mobilec

Members
  • Content count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mobilec

  • Rank
    SCRiPT KiDDie

Contact Methods

  • Website URL
    http://chat.carleton.ca/~mmoufid/

Profile Information

  • Location
    Ottawa, Canada

Recent Profile Visitors

1,086 profile views
  1. touch file
  2. Debian net-install will work perfectly. Install only the base system and get a working internet connection. Then install only what you need, using apt. Debian needs 64MB RAM, minimum... I recommend Gentoo+distcc.
  3. Gentoo Hardened + XFCE4 showing off built-in compositor (transparency, shadows).
  4. Sorry if this was mentioned before: Anything within `` gets executed, e.g.: $ HELLO="`echo Hello`" $ echo "$HELLO" Hello
  5. Claims of software "phoning-home" can be verified using ngrep, or even netstat. Anyone mind posting evidence?
  6. Depends on your password. Passwords on RAR files you get off the internet (e.g. torrents) are practically impossible to brute-force. This is because these passwords are usually URLs, containing everything and anything in terms of character set. With a decent computer, and if you remember what characters you used, brute-force might be an option for you...
  7. Encoded at the beginning of the card, before the data bits, are "clocking bits". They need to be present for the reader to read the card. Depending on the card, they can be present before the data, or before and after.
  8. The Vending Machine probably "checks" for sufficient funds by charging the account, then awaits the servers confirmation before vending. Indeed. However... The protocol works as such: Send card data; Receive confirmation ("Insufficient funds"?); Send purchase item # & vend; Receive & display account balance; Therefore, no transaction is made until you select an item on the machine (i.e. not all items are priced the same). You're on to something d0p3d4n. I'll give this a try in the next couple days and post results.
  9. Do the vending machines you have plug directly into an ethernet port or a phone jack? If it's an ethernet port, it's most likely not ethernet at all. Even if so, they're definitely not on the same subnet as any neighbouring rogue ethernet ports you can jack into. Not to mention, there's no way of frauding or getting free shit, period. The worst you could do (in order of difficulty) is: sniff card data for later replay/spoofing; on-the-fly traffic intercept & modify to charge yourself cheaper shit than you're actually buying; reverse-engineer the protocol and set up a fake server. I've played around with this at my university--and been successful (I got physical access to a back room--which has since been secured, hmm I wonder why...). As it turns out, on our network, the raw card track data is sent over the network unencrypted using some crazy proprietary protocol (simple enough but very difficult to tamper with). Basic network map: VENDING MACHINE --CARD INTERFACE-->--SERIAL--> SERIAL-TO-ETHERNET ADAPTER --ETHERNET--> HUB/SWITCH --> SERVER What you'd need to do is get access to said hub/switch. Good luck. Both the hub and adapter are hidden away in a switch room. BTW Cisco would have nothing to do with anything. The interface between magcard reader and Coke machine is contracted out, usually to Diebold. Encryption is not usually needed, since traffic is impossible to intercept without huge efforts. To be sure for yourself that the traffic you're seeing is or is not from the vending machine, read the data on your card, and ngrep for it.
  10. The correct command would be: ifconfig ethn down hw ether AA:BB:CC:11:22:33 upAssuming the drivers let you...
  11. Is that a typo? I suppose you/they meant `through'?What do they mean by "experimentation"? Did these "activities" (i.e. visiting "hacker websites", or doing any "experimenting") violate any Terms of Service or contract that you signed as a student there? Let me guess, you were doing these "activities" through your student account? IMHO they just want to scare you, I bet it's even an automated letter. ;-) However, there is a fine line between scaring and threatening...
  12. But why?! I would have responded with "I am sitting on this public park bench taking advantage of the portability of my portable computer", or something similar, not "I am effectively committing a crime, officer. Would you like me to explain in detail how? Also, do yo like my shirt?" Advice: don't wear a shirt that says you're a hacker when you wardrive. In fact, don't ever.