Mr-Protocol

Your post confuses me...

I'm not sure how old this individual is but I'm sure his parents have good reason to limit computer usage. Although the auto logout can be done with Windows SteadyState (which is free). My suggestion would be have a "mature" conversation with the parents. Or save up and buy your own computer. Fact is, if you are a minor and/or live under their house. You should probably follow their rules. Think for a second. If you are gaming for 2+ hours. You think they wont notice you've been gazing at the screen for 4+ hours? Parent's will pick up on it. Then you may end up with NO pc usage at all...

I see this as the best use for a hardware keylogger. Giving they use the same computer all the time. http://www.keyghost.com/USB-Keylogger.htm

This was posted on all the computer's monitors in a public library. How's this for a warning LOL.

Considering everyone has been posting their code here, I don't really understand the issue. It takes seconds to download the software and put it on the teensy. You just need to buy a http://www.pjrc.com/store/teensy.html, rubber duck, and a USB adapter. I got 3 USB adapters for a buck online. Rubber duck is like another buck. Teensy is 18.

That is pretty much the basic idea. Just make sure you get your + and -'s right on both ends. Or you will damage the fon. I personally went forging around at work and found an adapter that fit my font that was just the DC Power plug with 2 wires. So I dont have to cut my original fon PS. Also i got a battery holster i could use as well. I might make that have a USB F plug so i can choose USB power or battery.

If you are looking for security, VPN would probably be the best solution, Most home routers have some VPN capabilities. My question is, what are you trying to do? Remote access files? Remote-desktop like a VNC to click around? Or remote to say have a SSH for command line stuff?

I ran across this one before while looking for an alternative to the popular. It's a web-scanner not a network, my bad. Netsparker http://www.mavitunasecurity.com/communityedition/ http://sectools.org/vuln-scanners.html This one is the company that now owns metasploit. Metasploit is Rapid7's open source project. http://www.rapid7.com/vulnerability-scanner.jsp

Well the thing is, If you get some big bad antenna and have it cover the area. The laptop cards might not be strong enough to send back to the big bad antenna. The best solution I could see is using a few access points to make a Mesh wifi network. You can use openmesh.com solutions or use Cisco AP's. I have a Cisco 1200 AP and it has the ability to do mesh/repeat and all sorts of fun wifi stuff.

Yes they do, too bad they were not connecting to common ports. Are you retarded really? And to your big massive quote. It's called a WARNING BANNER. They click OK and they give up all rights of their data passing on my network. Try getting a little into forensic law like I have. Not to mention, no clue where you copy/pasted from. Anywho this has gone way off topic and I'm sure discussion is done. Mod should probly close/lock this thread.

Let's see... They were sending email spam via my network and I decrypted the emails that were on SMTP protocol and using PUBLIC base64 for encryption and noticed they were spam. It was a red flag of the content of my network and I looked into it like any network admin should. How is that illegal? It's not. I own the network, I own all the packets flowing through it. And yeah I got accounts. I'll admit it all day. Fact is... it's past the statute of limitations. It was Diablo II game accounts. Not US Gov't pentagon logins. So nothing can be done. Are you not familiar with the possibilities of the content on this forum? Pineapple, Interceptor, so on... Fact is, at least I do that sort of stuff (and I'm sure many others do) because we have an idea and a "what if this worked" kinda of thought. So we do it. Either way it's hackers/crackers that has MADE security what it is today. Not to mention, if you REALLY look at every copyright, every law, ever picture you "right click > save" you are breaking the law. It is almost impossible to not break any laws just from normal PC/internet usage. Just depends on the severity and whom really gives a damn about it? Will you be arrested by taking a picture from online and putting it as your background? No...

I have 2 of the Linksys WUSB600n version 1 and 2. They work pretty well. If you have windows 7 you dont need connectify because windows 7 makes a virtual adapter for sharing internet. Don't mind me... I'm drunk as hell right now.. but I can still type. Go me :D

I'm guessing we are out of boxes? Ok who will run Crunch and check for valid URLS? lol http://sourceforge.net/projects/crunch-wordlist/ Or one of those programs that use a dictionary and fills in the blanks. Like a Wheel of Fortune solver or Hang-man solver. lol root@bt:/pentest/passwords/crunch# ./crunch 50 50 -t www.HAK5.ORG/O@@@@@@ATIONONTH@@@ART@@@EMSSTRANG@@@ > /root/Hak5.txt A savvy programmer with some time on their hands could make a program to take O@@@@@@ATIONONTH@@@ART@@@EMSSTRANG@@@ and run a wordlist on it. Have some algorithm to retrofit words in the existing link and on matches log them to a file. Better yet. Have crunch run that string. Pipe it to another program that will check the string to make sure every character is accounted for as being "Part of a real word" from English dictionary.

Pretty sure the WOW traffic is encrypted. So not sure how doing MITM would help. I tried sniffing my own traffic when I used to play and there was no chance. The reason I stopped working on the Tor node (if you looked in security section of forum) is because my guess is that people were using my Tor node as a pivot point to spam emails. Not just any emails. Emails spoofed from Blizzard reguarding WoW account password change or whatever. Trying to get people to click their links. Not only that.. They were using stolen AOL accounts to SMTP command prompt to AOL's mail server to send the emails encrypted with BASE64. I decrypted and noticed wtf the emails said lol. Aside from that.. WAY back when, when blizzard had IRC chat enabled, I made the first (and probably only) account cracker that used the IRC login. The IRC login was the same credentials as the Diablo II accounts and any other account for that matter. I was targeting D2 LoD. I did manage to get a few accounts. Nothin worth wild too much. But they soon fixed it. In regards to the OP. Why not buy the Blizzard Authenticator if you keep getting "hacked"?

http://www.pjrc.com/teensy/td_keyboard.html Under "All Key Codes" KEY_TAB Normal Keys KEY_A KEY_B KEY_C KEY_D KEY_E KEY_F KEY_G KEY_H KEY_I KEY_J KEY_K KEY_L KEY_M KEY_N KEY_O KEY_P KEY_Q KEY_R KEY_S KEY_T KEY_U KEY_V KEY_W KEY_X KEY_Y KEY_Z KEY_1 KEY_2 KEY_3 KEY_4 KEY_5 KEY_6 KEY_7 KEY_8 KEY_9 KEY_0 KEY_ENTER KEY_ESC KEY_BACKSPACE KEY_TAB KEY_SPACE KEY_MINUS KEY_EQUAL KEY_LEFT_BRACE KEY_RIGHT_BRACE KEY_BACKSLASH KEY_NUMBER KEY_SEMICOLON KEY_QUOTE KEY_TILDE KEY_COMMA KEY_PERIOD KEY_SLASH KEY_CAPS_LOCK KEY_F1 KEY_F2 KEY_F3 KEY_F4 KEY_F5 KEY_F6 KEY_F7 KEY_F8 KEY_F9 KEY_F10 KEY_F11 KEY_F12 KEY_PRINTSCREEN KEY_SCROLL_LOCK KEY_PAUSE KEY_INSERT KEY_HOME KEY_PAGE_UP KEY_DELETE KEY_END KEY_PAGE_DOWN KEY_RIGHT KEY_LEFT KEY_DOWN KEY_UP KEY_NUM_LOCK KEYPAD_SLASH KEYPAD_ASTERIX KEYPAD_MINUS KEYPAD_PLUS KEYPAD_ENTER KEYPAD_1 KEYPAD_2 KEYPAD_3 KEYPAD_4 KEYPAD_5 KEYPAD_6 KEYPAD_7 KEYPAD_8 KEYPAD_9 KEYPAD_0 KEYPAD_PERIOD

I may be confused on what you are trying to do here. But why not boot from a live distro of Ubuntu or BackTrack (my personal fav) and copy the files directly from the USB drive to your NTFS volume? I see all these virtual machine copying you are doing as not needed. I have a problem because I hate VM Ware, VirtualBox does not allow drag and drop copy like that from Guest to Host. So I have an FTP setup on my PC and transfer files that way. I also use the FTP for saving or getting files when I'm not home. FileZilla Server

I use virtual boxes for everything

http://www.infosecramblings.com/backtrack/...-changesnessus/ Linked from: http://www.backtrack-linux.org/tutorials/

I will not be working on this any further. My ISP is angry and sent me an angry letter. In this letter it says to read the TOS and this and that blah blah multiple complaints. F**K them. I know it is probably from running the Tor node due to I caught some email spammers using it to send spam. And this is why when people try and use Tor for good, people gotta screw it up.

That link has good info but nothing new to me or stuff I've looked at. I haven't had much time to work on this more but the script I have currently stops a LOT of it. Eventually when I get time from Tekken 6 or hanging out with friends will I continue to work on blocking encrypted BitTorrent traffic.

You are running linux (Backtrack), as long as there is drivers. Anything is possible.

2 Post user so be weary. Is the source included? If not, hard to trust someone with just 2 posts. scan with VirusTotal.com I'll play with it if i get a DL link... Not to mention wrong forum section... This isnt really a "USB HACKS"

Very valid points. The encrypted data I found later was in TCP packets. I know they are torrent because I was running one. But essentially if I block DHT and tracker communications as well as finding the UDP packets to filter. There will be no initial handshake so no traffic in theory. I'm not sure what Sandvine is but I'm at work right now so I can't really start googling. But SOMETHING has to be un-encrypted to make the initial communication I would think. If nothing else i can stop tracker communications and that will waterfall to other torrent packets not working. According to the link, Tor does not allow UDP so filtering UDP is pointless? I will keep working on it to get at least a 90% or better solution. I still refuse to run a tor node and allow people to torrent off of it.

Ok I have tried to make offsets for the matching based off packet location but it didn't work out so well. There was some requests that put HTTP in front to thwart the more advanced filter. So using just the filters to hit key items without offset limitations works the best. With those filters, I let the tor node run for most of a day. I did not find any identification of BitTorrent activity other than remote computers trying to send to my tor node a BitTorrent handshake which is dropped as soon as my Ubuntu gets it. There was some encrypted packets which I could not identify, but from what I have seen on the packets I have looked at while making these filters; some of the data would be unencrypted and the rest could be encrypted. I'm not sure if the BitTorrent handshake must be sent unencrypted but I will try it on my system and see what I find. So I would like to say this script blocks a good ~99%-ish of BitTorrent activity. Script: http://docs.google.com/Doc?docid=0ARW_kKn3...qc2dq&hl=en Utorrent can randomize the port on every startup... I have installed Utorrent on my Ubuntu box now, Forcing encryption and finding a means of filtering those packets as you read... Wow... what a pain in the ass... BUT some data is readable... Mostly it's in UDP packets... The packet data (minus the UDP header info) starts either with d1:ad2 or d1:rd2 I think dependent on if it is an answer or request? The first packet has string "ping" recognizable which can be used to filter. Filter UDP packets matching a string "ping". There is also the string "find_node" and "target". Another string which I think might be the encryption type for Utorrent: 1:v4UT or 1:v4UTL depending on sent or received yet again. Not sure but it seems to be constant in at least this stream. Incoming packets has the Hex(13)BitTorrent Protocol string in it. (Should be dropped by PREROUTING filter) d1:ad2:id20:..'..7U.=0".,....E..9:info_hash20:gz..kk.=..@..6..JTlye1:q9:get_peers1:t8:....&>.R1:y1:qe d1:ad2:id20:..'..7U.=0".,....E..9:info_hash20:gz..kk.=..@..6..JTlye1:q9:get_peers1:t8:....&>.R1:y1:qe So there is some identifiable data there I could use for more filters to stop encryption as well. I will work on this more tomorrow pending time, and the desire to look through 100's of packets manually.

I'm not sure why the link for the router, but cool. I just got the Cisco/Linksys E2000 wireless router. It has a lot of features but nothing that can block BitTorrent (by default). I am a BitTorrent user myself. And some of the things I download might possibly be questionable, but when I'm giving my bandwidth for people to use as a proxy for IM, web, whatever they want; I refuse to want them to run BitTorrents. An after thought was using those filters to thwart all the traffic generated by BitTorrent in MITM. I guess it could be used if you are a parent and tech-savvy, to add those to the iptables of your home router (openWRT/DDWRT) to stop kids from using them? Whatever fits the purpose I suppose. If nothing else it is a great example of using string matching (the last one being hex-string matching) with iptables. The iptables MAN page will go more in detail with functions. string This modules matches a given string by using some pattern matching strategy. It requires a linux kernel >= 2.6.14. --algo bm|kmp Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris) --from offset Set the offset from which it starts looking for any matching. If not passed, default is 0. --to offset Set the offset from which it starts looking for any matching. If not passed, default is the packet size. --string pattern Matches the given pattern. --hex-string pattern Matches the given pattern in hex notation. The only changes I would make pertain to adding a --to offset. I may have to play with it more but adding a --to offset would limit it searching full packets. Which also the ability to use --from and --to makes it so you can match very specifically what you want to search for. I will update the first post and make note of changes with offsets here when I allow tor to run with no blocking to re-gather BitTorrent traffic to properly identify.