phr34kc0der

Members
  • Content count

    487
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by phr34kc0der

  1. There were binrev stickers?! Damn, it would have been nice to grab one.
  2. Anyone going?
  3. Dang, I was there.
  4. And a million software engineers died, shouting "descriptive variable names!"
  5. Was this on a home router or something? Did you try pulling off the firmware or trying to access the filesystem/config some other way? I'm thinking looking for UART/JTAG ports on the board. This excites me. I wonder whether it's disabled, or just removed from the web interface.
  6. Need more reasons to ditch RC4 in TLS? 52 hours to recover encrypted cookies. Not a super practical attack but kind of interesting. http://www.rc4nomore.com/
  7. Are you trying to find the addresses of other players? I've not used Cain and Abel for many many years but from what I remember, it does ARP poisoning to perform Main in the Middle attacks. It probably performs ARP sweeps to find hosts and this will only work on your LAN. Unless I'm misunderstanding Xbox Live (could happen, I don't own an Xbox, or really even play games), your XBox will be connecting to a server somewhere and so will have no knowledge of the IP addresses of other players. As these hosts are not part of your local network, an ARP sweep will not disclose those addresses either. Note: everything I said could be wrong. Cain and Able could have changed since I last used it, and my assumptions about XBL could be incorrect.
  8. Ah, I see. Burp can be used as a client (the repeater tab), although it's not well suited to it. It's best if you have a client that already generates requests and use burp to proxy then modify requests. It does have the advantage that it will let you perform a multitude of security testing against the web service. You could try soapui. I've used it a little on Linux and despite it's name, it supports REST web services. It may be a little less slick than paw though (just judging from the screenshots).
  9. The question is a little confusing. Are you saying you want to create multiple accounts in a web app that doesn't allow multple accounts? Is this an external web application? If so, changing your MAC probably won't help much. Once traffic leaves your network, nothing will see the MAC address you use on your internal network adapter. As a side note, you can change MAC address without using a VM. If the application is using your IP addess to identify you, you should be able to jump through a proxy. If they store a token or something in a cookie (of other client side storage), you should be able to delete it (or open a private windows/new browser/new browser session etc) to bypass it. You could even script something with a little *nix or powershell knowledge. I guess it boils down to this: try a few things. Figure out how they detect you, and find a way to bypass it. I personally can't think of any way they could detect you that couldn't be bypassed. Some would slow me down (e.g. requiring a phone number for registration) but you first need to know what they check.
  10. Are you looking for something like burpsuite or mitmproxy? Portswigger offers a free version of Burp, but has some limitations. It's extensible via plugins. Alternatively, curl can work in a pinch and obviously great for scripting.
  11. It's a mindset. You hack to learn, you don't learn to hack.
  12. Ethereal? Development stopped on that years ago. It's now Wireshark. I'm not sure on the current state of things, but a few years ago there were a some tricks avalaible to do this. The basic idea was to get the user to navigate to a page you controlled. This page would contain links to webpages and some css to somehow highlight which links have already been viewed. Javascript could then be used to query for these links. I would imagine that this has been fixed in recent browers, but it might give you something to work with.
  13. So what are the other values? Random values on the stack or something?
  14. Pretty interesting. I checked it out and i'm getting the same result. Could srand() be a wrapper for something? If anyone knows i'd be interested in the answer.
  15. Not had any experience with this but you mentioned chmod, so did you try this in linux? If its creating a virtual CD rom drive then I guess it'll be read only so maybe try copying the data locally, formatting the drive and copy the data back. Also i'm pretty sure that windows will stop autorun if you hold shift when you first insert the disk (or drive in your case).
  16. What were you doing at an all girls catholic school?
  17. If that means what I think it means you are an idiot.
  18. "A week" I said. HAH!

  19. Away for another week without the net :(

  20. Where on the site is the counter? Are you referring to profile views? I tried 3 browsers (firefox, epiphany and elinks) and none increased the counter in the other. I also went through a web proxy which didnt help. Its after 4am right now so i'll check it out again later.
  21. Where did you get the hashes?
  22. If you're looking to get started in programming i've found the best approach is to find a good book and work though it. Take a bit of time to decide a language to start with and go from there. Remember, the language itself is not so important but choosing the correct one FOR YOU will help you write applications which you find interesting which ultimately will help keep you motivated when you start. As a rough guide: PHP is the bees knees for web programming. Python or Ruby is good for learning concepts and will let you do a lot quite quickly. C or C++ are good for CS concepts or when speed is essential - maybe not so great as a first language. C# is fairly easy (especially with help from Visual Studios) and lets you build complex graphical applications quickly, however its a Microsoft language so cross platform programming may be difficult. Java is similar to C# but more cross platform and maybe slightly less easy, especially building graphical applications. My vote would be to start with C#, although remember that C# (and .NET) take care of a lot of "under the hood" stuff that you'll want to learn about one day if you want to be more that a code monkey. If you need cross platform then go with Java. The most important thing (IMHO) is to get a good book and KEEP GOING, even when it gets difficult. Dont get distracted by looking up online tutorials (too many suck) or changing books when things dont make sense. Once you've got the basics then start reading programming blogs, forums etc and coding Also, i've met quite a few developers who have never taken apart a computer so you'll be one step ahead of them
  23. I helped a friend move into a new place and spoke to one of his new house mates. He asked me what I did and I told him I just finished a degree in computer science. The first thing he said was "oh, so you must like computers. Feel free to look at the computer, its a little slow if you want to play around with it?". I think they may ask us to fix things because they think we enjoy it. Maybe they think they're doing us a favour TBH I dont even know how to fix most virus/spyware issues any more. If i'm forced i'll just wipe and start again, which is easy now most people have laptops with restore partitions.
  24. The standard for Windows seems to be Visual Studio. The Express edition is free. For Linux gcc (or g++) will work which I use with Eclipse for larger projects. What does the book suggest? There is usually a chapter or two which deals with setting up the environment.
  25. If your asking how to install Linux without a cd drive you can try Unetbootin. It allows you to install Linux from a USB drive. Ubuntu provides a program called wubi which allows you to install via Windows. It does a weird emulation thing so you'll lose some speed but it has the advantage of installing Linux to a file and allowing installation/uninstallation (dual boot) via Windows which is pretty cool.