tekio

Binrev Financier
  • Content count

    1,525
  • Joined

  • Last visited

  • Days Won

    80

Everything posted by tekio

  1. Really, really starting to like Free Pascal. Simple compared to C, faster than Python, and better than any Basic off-shoots..... And supported for Linux, Win, and OS X

  2. Have you thought about just starting your own LLC? Really, you just need to pay licensing fees, build a web-site, and get some clients. Most pen-testing contracts are through "word of mouth" advertising anyway...
  3. Taking Network+ exam in the morning, then Security+ on Monday.

    1. TheFunk

      TheFunk

      I took Network+ like 2 months ago. Easiest test I've ever taken. :)

    2. tekio

      tekio

      I'm glad to know somebody has an easy time subnetting IPv6 . :)

  4. Rootkits can be developed in any operating system, not just Windows. From their website: ExeOutput for PHP lets you create applications in native format for Windows with PHP, JavaScript and HTML You are making Windows executables... Then telling people not to use Windows if they don't want a rootkit. Beware!
  5. Sounds like a video driver. Go to either ATI.com or nVidia.com and download the newest driver for your kernel. If that doesn't work try upgrading to the newest kernel for Mint Linux. You don't want to install a vanilla kernel in Mint, or it will break a lot of functionality with all the packages.
  6. Reading Coding for Penetration Testers. Another Damn good book!

  7. Reading Coding for Penetration Testers. Another Damn good book!

  8. You could run netcat on startup and connect to it remotely. I've done this before but forgot all the nc.exe switches. So that is your haxor assignment. Get netcat for Window and run it as a service or use the "at" command to run it on start up, before a user logs in. IT will run as the "system" so you should be able to change passwords and have total system control.
  9. I'd think it would be pretty stable. Most all consumer grade NAS devices use UDF. I have a NAS that has had the same UDF file system install for three years. It transfers files on a daily basis for backups. I've never had any trouble with it. I don't see how it being removable would make it more prone to failure. There is also an NTFS driver for OSX (forget who makes it). It is commercial (not free as in freedom or beer), but .............
  10. You will need a lot of technical knowledge of how the iPhones stores texts to flash, as well be able to execute remote code to get contents of the phone remotely. Honestly, writing a buffer overflow is over my technical abilities, so I could not help you there. I think your best bet is physical access to retrieve texts if it's sending them over WWAN. If the iPhone in question is sending texts over the local network, it could be simple as firing up Wireshark and sniffing data. If encrypted it could get tricky depending on the encryption scheme.
  11. I'll be the first to admit, Macs are just as prone to Malware as Windows. Windows malware just (still) reaches at least 60% of computer users. Whenever I find malware I reinstall from a known good source and start over. Linux, Mac, or Windows.... some malware authors are pretty savvy at hiding or bypassing system checks and evading detection. A few years ago, i did some research on this. I was able to evade every known windows A/V (but not in the same executable). By "packing", encrypting, or something simple as changing the entry-point of the executable. That was just with known threats as well. There are still real people that code stuff, and keep the signatures of malware away from the A/V companies. IMO, checking socket connections and mapping them to processes is the best way to go. edit: but again, that's assuming one is looking at non-tainted socket connections. Really the only way to 100% sure everything is pristine, is to check the hash of EVERY single file on disk.
  12. A VPN is gonna difficult to come by for a mobile device. The encryption servicing clients would be pretty demanding. There are Android apps that will share your WWAN connection via Bluetooth. One of my buddies has one on his Galaxy Tab, and we use it instead of the corporate wifi network to connect to the Internet at work (to avoid filtering software on the companie's proxy).
  13. Get at least 16GB flashdrive. You'll need to update backtrack once installed onto it and keep running out of room with an 8GB (from experience). apt-get update apt-get upgrade But like glitch stated, ROM (CD, DVD, or BluRay) is too slow and cannot be updated once burnt. There are A LOT of updates on Backtrack that are only released into the repositories. They cannot change the ISO every time a minor update is released. But minor updates do add up over time.
  14. There is a version of JTR (john the ripper) that is distributed; called djohn. If you're gonna torque out a mobile i7 plan on getting some heating pads for the laptops. The last thing you want to do is fry some CPU's. Laptops are not really designed to run long periods of time at full power. The cooling is just not there. At the least take precautions to make sure they're not overheating. There is an SNMP extension that will allow monitoring the temp remotely. You'll need to google for it. Cracking passwords is really kind of lame though. Set up some real world scenarios: - easy SMB passwords with the ability to enumerate usernames - remote registry running - iis with some vulnerable scripts. Maybe even SQL server with a weak sa password. - do some linux virtual machines with exploitable daemons, etc...
  15. So for the last 5 years, I've been paying $$$ to keep the license current on Photoshop. The CS6 "update" box got damaged and half the serial ripped off the box. Adobe Customer Service told me, I'd need to purchase a new version even though I'm a registered user. Kind of irked me off! So much for the benefits of using "legit" software!

  16. Using a custom header that checks an MD5 value in a cookie is NOT a good way to protect against CSRF! Just saying...........

  17. Posting a link would be a lot better than pointing to sections of OWASP. I was able to follow your directions to A1: SQLI injection in any case to find the "injection point", use a single quote in the query. It will cause one of two things: 1) MySQL will return a "Bad query error 2) the page will be blank Either way you know you've found the "injection point". To extract data there are a few rules to follow with MySQL. 1) mysql does not allow stacked queries. So use UNION SELECT 2) You can only extract data by injecting the same amount of columns the query is expecting. So something like: http://www.injectiable.org/index.php?name=something&id=something You would need to do something like: http://www.injectable.com/index.php?name=something' UNION SELECT ALL FROM passwd WHERE 1=1-- Basically you need to quote the first query, union select a new one then finally comment the remaining old query out so MySQL ignores it.
  18. Just started Violent Python, published by Syngress. Awesome book!

  19. 1)Fluxbox 2)Mate
  20. i mean like pseudo-intelligence, like you dont have to actually try to replicate a brain, emulating thought processes nd such, to have an "ai" that could reply to phrases and questions. i would think it would be possible just doing a vocabulary and grammar thing. unlike the science fiction "ai" which is like, trying to recreate emotions and ect. pseudo-intelligence? Kiind of like AI, but not? ok...... Replicate the brain? don't think it's possible yet.......
  21. Change all the settings. Like Purple Jesus stated, he could be using Reaver and jotted down the WPS PIN. Then all he needs is to enter the PIN into Reaver, and get your new WPA Pre-Shared key. Also, he could have written down the external IP along with the router's user/password and setup external administration. Then he'd just need to login externally and use an asterisk viewer to get the PSK. So setup WPA2-PSK, use a long preshared key, disable remote admin, as well as WPS.
  22. Just watched an episode of Firefly for the first time. Tihis is a damn good show!

    1. TheFunk

      TheFunk

      So good! I'll forever wonder why such a show was cancelled. Wait until you finish the whole season before watching Serenity by the way.

    2. tekio

      tekio

      Yes, indeed! I think this has surpassed Supernatural as my favorite show. Just ordered Serenity on DVD. So excited to get it! :)

    3. TheFunk

      TheFunk

      Joss Whedon has done some really great stuff over the years. If you ever get a chance to go to Comic Con, legend has it that he mingles with the fans randomly throughout the event, talking to them about Scifi, the things they like, the things they'd like to see done in the future, etc.

  23. Probably General Chat would be most appropriate. Welcome to the forums.
  24. No more twinkies and the end of the Mayan Calendar; maybe Zombieland is a prophecy!