Jump to content


Dedicated Members
  • Posts

  • Joined

  • Last visited

About kickarse

  • Birthday 07/08/1983

Contact Methods

  • AIM
  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
    Springfield, MA

Recent Profile Visitors

15,974 profile views

kickarse's Achievements


Newbie (1/14)

  1. I'm happy your cynicism hasn't changed at all Digip ;) lol... you picked that one right apart huh? It's just a proof of concept idea from what I gander. That's really all it's useful for. It might work on someone who doesn't know jack about PC's (most home users); I mean they end up "scanning" their PC for viruses with software they never paid for or installed. And yes, Konboot would be better. As for your other "questions" you might want to ask him what he planned on doing with it. I'm just a messenger.
  2. Pretty neat concept and code (link and desc below) https://github.com/AlexWebr/evilmaid_chkdsk Evil Maid CHKDSK This is s simple 512-byte MBR program that pretends to be Windows CHKDSK. It asks the user for a password, writes that password back to the media it booted from, renders that media unbootable, and reboots. Terminal capture of using it with QEMU: http://ascii.io/a/1201 Video demonstration on a Windows laptop:
  3. I wrote an AutoIT script to scan each workstation for local user accounts (admin or otherwise). I can then set the user bit like disabled, user can change pass, etc. Or I can remove each administrator account that doesn't belong. I've set it up so that I can perform this on every workstation it finds in a specific Domain OU. Perhaps you could leverage something like that?
  4. I wonder if there's a way to do some sort of passive pass through tap... so information goes in but nothing goes out using some one way gate, but still goes across the bridge without affecting the information. Sort of piggy back on the signal, but then you need something to capture it like Usbalyzer or Usbsnoop. This way you get around the HID having to install. USB Pin out - http://pinouts.ru/SerialPortsCables/usb_cable_pinout.shtml P1 - VCC - Power P2 - USB Data - P3 - USB Data + P4 - Ground It should be possible to tap with a Diode at 5v, that way we don't overdrive it, or not even hook it up at all. I guess in a way this is a USB splitter. Found this -- http://vusb.wikidot.com/usb-device-classes http://www.workinprogress.ca/v-usb-tutoria...-for-mega-tiny/
  5. What exactly are you looking to understand? The inner workings of ESX/ESXi (hypervisor)? How to setup a cluster (VM or MS?)? How the hosts talk to a SAN? It's kind of a broad subject, if you could hone in on a topic or a couple topics I'd be happy to answer some questions. And not anything against you, believe me, but I hope they aren't going to just go "here's a SAN and VMware manage it!".
  6. I've demo'd Languard (great price) but use PatchLink (very expensive) and WSUS. I find that Patchlink is very thorough but the agents sometimes go corrupt. WSUS works find but only for MS patches (although Eminentware has software that will addon to it so you can install third party software).
  7. Careful with your payload. These types of software usually send information regarding software that's been started and if you name your executable "pwnsk00l.exe" it'll be send and flagged. Something like notepad.exe would most likely be better. Just sayin'. I haven't had any experience with LanSchool and I don't know what data it sends. But these types of software usually do this.
  8. That's cool! Just write a program to insert 50,000 characters into a txt file and your good!
  9. Good software would read the file encoding and block based on that. So renaming to a txt file would do no good.
  10. It's a hard suit because while they were typing the information on a company workstation the data now resides on an off site server. This information was at one time, although not saved, on the corporate network, which in turn you own. Like Sparda said if you have some NDA policy that they signed then you can probably get a court order from the ISP.
  11. kickarse

    Pandora Hack

    The Lala.com hack is a simple one You need to start your capture to catch/filter this (could be any number, all i've found below): tcp.stream eq 4 or tcp.stream eq 6 The stream you want to reassemble is (info column) [TCP segment of a reassembled PDU] You must wait until the song finishes to reassemble. After the song is finished right click on the packet and click follow tcp stream, make sure it's raw. Save as an mp3.
  12. Their reasoning is that they deploy services and functionality that uses these ports and various ip addresses. I disagree and call bullshit. I asked them to supply a list of a few ports and ip addresses to connect to and they said they can't. I called bullshit. I asked them to supply technical references for other companies and they told me they can't and that all companies either open the ports or t1 to them. I called bullshit. There's a third option that uses port 80/443 for a connection to a Citrix presented application. The install rep tells me that it doesn't have the same functionality as the locally installed client. I ask if he can provide a list of functionality that it does not provide. He tells me that it's to long to list. So I request the "list". I call bullshit, again, and quote the install doc telling me that the the citrix presented application is the EXACT same application installed locally. He then tells me to talk to our sales rep and leads me to believe that he's obviously trying to pull something. This is bloomberg.com btw and their wonderful Bloomberg service. ----------- Believe me I know the issues with the ephemeral ports. He wants us to open the ports, including various other ports, on our firewall to the WAN. From internal sources to external sources and vice versa. We actually have a firewall vendor which is a great company. It's a Squid proxy firewall, btw. They've stated that they block that port range. It's one of the reasons why we don't use regular FTP sessions.
  13. So we have a vendor who wants us to basically open up all Ephemeral ports to about 1,300+ IP addresses on 6 subnets. How would you guys feel about that? I know that I feel pissed off that they want us to do this or buy a dedicated T1 to them to bypass this hole. They keep giving the run around that we somehow need all of this. Please chime in with your thoughts. I love to get the security/hacking communities view on this.
  14. I like the mask so nobody can see his face on the internet. Go figure it'd a be a picture Discovery would use. lol
  • Create New...