pseudobreed

The payload is executed by a local admin account. You dont have to have a username and password, it will use the default profile credentials. Just add "net stop service" at the top of your payload, and then you can "net start service" at the end to put the firewall back to normal. The only issue is if the firewall has a task tray icon (And I dont know many that dont). Once you stop the service, the icon changes to show the status of the firewall.

Semantics. The point is, there is no benefit from compiling the batch file. If you are worried about someone getting your username and password create two dummy gmail accounts. Have your batch send the files to one account, then setup a filter in that account to send all the files to another account. That way all the files sit in an account that you know the credentials. I know that Im over paranoid, however, why would you ever put your username and password to _your_ email account anywhere in plain text? Hell, I dont even like those password safe programs. The only benefit you get from compiling a batch is that the not so savvy will not edit/steal your code. In my opinion, leave it as a batch so you can quickly edit it on the fly no matter where you are.

@stingwray I really didnt care about the users on the network, my concern was the gateway. And, the nomadix can make a max of 16 vlans that have individual rights to access any other vlan. Also, Im not sure how you are supposed to enumerate the network if the gateway will not allow you do anything. Nmap & Nessus came up with nothing. ARP didnt work, as when watching the packets via Wireshark, the gateway sees the ARP command, then reverts it back to what it was before. Im not sure why it just didnt ignore the ARP request in the first place. This is when I focused on the gateway. Im pretty sure the only way I would be able to get anything out of the network was to find a service on the gateway that was insecure and go from there. Unfortunately I ran out of time to play around. @burn Thanks for the info. Last I heard I think the nomadix was running around $1,400. I will have to check out the NoCatAuth & RADIUS setup. However, the nomadix claims that it has a dummy proof web interface, which would be nice for the not so savvy client. Then again PIX has a "dummy proof" web interface also, and that gives them headaches.

From the Shadows off the top of my head. Probably edit this post with more when I check my home computer. I dont know of many that actually keep a constant release.

I understand all that, however, these gateways are pretty much used for public areas. Here is an example. Downtown they offer free wifi in select locations. Some of these places use this nomadix gateway. I got on one just see what is so special about them. Once you connect, your domain name changes to Nomadix.com and trying to go to that site redirects you to a terms agreement that will not allow you to do anything on the network until you agree. When I did a scan for host, the gateway dumps out a list of spoofed mac address. However, it only dumps mac/ip's that are not being used. So, if I have IP 10.198.16.118, my list from nmap will not have .118 responding. The gateway filters out macs, and any other type of specified packet/service (ie ping). Firing up Wireshark you can still see the network traffic as if you were on a switched network, however MitM type of attack is now harder as you dont know the MAC address. Checking out the ports open on the gateway comes to about 25 different services on this one gateway. Just looking at headers alone, it's pretty much just smtp, pop, ssl, proxy, web server, wol, etc. I did not get much time to check it out, however, later Im going to get an external IP and see what I get from the outside.

I happened to stumble on a nomadix gateway the other day and I was in kind of an awe as to how secure it was for a wireless solution. The box also runs a bunch of services that are really easy to setup. More info here (PDF). Does anyone else have experience with this type of gateway, or know of any others like it? I have a client really pushing to get wireless connectivity and I have always held a firm no on the subject. However, I have not been keeping track of the security advances on wireless devices.

On a side note, http://www.3dbuzz.com is a great place to pick up some new skills or just get the all around feel of an application.

I would think the most important thing to get across to new code monkeys is to learn how to solve the problem. Then C++ would just be the syntax used. Maybe a couple hours over pseudocode which I honestly thought was a joke until I was forced to use it on a group project. Even if each person is working on a different part of the application, everyone understands pseudocode so it puts everyone on the same page. Then after the class if they really dont like the feel of C++, they can atleast try other languages however be armed with the knowledge of what it takes to actually solve the problem. Now if it was an advanced class, they would know all this already and then you could teach winsock 2 providers... as that is what Im trying to learn now.

Im pretty sure that was supposed to be the distro that was most like Windows (Or at least this is what they claim). Im pretty sure Walmart was even working out a deal with them to have that as an OS on their cheaper machines.

And to add to this... there are some hot free software apps that look for differences in images and can record if flagged. In essence, making a cheap motion detector and you can maybe have it email you if it is within a certain date/time.

Services.exe is part of Microsoft's OS. It's the program that actually installs, starts, stops, deletes services.

Gmail auths the user only if the From address and the User address are the same. Actually most mail servers do it this way unless they do not require auth before sending mail.

I assumed anyone who got it working would have ran into the error. This is considering that Ettercap does not sniff SSL out of the box, you have to configure it to do so. So, if someone here had it working, they could share what they did... However, because it's you Cooper, Ill post a error report: The fatal error is towards the bottom, about the firewall. The thing is, I dont have a software firewall, just a hardware one. When I take that out of the question, it still errors out. If I take SSL out of the etter.conf, ettercap works beautifully. ============================================================== -> ${prefix} X:/PenTools/EttercapNG -> ${exec_prefix} X:/PenTools/EttercapNG -> ${bindir} X:/PenTools/EttercapNG -> ${libdir} /lib -> ${sysconfdir} X:/PenTools/EttercapNG -> ${datadir} /share -> ettercap NG-0.7.3 -> compiled with gcc 3.2 (MingW) -> WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x] -> libnet version 1.1.2 -> libz version 1.2.1 -> lib OpenSSL 0.9.7c 30 Sep 2003 -> headers OpenSSL 0.9.7c 30 Sep 2003 -> gtk+ 2.4.13 DEVICE OPENED FOR ettercap DEBUGGING [NR_THREAD] main -- here we go !! [NR_THREAD] ec_thread_register -- [13676040] init [ init] signal_handler activated [ init] parse_options -- [0] [ettercap] [ init] parse_options -- [1] [-G] [ init] select_gtk_interface [ init] parse_options: options parsed [ init] compile_target TARGET: // [ init] MAC : [] [ init] IP : [] [ init] PORT : [] [ init] compile_target TARGET: // [ init] MAC : [] [ init] IP : [] [ init] PORT : [] [ init] parse_options: targets parsed [ init] set_unified_sniff [ init] parse_options: options combination looks good [ init] init_structures [ init] load_conf [ init] get_full_path -- [etc] X:/EttercapNG/etter.conf [ init] open_data (X:/EttercapNG/etter.conf) [ init] get_local_path -- X:/EttercapNG/share/etter.conf [ init] open_data dropping to X:/EttercapNG/share/etter.conf [ init] load_conf: SECTION: privs [ init] load_conf: ENTRY: ec_uid 65534 [ init] load_conf: ENTRY: ec_gid 65534 [ init] load_conf: SECTION: mitm [ init] load_conf: ENTRY: arp_storm_delay 10 [ init] load_conf: ENTRY: arp_poison_warm_up 1 [ init] load_conf: ENTRY: arp_poison_delay 10 [ init] load_conf: ENTRY: arp_poison_icmp 1 [ init] load_conf: ENTRY: arp_poison_reply 1 [ init] load_conf: ENTRY: arp_poison_request 0 [ init] load_conf: ENTRY: arp_poison_equal_mac 1 [ init] load_conf: ENTRY: dhcp_lease_time 1800 [ init] load_conf: ENTRY: port_steal_delay 10 [ init] load_conf: ENTRY: port_steal_send_delay 2000 [ init] load_conf: SECTION: connections [ init] load_conf: ENTRY: connection_timeout 300 [ init] load_conf: ENTRY: connection_idle 5 [ init] load_conf: ENTRY: connection_buffer 10000 [ init] load_conf: ENTRY: connect_timeout 5 [ init] load_conf: SECTION: stats [ init] load_conf: ENTRY: sampling_rate 50 [ init] load_conf: SECTION: misc [ init] load_conf: ENTRY: close_on_eof 1 [ init] load_conf: ENTRY: store_profiles 1 [ init] load_conf: ENTRY: aggressive_dissectors 1 [ init] load_conf: ENTRY: skip_forwarded_pcks 1 [ init] load_conf: ENTRY: checksum_check 0 [ init] load_conf: ENTRY: checksum_warning 0 [ init] load_conf: SECTION: dissectors [ init] dissect_modify: ftp replaced to 21 [ init] dissect_modify: ssh replaced to 22 [ init] dissect_modify: telnet replaced to 23 [ init] dissect_modify: smtp replaced to 25 [ init] dissect_modify: dns replaced to 53 [ init] dissect_modify: dhcp replaced to 67 [ init] dissect_modify: http replaced to 80 [ init] dissect_modify: ospf replaced to 89 [ init] dissect_modify: pop3 replaced to 110 [ init] dissect_modify: vrrp replaced to 112 [ init] dissect_modify: nntp replaced to 119 [ init] dissect_modify: smb replaced to 139 [ init] dissect_modify: smb added on 445 [ init] dissect_modify: imap replaced to 143 [ init] dissect_modify: imap added on 220 [ init] dissect_modify: snmp replaced to 161 [ init] dissect_modify: bgp replaced to 179 [ init] dissect_modify: ldap replaced to 389 [ init] sslw_dissect_move: https [443] [ init] dissect_modify: https replaced to 443 [ init] sslw_dissect_move: ssmtp [465] [ init] dissect_modify: ssmtp replaced to 465 [ init] dissect_modify: rlogin replaced to 512 [ init] dissect_modify: rlogin added on 513 [ init] dissect_modify: rip replaced to 520 [ init] sslw_dissect_move: nntps [563] [ init] dissect_modify: nntps replaced to 563 [ init] sslw_dissect_move: ldaps [636] [ init] dissect_modify: ldaps replaced to 636 [ init] sslw_dissect_move: telnets [992] [ init] dissect_modify: telnets replaced to 992 [ init] sslw_dissect_move: imaps [993] [ init] dissect_modify: imaps replaced to 993 [ init] sslw_dissect_move: ircs [994] [ init] dissect_modify: ircs replaced to 994 [ init] sslw_dissect_move: pop3s [995] [ init] dissect_modify: pop3s replaced to 995 [ init] dissect_modify: socks replaced to 1080 [ init] dissect_modify: msn replaced to 1863 [ init] dissect_modify: cvs replaced to 2401 [ init] dissect_modify: mysql replaced to 3306 [ init] dissect_modify: icq replaced to 5190 [ init] dissect_modify: ymsg replaced to 5050 [ init] dissect_modify: vnc replaced to 5900 [ init] dissect_modify: vnc added on 5901 [ init] dissect_modify: vnc added on 5902 [ init] dissect_modify: vnc added on 5903 [ init] dissect_modify: x11 replaced to 6000 [ init] dissect_modify: x11 added on 6001 [ init] dissect_modify: x11 added on 6002 [ init] dissect_modify: x11 added on 6003 [ init] dissect_modify: irc replaced to 6666 [ init] dissect_modify: irc added on 6667 [ init] dissect_modify: irc added on 6668 [ init] dissect_modify: irc added on 6669 [ init] dissect_modify: napster replaced to 7777 [ init] dissect_modify: napster added on 8888 [ init] sslw_dissect_move: proxy [8080] [ init] dissect_modify: proxy replaced to 8080 [ init] dissect_modify: rcon replaced to 27015 [ init] dissect_modify: rcon added on 27960 [ init] dissect_modify: ppp replaced to 34827 [ init] load_conf: SECTION: curses [ init] load_conf: ENTRY: color_bg 0 [ init] load_conf: ENTRY: color_fg 7 [ init] load_conf: ENTRY: color_join1 2 [ init] load_conf: ENTRY: color_join2 4 [ init] load_conf: ENTRY: color_border 7 [ init] load_conf: ENTRY: color_title 3 [ init] load_conf: ENTRY: color_focus 6 [ init] load_conf: ENTRY: color_menu_bg 4 [ init] load_conf: ENTRY: color_menu_fg 6 [ init] load_conf: ENTRY: color_window_bg 4 [ init] load_conf: ENTRY: color_window_fg 7 [ init] load_conf: ENTRY: color_selection_bg 6 [ init] load_conf: ENTRY: color_selection_fg 6 [ init] load_conf: ENTRY: color_error_bg 1 [ init] load_conf: ENTRY: color_error_fg 3 [ init] load_conf: ENTRY: color_error_border 3 [ init] load_conf: SECTION: strings [ init] load_conf: ENTRY: utf8_encoding [ISO-8859-1] [ init] load_conf: ENTRY: remote_browser [mozilla -remote openurl(http://%host%url)] [ init] load_conf: ENTRY: redir_command_on [iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport] [ init] load_conf: ENTRY: redir_command_off [iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport] [ init] capture_getifs [ init] capture_getifs: [DeviceNPF_GenericDialupAdapter] Generic dialup adapter [ init] capture_getifs: [DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410}] Broadcom 802.11g Network Adapter (Microsoft's Packet Scheduler) [ init] capture_getifs: [DeviceNPF_{45116F49-0020-4DFC-910E-ACCD1572FF9B}] SiS NIC SISNIC (Microsoft's Packet Scheduler) [ init] ui_init [ init] gtk_init [ init] gtkui_conf_read: C:/Documents and Settings/pseudobreed/Application Data.ettercap_gtk [ init] gtkui_conf_set: name=window_top value=104 [ init] gtkui_conf_set: name=window_left value=329 [ init] gtkui_conf_set: name=window_height value=440 [ init] gtkui_conf_set: name=window_width value=600 [ init] gtkui_setup [ init] gtkui_conf_get: name=window_width [ init] gtkui_conf_get: name=window_height [ init] gtkui_conf_get: name=window_left [ init] gtkui_conf_get: name=window_top [ init] gtk_setup: end [ init] gtk_unified_sniff [ init] capture_init DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410} [ init] requested snapshot: 65535 assigned: 65535 [ init] capture_init: Ethernet [1] [ init] send_init DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410} [ init] get_hw_info [ init] get_interface_mtu(): mtu 1514, okay [ init] disable_ip_forward (no-op) [ init] ssl_wrap_init [ init] sslw -- SSL_CTX_use_PrivateKey_file -- trying ./share/etter.ssl.crt [ init] sslw - bind 8080 on 59263 [ init] sslw_insert_redirect: [iptables -t nat -A PREROUTING -i DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410} -p tcp --dport 8080 -j REDIRECT --to-port 59263] [ init] FATAL: Can't insert firewall redirects [ init] gtkui_error: Can't insert firewall redirects

Do a WHOIS on the IP, then call the contact number. The conversation should go like this: You then dial that number and own the box. If the dialog you have doesnt match the above... Then hang up and call back.

I have bashed my head agaisnt the desk trying to get this to work. I have installed OpenSSL and edited the etter.conf file and when I start ettercap it errors out. Searching all over google and forums came up with nothing. I would just run backtrack however it does not support my wifi card. And frankly, Im not that savvy with linux to be able to know what I want to do when the situation presents itself. My last hope is trying to install backtrack on vmware and to try it that way. All other features work in ettercap and it sniffs correctly, just can not get the SSL part of it to work. Thanks in advance. Also, I know Cain has SSL sniffing also, has anyone got that to work on Windows?

Then for giggles, take out the subject line. Blat freaks out if the subject line or body has a space in it and you dont use quotes correctly. And using quotes in batch is a very tricky thing.

Yes. It's not the batch is the problem, it's the applications being used to enumerate the information. However, the antivirus will not be able to remove the file, just not allow the OS to run it.

I didnt test it, but it looks fine. My only other theory now would be that gmail knows a .rar file is an archive and their antivirus checks archives. If for some reason there is a virus or something gmail does not like in the .rar file then it will not allow it to be sent. The only way around that is to rename the file extension to something gmail does not know.

I watched that New York City Hacker video... and yeah. I guess I just didnt understand the art of the video. There was one part that just plays music and scans over buildings for about a minute and a half. Then they bash on people who go to 2600 meetings explaining that true "hackers" dont go to these type of meetings. That the people who go are posers (In short). I have never gone to any type of meet-up or convention, however, I do plan on attending Defcon and HOPE. Not only to actually see what people are doing, but to meet more people who are into the samething. People with a hacker mindset are few in number. I would imagine that a documentary would show that and explain why they need to stand together. The whole DVD Decrypting thing last year is a large example. /end rant.

The only reason people never "burned" the payload into the iso is so that you can edit it on the fly and not have to reformat your USB Drive to update the new payload. The only thing I would "burn" would be static files. However, really this does not have any advantage.

You are going to have to paste the code that you use here for anyone to be able to help you.

I use Firefox 2.0 on two different machines and Opera on my Blackberry and get the same issue. I know when it is going to happen when I have to log in twice. The first time I log in, it redirects to the root of the forum however Im not logged in. Once I log in again, everything is marked as if I have read it. The only way I know of fixing it is to close Firefox completely (Which deletes the cache/cookies/etc) or Ctrl+Shift+Del then come back to the forum.

You are going to have to explain in more detail. Both Cain and Ethereal (Now, Wireshark) both have to be setup to the network before you can start sniffing. Especially if you have more than one nic. It's really simple, however, you can not just open the program and hit the sniff button expecting to see packets on your screen like the matrix. A couple other questions, are you on a switch? How many other computers are on the network?

TrueCrypt can encrypt a partition. So, yes you could encrypt the whole usb drive. However, if you do this then TrueCrypt has to be on every machine you want to open the encrypted files. Here is what I did: My USB Drive Structure: [TrueCrypt] = Folder @ = True Crypt File 1 gig in size mount.bat = Batch script used to mount file dismount.bat = Batch script to dismount file Contents of mount.bat @echo off :: Mount TrueCrypt Drive L TrueCryptTrueCrypt.exe /q /a /lL /m rm /v "@" So, when I insert my USB drive, I run mount.bat. TrueCrypt opens the file and a password dialog box pops up. I input my password and TrueCrypt mounts the encrypted file as drive L. Then I do all my private work on drive L. When Im done I just run dismount. Contents of dismount.bat @echo off :: Dismount All TrueCrypt Drives TrueCryptTrueCrypt.exe /q /d Now, you can actually put TrueCrypt in the loader with an autorun.inf to call the batch. This way, as soon as you put in the usb drive you get a password prompt. I didnt do this as I use my USB drive for everything, not just my personal files.