SOLDIERX.COM Nobody Can Stop Information Insemination

...and thus, another April Fools day has come and gone for our part of the world. We hope you enjoyed a bit of light humor this year. Usually I do come up with the annual post, but this year I was bedridden and drawing a blank on what we should do so RaT came up with something and we ran with it.

As many of you know, Amp has been a huge fan of music games for a very long time (see this and this). Most of the crew knew something was wrong when Amp was still keeping gamer hours (6pm-6am), but nobody expected it to lead to this. At approximately 10:00am EST today, Amp was found dead in his apartment. The cause of death was a move the music gaming community refers to as "speed balling". No, not mixing heroine and cocaine - but rather mixing masturbation and music games. The game of choice is believed to be DDR, but there was a beat mania controller nearby as well - so police are still investigating the matter. Let this be a warning to all parents to keep a close lookout for a combination of music games and hentai.

Edit: We received a message from the person who found Amp dead today. They are clearly shaken by this ordeal and have wished to remain anonymous.

"Today I was supposed to meet Amp to finish work on some code. When I stopped by his apartment, I saw his door was cracked open and he was on the ground lifeless. Recently, he was withdrawing more, but still was more than willing to work with other people. We could tell something was wrong, but we didn't know that he had these issues. I'm very shaken by what happened as he had so much potential and its all essentially been thrown away. Today, I lost a great team player and a friend as his vices finally caught up with him."

As much as this isn't newsworthy, I think it's funny enough to share with everybody. Our own lame VB/Vzone/Veronica/veromegafree just doesn't give up with the same lame DoS attack that was apparently given to it (he/she) by ChannelZeroYT (see twitter). At an almost daily to weekly rate, VB hits us with the same attack. Clearly the attack stopped working after the first time (3 minutes of outage), but this lamer just keeps trying. VB had left the site for several weeks after TheFixer hacked their ISP and setup a remote pcap (many lulz were had). Please take a moment out of your day to laugh at the failed efforts of VB. Again I pose the question, will a real hacker with 0day please stand up?

Most recent log snippet:

Congratulations everybody, our community is finally at over 10,000 active user accounts. Technically speaking we just had our 13,028 sign up - but over 3,000 of those were determined to be inactive/spammers and have had their accounts removed. We actively prune accounts that spam as well as accounts that never log into the site. Our next goal is to have over 15,000 active members. Thanks to everybody who has been active in our community and to everybody that has helped to spread the word about soldierx.com. Expect some heavy updates coming to the site in May (including a much more powerful server).

For anybody that cares about my views on SOLDIERX and our HDB, I answered several questions in an interview with InfoSec Institute. You can read all about it over at http://resources.infosecinstitute.com/interview-with-rat-the-high-counci.... Obviously I didn't want to attract the wrong type of attention, so let's hope that nothing I said ends up doing that.

For those of you who are into active web recon testing, I decided to make a new module for Recon-ng Framework: https://www.soldierx.com/sxlabs/Simple-Admin-Page-Finder-Module-Recon-ng.... This new module is called 'Simple Admin Page Finder' which checks the hosts for possible administrator pages and administrator directories.

You can add additional known admin directories in the variable admindirs after the comment add known admin directories here.

-scryptz0

Congratulations everybody, our community is finally at OVER 9,000 active user accounts. Technically speaking we just had our 11,305 sign up - but over 2,000 of those were determined to be inactive/spammers and have had their accounts removed. We actively prune accounts that spam as well as accounts that never log into the site. Our next goal is to have over 10,000 active members. After that we'll only be announcing in increments of 5k. Thanks to everybody who has been active in our community and to everybody that has helped to spread the word about soldierx.com.

As part of our official support of Grsecurity, we've sent another $100 to spender of Grsecurity for 3 new features and a game changing ARM port (for people using armv6+). The new features are "Insert random gaps between thread stacks", "Eliminate stat/notify-based device sidechannels", and "Disable TCP Simultaneous Connect". More information is located (for the time being) at http://grsecurity.net/~spender/new_features.txt. As mentioned on twitter (https://twitter.com/grsecurity/status/289714445746307074), the Grsecurity project has not been getting many donations. If you use their systems (or care about security in general), you should toss some money to them! More information on sending donations can be found at http://grsecurity.net/donations.php

While this isn't quite worthy of the news, we do like to shame wannabe hackers when they attempt to take down our site. Such is the story of basement dwelling vb/vb2/vb.2. I'm guessing he read the news article about our server change, and decided to use a rarely used (and lame) POST DoS attack. We quickly noticed and updated our apache config, so thanks for that vb. Also, I hope he feels skilled since he took soldierx.com down for an entire 3 minutes. Sadly enough, he attacked from the IP 190.48.122.159 - which is tied to his soldierx.com account. You would think as a user of the site, he would have read the old news and masked his IP. Will a real hacker with 0day please stand up?

I just released a new script called quicksnap and it can be found here: https://www.soldierx.com/sxlabs/quicksnap-Customized-Automatic-Scanner-Nmap !

quicksnap is a simple python script to make your scanning easier by automating some of the scanning options for Nmap like ping scan, intense scan, normal scan, quick traceroute, etc. without needing to type the options . This script is based on Zenmap and 3 Common Firewall Detection / Evasion Techniques. As a side note, I coded quicksnap out of boredom and to automate the task of my new hobby - scanning Huawei bm622 routers and get their MAC addresses (but seriously I just use the ping scan option for this).

Scanning Options:
[1] Intense Scan
[2] Intense Scan + UDP
[3] Intense Scan - all TCP ports
[4] Intense Scan w/out ping
[5] Ping Scan
[6] Quickie Scan
[7] Quick Traceroute
[8] Normal Scan
[9] Send Bad Checksums
[10] Generate Random Mac Adress Spoofing for Evasion
[11] Fragment Packets
[12] Check for Possible Vulnerabilities