[XB 360 and street fighter 4]

kk. if i got the chance to play, ill contact u. i once played this game but not now. my xbox got stolen. some dumbass must be relaxing himself with my xbox. i wanna cry....

damn that sucks, same thing happen to a friend of mine a few weeks back. bloody bastards!

XBL:gcninja

i JUST got it today, gonna get my ass whooped

I wouldn't worry to much about having your ass handed to ya. I have not had the game to long myself and a few additional features that change the game have been added in the form of the ex moves and power breaker which can be used to absorb moves and break into combos.

Then I have the handicap of not being on an actual arcade stick and going from Gaystation to Xbox controller. Last time I used a xb controller was way way back on the original xb when it had that huge logo in the middle which made the controller rather chunky. I have to say I like and adapted to the 360 controller quicker than I thought I would.

I sooo want this baby Mad Catz sf4 stick

it pretty awesome and I have heard some good things on em. I have also seen some mad custom made sticks too. custome arcade sticks

So far sf4 is my fav game on the xb (I am not a huge fan of fps) and it takes me back to the many hours spent in the arcade parlors playing the older versions against people. Funny thing is some of the places I played had a certain etiquette when playing. The main one was no hitting the other if you make an opponent dizzy, which I still do on the xb version. lol guess I am still paranoid a horde of machete wielding Vietnamese people will be banging at my door screaming out I chop you DOH MAH!. Ah the good ol days.

Kind of off topic but the one thing I found out the other day which really annoys the crap out of me is the lack of mkv support on the current generation of consoles. As an anime fan it pisses me right off. I have a shit load of anime in this format and there is no way in hell I am re muxing it all just so subs will work on my xb. I did read you can stream the shit with media center but I have been having some issues setting it up, I always seem to get an invalid code (the pin for xb that is to be entered into the media center). 0_o weird. I think the shit does a network test in the process and my modded AP in client mode does some strange things some times. For example its online and the xb can go online but when I try to access the client mode ap's web gui it fails to load, nor can I ping. Mental piece of shit.

*turns on xb to add gcninja*

[BackTrack 4 Final is out!]

pitty I have capped my shitty aussie internetz. 40gb just don't cut it.

[XB 360 and street fighter 4]

I ended up purchasing an xbox arcade and a couple of games. Oddly enough for a current gen console I chose a few old school titles.

Who here plays street fighter 4? first time I played it and I have to say I am loving it. If you play the thing on xbox live hit me up gamer tag is pro troll. Don't forget to say g'day =D

[Hacker High School]

hahah you lucky man, thats pretty awesome. I missed out on the whole boxing and war dialing thing due to budget and knowledge.

Its a pity Sam Bowne aint got back to you, he would surely have some good ideas. Guess he is a busy man and he may be on holidays seeing as its still the xmas period. Not so sure about holidays in the states though seeing as I am an Aussie.

As for course structure I would suggest starting off with the standard and somewhat boring Ethics, legality and mindset. Then move on to some fundamentals like OSI and TCP/IP but base attack vectors around what layer the exploit attacks. Not to sure on what program fundamentals you should cover seeing as I previously studied networking and couldn't code my way out of a wet paper bag.

Discus the security Triad (Physical, Network and Data) and the importance of each slice of the pie and what attacks occur in each section. I would try and structure the curriculum in the same sort of order. As a quick example Physical, rooting the local machine, network sniffing and Data breaking NTLM passwords... something along those lines.

Do some stuff on enumeration like johnny long's google hacking and iron geeks cyber stalking. CBT nuggets did a fairly decent explanation on it in their CEH tutorial (downlaod from rapid share). I would also cover stuff like NMAP and some of its advanced scanning features and some banner/intel grabbing with net cat.

Discuss and demonstrate Denial of Service attacks and how to mitigate the risk. HTTP flooders, slowlaris, Syn attacks, wireless de authing etc.

After that I guess some fun with sniffers, ARP/DNS poisoning, SSL strip both over the wire and wireless. Wifi hacking is also worth covering to.

Metasploit basic overview and using payloads (I honestly don't know a great deal about metasploit or autopwn).

Fun with Rainbow tables on NTLM passwords n such.

I also think its great to demo the attack and then follow it up with another demo which demonstrates how to protect mitigate against that attack vector.

If you are in to programing I guess you could get into the reverse engineering side of things. Hardware hacks would be also awesome to do but the cost association to projects can get expensive.

Then again having a good lab to do this sort of thing can get expensive to a certain extent. It would be awesome to have a mini corporate network. Say 3 cisco routers. Two of which acting as two separate interstate branches or something, 1 doing frame relay emulating the cloud. 1 cisco switch at each branch office with VlANS enabled and a virtual machine or two at each branch office ruuning what ever server operating system you feel like. Chuck a few virtual clients on for laughs and your attackers running Backtrack 4 linux penetration distro. =D

Some refernce's for you that may come in handy for course outlines, tutorials, pen testing distros.

DVL exploitanle distro

Remote Exploit Forums n wikki have plenty of tutorials

Offensive Security Training Grab ideas for topics

Security Tube youtube for security tutorials

iron geek Good for tutorials

milw0rm Exploit code and has some video tutorials too

Johhny Long google hacking pdf Meh i failed at finding his website from a quick google search.

Anyways gotta go and pick up the missus before she kills me for being late, hope this helps. XD

[I think someone is trying to hack my FTP server]

Ah cool thanks for that digip, I will have to put it to the all knowing google. I swear I love google its much like a women with the one difference that it does actually know everything =P

<.<

>.>

Hope my missus aint stalking me online. I may be short one testicle.

[Suggestion for Network setup.]

Yeah I know what ya mean and it is helpful seeing it done prior to diving in. It can save a stack load of time and a few unneeded formats. =D

From memory the only tricky thing with freeNAS is mounting the drives. its a little obscure the first time around. I found this for you as well and it should help you out.

http://developer.novell.com/wiki/index.php...Install_FreeNAS

P.S: Save the documentation I had to do a re-install a few months later and I completely forgot how to do it and had a hard time finding the original .pdf file that covered a few of the extra changes in the config I needed.

[Hacker High School]

Well the quote on hack this site reads hack to learn, don't learn to hack. While this statement = true the fact of the matter is you learn more in a controlled lab environment and the added bonus is you can't get into any real trouble and don't feel so bad when when you accidentally cause a DoS on the network.

<.<

>.>

..... I like accidentally did this while probing my Tafe's network. My bad.

hahaha I remember those really bad high school I.T classes. It was the mid 90's for me and the class consisted of copying shit off a piece of paper into MS word. Back then I actually hated IT and found it all boring. It wasn't until I got my first computer when I was 16 and had dial up in 1995 that I started to get into it.

I just had flash backs of writing my own chat control web page to mess with beseen HTML chat pages that were more like message boards (WING DINGS FONT FOR EVERYONE). Oh and how could I forget win nuking netbios port 139 with out of bound packets. =D

Ah the good old days when there was no such thing as firewalls and network address translation *sniff*.

1995 = Security? lol WTF is that????

[I think someone is trying to hack my FTP server]

1 thing you can try for paranoia reasons as well, run Ace Password Sniffer, and just let it stay up all the time when you are away. A fellow classmate had someone break into his machine once, and he managed to catch the attackers own user and password for where he was storing stuff he was stealing, so he gave himself away by uploading directly to his own network. Needless to say, my friend got in and deleted all his stuff off the guys server.

I laughed pretty hard at the above, gotta love man made karma. =D

+1 For all the advice above.

I don't mean to high-jack the OP's topic but I have a question of my own that is somewhat related. I have an Ubuntu 9.04 server and was curios about access log files and what have you. I recall reading somewhere that you can view previous entered commands an such for users and administrators in a nix box and was wondering on how you do that.

I recently gave a fellow classmate a vpn account and virtual appliance for study. I trust her having access to it but there is always that question of her computer getting something nasty that key logs the p.c. So suggestions on managing/monitoring this would be greatly appreciated.

Also my bandwidth is a little sucky (40gb) and I am not sure what the newly implemented server is gonna suck down, any ideas as to how to keep track of this on a esxi VM box with ubuntu 9.04? In the event it is breaking my cap I at least wanna know how much came from this one machine so I have an idea of what I should up my download limit to when I change plans.

[Open vpn access configuration]

lol figured it out myself. thanks guys =P it was so simply and I feel so stupid.

[Open vpn access configuration]

Ok so I got it all worked out and running perfectly fine bar one thing.

I believe it has to do with routing or nat. Basically I can access the ubuntu server running open vpn from the internet while using my home isp supplied IP. I can do what ever I need to do on that ubuntu vm remotely too. My issue is I cant work out how I can access other work stations and what have you on my internal LAN from the WAN.

If anyone has set this up and its all working I am all ears.

[New hacker]

roflmfao Deags that was your best post by far *tips hat* Well played sir!

[Suggestion for Network setup.]

+1 freeNAS

I have one setup myself and if you browse through some of the episodes on here their is a walk through for the install. Not that its that hard.

[Open vpn access configuration]

Hey guys,

I was after a vpn solution seeing as my previous install of hamachi went tits up and only works as a mesh type network and not the gateway version I originally had planned.

I was browsing some of the old hak5 episodes and came across the one using openvpn access. I installed and did the basic configuration on my ubuntu 9.04 VM as shown in the episode.

I am yet to configure it for access through the cloud (works fine on my internal LAN) and I have a couple of questions in regards to this.

1: I believe open vpn uses port 943 for the admin and web client user interface. I also noticed that in the admin UI that you can change the client web UI to use a different port from the admin UI. Is it best practice to use a different port for the client web UI and port forward that on the router so I can download the open vpn client/connect to the vpn server?

2: The client for the VPN has me a little confused. With a standard windows vpn client connection you generally have to enter the TCP/IP address, user name and password. Yet with openvpn access it only has a box for user name and password. I was curious to know if I download the client how does open vpn know the IP address that my isp has supplied my modem router? Also my ISP IP is dynamic and was wondering if that would cause conflicts.

3: Any suggestions on securing it and locking it down would be greatly appreciated?

Please excuse any spelling mistakes or poor wording its late and I am about to pass out.

[The perfect linux server]

I don't specify anything anywhere, hamachi gets its own ip address and gateway from the heartbeat servers.

You can see the connection by typing ifconfig from terminal. I believe its interface is called ham0 or something along those lines (im on my netbook at the moment).

Never annoying my man, questions only produce more answers and sometimes more questions. Keep em coming :)

I did an ifconfig when I first noticed the problem and all appears to be good on ham0. I even went to the trouble of completely reinstalling a 2nd VM of ubuntu 9.04, ssh and hamachi on my esxi server because the original VM started playing up after I installed VMware tools (note to self use snapshot feature more).

All the outputs from the command line were as stated in the tutorial and when it came to configuring hamachi I created a network on the ubuntu 9.04 VM and attached one client (I didn't use the logmein web based network manager). Still get the same problem with hamachi using the mesh p2p type topology for itself which can be identified on a windows client by simply placing the mouse over the network name.

The mesh topology is bloody annoying seeing as I can't access other workstations, printers or networking device's in my internal LAN (they need to have the hamachi client installed) and the mesh topology wont allow for a VPN proxy type connection where I can utilize my home isp's IP address on my hamachi client machine.

As mentioned before I did have it up at one stage and it was handing out my ISP supplied IP address to a client who was web browsing (I checked it on ipchicking while borrowing some internet off a neighbor). Only issue I had was accessing other clients/devices on my internal lane via host names or class C TCP/IP addresses.

However I did find a fix for the issue of translating ham0 IP to internal TCP/IP as shown below

To check if the problem is caused by invalid routing entry do this:
Code:

ifconfig

Result:

ham0 Link encap:Ethernet HWaddr 00:FF:CA:D0:F5:AA
inet addr:5.23.68.35 Bcast:5.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1200 Metric:1
RX packets:100 errors:0 dropped:0 overruns:0 frame:0
TX packets:244 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:26780 (26.1 KB) TX bytes:21076 (20.5 KB)
  

The IP address of the ham0 interface is the IP of the gateway for all hamachi network bound connections. Check the routing table:
Code:

sudo route -n

Result (the 3rd line defines hamachi connections):

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
64.238.220.160 0.0.0.0 255.255.255.240 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
5.0.0.0 5.23.68.35 255.0.0.0 UG 0 0 0 ham0
0.0.0.0 64.238.220.161 0.0.0.0 UG 100 0 0 eth0
  

If in the Gateway column you don't see the IP of the ham0 interface, as it was the case with me, delete that line and create the correct routing entry for hamachi.
Code:

#delete invalid route:
sudo route del -net 5.0.0.0 gw 0.0.0.0 netmask 255.0.0.0 dev ham0

#add new route:
sudo route add -net 5.0.0.0 gw 5.23.68.35 netmask 255.0.0.0 dev ham0

Hamachi Network Types

ref: Getting started .pdf

Page: 6

About Mesh Networks

In a mesh network, every member is connected to every other member.

Organizations without a physical LAN can use the mesh network type to set up a virtual corporate LAN.

Mesh is also the typical choice for gamers, because network games constantly have to broadcast their current

status to all other participants in the game.

About Hub-and-Spoke Networks

In a hub-and-spoke network, one or more computers act as hubs, while other clients connect as spokes. Spokes

connect to hubs, but never to each other.

Hub-and-spoke is typically used when a workstation (spoke) needs to connect only to servers (hubs). Hub-and-spoke

is ideal if you want strict control over connections between network members.

About Gateway Networks

Use the gateway network type to provide transparent access to your entire network from a centralized Hamachi²

gateway. Members of a gateway network, such as mobile workers, will see one computer acting as a gateway

towards an entire LAN, thus making all network resources accessible.

From what I can gather the default install use's mesh if you want to use the gateway hamachi topology you need to create a logmein account, create a new network and select the gateway type. On the next screen page it asks for you to select the hamachi server that will be acting as the gateway. Problem here is the Ubuntu 9.04 server is not listed as a selectable computer, nor were any of the other 3 windows hamachi clients I had running, hence it can not be added. I ended up discovering that when I added my email address that is associated with my logmein account on a windows client computer it became selectable as a gateway or on the next page as a client member. I am guessing if I can associated my logmein account to my ubuntu 9.04 server things will run smoothly (any ideas how to do this?) and the gateway topology will work. Funny thing is I didn't do this last time and it was working just fine which is weird. 0_o

[The perfect linux server]

Yeah I ended up doing the same thing with the torrent links, no big loss.

Hey when you setup your hamachi vpn did you have it setup as a gateway, mesh or hub and spoke? I had mine operating in a gateway (kind of fudged my way through it) and all off a sudden it went tits up on me.

Weird thing I noticed is in the logmein web management panel the ubuntu server never comes up as a listed connection. So I cant select it as the gate way. Server is on perfectly fine and shows up in mesh but I fail at hooking the gateway topology back up again.

Any idea as to why? Sorry to be annoying but I have been looking for a solution for the last 2 days and its starting to give me the shits.

[Setting up a new netbook for hacking]

Yeah the wifi cards can be a bitch to get working in ubuntu sometimes. Its nice when things work out of the box.

BTW I was browsing the net searching for some linux stuff and I stumbled across this. Maybe worth a look

Install backtrack tools on ubuntu

[The perfect linux server]

Hey mIT I am having a problem with torrentflux and can't quit work out what I am suppose to do. My search results for pirate bay always fails at loading (I don't receive any error messages), I did a quick search on google and believe it has something to do with setting a cookie but I have no idea on how to set it up.

Any advice?

[Hacker High School]

If your after a curriculum it may pay to send Sam Bowne an email and ask for his suggestions. I have been following his stuff since he first did a talk at defcon on introducing a hacking class at his educational institution.

I must say I am impressed with his work and easy to follow tutorials, its great to see a teacher who loves what he teaches (sounds kind of like yourself). I wish I had people like this when I did my network security course.

So jah it may pay to send him an email.

http://samsclass.info/

[New Years resolutions]

lmfao that has to be some of the weirdest shit I have ever seen. Granted its a useful tool to give up smoking but could you image the odd looks you would get in the street puffing on that thing? fuck that!

[Whats the name of the small laptop in the Videos?]

Um Binary if you are considering purchasing an Asus EEE bare in mind some of the newer models don't utilize the athero's chipset which is what you need for packet injection (WEP cracking). I believe the model on the show is the first model 701 sd 4gb which has the Atheros chipset.

It doesn't matter what laptop you use as long as the wifi card is supported on the Backtrack Wireless HCL list.

BTW you can hardly blame the others for flaming you, your original post just wrecked Foreign ESL student wanna be h@x0r. There is a right and wrong way to ask a question and your original post is the later.

P.S: Have fun loading Windows 64 bit on a Intel Celeron M 353 processors and running all those VM's. =P

[Acer one D250 Help Backtrack 4!!!]

From memory all network cards are disabled by default on backtrack 4. Been a while since I have used it. Digip's suggestion was my issue and after running dhclient before startx my networking issue went away.

http://backtrack4.blogspot.com/2009/02/bac...oo-release.html

It may also pay to see if you can set a static IP address and see if it still works.

ifconfig eth0 192.168.1.2

replace all ip addresses and subnetmasks to those that correspond to your network.

ifconfig eth0 192.168.1.2 netmask 255.255.255.0

To manually add a default gateway:

route add default gw 192.168.1.1 eth0

Of course you would replace the IP address with your default gateways, also the eth0 interface is not always needed!

To manually assign your DNS servers:

echo nameserver 192.168.1.1 > /etc/resolv.conf

[Setting up a new netbook for hacking]

Oh shit how could I forget, you will also want to install nmap for TCP/IP and Port scanning and net cat is also usefully for raw connections, banner grabbing, etc..

I believe most of the apps I mentioned can be downloaded and installed using apt-get, not to sure about the wifi, metasploit and raibow table stuff.

Also just in case you have not done it before, install windows first and then install ubuntu. I like to set my swap and o.s partitions manually then install the grub and your done. lol I cocked up the dual boot a couple of times until I learned my lesson. XD

[Setting up a new netbook for hacking]

I run a dual boot with windows 7 and ubuntu 9.10. As for applications linux equivalent to cain and able is ettercap which is far more powerful than cain due to its plugin features. http://openmaniak.com/ettercap.php

Seeing as you have the atheros chipset you may also wanna grab,kismet, macchanger, airodump, aireplay and aircrack (i think thats most of the apps). I don't have the wifi apps installed on my dell notebook due to an unsupported broadcom chipset. Thats what I have my asus eee701 for. =D

It may also pay to have wireshark and if you know how to use it (which I don't) metasploit.

Just browse the backtrack cd for apps you are interested in or commonly use. It may also pay to install an apache server if you wanna run dns re directions or phishing.

As for hash cracking I have never really had a fiddle with it but I believe rainbowcrack is availble for linux and works a treat. Others may have better suggestions.

P.S: Have fun downloading those tables >:P

[New Years resolutions]

I am gonna quit trying to quit smoking every bloody year. =D

[The perfect linux server]

I ended up installing hamachi2 and installing it on the windows clients, it worked perfectly fine on my quick test late last night, well except for my laptop client that was being problematic at first. Seeing as its working thus far I will leave it as is but if I get a problem that crops up I will roll back, thanks for the heads up on that.

Ahhh so thats where the bloody apache folder is, lol can't believe I forgot that. I was mucking around with that a few months back in backtrack4 while I was using ettercap for DNS re directions.

Oh yes I do like those puppies indeed and the Atheros AR2313 + AR5112 is pure <3. WOW Itegrated 13dBi antenna, external RPSMA connector and it supports PoE. You have excellent taste. =D lol out of the box that thing has almost as much power as my shitty TP Link AP with the upgraded 500mw singnal boster and external 15dbo antenna.

I had a quick look at karmetasploit and you have me very interested in your next tutorial. keep up the good work.