aeturnus
-
Posts
65 -
Joined
-
Last visited
Posts posted by aeturnus
-
-
Everyone tries to crack WEP right away however, has anyone tried Stealth hacking? In other words, capture as many of the WEP packets (maybe 250,000) or more, and then decrypt them?
That way no one would know you were ever on the network because all the transmissions occur over wireless, you are simply listening in.
Not only will you have the passcode to jump on to the network next time, but you can decrypt all the packets you captured. Isnt that a great xmas gift!!!!???
So how many have done this?
I haven't done this since thebroken had their video on it and airsnort was the de facto standard. When the replaying whitepaper was released and I coded my version of it, I went the active route and never looked back.
Why would you want to wait weeks and do this passively when no one properly monitors their network anyway?
-
i need even you opinion dudes so as did you enjoy or is there any scope of improvement?
Remote procedure call (RPC) is an Inter-process communication technology that allows a computer program to cause a subroutine or procedure to execute in another address space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction. That is, the programmer would write essentially the same code whether the subroutine is local to the executing program, or remote. When the software in question is written using object-oriented principles, RPC may be referred to as remote invocation or remote method invocation. Note that there are many different technologies commonly used to accomplish this which are often incompatible, such as ONC RPC and DCE/RPC
regards
rakz
Very old. Very boring. Difficult to understand with your poor English and the typing is so passe. Watch some of the videos at irongeek.com or somewhere and try to do something better than he did.
Also, from your title I thought you had actually done some sort of work on this old vulnerability rather than just having run the same script everyone's ran for since 2003. So maybe an appropriate title would be useful.
Thanks.
-
... if you are able to telnet ie your in the remote box, how do you send and receive file's\folders with out installing any programs, using standard "xp" also note: they are on different networks
Could you please translate this into English?
I think you're asking for how to transfer files using Telnet. It's my understanding that it depends on the version of Telnet you're using. If it's simply text, just cat the file. If there's a lot of files, it'd probably be easier to just install FTP on the remote system or something.
-
Friends, Romans, Countrymen, lend me all of your malware, or malware related sites that contined infected software
www.offensivecomputing.net has the largest selection I've ever seen with links to other places.
-
I guess that depends your perspective.
To me, yes it's a problem. There are far better ways to deal with this than blackhat techniques.
From this guy's scenario it doesn't sound like he's got a lot of options. The person in power to disable or throttle the rogue user's connection won't act. When the system lets you down, sometimes you have to take matters into your own hands.
Did you have a better solution for when there is an absence of a system to remove users like this and you are prevented from modifying the network layout?
-
Im confused: Are you asking for a good web host or a good web server?
I'm with mesartwell.
-
Ah, make sense. Thanks :)
-
The file permissions should be 0777 not 7777
And your not going to really be able to modify the files being presented on the HTTPd,
Unless you find a exploit.
Well, there's a lot wrong here. Without going into too many details or wanting to argue, let's just take your statements and debunk them.
Given the code:
Ive created a cookielogger.php containing$filename = "logfile.txt"; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, 'a')) { ... } else { if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE) { ... } } ... ?>You simply give him a page with a correct cookie value and its written to the file. That file is served by httpd. So "And your not going to really be able to modify the files being presented on the HTTPd" is an incorrect statement.
Let's look at your first statement about the file permissions. Why do you need the setuid, sticky, setgid, and execute permissions set? It's a security risk. So that statement is wrong as well.
Yes, I think I see what you meant to say about the exploitation. But you didn't, and your statements are therefore incorrect like I said.
The details about how I would gain entry to such a system are beyond the scope of this argument. If you ask me really nicely I might try to help you out if you set up such a box for me to gain entry to. Really though, if you can't see any problems with the presented vulnerabilities then you should pick up a book on security.
Start simple, go with the Hacking Exposed books.
-
The file permissions should be 0777 not 7777
And your not going to really be able to modify the files being presented on the HTTPd,
Unless you find a exploit.
I hope you weren't responding to me since your post is completely incorrect.
-
Are you going to actually run games on this machine? If you are, its not going to work like you think it will.
Yeah, I don't think I really understand what he's hoping to accomplish with this. I have some ideas about what he's hoping to accomplish, but they're really too silly to suggest.
-
I'd reinstall Windows
If you just want access, what's wrong with simply reinstalling?
-
Read and Write permissions on logfile.txt are enabled (7777).
You set a file facing the Internet to 7777 with that code you provided? That's awesome, can I go ahead and get your IP address? Thanks :)
-
The problem is that you want to deal with an abuse of the network, by abusing the network...
Is that really a problem?
-
I want to know can we connect remote pc's open port.
What are the different ways . . and what is the command used in telnet to conect.
Besides the tools listed above, using a simple Python script (or any language that supports sockets), you can just create a socket and have it connect to the port on the remote machine.
-
First hurdle:
Antivirus scanners use a fair amount of processing power, routers have like 200MHz processors and very little RAM. Virus scanners will often make a copy of a scanned file in to memory so it can quickly and heuristically look for potential virus pasterns.
If you have a router that is supported by ddwrt, openwrt or any linux based router replacement firmwares you could absolutely run ClamAV on it.
Second hurdle:
This then creates the problem that ClamAV it's self with the definition files is probably going to take up all the room in the routers flash by it's self and still want more.
You need some thing close to a full computer basically, nice idea though.
For your given scenario, the second hurdle is not a hurdle. Just mount a network share and let the 3rd party firmware write its output there.
Further, if he's not afraid of the slow network speeds then hurdle 1 isn't really a hurdle either.
I agree though, an old PC would do this job a lot better, but it'd be a fun academic exercise either way. And it might be useful if he's got a lot of malware coming in passively. Like for a honeypot situation that he just can't trust to run on a VM.
For the record, he did say modem and not router though. But I doubt your modem has better processing power than your router.
-
I agree, in your contract you should have outlined what he can touch.
-
I'm guessing black hat but do you actually "hack" into other systems to get your items or just download them from websites
I think this is the fundamental difference between a Computer Scientist in the security field and a sysadmin who wants to play himself off as knowing something.
If you want to be able to find new things and then write the tool that other people can download and use, go the Computer Science route. It'll give you a good theoretical background on a lot of topics. This will be helpful when you finally sit down to begin your security research and you're just able to understand how the things work since you've seen it before in a different context.
Echoing a lot of what stringwray said: Universities teaching Computer Science are very academic and theoretical. This is a good thing, this is what you want. But you also want to have that drive to learn the practical stuff on your own. At my university, this is what is sort of expected of you as the practical stuff is easy enough for anyone to pick up, so they don't bother teaching it.
There are universities with offensive and defensive network and computer security courses as well. And in these classes you'll learn lots of practical attacks against systems, but more importantly you'll learn the theory that make them work. You want the theory rather than the practical so you can apply the solutions to similar problems later. The university courses I took like this were a lot more educational and practical than any of the vendor courses I've since received (Black hat training and so forth).
In contrast, it's my understanding from speaking with others in the security field and friends with this background, that the sysadmin approach will give you a very practical experience with no theory. Generally these seem to be the kinds of guys that use phrases like "think like an attacker" (which, if you follow the typical security mailing lists, you'll get the absurdity reference).
Like anything though, if you work at it hard enough you'll learn it and get good with it. I'd hire a willing learner over an apathetic, experienced guy any day.
-
Its very simple, a user calls me and says "I can't spell check in dutch/add this printer/open this file/sap is weird/my monitors are the wrong way around/i can't save my word document", something I can't do remotely or in a different session, or I don't want to kick them off and loose any open edits, then they lock there computer (something we're not going to disable for obvious reasons) and wander off. I then come up and cannot use the machine without ending there session. What I want to be able to do is use my domain admin account to unlock their session, do whatever needs doing, and then lock it so when they come back, all they notice is whatever was wrong isn't wrong any more. Scripting can solve a lot of these tasks I know, but this would save me a little time for the random things it can't.
I don't think there's a good tech way to solve this problem. It seems like the problem would solve itself the first time they're busy with something, call you, walk away, and come back to see you hadn't done anything waiting on them.
I mean, if they're calling you for help, can't you just tell them to wait for you to get there or to make sure their screen isn't locked when you arrive?
-
I think that'll work to get you an account on that machine as an Admin.
What's curious to me, though, since my scripting is a bit rusty: Why do you need that cls on the 5th line if @echo off has all ready executed?
-
There is one more 'attack' that has been over looked (but I still say hardware firewall ftw). You could try and setup your own DHCP server that exclusively targets him. I'd guess that the 'real' DHCP server is closer to the target in the network layout so you just have to hope that it's slow.
Glad you finally agree with me Sparda, that getting in between the rogue user's connection and the gateway is the way to go.
-
Yeah, hitting the reset button will remove the password, and re assign the IP addresses in the house. That means the network printer and the tivo will likely stop working.
Likely not. If you just have a home router/switch (Linksys, Netgear, SoHo-style whatever) and your Dad or whoever properly configured those devices to deal with DHCP then you should be fine to reset the router.
And if it does, what did you lose? He'll just reconfigure it and you'll be out nothing.
-
What is the best firewall out there for Windows Xp?
Concerned with just your own personal browsing? Just use the Windows one. Windows XP SP3 is pretty well locked down anyway.
-
Hey everyone,
I just have a short question.
Assumed, you have physical access to the guest account of a computer. You have not the privileges to run batches or to view the command prompt by executiny 'cmd'.
What i want to ask if there is any other way to bypass this and getting access to the command prompt.
Thankies
Benny
What do you need to execute 'cmd' for? If you have physical access to the box, you likely don't need to take the approach that you're attempting to take. Look into LiveCDs like Backtrack.
-
Just write one in C real fast. SetWindowsHookEx ftw.
JMP instruction "syntax"
in Questions
Posted
Well, it doesn't sound like you understand that either. It's a relative address from where the JMP is taking place. You could use an absolute address to save you from having to do basic arithmetic to get the address. I haven't read the intel docs in awhile, but I'm pretty certain it's fully described (probably on the same page you were reading to get the E9 thing).
It would help when asking questions like this to give all of the required pieces. Jump from where, to where? Not just from here with a disassembled label.
But then you also might try not being a jerk to the first guy that tries to help you even though he decided early on you had no idea what you were talking about and it was tl;dr. Or not.
Good luck.