Lets explore the world shall we?

===           \++++++++++
++++++++|  Explore Reality
===           \++++++++++

I love seeing infosec twitter peoples refer to being on bbs in the 90s. The ones who spent their time learning from text dumps on there are my favorites. They look at the world as encouraged at the time, by trying to understand the world around them. This isn't just some cheesy nonsense spewed by communists and blah blah blah. Today we're going to take a look around us.

We start by checking out what devices and tools we have for our day. For starters, like everyone else these days, we got a cellphone with us. Find someone who doesn't, you're probably looking at a ghost. Even ghosts encourage keeping one to blend in at this point. That's how important phones are seen as in society. On our phone we have our sets of software we enjoy, from port scanners, network managers, wifi tracking, etc... and facebook of course. stupid facebook. So lets keep going. Next, we see our computer, but it's fairly stationary, probably won't be taking that with us. But we've got about 30 flash drives and 300 blank cds or dvds, and a couple of mp3 players and a smart watch or two. We're just the modern american. We're expected to be criminal once we list these things in this way, but basically, we have what everyone has and nothing more.

Well, lets check the networks nearby before we walk outside. We already have access to our own network of course and we've tested it with wifite and reaver a few times. Wonder if any nearby networks let us in. So, we set our computer's mac address to something else, set to monitoring, let it start scanning, and because we're lazy, lets just loop it. Every 60 seconds of scanning should be enough to identify everything around, so lets do wifite with 60 second timeout, try to attack everything, randomized mac, and saves to cracked.db or cracked.txt, whichever doesn't really matter so much to me tbh. we set it to run and look for what else we can play with. 

We find that we have some make shift antenna we saw over on hackaday a few years ago and a bluetooth card. Since we know everyone at home's bluetooth, lets poke around the neighbor's houses and cars. Well, we found a few cars we could turn on the radio to and annoy a few people, that was comical enough, but maybe we can do more with just scanning. Lets set a directional antenna to point towards the road. But not just straight at the road, more like aiming down the road. We do this because we know that cars move fairly quick and we want additional changes to pick up beacons. Why would beacons matter to us? well, just like with wireless, we can start tagging these with what they know and connect to. We can also setup a small tracking technique to identify when people come home or leave, creating timelines of people's weeks solely by their beacons sent by cars, phones, or even fitbit. We setup something like this before, but that script is lost in a pile of hardrives somewhere. So we setup a new one. Lets use tinydb for the database, lets track every bt id and mac, and lets use graphvis to setup a week graph, with days of weeks followed by times of day for each beacon we receive. This will be nice enough, but lets go the extra mile, lets take our currently running script and leave it alone to just play with the database it collects. Lets make a script that tests keras every 30 minutes to attempt to detect the next time each will be seen, for every correct guess, lets promote the answer of course. Now we have tracking on all our neighbors with bluetooth, lets also take this for the similar data from the wifi. We can either grab beacons with raw sockets and deal with that nonsense, or we can use wireshark for all this I suppose, but personally I'm fond of using scapy due to ease of bullshittery like this. So, after a few minutes of dev and hours of debugging, hey we're tracking every device around now. Would be a shame if cops or private investigators drove by and this data got to people who needed it.

 Well shit, now i'm bored. Lets go for a walk. Walkin' down the block, I notice everyone's got their dishes and antenna and it struck me that I have one of those 5ghz antenna that points to the water tower that I found on the road before. Maybe I can come back later and power that beast up and see what we can find. A little further along, I notice the plants people keep in their yard. Intentional or not, it's quiet fascinating. Jimsonweed, seems like a mild nuisance but goes great in making poisons if you so wanted. Red Oleander is very pretty and scales the side of a house very quickly once it starts, it's also abnormally hard to kill. It's sort of a huuuuuuuge problem if you're worried about it killing you or your animals. haha. A few people keep garlic or peppers or tomatoes, and the older families you can still see where they once had a pretty garden but it's no longer available due to their age. Get close by a local convenience store and we see the powerlines, and presumably phone lines, going over to the store. I catch an old pay phone line still in place, but cut and separated from the now missing phone. There went the last pay phone. Can't scam those for free calls anymore guys. Oh well, go inside store and look around while on my phone and notice a few wifi networks. One says "shell guest" the other two had hidden essid. So of course before I leave I've got to at least find whats in those other two. So I set my phone to use aircrack tools to try to deauth things and listen for probes connecting with a name. While waiting on that to run in my pocket, I fumble around my wallet, look like I don't know where the atm is, then go up to it. while getting 20 bucks out I look back at my phone. Sure enough. Shell-private{somenumberschemehere}. I do a quick look up of the mac it's likely a linksys or cisco wifi router. Hmm... last one of those I had, had wps enabled by default and even when disabled it would still work just not broadcast it. Maybe with some wifite or reaver I could enjoy me some info from here. Oh well, it's about time to leave, gonna buy my $1.48 soda with a $20 from the nice lebanese gentleman who runs the place. He, like many people, had a group willing to help him and his family come to a 'better life' in america, but he had to contractually stay in the business they assigned him until debt was paid. So we's going to be the manager of this store for another 5 or 10 years and someone else will be shipped in to take his place while he starts diving into other businesses like realty.

On the way back, I decide to sit down outside the store for a few moments and look at the people coming in the building. I noticed the dumpster had a handful of rusty metal (nails and such) in a box beside it. A women here and there would give me an off glance and the occasional parent would look at me and tell their children to not walk too close to me. I'm actually okay with this as it means less kids pester me. Anyway, one lady starts pumping gas and I start to think. Are these pumps connected via wireless, or is there any correlation I can do for when pumps are going to identify them? Well, as it comes to find out, these all are hard wired to a hub behind the register, which connects to the main router, which has terrible firewalling rules around them. Not the point though. After coming up empty I decided to start walking again. It should be noted, every time I go walking these days, I have to check local busybody news reports for "suspicious person spotted." They wouldn't know suspicious if it came up and stole $30 out of their purse while they were gawking about me walking, but we'll leave teenagers out of this. haha. I catch a few reports that tried awkwardly to avoid saying race, so they said lighter skinned individual with shorts, tee shirt, and a bottle of some kind in their hand. So I google searched "mexican with a 40" and sent an image to see if this was the same individual. Many people didn't find it funny and in fact the poster thought it was serious. Continuing in on a "omg there's more of them?" Whiiiich turned into a race debate and I skirted my way out of that conversation real fast.

I then came to a school, which this school wasn't as fun because it's sign was only a simple one line at a time, if it fits into an ascii field it should display fine, type of board. Usually used to display some sort of "school picture day blah blah 14th" or the likes. Weeelll anyway I saw an antenna on it so I decided I'd take out my phone and do some sniffing. Since i'm sort of just loitering, I figure on the walk back would be my best chance, so I walked a little further and came back and held my phone open, airodump-ng with settings for beacons, router info, etc... to go up near it. I didn't get a beacon when I was just past it, so I decided I'd stop and wait for a minute. During which I acted like my phone was causing me trouble, since I know nosy ass neighbors are spying on me just because I exist outside my house. It finally went and I went on about my way.

Back at home, I went back over what I had learned. This time, I decided I'd play it cooler. I looked around for another wireless card and connected my computer back to my internet while it's still running all the other nonsense. did some research and in fact, it's a known thing that some linksys and cisco routers can be abused for wps despite it being turned off. The data I'd found for the school's sign was basically just the mac of the client and the school's network was of course the wireless access point it connects to. I also happened across some model numbers and decided to look up those. Found the company that provides this type of sign also provides signs for many other locations nearby including those big eyesore full color extra large displays. Then I decided to look back into what plants I saw before heading back out.

The plants, I was able to ask the people who live at those houses if they had any seeds or roots for them and said it was part of a botany class for school. Of course, I can't recall their scientific names, but I said some nonsense then called it the names people know them by. In this way, I collected several poisonous plants, several healing plants, and a few with high concentrations of various minterals I could try to get filter out. I then took the car, my phone, and a hacked up smart watch (drop *nix on all the things). used the watch to deauth and my phone to run wifite up to the gas station and got some gas and asked about the box outside by the trash. Got a large box of ironoxide. You already know what this is for, if not, perhaps researching would solve this. Or, if you'd like, check out the improvised munitions field books. ;) With that said, plants with vitamin e can be mixed with aloe and called a healing lotion, or a burn lotion. Vitamin e is effectively a "miracle drug" of the beauty industry, in that its a topical antioxidant. Meaning as a lotion, it will aid in the reduction of decay caused by enzymes. This is also very important because mixed with roots of poisonus plants, alcohol, and aloe, you can loosen the skin enough to, in small doses, impact someone's bloodstream with poisons.  Just imagine if they were convinced to do it every day. Anyway, i digress. So, we basically targetted the WIRELESS CONNECTED ATM (there's a redbox too, but the atm was more funny) and the router, got in after a bit with wifite. atm has web interface. I left it alone at that because I got what I need should I ever need to come back. So now we go onwards to the school. Up at the school, pull up like I'm waiting to pick up a kid, same setup but this time clone the mac and school essid of another router on their network, and deauth from the one closer. Now that I'm the other one, it naturally will try to switch it's session over to mine. I didn't want any sort of ssl stripping or anything, I just wanted to hop in, be on the network, and try to set a single character to the board. Once it showed, I scanned other ports used by other versions of the sign offerings and sure enough web interface. What, not just a web interface, with no password, but also a txt file configuration that you can save (lol) and a firmware update that you can update manually. This is too great, but for now, I'll just test and see if I can change the update server. Because that's an option. So now, to push updates to an arm system with outdated debian on it, something I control now has access to send any time I want, by updating an xml file it searches for, telling it which file to download. Due to previous research, I found that this isn't a firmware update, this is a "patch", of which, per admin guides, can come as a deb file to be setup via admin portal on later versions. This did not have the admin portal allowing individual files, but it definitely did have the download request to the management system, which can be changed from the config file being edited and re-uploaded.

Back home again, I see a recent trend of someone coming down the street only once, every day, at the same time. 1:28pm-1:31pm. Now this bothers me. they never return so they either take the other way to get home where the street intersects another, or they are just driving by at the same time. So when applicable, I decide to sit outside and sip some tea and pet the neighborhood doggos. Someone drove by, but no one stopped. Waited about 10 minutes, nothing. Check the logs, sure enough that was them. So lets try again tomorrow, but this time, lets put a camera in the window and log it to a flash drive. We can look over that later. time comes and goes again. Look at the video, just slightly able to make out the license plate. They also appeared to be stopping this time. In front of my house. Weellllll fuck. Who is this. Pay for spokeo, pay for licenseplate looksup, pay for beenverified. Fuck, can't find them. Who are you person... I will spend money to figure this one out. Fuck it, I need to. Got me a recorder pen, a nice shirt, left it slightly untucked, waited at the mailbox for their car to come by aaaaand dropped the mail. They stopped, as hoped. It was a women, maybe in her 40s. I caught her while she was just taking pictures of the neighbor's house. So, I clean up my mail and look frustrated and go back inside. reviewing the camera, I noticed that she had a computer and a phone. Computer was mounted and phone in hand to take pictures. She could have been using selfie mode to check out my house but I decided to look into why my neighbors might have a pi after them. As it turns out, both of them, in different states, have on-going court cases and have been ducking under a family member's name.

At the end of the day, there is no ego in who I am. I am not a hacker. I am not a programer or a scientist or a researcher. I study life, but not in that new age yippy wippy bullshit way. I mean getting off my ass to study life. Very few other reasons to get off my ass.

Now, as a disclaimer, all of this is completely hypothetical and not meant in any way to be taken serious. But here's some pictures I thought you might like while you're at it. 

No comments:

Post a Comment

New wordpress site. yes, seriously

 So, I made myself a little wordpress site over (http://hello.0daz.io/see-also/). It's running on docker, with goreplay setup to propaga...