digip

Fire up wireshark and it will give you allthe info you need. Under "Capture/Interfaces/Details". I think that is what your looking for. The actual DeviceNPF thingy

Anyone have this one: http://www.darrenkitchen.net/videos/wessday_high.mov It seems to be missing. I watched the WMF blooper, that was actually pretty funny, even if it was never in the show. There is probably so much on the editing room floor that we'll never see the great jems like that one.

Well, All you really need is a packet dumper with a gui. Since Wireshark uses WinPcap, I think you can just use it by itself and possibly write a script combined with something like wget, but thats a little over my head. I think winpcap has a command line tool as well, so if you write a batch file to execute the download using wget or such, all you would need to do is figure out the catcher part when you visit a webpage. Like I said, its a bit over my head, but I know someone on here could do it in a few hours with minimal effort. I think there are programs that allow you to do this already, but I don't trust half the things out there that claim to do this and most of them get plugged, like the pandora hack that keeps getting re-written. The thing I like about the wireshark method is even if they remove the mp3 extension, they have to stream the data down to the user, so you can just save the packets (in raw) as the mp3. Doing this on Pandora.com is a little difficult, becuase they send all the songs to you weather you listen to them or not, so when you save each audio stream you won't know what song it is until you play it back, and even if you skip a track, it still downloads the one you skip, so it can be tricky to filter out each song in wireshark, but I have managed to do it. Anyone wanting to wotk on this, I suggest we make a new thread and make the effort to keep it commented well with all the source code and changes. I would like to see something like that come to life. It would be fun to see it take shape and I could learn something in the process.

It's not exactly an xp live cd, which owuld probably require a dvd to really be usefull, but for a small alternative there is this: http://www.digg.com/software/Windows_XP_Li...g_ISO_(MicroPE) It's a custom compilation of ReactOS, WINE, and WindowsXP dlls to mimic xp on a live cd. I posted the DiGG link instead of just the forum link because there is some more comments there to read all about it. But check their forum post and see if it might be what you need it for.

Guess its about time, since I have been watching for a while now... Favorite game(s): any Mario or Zelda titles, but at the moment Ninja Gaiden on XBOX. Favorite OS: Windows XP and Fedora 6 Favorite console: XBOX and SNES (I still have a place in my heart for my Panasonic 3DO.) Nationality: US Accent: South Jersean, US. And it's not Joisy! Sex: Male Age: 32 Race: Native American Indian/Italian/Irish mutt (don't ask) Height: 5'11" Status: Married Favorite band: Twisted Pair (http://www.myspace.com/twistedpairrecords) Favorite author: Kevin Mitnick Favorite movies: Star Wars and Jackie Chan films Favorite TV Shows: Ghost Hunters, Heroes, Hak5.... Favorite actor: Jackie Chan Favorite actress: Angelina Jolie Favorite Pinup: My Wife Favorite Comedian: Robin Williams Other hobbies: Playing music (guitar,bass,drums,etc), Twisted Pair Records, Art/Drawing, Photography, Video Editing, Web page design Car: 2001 Ford Escape 4x4, 2000 Ford Focus SVT Occupation: Computer Operator

Ha! Just watched the cable episode. I think Wes was going to do a segment on this, like a bizillion years ago, but never did...

Figured out why I couldn't download directly from the url. I had javascript and site-referring turned off. I have been using this on pandora, but the only thing is you can't search for .mp3 You have to look for "lame" as the string in the packet because they arent using file name extenstions in the streams through the flash player so searching for .mp3 will result in nothing. You then have to save the packet stream (using raw) and then you shoul dbe able to play it in any mp3 player. I havent figured out how to extract the url yet from their playlist file.

Well, first time I ever watched their show. Its certainly no Pure Pwnage, but it has potential. I guess it would make a lot more sense if I had seen all the other episodes leading up to it. It was still cool to see independent work put out by everyday people, although I think Hak5 has better production work and in their skits, Darren and Wes seem more relaxed and at home behind the camera when they are running the show. Any word on if they will be in any other episodes of l337?

Would make a nasty USB hack as well..

EDIT: Just realised I could set larger icons across the taskbar in XP. Doh! (04/10/2007: Also found a hack for customizing the msstyles files)

I don't own an iPod, but thought maybe someone else might like to give it a go: http://geektechnique.org/projectlab/767/pu...almost-any-ipod Removes the harddrive and makes any iPod setup for Flash memory so it saves battery life and no moving parts to break down over time. This would makea good mod segment for the show.

I am sure there are ways to block it. Guess its a good thing I use Opera to with javascript turned off and only allow the sites I need to have it on for to run it. XMLHttpRequest attacks have been around for a long time. Go to Projectip.com and they use it to determine basic settings on your pc, like wether your running java, etc. They don't use it in a malicious manner, but I am sure that this is the sort of thing people will be trying more and more once they see how easy it can be to run it. All they need is someone to make an easy interface or automate different attacks to work around safegaurds, like Metasploits payloads, and this will just be another script kiddies wet dream.

Does is say which browsers are affected?

Does by any chance the login contain a SS#?

When you click the help button (the big I) you get a pop up and a prompt for a password.

Sorry, didn't see that you edited your previous post. Also, when I try to run it, it disables ALL number keys. I am usng the original zip file he pointed to in his post, not yours. One thing i noticed is the keys in the registry for the program. Maybe at his school he can get on one of the pcs that has the program but isnt running and see what the keys are and compare them. maybe one of the instructors or someone has access with something stored in the reg to unlock the passwor din the program.

--edit--

I think it is the login id like you said but also the mac address of the actual pc that logged in. Space it out into 6 pairs, it looks like anic cards mac address. LogDate, InstitutionId, PcId "2006-01-25 02:21:35","876543216","0030bd635cb9" 0030bd635cb9 could be 00:30:bd:63:5c:b9

ok. In the Lockdown.exe program there is a string "876543216". Now, on this site there is a file: http://www.respondus4.com/ldbservers/logs/...primary-log.csv which contains the string. There are several other .csv files in this logs directory, but that specific one has the same string form the exe file posted in the zip. Anyone have an idea on what the relationship might be. The exe file lists the following: Proxy Server in use: Yes No Connection type: LAN Modem Other 876543216 /ldbservers/ %s%s.txt Connection for Server Settings: Connecting to www.Respondus.com ... www.respondus.com OK failed (%d / %d) Connection to www.Respondus.com timed out Connection to www.Respondus.com timed out - blocked? . Connecting to www.Respondus4.com ... www.respondus4.com OK failed (%d / %d) Connection to www.Respondus4.com timed out Connection to www.Respondus4.com timed out - blocked? . Connecting to Dell.com (blocking check) ... / www.dell.com OK failed (%d / %d) Connection to Dell.com timed out Connection to Dell.com timed out - blocked? . Process list: %s Network Tests Complete - %d Error(s). http://www.respondus.com/browser/ie.pl iexplore.exe Error launching Internet Explorer. Please wait for tests to finish Please run the Network Connection tests first Respondus LockDown Browser Diagnostics I think it is dialing home and creates a log with the programs id "876543216" ??? There is also some info in there which will prompt you to check for a new version of the program and telling you that the license may be expired, etc...

Here is something interesting: http://www.respondus4.com/ldbservers/ A list of logs the program creates? or checks against I am guessing, but maybe the names are their user sessions, and the files are their pgp keys?

Now that I am home and looking at it, there are a slew f programs it blockes. Open the LockDown.exe in notepad and scroll down to see a list of them Everything from camtasio to paint, etc. It even looks like it tries to ping dell.com just to see if it will get an internet connection and which sites it blocks. Looks like it will also prompt you, asking if you want it to kill the tasks. Hell, the only place i would even consider testing the file he posted is in a VM. With all the hooks it puts into the system, it could have a rootkit in it. Haven't checked it for that yet, but I would look to see if you can still get a copy from sysinternals site and run it against it. I'm gonna keep playing with it though in the meantime. Horza, you seem to know a lot about this program, what exactly did you remove from it, and from which file? Or did you recompile the LockDown.exe without all the reference to the other programs it was blocking?

The saved packet method from wireshark also works on pandora.com Right click any packets that contain "lame" in the packet and do a follow tcp/ip stream and then click raw, and save as somefile.mp3

If the browser is set to navigate through the schools network or proxy, the password is probably not stored in the program but he is being served with something like a squid login to the domain and when he authenticates with the correct password it lets him in. As for it knowing your in a VM, I think there are probably ways around it, like not installing vmtools so it can't see the vmtools service in the system. You mentioned Firefox. Does this browser use firefox as the base and is customized for the school? Assuming your running windows, are there any DLL files attached to the program. Maybe open one of them in something as simple as notepad and search through the file for plain text words. Often find things easily with half ass software that doesn't encrypt them during the compile and is sending open strings of text. Try to search for that hash in the program and see what there is in there.

I just figured out another way to get the file. In Wireshark, find the .mp3 file using the ctrl+f and use .mp3 as the string in "packet list" Then right click the mp3 packet and select follow tcp stream. You will then see the data in ascii. Click raw, and then save as somefile.mp3 and there you go. You will need to sit through the entire song for this method to work, because you will need all the packets of the mp3 your listening to in order to save the whole song, otherwise you only save what portion you have captured. Now, I havent tried it yet, but I am sure if you have the space and badwidth, you could probably do the same with avi, mpeg, etc.

It was for my wife! She wanted this new song she could't get out of her head and asked me to download it, but there was no download link on their webpage for that song. Only the ability to listen to it through the flash player. I could care less about Maroon5. Personally, I think they suck, but try telling that to my wife... Oh, and someone psoted the script wasn't working, but I havent tried it. If you have, let us know. Thanks.