[Find Mail Servers]

Assuming that they haven't documented the servers on their public web pages (ISPs usually do, private companies won't) then to find the inbound smtp servers you can use nslookup or dig. Just set the type to mx and it should list the mail servers for delivering mail to that domain.

If you are looking for the outbound mail servers and pop servers then that can be difficult. Assuming that you have a range of IP's for their network I would start by doing reverse lookups on the whole range and see if any report a hostname like POP, MAIL, SMTP, IMAP, etc. If they don't then you could try resolving a set of hostnames using them and see any of them resolve.

Failing that you may just have to port scan the entire range for open ports related to the services, though this will be very noisy and may get noticed.

[Survival Without Tech]

My initial thoughts on the subject are that you would probably want to group a number of items together depending on the type of disasters you are planning on covering. After all a disaster that lets you still live in your own house would allow you to have a lot more items than one which would require you to use your car to escape, which in turn would still allow you to have more items than a disaster that forced you to travel on foot. Of course your groupings wouldn't be exclusive so your kit for travelling by car would include your kit for travelling by foot, and your kit for staying at home would include your car a foot kit.

Items to include are a good couple of multitools/swiss army knife would be a good inclusion, as would some general survival and medical books.

[Evilmaid Chkdsk]

I could be wrong, but to my understanding the Win7 MBR is located in vdsutil.dll (http://thestarman.na...m/mbr/W7MBR.htm). Specifically in the first 512 bytes of the file.

Sorry but Digip is correct, the MBR is the first 512 bytes on the boot device (be it a hard disk, USB, or even floppy disk). There are copies of templates located in a number of files around the system but they aren't the master boot record. For a start they almost always have the partition table missing as when repairing a MBR you want to use the current partition table for the device.

As to how you go about writing opcodes to the MBR, when I have done it in the past I have tended to use dd from linux. To generate the binary file to be written I would use FASM as it has an option to output a nice binary image. This image can then be written to the device's MBR. As Digip has already mentioned a lot of OS's these days use the MBR to chain load another binary that does the boot loading.

[Idle Scanning With Nmap]

Have you read the nmap book section on using an Idle scan? There general advice is if one zombie doesn't work try a few different ones as you are looking for a very specific network stack configuration for a zombie. They suggest printers and other small network attached devices, the sort of things with limited resources (I suspect that NAS boxes would also make a good zombie these days).

[Obscure Visual Communication Standard]

If that's true its gotta be the smallest boats in the smallest Navies! I can't imagine how a Navy without radios could be effective at any operation.

Actually quite a lot of operations rely on radio silence, last thing you want when picking up or dropping off a team of special forces in a hostile area is your radio signals giving away your location.

[You Don't Know Admiral Hopper?]

I'd like to get a direct answer on the origin of the internet

I can thoroughly recommend the book Where Wizards Stay Up Late to answer this question. Check it out of your local library.

[You Don't Know Admiral Hopper?]

but how did he play a role in modern computing?

Has rms stopped playing a role in modern computing? I must have missed that memo.

[Approaching Admins About Discovered Vulnerabilities?]

I stumbled upon a way to exploit said system (not an issue of epic proportions, but still something that bothers me), and I would like to inform the I.T. staff so they can fix it. I just don't know how to approach them. Should I drop by in person, or email them? What if they don't care? What if they get pissed? Just, too many questions with very uncertain outcomes. Anyway, enough rambling. My question is this: How do I approach the right person about a security issue?

When answering questions like this I tend to find that all my paragraphs start with "If", mainly because we don't have much information. The first thing you should do though is to not touch the vulnerability again, as if things did turn out very bad and there was a disciplinary hearing of some sort then you would look a lot more guilty if they showed logs of you playing with it for months, rather than having to admit that the logs showed you stumbling across it and never touching it again.

If there is a person specifically responsible for their IT security then report it to them. They usually will listen and as they aren't responsible for the system they won't blame you for the issue. They will also have the power to make the person responsible for the system fix it.

If there isn't a person specifically responsible for security then see if you can then report it to them as an error, "When I do this it falls over". Error reports usually get logged and people are less inclined to feel you are attacking their system when you file a bug report.

If it is something that you can't word as bug then you have reached the stage where you need to decide if you are going to report it as a security issue or not report it. If you decide to report it and you already know the admins and get on well with them, then you might feel comfortable reporting it in person. If you don't feel comfortable reporting it in person then report it via email (paper trails can be a life saver and help you prove what you reported when). Take your time when composing the email "Dude's your system sucks and I can crack it!!!" is much more likely to get someone back up than "I don't know if this is an issue but when I accidentally mistyped my username when logging in I included an apostrophe at the end, rather than reporting an invalid login it let me in but under another users account."

And the final "If" is: If they fix it good, if they don't then that is their decision your responsibility for the vulnerability passed on when you informed them of it.

[It's Called Proper Language, Use It...]

I agree with the sentiment of teaching computer literacy earlier on. However teaching programming languages as a requirement is a bag of worms. For example, which language should we teach to them?

I vote everyone should learn machine code. That should really make them appreciate their coders :)

[Detailed Sys Hardware Info]

Three useful linux commands that should help you list hardware (Note Mr-Protocol's reply links to a page which mentions these and a lot more).

lspci - lists the devices found on the PCI busses.

lsusb - lists the devices found on the Universial Serail Busses

dmidecode - lists a mass of information found from the BIOS

[Peak Inside Ext4 File System During Boot]

Just boot a live Linux CD and (e.g. knoppix) and then boot it and try mounting your partitions. You may need to read up on logical volumes if you installed linux within logical volumes rather straight into a disk partition.

Don't forget to mount with the read only option to avoid altering the content of your partitions.

[Cctv Mesh Network]

First check your local laws, intercepting wireless communication and cracking captured wireless communication may be illegal in your country (If you aren't sure then assume it is illegal and don't mess with it).

If I was investigating it I would start by finding some of the CCTV cameras in place and fire up kismet to check the details of the network (Things like channels and network security). When I knew what channel they are using I would lock Kismet to that channel to narrow the packets captured.

The network security in use would dictate the next step. If WEP then aircrack should give the network key in 5 to 10 minutes (Assuming ARP packets can be replayed).

If WPA-PSK then deauthing some of the attached devices should give is a handshake to be broken offline.

If WPA-Eneterprise then things get a bit more tricky and would require some further investigation.

[Building Your Own Secure Website/vds]

You could probably take some of the advice for running a hidden service in tor securely and apply it to just running on a machine on your local network. Things like running your webserver as a virutal machine where the host machine blocks almost all access from the virtual machine to the rest of your network would help prevent them attacking any of your local machines if they did manage to control the web server.

From an operating system for security point of view I would suggest that you check out OpenBSD, which has a very strong emphasis on security.

Really Apache would be a good webserver to use as it is regularly being patched and there is a lot of documentation for it and how to configure it.

[Building Your Own Secure Website/vds]

Ok, if you want to host the site anonymously so that people can connect to the site without knowing your IP then you are going to want to be looking at setting up a hidden service in something like I2P or tor. Getting a hidden service, really hidden is actually very difficult so you will want to read up on the documentation and tutorials. (Irongeek has quite a bit on i2p) and could be a good place to start to get a grounding on the subject.

[Ipv6]

First don't panic, IPv6 is actually not too difficult to start learning and using.

IPv6 Day was not about everyone migrating over to IPv6, but for a way to push large systems over to being available via IPv6 as well as IPv4. This lets them debug their systems with those who have an IPv6 connection to the internet. Exactly what you are wanting to do with your software.

Best bet is to look at setting up your local network to support IPv6 (Most OS's support this by default). Once you have the local network working with IPv6 then you can move on and get a tunnelled IPv6 connection (I use Hurricane Electric for mine). First get this tunnel working on a server that you can use as an IPv6 gateway (so best to avoid any being used for other important things, it doesn't need to be powerful - infact mine if running on a Raspberry Pi). Once you have that machine working with routeable IPv6 you can look at getting it to run as an IPv6 router for the rest of your network.

No detailed instructions I know, but there are plenty of tutorials online for these sort of things and hopefully it has given you enough to get started.

[Networking Gurus: Help With Chicken And Egg Vps + Vnc + Ssh + Firewall Problem]

As far as I am aware the tor browser bundle really consists of two parts, tor and preconfigure browser. Just make sure that you have the browser open while using tor as I suspect it might be configured to automatically turn off tor when you close the browser.

tor is effectively a socks proxy which listens on port 9050 by default. Any program that supports the use of a socks proxy will usually work fine with tor, though you may want to check how it resolves hostnames if you are really wanting to be secure.

What we are doing in the ssh config file is simply telling ssh that for a specific host we want to use the follow settings (hostname, user, protocol version and proxy). The key line for us is the poxycommand line, which effective tells ssh that we need to use a socks proxy (the -S option) that is found on port 9050 on the localhost.

The other bits on the proxycommand line that do things like make sure it is using IPv4 (the -4 option) and look up hostnames via to tor (The whole tor-resolve %h bracketed bit in the options).

[Networking Gurus: Help With Chicken And Egg Vps + Vnc + Ssh + Firewall Problem]

You could always just ssh into your VPS, OK I know port 22 is blocked for your outgoing connection but you can run ssh through tor just like you do for some of your other tools.

edit your ~/.ssh/config file and add the following (remebering to change the relevant host and username details)

Host mydomain
HostName mydomain.com
User myaccount
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Assuming you have the standard tor tools it should get you back in control of your VPS.

[Nfs Question]

Check the exported path from your nfs server is /mnt/Videos (This is going to be case-sensitive so check if it is an uppercase V or a lowercase v).

Remove the / from the end of /opt/The\ Lair\ FTP/Videos/ so that it is

10.50.0.100:/mnt/Videos /opt/The\ Lair\ FTP/Videos nfs rw,hard,intr 0 0

[Nfs Question]

Sorry, the first space should have been a colon.

192.168.1.2:/path/to/nfs/share /opt/vsftpd/FTPServer/share1 nfs rw,hard,intr 0 0

[Vmware Help, Please!]

To avoid the USB Bottleneck make sure you spread the devices evenly over the available USB Controllers rather than chain them off the one port.

Note most motherboards these days have a number of USB headers on them as well as the ports on the I/O plate at the back. You can get USB Back plates that will let you increase the number of USB controllers accessible (If your motherboard has 6 or more controllers then you might as well make use of them rather than push everything through two or three).

[Vmware Help, Please!]

If you do see high CPU usage from the machines then I would suggest checking if there is anything that you need to do to get 98 to idle the CPU. DOS and thus 95 and 98 use a loop to wait rather than halting the processor. This results in them taking up every cpu cycle available, which isn't a problem when they are the only OS running on the machine but can make it difficult to virtualise.

There did used to be quite a few CPU idle programs available for 98, but I don't know which will run fine under VMWare, so you might have to experiment a bit.

[Nfs Question]

Sure, just make directories for each share you want to mount in /opt/vsftpd/FTPServer and then mount them (add them to your fstab to get them mounted automatically when your machine starts)

e.g. to mount an nfs share from a NAS with IP of 192.168.1.2 (If you have DNS you can use the fully qualified domain name fro the host) as share1

mkdir /opt/vsftpd/FTPServer/share1
mount -t nfs 192.168.1.2:/path/to/nfs/share /opt/vsftpd/FTPServer/share1

and to auto mount on start you would add the following line to you fstab (Feel free to read up on the flags and pick those that you think will work best in your situation)

192.168.1.2:/path/to/nfs/share /opt/vsftpd/FTPServer/share1 nfs rw,hard,intr 0 0

If they are available as smb/cifs shares and not nfs shares then you would need to change the mount types from nfs to either cifs or smbfs. You will also need to change the flags/options you use to mount it to get things like permissions correct.

[My Lan Tap Maybe Outdated?]

Here is a useful little shell script that I put together to grab traffic off two interfaces and merge the capture files. It needs tcpdump to do the grabbing and mergecap to merge the two captures afterwards. Simply start the script passing it the two interfaces to capture and the output file you want to produce at the end. You will see to header lines from tcpdump, when you have finished capturing packets press CTRL+C and it will close down the two tcpdumps and then merge their output files.

Note: mergecap is part of wireshark so you will need that installed to use the script.

#!/bin/sh

#
# File: sniffLanTap
#
# Usage: sniffLanTap <Interface 1> <Interface 2> <Output File>
#
# Author: Jason Cooper
#
TMPFILE1="$(/bin/mktemp)"
TMPFILE2="$(/bin/mktemp)"

/usr/sbin/tcpdump -w $TMPFILE1 -s1500 -i $1 "$FILTER" &
TCPDUMP_BG=$!
/usr/sbin/tcpdump -w $TMPFILE2 -s1500 -i $2 "$FILTER"

kill $TCPDUMP_BG

/usr/sbin/mergecap -w $3 $TMPFILE1 $TMPFILE2

[Whats Up With These Forums Going Down Every 10 Minutes?]

As hinted at by Mr-Protocol and myself previously, until they fix the DNS you can add the following line to your hosts file (/etc/hosts on *nix or C:\Windows\system32\drivers\etc\hosts on windows)

50.28.75.68   forums.hak5.org

Of course you need to remember to remove the line once they have resolved the DNS issues or X years down the line when the forums IP address changes again you won't be able to access it.

Being able to statically defines some host to IP mappings can be very useful when playing with things, it also lets you realise how mad it would be to try to maintain large hosts files over multiple machines and just how useful DNS is.

[Ftp Read/write Permissions]

It sounds like pure-ftpd may be a better ftp daemon for this purpose vsftpd is quite easy for general ftp access for users with accounts on the machine or for anonymous ftp server but it can be awkward to do more complex setups.

With pure-ftpd's Virtual Users you should be able to have many ftp users that relate to just two accounts on the local machine. Just give all the admins one uid and the guests another. The read only local account will rely on the world part of the file system security, while the local ftp admin account will be the owner of the files. This would give you the option to have areas that only the admin accounts can access if you need it.

You should also be able to set up an upload directory where guest users can upload files but they can't be downloaded until a admin has checked them and moved them out of the upload directory.