oxley
-
Posts
25 -
Joined
-
Last visited
Posts posted by oxley
-
-
True Crypt (as far as I'm aware) is the one of the few multi platform tools to do this.
Not being install is not and issue for Windows (don't have mac to test on and haven't tested on Linux) as its portable, Portableapps.com have a windows version,and there is instructions on the True Crypt site, which I just copy to the root of my USB, but I use Portableapps for all my USB sticks just to have all my utilities handy and automatic updates.
-
Have you done a port scan to see what ports are responding?
-
I like the multiforcer, as it allows a per-position charset file, which means I can target the most common combinations first.
I will be testing shortly and might make this my next step after hashcat has failed with my dictionary files.
The client-server setup also has given me a woody, this is something I could never get pyrite to do successfully.
But I could just hope for another application with a MySQL backend, with a blank root password and users passwords stored in clear text, and knowing users are lazy and use a similar password on other systems...
Ah that was a good week.
I'm still not convinced about the rainbow tables, as the time required to generate and space to store, my current cracking machine is a mini-ITX with an i5, 8GB, 60GB SSD and a high end ATI card in Lian-li TU200 case with handle is very portable, and cost effective.
-
I have also gone away from rainbow tables.
I used to use them for sha1 encrypted passwords in database tables, but managing 100GB+ is a pain in the butt.
Most sysadmins will agree with how lazy users and admins become, so my dictionary files are about 10MB and using hashcats rules, I my reasonably successful but then you only need one...
With WPA/WPA2 unless its a default SSID (and then most time the password will be default) rainbow tables are useless.
-
"Based on a true story. Only the names, dates and facts have been changed"
Yes it was a bit like that, I think there were a few characters merged into one,but some of us who where in the "scene" back in those days have a saying like the Americans refer to the 60's, if you can remember them, then you weren't there.
I was in Sydney at the time and I remember it wasn't as cool as the Melbourne scene, but Melbourne was only train ride away.
But some of the bigger names in "computers" (I don't think we ever used the term IT) had their offices here, and I can remember "dumpster diving" (which is a phrase I don't think we used as it was American) at Commodore in Lane Cove after school and building several C64's from parts, and anyone that could do a head alignment on the 1541(?) 5 1/4 disc drive had many friends.
The computer markets at Sydney and Parramatta townhall in the early days were a great day out and good meeting place, but they went downhill when small retailers setup stalls and it all became cheap new junk instead of good second hand stuff.
And I don't think phone phreaking was as big here, as we only had one phone provider, Telecom, and there was a SP bookie in just about every suburb that would give you their mate's phone number at Telecom in exchange for help in setting up his books on his TRS80.
But my recollection of that era is a bit hazy, too many "party favors" and too many weeks without sleep trawling BBS's for information and paying out on the "teach me to hack" n00bs, and old age.
-
Also using 32 bytes from a picture file makes the key re-creatable.
One of the reasons they wanted keys (and soon they may go Yubi keys) was the site has several spoon fed precious employees that can't remember “complicated” passwords from one day to the next, heck, one office couldn't remember to hit the num lock before putting in the password of 123, and as everyone used the same account....
I think most of us have been down that track.
The catalyst for this was a laptop was misplaced for a few months (not reported, also was shared amongst a department) with a 3G dongle and it wasn't until we got a very large invoice someone confessed to losing the laptop.
-
It's a bit bigger than the previous releases.
the Gnome 64bit torrent was lighting fast, the 32bit still goging.
-
OK this maybe hypocritical of me, based on my one of posts on this topic, but I have been implementing some full disk encryption on few Linux laptops for some people, so I thought I would share my notes for general discusion and I'm open to any comments etc.
Now one things is they didn't want to use LVM (don't ask)which is the default method when installing Ubuntu, and they wanted to have the option of having the /boot on a USB key (as you can't encrypt the /boot partition) and then use a key file, not a passphrase.
So the general gist of what I did was to use an Ubuntu based live install and create the partitions before installing.
Here are my rough notes, big props to Darren, Eighty of Dual Core and Chris Mooney based on what they did in episode 1106.
Also some things were taking from other sites and I will reference them when I find them again.
Boot from Ubuntu based live CD (tested with pepermint, mint 13 and all flavours of Ubuntu):
Create a 512MB /boot on a USB key or at the start of the drive, it has been recommended to use ext2 on the USB key.
Create a / partition but don't format at this point, also I use a swap file not a partiton (not covered in these notes)
I used gparted for all this.
Format a second USB key with the label “KEYS”
<x> being the correct partition for the second USB key:
sudo mkfs -t ext2 /dev/sd<x>1
sudo e2label /dev/sd<x>1 KEYS
You may need to remove and replace the key so its mounted again, and I assume it mounts to /media/KEYS
Creating a key File (a requirement was also to be able to recreate the same key if needed):
dd if=/dev/random bs=1 count=32 of=/tmp/crypt.key
or
dd if=<picture.jpg> bs=1 count=32 skip=1024 of=/tmp/crypt.key
Copy to the root of the USB key with the label “KEYS” (you'll see why in the crypttab file)
From a terminal with sudo:
(<x> is the / partition, crypt is the /dev/mapper device, mount is a temp mount point, I used /mnt/crypt)
cryptsetup luksFormat /dev/sd<x> /media/KEYS/crypt.key
cryptsetup -d /media/KEYS/crypt.key luksOpen /dev/sd<x> crypt
mkfs.ext4 /dev/mapper/crypt
INSTALL LINUX from the live cd, don't format the drives, use the “something else” option on the partitioning screen, and select the prepared partitions from the previous steps, you will get a warning about no swap and not formatting, but I’ve had no issues so far.
And select, continue testing on completion.
get the blkid UUID of /dev/sd<x> not /dev/mapper/crypt (learn't the hardway), blkid in a terminal will list all devices
mkdir <mount>
mount /dev/mapper/crypt <mount>
mount <boot> /<mount>/boot/
eg (assuming /dev/sdb1 is the /boot partition)
mount /dev/mapper/crypt /mnt/crypt
mount /dev/sdb1 /mnt/crypt/boot/
chroot <mount>
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts
sudo apt-get update && sudo apt-get install cryptsetup
edit /etc/Crypttab:
# <target name> <source device> <key file> <options>
crypt UUID=<blkid> /dev/disk/by-label/KEYS:/<keyfile> luks,keyscript=/lib/cryptsetup/scripts/passdev
and then:
update-initramfs -u
and now you should be able to reboot, and find the system will not boot without either the USB key with the /boot partition or the USB key formatted with label KEYS and the key file.
So far we have had no issue removing the USB key with the keyfile once the system has booted.
And we have had only 1 problem laptop, which was a low end netbook that takes forever to boot.
There were many reason why they wanted a key rather than a passphrase, but that’s a whole other discussion, and I haven’t passed this setup by any experts, so use at your own risk.
-
I'm using a Alfa AWUS036NH with hostap and a eeepc running IPFire, all running fine, as well as my 3G dongle, once I worked out the usbtty and the init string, thank the maker for being old enough to remember the days of terminals and dial up modems.
-
Very interested in this project, I have one MR3020 setup with Piratebox, which I'm trying to get logging set to see who's downloading what, as I can see some people will download "yeah_doggy_butt_secks_blonde.exe", so this seems a good way to distribute metasploit backdoors.
I have 2 more on order and will be setting one like the minipwner project, so the third I would like to get something like jasager working.
-
I've never seen that before, can an ISP really have control over your router! I thought only the end users, could access the router NOT the ISP.
From memory you’re like me, in Australia our ISP’s are too lazy or too stupid to offer this level of support.
Most entry level and cheaper routers have a remote access option, eg you can access the management interface from the WAN interface, some routers like Billion also have an option to only allow this from a set subnet or for a set time period after a reboot.
The 2wire seems to be the chosen replacement for ISP that used to punish customers with the Thompson range.
They also use a “default” password, which is normally set by the ISP and is mostly a mangulation of the mac address, serial number (also used for default WPA key)or the users account name or number, or just a random 8 to 10 character string, and this seems to vary between ISP’s, a bit like the Thompson’s.
The password maybe be stored in the flash RAM somewhere, and I would hope it is encrypted, but I have been proven wrong, I also have a suspicion that the ROM on these are modified for the ISP, so the default password could be hard coded.
I also believe the 2wire doesn’t run a linux variation or something that can easily hacked or modded, so unless there is diag feature, which I doubt as these are cheaply mass produced and are a throw away, rather than repair item, you may be out of luck.
Unless you are handy with a soldering iron and know how to dump the ROM contents, or you could try a factory reset, but that would lose or your settings etc.
-
Encryption is all you really need, although it will not do you much good if the system is vulnerable to attack. Firewire has direct access to RAM...
Not a big fan of disk encryption, I saw a talk at conference on the topic of rubber hose or gitmo decryption, which is basically if you have something on your encrypted disk that I want, I may decide to take you out the back and extract the key the painful way, if you get my drift.
-
Also have a look at the work done by Matt Weir, look at his Defcon and Shmoocon talks over the last few years, and his website has a few JTR rules for more “user” type password mangles, and from that information build your own dictionary.
Like Matt I have found most dictionaries found on the interwebs are full of crap and duplicate entries. Download a simple dictionary file from a site http://wordlist.sourceforge.net/ and then mangle it with JTR, eg add 01 to 99 to the end, or a list of year from say 1930 to 2012 etc.
Most admins know users have passwords like soccer11, welcome1, bear2009, or if it’s a company you made need to look at a more complicated mangle such as N1pp0n, but start with easiest first.
It takes time, patience and a bit of thinking, which is the difference between a successful pentester and a script kiddie, in my humble opinion.
I should add that if the access point was supplied by a telco such as Bigpond, the WPA key is a hashed mash of the serial number and the MAC address, there are plenty of tools for the old Thompson router/Modems, but they changed the formula for the 2Wire and netcomm’s , and those that have worked it out are keeping that information close to their chest, so in other words you may be in for a long wait, or boned.
-
There has been a great deal of debate in the USA on what legally constitutes "Obscenity" going back to the 1960s when US Supreme Court Justice Potter Stewart famously said "I know it when I see it" to describe his threshold test for pornography. The language used in the various laws which Congress has passed since then have done little to make it any less subjective. Furthermore, many of the laws governing child pornography in the USA are utterly broken.
At one talk I saw a couple years ago (I think it was at The Next HOPE, but I can't seem to find it) the speaker went into detail describing how the child pornography laws in the USA possibly even not constitutional. For example, if an image or video is suspected of depicting an underage model it is up to the accused (the person found to be in possession of the image or video) to provide proof that the model was of a legal age at the time of recording. Notice, it is not up to the prosecutor to prove that the model is underage, as is normally the case. The accused must somehow track down the model or person(s) who produced the recording and procure evidence in their defense that the model is of a legal age. That whole "innocent until proven guilty" thing is just thrown out the window entirely if the judge hears the magic words, "kiddie porn".
Yep its a fine line and open to interpretation,what if I was of a particular background and I had a flight sim installed and google maps bookmarked? That could potentially see me off on a very unpleasant trip, heck I could be off on that trip just by talking about it.
-
Reaver also sometimes requires some tweaking, I found one access point (can’t remember the model etc) that locked out for 5 minutes after 3 wrong attempts, took me almost a week to crack it, I had to put waits per 3 attempts and pauses between each attempts, but I have also found some will allow the “ignore lockouts” switch.
-
The whole topic is very loaded, my normal response to when someone says “that’s illegal”, “this is illegal” (this cursed, that is cursed) I ask them to back up the statement with documentation.
Now with a computer repairer “finding” eg kiddie porn on a customer’s PC, the phrase, which should be well known to anybody in any type of security role is “chain of custody”, e.g. prove that the customer “acquired” it, especially when the PC has been in someone else’s possession, which could backfire.
Now ya’all being majority Americans, the most litigious country in the world, would also have to look a civil case for breach of privacy policy, breach of trust etc, and also as others have mentioned the reputation of the repairer, so any person hunting for “illegal” whatever on someone’s computer would have to be either very careful, not like their customers or business, or be lacking in a few brain cells.
-
To put it in language that the Americans can under stand, Vegemite is da bomb man!
Every house in Australia has to have a jar of Vegemite, it is the law!
Vegemite on toast is great hang over preventer before going to bed, due to the high Vitamin B content. Its a great emergency food as it lasts forever, I keep a jar in my tool box in case I get caught out on site for extended periods, plain Vegemite sangers, every aussie kid had those when growing up.
It can be used to make gravy with corn flour when on tour outback, goes great with kangaroo as well, mmm kangaroo chunks in Vegemite gravy, high in protein and low in fat.
But I can understand why Americans don't like it, the few times I've been there the food is very bland, but they love the condiments, you can have beef or chicken only, but there are a thousand sources you have with it.
-
Something like that would be useful in a large support environment, maybe to keep track of common problems and solutions and predict trends, but I could not see it in a one man show.
When I worked at MS and the good old days of SP2 on NT 4.0 wiped everyone's IP stack, by the end of the first week everyone was aware of the issue and the solution and could bag and tag calls with minutes rather than having to go through any long diagnosis procedure.
-
I'm curious as to why Darren choose to base his new build off of Proxmox instead of ESXi. A few seasons ago he was an avid ESXi supporter. I wonder, you know, besides the "just cause" reason. Did I miss the comparison and reasoning possibly?
I thought it was Matt that was the VMWare fan, Darren was always on about VirtualBox.
ESXi is very picky about hardware, where proxmox being based on Debian is a little more forgiving, but then anyone who uses a GUI should check their manhood, cli kvm all the way baby!
-
I never really got the whole ethical hacker thing, who's measuring stick are we using?
Any uninvited penetration of a computer system that could put you in a cell with Bubba and Ben Dover, dealing with another type of uninvited penetration could be considered unethical.
I believe a lot of countries are changing laws to cover unauthorised system access.
-
I think you need to look at what history has taught us and lessons learnt by other hackers, crackers and phreakers.
Usually an uninvited demonstration of a security flaw or even telling someone can lead them to feel insulted and violated, which then puts them on the offensive.
So your hypothetical is not “ethical hacking” by my definition, as that is an invited investigation in to finding the flaws.
Me, I would sit back and wait until they have been pwned by some script kiddie, or their internet has been capped after a few days because some pervert connected and downloaded a drive full of pron.
Then offer my services with a big dollar rate, so they get bent over twice.
-
Not sure what its like in America or Canada, or if its changed in the last 20 years, but in Australia even your brain dead shop front solicitor (Australian version of Lawyer) would beat that in court with;
Show me where she agreed not to circumvent any security measures, and was it made clear at time of employment, or was it a case of sign here, and not given time to read or comprehend the document or policies.
I attended a security conference many years ago where an FBI bloke was saying log files don’t stand up in court as you can’t prove that they haven’t been doctored, and this still stands in Australia, as our laws are still back in the days when we were shipped here as convicts, and you must catch them physically at the keyboard committing the crime.
Again from an Australian experience, dismissing someone without hard evidence or solid proof of a breach of the company policy comes down to who has the deeper pockets when it comes time for court, or fear of a sympathetic judge. Most of the time its, here $XXXXXX now bugger off, across a meeting room table, especially when a union is involved.
And I won’t go into our workplace surveillance law’s, which have been dictated by the unions.
-
I have done some side by side comparisons and found GFI wasn’t very good and finding and detailing vulnerabilities like Nessus, but did list what patches where missing.
For example to show management why my WSUS server and the bandwidth it uses, and why people should reboot and install the updates, no matter how much they complain about the annoying little icon and reminders, are a necessary part of the infrastructure. </rant>
I found Nessus gave me an enough information on any vulnerability to quickly (as PHB’s have the attention span of a 5 year old on crack) find an exploit in metasploit to pwn the general managers PC, dump the hashes, crack his password with rainbow tables (that’s not your wife’s name?) and then pass the hash onto the domain controller.
Big props go out to Hak5 and Mubix for giving me the knowledge to justify my job.
Sorry if I’m preaching to the choir.
Now if only I could convince the PHB’s to upgrade some of the handheld devices so I didn’t have wireless access points with no encryption.
-
Radius authentication for WPA wireless and maybe Mubix’s views on vulnerabilities of this.
As I have struggled to get it working with self signed certificates, and my google fu show I’m not alone and ended up using the ebox radius module.
Ubuntu server cloud setup.
And maybe building an "Interceptor" PC, using karma, useful as a wireless honeypot or to capture all those damn iPhones and iPod's that staff keep bringing into the building which sit there all day trying to connect.
Wireless dongle
in Security
Posted
This could be done with off the shelf industrial safety equipment.
The one I currently use is as old as the hills, so I'm sure there newer and better units available (I think the manufacturer of mine is no longer) basically it is an RFID reader built into a power board and requires the operator to wear a RFID button, the reader looks for the button every few seconds, and if doesn't detect it, cuts the power. It also has a output to use as a trigger for an alarm etc.
I have seen a demonstration of similar gear, but works with fall arresters.
Could be hacked to trigger an electromagnet etc.
We also use on the farms a device that looks like a ID card, but has GSM or 3G connectivity and can we can track the operators, and its has options to send an email or SMS if the operator go horizontal or stops moving for a set period of time.