• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2017
  • July
  • 1
  • Alexa – Go Hacker Mode

Alexa – Go Hacker Mode

July 1, 2017July 27, 2019 Comments Off on Alexa – Go Hacker Mode
alexa go hacker mode alexa hacks code lambda expression turn your alexa into a hacker writing an alexa skill

Now you can say “Alexa, hacker mode!” and ask her a series of questions about encodings, command line help for programs like Metasploit(tm), Nmap, NetCat. Like: “How do you do a services fingerprint scan with Nmap?” Or “What is the HTML encoding for double-quote?” etc.

The app will be submitted for free public use, but if you want to use it now, or contribute to it, you need to create an Alexa Skills account to put the speech definitions in, and a AWS account for the program logic. And of course, you’d need to have a Tap, Dot, Echo or CoWatch watch. The links will be provided below for the Amazon sites.

This project was created by David Cross to assist him with day to day work.

” I’m a full time red-team hacker and recently I was told by my doc that I was going to lose some significant eye sight. I wanted to immortalize some things I know, and also build some general tools into Alexa while I can still see a bit better so I don’t have to have a Google window always open while I’m working… and Alexa works well for asking and answering quick questions. As you may note, I went way beyond quick questions, but one does that when they’re trying to take over the world. Alexa is also handy for a little-known ability to send “card” data, or a little text version of what it answers for you which is nice for getting syntax detail that doesn’t quite come across easily in speech. Rumor has it the new Echo’s will have a screen on the front so cards will be displayed there as well as in the Alexa app.”

What is Hacker Mode?

Hacker Mode is a collection of Node.JS code and JSON that builds two important pieces of a whole:

  1. An Alexa Skill (a set of lists that describe how to talk to a Lamdba expression)
  2. A Lambda expression (a Java Script that consumes a JSON representing a voice request)

1) The Alexa Skill is comprised of:

INTENTS – (what categories of things the user may want to do)

  • This file includes JSON to describe what TYPES of things can be asked.
    It also references the list of items that provide the subject of the question.

SAMPLE UTTERANCES – (examples of things that can be asked)

  • This file is a list of ways the user can phrase questions which include items.

ITEM LISTS – (slot types are specific topics Alexa will provide answers for)

  • These files are lists of words or phrases that should be recognized.

2) The Lambda expression is currently composed of only one file:

Hacking.js which is your Lambda expression that will respond to Alexa voice requests.

App Structure

Before you start on your road to Alexa skill building that you use one of their built-in samples to get an idea of how it works. Bookmark both sites as you’ll have them open a lot during development and you’ll be cutting and pasting code into the sites.

The interesting thing is that these two pieces of an Alexa app are in fact created and tested IN TWO SEPARATE WEB SITES!

Two directories to match the basic structure (Lambda and AlexaSkill)

  • Create your Alexa Skill in: https://developer.amazon.com/edw/home.html#/skill/
  • Create your Lambda expression in: https://console.aws.amazon.com/lambda/home?region=us-east-1#/functions/

Getting Started

Once you have your feet wet, and have tested a “demo” skill on your Alexa device… From there, you can create a new skill and preferably call it Hacker Mode and drop the lambda code in on the AWS side and link the two with AWS Lambda ARN number that is generated when you create the Lambda expression. This basically marries the Alexa skill in the skills web site to the logic in your Lambda expression on the AWS site.

Amazon has some good tutorials (and free swag apparently):

https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/content/fact-skill-1?&sc_channel=SEM&sc_campaign=Fact-Skill&sc_detail=Branded&sc_segment=Alexa-Tutorial&sc_publisher=Google&sc_country=WW&sc_medium=SEM_Fact-Skill_Branded_Alexa-Tutorial_Google_WW_0007&sc_trackingcode=0007&gclid=CMOFndDV1dMCFViRfgodZrIDLQ

This one is not too bad:

https://www.pluralsight.com/guides/node-js/amazon-alexa-skill-tutorial

When you start your Alexa it will pick up the list of skills from your account on the skills web site. The Intents, utterances and lists of items tells Alexa how to assemble a JSON request that can be consumed and translated into something useful by the Lambda “program”. Basically, when a request comes in, the Lambda server “wakes” the lambda logic and “runs” it on the incoming JSON. If the Intent is one that it has a function handler for, it will try to match the ITEM that comes in to a list of items in the lambda code and respond with whatever the prescribed answer is for that combination of INTENT and ITEM.

To shed more light on this: If you want Alexa to be able to answer the question “who’s the greatest {talent} of all time?” you would break that down into an INTENT called: “TheGreatest”

You’d create a list of things to fill in the blank with … like: hockey player, hacker, singer

You’d create a set of sample utterances that look basically like: Who is the greatest {talent_list} of all time, or Who’s the best {talent_list}, or Who is the most epic {talent_list} of all time.  Once you have those lists, you can drop them into your Alexa Skill configuration. Then you’d tailor your Lambda expression code to match the {talent_list} named items like: hacker, singer, hockey player to your list of responses in your lambda’s JavaScript code.  In Hacker Mode I use a “database” built out of JSON objects and I have a row named for each possible option that includes a speech response and sometimes even also includes a text response.

You’d create a set of sample utterances that look basically like: Who is the greatest {talent_list} of all time, or Who’s the best {talent_list}, or Who is the most epic {talent_list} of all time.  Once you have those lists, you can drop them into your Alexa Skill configuration. Then you’d tailor your Lambda expression code to match the {talent_list} named items like: hacker, singer, hockey player to your list of responses in your lambda’s JavaScript code.  In this case I do it with a database built out of JSON objects and I have a row named for each possible option that includes a speech response and sometimes even also includes a text response.

Anyway, peek through the code and it will start making sense.  It really comes together once you’ve set up one of Amazon’s provided demo projects like Favorite Color.

Further in Depth

The heart of the Lambda expression is basically a program inside of a JSON object. Which is weird but bear with me. (We live in a JavaScript world) JSON, for those that aren’t familiar is a basically a less wordy version of XML. And as such, it can hold data in various forms.

The heart of the Lambda expression is basically a program inside of a JSON object. Which is weird but bear with me. (We live in a JavaScript world) JSON, for those that aren’t familiar is a basically a less wordy version of XML. And as such, it can hold data in various forms.

The goal of the Lambda expression is to provide a means of accessing your answer data that Alexa will speak back, and to trip a function of the program or a “handler” to handle a specific INTENT type. So, going back to the example of the “TheGreatest” intent example, you’d have a function in Javascript within the Lambda expression that is tagged with that intent name. As the Lambda interpreter loads your expression and tries to match what is being asked with possible responses it sees there’s a match and fires the logic of your function to respond to the incoming INTENT type and ITEM type. In this case INTENT is “TheGreatest” and ITEM is “hockey player”. Your Lambda expression function will then look up in a data structure the answer for that query which is “Wayne Gretzky”.

At the very bottom of the Lambda expression included in this project you’ll notice a bunch of constants defined which determine the way JSON structures map to variables. The intent is not to make it more complicated, but rather to provide a means of mapping translations to the data structures into other languages. I gave up on that idea early on and hard coded the mappings. Eventually, when we get fancy, I want to separate out the JSON data definitions into separate files to make it easier to edit them. But for now I wanted to simplify the idea of what’s happening and simplify the replacing of the Lambda expression with a simple copy and paste instead of uploading a structured zip file which is the only alternative.

What is Basically Done

NetCat
NMAP
Metasploit
Html Encodings
Hex Encodings
ASCII encodings
URL encodings
HTTP Headers lookup
HTTP Verbs lookup
TCP/UDP Ports (common)

What Needs to Be Done

all TCP/UDP ports
HTTP response codes
UU char encodes
IP to IntegerIP value conversions
Powershell goodies
WMIC commands
Lin/Win commands for basic user creation and system management
*commands for every decent hacker tool out there like nCat an upgraded netcat with HTTPS support
*commands for “living off the land” like creating a web server using OpenSSL 🙂
** commands for actually kicking off a scanning a local subnet target with nmap maybe on your own Kali
*** a command language for auto-pwning local subnet systems which would require a CNC server with strong crypto and message verification.

“In short, let’s make this the new pen testing framework shall we?
When I think of where I want this to go, I want to get beyond just curiosity questions like what is the hex encoding for carriage-return, but get to weightier matters like:”

“Alexa, Hacker Mode…”
“Now in hacker mode…”
“autopwn 192.168.0.11 for me”
“Are you sure you want to autopwn 192.168.0.11?”
“Yes, I’m sure.”
“You are now root on 192.168.0.11.”
“What would you like to do? Copy files, scan a target or create a user?”

YOU GET THE IDEA!!! SKYNET without the guns and robots BASICALLY…

Post navigation

WikiLeaks CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers
How to Use Metasploit, SEToolkit, AndroRAT Without Opening Ports in Kali Linux

Related Articles

Lockdoor – All in One Penetration Testing Framework

- Automated Pentest
October 2, 2019

Rebel Framework – Advanced and easy to use Penetration Testing Framework

- Automated Pentest
September 28, 2019

APTSimulator – Toolset to Simulate APT Attack

- Automated Pentest
July 31, 2019
hacker gadgets
hacker phone covers

Recent Posts

Woman Sentenced to 151 Months in Prison for Selling GHB

Woman Sentenced to 151 Months in Prison for Selling GHB

August 16, 2022
riskscanner: Open source multi-cloud security compliance scanning platform

riskscanner: Open source multi-cloud security compliance scanning platform

August 15, 2022
Brazilian Crypto Investment Platform Suspends Withdrawals

Brazilian Crypto Investment Platform Suspends Withdrawals

August 15, 2022
RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check

RedGuard – C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check

August 15, 2022
veinmind-tools: container security toolset

veinmind-tools: container security toolset

August 15, 2022
Chisel-Strike - A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities

Chisel-Strike – A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities

August 14, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW