• Content count

  • Joined

  • Last visited

Community Reputation

-1 Noobie

About banshee412

  • Rank

Contact Methods

  • ICQ
  1. That should be good for me. I'll be there.
  2. I've attached a csv of the schedule if any of you want to import it into your calendar. hope.csv
  3. These have been pretty rampant. I have to give props to whoever originally wrote the tool. It is definitely very effective. I like how it crawls websites for injectable fields and not just trying to exploit the same script on every site. On this particular one they are trying to insert the javascript at I did a google search for the tags that are injected and got 187 results which is kind of low for these kind of attacks. Most of them I see have thousands of infections.
  4. It would be nice if they mentioned what kind of rfid they are using. I have a rfid reader/writer but i'm not sure if it will be the same frequency. The one I have reads 13.56MHZ ISO15693 tags.
  5. You lost me. What challenge are you doing?
  6. Well first off make sure you note that isn't a link to an image. The file is index.php and brosey8422.jpg is just an arbitrary argument. I'm not seeing any hostile code on there now but considering it is a php page it could be setup to only show the code when certain criteria is met. I visited the site on a xp sp1 vmware box and it did not exploit the box. If you have any more information feel free to share it.
  7. Here are some references I use. PE file format - Instruction set A-M - Instruction set N-Z - Function calls - Wikibook on RE - Analyzing Web-Based Malware -
  8. So what are some tips to increase your odds of cracking passwords? I have been running this for over 2hrs now on my althon 64 3500 with just a stock jtr setup and it only cracked 2 passwords.
  9. I haven't tried it on a mac but quite a few terminal apps can be used with tor by using torify. Like if you wanted to telnet to a host while using tor you would run 'torify telnet somehost'.
  10. I don't think tampering with the packet would work. You would mess up the ip checksum and the packet would probably be discarded.
  11. I wouldn't be surprised if it is some kind of p2p traffic. You can have a ton of hosts trying to connect to you even well after you stopped the program. Also with that high of a port number it is also possible that it is return traffic. What is the source port on some of the drops? Can you post some firewall logs?
  12. I can't think of any reason why \x20 would cause a problem. I would lean more towards there being an error in the shellcode. I typically use metatsploit's msfconsole to generate payloads. You could use that to generate a payload and make sure it works. If it still doesn't work you can tell msfconsole to not use \x20 in the shellcode.
  13. On a related note I'm having some trouble setting up my firewall. Essentially I'm trying to setup source nat'ing from my host only vmware network and allowing just dns and http out. I got it to work when I just setup of the source nat but when I put in the drop rules it appears to be blocking the responses. When I tcpdump on my vmware interface I see the dns request but not the response. On eth1 I see the request and the response. I'm not really sure what is going on so if any of you can help it would be appreciated. echo 1 > /proc/sys/net/ipv4/ip_forward ifconfig eth1:0 netmask /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -F /sbin/iptables -X /sbin/iptables -t nat -F /sbin/iptables -t nat -X iptables -t nat -A POSTROUTING -o eth1 -s -j SNAT --to-source iptables -P FORWARD DROP iptables -A FORWARD -p udp --dport 53 -j ACCEPT iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
  14. edited
  15. Are you sure you aren't using a software firewall like zonealarm or the sp2 one? The following link will show you how to disable it.