H@L0_F00

Yeah... And the really sad thing is that it's a district wide image, meaning essentially ALL computers have the same passwords (OS X and XP machines have the same passwords for similar accounts). That's kind of why I want to put together a PoC and hopefully get them to realize what somebody *could* do... Like setup a botnet that bruteforces, sayyyy... the proxy server that restricts internet access for THE ENTIRE DISTRICT to sites on its blocked list? Or maybe even bruteforce the local servers that contain the grade databases? Or (assuming they have some type of IDS... I hope...), one could simply DDoS the proxy server or local servers... Keyloggers are an option, but AFAIK, there is nothing that can be done to disable Deep Freeze remotely. Deep Freeze gives an attacker quite the advantage though... Once a computer is shut off, all logs are gone for good... Profit? lol Anyways, I'm still not sure what I should do with the PoC? I mean, I have root access, I could do anything... I've checked out some cool commands/scripts that could disable the Dock via terminal, use the default OS X screen saver as the desktop background, etc. but I want to do something that would illustrate the potential for malicious things to occur. I found that OS X has say. I found a script that can manipulate the volume, so I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" ;) Any ideas?

Can you boot it in a VM? If not, there is most likely something wrong with the MBR of your drive, or it may be missing entirely.

It has to do with the emulation being lost when Windows boots. I successfully created a PE that loads into RAMdisk from the first link, although you might find the other two useful: http://www.911cd.net/forums/index.php?showtopic=10482 http://www.911cd.net/forums/index.php?showtopic=19333 http://www.911cd.net/forums/index.php?showtopic=19737

Post lolcats all over 4chan

http://www.openzipit.org/Z1Develop/

I have sudoer access (meaning I can "sudo su" and get root) to a whole bunch of Mac OS X systems (same user name and password for them all) at my school. The Network Admin already knows this because I told him and we're on a good basis. I want to put together some type of PoC for him and the district guy (his boss). Is it possible to write a script or something that can SSH into a bunch of different IPs with the user and pass already given (because they are all the same...) and execute a given command after logging in? Thanks.

The only real "starting point" is the first time you have access to a computer... There are so many different aspects of computers/coding/hacking/cracking/etc that nobody can give you a surefire way to start learning. The way you learn is just by doing. Yes, by all means, get a good basis in coding if you want. Although many say it is not necessary, it will come in handy more times than you can count, even if you don't get into exploitation. Also, yessss get an old computer or two. Network these computers. Learn the basics of networking. Setup some random Linux distro on one. Setup WinXP with no service packs on the other. Do whatever you want with them. If you want to get into exploitation, get SYSTEM access to the XP box. Setup an SSH server on the Linux box and try to do everything through SSH remotely. Don't worry about remembering all the different arguments (that is what man pages are for) for the different programs, just try to remember what some of them can do and can be used for. I wanted a book that could tell me everything when I started out too... But I've really come to realize that the more you just mess with the computers, the more you will learn. This knowledge will stay with you too, unlike if you were to read it from a book and forget it within a few days. Set a goal: Try to learn something exciting and new everyday. This will keep you motivated. Otherwise, you'll get in a rut and stop learning new things. Also, go back and watch some episodes that sound interesting to you. Hope I helped and good luck.

I once tried to look into looping a video to my instructors computer (we use Vision6)... It was way over my head. I tried packet analysis, which I have absolutely no background in, and I had no idea how to go about capturing the packets I needed... I just got a great idea though... maybe. It might be possible to forward all traffic coming from the client through your computer and to another computer with the software installed. The same image would be displayed at almost the exact same time, so it might be rather noticeable, unless you could delay the packets maybe. Just an idea.

OSfuscate by Irongeek

http://www.hak5.org/episodes/episode-524 http://hak5.org/forums/index.php?showtopic=14179 http://hak5.org/forums/index.php?showforum=52

I always use Malwarebyte's Anti-malware.

If you are going to install a Ubuntu, there isn't much of a reason to install BT4. Use it from a flash drive or DVD until you can get everything running in Ubuntu. You can image your XP install with Clonezilla and save it in case you want to revert. If you still want XP, and Win7 works, install it in a VM.

If you want that many OSes, why not just use virtual machines?

With the release of Back|Track 4 Final, I finally got around to looking into what scripts needed to be modified and in what way they needed to be modified in order to change the casper directory. This guide, as far as I know, will work with any Ubuntu based LiveCD (BT4, SamuraiWTF, Mint, etc.) that uses the casper squashfs files. So, I will be talking about BT4, but it can be applied to any distro. NOTE: You will need some type of writable media, which means you can't do this by booting from your flash drive and then writing to that same flash drive because BT mounts it as read-only by default. You could, however, boot BT from your flash drive, unmount your hard drive, remount your hard drive as writable, and then write the modified rootfs.gz to your hard drive. The script found at the bottom of this guide assumes that you have booted into BT4 from either the CD or an ISO (if in a VM). The script is NOT by any means a "good" script, because it is the first script I've ever written, but it gets the job done. You will need to manually change the path you want BT to find the casper directory in, and you may have to change the path that points to the original initrd files. Key: commands - type this into the terminal windows and press "Enter" stuff to change - in the command, change this to your desired path To manually change the casper directory: 01. Boot into Back|Track 4 from either a VM, a CD, or a flash drive. 02. startx 03. Start a new terminal. (Black icon on the bottom left) 04. mkdir tmp 05. cp /cdrom/boot/initrd.gz ./ 06. gunzip initrd.gz 07. cd tmp 08. cpio -id < ../initrd 09. mv ../initrd ../initrd.old 10. replace '$path/casper' '$path/.multiboot/BT4-final/casper' '$path/.disk/casper-uuid' '$path/.multiboot/BT4-final/.disk/casper-uuid' '$directory/casper' '$directory/.multiboot/BT4-final/casper' -- scripts/casper 11. find . | cpio -oH newc > ../initrd 12. gzip ../initrd 13. cd .. 14. rm -rf tmp REPEAT THIS, REPLACING EVERY "initrd" WITH "inird800" AND THEN AGAIN WITH "initrdfr" Now you can copy the .gz files into your 'boot' directory for BT4 OR: Copy and paste this into a file, change where it says "PATH/TO/YOUR/BT4DIRECTORY" to wherever you have Back|Track 4, save it with a .sh file extension, open a terminal window, chmod 777 change_casper.sh, then run it with: ./change_casper.sh rm -rf /bt4-final_edit/ mkdir -p /bt4-final_edit/tmp/ echo -e "Copying...\c" cp /cdrom/boot/initrd*.gz /bt4-final_edit/ echo -e "\t\t\t\tDone!" echo -e "Decompressing (gunzip)...\c" gunzip /bt4-final_edit/initrd*.gz echo -e "\t\tDone!" cd /bt4-final_edit/tmp/ mkdir initrd initrd800 initrdfr # cpio all echo -e "Extracting (cpio)...\c" cd initrd &amp;&amp; cpio --quiet -id &lt; ../../initrd cd ../initrd800 &amp;&amp; cpio --quiet -id &lt; ../../initrd800 cd ../initrdfr &amp;&amp; cpio --quiet -id &lt; ../../initrdfr echo -e "\t\t\tDone!" # replace all strings cd .. &amp;&amp; rm ../initrd* echo -e "Replacing all needed strings...\c" replace -s '$path/casper' '$path/[color="#808080"]PATH/TO/YOUR/BT4DIRECTORY[/color]/casper' '$path/.disk/casper-uuid' '$path/[color="#808080"]PATH/TO/YOUR/BT4DIRECTORY[/color]/.disk/casper-uuid' '$directory/casper' '$directory/[color="#808080"]PATH/TO/YOUR/BT4DIRECTORY[/color]/casper' -- initrd*/scripts/casper echo -e "\t\tDone!" # repack all with cpio echo -e "Repacking (cpio)...\c" find initrd/ | cpio --quiet -oH newc &gt; ../initrd find initrd800/ | cpio --quiet -oH newc &gt; ../initrd800 find initrdfr/ | cpio --quiet -oH newc &gt; ../initrdfr echo -e "\t\t\tDone!" # recompress all with gzip echo -e "Recompressing (gzip)...\c" gzip ../initrd* echo -e "\t\t\tDone!" # cd, cp all to desktop, &amp;&amp; rm tmp files cd echo -e "Copying to /root/desktop/ ...\c" cp /bt4-final_edit/init* . echo -e "\t\tDone!" rm -rf /bt4-final_edit/ echo -e "\n\n\n ************************************************* You can now copy the initrd*.gz files from the * Desktop to the 'boot' folder on your multipass! * ************************************************* \n\n\n" If anybody can code a better script where the user can input their desired path and such, please post it!

http://www.mytimeforce.com/documents/Using...ocity_Clock.pdf

RTFM

From what I've found, there will be an error number after "couldn't mount because of unsupported optional features" Having that number would help...

I do not believe that is the reason... "boot" is not needed, and does not pertain to the OS you are booting. It is used for chainloads that have been done through the command line and aren't a menu option.

What are the errors you are getting? They seem to be cut off in the picture.

The thing about having multiple partitions on a USB flash drive, is that only the first partition shows up in Windows. You could put all the multipass stuff on the second partition, but you can only edit the second partition under another OS that supports multiple partitions on a flash drive. I have seen and read about people editing the chip controller (I think that's what it's called... I can't remember atm) to make it show up as a regular hdd, and there is some trick with a dummy USB driver that makes it look like a regular hdd as well, but I haven't done much research into either.

PLoP is used because VMware doesn't (as of yet) support booting from USB.

http://hak5.org/forums/index.php?showtopic=14386

What are the errors/problems/etc that you are getting?

Then again, how many people would go "Oh? Alright..." and put in their password... ;) I bet that could be quite successful. Also, if they weren't allowed access until after, say a certain amount of time or login attempts, you might phish yourself multiple passwords. Just my thoughts...

Looks like your best bet would be to get a shell and tunnel through it with SSH. Darren did a segment on it a few episodes ago. Also, many people offer free shell accounts, just look around.