Jump to content

pseudobreed

Active Members
  • Posts

    171
  • Joined

  • Last visited

Everything posted by pseudobreed

  1. Your best bet here is to setup a sandbox at home and try it that way first. I have tried it via sandbox and live and have never got the DC to drop active directory credentials. It just sends the server into halt complaining about lsass.exe and reboots after the 60 seconds. If you find out anything, post it. I will do the same if anything comes up.
  2. Has anyone got LSA to dump users in Active Directory?
  3. It's actually LSASS.exe and, in short, that is what happens when the system is patched. FGDump still works for me, however the remote registry service has to be running so it can install a service before doing the payload. This all can be done with registry/bat files and you can start dumping the lm hashes as long as user is still using lm hashes and it meets the requirements to store the lm hash.
  4. Do all this then forget to dban your hard drive so they just pull it all back prior to the initial encrypt. I was about to mention the hidden volumes in Truecrypt, however, you did already. So, with that said, this is your best bet. Im one of the most paranoid people I know, so I have an initial Truecrypt volume wrapped around hidden volumes. This way if I was ever tortured to open my truecrypt volume, the person will not know that there are more volumes inside. They will just see the files within the first volume which is just fluff. Just remember that encryption is useless if you do not "shred" the original files that are not encrypted. Doesnt matter how strong your "safe" is. If you leave the document sitting on your desk, the thief will not go for the safe unless out of curiosity. I guess that makes the difference between a good thief and a bad one.
  5. You have to setup a SSH server on your home computer. Here is a quick and dirty tutorial over at Lifehacker on how to setup a SSH server with Cygwin.
  6. This is actually related to spoofing the Caller ID. And, Caller ID is local specific. Before you can even get that far, you need to learn how to run a custom PBX first. As, from my understanding, this is the only way to send out the custom headers for Caller ID. Im pretty sure Asterisk can do this, however, Im not 100% sure and it's one of those things on my list that I want to play around with. However, I only have skype and a cell phone, no hard lines. I wish covertcall was still around so I could play with it more to figure out how it did it's thing. In theory, you have your PBX call the line you want with custom Caller ID information, then have it call you to marry the two calls. Now, if you got all this to work, the next step would to add voice effects on your line so you can change your voice pitch, etc.
  7. Okay, crash course in SSH Tunneling, and Im assuming you know how to use putty. Under the SSH>Tunnels tab: Source Port: This is the port that you will connect to from the local host. (ie 8080) Destination: This is the host ip and port on the remote machine. (ie 6.6.6.1:23) Under the Session tab: Host: This is the host ip you are going to connect to. (ie somewhere.net) Port: This is the port the SSH/Telnet server is running on. Once you type all this in, you can save the info by typing a name under Saved Sessions then clicking the save button. Okay, so the above you will allow you to connect to a the FTP server on 6.6.6.1 tunneling all traffic over port 8080. After you click Open on putty, you should see a plain Jane console prompt ~ Now you can open your favorite FTP client and connect to 127.0.0.1:8080 and this will tunnel traffic to 6.6.6.1:23. It's a lot to grasp at first, but once you get it, you got it and it's pretty simple. Few things to note: - The Session tab is where you are making the outside connection to the SSH server (from your ip to the remote ip). - The SSH Tunneling tab is where you have made the connection and now you are going to connect to ports (you need to use the remotes subnet if it is behind a router or some other nat device). If you have any more questions just ask, and if you cant get it to work, step out what you are doing here and Im sure someone can guide you through it.
  8. For either one of those to work, he will have to go to each machine to install a server for the client. Unless he wants to use the reverse feature in VNC, and even then he would have to depend on the end user to know how to run it (And, in a large network, assuming someone knows how to do something will kick your butt). I used the GPO to install a VNC server once you login and that helps so you dont have to leave your desk to fix a small email problem. Even then, VNC can get cumbersome and really just slow you down. P.S. - If you do install a VNC, make sure your firewall rules are in place so that someone not in the "DMZ" can not come in and remotely administer. Unless, you want that (And, if you are going to do that, just make a repeater).
  9. You can use active directory and make a global logon script to add the printers, network drives, home folders, etc. However, for the email situation, you can not set this in the GPO. This can be done on the exchange server. You can set a day limit that mail stays on the server, or size etc. You can really get into it and have it email the user when they are getting close to their quota limit. If you are not in a domain environment, then I feel your pain. You should setup a DC pronto style and it will make your life as a Network Admin much easier. This way when a zero day exploit comes out (like the Windows Media Player one of today), you can implement a system wide lockdown on the player.
  10. I have one of our in-house servers running SpamPal. That gives more control over the email. There are also plugin modules available to beef it up some more. I will probably have to write some custom plugins to make it work just right. eWeek has a very good article about the botnet where they have some "inside" information on how it works. In the article it also explains why you can not just block the ip or the hash of the email attachments. I have thought about the sending back of the email to verify "are you human". However, we alone send out so much email and rarely have the time to sit there and verify we are human much less ask our clients to do the same thing.
  11. Im not sure if this will help or not as Im not very familiar with LED's, however this link was mentioned in the Ep that Wess made the liquor cabinet.
  12. Yeah, however, do you even have the content to even use that HD hardware. It's just like when Comcast came out with HD channels, 8 of them in all and charged an extra $30 a month for these 8 channels which were nothing but local channels, espn and a HD demo channel that played random shows. People rushed out to get HD converters and HD TV's to watch what they have been watching perfectly fine in digital for years. But they had to be the first person on the block that could watch the football game in HD. Dont get me wrong, you can tell the difference between the two, however, I personally can not justify the price. So, that being said. The PS3 will be worth it in the long run. Do you really want to pay $600+ now or wait until Metal Gear Solid comes out next year and the PS3 could drop $50-$100. Even with out a price drop, there should be plenty of content by then to justify a Bluray player.
  13. Im pretty sure the cost was set at this price considering it's one of the first generation of HD DVD players. So, maybe in the long run the PS3 will be worth it. Especially when they start making games that have huge HD quality textures and content that will take up 50gigs. Now lets all just hope that Bluray doesnt die like Betamax did back in the day vs VHS.
  14. This is pure opinion. For example, Nintendo has never let me down as a game developer. And, the main reasons I fell in love with Nintendo is based on Mario Kart and Super Smash Brothers. I have owned all the consoles at one time or another except the DS which Im thinking about getting before Christmas. Why? Wifi Doom and Mario Kart... I love FPS games, however, you need a break to justify that love. Mario Kart was done very well and is really fun to play with a group of friends. All in all, when it comes down to it, it's about how fun the game is to play, not the console it's being played on. That and I dont favour this whole WWII trend. I like more of a scifi feel (Aka, Quake, HLDM, Doom, Duke-Nukem). At the moment, in my opinion, I dont see a reason to get a PS3. And I felt this way about the 360 until Gears of War came out.
  15. You uninstall the U3 partition that came with the drive. Yes, the U3 program is gone (You can reinstall it even though the site mentions it is irreversible). Then you install the custom loader that gives you more control to run whatever quick launch type of application you want. And, you get 5mb more of free space. This solution was provided for the OP who wanted to remove U3 all together and have a custom ISO (Loader) that would run PStart instead. This does just that.
  16. Yes, you have to get rid of the original U3 all together and then you replace it with your own loader. You can always go back to the original U3 if nothing works to your fancy.
  17. Honestly, I would not know. From other forums people have said they just bought a 360 and it was still the Samsung MS25 drive. However, others have turned around and reported they had a MS28. This 360 was purchased locally 2 days ago and it had the new drive in it. So far, anyone who has VIA chipset or VIA PCI Card, has said they can force a bad flash recovery by just turning the 360 off right before they flash and it will flash normal. We tried this, and it was stuck at a pause. If you have any other chipset, you have to solder it. To give you an idea of how small the board is, it fits inside the DVD-Rom and those blue circles are about the size of a small sewing needle.
  18. Source - VB6 Now come to think of it, you probably have to register the dll that is in that source zip. I didnt think about that until now and this is most likely the issue. This can be fixxed by making loader copy the dll over the system32 and register before looking for hotkeys. I will try and get around to adding that piece to the loader and recompiling then trying it on a sandbox computer when I get the chance.
  19. They were pretty quick to fix it. The sticker on the DVD-Rom says May 2006. I dont see what stops some one from just making a compatible dvd-rom board. Of course that would be months in the making, however, that is where I see this all coming down too. Order the new board, pop open Xbox, swap DVD boards, close Xbox.
  20. Yeah, that could be my fault. The code I used was based on some old Windows hooks for a keylogger I wrote a while ago. However, I have never had an issue on 3 different computers all running XP pro. Unfortunately, I wont be updating it anytime soon as I have become extremely busy. I will gladly post the source code if anyone wants it. Or, it could be how your payloads.ini is setup...
  21. * Update - We just bricked a 360 by attempting to solder the 1 millimeter solder points. Now Im on the prowl for an older 360. If your Samsung drive is firmware version ms28, and you dont have a VIA chipset, just close it back up. Not only does MS cover the board with this epoxy stuff so you can not get to the resistors, they are so small that you have to have a surgical touch to remove then resolder.
  22. Here are some old videos about phreaking (I would like to think there are still some old school people into this... and red boxing still works in some places) http://www.phreakvids.com/
  23. thebroken made it look much easier than it actually is. The "wonderful" tutorial failed to mention a lot of things. There are plethora of problems you can run into. Im assuming they read what worked and got that exact same setup. Well, not everyone is going to build a computer to flash a 360, nor try and find a first gen 360. Most of us use what we have. Also, now the new 360's have a resistor on the DVD drive itself that has to be removed, then solder a switch to correctly flash the DVD drive (Unless you have a VIA chipset). Once you get past all of this, it's a relatively simple process. Just dont watch that video thinking you can hack your 360 in about 5 minutes. And yet, backing up the games is still a pain (You have to flash it, backup, then reflash back), not to mention you still have to bitset the DVD burner unless you buy the NEC/LiteON/BenQ model. Im sure Team Xecuter will come out with a sexy solution. Those guys rock.
  24. 1. Remove U3 software with the U3 Uninstaller available here. 2. Download Loader.zip available here. 3. Inside the zip are two folders: sandisk and memorex. 4. Flash new loader on the USB drive depending on your drive manufacturer. 5. Create file named "payloads.ini" on the USB drive. 6. Edit the payloads.ini file to represent what you want to run when the drive is inserted. [DEFAULT] is what to run if no hotkey is selected. Otherwise, give the path to the file and a hotkey that can be pressed when the drive is inserted to run a different payload. [DEFAULT] path=default.bat [PAYLOAD01] path= hotkey= [PAYLOAD02] path= hotkey= 7. Create file name "default.bat" on the USB drive. 8. Edit "default.bat" and add the following: @echo off Start PStartPStart.exe 9. Create folder "PStart" and copy PStart into the folder. 10. Make sure you setup PStart to save it's xml config file localy. 11. Add applications to PStart Your USB drive structure should look like this: [PStart] - Contains PStart.exe and PStart.xml default.bat payloads.ini * Note - If you change anything in PStart, make a backup file afterwards. PStart only saves it's backup once it closes, if you take the USB drive out before PStart closes correctly, anything you changed will be lost. * Another note - in the payloads.ini the hotkey only works with single letters/numbers on a standard 101 keyboard. (ie. hotkeys can be a-z,0-9) [DEFAULT] path=default.bat [PAYLOAD01] path=payload01.bat hotkey=a [PAYLOAD02] path=payload02.bat hotkey=3 And, you have to hold down this hotkey as the USB drive is inserted, then installs the CD-ROM, then executes the loader.
  25. Wireshark does the same thing. You just have to drill down a little bit. The only issue I was having was getting a good MitM application. Cain & Abel ------------- .. Good: .... Supports SSL .. Bad: .... Can not manually add host to host list Ettercap ------------- .. Good: .... Can manually add host to host list .. Bad: .... Does not support SSL on Windows (Or at least I can not get it to work)
×
×
  • Create New...