Bit Viper

Binrev Financier
  • Content count

  • Joined

  • Last visited

  • Days Won


Bit Viper last won the day on August 29 2017

Bit Viper had the most liked content!

Community Reputation

8 Neutral

About Bit Viper

  • Rank
    SCRiPT KiDDie

Profile Information

  • Gender
  • Country
  1. Definitely possible, and fun! I like the "blur" option... people aren't immediately convinced that anything is wrong.
  2. .

    Aw, I missed it.
  3. Your image files are way too big, that's why they're taking so long to load. Instead of loading the full image and then having the browser re-size them, you should edit the images ahead of time to be the size you need... that will cut way down on the bandwidth, especially for image-intense pages. I also think the background image is a bit busy/distracting, but that may be more of just a personal preference.
  4. Not for anything, but why don't you want to just create a new account? Over almost 3 years you've got 13 posts... so it's not like you're going to be losing out on vast amounts of content.
  5. Something else to keep in mind... penetration testing is far from being the only option in the security field. Sure, it's the flashy, hot-topic item that everyone wants to do since you get paid to try to break into people's stuff. Who wouldn't want to do that? That's almost as cool as being a video game designer! Don't sell the other areas short, though. And realize that, not unlike being a video game developer, there are a lot of other parts to pen testing that may not be very apparent until you're in the field. - Are you sure you're not causing PERMANENT damage to your client's systems? Maybe that nifty new remote root exploit as a nasty side effect of corrupting a system file or resetting those complex permissions on an application. - Are you sure you've tested EVERY SINGLE possibility for external vulnerability? If your client pays you thousands of dollars and then three months later is compromised by something you never mentioned, you can expect (at the very least) a nasty phone call. - Have you provided sufficient documentation about all the vulnerabilities? This is where all those reports you wrote in high school and college will come in handy. - Have you got hands-on programming experience in a lower-level language like C or assembly? Metasploit and other point-and-click tools are good for speeding up the process, but you want to be sure you really understand WHY things are working the way they do. (Protip: go read "Smashing the Stack for Fun and Profit" if you've not. I've never seen a better write-up on how buffer overflows work.) - Do you have experience with Windows systems? Good. How about linux? Ok. How about AIX, HP-UX, or Solaris? Cisco IOS? Multi-platform knowledge is fundamental to getting the big picture. Again, your client will want to know about EVERYTHING you find, not just that you were able to Hax0r their old Windows 2000 web server. I don't work as a pen tester; I never have, and I doubt I ever will. However, I do work in security, so I like to think I have a bit of the mindset that you need. There are plenty of other cool jobs in the field; don't limit yourself. Keep an open mind, especially while young, and you'll benefit from the added experience. You'll find where you fit in.
  6. I think you need to describe in a bit more detail what exactly you're looking to do.
  7. > Unsurprisingly, I see a lot of people who know not the difference between a desktop environment, a window manager, and even distros! Ok... so were you going to actually provide some useful information, or just sit there and be all smug? The days of rolling your own *nix from scratch are long gone. For mass market appeal, you have to trade off technical know-how for convenience -- there are zillions of options about everything, and most of them come nicely packaged and easy to install. It's not really practical to fault someone for not understanding the technical guts of things if they don't have much interest in it. There are automobile purists out there who will scoff at anyone who drives a car with an automatic transmission and who do all their own engine work. Me? I can't drive standard, I don't understand anything that goes on under the hood, and I don't give a crap. I just want to use my car, and know that I can find someone who can fix it if it breaks. And don't even get me started on the ham radio OTs who still insist that *real* radios have vacuum tubes and that doing away with the code requirement is tantamount to blasphemy. Sure, I could add crystals by hand and send CW with a straight key if I wanted... but not everyone is in the game for the same reasons. The same principle applies to computers. Those who are interested will find a way to learn, but it's presumptuous to assume that everybody has to know the things that you do.
  8. So here are some things that you need to consider before you get offended. - You are a newcomer to these forums, and you do not associate yourself with any identity that the "regulars" here may be predisposed to trust. - Your first post encourages people to download a rather large executable file, for free, that they are not able to review the source code of. - The overall theme of these forums may tend to attract people who have less-than-savory intentions. Indeed, StankDawg purposefully encourages a neutral stance on information to allow for open discussion. Such an environment will, by its very nature, attract people who are looking to do naughty stuff. My original comment about the rootkit came loaded with the snark and cynicism that is more or less a given amongst IT professionals, hobbyists, hackers, and even "crackers" in this day and age. It was less of a direct accusation, and more of a general commentary on the trustworthiness of relatively random, anonymous downloads. I have no reason to believe that you would include a rootkit or any type of malware in your program -- but -- I also have no reason to believe that you would not. I did not download or evaluate your application in any way; I was merely making a statement that, in general, anyone who would simply download and run an un-trusted, pre-compiled program because someone on a hacker forum told them it was safe would very likely get what was coming to them. Most visitors here can and do think for themselves... in fact, that is one of the reasons why I enjoy the forums here. I don't believe anyone who frequents these forums would extend any more trust to you than I did. For what it may be worth, this is not meant to be a personal attack. The chances are very good that your program is as you describe, and that you have put several hours of honest work into it with the hopes of someone finding it useful. But you must understand that you have not come to a place (as it were) where people are going to be in the habit of trusting strangers bearing candy. It's just the nature of the game that we play. I do wish you success with your program, in whatever way you hope it comes.
  9. Do you include a copy of the source code, or do we get a free rootkit with every download?
  10. User agent string is probably the quickest way out the door. No add-ons or plugins or runtime environments. Just capture User-Agent using your server- or client-side scripting language of choice, and roll with it. Easy.
  11. Some routers will prevent looped connections -- i.e. connecting FROM your internal interface TO your external. Try accessing your public URL from outside your home network, as you would if you were someone who wasn't you. Could also try browsing via your public IP address instead of the DNS name, to see if there is any difference there. It may be as dinscurge said, that your ISP is blocking inbound port 80 (many do by default for non-business accounts). In that case, you'd need to enable port forwarding on your router (e.g. direct public port 8080 to port 80 on your internal server) and have the outside world throw the port number on the URL. Less than ideal, but not uncommon.
  12. I actually have the mailbox and password... problem is that it won't even let me enter the mailbox menu. When I dial in and try, it just goes back to the main greeting.
  13. Admittedly, F-Secure has a vested interest. But he does bring up some valid points, in my opinion. Thoughts?
  14. Looks good, though the split content from pages 17-22 was somewhat confuzzling to me at first until I figured out what was going on. For those not in the know, I've found through the years that anything Ticom puts in writing is worth reading. This appears to be no exception.
  15. Sure. In fact, a quick web search for "use webcam as nanny cam" returns a bunch of hits. Have you taken a look through that information already? Is there something else that you're trying to do with it that's not already out there?