Binrev Financier
  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by tekio

  1. Just looking at what it does, it looks like a beefy program. Emulatation is out of the question. Virtualization, maybe..... They are pretty tight on any details without contacting a sales person. So I'm guessing the software costs 5K or more. But reading over the technical support docs, it looks like Workstation class software. Meaning Quadro video cards, Xeon CPU's etc.... Virtualization would be very impractical for to run something that beefy.
  2. It means it's missing a line separator. Either a tab or semicolon. If your editor uses spaces for tabs, that might be the problem.
  3. They do not need to be signed. The user will get a warning, stating they are not signed. They will be presented with an option to either install them, or skip installation. You might be thinking Patch Guard, starting with Vista 64-bit. Kernel Patching is just the term used, not like patching a Linux Kernel. It basically blocks low-level access to kernel services. Drivers were unaffected. In the past I've wondered why no Windows drivers could do monitor mode. It is because of NDIS. All windows adapters use it so they can bind more than one protocol to a single adapter. I guess the low-level functions make it difficult. Air-Pcap uses it's own networking subsystem, not built into Windows.
  4. "ChinaNet-tQGc". All kinds of stuff like that happens with Chinese companies - TP-Link is a Chinese company. At work we get USB flash drives, to distribute our software on, directly from the Chinese manufacturer that produces them. We have a special computer not hooked to the network just for formatting them. Every 1 of about 100 will contain some nasty malware preinstalled for us.
  5. Because of NDIS, the only way (i know of) to get a Windows WiFi chipset in monitor is Airpcap with an Airpcap adapter. I have one, but linux with an Alfa USB is much better and cheaper. That can be run in a Linux VM as well. I never had much luck with Windows, Promiscuous mode, and Wifi. I know most Broadcom chipsets will do it. As will Windows drivers for the old Prism 2.5 chipset. The Prism 2.5 is 802.11 B only. Not sure of newer Broadcom with A/B/G/N chipsets either (that's A as in 802.11 N on 2.4 & 5.2 not old 802.11 A). You can always ARP-Spoof the entire broadcast domain. But that can cause a lots of trouble on networks with a lot of hosts. Or if your computer is too under-powered to process all the traffic.
  6. Yes, I know. I know what kind of file it is. He probably used C. Why not just use an algorithm or key to xor the values? This might help: http://computer-forensics.sans.org/blog/2013/05/14/tools-for-examining-xor-obfuscation-for-malware-analysis
  7. I don't think it's hashed. I think it's obfuscated. Also, from googling, I think I know it is from. Look at the tools the developer had available to obfuscated credentials stored in the file you have got. My guess: it's using a combination of base64 and xor obfuscation. All you need to do is make a tool that will base64 encode/xor in different combinations, and stop and write to a file when a combination is found that takes a known plaintext and gets the obfuscated result. Good luck!
  8. The only way to decrypt and encrypted file is to find the key. You will need as zip password cracker. It could take from 2 seconds, to beyond the scope of your lifetime depending on the algorithm used and complexity of the password.
  9. Threads in PERL is not fun. :(

  10. Are you maybe using jumbo ethernet frames on some equipment? Also, the 10BaseT could be using half-duplex. Try turing off jumbo ethernet frames and setting all NICs in full duplex mode. Some older NICs will not support full-duplex. Other than that, just use wireshark to watch and see what is going on.
  11. True that, Glitch. But, IMO, PERL is the worst. But that is what makes it my personal favorite language. One can adapt PERL to fit their own style. However, when you get five I.T. guys collaborating on a project, and each tries to out-do one-another with PERL "one-liners", it difficult to find people good enough to decipher everyone's code. I guess any language is like to an extent, even BASIC. But PERL just varies so much from programmer to programmer.
  12. I like Python for its readability. We use Python at work a lot just for that. Reading other's PERL can vary from very readable, to looking at hieroglyphic chicken scratch.
  13. The biggest advantage of doing anything from the command line, is that it can easily be scripted with PERL, Python, or even the native language of the shell a person is using.
  14. I posted the same thing, but they just kicked my door down and seized my golf clubs.
  15. I'm not clicking on your links anymore, glitch! Last time it crashed my browser.
  16. Watching War Games! Next up is Antitrust!

  17. Those Senaoa's were nice back in the days. I think they only see 802.11B, since they have the Prism2 chipset.
  18. Thanks for the tips, Glitch! Just so I'll know what to expect, what kind of gain are you getting with the antenna?
  19. Thanks for posting! I want to learn to solder. Been waiting for the right project. Think I'll give this one a try.
  20. Really, really starting to like Linux Mint. Linux with a polished GUI that doesn't take too many resources. About damn time!

  21. You can use Cain & Abel. This allows you spoof DNS records (Cain has built in DNS spoofing support that is easy to manage) only to hosts that are subjected to ARP poison routing. Thus, your machine and all others not selected for ARP poison routing will get pristine DNS answers. EDIT: Here's an image of the ARP/DNS Poisoning screen. Sorry, for it being so small, but don't really feel like editing it. Just enter the dns name along with the IP address you want it to resole to. All reverse DNS queries will be spoofed as well. Remember, this only functions with hosts that are subject to ARP spoofing.
  22. I've tried and tried to stick with and learn C#. Always find myself going back to Delphi. Maybe I'll just go with it.....

  23. Thanks for the b-day wishes!

  24. I will recommend this to, if you don't already know: pauldotcom.com It's a community and podcast/videocast ran by two guys who are pro pentesters. I've been listing to it for a few years now.
  25. Regular users are not given the option to change their name. Just donate, and you'll have that availability as a financier.