• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Uncue

  • Rank
    SCRiPT KiDDie
  • Birthday 06/10/1975

Profile Information

  • Location
    Raleigh, NC
  1. It's been over 15 years since I have used talk, but this should work. Type talk userid@address [tty] (the @address part is not needed if you are talking to someone on the same machine as yourself, and the tty part is only necessary if you wish the message to go to a specific tty and not the first one the system finds). You will need to know what tty the person is using you want to talk to. If you use the who command it shows who is on and what tty they are using. Since everyone logs in the with same name, figuring it out may be difficult. The user you want to talk to should be able to determine what tty they are on by just using the tty command according to this link. http://www.ussg.iu.edu/UAU/navigate/tty.html HTH Uncu╬Á
  2. It's based on the organizational unit (folder) that the computer resides in in Active Directory. You can only stop it if you are an administrator. I remember an older 2600 article that talked about how to stop group policy being applied to your machine. I didn't really read it because it didn't affect me, but after some googling this is the only thing I can find: http://blogs.dirteam.com/blogs/gpoguy/arch...07/21/1229.aspx I think the quickest route is for you to try unplugging the network cable like the link above suggests right after you login.
  3. In order to login with cached credentials, don't you have to select the domain from the dropdown list on the login screen? With the computer not being in the domain, you are forced to authenticate to the local machine and are not able to select the domain in order to used cached credentials. I'll be honest, I've never actually tried logging in with cached credentials after a machine is removed from the domain, but I'd be willing to bet you lunch that this wouldn't work. Another issue is that if the user is required to change their password and then they go to a computer that can't talk to the domain they will have to login with their old password that is cached on the machine. This may be of use to you: http://windowsitpro.com/article/articleid/...oup-policy.html
  4. This isn't exactly what you want, but it may get the data you are after. It's a php page that parses the ettercap log. http://www.irongeek.com/i.php?page=security/wallofshame
  5. Nessus for finding missing patches/older IOS versions http://www.nessus.org/nessus/ Torch is an older security scanner for Cisco devices http://www.securiteam.com/tools/5EP0F1FEUA.html Yersinia for fun with Cisco protocols like CDP, STP, VTP, etc. http://www.yersinia.net/
  6. If you have some type of command line access on the box, I've done it just like this in the past. http://www.tburke.net/info/misc/vnc_remote.htm Hope that helps...
  7. This is how Nessus uses nmap. It actually uses it via a plugin. http://www.nessus.org/documentation/index.php?doc=nmap-usage The reason I suggested Nessus is because he specifically said he was looking for open ports, but in the next sentence says vulnerabilities. nmap should be used to find open ports and Nessus for vulnerabilities.
  8. Without getting into a long drawn out explanation, when connecting to an access point you don't control even SSL can't be trusted. You are on a network that someone else controls so man it the middle attacks are very possible. That being said at least with SSL you aren't broadcasting unencrypted. I suppose it's better then nothing. Both are good points. If you were going to depend on SSL, I'd use just a site with SSL that you have control over. You could put CGI-Proxy on it if you wanted to surf without anyone seeing what you are doing. However, it's my opinion that a man in the middle attack wouldn't work unless you accepted a bad certificate that has been spoofed or you can get trick someone to install a root certificate into their browser from a non-trust CA. Granted it could be done, but I would hope not to someone who is technically savvy. Uncue
  9. Are you sure it's a 192.168.x.x address? In RFC 1918, a 16bit block (Class B ) is reserved for non-routable internal IPs. Did the IP match the local IP that you were assigned when you connected to the network? If you are sure it's in this block, it's possible that you are being proxied and the that proxy server is leaking your internal address in the http header. An attacker could nefariously get someone's internal IP address (http://www.metasploit.com/research/misc/decloak/), but I seriously doubt whatismyip are doing this because it would defeat the purpose. Hope that helps... Uncue Edit: Sorry for duplication. Someone came in my office as I was writing this and McGrew beat me to the punch.
  10. Anything you do CAN be stored. It may not be stored directly on the WAP, but it can be stored. Anything stored would point back to your MAC address if you don't change it. If you are doing something that you don't want to be stored, you should connect to the WAP then use a VPN Tunnel or SSH Tunneling.
  11. I've read about people use nokia n770 and n800 for pentesting. However, I don't know anything about the samsung.
  12. All are very good points. I have a Western Digital (yeah I know) that I use on a mac mini that I have setup as a server. I didn't want to have to provide extra power for it. It uses one usb port for both power and data. The Seagates use 2 plugs. I did look at the specs before I posted. It has three usb ports on it, but I didn't think about the battery life issue. I personally use a Lenovo x61t as my primary box and I love it. It's way more expensive, but it's also small, light, and fast.
  13. Actually -sS means just send SYN Packets and -sT mean complete the connection (this will take longer). Reference here. (I'm providing this for people who don't know, not you Remix) For a TCP connection to be created, there are three parts, SYN, SYN/ACK, and ACK. If you are scanning thru a cisco firewall with the FW feature set that is tracking connections, It keeps track of all the SYNs that are created as your port scanner does a half open scan. The scanning machines respond to your SYNs with SYN/ACKs, but your scanner never completes the connection by responding with ACK packets. This is the reason that the connection table fills up and causes the router to crash. I'm just pointing this out as something to be cautious about. Agreed. The only thing that I would add is that not all firewalls/routers are doing NAT. Say you have a Router with the FW feature set blocking connections from in this case the resident LAN from say the Accounting LAN where are all the important information is stored. Their would be no reason for students to access these systems. The would also be no reason for the account LAN to be NATed. Hope that makes sense. Very good point about know your network before scanning blind. This goes back to why I brought up this point.
  14. Why not just plug a usb hard drive into it and save your log files there? I know that makes it somewhat less portable, but it's just a thought.
  15. I found this: http://support.microsoft.com/kb/555428 and this: http://forums.microsoft.com/MSDN/ShowPost....45&SiteID=1 and several more like the last one. Most of those were people just talking about the driver was incompatible and that they had to what for the next release for their software to work. Also saw you posted it on ExpertsExchange and WindowsITPro, so you have probably already seen these. I'd suggest posting it to the TrueCrypt Forum. Hope you get an answer there. Uncue