Jump to content

Blue Dragon

Active Members
  • Posts

  • Joined

  • Last visited

Posts posted by Blue Dragon

  1. Thx for the answer.

    That one might be a little bit trickier, you have to be sitting in between the client and the proxy server.

    Well, I'm on the same network, so all I would have to do is aprspoof both the victim at and the proxy at into beliving I was the other one.

    victim: (set up to use proxy


    attacker: running squid-proxy+upside-down-ternet script

    As I said, when I set up victim to use as proxy, everything works.

  2. Anyone? As I said, it all works perfectly when the "victim" connects voluntarily to the proxy at

    What if the browser on the "victim" was already set up to use a proxy-server. Like in this case,

    How can I spoof the network so that the browser connects to instead of ?

    I've tried arpspoof (set it up in two terminals, one for Victim-Gateway(proxy); one for Gateway(proxy)-Victim as discriped here: http://su2.info/doc/arpspoof.php), but it didn't work. The "victim" could connect to the internet and the pictures weren't upside-down!

    I've also tried ettercap without the "-P dns" part as this is what seems to slow things down. Didn't work either, images all right-side-up.

    Do you think that doing this all in a VM could be an issue? I have 2 VMs running on a Core i7 Win7 box, so CPU shouldn't be a problem. Maybe the network card is to slow or sth? wild guess, yeah...

  3. Hi,

    I've been playing around with ettercap in a VM a little bit. I used

    sudo ettercap -T -q -P dns_spoof -i eth0 -M ARP / //

    with being a second VM ("victim"). The etter.dns has nothing but

    * A

    in it with being my first VM ("attacker") that is running ettercap.

    Basically I wanted to test the "upside-down-ternet"-prank on my test network. It worked quite well and actually turned the images around like it should do.

    However, I've noticed one problem: When you go to a new site on the "victim", this site takes very long to load. Is sometimes takes up to a minute for the site to respond, but sure enough, in the end it loads and the images are upside down!

    The strange this is, that once flickr.com for example is loaded, browsing the site is very snappy and all the images load as fast as always and they're all upside down!

    So it seems that the initial dns-lookup/ping takes very long, but once a connection is made, everything is as fast as it should be.

    I also tried speedtest.net which gave me 27Mbit Downspeed (normally I only get about 6Mbit so I guess it messured the LAN speed) and 0.5 up (normal). Then I tried pingtest.net and it gave me an error saying that it couldn't connect to the server because it timed out.

    Then I tried pinning google from the "victim" while ettercap was running the dns-spoof:

    vadmin@vadmin ~ $ ping google.de

    PING google.de ( 56(84) bytes of data.

    64 bytes from mint8-2.local ( icmp_seq=1 ttl=64 time=0.159 ms

    64 bytes from mint8-2.local ( icmp_seq=2 ttl=64 time=0.202 ms

    64 bytes from mint8-2.local ( icmp_seq=3 ttl=64 time=0.188 ms

    64 bytes from mint8-2.local ( icmp_seq=4 ttl=64 time=0.194 ms

    64 bytes from thom-mint8-2.local ( icmp_seq=5 ttl=64 time=0.196 ms


    --- google.de ping statistics ---

    5 packets transmitted, 5 received, 0% packet loss, time 80183ms

    rtt min/avg/max/mdev = 0.159/0.187/0.202/0.022 ms

    Notice that it took 80183ms to finish 5 packets! Without the dns-spoof, it only took 4003ms! However, each individual packet went over the wire in 0.2ms (LAN-Speed) compared to 68ms.

    vadmin@vadmin ~ $ ping google.de

    PING google.de ( 56(84) bytes of data.

    64 bytes from gv-in-f104.1e100.net ( icmp_seq=1 ttl=48 time=68.5 ms

    64 bytes from gv-in-f104.1e100.net ( icmp_seq=2 ttl=48 time=67.3 ms

    64 bytes from gv-in-f104.1e100.net ( icmp_seq=3 ttl=48 time=68.3 ms

    64 bytes from gv-in-f104.1e100.net ( icmp_seq=4 ttl=48 time=67.8 ms

    64 bytes from gv-in-f104.1e100.net ( icmp_seq=5 ttl=48 time=69.0 ms


    --- google.de ping statistics ---

    5 packets transmitted, 5 received, 0% packet loss, time 4003ms

    rtt min/avg/max/mdev = 67.385/68.235/69.035/0.613 ms

    One other thing: When I set up the victims Browser to use as a proxy and didn't use ettercap at all, everything works perfectly! All the images are upside-down and opening a new site is very fast. So there really seems to be something wrong with my dns-spoofing. I'm running "ettercap NG-0.7.3" on a Linux-Mint 8 VM in VMWare Player 3.0 with a bridged network card.

    I have ip_forward activated on my "attacker"-box and as I said, everything works when I let the "victim" surf through as a proxy.

    I would really appreciate some help! ;)

  4. I have a U3 drive and managed to boot Backtrack 3 just fine when I put it on the Flash-Partition with unetbootin. The Switchblade on the U3-Partition still worked all right afterwards.

  5. Hey guys,

    I just bought a 16GB Sandisk cruzer 16GB usb flash drive with U3 technology. I downloaded the Leapos Payload v0880 (latest) and the Universal Customizer from Hak5. I then copied the ISO from the U3-Directory of the Leapos-Release to the BIN directory of Universal Customizer and ran the exe. There were no errors and flashing the U3-Partition seemed to go fine.

    I then copied the files from the "Flash Partition"-Folder to my flash partition on the cruzer. After that I ran Menu.bat and configured the settings for which modules to run ect.

    All that seemed to work just fine but I can't get the thing to do autorun. I used to have the Leapos on my old flash drive without the U3 and it worked, but with the U3, nothing happens when I plug it into my computer. Also running it manually but starting the Menu.bat and selecting option "2. Run USB Pocket Knife" gives me an error from Windows Script Host:

    Script: h:\SYSTEM\GO.VBS

    Line: 16

    Error: Can't find the file

    Code: 80070002

    The VBS-Script is definitely in h:\SYSTEM\GO.VBS (the U3-Partition) and line 16 in that scipt calls Start.Bat also in h:\SYSTEM\START.BAT

    If objFSO.FileExists(objDrive.DriveLetter & ":\SYSTEM\Start.bat") Then
            objShell.Run ".\System\Start.bat " & strPath , 0, False
        End If

    I noticed that in the VBS-Script it says ".\System\Start.bat" whereas windows explorer shows "\SYSTEM\START.BAT" in capital letters. May the problem already lay here?

    Also the AUTORUN.INF is written in upper case whereas it was Autorun.inf on my previous non-U3-flashdrive.

    Running START.BAT manually kind of works. There're still some issues with file paths but this may be due to me using the german version of windows with Firefox and other programs only as Portable Apps so there's no data in C:\Programm Files\*whatever app* Other than that it dumps all the system info/passwords ect just fine.

    I checked in the registry under HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Cdrom. Autorun is set to 1 there.

    Also HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun is set to 0x91 which is the default setting.

    (http://support.microsoft.com/kb/967715/ + http://communities.sandisk.com/sandisk/boa...essage.id=4070)

    So Autorun itself should work and does on other CD/flash drives. Usually you can just right click the device in Explorer and select Autorun but this Option is also not there with my U3 drive.

    So, can anyone point me in the right direction as to why Autorun doesn't work with my U3 Sandisk cruzer? A little help would be much appreciated! ;)


    So, I've managed to get the VBS-script to run by changing line 16 to

    objShell.Run "Start.bat" , 0, False

    However, autorun still doesn't work. I have a U3 parition with Autorun.inf on the root folder of it

    shellexecute=wscript SYSTEM\go.vbs

    Also, when I right click on the U3 drive, there's no option in the menu to start Autorun as there is with normal CDs and my old flash drive that has the Autorun.inf in its root.

    Does anybody know how to enable autorun on the U3 partition? I runs perfectly when being started manually with the VBS.

  6. Hey guys,

    I've been reading a bit on the interwebs about people who managed to install their OS (WindowsXP) onto a Ram Disk which apparently resulted in a very good performance with fast loading apps ect.

    I know it's pretty easy to load a live CD of knoppix into RAM before booting and having the same advantages (apps pop up instantly ect.) since there's already a simple menu option when booting the liveCD.

    Now, I'd like to know if something like this is possible with windows. Nowadays you can easily buy 16GB of RAM for a couple of hundred $$$ which would be far enough to hold your XP or even Windows7. The only problem of course is that all the data is lost when you loose power. Well, not all is lost at once but it gets corrupted over time...

    What I was thinking about is the following: Install Windows on a normal drive and every time you boot, copy the whole system into RAM before booting it up. That way the booting it self would take a little longer, since copying 5-15GB of stuff from a SATA-connection would take something like 5-10 minutes I guess, but once the system is up, your performance would be awesome, wouldn't it?

    Later, in order to save your settings, installed programs ect., all you'd have to do is copy the system back onto the HDD before shutting down.

    Would this be possible? I guess one could use a program like dd that just copies all the bits from one partition or even an image file to the RAM-Disk. What do you think? How would you do this?

    Would you actually see the difference in speed when using the Ram for your OS as opposed to a normal HDD? Has anyone ever done this in this way? What about actually booting from the RAM-Disk? Does it show up as a normal drive in the BIOS or do you have a special boot loader on an additional drive?

    Looking forward to your suggestions and answers.


    Just found this: http://www.hyperdrive4.com/index.php Hold max 64GB of DDR2 Ram, but costs 400$ for the case alone, plus whatever 64GB of Ram cost. Not cheap, but 175MB/s read, 145MB/s write sounds pretty decent.

    Edit2: Oh damn, Sparda just found the same thing. However, as I said it's not cheap. And if I already have tons of RAM in my system, can't I just use that?

  7. Hey guys,

    I was wondering weather it would be possible to inject a video or still frame into a VNC-Connection from the server-side so that it looks like the one being monitored is still working on a spread sheet while in fact he's doing something else.

    I got this idea from one of many movies where the guys breaking into the bank feed a video of an empty vault to the security-guys while they are actually in the vault stealing the money.

    Would it be possible to run a VNC-Server that serves a still frame or video-loop via the VNC-Protocoll so that if someone were to connect to my VNC-Server, all he would see is the still frame or video-loop?

  8. Canadians can do the same to reach US sites, so it has some usefullness, but I would't use it with respect to privacy or security. Just as a means to proxify a connection, not secure my traffic.

    However a regular free http proxy from elite-proxy is a lot better for this, I think. With TOR you're routing your traffic through dozens of nodes which causes transfer rates of 10kb/s or less from what I expirienced while trying it. In todays Web 2.0 that's simply not enough for anything on the web. No Video, no Audio, no Pictures (unless you want to wait 2 hours for a few pics to load).

    So well, the idea behind TOR is good I think and there're certainly some times where it's actually useful. However most of the time it's rather useless because it's just not fast enough to get anything done.

  9. Did they not do something like this? It was a long time ago, I can't remember if it was a piss take or something. But Darren took his laptop to someone, think it might have been Harrison?? They used a Gateway laptop if I remember correctly. Maybe someone knows what I'm talking about.

    Yeah! Is was one of the first episodes of S1. Must've been ep 2, 3 or even the very first one... Should be in the shownotes, I guess...

  10. Ubuntusrudio is a software for postproduction, not for editing while your broadcasting/streaming live. Afaik software that can do this is very, very expensive. On Hak5 they use a hardware video mixer which starts around 800$ or so, I think.

    I'd suggest you head over to revision3.com and watch this episode of the gazette: http://revision3.com/rev3gazette/studioop/

    There they show what they used to build their studio, maybe you can get some info on what to buy there.

  11. Takedown was a great movie!

    I didn't think so when I watched it a few weeks ago. You do know that most of the story about Kevin Mitnick told in the movie is completely wrong, don't you? They made this movie while he was in prison for doing small things like looking at some code inside a company or copying some software (without ever distributing it!).

    Go watch the movie "Freedom Downtime" by the 2600 Crew to get an other look at the Mitnick-Case and find out how it really went down. The Takedown-people showed the media an image of Mitnick that just wasn't true.

    As to what hacker movies I like: Enigma is a great one. Just watched it a few days ago and it's very interesting.

    Ghost in the Sheel is also one of my fav. movies. I generally don't watch anime, but GitS is really great!

    Sneakers is another one I really like.

  12. Damn, I know which program you mean, but I just can't remember the name or the episode. I used to have it, but the folder is was in got lost when my harddrive died.

    It was a program you could type in for example a web adress and it would show the subdomains, the email adresses (for examle darren@hak5.org ect.), whois-info (I think) and more.

    I think it used to have a web frontend before they changed it to a standalone program. Something's telling me it was called P...something, but the only thing I can come up with is pandora which cerntainly is not what we're lookng for.

    Hope someone can tell us the name of the prog.

  • Create New...