the nmrc warez 2005 extravaganza n.
Skip this Video
Loading SlideShow in 5 Seconds..
The NMRC Warez 2005 Extravaganza PowerPoint Presentation
Download Presentation
The NMRC Warez 2005 Extravaganza

Loading in 2 Seconds...

play fullscreen
1 / 15

The NMRC Warez 2005 Extravaganza - PowerPoint PPT Presentation

  • Uploaded on

The NMRC Warez 2005 Extravaganza. DefCon 2005 n omad m obile r esearch c entre. “With just a few keystrokes, cybercriminals around the world can disrupt our economy.” - Ralph Basham, Director of the U.S. Secret Service at RSA 2005.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'The NMRC Warez 2005 Extravaganza' - johana

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the nmrc warez 2005 extravaganza
The NMRC Warez 2005 Extravaganza

DefCon 2005

nomad mobile research centre


“With just a few keystrokes, cybercriminals around the world

can disrupt our economy.” - Ralph Basham, Director of the

U.S. Secret Service at RSA 2005.

“With just a few keystrokes, pundits can disrupt our freedoms.”

- Daaih Liuh, NMRC, 2005

“With just a few keystrokes, I can turn those pundits off and watch porn instead.” – jrandom, NMRC, 2005

updated ncrypt
Updated Ncrypt
  • New features and bug fixes
    • Includes Todd MacDermind’s nrm, a drop-in replacement for rm for secure file erasure
    • More features for script integration (the users demanded it!)
nmap tools
Nmap Tools
  • nmap-report
    • Generate a list of IPs from your run of Nmap
  • nmap-diff
    • Diff on 2 days of nmap runs
  • nmap-wrapper
    • Nmap lots of hosts quickly
  • SPA is Single Packet Authentication, a single packet that can authenticate a user to a system
  • It is a protocol for allowing a remote user to authenticate securely on a “closed” system (limited or no open services)
  • Uses GPG to sign/encrypt a message to a sniffing server in a single TCP, UDP, or ICMP packet
  • Work across NAT
  • Free
visual representation

TCP, UDP, or ICMP Packet

Encrypted for 0xdeadbeef

Signed with 0x12345678

ID,session keys,


Command and control info

Visual Representation





sample code layout
Sample Code Layout







the scanner http scan pl
The Scanner –
  • The beauty of a CLI
  • Easy to change XML config file
  • HTTP, some FTP (anon access and writability), some SQL (finds Slammer-vuln boxen)
  • Very fast, will fork off children (default 32) and will only scan systems that have been “identified” (this can be overridden)
  • Very few false positives
  • Free
route detector
Route Detector
  • Detect Multihomed Boxes and Misconfigured Network Devices
  • Scan Large Networks Quickly
  • Client Forges ICMP Echo Request with Signed Payload using Share Key
  • Server Sniffs ICMP, Compares Payload with Expected
  • NPC is Nearly Perfect Crypto. Seriously….
  • It includes a utility for creating large one time pads (using the PRNG ISAAC)
  • Fast, simple and quick
  • If you can manage the key exchange, it is nearly the most perfect and unbreakable crypto you can get (one time pads are considered the ultimate crypto)
    • Key management is a bitch, and may render this impractical for modern humans
why npc is so fast and secure
Why NPC Is So Fast and Secure

/* main "crypto" loop */



guaranteed_memset(iblock, 0, 16);

guaranteed_memset(kblock, 0, 16);

guaranteed_memset(oblock, 0, 16);

isize = fread(iblock, 1, 16, ifp);  Read in a block of plaintext

ksize = fread(kblock, 1, 16, kfp);  Read in a block of the key (remember, key mgmt is hard...)

if(isize <=0)


fprintf(stderr,"%s: === Unable to read data: %s\n",PACKAGE,ifile);



if(ksize <=0)


fprintf(stderr,"%s: === Unable to read data: %s\n",PACKAGE,kfile);



for(i = 0; i < isize; i++)

oblock[i] = iblock[i] ^ kblock[i];  wicked crypto (XOR! Fast!)

osize = fwrite(oblock,isize,1,ofp);  write out the ciphertext

if(osize <= 0)


fprintf(stderr,"%s: === unable to write data: %s\n",PACKAGE,ofile);



if(ofilesize<17) break;

ofilesize -= isize;


Q & A
  • We will spank audience members during the Q & A
  • You must sign our Ass Release Form before you can be spanked
  • You may choose any NMRC member to spank you
  • If you do not choose a particular NMRC hacker to spank you, the NMRC hacker answering the question will spank you while giving the answer
fin biatchez
Thanks to CAU, DC214, Jon Callas for SPA ideas, and the rest of NMRC

Shouts – Mike Rash (fwknop)

Photo session by Duy Nguyen and Amy Lee Muir

Art Manipulation by Weasel

NMRC Fetish Model – Bethany

FIN, Biatchez

Images © 2005 NMRC