Bit Viper

Binrev Financier
  • Content count

    28
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by Bit Viper

  1. Definitely possible, and fun! http://www.ex-parrot.com/pete/upside-down-ternet.html I like the "blur" option... people aren't immediately convinced that anything is wrong.
  2. Aw, I missed it.
  3. Your image files are way too big, that's why they're taking so long to load. Instead of loading the full image and then having the browser re-size them, you should edit the images ahead of time to be the size you need... that will cut way down on the bandwidth, especially for image-intense pages. I also think the background image is a bit busy/distracting, but that may be more of just a personal preference.
  4. Not for anything, but why don't you want to just create a new account? Over almost 3 years you've got 13 posts... so it's not like you're going to be losing out on vast amounts of content.
  5. Something else to keep in mind... penetration testing is far from being the only option in the security field. Sure, it's the flashy, hot-topic item that everyone wants to do since you get paid to try to break into people's stuff. Who wouldn't want to do that? That's almost as cool as being a video game designer! Don't sell the other areas short, though. And realize that, not unlike being a video game developer, there are a lot of other parts to pen testing that may not be very apparent until you're in the field. - Are you sure you're not causing PERMANENT damage to your client's systems? Maybe that nifty new remote root exploit as a nasty side effect of corrupting a system file or resetting those complex permissions on an application. - Are you sure you've tested EVERY SINGLE possibility for external vulnerability? If your client pays you thousands of dollars and then three months later is compromised by something you never mentioned, you can expect (at the very least) a nasty phone call. - Have you provided sufficient documentation about all the vulnerabilities? This is where all those reports you wrote in high school and college will come in handy. - Have you got hands-on programming experience in a lower-level language like C or assembly? Metasploit and other point-and-click tools are good for speeding up the process, but you want to be sure you really understand WHY things are working the way they do. (Protip: go read "Smashing the Stack for Fun and Profit" if you've not. I've never seen a better write-up on how buffer overflows work.) - Do you have experience with Windows systems? Good. How about linux? Ok. How about AIX, HP-UX, or Solaris? Cisco IOS? Multi-platform knowledge is fundamental to getting the big picture. Again, your client will want to know about EVERYTHING you find, not just that you were able to Hax0r their old Windows 2000 web server. I don't work as a pen tester; I never have, and I doubt I ever will. However, I do work in security, so I like to think I have a bit of the mindset that you need. There are plenty of other cool jobs in the field; don't limit yourself. Keep an open mind, especially while young, and you'll benefit from the added experience. You'll find where you fit in.
  6. I think you need to describe in a bit more detail what exactly you're looking to do.
  7. Just wondering if anyone is still out there using Telephreak? I haven't been able to get into my mailbox for at least several months if not longer.
  8. > Unsurprisingly, I see a lot of people who know not the difference between a desktop environment, a window manager, and even distros! Ok... so were you going to actually provide some useful information, or just sit there and be all smug? The days of rolling your own *nix from scratch are long gone. For mass market appeal, you have to trade off technical know-how for convenience -- there are zillions of options about everything, and most of them come nicely packaged and easy to install. It's not really practical to fault someone for not understanding the technical guts of things if they don't have much interest in it. There are automobile purists out there who will scoff at anyone who drives a car with an automatic transmission and who do all their own engine work. Me? I can't drive standard, I don't understand anything that goes on under the hood, and I don't give a crap. I just want to use my car, and know that I can find someone who can fix it if it breaks. And don't even get me started on the ham radio OTs who still insist that *real* radios have vacuum tubes and that doing away with the code requirement is tantamount to blasphemy. Sure, I could add crystals by hand and send CW with a straight key if I wanted... but not everyone is in the game for the same reasons. The same principle applies to computers. Those who are interested will find a way to learn, but it's presumptuous to assume that everybody has to know the things that you do.
  9. So here are some things that you need to consider before you get offended. - You are a newcomer to these forums, and you do not associate yourself with any identity that the "regulars" here may be predisposed to trust. - Your first post encourages people to download a rather large executable file, for free, that they are not able to review the source code of. - The overall theme of these forums may tend to attract people who have less-than-savory intentions. Indeed, StankDawg purposefully encourages a neutral stance on information to allow for open discussion. Such an environment will, by its very nature, attract people who are looking to do naughty stuff. My original comment about the rootkit came loaded with the snark and cynicism that is more or less a given amongst IT professionals, hobbyists, hackers, and even "crackers" in this day and age. It was less of a direct accusation, and more of a general commentary on the trustworthiness of relatively random, anonymous downloads. I have no reason to believe that you would include a rootkit or any type of malware in your program -- but -- I also have no reason to believe that you would not. I did not download or evaluate your application in any way; I was merely making a statement that, in general, anyone who would simply download and run an un-trusted, pre-compiled program because someone on a hacker forum told them it was safe would very likely get what was coming to them. Most visitors here can and do think for themselves... in fact, that is one of the reasons why I enjoy the forums here. I don't believe anyone who frequents these forums would extend any more trust to you than I did. For what it may be worth, this is not meant to be a personal attack. The chances are very good that your program is as you describe, and that you have put several hours of honest work into it with the hopes of someone finding it useful. But you must understand that you have not come to a place (as it were) where people are going to be in the habit of trusting strangers bearing candy. It's just the nature of the game that we play. I do wish you success with your program, in whatever way you hope it comes.
  10. Do you include a copy of the source code, or do we get a free rootkit with every download?
  11. User agent string is probably the quickest way out the door. No add-ons or plugins or runtime environments. Just capture User-Agent using your server- or client-side scripting language of choice, and roll with it. Easy.
  12. Some routers will prevent looped connections -- i.e. connecting FROM your internal interface TO your external. Try accessing your public URL from outside your home network, as you would if you were someone who wasn't you. Could also try browsing via your public IP address instead of the DNS name, to see if there is any difference there. It may be as dinscurge said, that your ISP is blocking inbound port 80 (many do by default for non-business accounts). In that case, you'd need to enable port forwarding on your router (e.g. direct public port 8080 to port 80 on your internal server) and have the outside world throw the port number on the URL. Less than ideal, but not uncommon.
  13. http://www.f-secure.com/weblog/archives/00002482.html Admittedly, F-Secure has a vested interest. But he does bring up some valid points, in my opinion. Thoughts?
  14. I actually have the mailbox and password... problem is that it won't even let me enter the mailbox menu. When I dial in and try, it just goes back to the main greeting.
  15. Looks good, though the split content from pages 17-22 was somewhat confuzzling to me at first until I figured out what was going on. For those not in the know, I've found through the years that anything Ticom puts in writing is worth reading. This appears to be no exception.
  16. Sure. In fact, a quick web search for "use webcam as nanny cam" returns a bunch of hits. Have you taken a look through that information already? Is there something else that you're trying to do with it that's not already out there?
  17. Hm. Okay, I get that this is the LinkZ forum, so this topic might be appropriate. However, it looks like the referenced site is holding some sort of contest to see who can post the most of these messages on forums, and there is some sort of on-site credit or prize if you post a certain number of them. (The admins even suggest posting via anonymizing VPN in case of retaliation.) So I suppose it follows the letter of the law, if not the spirit.
  18. Found this to be a pretty interesting read: http://dinaburg.org/bitsquatting.html
  19. Although as they said in the letter: We want to continue broadcasting over the radio, as that is where the true magic is. Podcasts are a supplement to this, but not a replacement. We don't ever want to lose the possibility of someone accidentally stumbling upon our show while driving in their car or of non-tech savvy people being fascinated by what they hear. Pulling in listeners who never even knew that they were interested in what we were talking about is what makes all of this worthwhile.
  20. I think the answer is that it will mostly depend on the language and development environment you're working with. Some IDEs allow you to "step" through the code a line at a time, and may even allow you to display or track the state of different variables or objects. Decompiling is not usually a viable option. There is no guarantee that you will get an exact copy of the original source; at best, you may get something functionally equivalent but without any sort of human-type logic behind the design. If you want to become an ├╝bergeek, you can run your executable through a debugger and examine the assembly/machine language as it executes. (Of course, you have to have a fighting knowledge of assembly in order to gain any insight from this.) Scripting languages are a bit easier, since the code is already there for you to review. As you practice writing code, you can leave yourself messages throughout the program execution by either logging waypoints to an external file ("00:31 Entering fooDoSomething() subroutine", "00:38 Exiting fooDoSomething() with exit code 2A") or popping messages up on the screen. Start with smaller programs, they're a bit easier to conceptually "visualize" your way through as they execute.
  21. In case anyone here is a Redditor -- or, in fact, even if you're not -- I made a compilation link of several of the hacking/security-related subreddits that seem to have decent content: http://goo.gl/Lsmp7 If you don't trust URL shortening, here is the long version: http://www.reddit.com/r/2600+BlackHat+ComputerForensics+RELounge+ReverseEngineering+antiforensics+compsec+crypto+hacking+malware+netsec+vrd+websec Happy Learning!
  22. ...right. Because they have to call you. You can't do it by initiating the calls yourself.
  23. You mean you have to manually tell it to re-connect (it doesn't do it automatically)?
  24. TCP is almost as old as telnet, and it still works just fine. Telnet does what it was designed to do... no more, no less. There are better ways of accessing remote systems these days, but it still works.
  25. Per TFM, you can do conference calls via Google Voice. Looks like you have to have the people call you, though... not you calling them: http://support.google.com/voice/bin/answer.py?hl=en&answer=115137