Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Drei_Drachen

  1. We use a lot of web based apps. These URL's are bookmarked in their browser of choice. This worked for about 90% of our users. However, there are a select few that MUST have the shortcuts placed on their desktop. What's so funny about that you ask? Well, if the user switches computers, we will almost always get a trouble ticket saying, "I don't have access to (web based program) because it's not installed." ... ... ...*facepalm*
  2. You could also store the root password in a plain txt file. I know that's not a config issue...but hey, it is poor practice and i'm sure it still happens. LOL
  3. Are you saying that you are sql injecting w3schools? Or are you just sharing it as a SQL resource?
  4. There's a billion ways to do DoS. The long and short is that with any DoS/DDoS the idea is generally the same. You are trying to use up all the available resources of your target thus slowing down or halting the device completely. You can do ping of death, SYN flooding, infect the server with malware that uses up it's resources...etc You can also flood the system with so many requests that the bandwidth is all gobbled up. Even if the server could handle it, their bandwidth limit could not. Those are just a few examples.
  5. Bluetooth, just like wifi, runs on 2.4 GHz. So yes, your proposed setup will make things noisy. On top of that...Expensive has hell! See "Myth #1" on the link below. http://www.cisco.com/en/US/prod/collateral/wireless/ps9391/ps9393/ps9394/prod_white_paper0900aecd807395a9_ns736_Networking_Solutions_White_Paper.html
  6. Exactly...the size of the overlapping areas are going to depend on the strength of the AP's broadcasting. The stronger the signal, the closer you are that AP. So using your last graphic, if the signal to router 1 is stronger than 2 and 3...you know that within that overlapping area, you are going to be closer to 1...Upper left. If you are the same strength on 1 and 2...but weaker on 3...it's going to be top middle. Shortening the broadcast distance helps in that it shortens the radius around the AP. Meaning, if your device can see the AP, it's within (just using an arbitrary number) 25 ft instead of 50-100 ft...Which is fine...you just need more devices to cover more area. I assume it also helps because being closer to the AP means a lesser chance of interference artificially weakening the signal and throwing your math off. Your graphics are correct. Your understanding of the general concept is spot on. The actual process of finding that point within the three circles is called trilateration. http://en.wikipedia.org/wiki/Trilateration The equations are pretty straight forward. Mathematically, the challenge is going to be finding the numbers to plug into the equations. As for the coding part...best of luck to ya. B) Edit: Here is a more in-depth explanation of how you would accomplish your task. http://sdiwc.net/digital-library/download.php?id=00000223.pdf
  7. You're pretty much spot on. You need to be able to access the device and get the signal strength from preferably 3 or more wifi access points. Since the locations of the access points are known, you can look at the signal strength of each of them and come up with a relative location. You can do the same thing with Cell Towers. Their location is known. If the phone company (or law enforcement) need to track your phone, you query the phone for cell tower data and triangulate from there. If you are looking for a cheap solution (and have a little programming ability), you can use Google's API. You get 100 queries a day for free. Depending on how many access points you have in your building, their location service can be pretty accurate. Just as an example, the school I work for has ipads (among other devices). Apple also uses wifi geolocation. If I open the map program on any ipad and allow it to 'use my location', it will give me to the room, where that ipad is located. This is because we have so many AP's, it's pretty easy to triangulate. So this leads to the next question...how do Google and Apple know the locations of our AP's? Lets pick up on what you mentioned about google. They had gotten in trouble for essentially war driving their street view cars. Well...that's one way to get this info. What's another? You know how your smartphone tells you that it is sending 'anonymous' info back to the manufacturer? Guess what else it's sending...Wifi access points, Cell towers, and their signal strength at a given location. Apple and Google both admit they do it. Since smartphones have wifi, cell, AND gps...they are the perfect device. Of course, you have the option to disable this 'feature', but how many people really will? So, instead of sending cars out to war drive, they just get their users to do it for them...Pretty ingenious if you ask me.
  8. On step 6 in the screen shot, there is a place that says, "When starting from this disk, Documents and settings will be"...then it gives you 2 options. The default is "stored in reserved extra space". Below that there is a slider that lets you choose how much space on your usb that you want to use. It's default is 1gb. So my guess is that you didn't change that setting. Move it higher to allow it to partition more usable space on your usb drive. Also...there is a hak5 episode, though i forget which one, where Darren talks about how all usb drives are not created equal. Certain drives will give you better system performance than others.
  9. Is apache configured for that hostname? It needs to know that when it sees example.domain.com it serves the correct pages.
  10. http://forums.hak5.org/index.php?/topic/29492-how-secure-is-secure-128bit-vs-1024bit-webhosting-services/ ^^ See the thread above. They talked about this topic a few months ago. the short version is that there is a difference between symmetric and asymmetric key sizes. Should help clear up why some algorithms use 128-bit or 256-bit and others use 1024 and 2048 (and higher B) ).
  11. With putty, anything you highlight is automatically copied to the clipboard. To paste anything that's in the clipboard, simply right click in the putty terminal.
  12. There is a rumor that he is the guy they based the current Tony Stark character after.
  13. There is...vtp database was a typo on my part. You can type vlan database from the enable prompt and do the setup that way. However, on newer switches it will scream about that being a deprecated way to do it. Now you're supposed to do it from the config term prompt using the vtp commands. On older switches like the one newbi3 is configuring, you have to use the vlan database command.
  14. White House Down is just as bad...great action, entertaining as hell. But yeah, typical Hollywood 'soldiers'. Hollywood doesn't like to let things like reality get in the way of a good action thriller. :)
  15. Welcome to the world of having IT skills. I'm always on call 24/7 for all my families IT needs...usually against my will.
  16. You need to make sure that VTP is setup. Then you should be able to create the vlan. Just an FYI...The VTP setup is different on newer switches. Instead of issuing vtp database from the enable prompt, you'll do configure terminal (of conf t for short) and then issue your vtp commands. IE: vtp domain mydom.com doing vlan 2 lets you create the broadcast domain for it. You have to do int vlan 2. Then you can configure things on vlan like ip address, subnet, etc... you'll find that cisco's webpage is a God-send for learning how to set things up. Usually you just need to google, "configure $whatever on Cisco $modelNumber" and chances are, there will be a doc page from cisco in the top 5 search results. It made learning cisco config a TON easier.
  17. ^^^I've built these before too. They aren't half bad.
  18. You host it yourself using, for example, OpenVPN or Freelan.
  19. You can do vpn for free. However, as Mr-Protocol so eloquently stated, it can be config hell. B)
  20. If your programming skills are up to par, you may be able to write a little program that runs as a service and just watches for the team viewer process to be shutoff. Once it's detected, it will relaunch the application. Then log in a text file that the app was relaunched. This way, you can maintain access AND you will know if she's tried to turn it off. Beware however, that such a program might cause your anti-virus to scream since many malware programs have used that method to keep processes going.
  21. Here's a suggestion...http://www.ijreview.com/2013/06/59168-and-now-a-public-service-announcement-from-the-nsa/ *note* Be advised if opening at work. Not entirely work friendly.
  22. I guess it is in how you word it. So maybe I have in fact fallen prey to the almighty assumption. I guess if you are trying to monitor your own traffic, oh well. But again, I read...and assumed (sorry), if your asking specifically how to target facebook with a tool, any tool, the endgame is targeting it's users. Hence, "I want pwn an account" without actually saying those words. Anyway, thank you for the clarification. Dave, if I misunderstood your intent, I do apologize. B)
  23. Openly telling a forum you aren't trying to be malicious is like going to a convenience store and telling them you aren't there to rob them. That is what we in the common sense business call a red flag. But I digress... The answer you got from google is pretty much the best answer you are going to get. You need to have access to the server, specifically whatever logging mechanism is keeping track of ip connections. The same goes for all online services. Unless the service voluntarily gives your the ip addresses of the connecting users, unauthorized (illegal) access is your only option. Also, if they are connected through a proxy, the only ip you will see is that proxy server. Lastly, short of acquiring...lets call them future targets, why are you trying to get their ip address? You can't really locate the user. IP lookup tools will only give you the geographical region narrowed down to the city (if your lucky) or county. Again though, if you aren't being malicious and this isn't your website, why do you want that info? If you don't have permission (in writing) to access this info, you are breaking the law pretty much in every country. Setup a virtual lab at home that you can legally hack/pentest to your heart's desire. Practice and exercises are the best way to learn. Google helps too. :) I think that's the best help you're going get.
  24. I know HSTS use was in the works at facebook. That said, the moderators on this forum tend to frown upon illegal activity. Mentioning that you are trying to MITM Facebook and gmail passwords probably falls into that category. Lets for the sake of argument pretend you are just trying to 'hack' your own account. Unless you have permission from facebook, gmail, etc, you're violating terms of service and breaking some nifty laws in the process.
  • Create New...