moddr_Zero-Day Fruit

moddr_ joined in on the general open day frenzie of Dutch hackerspaces combined, with open labs in Enschede, Den Haag, Arnhem, Heerlen and Leeuwarden, among others.

Despite a timid crowd, we managed to get a fair amount of work done on Birgit Bachler‘s new “Farmville meets DataSurveillance” gardening project – more on that via this site soon – and Dennis de Bel threw out two new ‘cute but wrong’ pieces in true zero-day hack style; quite the contrary to hackerspaces.nl‘s proposed focus on “ethical hacking”, hehe….

Alpiner is a network scanner – wifi and 3g (limited) – that exposes iDevices vulnerable to the ssh root password attack vector. In passive mode it will stealthy scan the network your connected to for weak devices and save their details for later use.Alpiner is highly flexible and scalable: besides a passive scanner, it can also act actively, such as ‘respring’ or rebooting a device, as shown in this video. Besides total control of it’s actions, multi-device- (Apple, Android, RIM, Windows), multi platform (osx, ios, linux) and multi-network-support it can run on your (cloud) server as a convenient background service.

Royal Icing – Droidsheep vs. Royal Icing Cookie Flooding

‘Defeating’ http session stealing by cookie-flooding the network. In this case with and excerpt from Alice in Wonderland. Source and Binary available soonish.