Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by ghosthunter007

  1. nice work on the android but laptop still more powerful for remote or desktop.
  2. One possible way to exploit it is to arp spoof the network route all traffic thru your box ( you become the router) then write a IPtables rule to run a script if conditions are met (affectively spoofing the repo site) Then the script you allow them to upload and run will have anything from email keylogger to adding a root user account.
  3. What version of library are you using. You may want to try metasploit in backtrack 5r
  4. sorry for bumping but still looking myself could use a bit more insight.
  5. You so can sue that school for that. Know your laws it will protect you in the end. i am so sorry you got suspended over their ignorance.
  6. OK lets get old school Cracker = Evil which = someone doing damage to a system or removing copywrites from software or bypassing copywrite protection Hacker= Curiosity which = no harm but will leave a back door for future use. (The first term hacker was to protect source code with a virus) Phreaking= Phone hacking (Miss these days) Social Engineering = exploiting someones ignorance to gain information also know in todays world as Phishing (Mostly electronic Emails) Ok these are the top 4 from back in the day and since the release of Wargames, Hackers sneaker net, Net, and Die Hard (Live free of die hard) the term Hacker has become tarnished from hollywood. Hollywood = tards with money no clue. take them out and flog them until they get it right. (Bad director hackers don't destroy) Hackers are not criminals Crackers are criminals Phreaking iffy At least to me that is what these mean. Thank You Ghosthunter007 since 1985
  7. PE 1950 cost me 1000.00 Fast2020 1TB 500.00 (Repo sale) Catalyst are $50.00 a pop Router $100.00 liquidation sites All the MS licensing I just use trial version so I dont have to pay for the keys. Citrix CSG is free Citric Concentator is free XenServer 6.0 1000.00 Wireless 200.00 from Cisco in San Jose after market value sale. But I have done enough consulting gigs to pay for it all 5x over. Just look for deals on the net. A little hidden secret I use to dumpster dive at technology centers and companies for gear but that got old and troubleshooting unknow issues was old but 80% of the stuff I did get worked great. Use the same rules as the cops if its in the trash its pubic. as long as the company doesnt own the land the trash can sits on. MNost land owners dont enforce that anyways.
  8. This isnt theory its practical practice in many networks. I use a combination of PFsense firewall with portscanner then snort with custom rules that will write to the firewall. Then on the window systems I have a python executable that will monitor the server and if that server is running say web (http) port 80 only and someone scans it or trys to connect to any other port than 80 the python program calls to snort and writes a block rule on that IP address, (Honeypot systems are great too) All this takes time planning and careful implemetation then testing. what you do not want to do is have your system attack a federal system or a system that has been hacked and used a man in the middle attack, also need to avoid a clever (CRACKER not Hacker) from blocking your own IPs or subnets from legit traffic.
  9. Wow operat0r_001 quite a collection of links, most of them are redundant information. Not everyone has the cash flow but if you do here is what I setup. Xenserver 6.0 on a PE1950 III server 600GB SAS SCSI 15k RPMs 32G DDR2 ECC Ram. Using thin provisioning I am able to make fast clones of Base images in matter of seconds so if I screw something up I blow it away make a new. Perl scrip using the xe commands. PIX 520 Fire 1900 XL Catalyst Switch 4 VLans 1 Linksys Wireless router in DMZ 1 Cisco 2106 AP Air Radius WPA2-Ent NetApp FAS2020 1TB space. Now I do a lot of testing and theory hacking. The VMs I have installed. Applaince DVWA converted from VMware to Xenserver Backtrack 4 and 5 Debain Natter PFsense firewall WAF by Imperva Windows 2003 x64/32bit unpatched and patched Windows XP x64/32bit unpatched and patched Windows 7 x64/32bit unpatched and patched Windows 8 (Crap Crap Crap) Windows 2008 R2 x64/32bit patched and unpatched For remote access best compress and smooth running tool I use FreeNX by NoMachine. Its free for non commercial use and rock solid. Ubuntu 10 CentOS Crunch#! NAS Virtual Filer Solaris x86 Oracle Appliance Citrix XenApp Farm Citrix CSG Critix Concentrators. With a perl script and using the native xe commands and VBscript (Black Magic Coding) on my LandingVM I am able to control how many get fireup at once with just a couple of param settings when executing the perl script. In some consulting cases I will actually take their physical machine and make a VM from it using XenConverter 2.2 then mock their network up with the same policies and firewall rules. Then I will hammer it look for holes so on. When I find them I document the tool or tools used with methods. Then I will come up with a fix for it. This type of lab setup is very cool. VirtualBox is also a solid tool but lacks in multi VM performance once past 3 VMs. There is Xenserver free edition but I use the enterprise version. VMware is ok but I don't like their pricing model as Xenserver is flat rate unlimited VMs and no stupid Vsphere or vCenter hyper visors XenServer give a free Xencenter management tool. Also performance wise Xenserver will handle more VMs up and running as VMware Udom will choke at 20 concurrent running VMs after 3 days uptime with moderate useage. Hope this helps some. Thank You Ghosthunter007 since 1985
  10. I thought that GPS still makes the hand shake allowing a two way communication so it is possible to capture that as a reference. True not all phones or everyone has a GPS but for those that have them which is a growing number in todays world. I know that there was a program out there that would give GPS of all Ambulances and Fire trucks based on GPS for Emergencies and they were trying to get Police cars as well. I will look them up again and post here if I find it.
  11. This all depends on location, In California about 80-90K for network Admin 5 yrs expfor a Security Admin 120-150k with 5 to 7 years. Degrees are great and all buts its only paper. Best thing to do is take a consulting gig in CA that allows you to Telecommute. As an FYI Foundstone is looking for people thay will pay about 80-100k and they will train you.
  12. I police cars are equiped with GPS just get the GPS signal and use it to pin point the police car. Even is the GPS signal is encypted its still a tell tail sign where they are then output that to a topo or google map, in some cases Scanners have a USB output and with some tweaking you can make a scanner do that work for you.. But because the police are public servants they shouldn't be able to mask GPS signals. (legal crap here) In anycase you can get thier GPS FQ easily. Just an Idea
  13. If your trying to get into a router this will depend what type of router. Wireless router just crack the WPA2 its easier than trying to password guess the login. Once in you can use meterpreter to remote keylog a host system as part of the backtrack metaploit package. Not including steps there all over the net sadly to say. Once you get remote keyboard logging going just be patient and what for the user name and loggin of the users Windows box then remote in to it enable telnet so you can upload a ghost keylogger which emails you a keylog daily of what they did. Sooner or later they will access the router, but at this point you probably have email bank and other site usernamesn and passwords. No actual steps given just enough info to reseach on. I generally dont rely on default brute force list, I would research teh person learn their habits in some cases dumpster dive for information. All trash placed on the curb is public use, The police use it all the time to bypass getting a warrant. Once you learn about your subject its easier to create a bruteforce list. In my case my passwords are all alpha numeric alt+code 25 characters in length. Example: !GiL9Ω+n0@0bOmä4Æ Brute force would never get this. Or pass phrase : Normal view: "Hi there im a girl" h! 3hRe *m ä ♀ (now this is assuming the device can handle the password special characters.) But I think you get the point.
  14. You can absorb it and not return the signal Also like to point out that Mythbusters have a lot of lies in their show. They wont tell you how to block the gun or admit it can be blocked they are buddy buddy with the local law so they play nice. But yes there is away to make a zero reading and its not blocking which is illegal to do but aborbing is perfectly legal. The radar gun operate in about 5Ghz-50Ghz a Laser/Lidar is about 33Ghz also remember Laser can be deflected or you can use anti radar paint on the front of your car. But research Lidar absorber.
  15. There is a pretty decent program from W3af and you can always start with 'x' OR 'x' ;# move in to using NMAP sql injection listing with brute force word list. Look at DVWA as well its solid training on SQL-Injection and XXS scripting.
  16. Hello I have been looking for away to force Windows 8 Metro/Modern UI IE10 to use flash just like Desktop mode. Here is the whitelist from MS http://iecvlist.micr...patviewlist.xml Now I can not believe people will go for this whitelist idea. But never less I have searched the Registry and files for anything linking to the UI mode. No luck so far.. I manage to get start button back and to make it so Desktop mode allow flash for all site with out complaining. But the whole UI mode is like some super secret sauce. Can HAK5 give any insight on this? I think its very depressing that Microsoft is allowed to control flash content sites. I am also asking this because there are no hacks on this anywhere on the web. Thank You much Ghosthunter007
  17. Yeah I have a pretty good set of iptables rules and portsentry well tuned along with tripwire.
  18. You want to get "The Web Application Hackers handbook vol1 and 2" You can get them in PDF off the net if you cant hit me up I will upload them to my site for download
  19. Ok first off a degree doesn't mean much. Practical skill does. also Logicalconfusion is correct it is all about the area you are in. In California Bay Area you can make 80k with 5 years 130k as a security admin, 75k as a Jr Admin with unix background. Now if your a jack of all trades in Computers and master of them all as well you can make 180-230k . Remember just because a place is asking for certs doesnt mean your not qualified. I know people that will spin circles around a PHD with CISSP or any MS cert, they have a natural talent. Just craft a really well protfolio and resume and have some good references. This is also a heads up and inside scoop Foundstone is looking for talented poeple to become thier consultants in the security field. now don't say crap I don't have security background because all you need to have it the willingness to learn and apptitude to learn. Recommended for admins that have at least 3 to 5 years of experience and understand networking. you can easily get 100k to start and more if your actually experienced in security with web pen testing knowledge.
  • Create New...