Security for the Masses

1. Make sure Wi-Fi is turned off
2. Press the E-Mail icon (the default Android E-Mail application)
3. Enter your Yahoo E-Mail address and password
4. Press “Manual Setup” in the lower left hand corner
5. For “Incoming Server Settings” set the IMAP server to “imap.mail.yahoo.com” and the Port to 143
6. For “Outgoing Server Settings” set the SMTP Server to “smtp.mobile.mail.yahoo.com” and the Port to 587
7. Check “Require sign-in” and press Next
8. Select how often your phone will check for Email, and choose default options
9. Give the account a name and set your display name for outgoing messages

02/23/2010 - Yahoo rotten tomatoes newzbin nzb DVD sabnzbd downloader Rss feed of 'good' movies to aim at SABnzbd
02/18/2010 - quickbaksmali.zip

* requires java ! in %PATH% !
* just place the java_ee_sdk-5 folder to make it portable !
* put the APKS files in the folder APKS
* you (can) edit the job2.bat with your keytool/key info etc ..


* run the baksmali.bat
* make your changes etc
* run the smali.bat

you should see the updated \META-INF folder in the 'new' apk
and the classes.dex should be new.

02/18/2010 - NMAP FOR ANDROID CROSS COMPILE ARM
02/18/2010 - chsh: entry inconsistent or change shell in FreeBSD `vipw;chsh -s /bin/PATHTOSHELL` vipw != vi /etc/passwd ...
02/04/2010 - Updated LFI.txt http://ha.ckers.org/weird/rfi-locations.dat
01/07/2010 - Full Update Guide - G1/Dream Firmware to CyanogenMod - CyanogenMod Wiki

01/07/2010 - MYTHTV ON UBUNTU 9.10 1TB RAID1

12/08/2009 - Portable Metasploit 3.4-dev svn r7752 Portable_Metasploit_3.4-dev_svn_r7752.exe

12/01/2009 - FreeBSD rtld Lets Local Users Gain Root Privileges http://rmccurdy.com/scripts/downloaded/localroot/freebsd/ binary for 7.2

11/30/2009 - HD on the Mythbox ! Thank you Kimball !

* Panasonic TC - P50X1 - 50" plasma panel - 720p
* VGA compatible controller: nVidia Corporation NV40 [GeForce 6800 GT] (rev a1)
* Intel(R) Pentium(R) 4 CPU 3.00GHz
* WinTV-PVR-500 MC-Kit Tuner
* MemTotal: 512572 kB


11/20/2009 - android busybox nmap G1 android port scanner ...sort of
The busybox I have on my phone does not have pscan here is one to download:
* keep it the same name and COPY to /data/local/bin
cp /sdcard/busybox /data/local/bin/
chmod 775 /data/local/bin/busybox
pscan.sh 192.168.0
http://rmccurdy.com/stuff/G1/busybox
http://rmccurdy.com/stuff/G1/pscan.sh
more android stuff : http://delicious.com/operat0r/android
* this is by no means NMAP ! still waiting for a nmap for android



11/12/2009 - UPDATED/FIXED feeds.rmccurdy.com - 30 feeds ( to be added secunia.com if I can )
http://www.securityfocus.com/rss/vulnerabilities.xml
http://seclists.org/rss/bugtraq.rss
http://seclists.org/rss/fulldisclosure.rss
http://seclists.org/rss/pen-test.rss
http://seclists.org/rss/incidents.rss
http://seclists.org/rss/dailydave.rss
http://seclists.org/rss/webappsec.rss
http://seclists.org/rss/vulnwatch.rss
http://feeds.feedburner.com/HelpNetSecurity
http://www.us-cert.gov/channels/alerts.rdf
http://www.us-cert.gov/channels/techalerts.rdf
http://www.kb.cert.org/vuls/atomfeed?OpenView&start=1&count=30
http://milw0rm.com/rss.php
http://www.net-security.org/dl/bck/vuln.rss
http://news.securitytracker.com/server/affiliate?61D319BD39309004
http://feeds.feedburner.com/darknethackers
http://feeds.feedburner.com/schneier/fulltext
http://www.professionalsecuritytesters.org/backend.php
http://www.f-secure.com/weblog/weblog.rss
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure.xml
http://feeds.feedburner.com/Vitalsecurity-org
http://taosecurity.blogspot.com/feeds/posts/default
http://securityvulns.com/informer/rss.asp
http://www.vupen.com/exploits.xml
http://osvdb.org/feed/vulnerabilities/latest.rss
http://rmccurdy.com/scripts/vupen-security.rss
http://rmccurdy.com/scripts/vupen-linux.rss
http://feeds.feedburner.com/SansInstituteAtRiskAll?format=xml
http://feedity.com/rss.aspx/ath-cx/UldUWlFU
http://www.securinfos.info/english/security-advisories-alerts/security-advisories.xml




11/11/2009 - ettercap + echo www.google.com A 75.131.195.228 > etter.dns = easy rickroll
11/11/2009 - FIXED limit max number of connections in apache ${fwcmd} add 10 allow tcp from any to any 80 out via dc0 limit dst-addr 2 ( I had issues with huge number of FIN_WAIT_2 )
11/11/2009 - Server boot drive (80gig) failed clean 7.2 freebsd install !
11/11/2009 - UPDATED SNORTUPDATE.sh script fixed some of syntax errors etc ..
10/03/2009 - UPDATED the nikto_v20 and nikto_v10 files takes a webinspect > privoxy log and downloads latest nikto and combines with urls.txt a RFI list I update and converts them all to nikto 2 and nikto 1 db formats.. to be used with w3af,nikto and wikto etc .. 16339 lines 1.6 megs
09/26/2009 - G1 T-mobile Root
08/26/2009 - FIXED quickvnc.exe Fixed now only looks for established connection running winvnc.exe to fix strange issues not showing the remote host ...
08/26/2009 - FIXED OEM.EXE overwrites system and system32 ini and bmp files OEMLOGO.BMP and OEMINFO.INI
08/21/2009 - UPDATED http://tw.rmccurdy.com Script to ripp any army in MTW2 can be adapted to use in MTW/RTW etc ..
07/24/2009 - DONATE http://www.ihackcharities.org
06/24/2009 - ADDED fix for clicking time in systray for windows grants everyone http://rmccurdy.com/scripts/allow_time_systray_windows.exe reference: http://blogs.msdn.com/aaron_margosis/archive/2005/02/11/371474.aspx
06/19/2009 - ADDED Scribd ripper script http://rmccurdy.com/scripts/scribd_ripper.php?varpdf=15730844 change the number to the document ID wala !
04/21/2009 - Proxycheck.sh Updated still lame but it works... good.txt is updated weekly
04/17/2009 - sslstrip
04/13/2009 - ADDED VIDEO 30 Days: Outsourcing part1 part2
03/23/2009 - ADDED Portable SwfScanner Screenshot
03/19/2009 - ADDED myipneighbors.bash.txt Idea of this lame script is to find possible vuln params on myipneighbors search results
02/23/2009 - ring.jpg
02/19/2009 - UPDATED Snort/Snotsam ( now I am running more current snort/snortsam and update script is WAY better ... )
www.intodns.com
www.iptools.com
www.freednsinfo.com
network-tools.com
dnstools.iball.id.au
www.iball.id.au
dnstools.iball.id.au
www.diggip.com
www.dnsenquiry.com
www.net-toolkit.com
www.dnscolos.com/free
www.mydnstools.info
02/05/2009 - ADDED packetstorm_dic_john_1337.tar.gz PacketStorm.org wordlist in 1337 speak
01/12/2009 - UPDATED http://www.rmccurdy.com/m3u.m3u All port 80 Shoutcast feeds for thos pesky firewalls ! script can be found in /scripts
01/07/2009 - UPDATED w3af to build 2312 fixed SVN updater and added larger 1meg pykto (nikto ) DB file.
11/21/2008 - ADDED 2.3GIG wordlist
* theargonlistver2_wordlist.zip (83meg) > .rar(154meg) > .lst ( plan text 1.9gigs)
* ran john on it and sort and uniq
* results in 2.3G wordlist no dupes
* DOWNLOAD:
word.lst.s.u.john.s.u.200.part01.rar
word.lst.s.u.john.s.u.200.part02.rar
word.lst.s.u.john.s.u.200.part03.rar
11/13/2008 - ADDED torrentflux_resume_all.txt
Sick of TF and clicking 900 times to resume all the torrents ? use this ! works for 2.1
torrentflux_resume_all.txt
* cd to install path
* patch -Np1 < torrentflux_resume_all.txt
* copy the icons form the link below ( or just use ones you already have and change the source)
* resource: http://www.torrentflux.com/forum/index.php?topic=43.0
11/05/2008 - FIXED w3af_1871_fixed.zip portable w3af to current build FIXED!
11/03/2008 - ADDED Portable Metasploit with autopwn ! Metasploitportable.exe pawn on the GO ! ( needs admin and winpcap if you want SYN scans .. )
10/22/2008 - ADDED Medevil Total War 2 MTW2 army ripp script http://tw.rmccurdy.com/
10/21/2008 - UPDATED nikto 2.X nukeit.org and rmccurdy.com sort and uniq 8764 lines! nikto_extra_scans.db
10/08/2008 - UPDATED http://forum.ultravnc.info/viewtopic.php?p=53317#53317 auto reconnect script for ULTRAvnc repeater
09/29/2008 - UPDATES Server was down for a bit for updates removed some services to increase security
09/23/2008 - ADDED http://rmccurdy.com/scripts/downloaded/gtkUiUsersGuide.pdf gtk Ui Users Guide for W3AF!
09/18/2008 - ADDED flickr_rip_LARGE Simple script to ripp flickr images
09/03/2008 - UPDATED feeds.rmccurdy.com added 2 security feeds securityvulns.com and secunia.com
08/14/2008 - VIDEO: ettercap / etterfilter man in the middle ownage
08/14/2008 - myipneighbors.bash.txt myipneighbors > google search for param to help find exploitable scripts
08/14/2008 - UPDATED: w3af_1632.zip w3af GUI for windows portable GTK UI update to build 1632
08/11/2008 - Surf Jacking Gmail demonstration.flv Exploiting sites that use https then http
08/11/2008 - 301 redirect MITM all application request over HTTP So far I only have luck with FF and Opera
08/09/2008 - sedtris.sed Tetris in sed() By: Julia Jomantaite. Here is the shell script to hit enter for you sedtris.sh
08/08/2008 - SSH downgrade attack Old news but news to me.
08/07/2008 - hedgehog A simple proof-of-concept portscanner written in VBA for Excel.
08/06/2008 - Evilgrade hijack updaters request !

Implemented modules:
-------------------
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit

08/05/2008 - Proxycheck.sh Updated still lame but it works...
08/04/2008 - Brute force CSS History Hack Without JavaScript
07/24/2008 - Some issues with the router to the server. Also got a new job. Still working on cracker.rmccurdy.com trying to compile rcracki
07/10/2008 - http://www.freerainbowtables.com FYI if you wanted new rainbow tables now is the time they just updated them lots of seeds !
07/07/2008 - Movies.cgi Quick way to find good movies that are on DVD
04/23/2008 - Download BackTrack 3 Final Here!
04/23/2008 - w3af GUI for windows portable GTK UI update to build 1309 w3af_1309.zip Screen Shot
06/17/2008 - Ya so I got owned by lightning had to replace:
* cable modem
* Netgear wifi router
* 3 NICs
total cost ~70$ downtime 5 days
06/09/2008 - Server was down for a bit for some updates
06/05/2008 - Metasploit.com ARP Pwned
06/05/2008 - CYBS cybersource 2008 Fraud Report.pdf
06/04/2008 - Flash exploit NOT GOOD update flash ASAP ....
06/02/2008 - XSS Cross Site Printing Nice !
06/02/2008 - I am back in town from my little vacation ... I killed my mythbox but now I have the backups automated and SQLdb backed up offsite!
05/23/2008 - SQL Injection Attack At least 70,000 websites have fallen prey to an automated SQL injection attack that exploits several vulnerabilities, including the Microsoft Data Access Components (MDAC)
05/23/2008 - peerguardian Freebsd IPFW script I am on comcast trying to download a ISO for like 3 days not sure if it is comcast or not ..
05/22/2008 - .htaccess issues resolved
05/20/2008 - Different rings telling the difference between switches by the sound of the ring
05/20/2008 - gns3 graphical network simulator that allows you to design complex network topologies and to launch simulations on them
05/17/2008 - SQL Inject via Referer ! This is a new one to me ..
05/14/2008 - "You have received an infraction at Remote Exploit Forums" next message "I am a fan, and appreciate your Flash Ripping Tutorial"
05/01/2008 - [VIDEO] Ripping Flash Templates ! Using URLSnooper / swfdecoder 3 (softlink ) / wget
05/01/2008 - automatic patch-based exploit generation (APEG)
05/01/2008 - http://www.tp2location.com/ Resolve any Telephone Number to its geographical location.
04/24/2008 - Great ! http://olab2.research.microsoft.com/LoginProcess.asp?Email='&Password=
04/24/2008 - find Setuid world writable files find_setuid.txt
04/23/2008 - w3af GUI for windows portable GTK UI !!! portable w3af.zip
04/18/2008 - New video ripping with curl cookies and spidermonkey javascript.swf
04/18/2008 - Fusil the fuzzer Python library used to write fuzzing programs
04/18/2008 - Updated videos.html
04/17/2008 - Proxycheck.sh I could not find a good proxy check tool so this is my hackjob of a script
04/16/2008 - Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
04/07/2008 - I finally got around to updating the support link to reflect my new position on end-user security.
03/25/2008 - I made this for Strom Carlson with love Random proverbs generator
03/25/2008 - SMB_RELAY code not using WPAD http://forums.remote-exploit.org/showthread.php?t=12885
03/09/2008 - EH-Net Exclusive: BackTrack 3 Teaser Video download the SWF from www.offensive-security.com
03/09/2008 - Untested Realplayer code http://forums.hackerscenter.com/showthread.php?t=1431
03/09/2008 - w3af gtk user Interface video w3af-gtk-userInterface.mpeg
02/27/2008 - smb_relay exploit with metasploit on a fully patched XP box smb_relay_metasploit.swf
02/26/2008 - Windows login prompt shell using Magnify.exe (WINDOW KEY + U = shell !) VISTA winlogin_easy_shell.exe
02/25/2008 - Re-visit to WebInspect > nikto 2.X nikto_extra_scans.db
02/20/2008 - Updated Quick Clean to support VISTA! quickclean.exe
02/17/2008 - I have the power !
02/08/2008 - UPDATED feeds.rmccurdy.com added http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/
02/08/2008 - UPDATED feeds.rmccurdy.com added custom osvdb RSS feed for full disclosure http://osvdb.org
01/28/2008 - SERVER OUTAGE: Server was out for the longest recored ever 6hrs the motherboard went bad
01/18/2008 - Boot 30GIG HDD had bad blocks replaced with 160GIG Jan 18 17:48:30 rmccurdy kernel: ad0: TIMEOUT - READ_DMA retrying (1 retry left) LBA=27092023
01/18/2008 - Tiger Team 24K Heist
01/17/2008 - Classic Menu addon for Office 2007 auto installer ! Classic Menu Auto.exe
01/16/2008 - Added Video Google hacking DORKS Wikto Aura
01/16/2008 - I poke fun at "hacker safe" logo from scanalert.com H4CK3R 54F3
01/14/2008 - My first eps of www.hackerpublicradio.org dd_rhelp
01/12/2008 - Looks like snort.org force agent tag ! NICE ! updated script .. SNORT.PHP
12/10/2007 - Hackers In Wonderland
11/29/2007 -

john --wordlist=Words.lst --rules --stdout
john will 49 x's Multiply wordlist
theargonlistver2_wordlist.zip (83meg) > .rar(154meg) > .lst ( plan text 1.9gigs)
if it were to go through john it would result in a 85gig ~98,558,569,081 line file..