Infiltrator
-
Posts
4,287 -
Joined
-
Last visited
-
Days Won
22
Content Type
Profiles
Forums
Gallery
Events
Posts posted by Infiltrator
-
-
Windows 2003 is out of date and MS isn't supporting it anymore I believe. I would go with Windows Server 2008 instead, its a lot secure and stable too.
-
The IT company I work for, uses Forefront, its quite good, but I would recommend Avast for Enterprise, it will do a better job than MS Forefront.
-
The forum feels weird, will take me sometime to get used to it.
-
I don't know what you will be using the computer mainly for. But I would go with an i7 cpu and a high end mobo like the ASUS P9X79 Pro or Gigabyte GA-X79-UD. That's what I plan on getting for my new rig.
-
A proxy is what you need, it will not only provide/block access to the internet, but will also report any URL a specific user has accessed. This is the most effective way to control and keep an eye on what users access on the internet.
-
Some quick answers:
Only run services you actually need, ie turn off mysql if you don't need it.
Of the ones that are left, check what IP they are bound to and make sure it is what you expect, ie if you only use mysql locally don't let it bind to 0.0.0.0
Use good passwords
Disallow root login with ssh
Don't run as root, use sudo
Don't have networking starting automatically on a laptop, always know what the network is before you connect to it.
If you want to mess with firewalls then I recommend fwbuilder, it is a great gui for generating iptables rules.
Just adding a few more:
1) Keep your main OS and third party software up to date / patched.
2) If not using a network firewall appliance, use Comodo's Firewall
3) Do not open, attachments from unknown/insure sources
4) When setting a password, ensure it's long than 8 characters and it contains all the specials characters (1nN!!!@#$%%T^)
5) Use Virtual machines, to open attachments and programs from insecure sources.
6) Use Firefox and install NoScript, for added protection against malicious Javascript.
7) Use TrueCrypt to protect yourself against data theft.
-
There are several things that could be affecting your ping response.
1) BitTorrent downloading
2) Router (eg: Firmware/hardware)
3) Too many processes running in your computer
4) Windows/Third Party apps downloading updates.
5) Slow internet speeds will generally increase your ping response.
You will find that most of the time, your own internet speed is what is causing the high pings. Go to speedtest.net and do a test to determine your actual internet speed. Upgrading your internet plan could offer you a better ping result.
-
use aida32 or everest and it will show exactly what type of ram you have.
-
If the upload form doesn't let you upload your files, I would use the FTP instead. I know its a pain but since you can't use the upload folder due to the strict permissions, its the only way.
The other way would be to setup your own webserver at home, and security will have to be tight or else you will get all sort of attacks and people trying to get in.
-
I have a whole plan as to how this can work which involves international flights, wifi, coffee shops and hotels, local mifi and countries with limited IT law.
Buy me a drink at a conference if you want to know more
I see where you are going with this, a bit like a proxy chain, where your traffic bounces between different routers in different geographical locations. This could work, also if you used a VPN, it would make the tracing very challenging and difficult, since you are always on the go.
-
You can download the FileZilla server, from this link
Follow this wiki, on how to set it up
-
You can use OPhcrack to extract the hash.
-
It dosent work bro.. any other solution ? same problem here..
Thanks.
Might want to check, if SET is not saving the files into another directory.
-
I agree with Digip, whether W3C has good standards or not, it's quite a resourceful website for beginners to learn stuff from. It may not be the best website on the internet, but it certainly has helped me a lot, when I was learning PHP and it still helps when I forget how to do certain things.
-
Sir ,,can you give me brief introduction how to use hydra? or a link of tutorial? i searched all over the internet but they are hard to understand!
If you put a bit of effort, nothing it's hard.
Hydra for Linux:
http://www.securitytube.net/video/953
Hydra for Windows:
-
Try doing an update on SET, to see if that fixes the problem.
-
Apart from generating the MD5 collision attack, they also had to predict completely the certificate content that would've been signed by the CA. Which had to be identical, in order for the certificate to be valid.
-
I'm interested in a starting up a website and am just wondering how the code of the actual website (HTML, Javascript, etc) works with server-side scripting (PHP/MySQL, ASP(I think)). I'm trying to learn it all on the w3schools site, but finding it rather confusing.
Thanks for the help ahead of time.
Rather than trying to lean all at once, I would suggest to start from one end of the string then slowly progress to the other. First start with HTML, get to know the language, how it works, how you can use it to manipulate the way a page looks on your browser. Once you've decided you know enough about HTML, move onto Javascript.
Javascript can be a very confusing language to learn at first, so take your time to learn it and practice as you go along. As opposed to PHP or ASP, Javascript runs on the client's side or when the page is loaded by the browser, since it runs on the client's browser, it does NOT rely on a web server to run the code for you.
The good thing about HTML and Javascript, is that they don't require any server side configuration, its more like plug and play, you drop the code into your webpage and the browser executes it for you. As for PHP and ASP you will need a webserver such as IIS or Apache configured to serve .asp or .php pages.
If you want to learn how to develop dynamic webpages, I'd recommend PHP instead of ASP. From experience, its a lot easier to learn, also there are plenty of Tutorials and guides on the internet, which will make the learning experience for you, a good one.
-
There is a really good binder, in fact it's a lot more than just a binder, but one of the best for the moment.
If you head over the Hackforums.net, you will see what I mean.
-
I'd love to see the source code of this, kasperski stated that it would probably take 10 years to reverse engineer the whole thing.
Flame is certainly one of the most sophisticated worms ever created to date. The thing that fascinates me about this worm is not the complexity of it, is the actual size of the worm 20MB. No other worm has ever been this big in size.
The Flame authors must be really proud of themselves for creating a such highly advanced worm.
-
FIRST: The first HASHED line of code, "(this could be your external IP or hostname)". Can I use no-ip or other DNS instead of an IP Address here? For I have a Dynamic IP issue here. Since SET uses the IP to bind it to a HANDLER, where there is only REVERSE_TCP and no TCP_DNS.
If your external IP address is dynamic, than I'd use No-IP "hostname", if it's static I'd just use the IP.
THIRD: The last HASHED line that asks for a PORT, if I'm not wrong, this is the HANDLER's port?
Correct, when the target machine connects back to your attacker's machine, it will be looking for a port to connect to. The default port is 443 but it can be changed to any port you want.
LASTLY: I configured the SET_CONFIG to use a specific WEB_PORT, say '5555', but when this JavaAppletServer initializes, it speaks on 8080 and 8081. So how do I run CredentialHarvester along side when they both are on different ports?
It won't be possible to run both applications on the same ports, what you could do is have both apps running at the same time but on different ports.
-
http://www.grc.com/securitynow.htm Episode 355 and 357, Stuxnet seems to be wrote by the same authors as the newly found Flame Virus, its also thought to be a module for the Flame, this thing is sick, and the amount of effort put into this had to be Governmental and probably part of the 'Olympic Games'
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all , The Flame virus was originally thought to be written by a different group than Stuxnet ( http://www.crysys.hu/skywiper/skywiper.pdf Was first called skywiper by crysys, but a module in the reverse engineering process found a module called flame, therefore the new name.) but is now looking like its from the same author(s)http://www.forbes.com/sites/kenrapoza/2012/06/11/kaspersky-lab-same-countries-behind-stuxnet-and-flame-malware/. I've been following this for the last week and its really really interesting. I'd listen to those 2 episodes of that podcast if you want to know more about how it works.
There's still no proof that this was done by the US or Israel. I just find the technology behind it incredibly interesting. Makes me want to go into malware analysis lol.
There are only speculations, but the evidence isn't that solid. They still don't know who's really behind all these events. I've also read that the US President Barack Obama is behind all these Cyber-attacks. One thing for sure, is that these authors are certainly sponsored by the government.
First was Stuxnet, then Duqu now Flame what next. I think there is more to come.
-
Hmmmm...hydra...it's a mess ^m^
Yes it can be a mess, but its quite good from experience. It will also need a decent password list, to be successful in cracking the router's password.
-
Due to the Hak5 forum rules I can't say it out loud, but the http://www.hackforums.net will have what you are looking for.
Windows Server 2003 Vs. 2008
in Security
Posted · Edited by Infiltrator
MS can continue supportig it till 2015, but to me its old, I would stick with 2008 instead.