Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by combatwombat27

  1. It is not a crime , correct, however it does usually void the warranty.

    I even agree with that because you can't expect a company to take liability for the device when you have completely changed it. They had it setup and controlled allowing them to be able to support any problems that arrise, when you change that they can't be expected to know what you did and have a solution. Or even pay for your mistakes.

    That being said I'm all for anyone jailbreaking/rooting/hacking anything that they want, I just find it silly to expect a company to cover it if you brick it.

  2. Not that you shouldn't check the file for viruses to be safe, but I wouldn't be too worried.

    You said you couldn't find a legitimate reason a game was imbeded in the excel file. That's the easy part.

    I just recently worked on the helpdesk at a manufacturing plant for one of the major car companies. People would hide games in the excel files to get away with being able to play them. Since the websites that host the games are blocked they would have to have a local copy. Noone would expect the excel files unless they were named something conspicuous.

    However, that's not to say it definatly isn't malicious, rather an explination as to why it exists

  3. I would really like to see this too. I wouldn't doubt it if one of the Hak5 team had it saved somewhere. The only problem is getting someone who has it to notice this thread. If you do find it though can you shoot me a pm or something? I was busy at work at the time of the event

  4. Metasploit is probably the easiest way, setup a java applet attack on the LAN and viola. Then once you have a meterpreter session you install the keylogger from a hidden installer (almost all the mainstream ones offer hidden installers). Then you use meterpreter keyscan as a backup keylogger in case the antivirus catches the other one, run persistence and metsvc to maintain access, and you pwned the pc without ever having to touch it. Then delete your tracks. Much easier/cleaner/reliable/stealthy than simply installing a keylogger.

    In my experience, when you ask a question in hak5 9 times out of 10 metasploit will be the answer.

    Again, Metasploit when I already have physical access? I mean metasploit is designed to exploit and get me in.. but .. I am in....

    Also. I'm not really looking for a keylogger. That just happened to be someone's suggestion.. the other suggestions I will be looking into the next couple of days. I'm down to persistent cmd prompt access.

  5. Here is the scenario:

    You get a chance to go to a con, for this example DEFCON. (If you dislike DEFCON that is ok, just put that aside temporarily and work with me here :P)

    You want to use backtrack to play around while we are there and we don't want people to access our stuff.

    As the saying goes, you might as well consider anything on your computers hdd as shared while there.

    You only have your one laptop, you cannot borrow one etc.

    You only have your one laptop hdd, you can't buy/borrow another.

    You haven't encrypted your laptop hdd and your running Win xp/7

    So! You get clever and boot BackTrack via usb on your laptop that way your not in your main os and you can have a little fun. :P

    But wait! assuming the attacker can compromise your BT5 then he is in your system and can mount your laptop hdd and access your stuff just as if you were running your unpatched Win box.

    Here is what I'm thinking and wondering.

    Besides removing the hdd is there really any way to stop BackTrack from being able to mount or enable the drive? I mean is there a way you could cripple its use untill say a reboot or something? (Yes, you could encrypt it, remove it, etc but that isn't the way I want to go with this.)

    Secondly, How secure are you running BT5 really? Is it just assumed that you could be compromised at any moment? Has anyone actually tried hacking into a BT 5 box?

    Thoughts? Opinions? Extra Questions?

  6. It is my box, so I have physical access to the machine and have admin privlages, that is not the issue.

    Being such, using metasploit to hack in and get a shell seems a bit arse backwards making more work on me. Unless your suggesting add a bugged program or some other means to know for sure that I can exploit the system and even then... doesn't sound quite appealing.

    I'm quite aware that given the right circumstance I could get in via an exploit with metasploit but that's not really the way I want to go.

    I'm going to look into a couple of the suggestions here.

  7. I am also seeking confirmation one way or the other. I just recently got the MK II from the hakshop and now there is a major upgrade. Frankly I wish there had been a hint to the upgrade and I wouldn't have shelled out the same price for lesser hardware/antenna, and lesser firmware. :/

    If we could just get Darren's input on this that would be great too.

    **Seems like there are now a couple threads on this topic**

    This is really some information people would like to know!

  8. So if your under 18 what are you wanting to do? Upgrade an existing plan? Get your own cell service? What service? Some phones only exist for certain pr

    oviders. Also, 400 bucks at 18 you can definitely do that. Fix a few computers etc

  9. If its really your computer then theres no need to have a script to create the user is there? Just create it before you go. If you're concerned hes using it while you're gone then just tie it down to one user with a password. Not so sure about this though because you start off saying you mess with each other's PCs but then by the end of the post you're implying that its your PC. Hmm. :P

    Yes, the script was for messing with my brother. And I have got that setup.

    I have a batch file created to setup a user, grant them admin rights and then edit the registry so they don't show up at login.

    If you know the administrator password of your brother's computer, than PsExec would definitely be something you want to try. On the other hand, since I haven't used FreeVNC or logMeIn, don't know how effective they are in terms of controlling a PC remotely, ( does it require the end user to accept your session or does it automatically logs you in and give you full control).

    I've used Dameware in the past and its really scary, it doesn't require any end user interaction, you get full control of the PC in matter of seconds. Now when using PsExec there is no need for installation, it's all command line based.

    You can download it from this URL, http://technet.microsoft.com/en-us/sysinternals/bb897553. The url also contain some sample commands that will be useful when learning.

    If you need any assistance just hit me up.

    I am looking into Dameware, but my issue is the cost @ $289.00 to prank with my brother. Now yes there is a trial but that is only 30 days of fun.

    P.S. I love Command and Conquer also.

    For my situation I also cannot have the "This session is monitored..." or "%computername% is connected..." because that will ruin the stealthy stealthness.

    I could probably work with something that wouldn't let me use the mouse and keyboard but just view the screen. But I would prefer both.

    I will check into all the suggestions!

  10. My brother and I like to mess with each others computers (nothing harmfull)

    Ok so here is what I want to be able to do:

    1. Remotely access command line with no trace (any popup or messages or notifications on the desktop) (I don't mind logs or something like that.)

    I would like to setup something like SSH in linux really. It would be cool to have a batch file that created a user and then

    allowed a command line connection to it. I could deploy it on my brothers computer to get him back :P

    I have heard of people using psexec. but I really don't know how to set it up on the host computer.

    2 Not necessary but an added bonus to be able to view the screen w/ out annoying popups saying i'm connected etc.

    Here is why. 1. I think my younger brother is using it while I am gone and I want to mess w/ him (sibling rivalry)

    2. In case someone steals it.

    Yes it is my computer, yes I need to be able to do it via the internet, not just the network.

    I don't HAVE to have #2 but it would be nice. Any other ideas would be nice

    Oh just in case this helps, its a windows box.


  11. Z

    Hmmm,well right now I have limited choices for schools in this area. Well I guess I will just have to do the self teaching thing again,learning how to run linux on my netbook,learning to fix my old desktop system and trying to not blow stuff up. >:)

    One last thing,what would be a good linux distro to learn and work with,something that will help with IT work?

    Since you have some linux experience I would suggest archlinux that way you have to do all the setup yourself. You will really be able to get your hands dirty setting it up. No gui install. Then run some servers to play with maybe play with iptables, setup and manage vpns. Etc.

  12. I have at least 3 people who work here in this it department that go there and 2 that teach there, however people that go there have told me that there is something funny with the acredidation and it was "not worth the cost of attending" I was also told your credits wont transfer. But I havent verified that.

  13. Actually, I have seen this done firsthand in a live environment. I was at a certain bookstore that will be left unmentioned who has Internet free to their loyal customers. Without an member id you can't access anything. There was a person who sniffed up the network traffic and copied on customers mac. This customer was surfing the web on his laptop. This person cloned the mac of said customer and could immediately access the Internet, seeing as I wasn't the one doing it i was free to roam and being curious I moved back and forth behind the two laptops, the entire time the user was there they both could surf the internet fine and when the user left the "attacker" still had the access due to how the router works (if the attacker when inactive for an extended period of time his lease would expire though) again, not me, just some guy at the bookstore. Of course this all depends on how they have the network and access points setup so may not work well or at all in other environments. But confirmed threat in a certain large chain bookstore.

  14. No walking in random directions, build just within site of someone else, that way the map isn't unnecessarily huge.

    I really think the language in chat thing is bogus, I mean really can't everyone handle a little adult speech??

    Also, I would like to have Mobs, and not skip night time. Just a preference. People who don't wan't to deal with night can just hold up till morning.

  15. Would be fun to play on... I could set a minecraft server up. (can host it on a VM on an 16 thread / 24GB machine)

    Not sure if we should leave the server open or do a whitelist?

    Whitelist, we don't want greifers. We should also discuss if we want any mods, vanilla , rules , etc

  16. There is an older free game (not major game just online supported pc game) where you code in a custom language (used by the game) and attacked each other until you deleted the others code.

    I'm trying my best to figure out the name of either it or the coding language, I had the page up just the other day!

    [Resolved] Core Wars http://www.corewars.org/

    Now that I look at it, It reminds me of a older robocode

  17. I would be glad to help you, however, what is it you are trying to ssh to or from? What are you trying to do? Surf the web anonymously? Connect to your computers with encryption? What?

  • Create New...