Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Pad snapshot

By: a guest on Jul 24th, 2011  |  syntax: None  |  size: 23.76 KB  |  views: 783  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. DISCLAMER:
  2. Do not attempt to use this package (EarthQuakeInABox) against targets you do not own or unless you have expressed, written permission to do so from the application's  owner. This package is provided as a service to citizens looking to better communicate with other citizens privately as well as to better understand how computer systems work (and to prevent their servers from being shut down) and is not intended to be used by malicious persons for malicious purposes. It is for infomational purpose only and should be seen as such.
  3.  Project being hijacked by amisan  (lol)
  4. INFO: will be making it more portable,
  5. How:
  6. It will download everything, first it gets tor then uses tor to get everything else.
  7. in the end it the care packe will just be a single exe
  8. Objective:  It is to help ease anons into our decentralized i2p communication network (its a  darknet) , getting them to our secure IRC channel (helps to reduce V&) . Also we want to encourage anons to use TorChat (A decentralised Instant Messenger), as well as learn how to use ssh over tor (to access old school BBS networks anonymously. or help admin linux server as a anonymous volunteer). Also part of its aim is to help educate Anonymous via ebooks, as well as provide a starting platform for acting as 'anon' (via basic tools, pictures to manipulate and use)
  9. Also on finalizing of the package, we aim to disseminate this package as a zipfile hidden within an image. Its just cool that way.
  10. tl;dr: Secure Communication Care Package for Anons (hidden in an image)
  11. TODO: https://f3ew3p7s6lbftqm5.tor2web.org/ - add this onion fileserver (just replace tor2web with .onion in tor)
  12. Licence: GPLv3 Free to use and sources must always be avaiable, even by modders. Also free for use by anonymous.
  13. New AnonSauce Project
  14. PortableAnon Page: http://nero.secondsource.info/page.php?14
  15. PortableAnon Forum: http://nero.seconhttp://nero.secondsource.info/page.php?14dsource.info/p/forum/forum_viewforum.php?18
  16. Wiki: http://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Earthquake_in_a_Box
  17. Current EarthQuake in a box:
  18.     build: http://www.mediafire.com/?9gp64ktud06oeg1 V1.0 EQINB
  19. PNG
  20.     Mirror: http://nero.secondsource.info/news.php?item.34.9
  21. Constructor/sourcecode:
  22.     constructor V1.0 http://www.mediafire.com/?j716v6yzff4ykrv
  23. File Library  of most versions: http://nero.secondsource.info/page.php?14
  24. Earthquake in a Box as a jpg image 0.0.5: (just rename to a ZIP and extract) http://sourceforge.net/projects/cherimoya/files/earthquake.png/dwnload (old version v0.0.5
  25. ==== Programlist ==== Structure of current earthquake in a box V0.1 (feel free to suggest)
  26. -readme
  27. + Launchscripts (To easily tell users what to do)
  28. + About and Other info (about projects and other stuff)
  29. + DOC ( Useful readings)
  30. + Communcations
  31.     = VoI2P (in development)
  32.     = i2p
  33.     = Torchat
  34.     = IRC
  35.     = Browser
  36.     = RSS notifier
  37.     = i2p apps
  38.         = i2pmessenger
  39.         = imule
  40.         = i2psnark
  41.    = Screamer Radio (with preset to radiopayback and 2600) for v0.1.1
  42. = pentest (used to attact the usual anons to downloading this stuff)
  43.     = HOIC
  44.     = LOIC
  45.     = WhoIs
  46.     = UDP Unicorn
  47.     = LOIC Hive
  48. = defence
  49.     = MacMakeup
  50.     = MAC Address Changer (to be added) (site link plz?)
  51.     http://www.voidnish.com/articles/ShowArticle.aspx?code=MacIdChanger thx will add soon on next ver
  52.     = truecrypt  
  53.     = HashGen
  54.     = ramdisk
  55. = network
  56.     = putty  
  57.     = winscp
  58.     = Lan Messenger
  59. = propaganda
  60.     = TTS reader
  61.     = Resource
  62. ========
  63. SUGGEST EBOOKS for DOC folder (provide links)
  64. Find the old 888chan library of ebooks, maybe a torrent somewhere. Where? I have no clue where it exist
  65. ========
  66. Portable Anonymous Platform
  67. Objective, create a 'care package' that is nifty enough to be placed in a usb for windows based system,(similar to, say, PortableApps.com) for those not willing to use a Linux Distro like Cherimoya Linux or Backtrack.
  68.  
  69.     Could this not be a Live distro on a USB with custom modules? I could make that, but it's going to take up a lot of CPU, why not use a proper Cherimoya live media then We can already do live distro, but live distro (Virtualbox) takes up valuable CPU cycles... if you want to attack, might as well use it as a proper OS
  70.  
  71.     Oh and we chose USB format so we can be compact. (not all anons want to run a full blown distro) what do you mean? Cherimoya installs to USB. But its still pretty big . ah, I get it. Lets say your flash drive gets reposessed by someone who is computer illiterate, and they saw you doing things you shouldn't have been. If they see the drive is almost completely full, and see a bunch of technical stuff, they are going to flip. On the flipside, if they see folders that have just .exe's, they could think the programs are just games. (personal experience) Might be a good idea to set all the folders to "hidden" then. Or make a "hidden" ext4 partition (well, hidden to windows). But we do need to make it easy to show those folders. Perhaps bury it in the prefferences or a command in terminal?
  72.  
  73.  
  74. It will contain the usual fare of 'network stress tester', but it will also contain security apps to help protect anons. (TorChat, i2p, tor). On the subject of security or fellow anons, shouldn't there be some sort of security measure so that if an anon is careless and looses it or it is stolen by the feds you can't access it without a password or some other security procedure?
  75. It shall also contain a 'starter kit' of anonymous related images and video (and voice synths) to assist in making propaganda(Size should be considered, perhaps distributed in lightalso without these kinds of files like the carepack.) Perhaps someone could upload some of the largest stuff to a website/FTP and link to it in some sort of file that contains lots of links.
  76. It shall contain documentation (as well as links to other documentations, perhaps via magnets URL) for anons, expecially guides from AnonSec  (Similar to the document new anons read during #Opnewblood )
  77.     Ah so in that note, we shall also link to our Live OS effort, for the anons who are brave enough. you make it sound like it'll destroy your computer, it won't. well, yeah, it needs a bit more development.
  78.         Its a gateway drug more like
  79. It will also have a Linux version, contained in a JPG picture, which uses bash scripts to get packages from repositories, or build them from source in the case of Arch.
  80. The starter kit and documentation will be implemented in Cherimoya Linux, along with it's own packages.
  81. What  will make us different compaired to others, is that we shall be using  'portable platform' programs so that its easier to browse though apps  included in the package.
  82. Although such a care package gives very little defense, and relies on Windows, which may contain backdoors and trackers, it's important to have a way for the new to quickly get into and get accustomed to Anonymous. For real security, the open-source Cherimoya Linux is being made for Anonymous as a secure and prebuilt liveCD to be the ultimate care package.
  83. Pros of a Windows care package
  84.  
  85.     easier for anons to get, and requires less teaching
  86.  
  87.     smaller in size
  88.  
  89.     portable on any Windows system
  90.  
  91.     easier to expand anon user base
  92.  
  93.     lower system requirements?
  94.  
  95.     --this isnt even true compared to Virtualbox, I guess (Lower as in easier, Windows provides access for all OEM computers)
  96.  
  97.     easy to securely wipe afterwards (tools like Eraser http://eraser.heidi.ie/)
  98.  
  99.     (feel free to add some) (This tool could run during shutdown of the portableanon enivronment: http://www.nirsoft.net/utils/clean_after_me.html)
  100.  
  101. Cons
  102.  
  103.     Using Windows can be extremely unsafe, no matter where or what you use.
  104.  
  105.     Microsoft  can, and at anytime access and disclose information about you,     including the content of your communications in order to comply with US law.
  106.  
  107.     (You can secure a windows box, lets not forget that)  Yeah, right.
  108.  
  109.     I mean unsafe from within. If you notice the stuff we're doing, adversaries can easily force Microsoft to add a backdoor to track users, and may already have.I know they were doing that with hacked versions of Windows with 7. They would pull registration info if you put in a bad key then refused to fix it and had put your name in. I admit, its not newfag friendly, but we cannot halt this thing because people arent watching their outbounds. We should put a warning then.
  110.  
  111.     Can be easily manipulated and redisturbed with malware. -> Distribution control is the way to combat this. Keep mirrors low, i think the idea of a sourceforge distribution isn't a bad one. Also if we keep our modifications and the source programs used, seperate, people can always remake it themselves. I agree with above. It's not like we are going to censor mods (unless they contain malware or are suspiciously insicure) so I think we should have all of the mods in a central location and asume that all others are trying to molest us.
  112.  
  113.     If  any single application in this package is malicious, your system is  fucked (with Linux there is MAC to protect yourself from your own applications, and segregation with a root account)
  114.  
  115.     preconfiguring apps is a pain in the ass
  116.  
  117.     There will always be stuff left (in the registry, for example) that shows it was used, unlike in a liveCD Cofstoring back to that point after use? Restore points are annonying, I think its just a case of optimising the package to wipe these registry values.
  118.  
  119.     you will never be able to use Aircrack, Slowloris, or pyLoris (Linux can) Aircrack has a windows version I believe Tell me how to use it on a driver with no injection support (which is most of all wireless drivers). It just barely works on Linux. You can get windows drivers for your atheros cards etc that support all the modes, but yes it is dependant on the rare drivers and there isn't much custom driver support for injection on a windows box.
  120.  
  121. Editions
  122.  
  123.     Earthquake in a Box - Windows archive + Linux bash scripts, embedded in a picture.
  124.  
  125.     Dangerous Rabbit - (Linux bash scripts for Arch and Debian embedded in a picture)
  126.  
  127. Developers:
  128. todo -
  129. iruel - Primary (more like the only) developer of Cherimoya GNU/Linux. Lives in the clouds of Bhavagara. Massive amounts of experience in the workings of Linux, although zero programming ability.
  130. Existing Resources To include in such USB:
  131.     One Portable Platform to host and organize this package:
  132.         http://www.pegtop.net/start/
  133.         or
  134.         http://en.wikipedia.org/wiki/ASuite <- We chose this. As it has 'directory' structure, which allows us to better organize our programs, very important if we are putting alot of apps in
  135.         or
  136.         http://portableapps.com/ (hopefully we can also use the new platform that has a 'portable marketplace' its not out yet, but maybe soon)[[though more likely a few months away](PortableApps is mostly re-packged apps that are already portable.  Try to grab apps from PortableFreeware.com (marked stealth, if they don't write to registry) or TinyApps.org instead)
  137.        
  138.     Existing Carepackages (to consider extracting the useful bits from it):
  139.         Earthquake in a Box/Dangerous Rabbit: http://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Dangerous_Rabbit
  140.     Existing Programs we should consider:
  141.         TorChat (prefilled buddylist so people can already reach some anons e.g. Torchat infoserv: 7oj5u53estwg2pvu (moved) - by amisan ) - DONE
  142.         i2pmessenger - The developers of Torchat say that it will become unusable (maybe for good) the minute Tor upgrades to the newest version, which severely neglects hidden services. Having a second chat on a second network will relieve that problem. - DONE (how do you find people via this?)
  143.         portable python <--- python could be slimmed down but that would make it less useful and remove many functionalities that are required by other applications
  144.         LOIC - DONE
  145.         Slowloris:
  146.          Impossible on Windows <--- not explicitly, requires wincap or whatever it is called as well as perl
  147.         RSS readers - presetted to anonnews, anonnewswire, anonsource, and others... -DONE sorta
  148.         IRC presetted options to i2p IRC proxies, as well as various other ircs. - DONE
  149.         (swithcing to irssi because it give the impression of more " |_33t - ness " ,
  150.         will auto connect to either i2p default or maybe amisan's i2p ircd.
  151.         Firefox addons http://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Firefox_Addons
  152.         TrueCrypt ??? - Can try - DONE - cool :D
  153.         KeePassPortable
  154.         ***add in macchanger for windows
  155.             -mac??(does simple change fast mac but need to restart the local connection for the  mac change) - Am using macmakeup
  156.             macmakeup195d ??(does have a big list with ready branded macs from manufacturers) http://www.pendriveapps.com/mac-makeup-change-mac-address/
  157.         Roboform??- DONE
  158.         psst-II?? din't manage to run :(
  159.         Putty - with optional settings or instructions for tor, or i2p - No tor or I2p preset, but DONE
  160.         Voice synths http://download.cnet.com/Speech-Synthesizer/3000-2051_4-10386877.html - DONE
  161.         Audacity - sound editor - No need... <--- maybe... but you could add it for audio effect adding
  162.         Important to consider size. I think it is prudent to release a lite version without voice synth and audacity etc.
  163.         Port checker? just to see what is open/closed or getting data passed thru it - I've had good experience with Angry IP Scanner. Gets messy with 64bit OSs though.
  164. Packages from Cherimoya
  165. Piratepad: http://www.anonpad.org/GFP8ffgWY
  166. Wiki: https://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Main_Page
  167. Cherimoya has included many useful packages, so a list of them is here:
  168.  
  169.     Full List of packages in Cherimoya: https://raw.github.com/treeofsephiroth/cherimoya-dvd/master/packages.i686
  170.  
  171.     Earthquake in a Box/Dangerous Rabbit: http://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Dangerous_Rabbit
  172.  
  173.     Torchat - DONE
  174.  
  175.     LOIC (in place of LOIQ) - Trying Hive LOIC and HOIC (HOIC needs source code code, not trustworthy without source)
  176.  
  177.     slowloris, pyloris (Impossible in Windows, requires difficult patch) <-- could add in automated installer
  178.  
  179.     XChat - Nettalk Done
  180.  
  181.     I2P - Done
  182.  
  183.     VoI2P is currently under development, will add alpha version when reached.
  184.  
  185.     Tor/Vidalia - Can already get tor browser bundle... so no need.
  186.  
  187.     Bitcoin - bad idea, as having it on usb promotes bad practices of money security (link to bitcoin.com though) ok
  188.  
  189.     metasploit -can't find portable version  
  190.  
  191.     aircrack  http://www.aircrack-ng.org/
  192.  
  193.     macchanger - DONE
  194.  
  195.     Firefox addons http://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Firefox_Addons
  196.  
  197.     Adblock Plus[1]
  198.  
  199.     NoScript[2]
  200.  
  201.     BetterPrivacy[3]
  202.  
  203.     Ghostery[4]
  204.  
  205.     Beef Taco[5]
  206.  
  207.     HTTPS Everywhere[6]
  208.  
  209.     Torbutton (Alpha for Firefox 4.0)[7]
  210.  
  211.     MafiaaFire Redirector[8]
  212.  
  213.     User Agent Switcher[9] (or we could use RandomUserAgent, just a thought)
  214.  
  215.     Chatzilla[10]
  216.  
  217.     Greasemonkey[11]
  218.  
  219.     Stylish[12]
  220.  
  221.     Firebug [1.7.3] (along with FireCookie, FirePHP, FlashFirebug... am I missing any?)
  222.  
  223. Don't forget to use noScript. Also, some javascript heavy sites will grab your IP even through TOR.Have javascript and cookies turned off by default.
  224.         A linux OS - We already made the OS, Cherimoya. Maybe we can link to it or provide some documentation or 'promotional' posters so people can be inclined to look for it. (adding it in will make it too big, this package is for newer anons)
  225.         Bitcoin - just to promote its use... maybe also some documents about securing your wallet and protecting against hacks and scams.
  226.     Existing Documentations:
  227.        
  228.     Plenty of apps to consider here: http://en.wikipedia.org/wiki/List_of_portable_software avoid putting in stuff people don't need. or would usally already have... or can easily obtain.
  229.     and http://tinyapps.org/internet.html
  230.    
  231. Non-Existant Resources that needs to be created:
  232.     Links to various anonymous related websites. (including eepsite and .onion hidden sites on tor and i2p)
  233.     Links to forums (e.g. http://nero.secondsource.info/p/forum/forum.php )
  234.     AnonAlert - To automatically inform masses of anons of important events. Like a pager system?(http://nero.secondsource.info/page.php?4 ) - Yea kinda
  235.      AutoStarter -  To automagically start up various programs and scripts  (e.g. start i2p services first before opening the IRC to #anonops (http://nero.secondsource.info/p/forum/forum_viewtopic.php?27 ) )Should be able to be completed with a .bat file that runs programs in a specific order. - But we want to give people the option of what programs to autostart the first time.
  236.     Latest portable i2p install. ( kinda like http://portable-i2p.blogspot.com/ ) -DONE
  237.     Portable python - http://www.portablepython.com/
  238.     Maybe a launch pad similar to U3? It would be useful to make a GUI. I could probably make something like that in Java/C++ sounds nice, we are using asuite, but custom ones are always cool.
  239.     VoI2P, amisan's personal project (anonymous peer to peer voice chat, [High latency] )
  240.    
  241.     Propaganda poster and links to our Cherimoya Linux OS (make it noticeable)
  242.     : http://nero.secondsource.info/page.php?7
  243.     Piratepad: http://www.anonpad.org/GFP8sfgWY
  244.     Wiki: https://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Main_Page
  245. Latest Download:
  246. http://www.mediafire.com/?ciy7cfabcq43q1w - V0.0.5 I2p and IRC includeed. Ready for general collaboration.
  247. http://www.mediafire.com/?8z8nwmpn0ke421 - v0.0.1 Proof of viablity (Package Constructor) of making a 'transparent package' by using a batch script. (the script will act as our 'step by step' documentation of what we modified and created for the package. Discussions on http://nero.secondsource.info/p/forum/forum_viewtopic.php?77.last
  248. Hash verification:
  249. (MD5 checksum should be easy with python)
  250. We should make a script that automatically 'verifies' a usbkey to make sure that its not tampered. (even better would be to make a script that can 'package' our usb. This will help in improving transparency) Would it be possible to link an encryption file to a server, and make it so the server changes the password every five minutes or so, and requires the password to be entered before viewing the encrypted files, and have the password be posted in a secure location, requiring user authentication? Else, requiring you to be connected to a certian network before allowing you to view the files? I know AT&T does something similar to this. They use SecureID keyfobs that have a set of randomly generated passcodes that are programmed into PC software as well as the SecureID keyfob, and it changes about once per minute. They use that to allow the employees to connect to their VPN they have.
  251. Note: We should always make a step by step account of how we made this care package. So others can trust what we did, and also take over our effort if we lose interest. Which mean the instruction should be included in the package itself as well, +3
  252. (Tails could be forked but we already have a working system, i think)
  253. Can't we just use tails? (Well again, no, as we are aiming to cater to window newbies)
  254. It's more than usablility and user-friendliness. Tails does not have the specific applications we need, such as I2P, LOIQ, pyLoris, and metasploit. Also, rebuilding TAILs using it's liveCD creator is absymally complex, and nearly impossible to replicate (which is the primary goal of Cherimoya). We may borrow some features from it, but Cherimoya and TAILS are not the same system. It is quality software, but it serves a different audience with a different goal.
  255. Tails is a live CD or live USB that aims at preserving your privacy and anonymity.
  256. TAILS is pretty good, distributed by TOR Projects: https://tails.boum.org/ Yea I got it, not bad. But as said above, it doesnt suit our purpose unfortunately. We need to import stuff from it, but we also need some experience...
  257. Cherimoya GNU/Linux  is a live system that gives anons high anonymity (with I2P and Tor),  high security (using sandboxing and MAC) and server testing utilities  (such as LOIQ, pyLoris, metasploit, and aircrack). It is the ultimate care package for Anonymous.
  258. LulzSec, should have 2 versions, White and grey,
  259.  the plan forum people will get antsy with the grey tools added now are packaged.
  260. It professes to be a truly installable system, while merging the features of TAILS, Polippix, and Backtrack.
  261. Piratepad: http://www.anonpad.org/GFP8sfgWY
  262. Wiki: https://sourceforge.net/apps/mediawiki/cherimoya/index.php?title=Main_Page
  263. Embedding an archive in a JPG image , or perhaps a bmp
  264. (a bunch of txt files with stuff like this would be great)
  265. Windows:
  266. http://www.online-tech-tips.com/computer-tips/hide-file-in-picture/
  267. Open up My Computer.  In Windows XP or earlier click Tools > Folder  Options; in Vista or later click Organize > Folder and Search  Options.  Go to the View tab and find the option "Hide extensions for  known file types" and uncheck it.  Click OK to save the setting, you  should now see "merge_example.jpg", with the .jpg extension showing.
  268. Now rename that file to merge_example.rar, and confirm that you  want to change the extension.  Now if you have WinRAR installed, you  should be able to open the file in WinRAR to reveal the hidden archive,  embedded right into a picture file!
  269. Weird, huh!  And it's really quite simple to replicate.  Here are some simple instructions:
  270. Create a folder and fill it with the files that you want to put in your  archive.  Select all the files and add them to a new ZIP or RAR archive.   You should now have a folder with a ZIP or RAR archive along with all  the files that are inside that archive.  You can delete the main files  now (not the archive.)  Now find the picture that you want to embed the  archive into and copy it into the folder.  You should now have a folder  with a single image and a single ZIP or RAR archive.  Make sure that you  don't have any files selected in that folder and hold shift, then right  click anywhere in the empty space and select "Open command window  here."  With a command prompt window opened and set to the working  directory, type this command:
  271.     copy /b [DISPLAY IMAGE NAME] + [ZIP / RAR NAME] [OUTPUT IMAGE NAME]
  272. Replace:
  273. [DISPLAY IMAGE NAME] with the filename of the image you want to embed the archive into (including extension)
  274. [ZIP / RAR NAME] with the filename of your archive (including extension)
  275. [OUTPUT IMAGE NAME] with the name you want your output image to have (include extension)
  276. An example command would be:
  277.     copy /b display.jpg + hidden.rar merge_example.jpg
  278. And now merge_example.jpg is a valid JPG image file with a hidden RAR file packed inside.  Very nifty.
  279. Linux: from:
  280. http://www.pinoytux.com/linux/tip-hiding-files-inside-an-image-in-linux
  281. Get an image file and an archive of the files that you want to hide.  In this example, I have cat beer_and_cig.jpg and hideme.zip file. The  zip file contains an MP3 song that I have stored inside the archive. To  create the archive-image file, run this command:
  282.     cat beer_and_cig.jpg  hideme.zip > ucantseeme.jpg
  283. What this does is the ‘cat‘ command reads the image file first, then reads the zip file and puts them together in the file named ucantseeme.jpg.
  284. To test the integrity of the image file, try this:
  285.     # unzip -t ucantseeme.jpg
  286.     Archive:  ucantseeme.jpg
  287.     warning [ucantseeme.jpg]:  4751 extra bytes at beginning or within zipfile
  288.     (attempting to process anyway)
  289.     testing: Feist - 09 - One Two Three Four.mp3   OK
  290.     No errors detected in compressed data of ucantseeme.jpg.
  291. Idea: Custom Filesystem
  292. How? LZMA compression similar to many binary firmware blobs.
  293. Unknown difficulty level but seems like an intermediate level of difficulty.
  294. The warning shows that your image was successfully inserted, and the rest tells you that the archive is totally intact.