Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by combatwombat27

  1. 240 views and not a single reply? I figured SOMONE here would like it.
  2. A ditto to Jason Cooper's post. To give you a bit more information, the emails you are recieving from the spam are likely one of two things, controlled by a bot that really doesn't care what you send it or spoofed. The spammer can spoof the email showing in the header so that it isn't correct. In fact, they don't even have to own the account to send an email supposedly as someone. For instance just to mess with the IT company I used to work for I from my home computer (with no access to work email at all.) used a simple piece of software to send an "email" to support@mycompanyhere.com from ghost@mycompanyhere.com with the subject BoooOOOOooOOOO!!!!!
  3. Correct, I was just discussing on IRC, I have no doubt that people will willingly connect for the free wifi but the Jasager portion of all this is getting more and more outdated. If it wasn't for the ease of use and attack tools now builtin to the pineapple it really would be on the decline in usefulness.
  4. Now I only have outdated information and was seeking a bit of clarification. Is jasager/karma effective against anything other than open wireless networks? Since the pineapple doesn't know the psk for WEP and WPA networks it cannot spoof as them and be auto connected to can it? And if so, is the pineapple still really that effective especially since more and more devices just like windows 7 frown away from auto connecting to open wifi.
  5. ******NO LONGER FOR SALE****** So I have a working barley used WiFi Pineapple Mark II that I am looking to get money twards a Mark IV. It is signed by both hosts as seen here. Yes I know it isn't normally worth as much as a new Mark IV but I am hoping someone here would like to add this little treasure to there collection. Comes with power adapter, battery pack, and origional instructions. Heck I'll even ship it in the Priority Mail box Darren sent it to me in. Help a fellow hacker out! I would love to hold onto it but just cannot afford to buy the next level up. I bought this one just before they upgraded the hardware. :/
  6. Remember there is differences in encryption at rest and in motion. At rest you cover by stuff like file encryption, full disk encryption, encrypted file containers. In motion you have to encrypt the traffic so, SSH, SFTP , HTTPS, etc. It depends on how you are trying to "talk to your server". Can you give us detail more on what the two are doing? How they interact more specifically? I know you say the two are connected and you send commands to the server, but what are you currently doing? With more information we can tailor it to your situation.
  7. Be very careful to follow rules and regs while setting all this up it is a big deal. (I'm sure your aware) I do a bit of state level work and the best thing we do I could suggest is to try and follow NIST standards as well that way you have been following due diligence and due care. I would also see if you can find information on where this has been done before. The more you can base what you do off of valid standards and previous successful deployments the better of you will be and the more reliable system they will end up with.
  8. I was wondering if, just to make your post more like a dev post if you could add more details about what functionality of the pineapple you were bringing to the table. The Yasager portion? Just sharing out your internet as a wifi access-point named whatever you choose? etc. If you were into it you could also jump on something like github and then add to this seemingly great potential project. Good Luck either way! And Thanks!
  9. I second Berkeley DB due to being lightweight. You don't sound like you need tons of functionality and a db that is super powerful so I wouldn't work with the rest , that would just be that more complex. Unless you want cool features like it accessible on a webpage, support hundreds of users etc.
  10. If it isn't necessary (and I don't know your situation so it may be) to protect the system itself(remember full disk encryption only protects data at rest and a computer on and running is no more safe w/ full disk encryption than the same without) you might consider encrypted file containers that you open only as needed. You could code an automated process that prompts you for a the encryption key to open the container it would use the data and the close the container when done. Data in encrypted containers is also vulnerable while the container is open. I would use truecrypt and a little script-fu in the language of your choice to accomplish this.
  11. Ironically I'm working on just that for work and have already done the research legwork for you. :D Best bet would be to go w/ filevault 2. Due to two facts: It is built into the Mac OS*. It is free.* **The filevault you need is 2, which you get from upgrading or having OSX LION. So, you would have to upgrade if on Snow Leopard or something else. (Costs about $30) Once you upgrade just do a finder search for filevault. From there just click the Filevault tab and click full disk encryption. WARNING!! If you loose or forget your password you could loose everything! From looking at it though they may have upgraded it to where you can use a code to decrypt it if you loose your password. This code can also be automatically shared with Apple in case you loose it. (I would highly caution against doing so. (Personal Preference, I wouldn't want ANYONE having access to the encryption otherwise I wouldn't use encryption.)) Let me know if this works out for you or you have any issues. I will be encrypting the Mac for work tonight. Hope this helps.
  12. Without that access I'm not sure there is much of anything you can do but make sure you have a good signal and such. Someone else here may know more options
  13. @infiltrator, I'm pretty sure that's what he meant @Saak, you would have to have admin access to the wireless ap, and even then it would need to support some kind of quality of service to give yourself priority. If you have access to the AP let us know what model it is and we can go further from there.
  14. So there are two major reasons it will sometimes won't work. 1. Like was already said, if the client is hardcoded it won't listen to the dns set on the router. 2. Once you change it, the clients have to refresh their connection due to them having already received the information from the router when they first connected. (I find you can get past that often by rebooting said router once you make the change to the dns, forcing the clients to reconnect)
  15. We need to get together and schedule a time to play together. I don't like playing all alone in the world :P
  16. will give you everything in the subnet as in anything 192.168.1.something. just use the link mr. Protocol gave to decide on an attack etc
  17. Best, externally your only gonna get to his router/firewall. (Or if the apartment handles NAT then theirs) you would have to be internal to actually nmap his specific machines. (Or they would have to be internet facing)
  18. Sweet, I'm so glad to hear I can make it a mark 3 :) , is the software a major jump from 3 to 4? Or is it just better hardware and support for stuff like broadband cards?
  19. I have tried asking this in my own thread befor but I've never gotten a solid answer. I bought a mark 2 right before the release of the three ( I was very said to get supprised within a month or so that I had just bought something outdated :( ) and was wondering if it is upgradeable to any revision of newer code. ( know there were hardware changes in 3 and 4 but I don't know if the code was written just for them
  20. Sounds pretty simple to me. The just have access control setup on the router, likley by mac address. Your mac wasn't on the list so it redirected you to a simple webpage on the router that states your computer is "unknown". The router already hosts webpages to allow the web config so it wouldn't be a big step for the manufacturer to add that functionality. *sent from my cell*
  21. I also have a 30 down 4 up connection w/ an vsphere 5 serv XEON E3-1230 Quad core w/ hyper threading 10gb ram (need more ram o.0) that I could be persuaded to host it on and leave it up. I am also very for letting other people admin the minecraft server itself. That is if we want to do it that way. I quit playing on it because every time I got on I was alone. Either way I would really like a copy of the serv and or map for my own use. I really liked the tree-house I built. :D Lets all see if we can come to a consensus of: * If we really want it * Who would play * If we could get more people to play * The actual specs we would need to run it * Who we want to host it * Who would be admins * Any other suggestions/ideas
  22. Determine its flame retardant capabilites. Burn it in a fire. Determine its collision avoidance capabilities. Beat it with a hammer. Determine if it makes a delicious shake. See if it blends. Determine the crushing force it can take. Run it over. Determine whether you can take it scuba diving. Drop it in a full tub. Determine if it would survive an ice age (or at least alaska). Put it in the freezer. Determine if it will protect you in a gun fight. Shoot it. I'm sure I could think of a couple more thing that the device is usefully for. Unfortunately Belkin in my experience certainly isn't good for actual networking use. Very unreliable.
  23. 1. I AM VERY SORRY, I was posting from my phone and messed up posting 3 times, If an admin can remove the other two posts I would be great-full. Domain Network Privilege Escalation : a high level overview compromise a system on the network keylog that system and wait for a user with admin permissions to use it or compromise a serv and do the same thing or compromise the domain controler and add an admin acc or change the pass on an old dormant account and give that account domain privlages. Remember this: Humans are creatures of habit and laziness. It is likely that one user even with multiple accounts for multiple things will use the same password or a simple variation. The same goes for someones regular and privileged accounts. This is not an all inclusive list just some of the basics. Using these ideas it should be easier for you to look up guides/information. This was written for a domain due to the fact that there is no single admin account on standard home stile workgroup/homegroup networks. There may be an account with the same name and password on several computers but they are still different accounts due to all accounts being local. On local networks if you can control one box you can do quite a few things such as arp cache poisoning and reading people's packets. With a foothold in one computer you can nmap the rest of the network to see what is available for attack. IT isn't Admin on the network but it is the best position to start at in simple networks. REMEMBER : if it isn't your network and you don't have permission, even privlage escalation can get you in a ton of trouble. I provide information only for learning in theoretical / legal. tests/situations.
  24. It would be easier to get the program you either use or designed to save the date in the file name. Windows has a built in ftp client you can use via the cmd line or a bash script. You could use one script to do the backup, zip/rar it up, and ftp it to your serv. Magics
  25. Does anyone care how the encapsulation of a sandbox actually works or perhapse some suggested documentation? If always found it interesting how something could be contained yet still have access to all the computers various files, dlls and resources.
  • Create New...