Jump to content

hypnotoad

Active Members
  • Posts

    21
  • Joined

  • Last visited

Recent Profile Visitors

2,412 profile views

hypnotoad's Achievements

Newbie

Newbie (1/14)

  1. Can anyone suggest a good, low-cost wireless-N card that will support injection. My netbook's wireless card is an 802.11n card, but it has a RaLink chipset (rt3090), which supports neither monitor mode or injection, and the driver does not come with linux (well, ubuntu and BT4 at least). Ideally, I am looking for something compact and light. I looked at the alfa's and they seem really bulky. Cheers guys
  2. Yeah, portable putty doesn't work either. Basically, on the machines provided.. you cant do a sodding thing... not that It matters now, I have a new laptop now so I can install what I want. SSH turned out to be blocked, so I just went over port 443 ;) Thanks though.
  3. Actually, scrub that... just been looking. look@lan is basically defunct. however... the same company has a new product called Fing http://over-look.net/site/ I've not tried it out myself, however, i will give it a blast as soon as i can, looks good though
  4. For i while i used look@lan which was pretty good
  5. I no longer have access to my friends router for testing purposes. He PAID me £50 to secure it for him on the spot yesterday. I offered to do it for free, but he was really insistent on paying me.. who am I to turn down £50 for 5 mins work ;) I will see about getting one of these routers myself to carry on experimenting with this (plus I think there is a way to install a NG version of OpenWRT on it), but for now I would call this a closed topic... Thanks for advice digip
  6. I have been looking at the burp suite and it seems really good.. but the price for the pro version seems really steep. What alternatives are there that offer the same functionality? Or what tools would people suggest to add alongside the free version to make up for the missing features?
  7. Does anyone have any ideas?
  8. the entire log gets cleared... Yes it gets rid of the details but it's a little blunt, I would rather edit the log with a little finesse. Just editing out the entries would be less suspicious don't you think?
  9. Hey all I have been messing around on my friends network and I noticed that he has a very generic set up. Router: Netgear DG834N Wireless - ESSID: NETGEAR Enc: No IP Range 192.168.0.1/255 Router Login: DEFAULT. I let him know that it was perhaps not the best set up an offered to sort it out for him if he let me have a play around first. He agreed so now I have a question. I browsed to the router at 192.168.0.1 and tried to log in with all the usual admin/password combos and got in on my third try. After a little snooping I figured that I should check the logs: Sat, 2000-01-01 00:00:20 - Initialize LCP. Sat, 2000-01-01 00:00:21 - LCP is allowed to come up. Sat, 2000-01-01 00:00:22 - CHAP authentication success Sat, 2000-01-01 00:00:32 - Send out NTP request to time-g.netgear.com Sat, 2000-01-01 00:01:54 - Send out NTP request to time-h.netgear.com Fri, 2010-03-19 11:13:21 - Receive NTP Reply from time-h.netgear.com Fri, 2010-03-19 11:11:25 - Router start up Mon, 2010-03-22 09:13:21 - Send out NTP request to time-g.netgear.com Mon, 2010-03-22 09:14:23 - Send out NTP request to time-h.netgear.com Mon, 2010-03-22 09:14:24 - Receive NTP Reply from time-h.netgear.com Mon, 2010-03-22 10:20:53 - Administrator login successful - IP:192.168.0.53 This got me thinking about log deletion and covering tracks and how it is done. The only options that the router has are "Refresh","Clear Log" and "Send Log" I figured I could telnet into the router, but by default telnet is disabled. A google seach later and http://192.168.0.1/setup.cgi?todo=debug had enabled telnet. So I telnet(ted?) in to the router: BusyBox v1.00 (2006.10.04-06:55+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. # I type help to see what tools i already have to work with Built-in commands: ------------------- . : alias bg break cd chdir continue eval exec exit export false fg hash help jobs kill let local pwd read readonly return set shift times trap true type ulimit umask unalias unset wait # Now I went hunting for the log files and found them in /var/log there are two files "messages" and "syslog" I figured I would try and cat the "messages" log although cat was not in the list of tools and it worked, I can see the contents of the file which now shows an additional admin login entry from the running telnet session. At this point I am now stumped. Without nano or vi, how do I edit out those login entries? How could I go about adding tools and also enable telnet by default (telnet will turn off upon router reset)? I am using win7 on my netbook for this. I would use backtrack but it doesn't pick up my screen config and i can't be bothered messing with xorg.conf Any advice would be great guys
  10. Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P
  11. thanks guys. Any recommendations on a good fuzzing utility for win 7. Or is it something I would be better of doing by hand? What would be the pro's/con's of each?
  12. I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time. I don't know anything about exploit development, so i have a question. How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit.
  13. Okay, thanks for all your advice. I guess I'm going to have to SocEng my way in to a conversation with the IT Dept some how o.0
  14. I am trying to run PuTTy in their computers so I can SSH to my home machine and keep an eye on compiling code. I have checked the usage policy and it does not say anything at all about running other software.
×
×
  • Create New...