Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location

Recent Profile Visitors

2,032 profile views

oxley's Achievements


Newbie (1/14)

  1. This could be done with off the shelf industrial safety equipment. The one I currently use is as old as the hills, so I'm sure there newer and better units available (I think the manufacturer of mine is no longer) basically it is an RFID reader built into a power board and requires the operator to wear a RFID button, the reader looks for the button every few seconds, and if doesn't detect it, cuts the power. It also has a output to use as a trigger for an alarm etc. I have seen a demonstration of similar gear, but works with fall arresters. Could be hacked to trigger an electromagnet etc. We also use on the farms a device that looks like a ID card, but has GSM or 3G connectivity and can we can track the operators, and its has options to send an email or SMS if the operator go horizontal or stops moving for a set period of time.
  2. True Crypt (as far as I'm aware) is the one of the few multi platform tools to do this. Not being install is not and issue for Windows (don't have mac to test on and haven't tested on Linux) as its portable, Portableapps.com have a windows version,and there is instructions on the True Crypt site, which I just copy to the root of my USB, but I use Portableapps for all my USB sticks just to have all my utilities handy and automatic updates.
  3. Have you done a port scan to see what ports are responding?
  4. I like the multiforcer, as it allows a per-position charset file, which means I can target the most common combinations first. I will be testing shortly and might make this my next step after hashcat has failed with my dictionary files. The client-server setup also has given me a woody, this is something I could never get pyrite to do successfully. But I could just hope for another application with a MySQL backend, with a blank root password and users passwords stored in clear text, and knowing users are lazy and use a similar password on other systems... Ah that was a good week. I'm still not convinced about the rainbow tables, as the time required to generate and space to store, my current cracking machine is a mini-ITX with an i5, 8GB, 60GB SSD and a high end ATI card in Lian-li TU200 case with handle is very portable, and cost effective.
  5. I have also gone away from rainbow tables. I used to use them for sha1 encrypted passwords in database tables, but managing 100GB+ is a pain in the butt. Most sysadmins will agree with how lazy users and admins become, so my dictionary files are about 10MB and using hashcats rules, I my reasonably successful but then you only need one... With WPA/WPA2 unless its a default SSID (and then most time the password will be default) rainbow tables are useless.
  6. Yes it was a bit like that, I think there were a few characters merged into one,but some of us who where in the "scene" back in those days have a saying like the Americans refer to the 60's, if you can remember them, then you weren't there. I was in Sydney at the time and I remember it wasn't as cool as the Melbourne scene, but Melbourne was only train ride away. But some of the bigger names in "computers" (I don't think we ever used the term IT) had their offices here, and I can remember "dumpster diving" (which is a phrase I don't think we used as it was American) at Commodore in Lane Cove after school and building several C64's from parts, and anyone that could do a head alignment on the 1541(?) 5 1/4 disc drive had many friends. The computer markets at Sydney and Parramatta townhall in the early days were a great day out and good meeting place, but they went downhill when small retailers setup stalls and it all became cheap new junk instead of good second hand stuff. And I don't think phone phreaking was as big here, as we only had one phone provider, Telecom, and there was a SP bookie in just about every suburb that would give you their mate's phone number at Telecom in exchange for help in setting up his books on his TRS80. But my recollection of that era is a bit hazy, too many "party favors" and too many weeks without sleep trawling BBS's for information and paying out on the "teach me to hack" n00bs, and old age.
  7. Also using 32 bytes from a picture file makes the key re-creatable. One of the reasons they wanted keys (and soon they may go Yubi keys) was the site has several spoon fed precious employees that can't remember “complicated” passwords from one day to the next, heck, one office couldn't remember to hit the num lock before putting in the password of 123, and as everyone used the same account.... I think most of us have been down that track. The catalyst for this was a laptop was misplaced for a few months (not reported, also was shared amongst a department) with a 3G dongle and it wasn't until we got a very large invoice someone confessed to losing the laptop.
  8. It's a bit bigger than the previous releases. the Gnome 64bit torrent was lighting fast, the 32bit still goging.
  9. OK this maybe hypocritical of me, based on my one of posts on this topic, but I have been implementing some full disk encryption on few Linux laptops for some people, so I thought I would share my notes for general discusion and I'm open to any comments etc. Now one things is they didn't want to use LVM (don't ask)which is the default method when installing Ubuntu, and they wanted to have the option of having the /boot on a USB key (as you can't encrypt the /boot partition) and then use a key file, not a passphrase. So the general gist of what I did was to use an Ubuntu based live install and create the partitions before installing. Here are my rough notes, big props to Darren, Eighty of Dual Core and Chris Mooney based on what they did in episode 1106. Also some things were taking from other sites and I will reference them when I find them again. Boot from Ubuntu based live CD (tested with pepermint, mint 13 and all flavours of Ubuntu): Create a 512MB /boot on a USB key or at the start of the drive, it has been recommended to use ext2 on the USB key. Create a / partition but don't format at this point, also I use a swap file not a partiton (not covered in these notes) I used gparted for all this. Format a second USB key with the label “KEYS” <x> being the correct partition for the second USB key: sudo mkfs -t ext2 /dev/sd<x>1 sudo e2label /dev/sd<x>1 KEYS You may need to remove and replace the key so its mounted again, and I assume it mounts to /media/KEYS Creating a key File (a requirement was also to be able to recreate the same key if needed): dd if=/dev/random bs=1 count=32 of=/tmp/crypt.key or dd if=<picture.jpg> bs=1 count=32 skip=1024 of=/tmp/crypt.key Copy to the root of the USB key with the label “KEYS” (you'll see why in the crypttab file) From a terminal with sudo: (<x> is the / partition, crypt is the /dev/mapper device, mount is a temp mount point, I used /mnt/crypt) cryptsetup luksFormat /dev/sd<x> /media/KEYS/crypt.key cryptsetup -d /media/KEYS/crypt.key luksOpen /dev/sd<x> crypt mkfs.ext4 /dev/mapper/crypt INSTALL LINUX from the live cd, don't format the drives, use the “something else” option on the partitioning screen, and select the prepared partitions from the previous steps, you will get a warning about no swap and not formatting, but I’ve had no issues so far. And select, continue testing on completion. get the blkid UUID of /dev/sd<x> not /dev/mapper/crypt (learn't the hardway), blkid in a terminal will list all devices mkdir <mount> mount /dev/mapper/crypt <mount> mount <boot> /<mount>/boot/ eg (assuming /dev/sdb1 is the /boot partition) mount /dev/mapper/crypt /mnt/crypt mount /dev/sdb1 /mnt/crypt/boot/ chroot <mount> mount -t proc proc /proc mount -t sysfs sys /sys mount -t devpts devpts /dev/pts sudo apt-get update && sudo apt-get install cryptsetup edit /etc/Crypttab: # <target name> <source device> <key file> <options> crypt UUID=<blkid> /dev/disk/by-label/KEYS:/<keyfile> luks,keyscript=/lib/cryptsetup/scripts/passdev and then: update-initramfs -u and now you should be able to reboot, and find the system will not boot without either the USB key with the /boot partition or the USB key formatted with label KEYS and the key file. So far we have had no issue removing the USB key with the keyfile once the system has booted. And we have had only 1 problem laptop, which was a low end netbook that takes forever to boot. There were many reason why they wanted a key rather than a passphrase, but that’s a whole other discussion, and I haven’t passed this setup by any experts, so use at your own risk.
  10. I'm using a Alfa AWUS036NH with hostap and a eeepc running IPFire, all running fine, as well as my 3G dongle, once I worked out the usbtty and the init string, thank the maker for being old enough to remember the days of terminals and dial up modems.
  11. Very interested in this project, I have one MR3020 setup with Piratebox, which I'm trying to get logging set to see who's downloading what, as I can see some people will download "yeah_doggy_butt_secks_blonde.exe", so this seems a good way to distribute metasploit backdoors. I have 2 more on order and will be setting one like the minipwner project, so the third I would like to get something like jasager working.
  12. oxley


    From memory you’re like me, in Australia our ISP’s are too lazy or too stupid to offer this level of support. Most entry level and cheaper routers have a remote access option, eg you can access the management interface from the WAN interface, some routers like Billion also have an option to only allow this from a set subnet or for a set time period after a reboot. The 2wire seems to be the chosen replacement for ISP that used to punish customers with the Thompson range. They also use a “default” password, which is normally set by the ISP and is mostly a mangulation of the mac address, serial number (also used for default WPA key)or the users account name or number, or just a random 8 to 10 character string, and this seems to vary between ISP’s, a bit like the Thompson’s. The password maybe be stored in the flash RAM somewhere, and I would hope it is encrypted, but I have been proven wrong, I also have a suspicion that the ROM on these are modified for the ISP, so the default password could be hard coded. I also believe the 2wire doesn’t run a linux variation or something that can easily hacked or modded, so unless there is diag feature, which I doubt as these are cheaply mass produced and are a throw away, rather than repair item, you may be out of luck. Unless you are handy with a soldering iron and know how to dump the ROM contents, or you could try a factory reset, but that would lose or your settings etc.
  13. oxley


    Not a big fan of disk encryption, I saw a talk at conference on the topic of rubber hose or gitmo decryption, which is basically if you have something on your encrypted disk that I want, I may decide to take you out the back and extract the key the painful way, if you get my drift.
  14. Also have a look at the work done by Matt Weir, look at his Defcon and Shmoocon talks over the last few years, and his website has a few JTR rules for more “user” type password mangles, and from that information build your own dictionary. Like Matt I have found most dictionaries found on the interwebs are full of crap and duplicate entries. Download a simple dictionary file from a site http://wordlist.sourceforge.net/ and then mangle it with JTR, eg add 01 to 99 to the end, or a list of year from say 1930 to 2012 etc. Most admins know users have passwords like soccer11, welcome1, bear2009, or if it’s a company you made need to look at a more complicated mangle such as N1pp0n, but start with easiest first. It takes time, patience and a bit of thinking, which is the difference between a successful pentester and a script kiddie, in my humble opinion. I should add that if the access point was supplied by a telco such as Bigpond, the WPA key is a hashed mash of the serial number and the MAC address, there are plenty of tools for the old Thompson router/Modems, but they changed the formula for the 2Wire and netcomm’s , and those that have worked it out are keeping that information close to their chest, so in other words you may be in for a long wait, or boned.
  15. Yep its a fine line and open to interpretation,what if I was of a particular background and I had a flight sim installed and google maps bookmarked? That could potentially see me off on a very unpleasant trip, heck I could be off on that trip just by talking about it.
  • Create New...