beakmyn

This is a good how to. http://www.linuxhomenetworking.com/wiki/in..._Using_iptables

You would need to create a custom cable to put the power supplies in series, think batteries stacked on top of each other. That would increase your voltage but your current output would remain the same. Stick with laptop HDD. they have less inrush current so your USB port won't cut off on a current limit. USB wasn't really meant to power an external harddrive that's why most external drive enclosures come with two cords. They parallel the USB power to provide the needed current to spin-up the drive.

I just installed ubuntu server on an old 500MHz Dell laptop. It now serves as my VPN. Works great. In case you do need a graphical web browser, no worries, just install links2

You can modify the computer security policy however this WILL survive a reboot. There is a way to do it for particular users and not others. Start > Run > gpedit.msc User configuration > Administrative Templates > System > Ctrl+Alt+Del Options These are reverse logic options I.E. you want to enable the removal of Task Manager. Microsoft article 293655 explains how to do this for local users. You can't prevent ctrl+alt+del from happening but you can control what options the user has when they press it.

It Should work just fine on a standard usb with a small modification to the search routine that figures out what drive letter is the CD and what drive letter is the Flash drive. Heck it may work without modification, haven't tried it yet. I use the U3 for the exact reason HR stated. The programs are on a readonly partition so they can't be deleted. I'm not sure of the current state of the switchblade. Last I knew I gave the developer group* permission to use my ini methods. Their intent was to develop a new version which I haven't heard about in quite a while. The code is all vbs not VB so anyone is free to modify as they please. * I forgot who contacted me about this. Looks like Gonzor's autorun.inf is being detected by Mcafee AV as Tool-Hacksaw. But mine isn't. ...play the game with the bravery of being out of range

CapitalOne provides a similar service with their card lab here in the US.

http://www.irongeek.com/i.php?page=securit...kprinterhacking Yep, nothing new but can be fun, just like some people I know who like to print to random wireless printers they find

Using an Eee is impratical, IMHO. I've spent the last week researching portable laptops that are still usable. There's basically 3 laptops in the category for me. 12" WXGA screen (1280x800) resolution 1.7GHZ processor 2GB RAM 120GB hard drive WIFI, BLUETOOTH Most laptops of this size are going to have shared video memory so you want th 2GB of RAM since the video will be taking a good chunk of it. Resolution of the Eee not usable for web surfing. I see 1024x768 a minimum nowadays. 1. Sager 7260 2. HP tx2000z 3. Asus U2e For the money I found the Sager to be the best deal and the only one you could buy without an OS. With the bells and whistles it's around $750 - $780 (discountlaptops.com has the best price). The downside to the HP besides the price is the Wacom doesn't work in Linux, yet. The Asus is pricey at over $1000

You do have a firewall that's what iptables is doing for you. You'll want to throttle port 22 incoming though. http://www.debian-administration.org/articles/187

Ok, so it took some researching and poking around but you can easily do pretty much whatever you want with the "public" Fonera signal. I'll tell you how to change the ESSID (removing the FON_ prepend) and how encrypt it. Why would you want to? Well, let's say you don't just want to share your internet connection with just anyone; lest you be liable for whatever illegal actions they perform while connected through your network. Here, you have a little more control over who gets to connect. Requirements SSH access to your Fonera scp (secure copy) OR Winscp OR vi editor in Fonera Hardware Used Fonera+ (FON 2201) Files touched I will only show you modified sections of the scripts for brevity. /etc/config/fon /lib/fon/config.sh /etc/init.d/chillispot #For WPA only Background In non-modified mode when the Fonera boots it calls /etc/config/Wireless which is just a redirect to set up the wireless (contents: . /lib/fon/config.sh wireless). So config.sh is called with parameters to accomplish this. It queries the /etc/config/fon file "Public" section settings. Currently there is no code in this file that allows the "Public" signal to be encrypted. This is easily fixed, just copy the code from the private section and replace the appropriate references sections. This is easy enough for WEP but there's a catch if you want to use WPA. Here's the rub; WPA uses the passphrase you provide and the ESSID as a seed to create the actual encryption key. Not a big deal except that the ESSID you supply in the /etc/config/fon is not the actual ESSID of the public connection even though that's what will show up in your wireless client/manager! So, you have to do a little more work and modify the chillispot config file and remove the FON_ prepend which is shown below. Unless this is done you'll never be able to connect to the public side using WPA encryption. Keep in mind that the Public signal isn't available until the Fonera has determined that it can access the internet. Modified: /lib/fon/config.sh config wifi-iface public option device wifi0 option ifname ath0 option mode ap config_get ssid public essid option ssid "$ssid" option hidden 0 config_get encryption public encryption case "$encryption" in wpa*|WPA*|Mixed|mixed) case "$encryption" in WPA|WPA1|wpa|wpa1) enc=psk;; WPA2|wpa2) enc=psk2;; Mixed|mixed) enc=psk-mixed;; esac config_get crypto public wpa_crypto option encryption "$enc${crypto:+/$crypto}" config_get key public password option key "$key" ;; WEP|wep) option encryption wep config_get key public wepkey option key "$wepkey" ;; esac This is the workhorse script . You'll see the unmodified section of the script, on your Fonera, for "config wifi-iface public" is pretty spartan. Just copy the what's in the private section pertaining to encryption and replace the appropriate "config_get private" with "config_get public" These are the calls to /etc/config/fon. This file needs to be changed if you want to enable encryption on the public wifi. WEP Encryption This is the easiest and requires the least amount of work on your part. Modified: /etc/config/fon config wifi public option essid 'MyPublicPlace' option isolate 1 option wepkey '1' option key1 'DEADBEEF11' option key2 '' option key3 '' option key4 '' DEADBEEF11 is a 10 digit hexidecimal passphrase. This creates WEP 64 encryption key. Also tested: option key1 $(get_serial) Conveniently creates a WEP64 key that is the serial number For a WEP 128 key try option key1 'FoneraIsCool!' Setting option wepkey '1' sets the Key# index to use. But since there is currently no webif interface to change this leave it at 1. WPA Encryption Using WPA comes with the warm fuzzy of a less-likely to be broken key. Yes, I know all the ways to break it, you don't need to tell me. Modified: /etc/config/fon config wifi public option essid 'MyPublicPlace' option isolate 1 option encryption 'wpa' option wpa_crypto tkip option password 'CPE1704TKS' Modified: /etc/init.d/chillispot # enable the wifi interface ssid config_get ssid public essid # Original #iwconfig "$wifi_ifname" essid "FON_$ssid" # WPA working iwconfig "$wifi_ifname" essid "$ssid" See the difference? Because the Public wifi was never meant to be encrypted it wasn't an issue to prepend the FON_ to the ESSID. However doing this will break WPA because the ESSID in use doesn't match what was used for the seed to the hash. So, you've got a buried shovel. We must remove the FON_ prepend. This doesn't appear to break anything. It does make it harder for the user to know it's FON spot so you'll want to set your ESSID to include the FON_ as an alternative. Removing the FON_ doesn't affect the captive portal. Caveats If you use the web interface to make changes that touch the /etc/config/fon file like changing the private wifi settings, you will lose your modifications to the public wifi. This is due to the webif scripts in use that overwrite this file. It should be a trivial procedure to modify the wireless settings web page to allow you to set both the private and public settings. These modifications most likely won't survive a firmware update though. Final Notes Reboot your Fonera and you should see that both the "Public" and "Private" are now encrypted! You can have both the WEP and WPA options in the /etc/config/fon file just remember to set the "option encryption" appropriately. Next up, modifying the webif scripts to make it even easier.

If you're serious about power get a Lind. I've been happy with mine. Works great, even at -15degF An inverter will work but it's inefficient to take 13.8VDC to 115Vpseudosine to you laptop supply which then converts it back to ~15VDC

I know that this system is used at all Marriott hotels including, as I've been told, at Marriott hotels in Disney.

I did not discover the initial exploit (print to image writer) and don't take credit for it. I'm just providing documentation for it and how I took it to the next step. I don't condone doing this and if you pay the $9.95 you won't have to do any of this. Target: iBahn Site Kiosks Wardman Park Marriot, Washington, DC Goal #1: Free access to the internet Goal #2: Free access to the operating system Goal #3: Root the box The iBahn kiosk software is much like other kiosk systems. It runs on a standard PC and replaces the Explorer windows shell (start button, taskbar, etc) with its own. This, along with XP policies essentially prevents the user from exiting the kiosk system and gaining unauthorized access to the PC. In most cases the interface will look like a web browser. Its look and feel is purposely similar to Internet Explorer. This keeps the concierge, desk attendant, et al from having to provide tech support. The kiosk software itself very configurable by the administrator and uses a text file configuration. This allows the whitelist/blacklist of websites for free access. Set up of the credit card payment systems (not done in-house but sent over the internet to a central server)* and all other conceivable administration tasks. EXPLOIT #1A: *Because of this, you can just pull the Ethernet cable and plug it into your device and have unrestricted access. However, you'll look pretty conspicuous running your laptop next to the kiosk. In kiosk mode it’s locked down. - You don’t have access to printing* (or at least you’re not supposed too). - You can’t run any programs. - Autorun is turned off - switchblade will not run :( - No booting to CD or USB - BIOS is password protected - No safe mode - XP Guest account access So what do you get if you pay the $9.95 access fee? Well you’ll get internet and access to Microsoft Office (Word, Excel, and PowerPoint) and possibly other programs like Solitaire. Yep, pay $9.95 and you can play Solitaire! Walking up the terminal you'll most likely spot a few things. Most everything on the menu bar is disabled and when you try to access a website other then those on the free whitelist you’ll be automatically redirected back to the home page. Now remember the browser is based on Internet Explorer which means some web tricks will work. I.E. those tricks associated with obscuring the URL in the address bar. Tricks to obscure the URL http://www.pc-help.org/obscure.htm You CAN’T type in http://www.hak5.org You CAN type in http://www.ibahn.com@www.hak5.org Yes this will take you to hak5.org but any links you click on will be un-obscured and will redirect you to the kiosk home page. If you’ve you got a lot of time on your hands you could continuously re-obscure the URL. If you’re really smart you could try and perform as cross-scripting exploit so that you stay in the kiosk home page. Or if you’re even more cunning you could set up a website that will provide you with URL obstrufication automatically. Now, if you read back a little bit you’ll notice I said “most everything on the menu bar is disabled…” This is key to our exploit. There are actually a few things that have to fall into place in order for this exploit to be successful. It seems that the programmers got a little careless and when you maximize the kiosk window the print button is no longer disabled. So, you can print. What good is that, you ask? Well, if the default Microsoft Office install was performed then the “Microsoft Office Document Image Writer” printer driver is installed. So, print the current web page and choose it as the printer. Once it finishes it will run the document imaging program. So, we’ve escaped the kiosk software. Now this program, being part of Microsoft Office has an option under the Tools menu to “Send Tex to Word”. After a bit of processing you’re now running Microsoft Word without having to pay for it. You’ve now got several avenues of exploitation available to you, which I’ll explain below Step 1: Maximize Window Step 2: Click on Print button Select “Microsoft Office Document Image Writer” as the printer. Step 3: Tools > Send Text to Word Step 4: Exploit! Since the system is still pretty well locked down you won’t be getting a command shell or Explorer shell anytime soon, unless you keep reading. EXPLOIT #1B: You can do what I did and go into VBA and make your own web browser using the Internet Activex Control and some text boxes and command buttons. But most people probably don’t know how to do that. EXPLOIT #1C: Insert > Hyperlink (Ctrl +K) Address: http://www.hak5.org But who uses Internet Explorer? Got that USB drive with portable Firefox on it? Make a hyperlink to your USB drive and run it or make a hyperlink to download it. Now you’ve got unrestricted Internet Access. EXPLOIT #2: If you know where the root drive is on windows (Hint: C:) you can insert a hyperlink to C:. It’s as easy as clicking on: Insert (Ctrl +K) > Hyperlink: address c: You’ve now got access to the root drive. Because of restrictions in place the drives don't automatically show up in file browse windows. You have to manually type them in. Good 'ole "security through obscurity" You’re limited to the locks in place such as not being able to run task manager, cmd and other useful tools. But, that never stopped us before so head on over to systinternals.com and grab Process Explorer. Yep it’ll install and run. Now you start killing processes. There’s only 1 small problem killing the site kiosk software doesn’t allow you to run the explorer shell. That’s not a problem since being the resourceful person you are you’ve already surmised that if you can install programs then you can install shells, like blackbox for windows http://www.bb4win.org. Now you've got a program menu, system tray, clock all the stuff you really want. EXPLOIT #3: Getting Root I did not try to gain root access but here’s my thoughts on this. If you we’re paying attention when you ran process explorer or happened to look at the systray in Blackbox you would’ve notice that a VNC server is running. Being the curious little monkey you are you would’ve clicked on it and noticed that there is a password set. Ponder this for a moment. There’s an administrator password for the site kiosk (accessed through Ctrl+H, if I recall correctly), a BIOS password and a VNC password. We can assume with some certainty that they are all the same, or at least hope. Which is the most easy to exploit? Hint: it’s the little stars you’re looking at. There are currently a couple different methods for exploiting a VNC server. - Use one of the several asterisk password “unhide” programs. - Obtain the password from the registry and crack it. Remember, the system won’t allow you to write to the registry but you can read you just have to figure out how ;) - Perform a pentest exploit from the comfort of your room since you know the IP address of this PC. If you don't then you have no hope of doing any of the previous. Good luck and once they fix this bug you'll have to pay your $9.95 (the first time ;) )

This method works very well for drives that have the "click of death". Put the drive in the freezer for at least 2 hours.You don't really need it to be in a plastic bag. Then remove it and hook it back up. Try and get it to boot. If it boots you've got 5-30 minutes of time before it dies again. You can then put it back in the freezer for another couple of hours and try again. You want it cold but you don't want extreme cold so don't go putting it into liquid nitrogen or dry ice. You can run drive from inside the freezer if you want but you run the risk of water condensation and shorting out the board. I've successfully used this method several times on different drives and put it back in the freezer up to 6 times, before the drive just compeletely failed. The key is getting your data off. Don't bother with something you download later. Just get the really important stuff off first, you may not have a second chance. As for data restoration programs I've had good luck with GetDataBack from Runtime.org, For quick and dirty there's always dd

Sorry should've removed that link it's an old version. http://rapidshare.com/files/79403074/switc....zip.html is the latest.

I had an issue on my PC using a PQI flash drive and they sent me a program that would allow you to query and change IDs and whole bunch of other low level functions. If I can find it I'll post a link.

I didn't know that. That's a pretty nice feature.

That's not entirely true. A zipped file with a single layer of encryption still exposes the file names in the archive. If the scanner is set to search for certain file types (vbs, scr, bat) etc, it will delete the file. This is particularly true when sending archives through email. The one way to combat this is to zip the files, encrypt, zip the zip, encrypt. Then the scanner only see the second encrypted zip file.

Plasterboard wall 3dB Glass wall with metal frame 6dB Cinder block wall 4dB Office window 3dB Metal door 6dB Metal door in brick wall 12.4dB source: http://www.wi-fiplanet.com/tutorials/article.php/1431101 Soil will have an affect on the signal. It depends on the composition of the soil (trace elements, moisture, etc). Are you using a directional antenna and aiming it at an embankment? Typical wifi's have omnis so the signal is traveling in all diretions. I wouldn't go drilling holes as you'll weaken the structure, since you probably don't know whether your signal is vertically or horizontally polarized.

So will you be giving out U3 flash drives? ;)

The easiest is by looping for the drives c-z (typically the bios reserves a and b for floppies) and then look for a specific file like thisisit.txt. Obviously you'd have a file named thisisit.txt on your flash drive. You'll need some type of error handling to prevent drives with no media (some multi card usb readers). I use 'on error resume'

Sure if we want to dissect the whole code, but as the first post indicates you can grab the source from here: http://mywebpages.comcast.net/dissoluten/scanComp-src.7z As far as the mechanics behind the AV detection: -inputs a list of known AV processes from config.txt (sorted) -grabs a list of current system processes using sysinternals pslist -takes the current process list and binary searches for each against our known AV list (since logarithmic time is better than linear) -if nothing is found, executes the full payload -if not, executes a payload that scans cleans -the payload switch is determined in the config.txt file as Y/N, converted to boolean on input Does that answer your question? What I might do, based on feedback, is code a 'light' version of the AV detection for other packages - if other's are interested. But please have a look at the source - I commented the hell out of it. Why go through all that? I already do something similar in my vbs script of the payload. I have a watchdog timer that looks for a certain process using WMI and kills it. I'll code up a new option to disable AV based on process name and add it to my payload script. I do like the encryption aspect. But if the files are on a read only partition on a U3 drive the AV can't delete it and since you're killing the AV the encryption is a moot point.

Why not try ophcrack to see if you don't need to generate the tables.

http://rapidshare.com/files/79403074/switc...e0.3.2.zip.html

The edition of "on error resume next" should fix the issue, as well as not omitting drive A,B from the search.