Chiron

Members
  • Content count

    22
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Chiron

  • Rank
    SCRiPT KiDDie
  • Birthday 03/26/1984

Profile Information

  • Location
    Maryland
  1. Thanks everyone for the insight.
  2. I had a question for any of you guys that were doing Sys Admin in Unix. My experience is somewhat limited. I have done some Sys. Admin work with Windows but not with NIX. What distributions are you likely to find in a work server environment. I heard that Debian is very similar to RedHat would the experience with Debian transfer easily. I was going to look into Samba is that worth my time or do larger corporations use some middleware for file sharing. Any advice would be appreciated. Thanks in advance...
  3. Thanks, nexgen you gave me a lot to think about.
  4. I wasn't suggesting that I would use either Java or HTML. I was just listing those as things that I had some experience with. I also understand that this project is above my current level. The idea was to pick something to work toward, a goal. If I have to learn a new language or several I was prepared for that. I have read up on spoofing since that is what you suggested, by read up i mean ran a few searches to make sure that I understood the basic concepts. If you had some links that would give me a better understand of the technical background I would appreciate it. I am still a little fish in a big sea. I was hoping to get some help finding some resources that would teach me why this was implausible. If my idea isn't plausible please let me know. Can you give me a definative reason why? Is it just easier to do a more traditional spoof attack and their is a way to foreword malware without the user authorizing it then please let me know.
  5. I am problem jumping in way over my head but I don't know any better way to learn. I have done some simple programming in Java and HTML. I don't know if it what I propose will be possible and I have a lot of research to do in order to write the code I would have to use to make this work. Basically, what I want to do is create a spoofed web page that when someone attempts to get out of their router by clicking on Internet explorer my web page comes up instead of the generic goggle.com site. (I know this would have to be modified to spoof whatever the default web page was) My web page would basically invite the user to download a "Security Client" that would protect them when they utilize the web page i spoofed. They would be asked to Download the client. Once they have downloaded the self executing program the program will run a script to change the settings on their Router/ modem. I was think I would design it to be used against a generic comcast modem with the default username and pass. I have to research a lot of this and so I would like some suggestions about how I would go about, creating the web page with an executable (I have only created some very basic HTML pages www.w3schools.com) What language should i write the scripts and how can i make them self executing? Can I even change settings on generic routers beneath the application layer? Before I get flamed like a noob. I am aware that hacking is about construction not destruction. This would only be used as a test within a lab and possibly as a demonstration to show the possibility during security awareness presentations. Any suggestions helps or links that would help me learn a little more about those topics would be very much appreciates. Thanks in advance....
  6. If we are pen testing a system would it not make sense to use commercial tools assuming that we are testing our own system. I understand that if we have been hired to pen test someone elses system and we don't want to set of their IDS we would do it by hand. Also, do you have any good resources tools or books that could help us to learn to pen test without using commercial tools? Would we just scan the different ports manually so that the IDS wont see an automated scan?
  7. It all depends on whether or not they are looking to fry you. You should be able to tell before you are at teh point of do I confess or do I lie. Either way your in highschool getting suspended or kicked out of highschool doesn't really matter. Worse thinsg will happen to you in life I promise. Just get your diploma in whatever way you have to and go get a job / degree.
  8. What a bunch of nefarious gentlemen you are.
  9. It might be possible to load the keylogger and then create a problem in which the admin would have to come and log in locally.
  10. I have a few noob questions if I may? What does a system escalation do exactly? Does it simply bump the permissions up so that the sys admin is allowed access to the individual files??? Or, did I completely infer that wrong?
  11. If this story is true; If its true, than your boyfriend probably found your little password lists. It had nothing to do with him being a whiz at computers. If you can't remember anything about your email address or passwords than you are pretty much out of luck. What you are asking us to do is illegal. There is no way to verify the account as being yours. Sorry, but no one here will help you because no one can trust anything you say.
  12. I am actually interested in something similar to this. It seems a fairly low cost but that may be in order to draw in people for teh scam if that is what this turns out to be. Does anyone know any other CEH kit / video tutorial that they could endorse as being worth the money. I know the best way of course is to read up on the free information on the net. I would like to get some decent material to help out some friends of mine who are looking to get into IT. Thanks for your help.
  13. Thanks guys, you were a big help.
  14. I have been doing a little bit of research into SSL. I am curious to find out if anyone knows of any flaws with this? I understand that it hashes the information with MD5 and or SHA. What are the possible flaws that could be exploited. Thanks for your time and patience.