Jump to content

ApacheTech Consultancy

Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by ApacheTech Consultancy

  1. For my Final Year Project at university I'm going to design my own CMS using ASP.NET 4.5, MVC4, MEF and whatever else I need. My main stumbling block is that although I know how I want the thing to end up, I'm not sure where to start. There are loads of resources online for creating your own php CMS, but not many at all for ASP.NET. There's also a huge amount of video tutorials and other tutorials explaining what the Onion Architecture is and how it works, but I can't find anything that tells you exactly how to go from an empty solution to setting it up. I see loads of project, but nothing to say what type of projects they are. When you right click -> Add new project... what then? Where do you click? Once I get a decent idea of a starting point, things will be a huge amount easier to work through. Any ideas? I'm going to be using Entity Framework 5, Code First.
  2. I've heard of GTK in passing; from what I gather, it's .NET for Linux. In that case, you can just code in .NET and make it Mac/Linux safe with the Mono Framework; an open source version of the .NET Framework.
  3. This is something I'm writing into the next version. I'm just waiting until after my exams to work on it fully.
  4. Sorry I've been a bit lacking on the Dev side. I've had three huge Uni projects to work on over the last couple of months. It's all coming to an end over the next week though so Ill have a lot more time to bug fix. I haven't wanted to mix Java with C# while doing my projects because of the differing paradigms in the code. Bugs will be fixed shortly and in the next month or so I'll be starting work on DuckyEncoder.NET and possibly even an IDE called Deicide.
  5. Can you run the encoder in debug mode? ("--debug" argument). It should give you a stack trace. Can you also post the script you're using.
  6. I'm using Oracle VM Virtual Box with a USB addon (I'm not sure atm which one or from where). For me, the duck only works on the VM if it is in full screen mode with full capture options. if it's in Windowed mode then the host (Win7) catches the script instead. Interestingly, the VM then goes to capture the MSD as I've got TwinDuck installed.
  7. Have you ever used Maltego? It always amazes me how little people think "the internet" knows about them. Just like the Dvervr of Moria or Erebor, you never know what you'll find if you data-mine deep enough.
  8. When I saw it on the news, the only thing I could think of was that IT Crowd episode. :P Cause... Effect...
  9. Yeah, I run port based virtual-hosting through Apache at the moment for different sandbox sites. The default 80 is just a landing site atm That side of it I've got down, but I think I'll have to install IIS first because it likes to hog the default ports, then virtual-host Apache on 8000 and 8080, leaving 80 and whatever other ports I use to IIS. It's just whether IIS will play ball with Apache.
  10. I think I might talk to uni, see if I can take one of the old Cisco routers and a Switch. They have a few which are "bricked" because they don't have the proprietary stuff they need to flash them properly to unbrick them. But I'd be able to pick them apart and flash them myself. A second BT line is a definite no-go. It'd cost far too much money and it's my parents' house anyway. I've just had a look at the options on our router config here and VLANs seem amazingly difficult to set up. It is a four port EchoLife router but the interface for it is notoriously bad. From what you've said, I think I'll go with a slim-on-top VM setup. I'll have the full Win 7 Ultimate as a thick server base but stripped down to maximise performance (Classic scheme, WinTweaks, etc); then on top of that, a slim WIn7 VM with a 32GB VHD. I can strip Windows down to its basic functions, I won't even need the shell. I can rotate backups of the VHD on the NAS as the only thing that would get baulked is the VHD and I can just do a 12hour rollback on the whole image and analyse the baulked drive to patch any security holes. If I only give the VM read-access to any shared files from the NAS that it needs then any corruption should stop short of the host OS. I'm not sure I can cut it off from the rest of the network (it would mean explaining subnetting to my parents and configuring anyone's phones or laptops who ever came round), but I can severely limit its access to the LAN, only whitelisting the specific ports I need through NAT. All the WebDev can be done through SFTP/FTPS from the host to the VM as a remote project. To me, that seems like a fairly bullet-proof design from what you've said about splitting it from the rest of the network. I don't have the luxury of any spare devices or extra lines; I have to work with what I have. One PC, one crappy router and a single phone line. I have all the software I could ever need from Microsoft though. :) How does that sound?
  11. The home PC it's running on is set up purely as a host PC. I have Office and Visual Studio on it, but no personal data is saved on the HDD and I'm not too worried if the machine gets bauked. I've had it running 24/7 for over a year and it's never been visibly damaged so far. BitVise comes up every couple of days or so with a Chinese IP address trying to gain access to my SSH server, but I suppose that is to be expected. I ran Zenmap on one of the IPs once and it routed back to the Chinese Embassy in the UK. :s It's possibly because WoW is installed on the same PC so they're scanning for those ports too to try and get access for gold farming. From the aftermaths I seen in the past, attacks usually take the most direct route ending in an NTDLR failure. I have enough system recovery tools to cover most events. Ideally, I'd like to stick firmly with Windows because I wouldn't have the first clue about how to WebDev or even store files in Linux, and I need Visual Studio as well. I have pretty much unlimited numbers of versions of Windows through Dreamspark Premium so I can put however many VMs of any version on there I want. I've tightened up XAMPP as much as possible. I've changed all the default passwords for phpmyadmin, filezilla and the admin site; moved the XAMPP admin panel to a separate folder entirely; run everything through non-standard ports; updated phpmyadmin; used HOSTS based access with password protected directories. How would the network handle having that PC set up statically using /25 and the rest of the devices on the network on DHCP using /24? Or is this the perfect opportunity to separate that device using a port based VLAN from the router?
  12. Up until recently I've been hosting a website from home, which I've mainly been using as a sandbox site and repository. I have been using Windows 7 Ultimate, XAMPP 1.81, DirectUpdate and a dynamic DNS address. I've whitelisted XAMPP through Windows Firewall and allowed traffic through the router's NAT to my PC which is on a static IP at home. I also use BitVise WinSSHd as an SSH server, using virtual profiles rather than Windows Authentication. It's all worked really well up to now, but after speaking to a few people, they've said that you should never use XAMPP or the like for publicly accessible websites. To that end, I've been wondering what is the most secure and most recommended way to run a website from home? So, starting with a fresh and fully updated version of Windows 7 Ultimate, where do I go from here? Also one side-question; can you run Apache and IIS concurrently on the same machine and have both serve websites on virtual hosts?
  13. It depends as well on what you mean by "overheats". It is natural for laptops to get hot to the touch, especially if they are used for long periods of time. If they are used on someone's lap or soft fabric (duvet springs to mind) then they can get even hotter; but this is natural. It is advised with any laptop to strip it down every so often, give it a blow out with a can of compressed air or a USB vacuum cleaner. If you do this, be careful when cleaning the dust off the fans that you turn the fan in the correct direction. Some laptop fans can cross-thread if spun the wrong way. If it "clicks" at all when you turn it the wrong way, don't continue and only spin it in the direction intended. Rather than any internal problems, overheating is usually caused by improper laptop use and overuse. They're not designed to be kept on 24/7 (although I'm guilty of this, the only time I turn my laptop off is to travel with it). They're also designed to be used whilst lying on a flat surface. There are air intake holes on the underside of the chassis which if covered up will cause the laptop to heat up faster. This can also degrade battery performance by overheating the battery.
  14. The method we were taught in uni, I find a bit convoluted, but it is good as a way to get your head around why stuff happens whilst still working in decimal. So follows... IP Network Subnetting Exercises You are often faced with having to work out the distribution and setting of IP addresses in a LAN when the allocated network address and subnetting mask number are already known. Typical questions that need to be answered are: How many subnets does the given mask provide ? How many valid hosts per subnet are available? What are the valid subnet addresses? What is the broadcast address for each subnet? What is the range of valid hosts IP addresses in each subnet? Lets consider how to work these out in turn. There are different methods to find these but probably the simplest is to use the decimal notation. Identify the subnet mask number in the relevant part of the IP address. This depends on the Class of the network you are dealing with. For a Class C network this will be the last decimal number in the mask For a Class B network it would be the 3rd decimal number in the mask. Whatever this number is subtract this from 256 and you will be left with another number; call this X, then: Number of subnets is 256 / X Number of valid hosts per subnet depends on the Class (C = X-2, B = 256X – 2) Subnet address numbers start at .0 and increase by a factor X until .255 is reached. The broadcast address is the last IP number before the next subnet starts. Valid host IP numbers run consecutively between the subnet and broadcast addresses.
  15. The borrowing of bits is a given, the biggest thing is how you logically get to that stage. If it's anyone's first time working with subnets, the biggest tip I could ever give is forget about decimal numbers. Decimals make it clumsy and inelegant to work with. Convert everything to binary and start from there. That's where the theory is best explained. As soon as becomes 11111111.11111111.11111111.11000000 you can instantly understand why we use 192 and not any other number. You instantly see why it's called /26 and you can instantly see where your network and hosts are.
  16. Here follows a step by step guide to producing your very first working DuckyScript payload and getting your Duck to quack for the first time. Take the SD card out of the Ducky and place in a MicroSD card reader. Insert card reader into PC. Format the SD card as FAT32 if it is not already formatted. Download the encoder from the sticky thread on this forum and unzip to any directory on your computer, but not on the MicroSD card. For example, C:\Users\<Specific User>\Downloads\DuckyEncoder Write your first payload in notepad: GUI r SLEEP 200 STRING notepad.exe ENTER SLEEP 500 STRING Hello World! Save your script as "source.txt" in the same directory as your encoder, i.e. C:\Users\<Specific User>\Downloads\DuckyEncoder. Open a command prompt and traverse to your encoder directory, i.e. C:\Users\<Specific User>\Downloads\DuckyEncoder. Run the following command: java -jar encoder.jar -i source.txt This will encode your script with the default settings. The default keyboard map is en-US and the default output file is called "inject.bin" in the same directory as your encoder. Copy the newly made inject.bin to your MicroSD card, make sure it is on the root directory. Swap the SD card back into the Duck and place the Duck into the PC. If Notepad runs and it says "Hello World!" then everything worked ok and you can move on to some more advanced scripts. There are loads of payloads available on here and on the ducky's github and wiki pages. If there are any problems, let us know and we can help you out. Search the forums first for solutions to your problem and if you can't find anything, start a new thread with any questions or problems. Please use the de-facto prefix of [Question] in the title of your thread. The best way to diagnose problems with scripts is to run the encoder in debug mode. To do this, during step 8, run the following command instead: java -jar encoder.jar --debug -i source.txt Copy and paste the stack-trace as well as your script and we should be able to help. By the end of this guide, you should have a single file (inject.bin) on your MicroSD card, nothing else. Welcome to DuckClub. Don't break "Rule 9".
  17. Thanks for that, it's really informative. I had no idea IPv6 opened so many security holes. I don't want to break off onto too much of a tangent in here; it might be better in a new thread, but for the purposes of IPv6, how much inherent protection does the mandatory IPSec introduce? Luckily I'm not dealing with IPv6 in any managed networks yet, but I will be swatting up on it in the next couple of years. It's something I've found that even top SysAdmins and Network Technicians want to stay away from for as long as possible. There will come a time though when we're all gonna have to know it as well as we know IPv4.
  18. Here's a question. When working with subnets, is it best to back up the subnetting with VLANs, or will pure software subnetting suffice for all purposes? At what stage of a network's evolution (developing and expanding over time), should VLANs be put in place and should these VLANs be used alongside or instead of software subnetting? EDIT: To back up this question with an example, here is a hypothetical scenario: This depicts two buildings housing different areas of one company. There are on average 30 devices within each office connected to a switch, which is in turn connected to the router for each building. The buildings are connected via PPP E3 to form a single MAN. For this set up, or one similar, would VLANs be recommended to control subnetting, or would pure software subnetting suffice? If not, How much more complex would the topology have to be to warrant using VLANs?
  19. Haha, cheers. I really wish I got into Linux a long time ago. Still plenty of time to learn. When I get a pineapple I'm gonna dual boot with Backtrack and just launch myself into it. I still need Windows though for a lot of things, mainly Microsoft Office and Visual Studio. Still apprehensive about porting over, but hey, at least it's not a Mac! :p
  20. I'm Pete, aka Apache, 29 years old from North West England. I've been at university since 2008, first of all doing a Foundation Year degree, then onto a full BSc (Hons) in Computer Network Technology in 2009. I took a gap year in 2010 and 2011 and now I'm back in the second year of my degree. Before coming to uni, I worked as a Systems Administrator at the College of Law. My nickname Apache was my membership alias at Laser Quest when I was young. When I started working there, our name-tags had our handles on them rather than names so that's how most of my friends knew me. The name was taken from the Apache Longbow gunship and has nothing to do with the Web Server or the tribe. I have a few passions in life; the main being music. Live music in particular. I love watching musicians do their thing; whether it's on stage in front of tens of thousands or just tens, or just in a pub, or busking. I appreciate music of almost all genres (not rap/hip hop) and have one of the most eclectic music collections I know of. I love going to festivals; just camping in general to be honest, but when I set up a tent on a festival field, the first thing I think is "I've come home". I play guitar and am a singer/songwriter; I've played some gigs on stage at festivals around the UK. Within computing, I have a few main passions. The two biggest of which are network security and programming. I've been programming from a very early age. I learning to type on a keyboard before I learned to write with a pen and by the time I was five I'd learned the basics of procedural programming in BASIC on an Acorn BBC Microsystem. Where most kids got Robots for their birthdays, I got a book on how to program one with Mechano and a BBC. Since then I've taught myself VB, C, C# and various Web Development languages including HTML, CSS, JavaScript, PHP, ASP.NET and JQuery. I started hacking in my teenage years, doing basic script kiddie stuff with programs like Divine Intervention, Netbus and SubSeven. There's only a certain amount of phreaking you can do in the UK, but it always peaked my interest. I took my early inspiration from The Jolly Rogers Cookbook, The Anarchists Handbook and The Terrorists Handbook. Some friends and I used to make home made fireworks and experimented with homemade smoke grenades and exploding balloons. More recently I've been interested in the white-hat side of hacking; penetration testing, network security, information security, cryptographics. I've developed a few of my own encryption algorithms as well as a few utility programs that aid monitoring of network activity. I'm an avid fan of web programs such as Tekzilla and Hak5 that teach various aspects of computing and technology in easily understandable ways. Hak5 in particular has taught me a huge amount. Because of Hak5, my Networking degree has been very easy to follow; this year by following Hak5's segments on the various stuff we're learning, I've yet to get under 90% for a single assignment! I've managed to fit a bit of Technolust into each written report and Darren actually appears in the bibliography for one of my dissertations. :D Since joining these forums, I'm joined the development team for the USB Rubber Ducky. I rewrote the code for the DuckEncoder for the v3 initial release and introduced the Duckling plugins. I'm a Windows Kid. Linux just confuses the fuck out of me. I hate how convoluted it is! I tried putting PwnPi on my Raspberry but PwnPi doesn't come with any network manager so you have to go through some stupid convoluted ritual involving supplicants or some shit whenever you come across a new wireless network. What is so wrong with right-click->connect? There are NO guides which teach you the basics of Linux. Every single guide, even the "Linux for first time users" guides assume far far too much prior knowledge. It's impossible to get help on any forum or IRC or help site online for Linux as well. People just launch into PhD style dissertations and I'm left on the first line thinking "ok, so 'ls' is their version of 'dir'". It wasn't even funny how long I spent in terminal typing "'cls', no, 'clearscreen', no, 'cl', no..." AAAGGGGHHH! Linux pisses me off! Nothing is ever simple! Windows all the way and further! But, having said that, I hope Metro dies a horrible death very soon. If I'm ever forced to install Windows 8 then I'm putting pillow over the fan outlet and I hope to see it in Valhalla when I die. I almost cried when I saw the mess they'd made of Visual Studio 2012, it's vile! Favourite Game: World of Warcraft Favourite OS: Windows 7 Favourite Console: N/A Nationality: British (English) Accent: English (North West) Sex: Male Race: White British Favourite Band: Far to many to list! The only genres of music I detest are rap and hip hop. R&B stands for Rhythm and Blues! I mainly listen to Traditional and Contemporary Folk music and Metal. I like my Metal hard and fast and heavy. Power Metal is by far my favourite sub-genre. Ooh, my favourite Power Metal band is Lost Horizon. I hope Daniel Heiman comes to his senses soon and comes back to the only band that truly deserves his godlike voice! Favourite Book: The Wheel of Time by Robert Jordan (16 books) Favourite Author: JRR Tolkien / Robert Jordan Favourite Movie: The Crow is my all time favourite film. A close second is Cruel Intentions. Then Queen of The Damned (the sound track is an aural orgasm!), Interview With a Vampire and A Knight's Tale. Favourite TV Show: Firefly, Gene Roddenbery's Andromeda and Battlestar Galactica (2004). Andromeda probably trumps the other two though, if only just. Favourite Actor: I don't really have a favourite. Favourite Actress: I don't really have a favourite. Favourite Pinup: Sasha Grey, Cytheria, Sharon Ehman Favourite Comedian: I don't really have a favourite. Other Hobbies: LRP, TableTop RPG, Car: Renault Megane Occupation: Student / Freelance Web Developer / Technical Consultant
  21. It wouldn't have to change them no, but it could. In essence you'd have a pretty decent spec Linux box masquerading as a USB Keyboard.
  22. It was just a picture posted on Facebook a couple of weeks ago. I can't remember which group/page/friend/event posted it. It wasn't a link to anything though.
  23. He means you need to make the applications FUD (Fully Undetectable) by Crypting it. Usually this means creating a self expanding "stub" and wrapping the rest of the file bytes around it. There are thousands of crypters available on the internet. Some you pay for, other don't work. Here is an example: http://thehackersarmy.blogspot.co.uk/2012/01/fud-crypter-free-download-bypass.html There's also a guide on how to build them yourself here: http://www.cryptersource.com/
  24. I used to use Fences, but it didn't seem to persist well through impromptu shutdowns. Sometimes all the icons would switch around or detach from the fence. I'd love to find a progman.exe shell for Win7; get some good old Win3.11 style back. :)
  • Create New...