deadc0de

Members
  • Content count

    264
  • Joined

  • Last visited

Everything posted by deadc0de

  1. anything...but most likely if you get a .doc file from your co-workers or whatever they aren't viruses. A virus copies itself to other documents. Whether they know it or not, they could be sending you an infected file. Don't forget that a virus can also generate bogus infected documents or infect legit documents and send them to everyone in the address book. Don't automatically trust people you know, don't trust any attachments ever and be specially wary of anything containing executable code (such as .exes and .docs). Trojans often connect out instead of waiting for incoming connections. Your NAT router won't help you there. A software application-level firewall will though. A NAT router will protect against worms that exploit vulnerable services running on your system but does nothing against other types of malware. Dirty dirty reverse shells. Many a firewall has been brought to it's knees thanks to those. Windows can actually be incredibly secure as long as you don't have downs and run the right software (IDS', Daily AV/malware scans, spyware scans, firewalls -hardware based).
  2. <--edit by droops -->
  3. WinPcap is driver based so a thumb drive is out of the question for the most part. Unless you hand some super complicated on-demand bootloader or something. If you don't have any other options I'd recommend setting up an SSH tunnel and SOCKS proxy system. You can probably use PuTTY among other tools to do this with relative ease. However overkill for this scenario, I think you'll thank me later when you're browsing firewall/proxyless. http://ubuntu.wordpress.com/2006/12/08/ssh...ecure-browsing/ http://lifehacker.com/software/ssh/geek-to...roxy-237227.php On the second link pay specific attention to the comments people leave.
  4. It's linking you to your hardware. Where they can't *immediately* do anything to catch/identify you they can cross reference your IP at the time of the crime, to the MAC address registered at their router and have themselves a criminal as deadwax said. Not that I promote nefarious activity at a coffee shop, at least take the proper precautions to remain anonymous. You can never be too paranoid when hiding in plain sight. I would think it would be very difficult to find the person. Suppose they do find out where the connection came from (the open wifi network). How would they know which person to trace it back to? This is assuming it takes them many "man hours and resources" to find where the connection originated. They would have to rely on cameras. And if the person is sitting in a car outside the building where the wireless network is located, and out of camera's view, they will probably never find them. If they really want to catch someone, they had better do it in real time while the person is still connected to the wireless network. They would know by hardware identification. They couldn't catch you doing the crime you committed earlier, but in terms of man power and resources all they would have to do is set up a packet sniffer right in the middle of the coffee shop and have another guy watching the WiFi points logs and then when they see that same MAC address pop up they know it's you and detain you for questioning. After they they'll probably have gotten a warrant to go through and they'll be able to confirm it was you by examining your hardware and charge you appropriately. It's not a very difficult task tracing anyone at any point on the internet.
  5. Sounds more like just being a hacker trying to terrorize something. The definition of skiddie is too loose, they could also be "black hat". Also, chaining ellipses is cool.
  6. 92% of statistics are made up. 43% of people know that. Ruby's concurrency support is pathetic compared to other languages (Erlang, Limbo, Mozart/Oz, Alice, etc). The implementation choices are inherently flawed for dealing with large-scale concurrent programs. They're really not something to brag about. What does Python's forced indentation have to do with dynamic typing? It's a choice the designers made to try to enforce readable programs, one that most good programmers would enforce naturally. So wait, you'd write a large scale, multi-threaded program in a interpreted language? Once again, that was a plus for me. I've never even heard of half the languages you listed, because they obviously aren't popular enough for me to even care. Ruby is new to the scene once again, and it's still being worked on to be faster, and better. Go back to my last sentence. Use the right tool for the job. Larger scale projects should use a language like C. The rest of it I won't even address because you're flamebaiting.
  7. Right... C is very portable, just look at NetBSD. It's only a matter of writing portable code. If the framework provides interfaces for this, there should be no problems. I don't think they didn't choose C 'cause of portability issues. You didn't even argue any valid points here. First off what was the development time-line for NetBSD, and how long did it take to port it across frameworks and architectures? Yes C is completely portable. But is it quick and easy to say, port a large Windows or Linux development project across platforms or even architectures? No. Not at all. Even at the simplest level you need 2 different compilers, and whole entire new set of libraries (ex. Can't use winsock2.h in Linux can you!) Secondly, http://framework.metasploit.com/documents/...opers_guide.pdf and I quote "The C/C++ programming languages were also deeply considered but in the end it was obvious that attempting to deploy a portable and usable framework in a non-interpreted language was something that would not be feasible. Furthermore the development time-line for this language selection would most likely be much longer". Why don't you read before talking next time? The Ruby STL is quite large. You don't know it until you try it. Read some books on it before shit-talking it. As for python, line indentation that is REQUIRED for a script or program to work correctly is not natural to alot of people (even this is covered in the developers guide for metasploit), and is really annoying when you fuck it up. Just read the developers manual. They have a section called "Why Ruby?" that is there to explain to people like you why they did it.
  8. Previously it was PERL. 70% of all hacking-based software or scripts were written in PERL. Now it's up against Python and Ruby. Ruby wins with me because: -------------------------------- - Pure OOP - Cross platform multi-threading, and threading (yes, believe it) - Interpreted (meaning it's 100% cross platform) - Easier to read than PERL - More dynamically typed, unlike python with it's required indentation (which is terrible, but others can argue it's good) - RoR is incredibly easy to use, and efficient - Much like the creator Matz I was (and still am) a C++ programmer. Going to Ruby was easier than going to python. - Strong exception handling - PERL-like Regex - Fairly large STL I don't like that Ruby is a tad slower (However, on a decent system this speed difference is not noticeable at all). I also don't like how it doesn't have an extensive repository of modules like PERL does. However it still dominates in my eyes. In fact, metasploit was rewritten from PERL to Ruby (C was considered but tossed, because anyone trying to make a 100% portable framework would be 100000x harder to do in anything but an interpreted language, and unlike alot of people like to think harder doesn't always mean better). It is 10 years old, but only recently left Japan and went international. So people are just starting to really get building with it. I'm even bold enough to say that it will be the new PERL. The best way to go is C++ and an interpreted language. I really only use C for lower-level programming (and believe it or not, ruby can go lower than most interpreted languages) and some very rare occasions where C might be more productive to use. Follow the "Use the best tool for the job doctrine".
  9. It's not as much a program as hacked firmware. The standard WRT54G firmware doesn't let you do that iirc, but I know there's a certain set of hacked firmware that will. Google for it, I'm sure you'll find it. EDIT: Mikhail has got the right idea
  10. It's a shame what the world has come to. Paranoia about your significant other is pretty much the norm, trading passwords for a false sense of security. It happens more than one wants to admit. If there's a business catering to a nation of insecure teenagers, why not jump on the bandwagon and make a little cash?
  11. The notice can be seen in the 3rd page of search results while googleing "celebrity wallpapers" (or you can just go here <a href="http://www.google.com/search?q=%22celebrity+wallpapers%22&hl=en&client=firefox-a&rls=org.mozilla:en-US:official&start=20&sa=N" target="_blank">http://www.google.com/search?q=%22celebrit...art=20&sa=N</a>) In it the notice they have a link to the specific notice from the company that requested the removal of the content (Perfect10) <a href="http://www.chillingeffects.org/notice.cgi?sID=898" target="_blank">http://www.chillingeffects.org/notice.cgi?sID=898</a> I've been an avid google user for years and have not seen anything like this. However the notice on Chillingeffects.org dates back to 2005. So was google slow to add these dmca notices or am I just blind and ignorant? They've been adding them over time. I don't think it's anything we need to worry about. The links are still supplied, just in a hard to find form. 10 bucks says they're doing it just to make the RIAA and other alphabet soup agencies happy.
  12. You're a tool to the media and nothing more. If you knew anything other than how to google you know there are hats to hackers, and the people you defined are considered black-hats, or crackers. How about researching on sites run by hackers huh? Aren't you arrogant. Who said exploiting isn't hacking? An exploit can be found and knowledge can be gained from it. Therefore it is still hacking. Way to go. You're no better than the guy I just flamed. Who said metasploit framework is a skiddie tool? Sure it's nice for skiddies. But it's useful for ITs and developers too. Why don't you go back to school kid. To answer the OP's question. We don't help scrubs hack their boxes because that's basically handing them a tool to revenge, passing blame to us if they get caught. In other words liability is a factor here too. It's also not the "hacker way" to just hand someone an answer to a problem. Helping, is not always answering. Deep down hacking is a culture, and beyond that a way of life. It's not just some geek breaking into peoples boxes. Believe it or not there has been research showing there is a "hacker personality". http://www.catb.org/~esr/faqs/hacker-howto.html That website does a good job at explaining some of the facets.
  13. Wrong. Through reverse engineering and careful assembly analysis one can tell traces of other languages. VB has a different assembly coding style (with different conventions) than C++ or anything else. For example. You can tell C by it's massive library calls and obscure functions. C is the hardest to identify, VB being the easiest. I'd do a short example on how to tell but I only have C programs on here, and without a easy to disassemble VB program I don't have anything to compare it to. Detailed ASM forensics takes time. But yes, you can determine what language something is written in. Maybe I'll make a tutorial on language identification later on. It can be done. But it's far from simple. Viewing the code is realistically possible, but far from probable. The code at best can be reconstructed with basic names, but the exact code mimicked word for word? No. You lose all code specifics during the linking and assembling phases. Warez are created through careful analysis of the underlying ASM. It's no laughing matter. It takes time and deep understanding of your operating system.
  14. Since we're being blunt and stupid. You're bad.
  15. If you're not totally comfortable with the languages you're using why are you doing such complex projects?
  16. That would be insecure. Some scrub with a registry and install watcher could pick it up and get a free copy. Some of them use files, others use advanced algorithms, the best use a system of checking with a server they run, and then checking with the software in the background. If the connection is disabled (trying to unplug the internet and an inactive connection for more than X days or whatever.) causes it to end the trial pre-maturely. Some even use the IsDebuggerPresent() API. Granted you can hook into it 101 different ways, that prevents novice crackers and extenders from learning about their software. IsDebuggerPresent() obviously returns true if it detects a debugger. The only known debuggers to get passed this API *without* patching are Kernel level, or Ring0 debuggers. As for how it checks against the date they either use a server or your BIOs clock. I've download various trials that run off the internal system clock (which is really, really hard to change) rather than Windows clock because reversing dates is too easy.
  17. That, or consult your network manager. It's his job. May as well make him work for it. Once again, consult the head of your network. The IT, or network manager if they aren't the same person. You don't have to touch someone's computer to prevent them from using the internet. He could be using a number of different methods of keeping you out. While you're out looking for your network's manager, find out if you use a proxy to connect to the server and thus, the internet.
  18. Firstly, way to stereotype hackers. Hackers use what they feel comfortable with. Hackers make it work, they don't choose something because it's cool. Secondly, Business economics 101. Market share tells you 1.) What operating system you should familiarize yourself with (you will see the top market share in your work in most cases) 2.) Who and what operating systems certain high-end software will be released to first 3.) What your company should sell to make profit (The amount of money linux boxes OR linux software would net you is a joke, and that's about it) If I was a massive conglomerate I would not want to run the risk of using an "unknown". Even if it was vista, I would rather see all of my computers running Windows than Linux. Why? Why make anyone learn two operating systems. If they want to on their own free will, sure. But if you want to keep employees you'll conform to what they know. Training isn't good enough to get the complete OS familiarization done. In terms of this argument you're foolish for not thinking market share is an important metric. Basically what you're saying is this argument would be better if I would've said "well 13 of my friend use Linux. It's cool!". No. Market share is the way you debate. Market share is like pole positions in a race. It may not be THAT important. But it's a metric we can use to gauge what is deemed "better" by the public. TL;DR version: You're wrong for thinking market share isn't important in a debate such as this.
  19. You forgot all the servers out there I don't think the majority of all webservers are running Windows. This is true. You caught me on something I forgot to mention. I was mainly running off of desktop market shares, not servers. A few articles that I found interesting: http://www.news.com/2100-1016_3-6041804.html http://www.computerworld.com/governmenttop...1,58278,00.html According to these articles, and some research I did on the side. Windows still holds a top position (fighting closely with Linux).
  20. Strong points in my eyes: Keep in mind I'm using Windows XP as my Windows example and a generic flavor of Linux (since most of it is relatively similar) as my Linux example. ---- Windows: Strong portability. Windows is the most widely used operating system world wide. Obviously from a business perspective Windows would be the most optimal investment you could make. It has a 85-90% market share. Is supported by thousands of companies world wide and most commercial software goes to this OS first. Far, far more user friendly and very easy on the eyes. The current best compiler for C++ is Windows only (Visual Studio 2005). Most software you will ever use will be on Windows first. It may never make it to Linux. Easiest to install. Monkeys could install it. Has the ability to repair from a boot disk to make it once again, easy for a user to fix his mistakes. In summary Windows is the OS with the 1-click easy button. Linux: The underdog. Under 6% market share but still discussed world wide as a "potential investment". Linux is cheap to run and cheap to maintain. Linux is very secure. Partially because no one cares enough about an OS that has a 6% market share (hacking it would be similar to the "If a tree falls in a forest and no one is around to hear it" analogy. Meaning it's not worth it) and partially because it is open source. It is open source. A great medium for potential OS devs to look into and gain inspiration from. Supported strongly by the open source market (including open source commercial software emulation). Has the ability to be booted from a LiveCD. Giving the new user a chance to explore what the OS is like before he decides to install it. Freely available. Weak points in my eyes: Windows: Piss poor security features. At many points the default firewall that is shipped with Windows may as well be a wet paper bag. If you use default software for Windows you are screwing yourself. However, some of the most powerful IDS's and Virus Scanners are written for Windows for the this reason. Making it the most secure operating system on the market when defended by third party software and common sense. More than enough hacks and exploits are written for Windows to scare most people from using it. Windows, even with third party software still can be attacked from the inside. The PE structure and how Windows handles memory is probably more documented than Linux's. As far as I could tell at least. Being a commercial product it doesn't have the ability to have a "preview" LiveCD. Making picking the right flavor of Windows trivial. Expensive to maintain and expensive to buy. The strongest weak point here is the lack of prominent security features "built in". Linux: Outside of *ubuntu and certain flavors of SuSE finding an easy to install copy of it is far from easy. It is NOT user friendly at all. Nothing screams intimidating to a new user like the BASH shell. As much as I love BASH Shells I even have to say, it is pretty intimidating to begin with. Linux has almost no support from the commercial market. Most everything you use will be in the form of Open Source software (which at times can be better than the commercial alternative). The strongest weak point here is the lack of user friendliness and the fact that you have almost no commercial support.
  21. Because 9 year old whiny boys can't do shit other than click. You don't even know how ignorant you look. Foolish kid. Answer his question seriously. No need to flame someone for something they may or may not enjoy.
  22. Because no one cares. Most MMO's are unhackable because GOOD MMOs deal with server side checks (read the patch notes for World of Warcraft 2.3, for example). I played Runescape and I play WoW. Basically this is what happens on GOOD MMO's (By all means for a Java based, server side MMO - Runescape is considered "good") 1.) You cast a fireball 2.) The client registers the button checks and makes sure that 1 - You are in range 2 - You have enough mana/regents 3.) The client says YAY or NAY to the server 4.) The server never trusts the client, so it performs it's own checks starting at step 1 and continuing in greater detail (THIS IS WHERE IT BECOMES UNHACKABLE) 5.) If the server suspects packet forgery (The numbers won't match up) it spits up and tells the admin 6.) You get banned This all happens in milliseconds. @ WoW haters You don't lose your soul to WoW either. You sell it. Only tools become addicted to pixels. Hating on a game most of you have only read about only shows ignorance, not intelligence. Sorry.
  23. MD5 is a Cryptographic hashing algorithm that has a 128 bit hash value. It does not "encrypt" anything. It creates a digest for comparison. Right there. Oh look! There goes your argument out the door. Not even Ron, the creator, recognizes MD5 as a valid encryption algorithm. It's used to generate hashs and digests. That's it.
  24. HTML is so simple it's a joke. Javascript is fairly simple too. If you're doing web hacking a good place to find level ground is with PERL. Time and time again it has never failed me or anyone else. I'm no elitist (I am a C++ fanboy at heart). But when it comes down to web hacking go with PERL. On top of that PERL is a great language to start with, fairly simple (except for regex. But then again that's just use that makes it easier), and overall WILL get you places. Where as HTML and Javascript (however a good idea to learn), will get you no where except passed those very few missions. So I guess yeah, in a round about way it is a must. Right along side PERL. You'll eventually pick up both javascript and HTML. Especially if you use Myspace. Where as with PERL you don't just "pick it up". The only problem I don't like about scripted languages is that I don't feel secure in my code. Just people being able to see my code in plain-text just makes me feel weird. In terms of compiled languages I'd recommend C++. Most people here recommend C, but it's rather outdated and in my honest opinion the only time I have EVER needed to use C in ANY of my projects was during my driver development days. And that's just because there was no other alternative. Learning from websites is great fun, but don't rely on them to teach you everything. 99.99999% of hacking is done on your own, through your own mistakes and trials. Hacking is a very nice way to say "a curious person", at least in my opinion. On the subject of how we learned, I read alot. I followed phrack for a long long time, and I read the 2600. In my childhood I tinkered with computers almost non-stop. One would say it was a calling that I would eventually have ended up here. If there was ever one sound piece of advise I could give to a aspiring hacker it's to never limit yourself. However, maintain focus. What that means is that keep your mind open (Notably, hackers are known for their open minds and creative solutions to common problems...such as firewalls), but don't lose focus on what you are studying. When I first began a long time ago I jumped from topic to topic to topic. Learning what ever I could, back on the old BBSes and E-zines. This worked, but in foresight I really wish I would've just focused on fully understanding a topic before moving onto the next. It probably would've saved me some overhead I had to fix later on in life. EDIT: It's late and I'm grammar-tarded.
  25. I got my first computer when I was 3. Had....DOS 3.3 if I recall correctly. Old POS monitor and a dot matrix printer. Every night I read that manual, with what little english I knew, and every night I sat up (I snuck up. At one point I got the computer in my room secretly) and started to learn the basics of it. I was very, very satisified with the 'dir' command. By age 6 I had picked up either, Windows 3.1 or 95. I was facsinated by it's GUI and played religiously with the registry and .BMPs (I thought icon 'hacking' was pretty awesome when I was 6). This is when I started to really get into it. I was curious. Curiosity is after all, the mother of all hackers. I took down and rebuilt the computer from the ground up. I still have my notebook where I kept notes on where everything was and my "hypothesis'", if you will, on what everything did. Mind you my family was never and still isn't technologically savvy. So these discoveries went unchecked (even though most of them were somewhat correct on various degrees). By age 8 I started learning BASIC. Read somewhere that it's what alot of thing were written in so I decided to take my hand in it. From there I delved into various programming languages finally stopped at C++/ASM as my compiled choice, and PERL as my scripted. I never really had a "field" until I was 13. That's when I began my security specialization, so to speak, and have carried it ever since. I found out there are more "people" like me via The 2600. Which I found at a local bookstore. As a hacker, a true hacker, you never stop learning.