shawty

Iv'e just done the same with this as I do with all other spam bots. Gave it the email address of my "Spam P***er offer" :-) SOme time ago i set an email address up on my domain, called "spamoff@........" which goes to an eliza style AI chat/bot system, that basicly just argues with the senders, when replying it also ignores the sent from address, unless it can't find a server paper trail in the headers. This is not often since most Email servers publish "sent from... recived by... blah blah in thier headers..." Anyway it's great fun watching the logs sometimes, some of them really do believe that they are arguing with a human being :-)

ok, here's how my set-up works: I have an Ubuntu server that has a port opened on my router/firewall. This port is forwarded straight to the Ubuntu server, where SSH is served by OpenSSH on the standard port of 22, on my router I've opened port 8000 and forwarded that to the internal IP of my ubuntu server on 22. That gives us the following: |-------------| | Router | |---------------| 8000 ->> | | -->>> 22 --->>> | Ubuntu box | | 10.10.17.1 | |---------------| |--------------| (Sorry if the ascii gets messed up) At this point, you now have to remember 2 things. A) The ubuntu box can already see any other machine in your network, so you do NOT need to open extra ports on the firewall to get to those machines. B) The ONLY machine you need to connect to is your SSH, what port you open on your FW/Router and how is entirely up to you. Ok.. now you need to install VNC server onto the windows machines that you wish to remote, then have it active and running in service mode, check all is ok by running VNC viewer on one machine internal to your network and checking you can connect to the others. Once this works your good to go. From your remote machine (outside your network) fire up Putty, set up your connection params as required and save them, then in the putty options go down to SSH->Tunnels in the connection section. In the source port, put the port address you wish to use for your connection on the PC that you are currently sat in front of, bear in mind that it does NOT have to be 5900, it can be any port you want assuming that the machine your using gives you privileges to open ports (EG: your root, admin, or a user with those rights etc) In the destination box put the IP (or domain name) of the machine inside your network you want to connect to followed by : and the port number. So EG: if you installed VNC on the standard port of 5900 and your win-pc was called mywinbox, then you would enter mywinbox:5900 Click the add button. You will then see this entry get added to the tunnel list. At this point, you can connect to your SSH, enter your user name/password then minimise the putty window. Fire up VNC and connect to the local port you added above, and you should see your remote desktop. You can add as many tunnels to as many different hosts as you like, and give them all different local addresses, but tunnel them all through the same SSH session. For more info see the article i wrote on the subject for "Enterprise IT Planet" which you can find at http://www.enterpriseitplanet.com/networki...cle.php/3798541

You can use this on another windows box to make a PXE network boot server http://tftpd32.jounin.net/

Unetbootin works with any ISO, but you need to allow it to make a one of it's built in ones first so you get the correct boot block on the disk. Iv'e had it booting from UBCD-WIN and few other goodies.

All Dotfuscator does Somthing... is to mangle the stub names, assemblies and MSIL calling structure. Anyone with enough time and patience can still reverse engineer it, I've done it myself using nothing more than a hex editor. As Drop pointed out, .NET is rubbish for what your trying to do, personally if it where me, i'd go the path you where thinking, that is write your own encryption routine to encrypt your compiled EXE. If you make creative use of the file IO functions, or even use PHP's binary safe file functions, then you can put together your own bit twiddling code quite easily, once you've got a prototype for encrypting it, you could then use MASM32 (http://www.masm32.com/) and build a small loader that you tag onto the front of said encrypted data, that would then take care of decrypting, loading into memory then passing control to. Your other alternative is to try using self modifying code, again this is something I've done in the past, but alas not so much on the X86 platform, i did used to do this kind of trick all the time on the ARM VLSI Platform cause the instruction set was perfect for it. Unfortunately there is one big drawback with both methods. Anti virus software. Most AV's these days will pick up what your trying to do through heuristic analysis and may prevent your code from running. As an example, i have bad problems with apps packed using "Themedia" as AVG goes balistic whenever i try to run one, and usually detects it as "Win32/Themedia" virus. The reason? Simple, a lot of malware authors pack thier files using Themedia and so the AV is erring on the side of caution. Anything thats going to modify it's own structure in memory is likley to trigger some sort of reaction from an AV, which leads me to my final point. Most AV's expect some kind of manipulation of resources, so what i generally do these days is i write my program as normal, but for my protected code, i use them a little like overlays of the bygone dos days. Create your protected routines as DLL's, then zip/gzip/mash whatever them and attach them to your main program as resource files, and simply unpack and late bind to them on the fly, remembering to unbind and delete them when your program exits.

3 top books for ANY .NET professional: MS-Press: programming ASP.NET 3.5 Manning: Linq in action by Jim Wooley Apress: Accelerated Silverlight 2 Those 3 books NEVER leave my desk :-D

When ever i have spare time (which realy doesn't happen much) i usually go hunting on sourceforge to see what projects i can get involved in.

It's still possible with visio. However i would say that any half decent design/cad package will allow you. In visio it was just it has custom templates.

Heh... always the simplest of things ain't it :-) If your messing with arrays and such, you might want to try using the new generic list types in .NET 3.5 EG: List<String> myStrings = new List<String>(){ "Jim", "Blue", "Jack", "Black" } It's makes things much easier beacuse you can use them like a stack, also there great for custom data: public class myClass { string name = ""; string color = ""; } List<myClass> people = new List<myClass>(){ new myClass(){ name = "Jim", color = "Blue" }, new myClass(){ name = "Jack",color = "Black"} } Because it's a class, it can have methods too, so each element in the list can still access it's methods... EG: string color = people[1].getColor(); // Assuming you'd defined it.

Something.... Cthobs is bang on the money with eval, there is an eval function built into VB and it works near enough the same was as the javascript one. However, that's not why my post ;) If you use the ASP>NET ajax toolkit, there's 2 components in there that will A) Allow you to do your real time in page update and B) Have a Calulator connected to your text box. You'll find everything you need to know in both VB and C# here. http://www.asp.net/ajax/

I just finished mine, long story short, i extended my BT socket up into my loft space where i have a rack. Iv'e run standard CAT 5e up the inside of the dry-wall, keeping it away from the mains electric cables, my router (Cisco 800 series) is plugged directly into a Cisco Catalyst 2900 switch. Each of the lines coming up the inside of the walls all terminate at a patch bay that's attached to one of the rafters, and these are then strung across to the catalyst. I picked the router and switch up of E-bay for £50 , and they are proper ex-IT industry heavy metal, there's only 10/100 on each port but they do me fine for what i use them for.

Micah C, It is possible, You can load anything you like into the text property of a control at runtime, as it's just a normal string object. The problem your going to have is: A) If this is to be rendered on a web page, then forget it, as you'll either loose the formatting, or royally confuse the ASP.NET engine. B ) If it's going in a winforms app, and your expecting the formatting to show up nicely, again forget it. The winform variants of these controls will just display the tags, as is without trying to interpret them. There are components that can use HTML for formatting, and some of them are free, i would suggest starting your search at http://visualstudiogallery.com/ , however an easier way if you need to use HTML for formatting and embed items from other controls in, is probably to create a hidden form in your application. Populate said form with your controls, and add some logic in to access them. Then in your main form use a web browser control stretched across the whole form with it's background color set to your forms background color. You can then load your HTML strings in from your resources in the app, and use simple string replaces to swap tokens for control values, before squirting the HTML code into the web browser control. Iv'e used similar methods myself on other projects and while not perfect they are reasonably effective, and you can do some pretty eye catching stuff. You could also try ditching winforms and using windows presentation foundation and/or silverlight. Cheers Shawty

Excellent stuff :-D Iv'e not seen anything like this since those heady days compiling and developing under MS-Dos using Turbo C & BC++. oh and who can for get Zortech?? I still have a set of 20 5.25 Installation disks hiding in a corner somewhere :P Seriously though, good on you for having fun while learning, thats what it's all about, and it's something a lot of students don't do these days, i remember the voyage of discovery i had back in the 80's, and i still enjoy and have passion for what i do today. If you want to expand on the speaker beep thing, something you may want to try is to use the Classic Win32 Multimedia API, and open the default midi device directly, you can then send note on/note off commands one at a time with the appropriate values to play music. I keep meaning to resurrect a project i chucked together eons ago, to play back music files created by the music tracker suite i wrote for the BBC Model B micro, and in order to do that i was going to adopt a similar approach, I just never got round to it :-D Cheers Shawty

No offence, suparice but if your client wants a security audit without using industry standard tools such as nessus, then there not serious about the results. If i get a client, and they ask me that (and there are some) i explain that nessus and co are the standard, basic tools that should be used first, if they disagree then i simply cant' do a through job. We have these tools, through years of development, and they are deved for just such a reason. Cheers Shawty

You could if you where sure the path & share exsisted. Remember however, most savy sysadmins will disable the default C$ and other x$ shares for security reasons. That said, anything you can run from a command line on your own box, can in theory be run on the remote PC using psexec, providing A) the user account your specifying has permission on the remote to do this B ) The app/CLI program exists on the remote PC C) the share exists Cheers Shawty

Generally your router doesn't broadcast ARP requests to find a MAC. At least i never see them on my net anyway. However my router knows the ARP's of all my machines, because at some sage they try to access the net and the router records the mac. Chances are the only router originated traffic that will appear on your net are routing announcement packets such as RIP, and even then you'll generally only get those if there is another router on the inside that the primary router is Bcasting to. The only time iv'e seen any kind of arp announcement inside my net is other PC's asking for a mac to IP req inside the net, iv'e never seen the router req them.

Use psexec to call Xcopy if it's a windows machine. you might need to check the params for xcopy to get it exact. But somthing like xcopy drive:\\hckedfiles \\sharemachine\share\files or so on should do the trick. Cheers Shawty

So let me get this right. You've had a router installed that has wifi on it, but you don't know the wifi key, so you need to connect to the router using a lan cable. At this point, the router gives you a connection, so you can get onto the internet. But you don't want to get onto the internet via having to be cabled, you want your puter/lappy to connect to the router via WiFi so u can connect to the internet without being tethered? If so then all we need to do is advise on the best way to sniff the wiFi password using aircrack (or similar) ( i don't know how this shit works in the states :-) ) If what your after however, is to get into the routers config panel to reconf it then sorry dude, your gonna have to fact reset it as stated above. Cheers Shawty

It depends what your sending the request to? If your after the info for soap and/or rpc then there's tons of sites that have the info. If your on about a rest or other similar http style request to an XML web service then it's dependent on the web service. In most cases if you type something like http://www.webservice.com/myservice?wsdl your likley to get the service description document.

Didn't the Gov amend the computer misuse act early last year to cover this?? I could have sworn i heard somthing somewhere that they did? I could be wrong.. :-) Which ever way you look at it tho, all it takes is to pIzz the wrong person off and your gonna get your ass kicked somewhere down the line.

or lack of coffee :P LOL

Thats quite serious over here in the UK now. You can do pen testing, but if you actually gain access and make changes that is definately illegal, even if you have prior consent. I do happen to know that the BBC labs do have there own isolated test network however, beacuse the BBC Backstage teams use it for testing, so wether they used that or not i don't know.

And for a free IDE, try Netbeans. WHich can be set up to work with PHP/Python/C/C++ etc etc, but specialises in java. As for pyton being no use for GUI, i'd have to say use WxWindows. For an example of what can be achived, just take a look at a program featured on the show. Inkscape. Inkscape was written in Python using the WxWindows toolkit. Cheers Shawty

Anytime dark wolf. Just glad i could clear it up. As soon as i saw the picture i recognised it. For reference, this is the one i use http://www.acs.com.hk/acr128-sdk.php It wasn't hugely expensive to buy, about £30/£35 UK, about $50 or so i think. Cheers Shawty

I can tell you exactly what that is. It's a schlumberger chip & pin credit card reader for reading chip based creditcards that follow the emv standard. I have the fortune of programming these things under windows in the backend of last year while writting financial applications. For me it wasnt a schlumberger reader, it was an advanced card solutions one. Now comes the bad news :-) getting the drivers for it will be next to impossible, schlumberger was bought out by Axalto circa 2003, and they then joined forces with Gem circa 2005 to form GemAlto (http://www.gemalto.com/) The reader should be PCSC compliant (most of them are) but it will still need a low level stub and thats the driver your looking for. You could try drivers from different smart card readers, one of them may work, but your gonna have to do some serious hacking of the driver INI file to make it work. At the very least, your going to have to change the USB Vendor ID's. If you do manage to get another driver working, then you'll likley only get basic functionality. Another choice you have is "The Open Smart Card Frame Work" (http://www.opensc-project.org/) don't expect it to be easy though. I have an advanced card systems one, and it only just plays ball under windows XP, under Vista you can forget even trying. Hope that helps. Cheers Shawty PS: Info on schlumberger can be found here (http://www.gemalto.com/axalto/Company/press/newsb3a3.html) PPS: If you get it working, you'll be amazed what you can read from an average credit card ;-)