phr34kc0der

Members
  • Content count

    487
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by phr34kc0der

  1. As an extra note I would suggest Ubuntu for the "dive in" approach. Not to start a distro war but I havent come across any other distro with the same amount of user support/tutorials/guides etc
  2. The way I leant to use Linux was by just jumping in (about 3/4 years ago). I removed Windows, installed Ubuntu and just went from there. It was quite frustrating at first because I had no idea how to do simple things (like changing desktop wallpapers, connecting to wireless networks etc) but after about a week I got used to it and never went back. I did have some Linux experience before hand which helped, but only for performing system rescues or running certain programs. It's probably a lot easier to jump in nowadays. When I first installed Linux (red hat about 6 years ago) I couldnt even get online which made trouble shooting almost impossible and made using Linux so painful I went back to Windows.
  3. As tekio said you can either use a packet capture tool (such as wireshark) or do some kind of traffic redirection (arp poisoning). Backtrack is a linux live cd which will allow you to do either. Id say that arp poisoning would be more reliable and would also give you the option of playing with the traffic but it is more detectable. A third option would be to place a computer between the wireless router and the Internet connection. Depending on the type of connection you have and the type of hardware you have lying around something could be hacked together pretty quickly.
  4. A more powerful router wont necessarily extend your wireless range but it will allow you to do more with the system. You can (for example) install a full OS on the system which will allow you to use intrusion detection systems, log activity, install services or anything else you can think of. One of the machines I was given was like that. Way to loud to use. To fix it I first made sure that the fan was causing the noise (stopped it from spinning on bootup, just not for too long else something may burn out). I then wired the fan to the spare internal usb connection points on the motherboard (i.e. where you would plug in the usb points from the case). This gave the fan 5 volts as opposed to the 12 volts it was getting from the motherboard. Of course this is a little risky if the machine is put under heavy load but i've been using the machine as a file server for around a year (on almost 24/7) with no problems. You can also buy/make components to allow you to manually control the voltage of the fan so it can be set higher or lower as needed.
  5. What distro are you using? If it helps i'm using Ubuntu with nvidia drivers. My xorg.conf was generated by the nvidia tools.
  6. I'm gonna try my best to come. I've never been to defcon before and assuming I can get the cash together i'll be there.
  7. I tried but I couldn't reproduce it.
  8. I have a pretty low upload speed but my torrent server is on almost 24/7. If these torrents do get made i'd be happy to seed for as long as necessary.
  9. My mathematics is pretty weak but I think you might be talking about hash collisions http://en.wikipedia.org/wiki/Collision_(computer_science) One of the way hashes are measured is their resistance to collision attacks. This shows an example http://www.mathstat.dal.ca/~selinger/md5collision/ of two blocks of input with the same hash.
  10. Did you try logging in a root? If that doesnt work try using sudo sudo <command> and then type your password for example sudo nano -w <filename> You probably dont want to change the rights of the files as it could screw things up.
  11. What the hell is this? There is no GUI? Is this the text-mode installation of CentOS? Is there any linux/centos expert here who can tell me how I can actually change files etc? Congrats! Yes, that is bash. A shell to use Linux by typing commands. You'll probably want to become more familiar with Linux before you start playing with things but a brief primer show files ls change directory cd <directory name> edit a file with nano (easiest option but nano may not be installed) nano -w <filename> edit a file with vi (vi is very non intuitive but more likely to be installed) vi <filename> My advice would be to install Linux at home (on a virtual machine or something) and get used to the command line. Remember you could really screw things up by doing the wrong thing. Another thing to keep in mind is that you do not have root access. You may not have the permissions to do much. If you are lucky you'll have sudo access. Run groups to check what groups you belong to. You could also try logging on with the same password and username "root" although if the company know anything they'll disable that. Also, be aware that there are lots of logs on Linux. If you type a command it's logged, if you login its logged so make sure you know how to cover your tracks.
  12. Hi,

    Dont be afraid to ask questions. It's how we learn :P

  13. Ok, assuming that the contradiction above is a typo and your machine is not on the same network then you're going about things the wrong way. If the server is remote to you, you are not going to have any luck trying to look at their traffic. You'll need to look at what services are running and seeing if there are any known exploits or install the software yourself and try to find some. If i've misunderstood then try and provide some more details and i'm sure we'll get a better answer Yes it was a typo error and about the services that are running on that machine are including ftp and http. However what if i would be able to get access to the wireless network of the site, of which i think might be possible.How can i get the root administrator account and password. If there is any additional information i should provide please ask, as im still a beginner If you can get on their wireless then you would probably be able to capture their packets. There are two ways to go about it. You can either connect to their network (active attack), run some tools and look for passwords that way or you can sniff the wireless packets (passive attack) and decrypt them to look for passwords. The active attack is more likely to get passwords/interested data depending on how the network is setup. As for getting root, that may be a bit more difficult but if you do have access to their network it should make things significantly easier.
  14. Ok, assuming that the contradiction above is a typo and your machine is not on the same network then you're going about things the wrong way. If the server is remote to you, you are not going to have any luck trying to look at their traffic. You'll need to look at what services are running and seeing if there are any known exploits or install the software yourself and try to find some. If i've misunderstood then try and provide some more details and i'm sure we'll get a better answer
  15. The coy look on your face makes me lol pretty hard I bet the receptionist looked better with it
  16. $1000 huh?
  17. Thats freaking awesome! How does it work? How does it know to use the binrev password as opposed to the password for cherry popping granpas?
  18. A new, randomly generated password for each online account (so around 11) I have however I use the same password for most of the local machines. Anything greater than 10 characters, depending on the system.
  19. That would work but airodump constantly updates the screen. Using airodump <arguments> -u 0 & might work Edit: just reread the questions. If airodump opens in a new console then you wont need the "-u 0" argument. Just add an ampersand to the end (like tekio said)
  20. Anyone feel like creating a torrent?
  21. Cool, I will have a look at the synergy source(open source = win) I use synergy quite a lot and it works really well.
  22. Thank you very much! That worked; I got all the contents. Sweet! You gonna post the stuff online?
  23. Pretend to be working when he comes in your room. Plug your flash drive in and then cry out that it's not working (say you got some really important work on it). Ask if he has one you can borrow to see if its the problem is with your flash drive of the computer.
  24. What happens if you boot the client when it's not connected to the network? I would try booting the client from a usb drive and taking a look at the config files. Maybe you could modify them to not get an update from the server. Failing that I would look at the apache install. Maybe it'll be vulnerable. The same applies to any other service running. Is apache serving pages? Maybe that can be exploited. If nothing has worked so far I would then look at the physical server itself. Can it be booted from removable storage? If it can then great. Boot you're fav linux distro and your all set. What boot loader does it use? You might be able to edit the boot setting to boot into single user mode where you can do anything you need to do.
  25. Damn it SigFLUP. I was finally ready to go to bed (5am) and now i'm up looking at unix screenshots. But you do get points for using c. I had assumed that everyone but me had moved to Ruby or Python for tasks like that