• Content count

  • Joined

  • Last visited

Everything posted by Hiryu

  1. Fun if the domain has a * in their DNS A quick test before doing the bruteforce will verify this, just dig for a random string .domain.tld (i.e. tgi8632uhjsiuy78u34iro98.domain.com )
  2. I'd like to have some links to sites that are running the tool, preferably ones with all the options turned on or something. I'm more interested in trying to detect other sites that might be running the tool or variants thereof.
  3. That will actually turn on EFR (Enhanced Full Rate) on (most) Nokia phone.. better sound quality in exchange for REDUCED battery life. Key in *#3370* to deactivate. *#4270# Will give you HRC (Half Rate Clarity) which is the exact opposite of EFR, key in *#4270* to deactivate.
  4. Also done here: http://www.binrev.com/forums/index.php?showtopic=21958
  5. We'll see in about two weeks I guess.
  6. The browser component runs in a sandboxed environment on the iPhone, hence Apple saying that it is secure. Your web-app will never touch data on the phone. Integration of your web-app and the phone functions is simply the browser recognizing stuff like phone numbers and email addresses etc.
  7. Looks a bit like Head over Heels
  8. It won't be a perfect clone since the mounted drive is still in active use and changes are made while the rsync is in progress. You might get some errors about files being locked/skipped. You will also be missing your MBR . An rsync backup is only good for backing up your data, not your entire system. I don't know of a backup system that will clone the entire system while it's still live, especially one that needs to be implemented as the system is running. I usually just use a RAID mirror. If you wish to keep using rsync, add --delete to the options so files that are no longer on the source disk won't be left behind on the target disk (think tempfiles etc.)
  9. Most common way to steal cookies would be by using Cross Site Scripting or XSS. You inject a piece of (Javascript) code into a site that does a GET or POST to a site/page/url that you control with the cookie as a parameter. An other way would be a trojan. I know there are trojans out there that specifically scan for gamekeys and game logins.
  10. Irongeek, is there a way to detect when a browser is 'infected' with Jikto? Is the infection persistent (does Jikto run when the browser is restarted)?
  11. Mac OSX = Illumination ?
  12. Not gonna happen. You CAN tell VMware to boot from an existing partition but it is not recommended. The first thing that will happen is windows will crap itself due to being booted up on a different hardware platform (the virtual machine emulates a lot of hardware like videocard, scsi/ide interfaces, networkcard etc..), the second thing that MIGHT happen is you damage your windows partition to a point where it won't boot or worse, you've lost all data on there. You can use some tools to clone the existing partition to a virtual one that will boot up under a VM (P2V tool from VMware or Parallels Transporter).
  13. links + svgalib? All implementations I have seen require some form of X or worse Windows. Maybe you can run Xvfb (Virtual FramBuffer)?
  14. Once again: The Onion Router (aka TOR)
  15. Just thought of another thing that might benefit you: (transparent) proxy. Squid is great for this. And you can install DansGuardian next to it, this will filter out all (un)wanted banners, webbugs and some nasty javascript.
  16. A packetshaper will definitely help. Packeteer is one of the leading companies that build shaping appliances. And if cost is really an issue, there are a number of free opensource solutions. The company I work for wanted to upgrade the 2Mbit connection, but after a short study we found that one months lease on a 4Mbit line would buy us a packetshaper that would effectively solve our bandwidth problems.
  17. Since it's a qemu disk image, maybe something like the qemu disk image util might be of some help. It allows you to convert the image from (probably) qcow compressed (check it with the 'info' option) to a vmdk (for vmware). Mount it with vmware and a working linux-image, edit whatever you want and then convert it back to whatever image format it was. Booting it directly in VMware might not work due to the difference in the virtual hardware.
  18. How about using DVL Linux ?
  19. Metasploit 3.0 Automated Exploitation My first reaction to this was: "Hey, that pretty cool!" My second reaction was: "Oh no.. script kiddy friendly now..." I do like the name for the new command "db_autopwn"
  20. Apache's logs are usually kept in /var/log/apache or /var/log/http, the webserver part that serves you the pages will have absolutely NO access to these directories. The only way to erase the evidence in the logs is to be root on the server... and if your root on the server, you don't need to bruteforce. Now, how about a more 'subtle' approach? Try timing the request/logins rather far apart, at random intervals. Try using different proxies or Tor to do it.
  21. I think when you're logged in over SSL, when firefox crashes and restores the session you will need to log in again.
  22. Free and legal Windows XP SP2 Virtual PC image from Microsoft. Sounds like a great (and legit) tool to do some hacking research/exploiting etc. on. It's main purpose is for web devs to test their sites in IE6 and IE7, but since it's a fully working (I assume) copy of WinXP I don't see why you can't use it for something else. Virtual PC 2004 is also free for download, but if you prefer to run this on VMWare, you might try the Parallels Image Compressor to compress/convert it, but I'm not sure whether Windows will like the change in virtual hardware.
  23. They will be releasing and 'updated' version by the time it expires, so you can switch over and use that. Or someone will find a way to reset the expiration date to 2020 or something.