burn

I just created an account to see what it was like. I'm currently uploading some music (free, legal music, that is (ok it's nerdcore if you must know)) just to see how well it streams. I'm tired of trying to keep my music collection synced between work and home. Maybe this will be a workable solution. If not, the only thing I've lost is my bandwidth.

Same here. They didn't have this on any of the BBS's I dialed into ... trade wars was my game!

yep, ophcrack is it. It comes with a small set of rainbow tables that will crack a lot of passwords 8 characters and under. EDIT: The Live CD will crack a lot more than 8-character passwords! Ophcrack Live CD The Ophcrack LiveCD is a bootable Linux CD-ROM containing ophcrack 2.3 and a set of tables (SSTIC04-10k). It allows for testing the strength of passwords on a Windows machine without having to install anything on it. Just put it into the CD-ROM drive, reboot and it will try to find a Windows partition, extract its SAM and start auditing the passwords. Rainbow tables Ophcrack 2.3 uses the alphanumeric table sets of ophcrack 1.0 as well as new table sets with special characters. This means that it cracks 99.9% of passwords of length 1 to 14 containing uppercase letters, lowercase letters and numbers with the old table sets. With the new table set, it cracks 96% of passwords of length 1 to 14 composed by characters contained in this set: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&' ()*+,-./:;&<=>?@[]^_`{|}~ (including the space character) Ophcrack 2.3 also cracks NTLM hashes using a new tables set called NTHASH. It cracks 99% of: * passwords of length 6 or less composed by characters in this set: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&' ()*+,-./:;&<=>?@[]^_`{|}~ (including the space character) * alphanumeric passwords of length 7 (lower- and uppercase) * alphanumeric passwords of length 8 (lowercase only) SSTIC04-10k is a smaller table set (388MB) for machines having less than 500M of RAM. *** This is why it's very important to have 15-character or longer passwords/phrases!! If your password now is 8 characters, just enter it twice. Sentences are easy to remember, something like "i hate long passwords" will beat any rainbow table.

Or running WEP. :) It keeps the newbies out, but that's about it.

Two of my relatives took a Cisco class in HS and it was a total joke. First, the teacher was clueless as to how networks are connected and the lab was never fully setup for them to use. I remember my cousin coming to me asking if what his teacher said was true: "The reason you see some websites using www2 is because we're running out of www addresses." Uh, what?!?! Now, the class was 4 semesters long and I asked my cousin after it was all said and done a couple of simple subnet questions, just to pick on him, and his response was classic ... "What's a subnet?". This was after he PASSED the class. Hopefully your experience is a lot different than theirs.

If he programmed his router to only allow certain MAC address to connect to it, then all it takes is to watch what MAC addresses are connected using a program like airodump (part of the aircrack suite). After that you could try disconnecting them from the router using a deauth attack, reprogramming your MAC address to match theirs, and then connect to the AP. You'll want to add your real MAC address to their whitelist and disconnect yourself. If you do it quick enough maybe the victim won't realize why he was disconnected and won't think to check the router's config for a new entry.

I think the Cisco 1200 AP s offers individual vlans per connection and I think the WRT54G's do as well, unless it was a hacked one I was hearing someone talk about. There's a coffee shop here that uses a Cisco 1200 AP. I did an NMAP scan and picked up the coffee shop's public computers, but not any of the other wireless users. I was able to do an HTTP MiTM and get clear-text passwords but all attempts at a SSL MiTM failed. I checked the public computers and their gateway MAC never changed (I didn't look at the gateway MAC during a normal HTTP MiTM). They also have wireless camera's setup there that didn't show up in an ARP scan or a ping sweep. If you're looking at a secure way to offer public wifi perhaps you can look at the Cisco APs. I think they're rather expensive, though. Or maybe you can do a captive portal like NoCatAuth and a RADIUS server on a hacked WRT54G. I've never heard of the nomadix brand.

What a tease!

Yeah, but he's using IP Cop, which does offer a true DMZ.

I think it's amazing how many people I see wearing shorts and tank tops flying down the interstate on their crotch rockets. Or the ones that have _some_ gear on but their girl's on the back with some short shorts and a t-shirt. At least you're smart enough to respect the road and what it can do to you. Good to see that you're OK.

Can you PM me on how you did this? I would love to know!

It's not a good idea to have your Internet facing servers on your internal network. You'd be better off putting them in a DMZ, separated from your internal machines.

According to this article, IP Cop supports a DMZ: http://www.howtoforge.com/perfect_linux_firewall_ipcop_p2 That looks like it walks you through setting everything up quite nicely. I like how they give each zone a color depending on it's threat level.

Man, I'm looking over this stuff and it's definitely thorough. You've done a great job putting it all together. I have one question, though, what does this mean in your autorun: shell1=&amp;1

dos4gw shows up as a trojan during download with Avast Free version, just so ya know.

I like it when people use the same password for everything. There's nothing better than sitting at a coffee shop and getting someone's myspace password that also works for their aol mail, yahoo mail ... etc. I still can't believe most forums don't have a secure login page. That and whenever you request your password, most sites are able to send you your original password which means it's stored in their database in clear text. Now you have to trust the forum admins, the mail server admins, and anyone listening in between.

Beastie is all over their website, too. They don't seem to be hiding the fact that they stole the FreeBSD logo at all.

You could always use a Windows Live CD. Just like a Linux Live CD, they take forever and a day to boot up, but you would be able to run all of these tools on one. IronGeek put together a great tutorial for building your own Windows Live CD here: http://irongeek.com/i.php?page=videos/barts-pe-builder-intro