Alias
-
Posts
116 -
Joined
-
Last visited
Posts posted by Alias
-
-
In The Mac You Have a Root Password it act as a Admin of the Mac.In the Window We have Admin and In the Mac and Linux We have Root password Which Control the Whole System.The original way I published is the "detailed" method using NetInfo Manager. It is the same way you would reset any user's password on a Next computer. There is also a much quicker way to enable the root account using a menu item in NetInfo Manager.
to alleviate all the capital letters i am typing this in lowercase lettering.
-
First of all, this smells incredibly fishy as stated above.
Second of all, instead of asking us why don't you go and learn how todo it yourself.
Third, What programs run on the XP machines. For example do they have Microsoft Access from which you can run macros's that can spawn command prompt Windows. Also there was a new exploit released in the past week that can exploit an XP machine with Quicktime on it from a remote location.
-
Have a look at KON-BOOT, it was feature in Hak5 episode 518.
-
Personally I reckon you should fork out for a VPS... I bought mine for $30 USD for 6 months from Virpus Networks and they seem to be OK considering how cheap they are. You will have to manage the VPS yourself so make sure you know how to Linux before buying one as their is no control panel included in the cost.
If you really don't want to fork out there is always Tor or HotSpot Shield which are easy to setup however very, very slow.
-
http://wpacracker.com is really awesome but it's not guaranteed to work and it costs money for every pcap file you submit.
-
The WPA specification is about as indepth as you can get....
http://www.wi-fi.org/knowledge_center/wpa2
Problem is it's very, very boring to read.
-
If you're going to do key strengthening then at least use it properly. Doing what you have said above will certainly make the overall encryption key slightly stronger to brute force attacks however then if ever there is a weakness (and there are a few) in SHA256 then your key strengthening also breaks.
Overall it doesn't really matter your method will work fine however if you're encrypting something that you want to keep secret for say 20 years then it probably won't stand up.
Also on a side note, what you're saying will work however it would be much more secure if you looped the process say 100000 times, it's CPU and time consuming however a lot more secure. Or you could just replicate the chosen password 100000 times and then hash that cause if someone's trying to brute force the key then they'll have to deal with so much more data thus slowing the attack.
-
Also there is no such thing as AES-512. The largest block size developed at the moment is 256.
-
Correct if I am wrong, but I believe the USA defense force supercomputers are able to break the AES encryption?
Depends on which AES variant you're talking about, if it's AES-256 then academically, it's broken, however practically it's decades from being broken.
-
These spammers dun goofed.
-
I do agree however I think it's fantastic that they've managed to keep the show running despite the team being seperated by 1000's of kilometres/miles.
-
Disable logging?
-
Definately be interested. Also can you clarify on how you mean "abused"?
-
This might seem like a really stupid answer but why not just delete the logs?
-
Moral of the story people should consider upgrading their wireless security to a more effective one, like WAP and implement a very strong passphrase instead of a weak one.
Yeah but there a derps everywhere. I was living next to this guy who had his wireless setup with the ESSID of 'wireless' so I just downloaded the WPA tables from Offensive Security and within a few minutes I had his password. It was 'lovefishing' *facepalm* Turns out that one of those so called 'Computer Experts' had set him up with a wireless network for free neglecting to set it up properly.
-
Yes
-
I am really lovin Geany, it has multiple languages and some fantastic syntax highlighting which you can change depending on how you like your colours.
-
Actually I don't even think you need to crack the WEP key anymore. Tools like easside-ng and wesside-ng which are included in the aircrack-ng suite basically killed the need to crack a WEP key. It's a pretty fine line but it's not really cracking the network.
-
Mainly because I suspect that your basic human desire to stay alive and in one piece will over rule any cunning plans you can come up with to hide your data. From my experience this is always true. You can brag all you want, but your only human and that's your weak point.
Finally someone understands what the weakest link of a security system is.
-
Depends on how hard he's going to try and get the file. Instead of cracking your computer what he's more likely to do is smash the fuck out of you until you tell him the password. It'll be a lot easier and faster probably.
-
You know why it can't compile?
Cause it's Java, ooooooh Java burn :)
-
reverse_tcp + dyndns?
S'pose that would work, problem is they might be able to find out your contact details from the dyndns account and then from their, your facebook, twitter, myspace, hak5 account :P and then they know who you are.
-
I guess we can then tie in metasploit reverse shells, they are below the 32 bytes I think... although I think the reverse vnc is 36 bytes, but still, this method should help a lot.
First I reckon it would be better todo a bind_tcp instead of reverse cause if you IP address changes you won't be able to get back in the system unless you update the payload with your new IP address and then Ducky them again. Second I don't think these payloads will work if you have them coded straight into the C program and then execute them, usually you have to inject the payload into a running process. Not too sure about that, should probably check it out.
Maybe we should start a thread with a compilation of ideas or methods such as this?This is a good idea :P
-
Actually, thats a good idea, I will take a look at that in a bit.
Problem could potentially be space though?
Seb
You're right space could potentially be a problem but I know that Poison Ivy Rat server executables are only about 20KB depending on what you put in them. The Teensy documentation is woefully inaccurate on how much flash memory you get, it doesn't tell you whether the flash memory it contains is bits or bytes. My guess is it's bytes in which case you'll get approx 32 bytes. This should be more than enough for a Poison Ivy Rat installation, or a TCP backdoor, or any other small application.
Challenge
in Hacks & Mods
Posted
The Quicktime metasploit module has hit the servers. Get in quick before they patch it.
http://www.metasploit.com/modules/exploit/..._marshaled_punk