Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by logicalconfusion

  1. @digip Great info but I don't think we'll see Norton AV disappear. Most enterprise users rely on utilities such as Norton, Panda, and McAfee, when they're not connected through a VPN thats audited real-time by a network admin. The utilities you listed are good for monitoring and inspecting Windows applications and VMs can be used to beta-test suspicious files. Most torrent apps are loaded with malicious code, so forget trying to debug or distribute to friends. You never know whats really embedded in a virus. I remember the days when it was possible to embed executable code in .doc files to trick AV apps. The AVs apps are developed to detect KNOWN viruses and malicious activity. Its really just another layer of security. What happens if the virus is smart enough to hack itself outside a VM thats inside a VM thats inside another VM......
  2. @barry99705 Kali is the new version of BT5r3. Although its loaded with pen-testing tools and supported by Offensive Security, I think it's still a work in progress. I don't need a distro with like 1.3 gigs of just security tools. I know that BT5r3 crapped out when installing multi-media codecs and certain utilities that reference its internal libraries; so, I would presume that Kali is designed with the same set of restrictions. I'm looking for a script that will install just what it takes to turn an ordinary distro into a network/rev. engineering swiss army knife. I noticed a couple of neat scripts on the Unbutu forum. I'll post it here for review, if its still available. Maybe we can fine tune it and turn it into a real MCITP research tool. M$ applications rarely ship with whats required to reach under the hood.
  3. @barry99705 Thats true. I can use a generic distro. I ideally want a host that comes with a slew of security tools like on BT5R3 (aka Kali) w/out the headache. There are scripts out there that will make Ubuntu - BT-like. In other words, scripts that can beef up Ubuntu by d/ling all the editors, network apps, file utiliities. I remember having to actually tweak sys files on BT5R3 just to get the bkgrd and menu to appear like on the root acnt...it was a real pain in the a$$. I'm not going that route again. So, I definitely need a disto or script that can aid my research. Pleae help :D!
  4. I noticed several YouTube videos demonstrating how to emulate Win2k Server (08 and 12) on Win7 using VBox. What's the best distro for Windows OS emulation using Vbox on a Linux machine? Distros like BT5r3 require root access for just about everything, and some distro's like DSL(Damn Small Linux) just suck. I'm thinking of using either Ubuntu or Mint, but I don't necessarily need a Debian box. Any suggestions?
  5. Kali is way too new! I'm guna wait a while for them to kick out the bugs before I jump in, not that ol'skool BT5r3 is any better. That may be true if the OS is coded to detect OS type and protocol settings. In my case, the XP had a beat up hd that wasnt actually spinning at 7200 rpm even after a defrag. So it had nothing to do with software! I gota switch to solid state....somehow!!
  6. @digininja Seems too simple. I've never heard of Hashcast or John the Ripper (the one I read about is in jail getting his you know what ripped). Anyway, I think I missed the episodes where they demo how to compromise Linux shadow files and implement SAM security on USB drives. Its definitely worth researching. @digip I cannot believe that M$ deliberately coded their recent Win7 OS to allow anyone using the Offline NT Password & Registry Editor to reset passwords. You would think their keen enough to block such a hack. So, it's possible to install Win7 using full disk encryption - hm. Do you know if its a proprietary encryption format? I definitely gota dig around for those episodes. According to your last post, anyone can suck the hashes off Win7 and Linux, and then crack away, if its left un-encrypted. Digininja didn't list any reset tools for linux passwords. Anyone know of reset tools for popular debian based distros like Ubu (non-crack)?
  7. this may not come as news to most ppl on this forum but the Windows XP (and reportedly Win7) login password is easy to hack using a plain old boot disc. According to researchers the Offline NT Password & Registry Editor utility can be used to reset the password and Ophcrack can crack the pswd hash using large rainbow tables. Although I personally haven't seen similar utilities for Linux, I bet there's a slew of'em out there. Anyone know of any boot disc type tools for lost Linux pswds?
  8. a free VPN service? where? @Siber Bane By the way, those crop circles in your pic were created by ILLEGAL MEXICAN ALIENS. They call'em Los Gringos.
  9. hm, ever consider encrypting the data using TrueCrypt, a 63char pswd will protect all your info. you won't have to shell out for a VPN either.
  10. @digip how exactly do you expect attackers to pivot the entire network on a secure system, even it happens to be in the DMZ? Services like the Vonage-VoIP regularly instruct their customers to DMZ adapters that function like miniature routers (vdv22). I suggested closing all the other ports, except for the ones needed for the service on top of a secure software based firewall system. Please reply with real examples.
  11. @digip teamviewer and logmein hamachi both require interaction with an outside network - third party network. SSH, freessh, is a stand alone technology. I know from personal experience that popular freeware programs rarely every stay free forever. Do you know if the standalone teamviewer exe file calls home (requires outside authentication)? I wouldn't recommend such a service to an independent consultant. Who knows how long the CEO plans to keep it online for free to all "100 million" users.
  12. How does this list help crack a random 64char hex pswd? How many pswds are possible if a router accepts a 64hex (0-9, A-F) pswd? Is the list in English or does it also include all the Chinese, Pashto, and Sawhili possibilities?
  13. can some pls explain htf over 93 ppl clicked on a simple question w/out bothering to write even an "?"?
  14. A poor man's version of what dipip suggested would be to DMZ the PC hosting SSH, obscure the port # to avoid bot scanning and use IP chicken to get the public address. You can probably write a small script that e-mails/msges you the public IP when it changes. The OS firewall can admin the other ports and the SSH server would not have access to your internal network. DynDNS is great for those who can afford like 20$ a month on top of personal expenses and utilities.
  15. Whats the best way to back up web based e-mail msgs. Services like Gmail, Yahoo, and Hotmail offer POP/SMTP servers. IMAP caches the msgs w/out removing the original from the server. I need an all in one utility that can D/L emails, contacts, and attachments. The ideally utility should encrypt the info and integrate seamlessly into apps like Outlook. Cnet offers like a million and one different backup apps for Windows. Is there one that works on Linux and Windows?
  16. This is really weird. I got two daemons running on my old BT5r3, SSH and FTP. VSFTP crawls when I try to transfer files from my Ubuntu to the BT5r3 using SSL - its like deadweight. For some reason, the SFTP provided by the SSH daemon actually works on the BTr3! Windows on the other hand can actually use the VSFTP SSL. Its best to setup two tunnels instead of just one! I wonder which one is more actually more secure....
  17. @digip you were right. A federal judge actually authorized the FBI(Obama Administration) to monitor Verizon and AT&T customers under the Patriot Act.
  18. eBay carries un-cut fobs with chips installed. You can probably find one for your car. The dealers program the keyfob with a unique code that's tied to the vehicles VIN#(they claim), so theoretically its impossible to un-lock your neighbors car. But, just like WiFi its a radio signal so I bet its not hard to mimic using the GRC hacks. Whatever happened to slim-jims? I think most cops still rely on prying....
  19. @digip I just run netstat -ant | less and noticed a few open ports. It looks like the system is waiting for a connection or possibly running a daemon on some ports - 53, 631, 52931. How can I figure out the name of the application that opened the port and more importantly close the port? I know TCPview can close connections on Windows. Whats the best way to monitor and admin network connections on Linux? The default Ubuntu apps seem kind of primitive, imo.
  20. @Phil K. M$ paid hundereds of people and invested millions of dollars to develop the apps you listed. You don't honestly think there's a freeware alternative do you? Why waste your time tinkering w/ freeware linux apps. You should focus on learning DB theory. You're best bet would be to use VM on your nix machine or like SSH into a Windows box loaded with applications you mentioned, as suggested. Apps like WINE will never be able to emulate an entire OS like Windows 7....code base is just way too big. Good luck trying to get a handle on T-SQL! ''
  21. thats like asking whats funnier dead give away or 'cause I got a Hi
  22. Its all really a matter of preference. Mr. Goatee seems to think motorcycling is rad. Do you? Do you pronouce either by emphasizing the the first part of the word (EYE-ther) or do you say either? Tack reminds of the of a verb. Its kind of like saying I like Sunny Leone so much that I wana tack her behind.
  23. @CheeseBadger that's so stupid. push the issue? Send him your CV and resume! What do you think he's going to do even if they're not interested? It's not like you're ask him to pet your badger. You're just looking for cheese like the rest of us. I've been to several interviews just so I can meet IT professionals and managers, knowing they're looking for someone else. It's a great way to network! I'm not shy.
  24. @Jason Cooper I'm confused! You mentioned symmetry and asymmetry. The technology is really based on factorization of large like, 2300000^23, prime numbers, based on my research. The wiki page you referenced outlines the procedure for implementing keys based on RSA's standards. So, it appears that a third party is in charge of the initial transfer of encrypted, authenticated, info. Now before I discuss this here any further I want to know if the RSA algorithms are up for public scrutiny.
  25. Who's to say you're the only one? I don't think it would make any difference! Its out there already in cyberspace. This would be a great door opener for just as long as you clearly explain your intentions, in my opinion. He's going to get canned either way.
  • Create New...