wick2o

Thats great until you want to run your tools on another computer.

Man you guys really missed the boat. Not everyone only has to worry about AD passwords. I regret posting such a question to a forum like this. I was expecting some intelligent responses to what I thought was a simple problem. Tron, I would like to continue this conversation privately if you could share what your friend has come up with. To everyone else who only has to wear one hat, and only works the hours of 9 to 5. Please just skip over this thread. To all those who have tried to understand my question and post a valid response and not a "flame", I thank you for your time. If i had the ability to delete this thread then I would.

I'd love to see em if you would pass them on, or rapidshare them.

I wouldn't mind sharing what I do for a living, however a public forum is not the correct place to do so. I also don't feel like reading a bunch of "ya right, sure you do" posts either. I have a very odd job in a very odd market where I get to do a lot of very cool things for a lot of very cool people.

This is a non-issue. I have been in this boat before, i agree it can get rocky at times. But as long as you CYA there is nothing to worry about. When and if you ever get put in a position such as this, id suggest you retain a lawyer.

Yes, Yes , and Yes. I am also in charge of everyones company cell phones, our security system, our a/v equipment, our websites, their families websitse, our clients IT departments when they cant solve a problem for the clients themselves. I'm a jack of all trades, master of none. o did I mention I'm also an engineer for some projects? Just the other day I was a mechanic for a CNC machine Last I checked, you couldnt use keypass to give users different rights to the same database file, perhaps I am wrong, I'll take another look.

You almost hit the nail on the head, this is half the problem. The other half of the problem is that I have access to everyones misc passwords. payroll,home bank accounts, cc#'s, you name it and I have access to it. I currently use a combo of keypass and an encrypted datafile with the keypass file inside of it. I would love to find something where i could create folders for each person, under each person have another set of folders, one private and one public. I would then need the ability to lock users out of all private folders and allow them to read all public folders. I have found one package that allows me to do this: www.animabilis.com however I then still have to manage all of the passwords. This software does not allow more then one person into it at a time, well it does, but only read only. I want my lackies to update the users public passwords and information when they get information, allowing me to only worry about private accounts. This is also in lew of the owners wanting a MASTER password with access to all incase I and my whole IT team are hit by a bus.

I'm currently looking for a password manager that allows me to set permissions to password "groups". The goal is to allow some underlings to see some users passwords and not others. Anyone have any suggestions besides writing my own using mysql+php?

According to http://virusscan.jotti.org/ it bypasses all buy AntiVir. I have also tested with the latest version of norton. I just got sick of AV's removing my netcat from my usbkey. I'd love to upload my patch, but exe files seem to be rejected. PM me if your interested, or if you have a place it can be uploaded for and then linked to. <edit> I have uploaded the file to rapidshare. Click Here In short, I added a NOP in the sig for norton, and then encrypted the rest of the .text section with a VERY simple xor script to hide it from the rest. There are a few anti-virus programs that appear to use the .data section in their sig, still working on encrypting that without destroying the programs functionality. </edit>

I've seen this product, or at least something similar tested on mythbusters, and it didnt work. However, it does claim that durning the day the product doesnt work well, and mythbusters was doing their test durning the day without a flash.

If you download Resource Hacker you can modify the empathylib.dll which contains the image and text used in the dialog that is inserted into the exe files. You can now create your own logos for your protected files. Wonder what it would take to get a reverse engineering forum on hak5. wick2o

Instuctions on removing the one char limit. 1. download lastest version of upx 2. download lastest version of ollydbg 3. run upx -d empathy.exe 4. open empathy.exe in ollydbg 5. press cntl+g and goto 0044c6e6 and change JLE to JMP 6. press cntl+g and goto 0044bbf8 and then right click/binary/fill with NOPs 7. press cntl+g and goto 0044b7ca and then right click/binary/fill with NOPs 8. right click/copy to executeable/all modifacations 9. select copy all 10. right click in new windows and choose "save file" 11. save to empathy2.exe 12. you should now to able to protect/unprotect exe files. You can also use the above information and take it two or three steps farther and modify the exe file so that you dont need the password to unprotect protected files, I'll leave this up to you to google. I just signed up, so don't know what the rules are as far as uploading files. I can upload a patcher to do this for you if the rules allow. wick2o