3w`Sparky
-
Posts
142 -
Joined
-
Last visited
Posts posted by 3w`Sparky
-
-
I am looking to attend defcon in 2010, I have never been to anything quite like this and I live in the UK so it will be a fairly lenghty trip for me so i have lots of questions like do i need to pre book, what should i expect, do's and don't
any experiences would be very much welcomed?
-
-
Episode 6x06
in Hak5
Another nice long show , great one guy's
I have to say I chuckled "pop a camera in your helmet" surly thats going to smart !
cam studio , I used this quite abit a few years back but now I use Winks instead
is your food not stone cold by the time you finished recording? and the trivia question C again ! againagainagain infact
that was a fun watch cheers
-
dns tunnel , one of the hak5 ep's explained it, moobix (can't remember the spelling) covered this subject it was for avoiding pay to surf access but this should also work in the same manner
-
i think i miss understood , your looking to boot your pc and at the point of it being assigned an ip address that same device is going to start a program running on that PC that was just allocated the lease, well for a start your going to need a program that is going to accept requests running on the pc just allocated the lease, the router will need a cronjob every 1 min or so to check its dhcp allocations if it contains xx:xx:xx:xx mac address then do something else die.
i would think for pure lab testing good old netcat might do this, one on your booted pc set to auto start and the other on the router configured as part of the cronjob, the test - i would use something like calc on windows, if you netcat from one device to another to get a cmd prompt then you can just run calc from the remote pc and it will fire up calc on the desktop for the current user.
still the question is why but thats what i would do for the lab steps anyway, if it produces the required results then i would look at hardening the setup by building an app thats abit more secure.
-
thats my point tho what are you going to search for ?
it's sounding abit like entrapment
-
more importantly how will all this infomation be stored securely and who is going to run through all this log , it will contain everything typed ever on that keyboard thats going to mount to 1000's of lines of genuine text, in there somewhere is going to be the 1% of capture your after x this by 50 users = a headache and massive amounts of logged passwords and usernames sitting everywhere on your infrastructure !
its not the way to pratice. if messenger is a problem - block it or like mentioned above force it through a gateway.
+ if you block messenger it will force users to use outlook which you have much better control over monitoring etc.
-
your basically looking for a ping sweep combined with arp entries to see whats on your lan and the ip address & mac of that device.
i have to ask whats this for ?
-
I would make a note of the time and date that the ip was seen on the gmail account , ISP's generally use dynamic allocation so the time and date are important, you can prob do a whois lookup (google it) to see what isp own the address, then tell the police that this is the ip address that it was seen from and this is the ISP who they use, from this the police can contact the ISP who by law "uk law in my case" have to keep a record for 6 years , this will link to the account phone line the service is on and ultimatly the address (providing it's not an internet cafe or unprotected wifi spot) then your on your way to catching them.
on another note ,
if your able to gain access to your neighbours router (Social Engineering) look in the dhcp allocations and see if your laptop name is in there ;o) only one way that will be in there config !
-
Iain - I see why you are saying this but your not going to see the 10 network on the cat five cable as the 10 network is going to be encrypted and packed inside the 192 src address , when it gets to the other end it will be unpacked and the 10 address will then be seen across any lan segment behind that point. so there is routing involved, both this IPsec solution and the most inc cisco use this process
my ipconfig via ipsec
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection 4:
Connection-specific DNS Suffix . : my-domain-name
IP Address. . . . . . . . . . . . : 172.24.43.198
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 172.24.43.198
as you can see the gateway address is also my host pc, i think the software processes this gateway differently to a std gateway and feeds it through the encryption and off down your cat5
check your dhcp server settings and get the server to assign the address and gateway at the point of authenticating.
thinking about it i'm sure by forwarding it to its own address is forwarding it to the app that has already got the tunnel established it then becomes the app's job to forward it to the orginal dest ie the tunnel end point
-
that reminds me a segment on ssl explorer would go down a treat http://sourceforge.net/projects/sslexplorer/
this gives you access to apps and alike via http you can even get secure telnet or alike , ie internet cafe ---- to your home router --------- to your ssl server ------- then once you login it will pass your telnet request through to the internal network.
its a great alternative to ipsec tunnels
-
you can IPsec vpn with the iphone its very easy todo infact
Iain good old fashion ip's wouldn't need a gateway but the data is being wrapped in encryption before going over the 192 network to reach the other 10 network , just add the host address to the gateway , odd yeah i know but it should work, most vpn settings put your host ip as also your default gateway.
-
I'm looking for a tool that will allow me to capture data flows and build a list of them in a webpage or alike, it needs to capture connections from and too + size
ntop is sort of a size 11 shoe on a size 9 foot , not quite what i'm after
any recommendations ?
-
email the company - info@abc.com or alike with a lame question, check the reply headers and then do a whois on the ip that will give confirmation on the owners also tracert with "can't remember the name" but with an app that will point on a google map or alike the most probable location of the source IP.
if that's not working then roll up your sleeves and think again or move on to another company that is not so secure.
in a sleeve rolling up approach maybe trick a member of staff into looking at a website "your website" this will provide you with there browsing ip address - and if your really good at social engineering you could even get them downloading a "cough" demo program.
of course this is all if's and but's and is of course what you "could" do if you were into such thing's
-
-
iso will only boot after the system has passed the post , its the job of cmos to to see what devices it can see and boot from them , i'm pretty sure you can buy pci cards that contain a bios on them to aid fixing such issues but there not cheap, so jumpers and batterys it is for such anoyances
-
-
This episode was awesome! Darren wasn't drugged out and actually explained what he was doing! I can't wait to try setting up a openVPN on one of my extra crap laptops lying around. Hopefully i will have time to get it all set it up and test it on thursday.
I have a question though. If i set up a VPN with the OpenVPN thing will i be able to access sites that my school blocks on my laptop. Just from what Darren said it sounds like that should work but i'm not sure. Thanks for anybody who knows if this will work.
it all depends on the schools firewall and what port numbers it will allow through , you can overcome this with some port translation, there is a new firewall technology out paloalto is a provider and it's does very deep inspections of ports and packets , not sure your get through that but otherwise its very possible - goodluck
-
its his far far more kamp version, this guy is like crisp and clean and frankly boring . . . . .
I guess it could even be matt before his 8/9 pint ! he prob films this then goes to the pub then off to the hakhouse.
hahahaha
-
Where do I start . . . . . . .
Well it started with my addiction to looking at the length and an impressive 44 + mins was a nice surprise.
if you guys were in a teaching assessment you’d have passed for sure today , really great show a good amount of detail nice length, good subjects , paid for vs free & "almost free" was a perfect balance.
Darren, disabled split tunnelling is the technical term I think ensuring the traffic is all sent to your required destination server and not split depending on destination (I’m sure you already knew that)
and you joke about ME but we have some nt4 server boxes still ! ! ! ! ! !
best bit is , our AD can't run in native for the 7000+ users due to these boxes ! madness real madness
seriously guys if a well earned break then produces a weeks show like this one then you guys had better save hard and book lots of holidays as this content is great.
it all feels closer and enjoyable not rushed and a chore
can't wait till next weeks
-
yeah beakmyn is right goto one of the above i like dd-wrt that is what i find best personally, you can even follow large chunks of Darrens pineapple guides to get the image onto the unit then its basically a linuxie routerie thingie that you can do pretty much anything with !
of course the limitation is one cabled interface and one wireless but you can route over the same media
eg in on the copper from 192.168.1.1 out on the 10.10.10.1 network
-
Episode 6x04
in Hak5
Darren, What are you doing to me your break down means I only get 12 Mins of learning a week, what am I todo with the remaining 10068 mins of my life until the next one is Released!
maybe just double the time on the two Segments ?
'weeps into his keyboard'
also meant to say , hope you had a nice holiday, hope the camping gear held out!
-
Episode 6x04
in Hak5
Agreed this epi was better than the last one I can't help but think maybe this was done before the last and they were swapped to fill a gap, anyways enough of that.
I have to say I always look at the length of the Episode it's an addiction, and yeah I for one would say going into more detail about some subjects would be very useful, they do feel abit rushed not fast paced which I can normally keepup with, guys basically we are happy to sit and watch you for 30mins we can tolorate that long ;o) but seriously why rush 20 mins when you can cover 30mins in detail.
I would like to see some items that are naughty but nice , something like this is how you get into an unpatched system, so sysadmins check your wsus is patching or your open to XYZ attacks , maybe test virus section or alike?
I also miss Snubs wii hacking tweeking etc etc maybe xbox and or ps3 ?, the fon accesspoint sessions were great, as were the messenging server and IP Phone sessions.
vpn over fon access points would be a fab one !
as always girlie and guys thanks for your edjumekation
-
Episode 6x03
in Hak5
Hi people, I have to say I also agree no real content it seems like the show is a chore at the moment, why not open the floor to others maybe us! yeah us get the people to record something they are passionate about (technolust related) and give them a 3-5 min slot. I personally feel that the team can't commit the time at the mo and that's why it lacks content, if it’s the good weather stopping them then bring on -20 degree winds that will keep them inside :o)
Personally series 6 should have been paused for 3-4 weeks as like I said in the last post these guys are entitled to a holiday too!
O and the flashing wall, if I’m honest it looks broken!
take care hak5 peoples get some rest and then feed me content - YUM
Episode 6x06
in Hak5
Posted
When I set this up about 18 months ago yeah I was a mother humper , and yeah so it's hard todo, is this not perfect for a episode tho if it's a bitch then some step by step guide will sort this one out and it's a very lightweight tunnel for access to email etc perfect for small to medium sized company's
so long as the unicorns are kept locked away then everyone will understand the guides ?