i8igmac

the default password I see from Comcast routers is 8 chars long... My 35000 performance hash's per second and 86400 seconds in a day 36**8/35000/86400=932 days 36**12/35000/86400=1566925045 days With a cluster of water cooling video cards and extreme over clocking. I could see it possible to crack default comcast 8char password

36**12=4738381338321616896 36 to the twelve power 26 alphabet plus 10 (0-9) =36 36x36x36x36x36x36x36x36x36x36x36x36= 36 multiply by 36 twelve times with 2 of my computers I can accomplish maybe 35 thousand per second. 36**13/35000= 4873763662273663 4873763662273663 seconds to process this list of passwords with crunch. 36 to the 12'th power devide by 35000 per second... 4873763662273663 seconds for me to complete

Have you tried logging in with a single user password with Hydra?

I think facebook has logs available in your account to show history of user agents that have logged into your account. This is also a notification emailed to registered email address. I get alerts sent to me if I use a new webbrowser on the same desktop (new user agent)

a buffer over flow for a ftp server for example, you have to configure the exploit module and include a payload. The exploit module will craft a large packet that will trigger the buffer overflow, metasploit will generate the payload and place the shellcode inside this Large packet and send it off... the exploit module will launch the packet onto the network using the ftp protocal and also configure the payload multi handler to handle the payload with metasploit sockets. multi handler is simply a module that can be configured to handle payloads.

I have seen Extream setup cream cheese never been provided with BenchMarks. if we use a test subject as a controle Point, i think bang for the buck a 1090t amd 6 core Could perform very well and cost 135 on amazo. Witchcould equal 5 rasp pi's... ( not a fair comparIson, When considEr the cost of a desktop) So what if a car Radiator was used to cool a cluster, could we out perform a desktop when we consider the cost per benchmark. (Something about android phone and this forum now is unusable)

I knew I made a mistake with my tool selection. I had to crack open the desktop and move all data over to the raid one drive at a time so I figured I would perform a quick test. my money ran short when I purchased these drives, bestbuy had a nice price at about 65$ per 2 tb 5400rpm. I plan to clean up this post with model numbers and I might run the test over with dd/reads/writes

this is not exactly a hack or a mod, just wanted to share benchmark results... making upgrade to my movie streaming and backup server. the motherboard is maybe 7 years old, 3gps sata ports, this might be the speed limiting factor. (currently running a live usb, will test more drives shortly) 3 cheap hard disks 5400 rpm 2 TB running raid 5. my old 500gig single 7200rpm 1 tb 7200rpm solid state drive 120gig

I would suggest remove the thumbs down button completely.

Lol I like it

Anyways... There is a funny situation with quotes and my droid phone... cant delete theM... this exploit Process was alot of fun building , it was completly staged php code that will write a shell Recursively to All Writable directorys...

Do you have any doubts with your abilities to do well during social situations? maybe you where the only child, Lived a sheltered child hood, Picket on routinely or live in the shadow of a much more successful sibling? Some people blame it on there anxious temperament along with a increasing development of shyness... socially awkward behavior can be treated with pills and a councillor...

have you ever made some really good stuff?

not I nor anyone I know will ever come to you looking to be informed. im not here trying to build a name or get my name out there. If you have a problem with hd Moore's success. you should first try and understand how he began. I had some inspiring talks with the guy about my love for ruby and importing my exploits into his framework was exciting. he did provide me with a path I choose to not follow... at that time he was providing only free tools, so how could he employ? Your opinion still is not valid or valued. Edit... to foxtot comment above... A upload portal for all to share exploit code is what got him to where he is today... not a suit...

7 years ago when I made this exploit scanner hd Moore was just starting to get recognition. he was not on a profitable level... My attempts to find employment have nothing to do with children putting on suits... importing my own tools into metasploit modules was just a self taught demonstration... Your opinion is not valid.

Just something I found, one of my old videos... I made a exploit scanner of use with local file inclusion... I made this with hopes of employment from hdmoore 'metasploit' Creator... i was shut down 7 years ago :-( Automated the exploit, logged all the config files for further search of exploits and got a webshell... deleted the appache logs to cover my tracs loL

http://securityxploded.com/backtrackregistry.php And here is a tutorial showing how to bootup kali live usb and edit the windows registry... Run clamAV when u have kali running on the windows hard drive via command line... its possible the av will capture tools on the kali hd and lock them up...

https://www.raymond.cc/blog/how-to-edit-windows-registry-key-values-without-booting-in-windows/ This is a good looking artical, shows how to bootup from a live usb stick and modify the registry... the problem you may run into is these nasty rootkits are almost unstoppable in many ways... cant kill the process and you cant over write there regestry keys... they always respawn and rewrite the keys... I i figure a live os boot stick should do the trick...

https://malwaretips.com/threads/most-important-areas-in-registry-to-check-for-viruses.38778/ More useful

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

http://www.symantec.com/connect/articles/most-common-registry-key-check-while-dealing-virus-issue I found this article (content posted above). some useful information for manual removal of registry locations... they are missing the safeboot location witch I think symatec should have included in there article... Any one think of othere techniques?

1) StartUp C:\windows\start menu\programs\startup * [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Startup="C:\windows\start menu\programs\startup" * [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] Startup="C:\windows\start menu\programs\startup" * [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders] "Common Startup"="C:\windows\start menu\programs\startup" * [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders] "Common Startup"="C:\windows\start menu\programs\startup" "Anything over here execute when you start up your computer" 2) Windows Scheduler: Check for entries in the Scheduled Tasks, as well as via the AT command at a command prompt. 3) c:\windows\winstart.bat 'It basically behaves like a normal batch file, then only difference is that it can be used to delete files when you start up your computer 4) Registry : [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "Whatever"="c:\runfolder\program.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] "Whatever"="c:\runfolder\program.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Whatever"="c:\runfolder\program.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Whatever"="c:\runfolder\program.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Whatever"="c:\runfolder\program.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Whatever"="c:\runfolder\program.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices] "Whatever"="c:\runfolder\program.exe" 5) "Autoexec.bat" 6) These reg keys will basically spawn your programs, as you can see this is very dangerous because these keys are very used by viruses and Trojans. [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\piffile\shell\open\command] @="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] @="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] @="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] @="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] @="\"%1\" %*" The key should have a value of Value "%1 %*", if this is changed to "server.exe %1 %*", the server.exe will be executed EVERYTIME an exe/pif/com/bat/hta is executed. 7) Explorer start-up The problem with these operating systems is that they look for a file called "explorer.exe" whenever you start up your computer, that file is basically the one that you see all the time but dont realize it is there , if you go to your taskmaganer you can see it, you can even kill it and you will see that everything in your computer that belongs to Microsoft will disappear, except for the extra windows that you open such as cmd, regedit, services.msc etc, but your desktop will be gone. As you can see this is dangerous because it also means that if somebody modify your explorer.exe file then your computer will be corrupted. In fact, to change the name of the start bottom, has to be done by modifying the explorer.exe file, so there is a clue of a small difference that can have an effect in your computer. here is the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell if a Trojan changes that to a path of another "infected explorer.exe file" your computer will start up the file the Trojan told it to and not the one used by Microsoft. 8)"Active-X Component" [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\KeyName] StubPath=C:\PathToFile\Filename.exe This key is great because it starts the program that it has in its path BEFORE the explorer.exe file and any other program starts in your computer, so if you can understand why your antivirus can't detect the virus when you boot up, it is maybe because your "virus" is taking care of it before it starts up. It could even kill your antivirus before your antivirus starts up

Destination =>01:01:06:00:f1:13 Source mac=>Af:a3:3f:ff:ff:00:00

#infect normal operations mode HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\run #infect normal operations mode HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services #infect SAFE BOOT NETWORK MODE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Spooler] @="Service" years ago I have spent some time making rootkits for windows machines... this was a lot of fun learning the ways to better infect a machine and keep a reverse shell running 100% of the time... I would deploy my rootkit from a meterpreter shell, upload and execute functions and make a few registry entry in a automated fashion... I hope to get some feed back on all locations to infect, a very basic infection could be as simple as placing your exe in the startup folder (below) C:\ProramData\Micsoft\Windows\Start Menu\Programs\Startup Every time the machine reboots, then your application will startup... I hope you guys can share more simple and advanced examples such as Safe mode registry locations Current user locations all user locations Local machine locations scheduled tasks Etc... I will attempt to recover a machine tonight and hope to get your feedback.

wlan2 ->192.168.97.1 eth0 -> 192.168.96.1 (dnsmasq.conf) interface=eth0 dhcp-range=192.168.96.50,192.168.96.150,12h interface=wlan2 dhcp-range=192.168.97.50,192.168.97.150,12h so, if a device connects over eth0 or wlan2, dnsmasq will do a fantastic job... i have a machine struggling to connect and keeps attempting a dhcp request... May 7 08:17:04 kali dhclient: DHCPREQUEST on wlan2 to 255.255.255.255 port 67 clients that connect to wlan2 should get a new ip on the 192.168.97.subnet. im not sure what machine continues to flood dhcprequest... here is a network packet, i dumped with this command tcpick -yH -C -i wlan2 "port 67" 01 01 06 00 f1 13 af 3f ff ff 00 00 0a 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 ca 81 ee 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 35 01 03 0c 06 69 70 68 6f 6e 65 37 0d 01 1c 02 03 0f 06 77 0c 2c 2f 1a 79 2a ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 01 06 00 f1 13 af 3f ff ff ill read about this packet and find the source and destination ip. witch might be this first string...