Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About IDNeon

  • Rank
    Hak5 Fan +
  1. This seems to be the most authoritative answer: wlan host 08:00:08:15:ca:fe While not exactly the channel you can narrow it down to the channel you want by selecting the APs in that band I suppose?
  2. I may have glossed over what you were getting at, been a busy day, and thought you were referring to the time frame in which that task could be performed.
  3. Well to clarify your statement a little bit. The only reason GPUs don't help for "OWA" is because of other limiting factors like how fast you send attempts at the OWA, etc. All of it still depends upon speed, it's just what's bottlenecking you and reduce that. I'm sure there's a laundry list of optimizations for OWA/firewall account cracking where accounts don't have lockout policies and etc.
  4. Not sure why no one has pointed this out but there's a whole market for this exact thing in the GPU industry which is why you find better performing GPUs for this task that are not as good for gaming. I am sure GPU manufacturers actually have a sales team devoted to explaining what's best for this.
  5. Good god buy a junk TV for 50 bucks, problem solved.
  6. I've noticed AV processes are fickle in when they can and cannot be killed, sometimes they feed on other processes and tampering one of those locks the process. Sometimes I've had no trouble in killing an AV process that governs the uinstall security of the AV (for instance) and then turn around on a different but very similar environment, exact same AV, same OS version, and can't kill the process or make any of the changes I just did to a similar machine with same OS version and exact same deployed AV. Sometimes it's various files locking them. The most success I've seen with AVs is to shotgun blast their .sys files and take out the processes the hard way. Editing regkeys as SYSTEM can help facilitate as well. This way I've been able to disable the security features of AVs and uninstall them even when password protected, etc, without having to have the password protecting them. If you do have system level credentials to that system you can take it out. PS not sure what NT_AUTHORITY higher than SYSTEM you're referring to? If you can uninstall them without a password prompt then you've pretty much disabled the last layer of that onion which is why I mentioned yes it's very do-able.
  7. I have to say if your IS program is a useful program (teaches server administration and the networking standard, CCNA) and not some IT administrative program, then you're definitely on the right track even if you don't feel that you are. Those two sides of the coin are the gate keepers, hacking isn't its own thing. It's the misuse of THOSE two things.
  8. I've been busy but I finally got to talk with a friend whose more technical at the engineering level of OS's and he basically confirmed the same idea I had. Qubes provides an extra layer of user security but that's about it. We both conceptualized it as essentially being like you were using published apps for everything. On the hardware it makes no sense for it to function any differently than Windows OS etc. So anything exploiting something at those levels, kernel/root, bios, would not be affected by the virtualization. Virtualization to over simplify it is basically different "user_processes" interacting.
  9. Here is an example of automating/generalizing a task mixing batch and powershell, the requirement of batch in this example is obvious, because to run a powershell script remotely requires an execution policy, but this can be bypassed using batch: There are features not always installed so you might need to include a "get module" to get, for instance, servermanager which is where "get-windwosfeature" lives in older versions of powershell. The program creates a powershell script and executes it. This can be made as complex and lengthy as you want it in order to grab as much information as you want in a generic process, and pipe the results (out-file, output, etc.) to a single folder, or even append to a single file, where you can collect the data from some common location. If you create a loop you, with a few more pieces, you can cycle through a laundry list of variables to grab information from a list of computers, etc.
  10. I think it'd be useful to share some basic tasks for beginners in order to help them start to conceptualize "automation". And so the goal of this thread is to provide a "forum" to post useful tid-bits. And I'll kick it off with something on my mind below, but first, I think it's important to mention that the basics of automation requires generalization. So any solution requires a generalized form. If you're involved in mathematics any that term should ring a bell. A generalized form would for example, use variables to contain lists that are generated by the host, such as a list of computers generated by an Active Directory that is a variable with a For loop (or other mechanism) so your task applies to all computers, or a set of those computers, contained in that list. The goal of this thread is not to contain the entirety of an automated process, but rather to contain the bits and pieces that form parts of automation. In terms of Programming this might be considered "functions", or the tools in your program you call upon to do things. The one that came to mind that led me to generate this thread is just a little tid-bit I picked-up and discarded as not useful right now. Written for batch, and the purpose was to uninstall a program I don't know the full name of and remove (scour) any left-overs from an unclean uninstall. Each post should be a contribution, or comment on a contribution. I'll make a second post with another contribution just to keep the ball rolling. For organizational reasons, putting the contribution in quotes seems pertinent. So this short snip will unistall an example that is part of the program name with wild cards on either side of the part. It'll scour for directories with that same snippet with a wild card after (for instance if the directory is formed by program name with a random number generated after). You can get creative. I was thinking about it, because strangely deleting folders with wild cards using Batch is NOT intuitive. The pings are timers, to give each process enough time to complete, depending on your target system a WMIC might take a while, so having a timer is critical. Post Script: Oh I forgot to mention a critical part. For some reason (which I've not taken the time to figure out it's just not that important to me right now) running this script REMOTELY breaks at the WMIC. However, the script runs normally if run locally. If the script were to start on start-up I'm sure it'd run normally. There's something in the remote process that WMIC hangs-up the authentication token is my guess so when ran remotely it kills the batch.
  11. Yeah I suppose but I figure you're already stepping out of scope for their actual applications, it's better to seek what is common in a scientific computing setting, just ask vendor what they recommend for large multivariable statistical analysis. All of this is academic, I think in pentesting proving you CAN brute force, is more important than ACTUALLY brute forcing. Whether or not it takes your system 100 million years versus the latest and greatest super computer is irrelevant. You don't need to brute force anything to prove the vulnerability exists. For instance do you have a lock-out policy on your domain accounts for OWA logins? No? Then that CAN be brute forced.
  12. Regarding CPU, not much is needed. I suppose whatever you consider mid-level is overkill, but you probably need some CPU for Microsoft Office suite so you can run your administrative overhead decently. Regarding GPU, if you have the right tools, the BEST GPU you can fit and afford will server you well. The GPU can be used to do parallel programming and parallel computing which means you can utilize those 32 cores for your password cracking, giving you much more power than what CPUs are currently out there.
  13. Maybe you twittered your passwords 2x to the world...are you Press Secretary Spicer by any chance?
  14. Virtual machines. I don't think there's many students out there that would think it's a good idea to have local admin rights to users. If your environments are still that way then you're dealing with a very slow-to-change large enterprise, or SMBs that are unwilling to invest in virtual machines.
  15. Not sure this answer makes sense. A connection is the exchange of packets (files). You can't possibly have a connection to another computer WITHOUT sending files. Will the computer just magically decide to send you its files? And to where?