xDenialx

short version. go to the last link in the page to get a util that allows you to replace whatever you want on someone elses computer within wireless range, with wahtever you want examples: anytime they open interenet explorer/browser, send them to goatse replace all .jpg .gif. tiff pict whatever, with goatse, or tubgirl or whatever any time they click a link, pop a jscript window telling them theyre owned, then open goatse.

http://www.evilscheme.org/defcon/ text below. files at link. airpwn - bringing goatse (and friends) to Defcon 12! **WARNING** In case you can't figure it out, HERE THERE BE GOATSES!! Images from Dave's camera Movies from Dave's camera Images from my phone At Defcon 12 this year my cow-orkers and I brought along a little piece of code called "airpwn." Airpwn is a platform for injection of application layer data on an 802.11b network. Although the potential for evil is very high with this tool, we decided to demonstrate it (and give it its first real field trial) on something nasty, but harmless (compared to say, wiping your hard-drive) Over the course of defcon, we fielded 7 different airpwn configurations to see how well it worked, and of course to watch as 31337 h4x0rz got goatse up in their mug. The configurations were: * HTTP goatse, 100% of the screen * HTTP goatse replacing all images * HTTP goatse as the page background via CSS * HTTP tubgirl replacing all images * HTTP "owned" graphic, replacing all images (eventually I felt bad about all the ass pictures) * HTTP javascript alert boxes, letting people know just how pwned they were * FTP banners (while this worked, nobody pays attention to FTP banners so we abandoned this quickly) How does it work? airpwn requires two 802.11b interfaces, one for listening, and another for injecting. It uses a config file with multiple config sections to respond to specific data packets with arbitrary content. For example, in the HTML goatse example, we look for any TCP data packets starting with "GET" or "POST" and respond with a valid server response including a reference to the canonical goatse image. Here's the configuration file used for this mode: begin goatse_html match ^(GET|POST) ignore ^GET [^ ?]+\.(jpg|jpeg|gif|png|tif|tiff) response content/goatse_html and here is the content that we return when the match is triggered: HTTP/1.1 200 OK Connection: close Content-Type: text/html <html><head><title>pwned</title></head><body><h1>OPEN YOUR MIND -- TO THE ANUS!!</h1><img src='http://goat.cx/hello.jpg' width='100%' height='100%'> Each of the 7 modes mentioned previously varied in the configuration and content returned. In each case the poor user of the web browser was left feeling disgusted, afraid and/or confused. While I was busy operating airpwn at the laptop, my accomplices wandered the show-floor taking pictures and the occasional video of our victims. Links to our victims are at the top of the page. In all honesty, the reaction to airpwn wasn't exactly what I had expected. When I was writing the code, I imagined that the second I turned airpwn on we'd hear immediate groans of disgust radiating out at the speed of light. In practice, airpwn's effect was simultaneously more private, and more full of personal drama. First off, the full-screen goatse seemed to be too powerful. The second it flashed on the screen, the savvy user would have the browser closed already. This made it incredibly difficult to actually catch the victims on film. Based on the logs generated by airpwn we would be hitting multiple people per second, but finding someone with goatse up on their screen was still a bit of a challenege.. Once we did find a victim, the results were pretty hillarious.. I had tears rolling down my cheeks on multiple occasions. The typical goatse reaction went something like this: * Open browser, see goatse, jump backwards a little * quickly close browser, take a breath * open browser, see goatse, close browser (faster this time) * scratch head, quit browser process, re-launch browser * see page indicating that goatse will load soon (page header, etc.) immediately close browser. * open up browser preferences, click all the tabs, look for the "no goatse" checkbox * clear the browser cache * open browser, see goatse, close browser * open network preferences, click on all the tabs, look for the "no goatse" checkbox. * disconnect from network, re-associate * open browser, see goatse, close browser At this point, the less l33t people would generally give up and either 1) do something else or 2) look deep into goatse's anus with a 10-yard stare.. The more l33t victims would launch ethereal and try to figure out what was going on.. Eventually they would mumble something about "rogue APs" (WRONG!) or ARP poisoning (WRONG!) or DNS poisoning (WRONG!) and do something else.. After a few hours, it quickly became apparent that the image replacement mode was the only mode that would sustainable for long periods of time. The full-screen goatse amounted to a complete DoS of HTTP, which was just plain rude. The javascript injection (with dialog boxes talking about the victim being pwned) was by far the most distruptive. Most people (quite sanely) immediately turned off their laptops or whipped out ethereal in full COUNTERHACK mode. The goatse image mode was disruptive enough to be fully fucking hillarious, yet still left HTTP enough alone to be usable. I guess image-maps were the only things we truly broke with that mode (hint: click the anus!) Overall, airpwn was just about the only reason why defcon was amusing this year.. Without airpwn I think I would have been mostly asleep and would have just IRCed the entire time.. If you want to play with airpwn yourself, an early alpha has been posted to sourceforge..

seriously. i didnt think i had to spell that one out.....

i really would quit college if i had to live in a dorm with women such as those pictured.

there wasnt a joke scarfacen. more of a reference.

http://www.fuckinggoogleit.com bjork - all is full of love video directed by Chris Cunningham its ejeet.

k you retards let me spell it out for you un-cultured fucks. opter dissed me for liking bjork. opter puts me talking about bjork in his sig. in my new sig i have a picture from a bjork music video. hence, it is tied to opter so i put it attn to him. got it? great.

enjoy k

this thread sucks.

what i wanna know is where these noobs learned how to fucking EAT. it says "a pic with you eating the cake" not "a pic of you smashing the fucking cake into your face"

nice rage harry, honorary [myg0t]

fail. capital M, capital T other stupid writing on the cake that is not prescribed in the rules. also wtf is that other jibber jabber youre talking in your post, fatty?

need the IP. time to rage.

brilliant scam, im raged i didnt think of it first.

sounds like the smashed his face or somethign and he cant even yell right. thats pretty m3n. i wanna see pic ofhim afterwards.

welcome to myg0t

werddddd.

they both suck. quit.

this thread sucks.

i dont. 100% honest to god. chicks ask me all the time.

play a sport, join 983749837 clubs, be an officer in one club, get good SAT/ACT scores. the key being the scores.

1. North Dakota (current) 2. Texas (born/raised)

didnt hobojo do this?

this is the definition of rwnt.