lordwud

Members
  • Content count

    415
  • Joined

  • Last visited

Community Reputation

0 Neutral

About lordwud

  • Rank
    SUPR3M3 31337 Mack Daddy P1MP
  • Birthday 08/10/1981

Profile Information

  • Location
    New Jersey
  1. wouldn't it be hilarious if he was a tech, and it was a list of serial numbers. Or if he was into old school gaming, and they were continue codes.
  2. If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations. i am going to have to disagree with this one.. ownership of the hardware does not constitute the right to snoop on personal data.. just because i use someones phone that they own does not give them the right to record my telephone conversations with out my consent... and the same would be true for any data that i stored or transmitted on a shared computer.. Voice recordings are a different ballgame, and a poor analogy. It would be more like if you wrote something in someones notepad, and erased it. Then they came by and figured out what you wrote. Some places may consider intercepting network traffic as wiretapping, but I don't think any(at least in the US) have laws against hard-drive analysis on your own computer. Do you have any examples of someone getting in trouble for this? wiretapping is a good analogy, because for the most part electronic surveillance either falls under, or is prosecuted under wiretapping laws.... because the computer is shared by the husband and wife, it is community property, not the sole property of either party, so if one of them has data that is secured within that system, then breaking the encryption would have the potential to be illegal IMO... if you want a better analogy, perhaps i can give you one.. if something is stored in a safe within the house, that only the husband has the combination to, then the wife gets a locksmith to break open the safe to obtain the items from within the safe... while it is not likely that prosecution would occur in either my analogy, or the data recovery of the shared PC, but it is not something that i would personally get involved in as a third party... I don't think the safe bit would be illegal. If they're married she owns it, and people are allowed to hire a locksmith to break into their own safe. In any case, a good place for info on forensics stuff is myharddrivedied.com It focuses mostly on data recovery, but its alot of the same stuff.
  3. There are also tools that will establish a backdoor to issue shell commands, like sysinternals PsTools. But it falls back to the fact you'll need admin access to install the tools. If not it would be possible to shutdown any windows host at will, remotely. Not a good thing, at all. ...you could see if there are networked UPSes. Alot of times people don't change the password, or SNMP RW strings for appliances. It really depends if you're an admin shutting these boxes down to save power/other admin work. Or if you're just some kid trying to be a jerk.
  4. If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations. i am going to have to disagree with this one.. ownership of the hardware does not constitute the right to snoop on personal data.. just because i use someones phone that they own does not give them the right to record my telephone conversations with out my consent... and the same would be true for any data that i stored or transmitted on a shared computer.. Voice recordings are a different ballgame, and a poor analogy. It would be more like if you wrote something in someones notepad, and erased it. Then they came by and figured out what you wrote. Some places may consider intercepting network traffic as wiretapping, but I don't think any(at least in the US) have laws against hard-drive analysis on your own computer. Do you have any examples of someone getting in trouble for this?
  5. Here are some other ways I could think of that I didn't see mentioned. They probably don't apply to this particular site, but its worth pointing out. 1. Hidden form data. sometimes webapps **cough ASP** will track users with data in hidden form elements. If you were to change your IP, and delete all of your cookies this could still tag you as the same user. The fix is to clear your cache. 2. Flash cookies. Flash stores cookies, and the browser does not have the ability to delete them. Adobe has a tool you can use to view/delete Flash cookies. Definitely worth checking out. 3. Ad Networks. This one is a bit more theory, but it is definitely possible. If you notice Google has its hooks into most websites now a days. So if you're clearing all of your browser data, but are still logged into Google some other way (gchat, etc.) they could pass that information back to the site. They absolutely do keep it internally, I don't know what they give to web masters. ::off topic While I'm on the anti-biginformationgatheringorganizations kick.. One thing I recently learned is that by default Firefox sends every URL to Google. You have to turn off the "Block reported..." options to stop it.
  6. If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations.
  7. i am not too familiar with forensic software, but there was a thread on here a few months ago discussing some, can't remember the names of them... but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do... look into dd. it will let you make bit by bit copies of a drive. So you could boot up a different way, copy the whole drive, then do your forensics in a different location without having to worry about him noticing. for free and easy point an click file recovery on windows recuva is pretty good. Edit: Conscious kicking in: Tell her that if she does this she should probably just end her marriage now. Even if you don't find anything, this proves she does not trust him and they should not be married.
  8. The tools are pretty slick, but we use NPM, and NCM at work and they are a pain in the ass. I've complained so much that I'm forbidden from mentioning Nagios at team meetings anymore.
  9. I think they should make the digital version free, and just suck it up and sell ads. As long as the ads are tech/security/stickingittotheman related I doubt anyone would care.
  10. Hey guys, I spent last night pulling my hair out trying to figure out if this is possible. Suppose I have two strings: balls = '\nfoo\ncat\nbar\nfoo\ndog\ncat\nbar\nfoo\ndog\nmouse\ncat\nbar\n' tits = '\nfoo\ntiger\ncat\nlion\nbar\nfoo\ndog\nlion\nmouse\nbar\nfoo\ndog\ncat\nmouse\nbar\n' I want to check every instance of 'foo.*?\n[\s\S\n]*?bar' and only match if the word cat is not there. So balls would fail, but tits would match. There are a few caveats though, It has to be one regular expression. I do not know which regular expression engine I'm using. There are no other scripting capabilities. I have tried listing each character in a class with a carrot like [^c][^a][^t] I also tried look ahead/behind/around with no success Since I don't know which regex engine I'm using, tips in whatever you are most familiar with will be helpful. I have access to a Safari books account, so if you can recommend a particular book, that would be good too. variables shown easier to read: balls: foo cat bar foo dog cat bar foo dog mouse cat bar tits: foo tiger cat lion bar foo dog lion mouse bar foo dog cat mouse bar
  11. So you're dialing your google voice number from your standard phone line, then setting up a three legged call to the remote number? That is pretty cool, but not quite what they were looking for. What I am most interested in is these 50 or so dial up bbs's that are still in operation. Is there a list maintained somewhere? or are these of a hush hush nature? I haven't had a land line in about 7 years, but I would still be interested in trying them out for nostalgia's sake. I'm sort of old school, so you may have to excuse me for talking about old stuff. I have an old Zoom analog modem with built in processor (i.e. it's not a winmodem). You can use a winmodem, but you need a Windoze program to run it. Sure you can use Hyperterm or whatever is on the box, but I don't care for it. On my Windoze box, I use Telix 3.51 for DOS since I know it works with the modem and supports ANSI color codes with BBS systems. Open up a command window, run Telix. Then at the window I use the old ATDT commands. Using a comma in the dial string adds a two second delay. If you don't use commas, then the dialing program will time out with "NO CARRIER" after about 60 seconds. So I use the dial string to dial the Google Voice number ATDT555-555-5555,,,,,,,,,, (of course use your own Google Voice number. The commas are just to delay the built in timer. Add as many as you think you may need.) Then after it dials Google Voice, I go in on a landline phone on the same line, key in *, then the PIN, select 2 for outgoing call, and dial the destination number, then hang up the phone. Then the modem at the distant end answers, the modems handshake, and then you use it as normal. I'm sure if I played with the timing and such I can make a dial string with the PIN, pressing 2 for outgoing, and the destination number - but that's too much work
  12. If you have access to the AT command then this is probably the easiest trick. Open a command prompt and type "at 00:17 /interactive cmd.exe" but replace "00:17" with the military time for one minute in the futre. Then when that time comes around, a new prompt will pop up that has system priveledges. Then you just kill explorer, and launch it again from that prompt and you're gold. Here's a link with pictures and more details http://www.askstudent.com/hacking/demonstration-of-windows-xp-privilege-escalation-exploit/ If that doesnt work look around for other priviledge escalation tricks. I'm sure you'll find one, especially if you have not been patching this box. Also, Since you already have user-level access it should be fairly simple to get a shell on another box running metasploit. Then you could try running the escalate privileges plug-in, i think its called getsystem. If you enter the question mark enough times it should explain itself. It doesn't always work, but its an easy way to try a few different exploits in one shot. Now the firewire trick is way cooler then any of those, so you should probably go that route, but I thought I'd throw out some more options.
  13. I work for a global corporation, and it is mandated that all laptops have whole disk encryption in case of theft. Personally the only encryption I use is SSH, and KeePass.
  14. I've only ever bridged interfaces with OpenWRT so I can't really give you a howto. but you could try installing bridge-utils and reading the man file. apt-get install bridge-utils man bridge-utils-interfaces Bridging interfaces is like plugging them both into a switch, so you would effectively be extending the wired LAN over your wireless card. I suppose it would work, but if I were attempting this I would double NAT the "users". It would be more work, but then if your wired interface was connected to a network that you didn't control the admins would be less likely to notice the influx of wireless users. I think there are a few projects designed to do stuff like this though, so they probably have better ideas on how to go about it.