retrieves the last 10 login caches Port Scan: Lists the open ports on the computer. IE History Viewer: Downloads the full history of the user. Wireless and Dialup Passwords: Retrieves these passwords from the system. Silent VNC Installer: Installs the remote control software VNC and hides it from the user. USB Hack Saw: Installs a program that steals USB stick content. Nmap: Scan targets local subnet for other IP addresses. Folding@Home Installer: Installs Folding client for the hak5 group. NetCat Bindshell: Installs a reverse shell that connects out from the target to a listener. Truecrypt: Decrypts an encrypted version of your tools on the fly.

This list is not comprehensive, and really only reflects a small part of the many malicious programs that could be installed. The limits are up to the attacker's imagination.

Protecting Yourself

Avoiding a USB attack is fairly easy. It only requires a quick registry change that can be done in a few seconds. Just do the following steps (note: messing with the registry can result in big problems for people who do the wrong thing):

Click Start – Run and type in regedit Then go to HKLM\Software\Microsoft\Windows\CurrentVerion\policies. Right click on policies and select New – Key. Type Explorer in the box and hit enter. Next right click on the right side of the open window and select New – DWORD. Enter NoDriveTypeAutoRun and set the value as B5. Close out of the registry editor and reboot.

Once you do this, USB sticks, CDROMs, and DVD's will no longer have automatic autorun power; however, it will still be able to autoplay if you double click on the drive, so be sure to right click on any new drive and select Explore. By tweaking the registry you simply prevent someone from slipping a USB stick into your computer and automatically extracting sensitive data.

You can optionally also just hold down the Shift key when ever you insert a new USB stick that is untrusted. This trick applies to CD's and DVD's as well.

Summary

If nothing else, this section should enlighten you as to the dangers of trusting anyone's USB stick. It should also encourage your to turn off your computers Autorun functionality. USB sticks are a great way to pass around files, both good and bad. For more information on this subject, check out hak5.org's work. Note that not every script up on that site will work correctly out of the box (at least this is our experience). We had to fix some of the batch files that make up the tool kits, but overall the information at this site is excellent!

See this clip on clipmarks.com

Solar Solidarité

2006-02-17T12:56:00.000+01:00

I just received an postcard inviting to donate to projects of solar energy devices, as known as photovoltaic, in Africa.

I have one of theose waving devices on my work desk and make my Flemish and German colleagues crazy...

But today I made some research and I found out some patent concerning photovoltaic devices.

Abstract of the United States Patent 6222117:

The present invention provides a photovoltaic device being capable of generating a large amount of current even with thiin joined semiconducteur layers, has a high photoelectric convertion efficiency and can be manufactured inexpensively at a low temperateur together with a manufacturing method of the same, a photovoltaic device integrated with a building material and a power-generating apparatus. The photovoltaic device is formed by depositing joined semiconductor layers on a substrate, wherein a ratio of projected areas of regions on a surface of the joined semiconductor layers that have heights not smaller than a center value of concavities and convexities to a projected area of the entire surface of the joined semiconductor layers is higher than a rattio of projected areas of regions on the surface of the substrate that have heigths not smaller than the center value of concavities and konveksities on a surface of the substrate to a projected area of the entaire surface of the substrate.

Checking even farther, I discovered an interesting post about preparing to move to renewable energy sources. Here's what others say:

The first steps...
Designing your system correctly from the beginning is incredibly important. You want to end up with enough energy to do what you need to do without spending your hard-earned money on renewable energy (RE) equipment you really don't need.
A thorough load analysis is the place to start. A load analysis adds up all the energy your appliances consume, and shows you where you can save. This will save money when it comes to purchasing your RE equipment. It will show you which of your appliances you should replace with more efficient ones.
The next step is to find out what your RE resources are. In the case of photovoltaics (PV) , do you get enough sun? Checking nearby meteorological data collection sites (often airports) will tell you. If there is enough sun, you need to find out if your rooftop or other appropriate place is open to maximum sun. Siting your solar panels for maximum exposure without obstructions will save you money. For siting, we recommend testing your possibilities with a Solar Pathfinder.
Do you have a source of flowing water? If so, you need to measure the flow and the height of the drop between intake and turbine. If you have a good microhydro resource, forget PV because hydro is much cheaper and it runs 24 hours a day.
A wind resource is much the same as hydro. If you've got it, use it--it's cheaper than PV. On the other hand, wind generators are much more difficult to site, install, and maintain.
A combination of RE sources is often a good thing. In winter, the days are shorter and there are more clouds. But there is usually an increased wind and hydro resource then, which can complement the solar resource. Whatever your sources and whatever your loads, you can often benefit by having a good installing dealer of RE systems help you site, design, and install your renewable energy system.

That's what I intend to do - first - to check my home's efficiency and then see where I can economise and save energy or to replace it by renewable source 0f energy.

IP sites

2006-01-27T13:55:00.000+01:00

Sometimes you may have to check your IP number. Why? You may read some articles and comments showing IP addresses and you wonder who are the people. Or you might be concerned about your own privacy on the internet.

Whatever the case, you might start with http://whatismyip.com/. It gives you your IP number.
If you are looking for information whom the IP address belongs to, one of the possibilities GOOGLE gives is http://psacake.com/web/eg.asp.
If you have a dynamic dns, like me, the most popular sites to visit are

http://www.no-ip.com/ and

http://www.dyndns.com/.

I have been using No-IP free package for some time and I have been quite happy, but I could not stand continuous hopping of my ISP provider which used to force IP change every 36 hours. It's Belgium, you know ;) So I dropped it and went for a paid webhosting solution.

Copying hidden images

2006-01-24T00:45:00.000+01:00

The CSSinsider weblog recently posted an interesting article on protecting images from copying. For me as a freshman in CSS it was very informative, but as I'm ~~a hacker~~ an explorer in my heart, I could not resist in an attempt to ~~hack~~ explore the subject indepth.

I decided as a scientastic project to copy and print some pages from "you-know-whose" scanned book service. Normally it is available just for reading and I appeciate that very much, but when I want to print out some page that has the interesting facts it appears to be impossible (for general public, but I pretend I am not the one)! ;)

So, let's start hacking You-know-whooom ;))

First as an example try to find a page that might be of interest to you. I just browsed to "Essential blogging". OK, let it be page 1.

Get the size of the page, I mean properties. Oh, dear, can't you right-click? Well, read my blog first, and continue here.... I'll be waiting, but maybe you-know-who won't!

You're back? Then find the image size and note it. In my example, it is 575 x 775 pixels. Now it's the time to hunt for it.

Skip to the source, i.e. view source. If you were smart, you should be able to get to it now. CTRL-F and look for 575. As soon as you find one, just return a little bit back and look visually for .pgimg and URL after it. That's what you need. Copy everything what is between the quotes into your browser and have an image on a separate screen to be viewed without any restrictions.

Now I can't avoid saying a few morals here ;)

The information has to be used wisely, carefully and honestly. Do not make money with that and don't steal intelectual property. Some people have worked hard to create it and if you print all the book for free instead of buying the rights at the publishers, you would be stealing. Of course, If you read it online, you can always rewrite it and reprint by hand, or capture the screen and nobody would say anything because the quality of the image is not "letter-quality" or "near letter quality" (NLQ), as it was in the era of dot matrix printers, so it is far from the original. Anyway, what matters are ideas, and if you can read them, you may keep it and no copyrights can rip it out of your minds, right? I just offer you a small back-up of a part of your brain.

P.S. Oh, I almost forgot to remind. If you liked this, maybe you'll like also other links on the blog.. khm... khm... ;)
P.P.S. And once more - it's not a HACK, it's just a hack (I owned Amiga once, so that's where my hacks come from). This trick does not show you copyrighted material and especially those annoying half-pages. For those just pay a visit to the library and have a look there. And you still will have to logon to see the pages before saving them, unless you really hack it. So have phun ;)

2006-01-23T21:55:00.000+01:00

The latest news about the million dollar homepage is that it has been completed and all pixels worth 1 US dollar each were sold for about 1 million 38 thousand dollars. The difference arose because of the auction on eBay for the last 1000 pixels.

What an idea - a poor student needs money for education and here you are - a brillian fundraising idea which really worked out! Unfortunately for all the rest of us who would like to repeat it - great business ideas work only once and for the first time :(

Fighting with right mouse clicks

2006-01-18T16:15:00.000+01:00

Recently I found such an amazing thing as CSS.

I know it is silly to be proud of it, but when I started my "carrier" on computers about 20 years ago on a mainframe SM-4, many things have evolved since. No perfocards, no 15" disks and 11" disquettes... Wow...

Anyway, I discovered CSS and started to learn. First I searched the big G and bumped onto cssinsider.com. It has many resources for the beginner like me and tutorials to start with. The next step in learning is to grasp knowledge from works already done. Like painter students were copying their masters' works, I decided to get hold of CSS files, too.

I know, there are many G hacks around that find the files you need, like this:

http://www.google.lt/search?hl=lt&as_qdr=all&q=css+filetype%3Acss&meta=

but I decided to do that visually, that is to look at the code of the pages I like. But then I encountered problems with some of the pages that did not allow to make right mouse clicks. Without that it is almost impossible to view source or do copy/paste.

A research on the net brought me to a tip on tech-recipes.com. According to them, there are two basic methods how to get over it:

When visiting the offending website, type the following into the URL bar of your browser:
javascript:void(document.oncontextmenu=null)
If a dialog box opens whenever you right-click, could can often get around it by the following sequence:
Hold the right mouse button, hit enter to close the dialog box, and then release the right mouse button.

Amazingly, all that works and I can investigate the complex world of CSS code.

Hello world!

2006-01-18T13:46:00.000+01:00

Hello world!

Those were the first words that were typed by a computer. As some links suggest, "Hello World" is the first thing a program usually writes when we learn a new programming language.