sc0rpi0

Good idea! Dumb question, but why not just use ftp?

My friend owns five usb drives which he has managed to corrupt over time. When they are plugged in, they display an error when trying to be written to. I would like to help him repair these. I've done *some* research on this topic but to no avail. Any ideas? Thanks.

If it's not too much trouble, would you mind PMing me some of security details as well? This kind of stuff interests me.

Take your time.

Hey everyone- Please note before responding that I am not trying to find a way to circumnavigate my school's network blocker for the purpose of playing games, spending time on facebook, or viewing porn. In my opinion, the above are quite pointless considering they are all a waste of time and can be easily accomplished by using a proxy (using google of course--trust me, there are billions of working ones.) I am friends with several of my teachers at school. At least once a week, I overhear one complaining about the Light Speed website blocker which is instituted on the network internet connection. Although I believe this program should block sites such as facebook and miniclip, the program has a terrible tendency to block pretty much any site that the network admin has not used. For example, my French teacher, being head of the foreign exchange program tried to login to her site for the Nantes (French place) exchange. Despite the fact that the site is 100% legit, it was blocked. After nagging the admin several times, he unblocked it. I would like to host a copy of bblocked (a good proxy script) available here: http://sourceforge.net/projects/bblocked http://www.bblocked.org/ so that the teachers I know can access their sites without having to go through the hassle of having them be unblocked. I don't really want to give them a normal proxy site because I don't trust them for handling login details. I literally have spent hours attempting to setup bblocked on several free-hosting services with no avail. Any suggestions/comments would be much appreciated. :)

Email sent! This looks good...can't wait to check it out.

There's a neat little program by the name of Wubi (no joking). It adds your choice of ubuntu on the startup menu. Like duel booting...only billions of times simpler. If you decide you don't like ubuntu, just boot back into windows and uninstall Wubi like you would a normal program. It will be gone without a trace. Here's the download link: http://www.download.com/Wubi/3000-2094_4-1....html?tag=lst-1 Hope this helps.

Although I don't have much experience to speak off, I like ubuntu with a xfce interface.

I currently have an HP and it works great. Can't say so much about their service though. I bought mine a few years ago and all of a sudden, my screen begins to flicker [like its broken]. First, I assume that I in some way damaged it. Contrary to my beliefs, customer service said that my monitor model had been recalled last year and it was my fault for not checking earlier. But other than that little incident, HP is great.

IF you need notification of what files users bring on their USB drives, why HackBlade? HackBlade extracts passwords from a computer too. Of course, I guess you might be extracting passwords out of your own computer. :???: Back on topic. Gonzor's payload is great. Just make sure that there is no space in between the "=" and your username and password in the send.bat file. The username your send from and the one you send to should also be the same. Hope this helps.

Any drive will work...depends upon what method of execution you wish for. If you want the switchblade to run upon insertion, u3 is necessary. Check out Gonzor's "u3 hacker" and payload. If you don't mind having to respond to a popup dialog upon insertion before execution, then a non-u3 will work just as well. You really should check out the wiki. Pretty much *everything* is in there. Here's a link: http://wiki.hak5.org/wiki/USB_Switchblade Good luck!

Sure, I interested! One problem...how?

alienware is pretty good from what I hear. Macs are great too.

I couldn't recreate the process above. What does the piping to NUL accomplish? I think a simple prog is in order that given a known filename on our USB stick will output the drive letter associated, like: Input: C:> findDrive go.bat Output: G: Forget the NUL completely. Will not affect it whatsoever. By all means, take it out! As for the %~d0 wild card, that merely represents the letter the drive letter the program is running off. Whatever driveletter the program is run off, that's what that will be. It is piped out to a file which then opens the root directory of the drive

Include this "code" into your switchblade [go.bat I think] It outputs the name of the drive [which has just been inserted] into a batch file which is then run, popping up the explorer window. No vbscripts are necessary. ::[open.bat] echo explorer "%~d0" >"c:driveletter.bat" "c:driveletter.bat" ping -n 5 localhost > NUL del "c:driveletter.bat" Hope this helps.

Oh, it's definitely possible 8) My friend coded up something like this a while ago. Anytime he got someone's ip, he could connect like he was using vnc-- only it wasn't I would give you the code, but I don't have it and I haven't seen my friend for some time. Good luck!

Haven't actually tried this, but according to spektormax, this should do it. Of course, this is assuming that you are trying to pop up the explorer window of the drive. [shadow=red,left]ping -n 5 localhost > NUL start nircmd.exe win max ititle "Removeable"[/shadow]

A really good u3 drive is the Sandisk Micro. By the way, search for usb drives on the radioshack website, find a drive you like, and when you look under its description if it says "u3 smart" or something similar, then it's u3. Then type the product name into amazon or such where the prices are better.

Great apps! Don't forget... torpark http://www.download.com/Torpark/3000-2356_....html?tag=lst-1 Putty Portable Filezilla FTP Dumb questions but where did you obtain wiretap?

I love to read. Here are a mere few of the books I have on my shelf. Perl for Dummies HTML for Dummies Hacking for Dummies [imagine that!] Linux for Dummies Encyclopedia set Oxford Dictionary Hacking exposed : network security secrets & solutions Hacking : the art of exploitation Learning Perl Lord of the Rings The Hobbit

For some reason though, when I do not unhide them, they can still be executed.

I couldn't help but notice that in the hacksaw, before files are run, they are unhidden with this command: attrib *.* -s -h My question is do they really have to be unhidden before using them?

I'm sorry...I guess I was trying to ask which one is used more for hacking. Thanks anyway.

I'm not exactly sure i understand your question... The program would be run like any normal payload,with the difference that it decrypts itself into memory at some point...which would be pretty much the only point it would be detectable... The AV wouldn't be able to detect it as a known 'virus',except of course,if it is a bad encryption,or it somehow behaves stupidly... Well,if we look at my post here,you see the same conclusions from sablefoxx ,though he stated it clearer...the program will be catched in memory or in the decrypter embedded in the file,though there are workarounds for both...BTW Sc0rpi0 i would NOT recommend creating a rootkit though,since it makes the targeted system VERY unstable and mis configures it pretty bad too,that is,if you aren't an expert on what you are doing... ¨Whatever you choose,good luck :-) My question was whether the program [for example: netpass] if encrypted would have enough time to perform its function of extracting passwords before the AV caught it. I'm assuming the answer is yes, but just double checking. Thanks for your help.

What's the difference? Which one is more appropriate for hacking or building programs? Thanks very much.