Jump to content

hypnotoad

Active Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by hypnotoad

  1. Can anyone suggest a good, low-cost wireless-N card that will support injection. My netbook's wireless card is an 802.11n card, but it has a RaLink chipset (rt3090), which supports neither monitor mode or injection, and the driver does not come with linux (well, ubuntu and BT4 at least). Ideally, I am looking for something compact and light. I looked at the alfa's and they seem really bulky. Cheers guys
  2. Yeah, portable putty doesn't work either. Basically, on the machines provided.. you cant do a sodding thing... not that It matters now, I have a new laptop now so I can install what I want. SSH turned out to be blocked, so I just went over port 443 ;) Thanks though.
  3. Actually, scrub that... just been looking. look@lan is basically defunct. however... the same company has a new product called Fing http://over-look.net/site/ I've not tried it out myself, however, i will give it a blast as soon as i can, looks good though
  4. For i while i used look@lan which was pretty good
  5. I no longer have access to my friends router for testing purposes. He PAID me £50 to secure it for him on the spot yesterday. I offered to do it for free, but he was really insistent on paying me.. who am I to turn down £50 for 5 mins work ;) I will see about getting one of these routers myself to carry on experimenting with this (plus I think there is a way to install a NG version of OpenWRT on it), but for now I would call this a closed topic... Thanks for advice digip
  6. I have been looking at the burp suite and it seems really good.. but the price for the pro version seems really steep. What alternatives are there that offer the same functionality? Or what tools would people suggest to add alongside the free version to make up for the missing features?
  7. Does anyone have any ideas?
  8. the entire log gets cleared... Yes it gets rid of the details but it's a little blunt, I would rather edit the log with a little finesse. Just editing out the entries would be less suspicious don't you think?
  9. Hey all I have been messing around on my friends network and I noticed that he has a very generic set up. Router: Netgear DG834N Wireless - ESSID: NETGEAR Enc: No IP Range 192.168.0.1/255 Router Login: DEFAULT. I let him know that it was perhaps not the best set up an offered to sort it out for him if he let me have a play around first. He agreed so now I have a question. I browsed to the router at 192.168.0.1 and tried to log in with all the usual admin/password combos and got in on my third try. After a little snooping I figured that I should check the logs: Sat, 2000-01-01 00:00:20 - Initialize LCP. Sat, 2000-01-01 00:00:21 - LCP is allowed to come up. Sat, 2000-01-01 00:00:22 - CHAP authentication success Sat, 2000-01-01 00:00:32 - Send out NTP request to time-g.netgear.com Sat, 2000-01-01 00:01:54 - Send out NTP request to time-h.netgear.com Fri, 2010-03-19 11:13:21 - Receive NTP Reply from time-h.netgear.com Fri, 2010-03-19 11:11:25 - Router start up Mon, 2010-03-22 09:13:21 - Send out NTP request to time-g.netgear.com Mon, 2010-03-22 09:14:23 - Send out NTP request to time-h.netgear.com Mon, 2010-03-22 09:14:24 - Receive NTP Reply from time-h.netgear.com Mon, 2010-03-22 10:20:53 - Administrator login successful - IP:192.168.0.53 This got me thinking about log deletion and covering tracks and how it is done. The only options that the router has are "Refresh","Clear Log" and "Send Log" I figured I could telnet into the router, but by default telnet is disabled. A google seach later and http://192.168.0.1/setup.cgi?todo=debug had enabled telnet. So I telnet(ted?) in to the router: BusyBox v1.00 (2006.10.04-06:55+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. # I type help to see what tools i already have to work with Built-in commands: ------------------- . : alias bg break cd chdir continue eval exec exit export false fg hash help jobs kill let local pwd read readonly return set shift times trap true type ulimit umask unalias unset wait # Now I went hunting for the log files and found them in /var/log there are two files "messages" and "syslog" I figured I would try and cat the "messages" log although cat was not in the list of tools and it worked, I can see the contents of the file which now shows an additional admin login entry from the running telnet session. At this point I am now stumped. Without nano or vi, how do I edit out those login entries? How could I go about adding tools and also enable telnet by default (telnet will turn off upon router reset)? I am using win7 on my netbook for this. I would use backtrack but it doesn't pick up my screen config and i can't be bothered messing with xorg.conf Any advice would be great guys
  10. Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P
  11. thanks guys. Any recommendations on a good fuzzing utility for win 7. Or is it something I would be better of doing by hand? What would be the pro's/con's of each?
  12. I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time. I don't know anything about exploit development, so i have a question. How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit.
  13. Okay, thanks for all your advice. I guess I'm going to have to SocEng my way in to a conversation with the IT Dept some how o.0
  14. I am trying to run PuTTy in their computers so I can SSH to my home machine and keep an eye on compiling code. I have checked the usage policy and it does not say anything at all about running other software.
  15. ok, i'll try that when next I have the chance. would it not simply be a case of telling the client (in my case Putty) to just use SSH over an allowed port like 80. Correct me if I'm wrong, I'm quite the n00b.
  16. I'm just trying to SSH into my home box to keep an eye on running processes. (it would be nice to be able to tunnel past the draconian web filter as well) When you say a Java SSH client mean it is a .jar file or an executable written in Java? I'm sure how tight the restrictions in place actually are. What should I check that might help me move forward?
  17. Does anyone have any information on how to get around software restriction policies? I've been trying to use Putty in my local library to continue working on things at home, but I keep getting an error saying to ask the admin to allow it. the problem is, the computers in the library are all administered by the local city council, and getting it touch with someone to explain my needs, is impossible (IT support is a closed department and non-contactable by the general public) cheers guys
  18. I was wondering if anyone knows of any partition-based destruction techniques. I am aware of tools such as DBAN, and OS based tools for file destruction. Correct me if I am wrong, but would the destruction of an entire partition be a more effective technique? I'll admit I don't know a great deal on the subject. About all I know is that DBAN writes the disk with '0's' over and over (i think) any advice would be really helpful :)
  19. Hey all, I'm new here and thought I'd introduce myself with a question. I'm currently teaching myself to write shell scripts and, if I'm honest, I'm not doing to well. I cant figure out how to call another program from with in my script. What I am trying to achieve is an interactive script for using the aircrack-ng suite. My stumbling block is where I want to call airmon-ng and extract the wireless devices it finds as variables and present them to the user in a numbered list: 1: ath0 2: wifi0 3: wlan0 etc.... I have tried function airmon-ng { /pentest/wireless/aircrack-ng/./airmon-ng } ~ ~ ~ ~ read response if response= then function airmon-ng fi but nothing happens. Can anyone offer any advice on how I could achieve this? I have a feeling i will need to do something like ./airmon-ng | nano file and then parse the file with sed or awk to extract the device names and pass them to the script as options for the user. (I hope there is an easier way.... sed and awk scare me..... i'm stoopid!) If anyone can advise me, i'd be really grateful :)
×
×
  • Create New...