phaedrus

Members
  • Content count

    99
  • Joined

  • Last visited

  • Days Won

    7

Everything posted by phaedrus

  1. The easy way for me would be to run linux as a os, and use the festival engine for text to speech:- http://www.xenocafe.com/tutorials/php/festival_text_to_speech/index.php Then write a batch/shellscript to convert all notes left in a certain directory to audio then encode to mp3 beforehand and just copy to in car mp3 player of choice and use its navigation facilities. Its not as technically brilliant, but it does cover the problem fairly easily. You could get it down to a couple of commands to run the job by hand too.
  2. Thats why its always a great thing to have your dns hosted by a different service than your webhosts, then you are not putting all your eggs in one basket and can be back up and running on a new server within hours of problems. What's even better is to have your own domain registrar register it too, so you can edit the details on the console directly too. And steer clear of .uk & .com domains of course, nominet have some strange ips tag system which costs a fortune to register in, and .com we all know about the current activities going down there. It is a pity they tightened up on cook islands requirements so much, as it used to be fun to have a .co.ck domain way back but now all the requirements to be met puts it outside the bounds of doable for a bit of fun. .ru should strike phear into any sysadmin's heart as they read the snort logs too :-) The question of level of setup/operational cost vs level of payback is what it comes down to as always. How naughty are you going to be? will it pay enough to cover the above properly? If you are just building a information store and not generally going to be a asshole over half the internet from the server, you probably can quietly get away with it without making too many ripples. I do believe spammers,phishers and carders should burn in hell, and the above is not a endorsement. Their obvious abuse of the above has gotten many a good host and service prematurely shut down or put under the spotlight.
  3. i know the whole add the colon with the port number at the end of the web address trick.. that would be fine if I was only looking for access myself, but if i was looking for access just for myself, i would probably not even bother with the domain name and just use teamviewer to access the system when i did not have physical access to it.. .shit i could even use a teamviewer app on my android phone to get access to the system... what i am wanting to to really is host my movie library which is nearly 600 movies, audio, and photographs on a password protected area of the server... but i probably want to have some publicly accessible content.. and i think just having a straight domain name to the server is the easiest thing for less technical people.. In which case webhop as above is your friend. Myth to a remote frontend, I personally welcome our new lagmonster overlords when that happens. Especially to stuff captured from a dvb card. Some of the euro providers set their bitrates at full on HD by default...
  4. I am in monaco at the moment, so potentially.
  5. What you describe sounds like dyndns's webhop feature, http://dyn.com/dns/webhop/ Although probably lot of other dns provider offer something similar. Or you could just set your sever up to listen on port xyz, eg 80080, and then type for eg http://myhost.mydynamicdnsprovider.com:80080/ to access it. Non standard port is part of http:// ftp etc protocols. Or you could establish a ssh connection and do a real ptp vpn. You can do that over non standard ports too, ssh just takes a -p flag on the connection string to specify.
  6. Buy hosting in favourite legally unreachable hornets nest (russia, china, anywhere really truly offshore), share location by ip address, be naughty until your hosts get fed up with your behavour/bandwidth usage and evict you. Rinse & repeat with new host.
  7. Apart from a multitude prepay phones, each with the same pseudo random user which changes in sync each month, which seem to be linked to a disproportionate amount of abuse and crime. Piquing the crap out of the feds who investigate it deeply for the bizarreness of it. I'm sure that wont attract any attention Why not just write the info down in a note on your pc, or in a password storage safe, or on a post it backwards or something random, and dont share it with anyone? let them get their own random made up data, its far less suspicious for all.
  8. Hi all, This project caught my eye when it was on hackaday, :- https://bitcointalk.org/index.php?topic=37904.0 They are using a fpga with minimal power requirements to do bitcoin hashing. Has anyone produced similar for password hashes? I know there is the cuda setup for graphics cards, but 7w per card, and a host could run 10 of these in a cluster if you had the funds to purchase, making for one hell of a password brute forcing setup... Anything similar for password hash breaking? Note for mr dawg and anyone thinking about not contributing, its not asking for illegal use, since network security professionals would of course have to tool up with similar hardware setups to mirror what potentially may be in use in the field somewhere in Russia etc...
  9. These are good too, just string together as many as you like, put a 1wire controller on your pc and under linux install the OWFS fuse filesystem. Then you can just use cat to read the devices as if they were flat text files in the filesystem and expose the status and other niceties to whatever client you fancy via a webserver on the box. Dallas do a whole 1wire series, the temperature sensors are really cool too. If you ring dallas and pretend to be needing them for company prototyping, they usually will send you free ones. My only warning would be to power them, as in parasitic mode when the bus gets long and complex, you sometimes see weird glitches because of it. edit, forgot the damn link... http://www.maxim-ic.com/datasheet/index.mvp/id/3818
  10. Why is telnet so bad?, as everyone has already covered off, packet sniffing. Its trivial. Why is it still in use at all? old kit that can't handle ssh. Not so much servers because you would have to be seriously lacking as a admin to put a solaris or unix box out on the internet using plaintext protocols to log into it, but various router and terminal servers etc. Some of that stuff is still using SS7 & telnet and will never change until its left in smoking ruins by script kiddies. I shudder in fear when I see a company using telnet to administer routers the public internet. And it happens far far too often.
  11. Astalavista used to be one of the places for HPVAC stuff on the net, about 10-12 years ago, at a time when everyone was twitchy about posting that sort of thing they seemed unphased by the law, beyond it almost. In fact the entire box.sk domain was full of interesting stuff, now I guess they trade on that name alone... Not saying that they deserve it now, but they were something once...
  12. +1 gentoo. Day1 its horrid while you get your head around the whole USE file directives and portage etc, week 1 its uncomfortable if you need to get stuff done, but by month 1 you have recompiled it so often you have everything how you want it and are playing round with stuff out of sunrise for the hell of it. And don't let compiler speed put anyone off. I run gentoo on a ragtag bunch of fanless atom mini pc's and netbooks dotted about the place. If they can handle it, anything can. And if the maintainer does something which totally blows donkey's, you can always go in and make a local version of the package and de-tweak any political tweaks (I am looking at you openvpn and the no authuserpass directive, although they've now put that in the USE flags for the package, so I can stop butchering my local mirror of the package now...) Now if only they hadn't thrown the xbox stuff out for similar reasons. I used to use gentoo on my xbox...
  13. GAWD! I hope they don't get too fancy with car batteries! They're simple, and work flawlessly when properly maintained. Sooner or later, someone will want to put an IPv6 address, remote access, and firmware on them. probably since they have smartphone apps to start and unlock your car already... What could possibly go wrong with that...
  14. Dos4GW & Assembler. I was quite a early adopter before finding slackware on floppies then later on redhat I think at one point I ran sco, but that was when they actually had a product...
  15. You are just about to keylog their activities to try to rape their computer and take over half their online accounts (or I'd guess in Nick P's case, to prove its possible) for your own personal gain. At which point would you begin to care that you might damage their future motherboard upgrade path???
  16. Warning, Caution, Mayday! Don't put anything you value any degree of confidentiality with on that server as is. While thats generally a good rule for any internet facing webserver if possible, someone has managed to get filesystem level access to that web server and you have no way of knowing what else they changed when they had that. They could have left other processes and backdoors on the system sleeping, and while you've closed the automated spambot injecting one, they could be popping back to see if theres any information they could harvest manually that could generate money for them, or be using it as a attack launchpad in some undetectable to you and your current toolkits level. There's a whole genre of software designed to be installed post hacking by the hackers to enable them to keep a level of control over it. Google rootkit. Or invisible rootkit. Or read round here. Seriously, treat it as still completely compromised because as far as you know it still is. If something gets broken into, the content you generate should be backed up and the whole server nuked and reinstalled then patched against whatever you find before it goes back onto the internet. If its a virtual server, they can probably reimage in minutes, and you can get exclusive access to make your config changes via an alternative ip. Depends on how receptive the hosting company is. Two of mine are great, and the third doesnt give a s*** and won't assist even with security stuff they have caused which the fix on would be to their benefit. Maybe thats why they are a 1/4 the price, so I just use that box for low importance hosting of bulk volume stuff. I run tripwire on the servers I care about lots amongst various other monitoring tools, and I can check whats been altered if they get attacked because it takes a cryptographic sum of the entire machine less a few directories which change often and dont hold binaries or config. And even if I ran the checksum check post successful intrusion as identified by other monitoring tools on there, I'd still pull that server from service and nuke it from orbit. For the sql injection, basically a simplified summary is typically the webserver takes in post data from a form somehow, say a search box or username etc. And it doesn't check for unsafe char's in the input or overlong data lengths, or source of post (some mad fools do their sanitization in javascript client side, in which case its trivial to just make a new page up with their parameter names in and bypass every control or safety measure they put in). The server hands this data off to the sql server, which starts parsing through the data. So lets give a simple example. Some of this syntax might be a bit wobbly because I'm writing it off the top of my head but it outlines the general act. A username box is entered with "'; DROP database mysql;", and posted to your webserver. The webserver hands it to mysql, which comes along and parses the name contents, which ends up as a DROP DATABASE command once the first ` closes the original query. If your webserver is running with full priv over your mysql database, it could result in instant complete deletion. Of course most attackers don't want to make a noise, so instead its more common to do a select * and attempt to extract information stored in there with the same method, or inject new users in to connect with etc. Ive seen this work against commercial products so don't feel too ashamed if you find it too. Most of the open source forums etc are fairly well tested by now, but they do have the occasional vuln identified so its always good practice to stay with as new a version as you can with them, ditto for the rest of your software stack if you have any control over it. Not many people would blow a 0 day on a forum about donkey saving or something, its mostly known exploits months or years old for that level. Bit of a learning curve to take all the above in quickly and understand it, but you'll get there if you want to.
  17. wget with the UA string set to the most exploitable version of IE you can think of is pretty useful too. Its interesting switching the UA round versions and between IE and firefox and getting different payloads too.
  18. Nice bit of obstifucation. When you say "adds itself to my index page" do you mean if you pull up the index. file in a text editor the above code appears in it? if so, your server is backdoored somehow by a process that has write permissions to those files and until you fix the hole, its just going to keep popping back to insert its edits. If you say what software stack (eg lamp, samp etc) you are using and what version (but don't reveal your url, or some may actively help you notice the problem by p0wnage, this is after all a hacker forum and there are curious souls here regardless), someone might point out which part of the software stack you are running is the likely culprit... Or someone could have just broke into one of the network daemons the oldschool way and have rootkitted it...
  19. I have just been through similar and I ended up fdisk'ing the drive blank and removing all the partitions etc in another machine and then booting from a boot cd and running through a live install to drive on it. Usually when the hard disk doesn't even have a boot sector the bios chooses the second device from its list as it recognizes the first device isnt bootable, but the drive is still available at the fdisk level once booted up. Ive also done similar via dos when making up a dos6.22 partition tacked onto the end of a drive with a o/s that wouldnt boot. dos 6.22 (or freedos) ain't dead, its just very very very stable...
  20. Is there any more diagnostics/updates or a resolution on this? I'm as curious as everyone else, and I have some lingering doubts about why it seems to affect the 68/8 netblock. It may come up in daily life for at least someone else and be useful to know.
  21. I dislike facebook because they are scum we all expect them to be. However, we know the leopard and it's spots well. G+ is shaping up to be just as bad but pretending to be good. I am very disappointed with their whole attitude towards naming conventions, and while I do potentially have a number of "real sounding" google+ accounts for research purposes, I feel for others who by use of their online pseudonym have felt the ban hammer descend, even though their real name would be meaningless to everyone but their parents. And that is the point. If you have darker intentions, you may well have a false g+ account but one which sounds real therefore the people being caught in the crossfire of these idiotic policies is the people who are honest enough to paint a target on themselves by use of a obviously fake name, for privacy reasons. Then the matter of if they permit the new games to access the API of a player, does that grant the API access to private content I have shared only with the player? If I have chosen to keep my relationship to the player a private matter, does this permission of the games api to access their friends and circle list breach my privacy I have set? Google are not responding to various people's calls for this clarification I have seen, which always is a bad sign. To the original poster, I believe you are seeing the result of a 3rd party actor attempting to steer anon, but it is being resisted. If you have a working exploit, all a load balancer with 80 machines behind it achieves is the attacker must repeat the exploit and defacement 80 times. Of course they must be confident of their payload to not dismiss it as not working after a few attempts. But then, they may compromise some of the hosts so when the reports start to flood in of a compromise, the "monitoring" staff fire up the page and get a clean server so dismiss the report. That way a compromised machine which has been defaced may serve its payload randomly for weeks unnoticed. Defacement roulette. Much more lulz, especially if it is a corporation's high profile public internet presence and pink and brown shots are involved. Since you are all obviously good intentioned people here, I present the scenario so you may remember to check ALL your farm in future.
  22. You can even browse properly if you disallow their cookie... I'm allergic to signing up for forums that force me to do so.
  23. I'm with the other poster. You are better off starting with a much lower power output, and learning about antenna's and how to make them more efficient, than sending out a dirty noisy overdriven signal that will get everyone in the neighborhood's back up and hunting for you. Radio ham's manage to get 1/4w to get great distances even on fm line of sight by clever antenna design, careful impedance matching, high quality coax and low loss plugs and careful antenna placement. Admittedly you can't use a highly directional antenna like a multi element yagi or a quad of some description to gain a lot of db because you want to radiate in all directions to your audience, but you can still build say a vertical half wave dipole antenna that is omnidirectional (the radiated signal is donut shaped, but the strongest bit is straight out where you want it) and apply the same principles to get everything matched correctly to everything else, low swr so that your transmitter isn't overworked for nothing and your not splattering harmonics everywhere, and keep it out the way of obstructions that distort the radiated field direction, place it as high as possible etc. I also think his advice to drop your expectations down to the 10-20w output range is solid, and if you follow that good advice a lot more options for tx'ers become viable. If you really need more later on, its then not difficult to build a class A linear amp setup and just amplify what you already have once it is all working correctly. Or just buy one in. To actually answer one of your questions, if you build a halfwave dipole, it has to be (nearly) half wave. At 100Mhz, wavelength is 3m. So half wave is 1.5m in total making each leg 0.75m long. Which will give you near to 75 ohms impedance at the centre feed point, mating up nicely to 75 ohm coax. You can fine tune the impedance by altering slightly the length of the arms. You can measure the mismatch between the two with a swr meter as usual. If you make it out of larger diameter tubing instead of wire, it will have more bandwidth but be nearer 0.47 wavelength instead before it resonates. So then each leg of the dipole will be 0.70m long. Also worthy of a mention, folded J match dipoles (slim jim's), someone's already done all the work for you :- http://www.irational.org/sic/radio/omni-aerial.html Finally, mount it as high as possible. Because of the curvature of earth, and objects getting in the way of the line of sight waves, height is your very best tool. I used to run a half wave vertical dipole bolted the back of a house, and a tiny royale discone on the chimney pot some 5-6m higher, and on 11m the discone with a really high (>4) swr reading outperformed the dedicated 11m antenna with its 0.3 swr by a huge margin... Enough waffle from me... Good luck.
  24. Shouldn't that be :- ip route 0.0.0.0 0.0.0.0 fe1/0 In that you define the routing, the netmask then tell it what interface to take out, and it works out the routing to the 71.x.x. range from the interface definition you specified earlier. Also the entire 69/8 space used to be a reserved netblock for ARIN, and ended up being filtered out by a lot of old router configs as it was used as spoofed source in lots of DOS and other activities, so its possible that your upstream is still doing this even today. Link on the whole 69/8 thing. http://puck.nether.net/~jared/papers/69-paper.html You should connect at command line level to your cisco and do a show ip route to see if theres anything in place your end, and check onward connectivity using the usual telnet/traceroute etc. Odds on if you started with a clean config on the cisco, its upstream at your ISP.
  25. When their views, aims and morals coincide briefly with your own, or you are another blind fool being led by PR and media frenzy groupthink. If you choose not being one of the sheep huddled together for protection listening to the cries of predators in the distance, instead to be one of the wolves driven by a hunger (for knowledge) serving your own goals and aims, then you are much less reliant on the ability of others to keep their trap shut under pressure. If your ego permits this mode of living... To talk of anon "membership" and to promote the subject in a manner to identify and align yourself as such you are pandering only to your own ego. And this is why the posters are rolling their eyes at the existence of this thread and giving it such a rough reception. Is why they give ANY of these anon threads the same reception. And rightly so.