murder_face

These guys got monitor mode on the Nexus one and EVO 4g: http://bcmon.blogspot.com/ c4droid is a C compiler for android it also has a gcc plugin. It claims to be able to run progams written in C rather than java. I wouldn't even know where to begin with a project written in C. I just figured adding the required sources, libs, etc to the busybox sources then editing the config/makefile would be a good place to start. See what works and what doesn't then move on from there

I'm in about the same place as you, but from what I see I think you would have to have the commands run through busybox, and busybox would have to have the commands you want to use. Maybe a custom version of busybox with aircrack?

Super old LG Optimus M

I downloaded zAnti when I first heard about it. I really wasn't very impressed though. When I'm out and about I use a program called Fing. It will map the network and scan for services. You can also use an SMB client as well as connectbot with it. As far as pentesting is concerned those two programs will give me enough information to decide if I want to come back with my laptop. I also have the SD card in my phone set up as bootable with backtrack on it for those rare occurances where I have physical access to a machine. There are a lot of other programs on my phone as well but these are the two I use the most.

On a side note. I used to used the "ifconfig hw ether" command to change my MAC. Recently I patched my wireless drivers (ath5k) becaue I was having channel -1 problems in aireplay, and now the ifconfig command no longer works.

In California, it's expensive but believe after 7 years you can have your felonies expunged. The last time that I looked into it, it was $1200/per and it's nothing that a DOJ printout won't find. I remeber reading WAY back when that there is a way to apply for a new Social Security Number. I'm not sure about the validity of it, but I imagine that a legal name change/ssn change might help. Also nothing that a DOJ inquiry wouldn't find. I imagine that the name/ssn change would show up on a TRW(or whatever they're called now) I remember when I was young and stupid looking at people's credit reports and one report would have multiple SSN's and names, but same DOB on them.

That's the way that I do it. I remember reading somewhere that you have to spoof your MAC on wlan0 in order for mon0 to be spoofed anyway. I guess it could depend on the chipset though. Also, a lot of the time I just switch wlan0 in to monitor mode rather than spoofing anyway. I have a short script to throw wlan0 into monitor mode and change my MAC, and another one to bring it back up in managed mode.

Are there still people out there that do things the "old fashioned" way? Don't get me wrong Metasploit is an amazing tool, and I will probably find it more amazing the more I delve into learning ruby, but I just can't help that feel I am missing out on something when I use Metasploit...

The main reaver script that is use isn't quite as fancy as yours: #!/bin/sh echo "enter target: " read TARGET echo "enter channel: " read CHANNEL sudo reaver -a -S -N -i wlan0 -b $TARGET -vv -c $CHANNEL

I use Fing by Overlook on my android phone whenever I log into a network, it will scan all nodes, then you can scan services(portscan) on individual nodes. You can pretty much tell what programs are running by the name of the service.

Greendot visa can be loaded through paypal....

One of my scams was in relation to this place: https://eroes.pacifi...eroes/eROES.jsp The wierd thing about this link, is if you click it then it works. If you manually type out https://eroes.pacific.verizonwireless.com it brings you to a page that says "hello world" but of you omit the "s" in https then it takes you to the link i posted. I am actually shocked that this system is still in place considering when I was arrested I had the login credentials of about 800 radio shack employees. This system stores any credit check that was done by that store(dependent on the login used), all customer information(ssn, credit card info, address, DOB, everything), sprint also had a similar system I can't remember the URL off of the top of my head though. Now defunct cingular had an 800 number you could call, all that was required for that was a dealer code that was very easy to ear hustle.

Thank you all for your advice. Ashi, I got busted for a lot of different things, luckily the crimes I was commiting were changed to charges that the DA knew how to prosectue. In the end I was charged with forgery, burglary, acquired access cards with intent to distribute, assault, and possession/manufacturing a deadly weapon. I plead "no contest" to everything and did my time. I know the scenarios that I presented sound like I'm up to my old criminal behavior, and that's what I want to stay away from. I found a job listing at Disney for a Security Analyst, and it looks like I am WAY under qualified even without my criminal history. So for now it looks like I will still be a carpenter for awhile. I figure I will enroll in a few community college classes or a certification program that leads to an internship to get my foot in the door and work my way up from there. One thing that did surprise me about the Disney job was that they wanted a c++ programmer, and the general concensus around the internet is to learn python/perl, php, and ruby.

I agree with you %100 and that is actually the direction that I have been leaning. My biggest concern is presentation though. I know there is another post on this forum about presenting vulnerabilties to an administrator, and I don't mean to be trying to start a new topic. I'm just not sure how to market myself though. I don't just want to show up in an admins office with a 17 gigabyte file of patient records because I live close to a hospital and they don't have proper "best practices" in place. I also don't want to get arrested. I just want to get paid. I don't want to walk into a bank data center and tell them that their low voltage electrician left the combo to their switch room written inside of a sprinkler box outside the building so their electricians don't have to "bother" the building engineer to get in. I don't want these peole to think of me as a deviant, but I do want them to know that they are vulnerable and I would like to make some money off of noticing these vulnerabilities. Hell 10 to 1 says they pay someone for this already. My biggest fear is that both scenarios that I have just pointed out inolve federal laws, and I don't want to have to explain to my 3 year old daughter that she can't see me anymore because daddy "noticed" something. I would rather explain to her that daddy gets paid to be observant. So I guess the bottom line is how does someone market themselves as an independent pen tester, and show references without getting themselves into legal troubles?

Way back before the advent of wifi I got myself into a lot of trouble hacking for profit. I was never what you would call good. The bulk of my hacking was social engineering, dumpster diving, breaking into switch rooms to connect to peoples networks(beige boxing?) and stuff like that. I made myself quite a bit of money using lots of different tricks for evil. The only problem with that was that my big payoff was a prison sentance. When I got out a friend of mine told me that I would never have a job touching a computer again. So I got into the construction industry. Now days I have a family to support, and let me tell you construction is NOT the way to support a family. A lot has changed in the last 12 years. I'm 30 now and learing new things aren't exactly easy now. I never learned any programming languages or acquired any certifications or degrees. I still know a lot about a little I just don't know how to use it for good. I guess the whole point of my rant is that I want to know if I am pursuing a lost cause or is there still actually hope for me to get a career in the IT field. I know due to the nature of my crimes I might not get an admin position at a bank....Where do I start? What do I polish up on? Are CompTIA certifications a good route to go? Am I too old now?

Well I asked the almighty Google my questions and got the answers that I was looking for. I guess that's what I get for asking before reading. The strange thing is that all of the issues I am having were supposed to have been resolved through kernel updates.....

I used to run ubuntu 10.10 from a toshiba lifebook and the entire aircrack suite worked fine. Now I am trying to run from my wifes acer laptop and am having issue after issue. First, I don't like using airmon so I throw wlan0 into monitor mode and use macchanger to change the mac to de:ad:00:00:be:ef. Everything sticks for about 30 seconds. Then I try running aireplay and always end up in channel -1. I didn't even know channel -1 existed. WTF? Chipset is AR5001 which shouldn't require any patching. The strange thing is that reaver still works for WPS crack. Why does aireplay run the wrong channel but reaver doesn't? Plus reaver takes 4 hours on average. Where aircrack takes like 5 minutes.

I know there is a ton of info about decoding the audio. Even before the reader came out there was a lot of information on it. Part of my problem is information overload though, I can google the crap out of something and get so much info that I don't know where to start. Here is the link to an app that does the decoding for you: http://www.androidapk.us/apps/Rhombus-54683.html

On a whim I sent of for one of the new encrypted square card readers and just got in the mail today. I pulled the apk off of my phone and started looking around, and found a squaremicr-normal.ttf file. It is indeed all of the micr symbols and fonts. I am wondering why they would have micr fonts if they don't take checks? They also have 9 digit routing codes for most banks in their software. I have also been wondering about the new encyrption. I am by no means a programmer, I just like to tinker with things. It looks like the software uses sha-1 and rsa. My understanding of best practices would be that you swipe the card. The information gets encrypted and stored in a file, then the file is sent to square and decrypted. Where is the file stored before it is sent to square? Is it deleted immediately after being sent?

If you are in the business of needing to get around a pad-lock then I don't really think that money is an issue. This thing is actually pretty indispensible when it comes to "bypassing" a lock. http://www.constructioncomplete.com/benner-nawman-dcc-1618-battery-operated-rebar-cutter.html If the lock isn't easily accessible due to certain counter measures, there really isn't anything that a battery powered grinder or drill with some good bits cant get around. I'm not sure if it's just because I've been stuck in construction for the last 12 years, but "work smarter, not harder" is the general motto for us.

So I got bored and did some more poking around from my phone and I also found that port 49200 is open which is UPnP. I did some reading and basic speculation is that this port was opened for GoogleTV, which would be kind of cool because then I would be able to stream directly to my set top box instead of using my wii/smb. Someone else also suggested that it might be because the box is a "duo" model and the two open ports that I found are what let it "stream" to a separate TV rather than using Picture In Picture. Some other things that I read said that it might be related to STBH(Set Top Box Health). The only depressing thing about that is from what I read is that STBH is one way. Another post that I read pointed me to an xml file( yeah i read a lot). that gives me all of the basics of the box. The keywords that I picked up from this were ROOT and MEDIASERVER. I am by no means a "hacker" or programmer for some reason I just have a great interest in this and wouldn't mind a poke in the right direction. Actually I would rather have some direction rather than the any answers just given to me. <root><specVersion><major>1</major><minor>0</minor></specVersion><device><deviceType>urn:schemas-upnp-org:device:MediaServer:1</deviceType><friendlyName>ViP222k XXXXXXXXXXX</friendlyName><manufacturer>Dish Network</manufacturer><manufacturerURL>dishnetwork.com</manufacturerURL><modelDescription>ViP222k</modelDescription><modelName>ViP222k</modelName><modelNumber>ViP222k</modelNumber><modelURL>dishnetwork.com</modelURL><serialNumber>R0111503116</serialNumber><UDN>uuid:c4f6b31b-c6bf-4759-886f-06a5670ccba0</UDN><serviceList><service><serviceType>urn:schemas-echostar-com:service:EchoSTB:1</serviceType><serviceId>urn:upnp-org:serviceId:EchoSTB</serviceId><controlURL>/upnp/control/EchoSTB1</controlURL><eventSubURL>/upnp/event/EchoSTB1</eventSubURL><SCPDURL>/EchoSTB_SCPD.xml</SCPDURL></service><service><serviceType>urn:schemas-echostar-com:service:EchoSTB:2</serviceType><serviceId>urn:echostar-com:serviceId:EchoSTB_2</serviceId><controlURL>/upnp/control/EchoSTB2</controlURL><eventSubURL>/upnp/event/EchoSTB2</eventSubURL><SCPDURL>/EchoSTB2_SCPD.xml</SCPDURL></service></serviceList></device><URLBase>http://192.168.1.3:49200/</URLBase></root>

So I got bored this morning and decided to connect my VIP222k set-top box to my network and play with it. After a quick portscan I found port 554(RTSP) open. I tried connecting via telnet and it connects, but that's about it. Googled RTSP exploits and all I can find are exploits on specific RTSP clients. Tried connecting from my browser (rtsp://xxx.xxx.xxx.xxx) and It wants totem to open the link, but that doesn't work. I'm not trying to steal services or anything like that. I just thought it would be fun to poke around my box. Any suggestions?