Jump to content

nopenopenope

Active Members
  • Posts

    242
  • Joined

  • Last visited

  • Days Won

    1

Profile Information

  • Gender
    Male

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

nopenopenope's Achievements

Newbie

Newbie (1/14)

  1. Google, the info is publicly available. Not going to tell you how to do that.
  2. I just like digip's comment in the beginning of this post. "Do it for the hack" I think we need to make shirts.
  3. Dual core of course. Anything by Jack White Cage the elephant Nirvana Breaking benjamin Fun The last dinosaurs The limousines Modest mouse Three days grace Marilyn mason Manchester orchestra Imagine dragons Skrillex 10 Years Billy tallent Beck Cake Awolnation Mgmt Morning parade Black keys Bob dylan Beatles Mumford and sons Naken and famous Neon trees My darkest days Passion pit Rise against Hollywood undead Ya... a little bit of everything
  4. I still don't get the point of mapping this. Cop cars move. Just get a good radar detector and don't go more than 15% over the speed limit and you'll be fine. If your going 100 in a 55 you'll still get caught no matter how good your radar detector is. Go to the boonies and have your fun ;)
  5. How would you make it better, its a brute force script, you can only go as fast as the router will let you, and reaver does that. You could gather a list of preset WPS keys, but I think you can select an option in Reaver to do that.
  6. Ya I was completely kidding. No way would you ever want to do this on a Pentest, Unless you want Oracle to come down on you like a ton of bricks.
  7. Get the executable signed by java/oracle :P
  8. http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/ http://arstechnica.com/security/2012/06/flame-crypto-attack-may-have-needed-massive-compute-power/ How the code signing worked...
  9. Well thats basic yes, but the update system, crypto, and root kits in it all new technology, not the ideas themselves but how they were implemented. the code dates back to 2007, and stuxnet and doqu where just "modules" to the flame worm. The worm itself supports everything imaginable. Its pretty much its own OS running in the background. Im not entirely sure on how the code signing worked but if you listen to those links i posted the developers had to go to incredible lengths to crack the crypto for the code signing. Flame is the most advanced worm to ever exist, and who knows what else it did and was capable of. 1000 machines were specifically targeted, it had a specific job. Iranian government was infected with this thing for 5 years and was undetected thats an incredible acomplishment.
  10. Especially since there were several zero-days involved in flame, one that involved getting the code signed by microsoft, and flame exploits the windows update system with that and updates the malware within that. Several hours after it was first reported in romoved all traces of its self from the hard drives and then wrote over that space to ensure there wouldnt be any forensic evidence. And alll the data sent to and from the CC servers was encrypted serveral different ways. I'd love to see the source code of this, kasperski stated that it would probably take 10 years to reverse engineer the whole thing.
  11. http://www.grc.com/securitynow.htm Episode 355 and 357, Stuxnet seems to be wrote by the same authors as the newly found Flame Virus, its also thought to be a module for the Flame, this thing is sick, and the amount of effort put into this had to be Governmental and probably part of the 'Olympic Games' http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all , The Flame virus was originally thought to be written by a different group than Stuxnet ( http://www.crysys.hu/skywiper/skywiper.pdf Was first called skywiper by crysys, but a module in the reverse engineering process found a module called flame, therefore the new name.) but is now looking like its from the same author(s)http://www.forbes.com/sites/kenrapoza/2012/06/11/kaspersky-lab-same-countries-behind-stuxnet-and-flame-malware/. I've been following this for the last week and its really really interesting. I'd listen to those 2 episodes of that podcast if you want to know more about how it works. There's still no proof that this was done by the US or Israel. I just find the technology behind it incredibly interesting. Makes me want to go into malware analysis lol.
  12. Get a prepaid card, buy you self an server in a different country. VPN, Proxy, SSH, and TOR it. VPN, Proxy, SSH, and TOR yourself. And connect to it and a large open hotspot never in the same location preferably in another state lol. University's would work well because they have a lot of traffic, Change your MAC address. Do what you need to, toss the laptop, then GPS, WIFI, 3g, 4g, cellular, Radar, and Sonar Jam you self home, and take the back roads. Before you do all this, cut off all communications with your friends and family, several years prior to doing this. Don't have any sort of prior record (They might be keeping tabs on you), and never use credit cards. Then move to a 3rd world country with no expedition laws and never think, or speak of it. Even something as far fetched as this, if some one has the resources and really wants to find you, and what you've done, they will. No one has true anonymity. Will you get caught, probably not. But nothing is hole proof, hackers should know this best, we're the ones who make the holes.
  13. By the time you get that far, there's no reason to change anything on the router. unless you want to own EVERYTHING, but that's going to throw up major red flags. Besides by that time you can already do what you need to within the network and have done one of the following to get there; 1. Your internal and you can exploit / mess with what you want 2. you've exploited something now your in and you can pivot by exploiting, arp /dns spoofing 3. you've social engineered, whether or not they've installed something, put in a flash drive, or got phished, etc, etc. 4. You broke or snuck in, in order to compromise the network. I guess it really depends on what your after, or what your trying to present (as you've mentioned) to go as far as the router your demonstrating how to completely disrupt the company's operations. If your showing them how some one can gain valuable information, you're better off leaving the router alone, and targeting a select few machines to keep things quiet. On a somewhat related subject, I've never really seen the point with touching the networks routers, unless you need to in order to pivot / maneuver through the network, and unless you're out to disrupt the company's operations (you might as well just DOS it then though). Is there any reason I'm not seeing where you'd want to actually mess with routers? I'm not talking wireless here.
  14. All I can say is make sure your VM is set up as bridged, (I keep the 'Replicate physical network connection state' option checked), Use windows xp service pack 2. Make sure you select a payload, the exploit may complete, but if there's no payload to upload once it completes you won't be able to get a session. First try pinging your windows xp machine, if you can't, you have some other network issue, it could be your VM settings, or your normal network settings. Once your able to "see" the victim machine, try using metasploit again. If you still have issues with metasploit after you can "see" your victim machine, post your complete inputs and outputs from start to end of what your doing in metasploit, and I'll see if I can help.
  15. If your new to nmap you can; 1. Do what Mr. Protocol said. 2. Use Zenmap and use some of the default settings, and read the commands, and play.
×
×
  • Create New...