Jayze

Digip : Indeed virtual hosts on 1 IP. Nice , didn't knew that with godaddy. Exactly that's what I'm looking for a way to look up all the hosts for that certain IP (without having an account). That website seems to be able to look it up, aswell maltego has the option to look for it. It's not always that accurate, but it comes close. I was wondering how they do that. Clairly with host and dig you don't get that far. I mean you can get the reverse name (if there is a PTR record), NS, A & MX record from that certain domain, but other hostnames are also pointed to that IP, how to find them.

Hi, I was wondering how you can find out what domains & sub domains are hosted on a certain IP. You can find many tools on the internet that do the trick for you. I wonder how they find the different domains. (eg : http://domainbyip.com/ ) try giving in this Ip : 72.14.205.100 I tried trough host, nslookup, dig , ... but didn't got far. tia

ustream.tv can detect if you are using a webcam. Cause you are loading the java on the hak5.org/live site. Normally if they want to access your webcam, you'll get a notice from java (security warning).

Seems the network of ustream.tv isn't alive anymore.

ah another fellow talking Dutch, well I'd say let's go for it! All the persons who want to help out translating into Dutch, let's divide the episodes ;) Who's up for some translating ? :)

cat file2 >> file1 (joining them) cat file1 | sort -n | uniq | sort > newfile that should do the trick on the commandline

Back in the days I did some "research" on a different kind of signalization. In Antwerp (Belgium) you've got signs near the road that tells you how many parking spaces are available at certain parking lots. With some social engineering you can get very far! Go for it!

http://wiki.hak5.org/wiki/USB_Switchblade

Look around on the net, you've to python, perl, bash, ... whatever language makes you feel at home. I'm a perl fan, it's easy to use / learn and you've got a ton of extra libs / functions to make life easier. But that's my own personal taste. Start with a project and see what language is easiest for you to learn and to understand. The only way to know for sure, is playing with it and coding the stuff. For perl, python, bash ... are more then enough tuts on the net to follow. Hell even with php you can write some scripts without running a webserver, just from the command line. Good luck!

Yup, you are right. First scouting then determine what route to take and go for the kill :) A promising tutorial I recently found is : http://synjunkie.blogspot.com/2008/11/stor...hack-intro.html , it shows you step by step how to try and break security or finding the weak link in their infrastructure. -THC-Hydra is a tool you can use, but such an attempt will be logged ... -Therefor you need to look around for some basic windows tools like 'Net' (http://www.ss64.com/nt/net_share.html) and for the rest browse this forum a bit and use google (he is your friend) log your progress and show it here.

Hi, It all depends on your needs and goals. A programming language you learn out of interests or need (job, project, school,...) You are talking about perl, python, those are commonly seen as scripting languages cause they let you automate some stuff you otherwise have to do manually. Eg a system engineer would use a lot perl, python, bash, ... to automate log rotation, log parsing, archiving etc etc and those scripts aren't usually that long or complex. C++, VB, Java on the other hand isn't a programming language you'll use to write something quick and dirty. You'll use those languages to create programs and those are usually more complex and complicated. As I said, depending on your needs and goals you'll have to chose what is possible for you. Do you want to go low or high level? Want to get something done quick and dirty or rather have a complete program ? Good luck :)

Nice program! Actually if you work with perl/PHP , curl is a way to go or with LWP (http://search.cpan.org/~gaas/libwww-perl-5.800/lib/LWP.pm) . Write a little perl script that downloads the webpage, parses it and then fills out all the form fields with and posts them. With LWP you can specify nearly anything you like. and then make a file with all SQL exploits in it, and loop trough it until you get a result from the website. $response = $browser->get($url, 'User-Agent' => 'Mozilla/4.76 [en] (Win98; U)', 'Accept' => 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*', 'Accept-Charset' => 'iso-8859-1,*,utf-8', 'Accept-Language' => 'en-US', ); use strict; use warnings; use LWP 5.64; my $browser = LWP::UserAgent->new; my $word = 'tarragon'; my $url = 'http://www.altavista.com/sites/search/web'; my $response = $browser->post( $url, [ 'q' => $word, # the Altavista query string 'pg' => 'q', 'avkw' => 'tgz', 'kl' => 'XX', ] ); die "$url error: ", $response->status_line unless $response->is_success; die "Weird content type at $url -- ", $response->content_type unless $response->content_type eq 'text/html'; if( $response->content =~ m{AltaVista found ([0-9,]+) results} ) { # The substring will be like "AltaVista found 2,345 results" print "$word: $1\n"; } else { print "Couldn't find the match-string in the response\n"; }

Conducting an audit on servers is a good thing, but to start just scanning ... try to make yourself first a map of what you want to do. Besides just hacking a server , you can as well hack a webpage and gain access trough your browser to a certain server, download some shell tools and start from there. Determine your way of working, are you going straight to the server(s) at hand or are you going to try trough a detour ? You've got a server with serveral services running on it. Or you can go a layer higher and try exploiting web software or you might get in trough a server that's been left out of the firewall (or a stepping stone) Or you might start social engineering the persons that work for that company. So manny different attacks and ways to achieve your goal. When you scan an IP with NMAP or any other tool, try to find exploits for certain ports / services that run on that sever, from there you can move on to get local root ... But then, usually when you gain access to the server, your IP and so on will be logged, you want to clean those logs or at least delete your entries in it and cloak your presence. Note down what you and what kind of success you have and make a little tutorial out of it :) Good luck!

first unix was FreeBSD on a 486 round 2000

It sounds very interesting! For sure a lot of work ahead. Something like that will only function if your active user-base is a) big enough B) supportive enough. Cause it all depends on how active and involved everybody is to make this work. Before such classes are possible, you need to have someone (or more persons) to understand the topic completely to make sure they can teach or answer the questions. Perhaps I misunderstood what you wrote, waiting for more info ;) Good start tough, if you need some help, drop me a line. Jay