tekio

Binrev Financier
  • Content count

    1,525
  • Joined

  • Last visited

  • Days Won

    80

Everything posted by tekio

  1. Use this: http://www.abelssoft.net/ssdfresh.php Intel SSD's are factory warrantied for 5yrs, others usually about three. It's customary to keep user files on an hdd, so if they do fail easy to get files back. I've only had one SSD ever fail, and that was on purpose... pretty much all of my systems have them for a boot drive. From my experience installing an operating system is the biggest wear and tear on an SSD. A friend and I, for fun, tried to make one fail.... After about 20 standard Ubuntu installs it was toast. BUT, that used much older tech than the SSD's of today.
  2. Looks like a nice system. I think the biggest difference is the i7's support for hyper-threading and 2MB more L3 Cache. I don't think the 100Mhz is big, especially when overclocking comes into play. I'm assuming the i5 2500K has an unlocked multiplier as does the i7 2600K. For the i7 to really shine the software (I'd speculate) would need to be designed with quad-core hyperthreading in mind. Like when the box/website has the i7 logo or reads, "Designed for i7". I think I've seen that twice. I got a used 2600K off ebay. Got lucky, it was a good cpu, and could not be happier with the performance. My friend says the same about his i5. Good gaming is mostly from a beefy video card anyway. EDIT: I think it would be interesting to post some benchmarks of our rigs. Mine has the i7 2600K and x2 gtx 460's. Mine are SLI'd, but the 6970 nears double the frame rates with more ram per GPU with a single card.
  3. I'm guessing you've got this fixed. I'm just adding a suggestion for the people that might find this from a searching the net. All computers will do this when the DHCP range has been exceeded. I always set the DHCP scope on a router (or other DHCP provider) to accommodate just enough IP addresses for however many machines I expect to be connecting to the network at maximum capacity. Kind of a silly practice... but it adds another layer of security to keep additional machines to connecting w/o my knowledge at work.
  4. I havent looked at the RFCs, but I thought SSH was supposed to be low overhead because it uses compression? Exactly. I was referring to the local system resources, not bandwidth. IDK. I once asked the admin there why we did not use SSH for all the customers. He was also the owner, and stated that SSH might require upgrading the CPU. Besides shells the box also hosted a RADIUS service. This was about the time when we were reading articles of AMD releasing a 1Ghz CPU in the near future. It might not of even had a PIII. EDIT: I'm thinking a PIII came in speeds of 300Mhz, 350Mhz, and 400Mhz. So, the box might have had a an AMD K6 at best. It ran Linux w/ no GUI.
  5. the only advantage of telnet over SSH is 1) easier to setup (of course now every major distro has an Open SSH package, tho), and two: low overhead on the system. I worked at an ISP in the 90's and we ran a Pentium III storing the users home directories and provided their shell account access. If all our customers logged on using SSH it would really drain the system resources. All root access was done over SSH, tho. Telnet, as Afterm4th stated, is not encrypted, nor does it use a challenge/response mechanism like SMB. When a user logs in, their passwd is sent in the clear, The only thing the telnet protocol does to obscure it is send each char of the passwd in a separate packet. Tools like Ace Password Sniffer, Cain & Abel, and dsniff in Unix are made to sniff the telnet packets, and show them in a user friendly way.
  6. I'd guess there are several. What you are looking to do is easy to program.
  7. For some reason it is unable to establish a socket with the host. FYI... The last time brutus was updated was like 1999. Yes, it's made from VB6 (at the latest) and for Windows98/2000 and early XP. If you want to audit your network, try a fresh copy of Backtrack 5 R1. It's much more up to date. Medusa and n-crack are good, too.
  8. Cool! Then get a 2w bidirectional RF amplifier with a grid antenna with an osculating base, mounted on a high roof. So we can stream it from some other WiFi connection. We'll call it 1337 T.V. Seriously, I was a member for a month. Back then I did learn a lot in the member's section from reading reports other members wrote on the wargame challenges. There was one with a SMB vuln some guy wrote a custom exploit for, just for the war games. It was really cool. He went and explained the entire hack, as well as source code for the exploit. Not too sure if that section still exists. But I did learn from the wargames. At that time the Astalavista war-games were quite fun. Not 10/month fun, tho.
  9. The best thing to do, for theory (since OP is doing this as an educational practice and not emailing thier teacher 5000 times), is to write a script that communicates directly with the SMTP daemon. Not using the PHP mail() function. Get a list of good hosts that are not on the public black-list records and allow anonymous relaying (weren't the 90's awesome when anon relaying was default config for Sendmail). Put each host into a text file. Then write a function for opening the file into an array, send about 50 mails, pop it off the array index. Once the list is exausted open it back up in random order and keep going till you wish it to stop. I once made a similar thing in VB a while back. gmail only allows relayed connections from certain hosts, I've found. I went through an ip range of dial-ups and found open relays. After adjusting my app so it displayed SMTP responses, it was a custom error from gmail. Something like, "we do not accept smtp relays from this host". So it looked at the header, and checked the domain origin against the connecting host's domain. Gmail will not allow relayed connections and will block black-listed hosts pretty quickly.
  10. gmail errors with direct smtp connections from some blacklisted hosts and relayed connections.
  11. This would be easy to implement (someone could find out what kind of keyboard you use then switch it out with a tainted, identical model). It's propbably pretty stealthy, too. Made by the same people that make KeyGrabber. link: http://www.keelog.com/hardware_keyboard_logger.html
  12. i would have rather had the letter from washington... supprised that that is worth less to people than some document from some shit company... I'd rather have 1.6 Million, than either.
  13. how exactly would all of this work? Verizon DSL uses open PPPoE for most accounts that I have come across in the last few years.. meaning that the username and password do not mean anything, and you can put anything as the username and password and you would still connect, since it is a direct line between you and the central office, there is little reason to authenticate with a password... i have a theory on how to exploit this, but it would probably be too expensive and bulky for most applications.. my thought would be to get the dial tone before it goes to the customer, connect it to a DSL modem, but then you would need to find a way to convert the LAN signal back to a DSL signal to send the signal to the customer so that their internet still worked.. there would also have to be a filter on the dial tone to prevent the real DSL signal from affecting the generated DSL signal so that you would be able to send the dial tone back into the house as well... The the last ISP I worked at used PPPoE and CHAP for authentication from a RADIUS server for access to the Internet for DSL customers. AT&T i know was one company, at least where I live, where PPPoE was authenticated. https://www.google.com/search?&q=site:att.com+support+ppppoe+password+configuration&pbx=1&oq=site:att.com+support+ppppoe+password+configuration&aq=f&aqi=&aql=&gs_sm=s&gs_upl=0l0l0l16212l0l0l0l0l0l0l0l0ll0l0&biw=1920&bih=946&cad=cbv&sei=65HmTte_KYSq2QX8yfHdCA
  14. how exactly would all of this work? Verizon DSL uses open PPPoE for most accounts that I have come across in the last few years.. meaning that the username and password do not mean anything, and you can put anything as the username and password and you would still connect, since it is a direct line between you and the central office, there is little reason to authenticate with a password... i have a theory on how to exploit this, but it would probably be too expensive and bulky for most applications.. my thought would be to get the dial tone before it goes to the customer, connect it to a DSL modem, but then you would need to find a way to convert the LAN signal back to a DSL signal to send the signal to the customer so that their internet still worked.. there would also have to be a filter on the dial tone to prevent the real DSL signal from affecting the generated DSL signal so that you would be able to send the dial tone back into the house as well... The the last ISP I worked at used PPPoE and CHAP for authentication from a RADIUS server for access to the Internet for DSL customers. https://www.google.com/search?q=inurl%3Asupport+configure+pppoe+username+password&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#sclient=psy-ab&hl=en&client=firefox-a&hs=9NG&rls=org.mozilla:en-US%3Aofficial&source=hp&q=inurl:support+configure+pppoe+username+password&pbx=1&oq=inurl:support+configure+pppoe+username+password&aq=f&aqi=&aql=&gs_sm=s&gs_upl=0l0l0l146915l0l0l0l0l0l0l0l0ll0l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=3137e526702a3d3f&biw=1920&bih=946 AT&T i know was one company, at least where I live, where PPPoE was authenticated. https://www.google.com/search?q=at%26t+ppppoe+password+configuration&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#sclient=psy-ab&hl=en&client=firefox-a&rls=org.mozilla:en-US%3Aofficial&source=hp&q=site:att.com+support+ppppoe+password+configuration&pbx=1&oq=site:att.com+support+ppppoe+password+configuration&aq=f&aqi=&aql=&gs_sm=e&gs_upl=6679l12021l7l12158l14l10l2l0l0l4l305l1782l0.3.4.1l10l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=3137e526702a3d3f&biw=1920&bih=946
  15. 1) If an ISP is using PPPoE one could make a little application to perform a dictionary attack against other PPPoE accounts. A person would just need to find out what their standard is for naming PPPoE accounts, ie... usually it's an email address, first part of email address before the "@", or customer's names. Then they'd need to figure out the providers password policy for issuing PPPoE passwords. That's easy if a person already already has a PPPoE account... If unsure how it was formulated one could just call and saying they need to change the PPPoE password. If the ISP lets customers choose whatever one they'd like, the attack will probably be successful. If the ISP issues a PPPoE password like, "Md576!df76&45wKL0p$", probably not too likely this will work. 2) A person could get IP address rages from the provider. Scan the address range looking for SoHo routers. Find said router with default password. Go into to router. use app that will recover a password behind asterisks. Boom! Someone's PPPoE account/password has been compromised. It would take about 10 mins to write a PERL script to automate a majority of this process. 3) find out how they determine where a server is located. They'll either use IP ranges or DNS white-listed, most likely. If using IP ranges, one the ISP's servers could be used as a socks server (assuming someone can get root), to bounce connections from virtually any protocol using something like sockscap on the client. If using DNS and their DNS server can be compromised, it would be possible to make bogus DNS records, but would fuck it up for anyone else trying to get to that address using compromised DNS. So you could just use open DNS or Google DNS. If any box from the LAN which the DNS servers reside are vulnerable from the outside there is a lot of DNS tampering that can be attempted as well. Anything I mentioned will send a person straight to the federal hooscal in most any country. So This post was purely for educational discussion of a scientific nature, and in response to a hypothetical question. Don't try this at home!
  16. i was confused by the injectable label as well.. perhaps he means that it can be placed in promiscuous mode? Certain chipsets have modified drivers that allow the adapter to reinject ARP packets and establish a wireless connection with an AP. It injects 802.11 AUTH and ARP packets.
  17. They probably sold out. The cheapest I've seen them for is 26: http://www.google.com/products/catalog?q=alfa+1000mw&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&tbm=shop&cid=13811256242237216454&sa=X&ei=5ZzUTs7bGoqniALYp7COCQ&ved=0CFoQ8wIwBA There is a cheaper version with the rtl8187se chipset. That chipset will not inject worth crap. There is quite a bit of difference between a realtek 8187se and 8187 chipset. Does Australia even use US certified RF standards? :-/
  18. Already knows what he wants for x-mas: an Official Red Ryder Carbine-Action Two-Hundred-Shot Range Model Air Rifle! (With a compass in the stock.)

  19. I had the same problem a few years ago. I returned it twice and still had the same issue. To this day it will not connect. Apparently the place I bought it from got a bad batch of them. I just bought one from a different place and the new one worked fine. Good luck.
  20. It's hard to say without reading it. I mean my little cousin thinks adding ascii hearts and smiley faces is "hacking facebook".
  21. nov. 19th 1895 Frederick E. Blaisdell patents the pencil...happy upcoming birthday pencil...tonight we drink to you

  22. You could probably scroll down to the bottom of the binrev home page. The legend listing the different forum groups is "clickable" and will direct you to members of the admin and moderating team groups. Maybe if you PM admin, it will mail the admin, and they'll know you want to message them.
  23. PERL + 10 minutes + common passwords + cupp generated wordlist.
  24. Two most annoying features ever: 1) window auto snap - I hate it when the cmd console snaps to the far left! 2)sticky keys! I must be the only one that sometimes leaves the shift key depressed while contimplating the best way to write a line of code. Annoying!

    1. dinscurge

      dinscurge

      2? just press shift 5 times, click the link then click the checkbox thats allready marked something like 'turn sticky keys on when you press shift 5 times' then never see pop up again ;)

    2. dinscurge

      dinscurge

      the auto snap is in control panel>ease of access>change how mouse works(or something like that) then there's a check box for prevent windows from being aut arranged when dragged