Jump to content

teknic

Active Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by teknic

  1. Why is it that every time I try to ARP poison a computer on my network, it just kills the internet connection to the target? Cain, ettercap and arpspoof all give the same result. Any insight into this would be appreciated. Thanks!
  2. Has anyone actually gotten this script to work? I've been trying it on my win7 box, but have had no luck.
  3. I need to create a basic standard for the implementation and configuration of firewalls for a mid-sized business. Does anyone know where I can find a sample document of a firewall standard? Thanks in advance!
  4. Is brute forcing with Hydra the best way to hack an FTP account?
  5. Just ran chkrootkit and found the following... Checking `bindshell'... INFECTED (PORTS: 15 24 6667 31337) Is there free anti-virus out there that will remove rootkits?
  6. It's connected to my router which is connected to the internet. Not in the DMZ.
  7. I thought netbus was a windows backdoor. What the hell is it doing running on my linux box?
  8. Right now it's connected to the internet.
  9. Just started up firestarter on my hacked laptop and immediately found four IPs trying to connect the following four ports... 60824 35915 51392 42675 I scanned the IPs and they all trace back to tor exit nodes. Looking further I found about 40 active connection, all from tor!! Whats the best way to determine when the hack happened?
  10. Here's the output from top... PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 27461 johnny 20 0 537m 216m 40m S 24 10.8 518:19.54 firefox 1367 root 20 0 142m 71m 16m S 1 3.5 148:15.01 Xorg 573 johnny 20 0 2472 1208 884 R 0 0.1 0:00.07 top 1605 root 20 0 5228 2752 2216 S 0 0.1 1:01.57 devkit-power-da 1750 johnny 20 0 96164 9.8m 7608 S 0 0.5 38:56.63 pulseaudio 1 root 20 0 2664 1480 1128 S 0 0.1 0:01.29 init 2 root 15 -5 0 0 0 S 0 0.0 0:00.00 kthreadd 3 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/0 4 root 15 -5 0 0 0 S 0 0.0 1:30.32 ksoftirqd/0 5 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/0 9 root 15 -5 0 0 0 S 0 0.0 0:00.35 events/0 11 root 15 -5 0 0 0 S 0 0.0 0:00.00 cpuset 12 root 15 -5 0 0 0 S 0 0.0 0:00.00 khelper 13 root 15 -5 0 0 0 S 0 0.0 0:00.00 netns 14 root 15 -5 0 0 0 S 0 0.0 0:00.00 async/mgr 15 root 15 -5 0 0 0 S 0 0.0 0:00.00 kintegrityd/0 17 root 15 -5 0 0 0 S 0 0.0 0:00.10 kblockd/0 19 root 15 -5 0 0 0 S 0 0.0 0:04.57 kacpid 20 root 15 -5 0 0 0 S 0 0.0 0:00.80 kacpi_notify 21 root 15 -5 0 0 0 S 0 0.0 0:00.00 kacpi_hotplug 22 root 15 -5 0 0 0 S 0 0.0 1:04.44 ata/0 24 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata_aux 25 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksuspend_usbd 26 root 15 -5 0 0 0 S 0 0.0 0:00.00 khubd 27 root 15 -5 0 0 0 S 0 0.0 0:00.61 kseriod 28 root 15 -5 0 0 0 S 0 0.0 0:00.02 kmmcd 29 root 15 -5 0 0 0 S 0 0.0 0:00.00 bluetooth 30 root 20 0 0 0 0 S 0 0.0 0:00.01 khungtaskd 31 root 20 0 0 0 0 S 0 0.0 0:00.00 pdflush 32 root 20 0 0 0 0 S 0 0.0 0:01.38 pdflush 33 root 15 -5 0 0 0 S 0 0.0 0:00.22 kswapd0 34 root 15 -5 0 0 0 S 0 0.0 0:00.00 aio/0 36 root 15 -5 0 0 0 S 0 0.0 0:00.00 ecryptfs-kthrea 37 root 15 -5 0 0 0 S 0 0.0 0:00.00 crypto/0 48 root 15 -5 0 0 0 S 0 0.0 0:00.00 scsi_eh_0 49 root 15 -5 0 0 0 S 0 0.0 1:57.31 scsi_eh_1 51 root 15 -5 0 0 0 S 0 0.0 0:00.00 kstriped 52 root 15 -5 0 0 0 S 0 0.0 0:00.00 kmpathd/0 54 root 15 -5 0 0 0 S 0 0.0 0:00.00 kmpath_handlerd 55 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksnapd 56 root 15 -5 0 0 0 R 0 0.0 0:08.99 kondemand/0 58 root 15 -5 0 0 0 S 0 0.0 0:00.00 kconservative/0 60 root 10 -10 0 0 0 S 0 0.0 0:00.00 krfcommd 334 root 15 -5 0 0 0 S 0 0.0 0:00.00 khpsbpkt 342 root 15 -5 0 0 0 S 0 0.0 0:00.00 knodemgrd_0 357 root 20 0 8524 2968 2348 S 0 0.1 0:00.12 sshd 423 johnny 20 0 8668 1664 1028 S 0 0.1 0:00.03 sshd 424 johnny 20 0 6168 3464 1500 S 0 0.2 0:00.15 bash 429 root 15 -5 0 0 0 S 0 0.0 0:05.33 kjournald2 451 johnny 20 0 3316 1096 880 T 0 0.1 0:00.14 less 487 root 20 0 2152 692 572 S 0 0.0 0:00.09 upstart-udev-br 512 root 16 -4 2548 820 392 S 0 0.0 0:00.12 udevd 669 root 20 0 1852 472 456 S 0 0.0 0:00.19 dd 700 root 15 -5 0 0 0 S 0 0.0 0:00.00 kpsmoused 706 syslog 20 0 34856 1240 976 S 0 0.1 0:03.03 rsyslogd 751 root 15 -5 0 0 0 S 0 0.0 0:00.00 pccardd 801 root 15 -5 0 0 0 S 0 0.0 0:00.00 hd-audio0 812 messageb 20 0 3284 1568 788 S 0 0.1 1:09.99 dbus-daemon 842 root 20 0 20504 3032 2128 S 0 0.1 0:00.43 console-kit-dae 922 avahi 20 0 2824 1492 1232 S 0 0.1 0:01.51 avahi-daemon 923 avahi 20 0 2824 520 316 S 0 0.0 0:00.00 avahi-daemon 931 root 20 0 18584 3948 3304 S 0 0.2 0:38.49 NetworkManager 933 root 20 0 3908 2128 1708 S 0 0.1 0:00.07 modem-manager 946 root 20 0 4784 2284 1936 S 0 0.1 0:03.28 wpa_supplicant
  11. So, I just nmaped all nodes on my network, and my laptop which runs ubuntu 9.10 seems to have been hacked. Below is what nmap showed for my laptop... Interesting ports on xxxxxx (192.168.1.xxx): Not shown: 982 closed ports PORT STATE SERVICE 1/tcp open tcpmux 22/tcp open ssh 79/tcp open finger 111/tcp open rpcbind 119/tcp open nntp 139/tcp open netbios-ssn 143/tcp open imap 445/tcp open microsoft-ds 1080/tcp open socks 1524/tcp open ingreslock 2000/tcp open callbook 6667/tcp open irc 12345/tcp open netbus 31337/tcp open Elite 32771/tcp open sometimes-rpc5 32772/tcp open sometimes-rpc7 32773/tcp open sometimes-rpc9 32774/tcp open sometimes-rpc11 I'd like to find out who attacked me, what their intentions were, where they hacked me from, and when the hack occurred. Can you guys help me get my forensics started? Where should I start and what tools should I use? Thanks!
  12. Can someone please explain how to setup a laptop to be the "man in the middle" between the fon and an internet connection. Thanks.
  13. Has anyone successfully downgraded a Fon+ from Firmware 1.1.0 r2 to 0.7.1 r1? If so, please point me in the right direction, because I am having a bear of a time downgrading. Any help would be much appreciated. Thanks.
×
×
  • Create New...