• Content count

  • Joined

  • Last visited

  • Days Won


Posts posted by phr34kc0der


    I've tried getting SNMP access to a comcast device before, but failed. Actually had the harddrive on my laptop crash about 24 hours into an SNMP brute-force attack on SNMP to the modem.


    Was this on a home router or something? Did you try pulling off the firmware or trying to access the filesystem/config some other way? I'm thinking looking for UART/JTAG ports on the board.



    Ok. Just googled and mine has bridging disababled. In the manual it quotes as having a bridging option. But it is not there. I'm guessing this has been disabled by Comcast. :-(


    This excites me. I wonder whether it's disabled, or just removed from the web interface.


  2. Are you trying to find the addresses of other players?


    I've not used Cain and Abel for many many years but from what I remember, it does ARP poisoning to perform Main in the Middle attacks. It probably performs ARP sweeps to find hosts and this will only work on your LAN. Unless I'm misunderstanding Xbox Live (could happen, I don't own an Xbox, or really even play games), your XBox will be connecting to a server somewhere and so will have no knowledge of the IP addresses of other players. As these hosts are not part of your local network, an ARP sweep will not disclose those addresses either.


    Note: everything I said could be wrong. Cain and Able could have changed since I last used it, and my assumptions about XBL could be incorrect.


  3. Ah, I see. Burp can be used as a client (the repeater tab), although it's not well suited to it. It's best if you have a client that already generates requests and use burp to proxy then modify requests. It does have the advantage that it will let you perform a multitude of security testing against the web service.


    You could try soapui. I've used it a little on Linux and despite it's name, it supports REST web services. It may be a little less slick than paw though (just judging from the screenshots).


  4. The question is a little confusing. Are you saying you want to create multiple accounts in a web app that doesn't allow multple accounts?


    Is this an external web application? If so, changing your MAC probably won't help much. Once traffic leaves your network, nothing will see the MAC address you use on your internal network adapter. As a side note, you can change MAC address without using a VM.


    If the application is using your IP addess to identify you, you should be able to jump through a proxy. If they store a token or something in a cookie (of other client side storage), you should be able to delete it (or open a private windows/new browser/new browser session etc) to bypass it. You could even script something with a little *nix or powershell knowledge.


    I guess it boils down to this: try a few things. Figure out how they detect you, and find a way to bypass it. I personally can't think of any way they could detect you that couldn't be bypassed. Some would slow me down (e.g. requiring a phone number for registration) but you first need to know what they check.


  5. Are you looking for something like burpsuite or mitmproxy? Portswigger offers a free version of Burp, but has some limitations. It's extensible via plugins.


    Alternatively, curl can work in a pinch and obviously great for scripting.


  6. You can use packet sniffers like netstumbler or ethereal to monitor network traffic.

    Ethereal? Development stopped on that years ago. It's now Wireshark.

    I have a list of IP's that I need to attach to somehow and view their browsing history

    I'm not sure on the current state of things, but a few years ago there were a some tricks avalaible to do this. The basic idea was to get the user to navigate to a page you controlled. This page would contain links to webpages and some css to somehow highlight which links have already been viewed. Javascript could then be used to query for these links.

    I would imagine that this has been fixed in recent browers, but it might give you something to work with.


  7. Not had any experience with this but you mentioned chmod, so did you try this in linux? If its creating a virtual CD rom drive then I guess it'll be read only so maybe try copying the data locally, formatting the drive and copy the data back. Also i'm pretty sure that windows will stop autorun if you hold shift when you first insert the disk (or drive in your case).


  8. If you're looking to get started in programming i've found the best approach is to find a good book and work though it. Take a bit of time to decide a language to start with and go from there. Remember, the language itself is not so important but choosing the correct one FOR YOU will help you write applications which you find interesting which ultimately will help keep you motivated when you start. As a rough guide:

    PHP is the bees knees for web programming.

    Python or Ruby is good for learning concepts and will let you do a lot quite quickly.

    C or C++ are good for CS concepts or when speed is essential - maybe not so great as a first language.

    C# is fairly easy (especially with help from Visual Studios) and lets you build complex graphical applications quickly, however its a Microsoft language so cross platform programming may be difficult.

    Java is similar to C# but more cross platform and maybe slightly less easy, especially building graphical applications.

    My vote would be to start with C#, although remember that C# (and .NET) take care of a lot of "under the hood" stuff that you'll want to learn about one day if you want to be more that a code monkey. If you need cross platform then go with Java.

    The most important thing (IMHO) is to get a good book and KEEP GOING, even when it gets difficult. Dont get distracted by looking up online tutorials (too many suck) or changing books when things dont make sense. Once you've got the basics then start reading programming blogs, forums etc and coding :)

    Also, i've met quite a few developers who have never taken apart a computer so you'll be one step ahead of them ;)


  9. I helped a friend move into a new place and spoke to one of his new house mates. He asked me what I did and I told him I just finished a degree in computer science. The first thing he said was

    "oh, so you must like computers. Feel free to look at the computer, its a little slow if you want to play around with it?".

    I think they may ask us to fix things because they think we enjoy it. Maybe they think they're doing us a favour :thumbdown:

    TBH I dont even know how to fix most virus/spyware issues any more. If i'm forced i'll just wipe and start again, which is easy now most people have laptops with restore partitions.


  10. The standard for Windows seems to be Visual Studio. The Express edition is free. For Linux gcc (or g++) will work which I use with Eclipse for larger projects.

    What does the book suggest? There is usually a chapter or two which deals with setting up the environment.


  11. If your asking how to install Linux without a cd drive you can try Unetbootin. It allows you to install Linux from a USB drive. Ubuntu provides a program called wubi which allows you to install via Windows. It does a weird emulation thing so you'll lose some speed but it has the advantage of installing Linux to a file and allowing installation/uninstallation (dual boot) via Windows which is pretty cool.


  12. Ok, I wasnt thinking and did a mkfs instead of a fsck (that'll teach me for not checking what my fingers do). Whats the best way to go about recovery? I dont have a similar sized HDD else i'd just try and copy what I could with the tools I've used before. Can a mkfs (ext3) be reversed?


    well wiki says this:

    There is no chance of file recovery after file system format.
    so I guess there is no standard way to recover from this. I'm running photorec to see what it can get back.

  13. I am a beginnger seeking to become one of the best Webhackers(always making me big goals^^).

    I want to learn fast.

    Maybe some Pros in this forum who can teach me webhacking?

    If hacking is able to be taught fast dont you think everyone would try and learn it? Learning to hack takes time and energy and you'll never be the best unless you can learn for yourself.

    If you're interested specifically in web hacking then at least you've narrowed down the list of things to learn but it'll still be a massive list. Start learning HTML and then move onto scripting languages like PHP, Javascript or ASP. Learn databases and SQL and the TCP/IP protocol. Look into web servers and application servers and how to operate them. Look into Operating Systems. Learn the Linux and Windows command line. When you know all that you'll start to figure ways to break things. Web hacking basically comes down to knowing how to inject code and what code to inject.

    Hacking is a mindset and cant really be taught. Its a way of looking at the world and getting it to do unexpected things. This comes as much from practice as from being "that type of person".

    Of course if you just want to hack website you can but you'll never be "one of the best". Just another script kiddie.