bobbyb1980

You can read up on "beige boxes" and splicing phone chords and how to hook into a line. If you search around your house and look for stuff like digip posted, you'll probably find it.

He can google it. He can un-hide files via the registry also. Congrats.

Even noobs have to think for themselves kid, let the OP decide what they should or shouldn't do.

You should be able to change it back in the registry under HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.

Lol great topic. Every generation throughout recorded history has thought they'd be the last, the rapture, the ascension, Y2k, all the Euro/Asian ww2 end of the world philosophies, etc. Still great fun to plan for it though. Unfortunately I'll be working when the winter whatever comes on December 23. Have lots of general purpose antibiotics, lots of automatic rifles, even more ammo, learn to love MRE's, and most importantly go far far away from any humans who you wouldn't trust with your life.

Barry, check out this article on hardening your webcam. http://netsecurity.about.com/b/2011/03/25/how-to-secure-your-webcam-in-less-than-2-seconds.htm

I was thinking (hoping is a better word) that I could just do a binary paste and execute some shell code in one of the .dll's that I thought was the MBR and viola, covert code execution. I now see that's not the case and nothing about this "attack" is covert.

Pentesting is a huge field with tons of topics, some of which are extremely different from each other. Find something you enjoy doing, then stick to that. If you enjoy building websites, try web app security, if you like writing windows programs, windows app security, if you like wifi pineapple type stuff, go with network security, etc etc. Each of these fields can provide a lifetime's worth of research. IMO, most people who excel in this field are specialized in one or a few subjects. You'll go crazy if you try to do it all.

OK. The partition table.

Got it guys, thanks.

I could be wrong, but to my understanding the Win7 MBR is located in vdsutil.dll (http://thestarman.na...m/mbr/W7MBR.htm). Specifically in the first 512 bytes of the file. I appreciate your links, but I'm not interested in fixing XP boot records or MS links for Windos recovery tools. This thread is about rewriting MBR's to execute opcodes, so let's keep the topic about that. EDIT: For our Windows 7 install, all the bytes of Win7's MBR code were also contained inside the following files (listed by location, alphabetically; with offset to first byte of the code). In each case, there will be a full 512 bytes that comprise the MBR code (the location for the NT Disk Signature and the 64-byte Partition Table are all zero-filled, the last two bytes being 55h followed by AAh): 1. C:\Windows\System32\RelPost.exe [Offset: 12CD0h] ("Windows Diagnosis and Recovery"; File version: "6.1.7600.16385 (win7_rtm.090713-1255)"; 182,784 bytes; Modification Date: "07/14/2009 1:14 AM"). There's also a second copy here: C:\Windows\winsxs\x86_microsoft-windows-reliability-postboot_31bf3856ad364e35_6.1.7600.16385_none_4d97265566a66f7e\RelPost.exe. 2. C:\Windows\System32\vdsutil.dll [Offset: 22CA8h] ("Virtual Disk Service Utility Library"; File version: "6.1.7600.16385 (win7_rtm.090713-1255)"; 151,040 bytes; Modification Date: "07/14/2009 1:16 AM"). There's also a second copy here: C:\Windows\winsxs\Backup\x86_microsoft-windows-virtualdiskservice_ 31bf3856ad364e35_6.1.7600.16385_none_6ac128c35c0231aa_vdsutil.dll_f2ef43cf. 3. C:\Windows\System32\vssapi.dll [Offset: E20D0h] ("Volume Shadow Copy Requestor/Writer Services API DLL"; File version: "6.1.7600.16385 (win7_rtm.090713-1255)"; 1,123,328 bytes; Modification Date: "07/14/2009 1:16 AM"). There's also a second copy here: C:\Windows\winsxs\Backup\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.1.7600.16385_none_d4bd3473e31540bf_vssapi.dll_51f72c64. 4. C:\Windows\System32\VSSVC.exe [Offset: E1BA8h] ("Volume Shadow Copy Service"; File version: "6.1.7600.16385 (win7_rtm.090713-1255)"; 1,025,536 bytes; Modification Date: "07/14/2009 1:15 AM"). There's also a second copy here: C:\Windows\winsxs\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_5aa3249a792b0938\VSSVC.exe 5. C:\Windows\System32\oobe\winsetup.dll [Offset: 184220h] ("Windows System Setup"; File version: "6.1.7600.16385 (win7_rtm.090713-1255)"; 1,794,048 bytes; Modification Date: "07/14/2009 1:16 AM"). There's also a second copy here: C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7600.16385_none_3202d4720e95de08\winsetup.dll.

ARP based attacks are very "noisy" and can be stopped and/or detected at multiple levels. It's a good way to learn how to redirect traffic, but don't expect it to work in the wild very often.

Yeah, well I'd really like to see how he's rewriting the MBR on Win7 as this video is pretty useless without that info. To my understanding the MBR on Win7 is spread out over a few .dll's. I'd imagine you'd have to disassemble the .dll's, and reassemble them with the altered MBR. Two issues with that though, one I think ASLR might stop this from being replicated since it would change the address in memory, and two the new MBR would have to have exactly the same amount of bytes as the old one or it could cause the .dll's to crash. This will be my next project.

Konboot might load a kernel, but it's using the sticky keys so offline attacks are happening somewhere in the process. One way I can think of to do what it does is to just delete the SAM from the offline disk, save it to the USB, then after bootup replace it again once you get system, then the next reboot the same password is required to logon. In the Windows video it wasn't shown how to rewrite the MBR. I'm not familiar with QEMU very much, don't know whether it's an OS emulator or Cygwin type deal, but either way the video didn't show how to rewrite the win7 MBR. He just ran dd against some fake output.

Konboot looks like it manipulates the SAM and does the sticky keys trick (I wouldn't pay 20 bucks for that as konboot asks) via offline attacks on the filesystem, whereas this rewrites the MBR. You can change some of that code to make it say "enter CMOS password" instead of Windows password. How exactly are you getting that on the MBR in Windows 7?

Can you make a WPS brute force application from scratch? No, most programmers who don't design routers probably cannot, but you can look at concepts in existing code and redesign it. By the time you redesign it (rewrite the classes, functions, etc), it will be so different from the original that you can call it yours.

I never said make it better, but I'm sure it could be. I was encouraging him to write his own code instead of putting a few buttons on other people's code.

If no one reinvented the wheel, we'd still be using some 300 lb. stone wheel from pyramid country. I haven't done it myself, but I think it'd be pretty practical to write a WPS brute forcing application. If you're interested, check out wifite-ng scripts, it has it's own open-source WPS brute forcing code that could give you ideas.

Like digi said it sounds like maybe it's a driver issue. What updates did you install? Can you boot it to the cli? If you can maybe you can run lshw[/CODE] and see what video driver you're using. You can also try to download the driver from the manufacturer's page, chmod +x it, and run it from the console. Once it is installed you can try the /etc/init.d/gdm start. That's how I normally install video drivers on my Ubuntu machines. Could also be a resolution issue. BT should ask something about display/driver settings on bootup, anything of interest there?

I'd imagine they have signals for stuff like "stop" and "go" instead of spelling out each word. Seems pretty similar in concept to underwater hand signals used for diving. If you really wanted to you could spell out the alphabet, but no one does. Rural mountain farmers also often use whistle codes to communicate over long distances where there is little/no visual contact. The high pitches can easily travel, like in canyons, valleys, etc. Pretty cool. Long shot from obscure though.

I'd say for a first programming language, python/ruby will take a few months of everyday work to obtain an intermediate level. It's a great place to start (especially for the OP since it comes native to both Mac and Linux based OS's). I think it's also important to learn a low level language or at least do some reverse engineering/exploitation tutorials to learn how the computer works at a lower level, and also how programs flow.

Maybe you can trying starting the X server using /etc/init.d/gdm start instead of startx?

Network Forensics: Tracking Hackers Through Cyberspace is an e-book that was recently released that aims to teach investigators how to gather evidence to trace people, what's legal, etc. http://www.mediafire.com/?kfgtsbi1ib3hvqg

Deep Freeze is weak and insecure. It has been for some time now.

Reaver is ok, but why not try to make your own WPS pin brute forcing application?