illmob

Went to Derbycon last week and it was awesome. The people were all great and it wasn’t a scenewhore con like Defcon. Also I got a shout-out during Mubix & carnal0wnage’s talk @ 49:07 🙂

---

Started working on re-adding files to the files section, this will include programs and assembly source code from our past programs. Most of our old programs will definitely be detected by antivirus so don’t be an idiot and email us saying there’s virus on the files, they are virus related obviously, the ones with included source code you would have to modify first before using. We’ve also included some programs that friends have made too that were coded in assembly.

---

We are about 20 hours in for our fundraiser for Childs Play Charity we will be playing all the Nintendo Mario Brothers series from start to finish. We are just under $1000 donated of our $3000 goal. If you have a dollar or two to spare please help out. It’s for a really great cause. For more info: http://nesit.net/marathon/ Watch us play live and donate 🙂 If anyone is in the area feel free to stop down and play a few levels 🙂

---

The illmob krew is heading out to Vegas for Defcon, See ya there!!!

---

Just finished my 2nd module for metasploit in time to go to Defcon. This one will search the Documents directory for all *.rdp files and output the host,user,password to your meterpreter session. Check it out ::HERE::

---

Nick Harbour wrote on his blog about new spyware using fxsst.dll which is present on the system when the system is running as a Fax server. Seems the explorer.exe automatically loads the dll when logging on. Mubix decided to test this out with a .dll generated in Metasploit and it worked every time on his test system (WinXP) but Win7 64bit was still having issues with the dll he generated.

TL;DR – Take any malware DLL, name it fxsst.dll and drop it in C:\WINDOWS or the System32 folder and Explorer.exe will load it at boot time.

---

Just submitted my first attempt to write something for Metasploit @ dev.metasploit.com. It jacks victim’s bitcoin wallets on windows boxes and sends them back to attacker on meterpreter. saves wallet in your loot folder, on windows it would be %userprofile%\.msf3\loot on nix it would be /root/.msf3/loot

---

RobinHood is a simple program in assembler that steal’s the victim’s BitCoin wallet.dat and uploads it to an FTP server. You need to assemble the source yourself, get it ::HERE::

---

Tickets are on sale now for eXcon and BSidesCT in Meriden,CT June 11th
http://exconference.com
If you want to attend or speak at the conference hit their email up on the site!!!

---

Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can basically own a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable. Here’s an example we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here

---