barry99705

The article didn't say they were connecting to the networks. I've said this before and I'll keep saying it until I'm blue in the face, WARDRIVING HAS NOTHING TO DO WITH CONNECTING! What the cops are doing is looking for unsecured networks and then telling the owners to lock it down. How they're pinpointing the actual location I'm not sure, probably just knocking on a few doors.

Sweet more passes to add to my dictionary! :D

You get the upsidedownternet working??

http://www.tech-recipes.com/rx/639/cisco-p...-recoveryreset/

I only worry about my machines, and I'm a domain admin. No problems with passwords.... :D

Sombitch!! That worked way too easy!

Not on our machines. I've said it before, and I'll say it again. There were only two good parts to that movie...

I've got esxi running on a poweredge 2800, don't have freenas, but win2k3 server runs just fine. Not wanting to start a flame war, but I think running osx server on a non-apple branded server is still against the license.

Okay, so how the hell do you get a user name of a non-logged in machine? Say you walk up to it at a starbucks or whatever. I have read through the thread, which is why I said the title should be renamed. None of these methods work if the machine has been updated, or if they have the local administrator user disabled. Also the used name isn't already filled out.

We talked about something similar either on the backtrack forums or the netstumbler forums, I can't remember which. We came up with the same conclusion.

Many many years in other network security forums and work experience pays off sometimes.... ;)

Here's the applicable part of the AUP you'd have to agree to for usage. I'll highlight the parts you're violating. Security Violations It is Customer's responsibility to ensure the security of its network and the machines that connect to and use IP Service(s). You are responsible for configuring and securing your services to prevent damage to the AT&T network and/or the disruption of Service(s) to other customers, and ensuring that your customers and users use the Service(s) in an appropriate manner. Customer is required to take all necessary steps to manage the use of the IP Service(s) in such a manner that network abuse is prevented or minimized to the greatest extent possible. It is Customer's responsibility to take corrective actions on vulnerable or exploited systems to prevent continued abuse. Violations of system or network security are prohibited and may result in criminal and/or civil liability. AT&T IP Services may not be used to interfere with, to gain unauthorized access to, or otherwise violate the security of AT&T's or another party's server, network, personal computer, network access or control devices, software or data, or other system, or to attempt to do any of the foregoing. Examples of violations of system or network security include but are not limited to: * intercepting, interfering with or redirecting e-mail intended for third parties, or any form of network monitoring, scanning or probing, or other action for the unauthorized interception of data or harvesting of e-mail addresses; * hacking - attempting to attack, breach, circumvent or test the vulnerability of the user authentication or security of any host, network, server, personal computer, network access and control devices, software or data without express authorization of the owner of the system or network; * impersonating others in order to obtain another user's account password or other personal information. * using the IP Service(s) to deliver spyware, or secretly or deceptively obtain the personal information of third parties (phishing, etc.), or engage in modem hi-jacking; * using any program, file, script, command or the transmission of any message or content of any kind, designed to interfere with a terminal session or the access or use of the Internet or any other means of communication; * distributing or using tools designed to compromise security, including cracking tools, password guessing programs, packet sniffers or network probing tools (except in the case of authorized legitimate network security operations); * unauthorized monitoring of data or traffic on any network or system without express authorization of the owner of the system or network; this would include use of sniffers or SNMP tools; * falsifying packet header, sender, or User information whether in whole or in part to mask the identity of the sender, originator or point of origin; * knowingly uploading or distributing files that contain viruses, Trojan horses, worms, time bombs, cancel bots, corrupted files, or any other similar software or programs that may damage the operation of another's computer or property of another; * engaging in the transmission of pirated software; * with respect to dial-up accounts, using any software or device designed to defeat system time-out limits or to allow your account to stay logged on while you are not actively using the AT&T IP Service(s) or using your account for the purpose of operating a server of any type; * using manual or electronic means to avoid any use limitations placed on the Services; * gaining unauthorized access to private networks; * violating rules, regulations, and policies applicable to any network, server, computer database, web site, or ISP that you access through the IP Service(s).

He means create a ssh tunnel between your computer and the remote server. When you point your ftp application to your machine and the port specified by the ssh tunnel, the ftp traffic will go over the ssh tunnel. Though I like his second option and using a ftp client that's capable of sftp. Or you could scp the files to the remote machine.

I think the thread title should be changed to "Gain Admin access on just installed Windows systems with no updates installed". So far on the five machine's I've tried this on, none worked. The at command is disabled. Kon-Boot also doesn't work on them. Kon-Boot only works with local users. You need to know the name of a local user on the windows machine. Administrator is disabled on all my work machines, and my home systems. They boot to the user name and password screen, not the stupid ass click a picture and put in your password screen.

Ahh, missed that part. If it's security he wants TOR isn't a good alternative either. VPN is the way to go, he'll just have to deal with the slow down. On my connection I've not notice that bad of a bandwidth hit, I wouldn't game over it though.

Who says they already don't, along with a few TLA's.

What the hell are you talking about??!!! He's asking about linux, not windows. http://backtrack.offensive-security.com/in...hp/HCL:Wireless Is a list of working wifi cards with linux. See that big assed list of usb devices? Any of those will work with linux. Maybe not all will do moonitor mode, but all the alpha's will. Just click on one to see the pro's and con's of each adapter. I'd go with an Alpha.

Most likely not. I'm not sure how those probrams use the tables. These tables are salted with the ssid and a pretty cool dictionary file specifically for wpa.

Well that's cool.

Set it up as a split tunnel. That way all your internet traffic will go out your normal network connection and only your local network traffic will go over the tunnel.

Yea, have you tried opening one in a text editor? Oh wait. You're using the wrong program with these tables. They are for cowpatty.

Yea, that sounds about right. You pose as the correct AP and the client sends their part of the handshake(which fails). That's all you need now with the new cowpatty. Works great for all those laptops that automagically connect to "their" AP.

I'd need to go dig mine out. They're on a hard drive in my closet somewhere. Could you show us an example of what the file names are?

Have you ever seen one in real life?? I know the guy that's porting a lot of the wireless tools in backtrack to it, but his was broken the last time I saw him. I don't know how well the company is going, they've canceled their second gen phone already.