матрациIn this Underground video, Ground Zero explains how to install Backtrack 3 onto an USB drive. He also illustrates how to make the USB device bootable and how to enable persistent changes in Backtrack. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com

In this Underground video, Crash Overron explains CSRF (Cross Site Request Forgery), and how it can be used to force a user’s browser into performing an undesirable action on a website. Basically, CSRF tricks a browser into requesting a web page that is design to perform a specific function such as changing user settings. Furthermore, if the page allows GET variables, an attacker can modify that user’s settings. Commonly, CSRF attacks are hidden in image html tags. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com

In Full Disclosure Episode 11, we show you how to extract information from our WordPress SQL Database. WordPress is open source, so we were able to look up information about WordPress’s Database structure. However, what do we do if the Web application is not open source? How do we know what tables and columns to extract information from? In this VBlog, I’m going to explain how to use the Information_Schema database to extract information about a website’s tables and columns. Full Scale Video Here
Download Here

Nox and I are in Las Vegas for Defcon 17! It our first time at Defcon, and from want we’ve seen so far it going to be an amazing weekend. We’ve already heard some great speeches, and seen some pretty cool stuff. As many of you know, the attendees of Defcon get a badge with some electronics to hack and modify.
 
(Click to enlarge)

This years badge has a Freescale MC56F8006 DSP/microprocessor chip, microphone, and RGB LED. The RGB LED cycles through different colors until the microphone picks up some noise then the LED with respond to the volume and frequency of the sound. We decide to try playing different frequencies and see if the badge would reveal some easter eggs for a specific frequency. After a few minutes we figured out that the LED would blink what look to be Morse code whenever it pick up a frequency that was a power of 2 (such as 64hz,256hz,1024hz, etc.).

(Download Here)

The Morse code message turned out to be the url 0day.com/n01z. Tomorrow, I’m going to try to get a level shifter, so I can modify the firmware!

For more information on Defcon you can go here.
For more information on the Defcon 17 Badge go here.

Alright, I know some of you guys maybe unfamiliar with IRC, so the moderators and I decided to upload a Java IRC Client to Infinity Exists. All you have to do is go to InfinityExists.com/irc-client/ and you will be automatically connect to our IRC server and channel. Feel free to hop on whenever you want; myself or another admin will typically be on to chat and answer questions.

In this episode, we demonstrate three ways to Bypass Hotspot’s Access Controls. A large amount of public hotspots require a fee to access the internet, and in this video we explain how a person can use Session Stealing, DNS Tunneling, and Ping Tunneling to bypass that hotspot’s access controls.

Video Stream Here
Download Here

Download ptunnel.exe

Infinity Exists now has a new IRC server up and running! The hostname for the IRC is server.infinityexists.com, and the channel that Admins and myself will be in is #Infinity_Exists. Go check it out! Also, we will be running a vent server and a few game servers. You can go to http://server.infinityexists.com to check the stat page to see what servers are available. Also, Nox just got some new server equipment, so hopefully we will get some boxes setup for you guys to practice hacking. Keep checking the website for further updates.

Crash Overron made a video explaining Alternate Data Streams (ADS). ADS were introduced with NTFS and was essentially create to provide compatibility with Macintosh’s Hierarchical File System (HFS). ADS allows data to be forked into existing files without affecting their functionality, size, or display in a file browser. Consequently, ADS enables malicious hackers to easily hide viruses and rootkits in existing files or directories. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com

For my Digital Systems Laboratory (ECE 385) at the University of Illinois I had to do a final project using a field-programmable gate array (FPGA). My partner and I designed a hardware implementation of the MD5 algorithm and used it to crack MD5 password hashes. A FPGA allows you to prototype large digital circuits by utilizing a hardware description language such as VHDL. The FPGA enabled us to create a large hardware system dedicated to cracking MD5 Passwords. The FPGA we used was the Altera DE2 Development Board with the Cyclone II chip, and we were able to fit sixteen parallel MD5 Cracking units onto the FPGA. Each unit is able to produce a MD5 hash in 68 clock cycles, and since the FPGA has a clock rate of 50 MHz this system is able to produce over 44 million hashes a minute. The MD5 hash is inputted by the user through a keyboard, and if the system finds a match, the clear text password is displayed on a VGA monitor. Full Scale Video Here
Download Here
Download FPGA MD5 Cracker Project Files

In this Vblog, I demonstrate a simple project that anyone can do with an Arduino. An Arduino is an open-source electronics prototyping platform that utilizes an AVR microcontroller and a simple I/O board. For this project, I use a python script running on my computer, which monitors ARP poisoning on the network with the use of Ettercap’s ARP Cop plugin. If ARP poisoning is detected, the script will communicate with the Arduino through the USB port, and the Arduino will turn on a LED. This way a user can be quickly informed when their network is under attack. Full Scale Video Here
Download Here

Download Arp_Cop.pde (Arduino Code)
Download Arduino_Arp_Cop.py (Python Script)