tlturner

Members
  • Content count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About tlturner

  • Rank
    SCRiPT KiDDie
  1. BR407 still alive?

    I haven't been to a meeting in awhile and haven't seen anything posted here or at http://407.binrevmeetings.com/ since March. Is this group still active? When is the next meeting?
  2. BinRev Hokies?

    I'm originally from Roanoke and go up there a few times a year. The hacking scene is fairly nonexistent, at least it was when I lived there. I do know a few folks though that I might be able to put you in touch with. Shoot me a pm and I'll see what I can do.
  3. Securing Airline Luggage by Always Carrying a Firearm

    You do realize that the TSA has powers over all forms of public transportation including rail and buslines right? And Florida is currently implementing high speed rails from Orlando to Tampa, Orlando to Jacksonville and Orlando to Miami all converging at the Orlando International Airport. I think many other states are following suit.
  4. milw0rm is closing up shop

    mirror at http://inj3ct0r.com/ if milw0rm goes down again
  5. Crack MD5 Hashes Online

    What a great idea. Lets post our private hashes for the world to see. Genius.
  6. Detecting and/or circumventing account lockout

    Ok so I broke down and took Ed's course a couple months ago and learned a nifty trick. Not exactly what I was expecting so I may still try to create a tool to decrement lockout counters but for now I'm having lots of fun with the pass the hash toolkit http://oss.coresecurity.com/projects/pshtoolkit.htm
  7. Making a "virus" not be seen by antivirus?

    Here is an article on how this can be done with Netcat http://packetstormsecurity.org/papers/viru...Back_Netcat.pdf Now that being said, I wouldn't go to too much trouble to do this on a redistributable package as its only a matter of time before some diligent sysadmin finds it on a users machine and submits it to their A/V vendor and then a new signature will be created. If you just want to use for internal testing thats a whole different matter and it's one I've used in my malware/intrusion training lab at work. I teach a course where my students play with live malware specimens in an isolated virtual machine environment running ESXi and I've had to modify some malware and tools to bypass the installed A/V on the VM's I have them working on so I can force them to use incident response techniques instead of blind reliance on A/V (taskmgr, netstat, registry, process research, dlls, etc) Honestly you shouldn't even need to do this if you are an admin on the box you are trying to run it on. Just disable the A/V or create an exception for your tool. Disabling A/V services may work but most modern A/v tools actually use dll injection to prevent random malware X from just doing a net stop or *shudder* SC delete on the service. If you decide to go with Fgdump instead of pwdump, it will also disable the A/V on your target which can come in handy for the dump since many modern A/V will prevent that, and then it tries to restart the A/V when its completed the dump.
  8. Your first hacks

    I was so proud of my son today, his first hack! He's 10 months old and we have this baby gate in the kitchen to keep him out. The corner of it on the lower left is right on the edge of the dishwasher but the rubber stop is actually below the dishwasher and is not completely secure. My son did his reconnaissance, scanned the gate for vulnerabilities and found the corner, exploiting it mightily with a brute force babyfist attack and gained access to the kitchen. Unfortunately he has a thing or two to learn about maintaining access and covering his tracks.
  9. Server response-times graph

    My preference is http://hobbitmon.sourceforge.net/ You can get really funky if you want to, and even monitor things like uptime on flaky switch ports. If you can ping it or monitor with SNMP (I believe this requires the DevMon daemon), Hobbit will draw a graph for you and notify you when things fall outside your pre-determined paramters. The default list of tests is as follows: (taken from Hobbit page) conn Simple ping test. Enabled by default, you can disable it by putting "noconn" into bb-hosts. http Web-server test. Enter the URL to request from the webserver. ftp FTP server test. ssh SSH (Secure Shell) server test. Supports ssh1 and ssh2. telnet Telnet server test. smtp SMTP (Mail server) test. pop3 POP-3 test. imap IMAP test. IMAP version 2 and 4 are supported, for version 3 use "imap3". nntp NNTP (News) server test. ldap LDAP (Directory server) test. Enter the full LDAP URI if Hobbit is configured with LDAP support. rsync rsync server test bbd Big Brother daemon test. Also works with the Hobbit network daemon. clamd CLAM anti-virus daemon test. spamd SpamAssassin anti-spam daemon test. oratns Oracle TNS listener test. Will attempt to do an oratns "ping". qmtp QMTP server test. For qmail's qmtpd service. qmqp QMQP server test. For qmail's qmqpd service. You can expand this if you build it with OpenSSL support and it can also do RPC services test and a NTP server check. It's highly customizable and a good excuse to learn Perl if you want to get really funky.
  10. Problems with Installing Ubuntu Linux

    Why isn't this something a "true hacker" would use? What if your "true hacker" is new to linux and wants to try it out? There's no rule that says that you can't use anything that isn't point-and-click. Because a true hacker would be more interested into delving into the guts of a thing and making it work the way he wants it to as opposed to being spoonfed a gui tool that does it for him, and/or removes the options to customize. (Just my opinion of what it means to hack - to use something in a way other than what it was originally intended. What you are talking about is a user, not a hacker.) I'm not bashing the use of Wubi, I think it's cool and innovative, but at the same time I recognize what the typical user base will be. Its great for someone new to Linux that wants to learn with minimal impact to their system. (Which is why I originally posted about it) I could see a hacker initially learning this way, but if he/she continued to utilize a system like this after learning the ropes I wouldn't have much respect for them, not that they should care either way
  11. Problems with Installing Ubuntu Linux

    It doesnt actually run from inside Windows, you boot on Linux. Its just an easy way to get a dual boot config. I don't use it, I tried it for a few days just to play but I mentioned it because it sounded like people were having issues and its pretty painless to setup.
  12. I understand that superscopes are not part of the RFC for DHCP and it is a purely Microsoft invention. I've worked with a couple firewall products for clients that wished to move their DHCP for a site to the firewall for availability purposes (eliminate reliance on WAN circuit for DHCP) but could not due to lack of support for superscopes. Has anyone had any luck here? (Other than re-addressing the whole site to eliminate the superscope) I'm wondering if there might be some way to hack this into say a Fortinet or other Linux based appliance.
  13. Problems with Installing Ubuntu Linux

    If you can't get it to work any other way, try http://wubi-installer.org/ Its the most painless way to install Ubuntu (or Kubuntu or Xubuntu) onto XP in a dual boot config (no this is not a VM) and it resides on your Windows install in a single place that can be uninstalled with Add/Remove programs and even uses your Windows boot loader. I don't consider this to be anything a true hacker would utilize as its cheesy as hell but it gets the job done and isnt a bad idea for a newbie to Linux. You won't be able to fully customize your install quite as much this way but its worth taking a look at if you are having issues, dont wan't to re-install Windows or don't have access to Partition Magic..
  14. Pen Testing Question

    http://www.packetfactory.net/projects/firewalk/ is also helpful is stepping through the firewall (called "firewalking") to see which ports you can get traffic through. You arent actually doing anything with the intended target, simply learning what you can and can't pass through the firewall which can be very helpful in determining what your options are. The other thing you need to determine is the addressing your friend is using. Is it private (192.168.x.x, 10.x.x.x or 172.16.x.x-172.31.x.x) or does he have a publicly reachable IP?
  15. My Security Policy Assignment

    You may want to go a little further with your definitions, even as granular as defining what a computer is or isn't (desktop, laptop, pda, smartphone, etc) and what "the network" encompasses. What is a system administrator? Does a student with a job as the sysadmin of a local company qualify, or only university employees? Is there only a specific class of employee? Consider an official appointment letter from university management authorizing system administrators and reference the appointment letter requirement in the policy. Think of this as a legal document, because it is. Try to think on how a lawyer would dissect every statement in the policy and invalidate it or raise questions about what the directive "really means". This becomes especially important when you are using the policy as evidence of violation of acceptable use. For example, secure passwords can mean a lot of different things. It needs to be explicitly defined. You don't need to talk about systems, but you do need to mention requirements. What about requiring the use of WPA for wireless networks? WPA doesnt do you much good if it includes an insecure RADIUS implementation. You really don't need to go into protocol detail in a policy - it is sufficient to say that only the authorized university wireless network is permitted and all devices must be authorized by the university IT staff. This authorization requires a separate application for student owned networking devices that defines what this authorized network is and how it is defined and must be signed by that student before being granted access. Also, avoid making "suggestions". A policy is mandatory. If you start including discretionary language you open the door to a big mess. Your scope includes only networking services provided by the university, but how do you handle those provided by non university entities? Do they have free reign even when they negatively impact the university production environment? You mention not using the university network to DoS internet victims, but what about internal targets? You have a decent start here, you just need to define it more clearly.