iisjman07
-
Posts
59 -
Joined
-
Last visited
-
Days Won
1
Posts posted by iisjman07
-
-
Thanks for the reply, downloading now...
-
I want to download a linux distro full of holes, so I can work on my skills in pen testing. I've been meaning to download Damn Vulnerable Linux, but notice that according to DistroWatch, it's been discontinued. Is this still a good platform to work with or is there anything better?
-
Is the local Admininstrator account password protected? Are all machines protected from use of konboot/ophcrack, etc?
-
On my linux systems (these are just home machines):
-disable ssh to prevent brute force attacks
-disable remote desktop
-enable ufw
-use a strong root password and don't use the root account
-enable automatic security updates
On my windows systems which I manage for myself and family:
-microsoft security essentials to proactively block malware
-malwarebytes for on demand scanning
-windows firewall
-automatic windows updates & manual checks
-prey in case of theft
-every now and then run ninite to auto update flash/java/browser
Router:
-strong admin password
-WPA or better encryption which a non dictionary key
-hardware firewall enabled
-
Morning Hak5 forum-goers, I recently started hacking and playing around on Macs. I was wondering if there is a similar tool to fgdump that can be used on the Mac. Right now I have physical access to a mac server which is managing the student and teacher user accounts at my local school - the machine is behind a locked door (which I have access to), but left logged in as an administrator, so I could run any external applications I need to and have full access to the network. I was hoping somebody might have an idea so that I could dump password hashes or something similar, but hacking about with Macs is new territory. Any help is greatly appreciated :).
-
does any one know how to find/hack the user name and passwords of the user accounts in a network
Yes.
-
Question 1. How long does a grep command take? I am following alone with a Linux book and was told to try grep, but it has been over 5 minutes now. Also how do I stop a command that is stuck or taking to long to process?
Grep shouldn't take long to complete; it depends in what situation you're using it. Please post the command you run which is taking a long time.
-----------------------------------------------------------------------------------------------------------------------------
How I currently have to stop bad commands is by stopping the VM player. I am guessing there is a way to force stop commands and processes like ctrl+Alt+Delete in windows. Can anyone help with this?
You should be able to stop a runaway command by pressing CTRL+C in the terminal window. If you want a CTRL+ALT+DELETE style method, you could run the command 'top' which will show the most system intensive processes, note down the PID (Process ID), then use the 'kill' command to kill of the screwey processes
-
One thing that people often forget to stop/can't stop because students need it, is the ability to create & run macros in excel. Using macros you can read/edit the registry (try removing some registry values to get around restrictions), launch command prompts, and more fun stuff.
-
MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels.
http://www.networkworld.com/news/2011/082411-mit-tep-250077.html?source=nww_rss
-
I don't know how to stop powering the device, but as long as the file system is unmounted then you shouldn't suffer data corruption
-
I just found an article on Network Security written by the Open University:
http://openlearn.open.ac.uk/mod/oucontent/view.php?id=399423
Only had a chance to give it a quick look-over, but looks reasonably good
-
I'd agree, the questions seem a bit basic. Let me know if you update them and I'll do the new survey
-
Not sure where I heard it but I tell this to concerned customers as I work in a computer shop: choose something you can't remember and then don't write it down
-
You may want to try this software: http://www.crackpassword.com/products/prs/mswin/efs/, it's not free but Google is always a friend
-
ShareScan is a free utility that enables IT security personnel to identify open Windows file shares available on the internal network. This tool can help administrators identify systems that have wide open permissions or no permissions — potential vulnerabilities that should be remediated.
Just a small little (windows :() utility to scan network ranges for open shares. Thought it might come in handy.
-
Valve just issued a press release announcing Counter-Strike: Global Offensive, a standalone release that seems to be a full update of Counter-Strike: Source with new weapons, maps, matchmaking, leaderboards, and more. No screenshots have been released, but from Valve’s language, it seems like more of an “anniversary edition” of CS:S that dresses up the existing content than a full-on sequel. CS:GO will also be released on Xbox Live Arcade and the PlayStation Network. Read the full press release within.
http://www.pcgamer.com/2011/08/12/valve-announces-counter-strike-global-operations-playable-at-pax/
-
Could be for wireless credit card terminals?
-
600MB? Daaaamn I'm gonna need a bigger SD card :D
-
I love the way he was just doing his job :). And who labels their Ophcrack cd 'Ophcrack XP Live CD'; I always call mine 'Lady Gaga' to avoid suspicion
-
Just watched HakTip 1, and I though it was great! Quick, to the point, and all the terms were explained very nicely and simply. Woot! How did you like the HakTip?
-
Just tried this on my fresh ubuntu 11.04 installation; it works pretty well, thanks! Much easier than typing loads of commands :)
-
-
I have a friend who has asked me to test the security of his wireless network. I assumed this would be relatively simple, but it's one of those networks in which instead of having an encryption key, it has a landing page whih you need to login to. I'm not sure how to test this, anyone done it before? Basically the objective is to get internet access without logging in; all I know at the moment is that pinging an outside host will resolve that hosts IP address successfully.
-
BitDefender released a tool today (or yesterday) that removes all known variants: http://technibble.com/forums/showthread.php?t=20949
Secure Erase Alternitive
in Security
Posted · Edited by iisjman07
Yes your idea about creating a very large file is basically correct, but because the file system is in use and the operating system is running, the amount of free disk space will vary slightly all the time, meaning the data you wanted to get overwritten may not get overwritten. You can do this yourself using the 'dd' command (there's no timer or anything so settle in as it may take a while), although I think this is pretty much all that Disk Utility does anyway:
That will create a file in the / directory and call it 'huge.file', then fill it with nothing but zeroes from '/dev/zero' until the disk runs out of space (using a block size of 512). When the dd operation is completed and the drive is full, the next part of the command will delete the huge file to free the space again.