pseudobreed

It would be a great project, however... One you would need someone to delegate Two you would need some type of project management system. Three you would need this all to take place somehow in HL2DM I would not get intimidated by other schools/governments. Yeah, they have more people and better equipment, that does not always mean they come out with a better product/idea. A couple examples: Carl Hayden High School vs MIT Stanford University vs The Red Team in DARPA

Mastering WGET over at Lifehacker.com In order to call wget from any where, the application has to be in the C:WindowsSystem32 directory.

I run XAMPP off my USB key =P There are a couple things that need to be changed to it, like the mod_rewrite. Other than that, it's everything you need. Even has an email server.

I dont know, asking the wrong person. =) Maybe he does not have access to the services.msc because the machine keeps rebooting. =P

I thought about that. One thing I noticed, the GPO may offer a way to get around the autorun being off, Ill have to play with that later. And about the pop-up box, the better thing would be to suppress Microsoft's and display your own.

@Therian I was working on the same thing. With a little more options and you can change the settings on how the information is dumped. I found in some situations I didnt need the whole payload, just the pwdump or vnc to be installed. On the autoexec.exe loader Im working on setting up hotkeys. So, if you hold down "e" while inserting the usb drive, it will exec payload such and such. This way I can have all payloads on the device but only exec the one I need and not have to worry about setting up the drive each time. Then on the flip side, I have a GUI client to read the dumped files. At the moment, I only have it parsing xml and tabbed out text files. It also starts the rainbow process. Maybe we can get an API going from the web cracker and I can have it check to see if the LM hash has already been cracked.

He said he could not in the services.msc =/

Now md5 hashes riiight?

For the password to be zaq1xsw2 The value in the registry file needs to be: "Password"=hex:11,1a,87,18,0e,1c,d1,98 The problem is you are pulling the wrong registry settings. When VNC runs as a service it pulls registry settings from LOCAL_MACHINE, when you run it localy it runs under CURRENT_USER. In the above code, you are pulling your local VNC settings and the password is different from zaq1xsw2

I adore Opera, except I adore Greasemonkey, NoScript, and FoxyProxy more.

@Ouroboros DeviceLock does most of this. It does not whitelist apps, but drive serials. Sygate was working on a program that you could "map" applications to whitelist. However, Symantec aquired them and Im not sure what became of it. And, the major problem about all of this is the fact that you strip the drive of it's only functionality, to be an external drive... And then, if you do manage to map and whitelist read/write packets... the driver would have to be pretty fast. This so far is the only problem I have with DeviceLock, the driver slows down transfer rates to and from the usb drives. And, there are already groups of people writing spoof drivers for usb removable drives. Lets say you stick in a drive, however, windows thinks it's a HID device. I strongly believe, no matter what you do, a physically accesible machine is not a secure one.

What time does that watch say?

Sorry I can not post the registry values you need for various actions, my laptop battery is about to die. However, in the root tree of the service, delete the value "FailureActions" and that will set all the actions to "Take No Action". Hopefully that will fix your problem. Ill try and post the hex values for different failure actions tomorrow if the above does not help.

You really dont even need that mean of a machine. VMWare can flex "hardware" per virtual machine. I have one desktop running about 4 virtual os's in natural sandbox fashion and one laptop that I test from that dual boots XP Pro and Auditor (Because Im trying to learn more Linux, yet rarely boot to it). For the OS's, I have 2 XP's (Pro & Home), 2003 Server, and Server 2000. Each one except the Home is running some version of Apache/MySQL/MSSQL/Updates. The best part of virtual machines is that you can save the OS at different stages. This way if you mess something up, you can revert back to the original. Also, Im pretty sure VMWare has a free player now or something of the like. You can create your own virtual machine and pass it off to other people to stress test, etc.

Ive been playing around with DeviceLock and so far it is doing it's job.

I would start by rewriting the drivers that Windows uses when mounting removable drives. Maybe make an app that reinstalls new drivers (Like a rootkit) would, then have it compare to a list of serials numbers? If it's on the list, then mount the drive, other wise leave the drive in the "ejected" state. Then maybe email the sys admin that an alien drive has been inserted in system "such and such" please run over and take the USB drive away from them. These people will actually test your network for this type of vulnerability. Now that I think about it. Turn off autorun. As soon as you do that, you level the field. Then you just have to worry about physical access to the machine. That has always been a concern for anyone in security and they should have a proper setup on the machine to limit physical access. I know of a couple places that you have to go through a metal detector, and can not bring in keys, pens, usb drives, ipods. And the machine itself is in a case locked down so you have no access to the cd-rom drive, or mobo. The internet access is limited to an internal proxy where some type of IDS checks all out-going traffic. Then with all of that, they have an open wifi into the network. Ha. However, the above machine is still behind another firewall.

@G-Stress I found an app that works connecting NAT to NAT, however, it as not very discreet. Then I started working on an app that would find the hwnd of an icon so I could get rid of it from the system tray. Then I decided I was going about it the wrong way and Im working on OpenVPN now. Especially since my router has a client in it. As for protection, disable autorun for starters. For the semi-savvy, always hold down shift. On the U3 you have to hold it down for a little longer as the drive inserts, then the CD-Rom is installed and then it autoplays. Remove the Autoplay 'feature' from the right click menu on removable/cd-rom drives? Or maybe only allow usb drives that have a certain serial number to mount. It has always been said, and machine that someone can physically get to, is not secure.

I really dont trust ZoneAlarm when it says it's turned off. I just had a client recently uninstall ZoneAlarm and once that was finished he lost all internet connectivity. ZoneAlarm, even though gone, still some how muxed his TCP/IP settings. Try following this tutorial on how to add a trusted IP. Hopefully this will fix issues... /me crosses fingers.

I really like this idea. Im surrounded by hundreds of computers that could lend some spare cycles on maybe a Sunday when nobody works.

Check ZoneAlarm for some settings on trusting incoming connections from an IP. It's been forever since I have used it, so I have no idea where it would be. Once you find it, add your IP and see how that goes.

I downloaded one of the Defcon episodes and I got the same error. It has something to do with the h.264 codec. I couldnt figure it out, however, SUPER seems to work.

Sorry about that. I didnt realize they removed all the packages. You can download here.

This may help. Your biggest concern is the drive changing letters. You can tell windows to always give a drive a certain drive letter, but that would be a pain to do on every machine. Especially in a school enviroment where you may not get to used the same computer in the lab that you were using before. I guess you could make a batch script: subst Z: %CD% That will create a virtual drive Z that maps to your USB drive, or wherever you called the batch script from. Then to delete the virtual drive: subst Z: /D

ffmpeg has never let me down. ffmpeg -i filetochange.mp4 changefile.avi You may have to force the codec if by default it does not choose divx/xvid. Im always used it to convert everything to mp4/flv.

Local Machine will effect everyone. Current User will only effect, well the current user. Also, if you change this your batch scripts will not work unless in your batch you call by the full path name (ie C:Scriptsnircmd.exe not nircmd.exe that is in the root directory).