merlin133t

Members
  • Content count

    282
  • Joined

  • Last visited

Community Reputation

-1 Noobie

About merlin133t

  • Rank
    SUP3R 31337 P1MP

Recent Profile Visitors

2,279 profile views
  1. I think ruby would be the way to go. It's fairly easy to read ( the source code ) and it's pretty simple to code in. It's very easy to pickup and when you get more experience, you can start OOP ( object oriented programming ) using ruby. If you want to get more, you can use extended ruby and implement your own C source code for those detailed jobs that you need done.
  2. Explain fuzzing and reverse code engineering.
  3. Hello all! wonderous news!!! for my Information security class, our final project was to try and break into 2 servers (or probe as much info as we can to write our report ) The linux one is hard! ( enumerated it's a debian box and running some really good services like nfs and such but i only got it as a normal user with no /home directory, my professor was sneaky lol....i can only write to /tmp/) Anywho! i decided to move onto the windows server which turned out to be a windows 2000. I used metasploit to inject code ( exploited rcp ) and i added a user to the local administrators group. I was able to upload nc and i hide it well ( part of the final project is to keep it clean and erase tracks ) and now have a listening backdoor which returns a cmd.exe as an administrator ( the user i made ) well...to be more sneaky, i was trying to break the Administrator password so i can delete the user i made. As real as the user looks, it's still added and any net admin would notice it. Is there a way i can snag the SAM and SYSTEM file so i can run an attack to crack the password? I know it can't be done while it's running. And i don' have physical access. I have admin rights though so anything with admin privileges i can use.
  4. just curious, i know active directory pretty well ( since that's what they teach us in college) but what can you do with a *nix run network? Can you setup kerberos or does *nix use it's own domain form of authentication? Pretty much just how are *nix networks run opposed to windows 2003 and active directory.
  5. Asus eeepc. only 300 bucks. Linux ready, wireless ready(for wardriving, wep/wpa cracking etc.) NOT FOR ANY GAMING.
  6. thanks livinded. that's exactly the response i was looking for.
  7. Thankyou for your advice i think i will send the email.

  8. If you show them your post..they won't believe you hacked after reading your grammar... lol jk..well not really lol. I think you should turn yourself in. You won't get in trouble, just say you read an article on the internet and were curious. No harm. I was caught in high school too, but it was selling teacher passwords so kids can unrestricted internet(that was like 5 years ago) At most you will get suspended for a week. Don't worry too much, it's high school. You're suppose to fuck up.
  9. Now in what order do you suggest? Should i learn to use metasploit to it's full potential first, or atleast get a good understanding on how to use it, what exploits to use for certain ports and what paylod is best? Then should i move into modifying some of the modules to further understand ruby then fuzzing // assembly // disassembly learning? I mean, i understand how to use metasploit, I've been enumerating my test boxes with nmap and trying to use the exploits but i get a bunch of errors and it's either hit or miss. I'm just trying random exploits for the givin ports ( an example would be SMB ports...i don't know which exploit to use, just that it works for SMB ) so should i understand that first and if so, what is a good read on learning what exploit works best for a given port or is it just a hit or miss thing. Then should i learn assembly first, or ruby? I plan on doing it all, i just want to know what's the best order in doing so.
  10. I am finally off of college for spring break and taking a break from all the networking classes!! internetworkin II, Network Design Concepts, Network administration ( pretty much just how to use active directory) lol.. well i was wondering if i should learn to use and master metasploit first...really understand how to use this powerful tool. then start to re write the exploits in another language..lets say python or make minor modifications in ruby..then start to learn fuzzing. Is this a good path into becoming an exploit developer//writer? It's a hobby i am very interested in but unfortunately...this isn't a course in college lol. Any additional steps? Are my steps incorrect? i'm already in an Info. sec class but it's just your basic enumeration, MITM attacks, and so forth. Just a class on how to use these powerful tools..not really on creating our own. Any input would be nice. Thank you.
  11. if it's a just for fun laptop....get the asus eeepc and install backtrack 3 beta lol. i would if i had the money...so comon...do it..let me live through you lol.
  12. I was wondering if using metasploit is considered being a script kiddie? I mean what does script kiddie really mean? I mean i'm sure many people use the tools available to the open...now if using tools to assist in a hack is considered a script kiddie then...pretty much a real hacker is just a better programmer. Now is using metasploit scridding? I am recently trying to understand fuzzing and writing my own exploits ( struggling, but not giving up ) so i don't seem like a "scriddie" but using metasploit to it's full extent is more complicated than a point and click DoS or exploit. your opinions?
  13. Hello! i have 2 old laptops that i got. a Compaq LTE 5200 and an HP Omnibook 5500CT. I'm trying to find a full linux distro. or atleast one with network capabilities. The only problem is that it cannot boot from CD ( even though they have hot swap cd/floppy dribes ) So. i was wondering what old school linux distros there are for these ancient laptop? I'm sure there was linux on floppy before CD lol...my googling as not gotten me anywhere. Help me out!!! lol.
  14. correct me if i am wrong. But aren't LM authentication obsolete? it's either kerberos or ntlm correct? kerberos for logging into a domain of course and ntlm for local authentication. ntlm gets rid of the flaw of LM where it splits the hashes if it's more than 7 characters long.
  15. did you use the right ethX number? with the dv6000 sometimes it's weird and increments the ethX number every startup. i got upto eth46 lol.