XSS Shell is a cross-site scripting backdoor into the victim’s browser which enables an attacker to issue commands and receive responses. During a normal XSS attack an attacker only has one chance to control a victim’s browser; however, the XSS Shell keeps the connection between the attacker and the victim open to allow the attacker to continuously manipulate the victim’s browser. XSS Shell works by setting up an XSS Channel, an AJAX application embedded into the victim’s browser, that can obtain commands and send back responses. To enable the XSS Shell an attacker needs to inject the XSS Shell’s Javascript reference by utilizing a XSS flaw on a website. Once the victim’s browser is infected with the XSS Shell and the XSS Channel is created, the attacker can issue instructions to the infected browser. Also, the Attacker can use a XSS Tunnel to transfer HTTP traffic through the XSS Channel and the victim’s browser; in turn, exploiting the victim’s credentials to bypass authentications and IP Restrictions. The XSS Tunnel is a HTTP Proxy that sits on an attacker’s computer, and any tool that is configured to use it will tunnel its traffic through the XSS Channel.

Live Stream Here
Download Here

Download XSS Shell and Tunnel

Phishing is a method of obtaining sensitive information such as usernames and passwords by pretending to be a trusted website.  Tehdead shows us a variety of password phishing techniques that enable an attacker to trick a user into giving up their login information.  The first step is to create a fake login identical to the login on the trusted website.  In order to not raise suspicion, Tehdead explains two methods to capture the victim’s password and then transfer them to the real website.  One method is to sumbit the information to a php page that is disguised as a pop-up advertisment, and the other is to send the username and password to a simular php page that is contained in an iframe.  Lastly, Tehdead describes how to use link manipulation with BBcode to social engineer a victim into going to the fraudulent website. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

The last few days I’ve been helping my friend Charlie construct his Illinois State University (ISU) Beer Pong Table. The legs and supports of the table are made from his roommate Brandon’s hockey sticks, and the table top is made of plywood with a 1/8″ sheet of Acrylic on top. Our friend Tyler etched ISU’s mascot, Red Bird, into the Acrylic; it was done free-hand with a dremel (Compare his etching to image). Tyler also did the text on the table: “ISU” and ” What you call Addiction … We call Dedication”. I did the LED array and the wiring; when the LEDs are lit, the light catches the etching in the acrylic. The LED controller I made allows you to switch between the LEDs being constantly on or controlled by an audio input. However, the LEDs we used are only lit at a specific voltage, so it doesn’t work very well. Full Scale Video Here
Download Here
Pre-Amp Schematic

In this Underground video, Overide demonstrates how to obtain root access on a fully patched Windows XP SP3 Machine. He exploits a flaw in Windows Server Message Block (SMB) which is used to provide shared access to files between hosts on a network. Overide utilizes the Metasploits Framework to run the exploit. It works by relaying a SMB authentication request to another host which provides Metasploit with a authenticated SMB session, and if the user is an administrator, Metasploits will be able to execute code on the target computer such as a reverse shell. For this exploit to run, the target computer must try to authenticate to Metasploit. Overide forces the target computer to perform a SMB authentication attempt by using a Ettercap Filter. Full Scale Video Here
Download Here
Download Ettercap Filter Here

For more information on the Metasploit Framework and Ettercap Filters check out Video Archive - Exploit Hacking, Underground - Metasploit Autopwn, and Episode 20 - Ettercap.

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

For this episode of Full Disclosure, we illustrate the many features of Ettercap. Ettercap is a program designed to sniff passwords on a LAN. It can recognize several different packets that contain passwords including Http, Telnet, Ftp, Pop, Rlogin, SSH1, ICQ, SMB, MySql, NNTP, X11, IRC, IMAP, VNC, SNMP, MSN, YMSG, etc. Furthermore, Ettercap can utilize Man in the Middle Attacks to hijack packets and redirect them to the attacker computer allowing it to extract passwords. In this episode, we show you how to use Arp Poisoning, DHCP Spoofing, and Port Stealing MITM Attacks and explain how they work. Also, we explain how to configure Ettercap to sniff encrypted passwords over the Secure Sock Layer (SSL and HTTPS). Moreover, Ettercap can be easily programmed to modify network traffic with the use of Filters. We demonstrate how to make many different Ettercap Filters. Ettercap comes with numerous plugins to advance Ettercap’s abilities; we explain how to use the Check Poison, Re-Poison, DNS Spoofing, Isolate, DoS Attack, Find IP, Gateway Discover, Search Promisc, Arp Cop, and Scan Poisoners Plugins. Lastly, we demonstrate how to use Ettercap’s Passive OS Fingerprinting feature. Ettercap supports passive dissection of many protocols allowing it to identify a host’s Operating System and Services.

Live Stream Here
Download Here

This Full Disclosure episode is very lengthy, almost 50 minutes, so if you have any questions feel free to ask them on the forums

Download Ettercap (Linux)
Download Ettercap (Windows)

Filters:
Irongeek’s Image Altering Filter
Patchy’s Wordpress Filter

Crash Overron’s second Underground video explains how to use Ollydbg to manipulate a simple program. OllyDbg is a debugger that analyzes binary code. Not only does Olly allow you to step through an executable’s assembly code, but also, it can trace registers, recognize procedures, API calls, switches, tables, constants and strings. Crash Overron utilizes a feature in Olly to locate a referenced text string that is displayed when an invalid serial key is entered. Once the string is located, he can find the compare statement that checks the user’s serial key, and change the flow of the program so that his serial key is accepted. Full Scale Video Here
Download Here

Download Ollydgb
Download Application

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Last Thursday, my Acer Travelmate laptop crapped out on me and stopped booting Windows XP. I tried everything to fix it: booting into safe mode, using Windows recovery console to fix the boot.ini, fixing the corrupted partition boot sector with Fixboot, and fixing the Master boot record with Fixmdr. I even tried to reinstall windows, but it still wouldn’t boot! So I decided I would just backup all my stuff with a liveCD, format the drive, and use the recovery cd to start all over. Guess what? Acer doesn’t ship their laptops with a Recovery CD; they require you have to burn it yourself when you first get the computer, and of course I was way too lazy to do that. Well after some research I found out there is a hidden recovery partition that the Acer repair people use to fix your computer. If you are having the same problem as me, heres how I accessed the hidden partition and recovered my computer.

1. Boot your computer with the Backtrack liveCD (I used BT2 because it was the only thing I had off hand)
2. Backtrack will automatically mount the hidden drive (sda1). Navigate to it in the /mnt/sda1 folder.
3. Copy mbrwrwin.exe and rtmbr.bin from the /mnt/sda1 folder to the /mnt/sda2 folder (your C drive).
4. Next, you need to run the mbrwrwin install rtmbr.bin command. You can do this a couple different ways: You can use the Windows Recovery Console to run the command, or use a Windows LiveCD like BartPE (http://www.nu2.nu/pebuilder/). I used BartPE because I already tried to re-install windows and I couldn’t access the recovery console because I wasn’t able to set an Administrator password.
5. Restart your computer, and press Alt-F10 at the Acer splash screen. This will bring you to the Acer eRecovery on the hidden partition, and all you have to do is follow the directions to restore the factory settings. (If you can’t access the eRecovery make sure d2d recovery is enabled in BIOS. You can access the BIOS by pressing F2 at the Acer splash screen).
6. After your computer is restored, burn the damn recovery cd so you don’t have to do this next time!!!

For more information check out:
http://forum.notebookreview.com/showthread.php?t=175697
http://forum.notebookreview.com/showthread.php?t=11476

In this Underground Video, Copy explains how to use Metasploit’s Autopwn. The Metasploit Framework is a tool for developing and executing exploit code against a remote target machine. Autopwn is a tool in Metasploit Framework version 3 that automates the exploitation process. Copy demonstrates how to use Autopwn in both Backtrack 2 and Backtrack 3. Full Scale Video Here
Download Here

The Metasploit Project
For more information on the Metasploit Framework check out my Exploit Hacking video.

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

The first Underground video explains how to send fake emails a.k.a. Email Spoofing. This video, submitted by Crash Overron, covers two methods of email spoofing. The first and older method is connecting directly to the SMTP server with Telnet; however, this method is usually blocked by the email provider. The second method, utilizes the Mail() function in php. Full Scale Video Here
Download Here

Download Email_Spoof.php
(Right Click -> Save As Email_Spoof.php)

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Our 19th video is a continuation of our lock picking series. In this episode, we explain how to pick a deadbolt lock using the Lifter Picking method.

Live Stream here
Download video here