Darren Kitchen

Agreed. The current wiki page could use some TLC. Anyone up for the challenge?

in my book geeks are just nerds that could be considered "cool" by mainstream peers. think nerd but not socially inept with the likelyhood of getting laid.

in one of my colleges it was a simple first letter of first name, first 8 characters of last name, 4 digit incremental identifier (incase multiple first/last name pairs existed) with the password being the last 4 digits of the SSN. For example my username was "dkitchen0001" with a 4 digit password. Obviously the first thing I did was change my password however for some stupid reason they limited passwords to 8 characters and did not support spaces. Lame.

Well I was able to replace the file while logged in under an administrative account without any file permission errors. I will try replacing it in safemode soon. This hack has a lot of potential if we can get it to work but there are several caveats such as: Requires admin to be logged in to replace file, or Safe mode access OR Requires booting off external media (floppy, cd, usb) in order to replace file In many network environments these requirements cannot be met. If the process can be automated (like how the switchblade works) then it would be much more useful, however at that point you've probably already got access to the password hashes, created a backdoor, etc. Are there any other methods of privledge escalation that we have not explored?

If I had a nickle for every time I was told it's French not Sweedish... I might be able to afford Hak5's bandwidth ;) I've got a ton of recordings from the voicemail box and emailed mp3 files. Oh, and Hak5 with French subtitles. That would be awesome!

Thanks! That looks like it should solve my problem. I'll try it after work tomorrow.

Yeah, not just that but you can also, using a utility, customize them with your own audio files, so that you could have it say "Hey noob, maybe I'll boot if you feed me some RAM first!" Oh, and it even lets you customize the bootup image. Sounds like the perfect motherboard for system-builders like voodoo/falcon northwest/alien ware/mom 'n pop's PC's

Ok guys, this is the first time I've posted in here with hardware troubles and I see these posts around here frequently so hopefully you guys can help me out as well. On our most recent appearance of the Computer America show co-host Carey Holzman pledged to Hak5 an Athlon 64 3400+ and Asus A8V Deluxe motherboard. I've got a spare 320 GB HDD from the freeNAS segment and 2 GB RAM isn't too expensive (I can write it off too). I've also got the ATI Radeon x850 XT Platinum AGP that Jenn Cutter sold me cheap. Add it all up and it'd be a killer rendering/gaming machine. So I picked up a stock 939pin compatible AMD cooler from a friend with a computer shop and slapped it together with the 320 Gigger and a spare set of 2x256 PC3400 DDR. Booted up and the most interesting thing happened. I've seriously never seen this, but again it's a Deluxe motherboard. Video doesn't initialize, and out of the speakers plays a female voice saying "System failed CPU test". I reseated the CPU (the corner was lined up) and consulted the manual. The troubleshooting seciton says to reseat the CPU and if that doesn't work to call ASUS. I've called ASUS twice and both times they told me they were uber busy and asked for my name and number so that they could call me back. I haven't heard back from them. Unfortunately I don't have another 939 pin motherboard to test the CPU, or an Athlon 64 or FX to test the motherboard. I know that doesn't leave a lot of troubleshooting room but maybe there's something that I havent thought about or havent had the experience with on these new 64 bit systems. Any suggestions would be greatly appreciated. I need to send Carey Holzman a thank-you letter and I'd rather not say "It's either DOA or I'm a NOOB". Thanks in advance, Darren (That guy that's always hurt on the show)

Metatron, Congratulations on the career/country move. I'm sure with a head like yours you'll be doing great no matter where you go. I hope the move goes painless and your new career is less stressful and more rewarding. You've been a model member of this community for some time now and we appreciate you doling out your insightful comments from the begining. From all of us at Hak5, good luck and safe travels!

debunked or not, what we must all understand is that we have a choice and we can vote with our wallets.

Would you consider yourself a brown coat in the slightest?

I realized that I never replied to this thread. Man, who brought it back from the dead? Anyway, just looking at what's in my quicklaunch so take it with a grain of salt, in no particular order: [general] Firefox VLC miniAIM allTunes (allofmp3 client) flickr uploader iTunes mIRC Nero putty Terminal Services client speakonia synergy winamp (2.8x) photoshop [editing] audacity virtualdub 3ds max 7 blender 3d videora ipod video converter sony vegas [less often used net stuff] freesshd opera winscp3 smartftp xchat [less often used IM stuff] gizmo project google talk msn messenger skype teamspeak ventrillo [games (just what im playing currently)] BF2 CS:S FarCry HL2 Skulltag (Network Doom2) UT:GOTY UT2003

Right-o. Thankfully our music is actually © Hak5 so it'll be no biggie to sell a DVD box set down the road. However that means we'll have to remaster episode 1-3 without the "borrowed" music to be legal.

I agree. I really enjoyed playing WoW with Jenn or Wess. Not so much fun playing by myself. And in those 2-3 months of playing I was able to keep it under control. I don't think I played more than 10 hours a week at most, and many weeks I'd play none at all. Oh, and I remember playing The Sims Online beta with an ex-girlfriend and it was great fun because we lived 50 miles apart and it gave us a way to chat and play something we really enjoyed (The Sims in general) together.

Yeah, your right. Why learn to drive safely when you can simply get a car with airbags. (not quite an exact analogy but I like it). Anyway, it may seem like a lot, 14 points, however it's good computing practice anyway and really something I've been doing for years so I don't really think of it as being a daunting task. If anything watching some segments on Hak5 should make you realize that we're all[1] vulnerable to hacks if we're not actively protecting ourselves. [1] Windows users

Where is the "no anti-virus, I know what the hell I'm doing" option? That is to say *keeping ALL software, services, drivers up to date **that includes windows, firefox, any internet client or server software *using at least the most basic windows SP2 firewall *having a perimiter firewall (smoothwall, monowall) or at least a NAT router *not using IE (duh) *not opening unknown attachments (or in my case, gmail's built in AV) *not running shady programs (think keygens, game cracks, stuff like that) *testing new software in a virtual machine before using in a production env. *disabling LM hashes (or 15+ chr pass) *turning off non-essential services *using third party instant messanger clients (IMHO AIM is a virus) And if you want to get a little nutty about privacy there's always *disabling cookies *never using personally identifiable information online *routing through a P2P proxy like TOR I'm sure I've missed a few things but this is what came to me off the top of my head. Feel free to add to this list, in fact it'd be pretty easy to migrate it to the wiki as a "secure computing (windows) tutorial"

I agree with both Stingray and VaKo on this one. If it were a crappy ol Pentium I'd say stick with freeNAS, but if you've got the hardware for it either spend a weekend getting down and dirty with the NT file permissions, or swap it out with gentoo, fedora core, suse, <insert distro here>. In the end they're all going to do basically the same thing, serve up files on the network, but it's the hunt, not the catch, that brings true geek happyness :) Let us know what you end up doing.

Re: The Utilman.exe approach I've downloaded the compiled VBscript, utilman.exe, and replaced c:windowssystem32utilman.exe with it. (A simple matter of copy /y c:utilman.exe c:windowssystem32utilman.exe) If I run utilman.exe from the command prompt or explorer I get the message box "Hacked XP" and the user NewAdmin appears under Local Users and Groups > Users. However if I try to activate it by pressing Win+U I get the good ol *ding* sound and it doesn't run the file. I've tried it at the login screen and while logged in as an administrator. Anyone got a clue on this before I start hunting down this feature in MSDN? Oh, and do you think we could get a version that's a little more subtle? I mean, the message box "Hacked XP" is a little obvious ;)

The AV folks aren't idiots and are watching this thread too. But they rely mostly on static signatures. Is there some way to have a file download server that repacks/pads/encrypts the source files differently on every download to prevent easy signature creation? This won't protect against good heuristics and application behavior detection, but a lot of people turn that functionality off anyways because of the number of false alarms. Or, is there a way to obtain the LM password hashes without the use of PWDUMP? Oh, and you raise an interesting point. So much for that job at Symantec. Hi whitehats!

It uses UFS, but it has a CIFS service that allows you to access the files over the network, the box does the translation for you, so it looks and feels just like your windows server solution (without the crazy permisison errors). You can even have it integrate with an active directory or radius server if you've got the need to.

the war room lives on as a chat channel on stormrage, but the radio show that Jenn and I used to do has come to an end. Both of us canceled our accounts. Soon after wess and alli cancelled as well.

I did this on call for help episode 403. I used a tool called clamp i believe. it was a command line winamp tool that php could interface with. the code is very similar to the x10 hack from hak5 episode 1x01.

Welcome to the fourms. I do believe I ran across your site in research. I'll had to add a link to the show notes on the wiki. Nice job.

It's not me that's looking. It's just this guy mike. The friend/model I used to photograph met him and he mentioned his need for a webdev. She put him in contact with me and since I have no time for it I figured someone in the community might be looking for a gig. I posted the thread before seeing the requirements. After reading the req's I'll just say, if I had the time I still wouldnt take it. I'm sure he's a great guy and all but his latest email "Thanks Darren, im sure someone will. they will make a lot of money!" kinda put me off. But whatever, a webdev job is a job I guess. I'd quote him $400 for initial page and $50 per page after that, but I doubt he'd spring for it. It seems like a commission deal which is a bit sketchy.