Agents of the Revolution
  • Content count

  • Joined

  • Last visited

Community Reputation

-1 Noobie

About McGrewSecurity

  • Rank
    SUPR3M3 31337 Mack Daddy P1MP
  • Birthday 01/16/1980

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
    Starkville, MS
  1. Haven't posted here in a while, but I thought I could chime in on this, since I have something to show for myself for a change. I've implemented a very small SysLinux com32 app that will boot from USB dump memory to another partition on the USB drive. This is similar to what the Princeton guys have done, but haven't released:
  2. Happy Birthday! Great part of binvev!

  3. This ought to get you started:
  4. I've pretty much switched over to OS X for all of my activities since I bought my MacBook recently, with some VMs of Ubuntu and XP for things that absolutely have to be done in them (far less than I imagined, though I'll probably use a Linux server in a VM more often once I get the 4 gigs of RAM I just ordered). I'm really loving it: A good solid Unix OS with a very well designed user interface. It's great for general web/email tasks and is a really enjoyable development environment too (Xcode is the IDE to finally tear me away from the screen-full of vim's and shells that was my usual environment).
  5. Yes, I believe you have it right. I'd double check what the endian-ness of the 32 bit words should be as well, though. The wikipedia entry for MD5 has a pseudocode implementation, which might help you check any assumptions you are making.
  6. Yes. Without some kind of authentication through SSL or whatever, this is possible. Ideally, you'd want to be in a position to prevent the real responses from reaching the destination. You'd want to do some testing to see, but if I recall correctly, it may result in the destination sending a RST and tearing down the connection. Yes, again, if you're in a position to modify the packets in-transit. Edit: to point you at some tools: Ettercap will do a lot of this by ARP spoofing, so you can play around with that. There are also other tools like Hunt for session hijacking. You could also roll your own in something like Scapy.
  7. Google up the model number of his computer if it's something he bought from Dell or whatever and hasn't upgraded. If all else fails just pop the case and see what kind of video card is in it.
  8. Sounds like it's running with plain vanilla SVGA drivers or whatever Windows thinks is appropriate. Grab the drivers for the laptop's video card off the manufacturer's website and it should improve the situation. Sounds like it's running with plain vanilla SVGA drivers or whatever Windows thinks is appropriate. Grab the drivers for the laptop's video card off the manufacturer's website and it should improve the situation.
  9. Less directly related to culture, but still useful to have in there, would be things like: "computer security", "information security", "web security", "social engineering", "penetration test(ing)".
  10. No. Normally, Windows will only auto-run things on CD's and drives with the "non-removable" bit set (this isn't something you can just toggle on most flash drives). An interesting side note here, is that every iPod I've ever seen is marked "non-removable", and therefore can be used to auto-run. The U3 drives do their auto-running by emulating two completely separate drives (note that these aren't "partitions" in the usual sense, although a lot of people use that terminology talking about this). This is accomplished with specific hardware on the U3 drives that allow for dividing up the flash memory into segments that are presented to the host as different devices. The part that auto-runs emulates a USB CD-ROM drive. Some folks have had luck with taking "normal" USB drives and using U3 update tools to "convert" them over, but it's not what it seems. The drives that this works on already have the hardware in them, and it's unlikely that you are going to run into many drives that have that in them that aren't marketed as U3 drives. I personally haven't seen one, but I have seen mention of them on the hak5 forums.
  11. I wrote that a while back. I didn't want to chance "bricking" the drive, so I kept my ISOs under the size of the one that came with the drive, and just had a small autorun payload that would find and run things from the writable division. Since then, others have written larger ISOs to the "CD" division, and it works for them just fine.
  12. There's a certain procedure you need to go through to modify the read-only "CDROM" division of a U3 drive. I picked one up cheap last year and managed to figure out how to convince the update utility to write an arbitrary ISO to that division: It set off a good bit of interest in U3 drives for penetration testing. The hak5 show and forums have taken it pretty far from there.
  13. I finally got around to posting my review of "The Web Application Hacker's Handbook". It's excellent, and one of the authors happens to have written one of my favorite tools: Burp Suite. I figured the review would be of interest, since it seems there are some people here who are into (or want to get into) web application security:
  14. I don't really have the time or resources to devote to it, but if someone does: one could get a good foundation for this started by grabbing a dump of Wikipedia and sort out articles with a script that looks for keywords (such as "hacking", "computer security", etc.) and possibly following links to related articles. There would probably be some weird unrelated thing pulled in by this, but I think it would be easier to pick out the false positives than to manually go through finding pages in the current Wikipedia. The bad news for this is that the generation and availability of dumps of Wikipedia is a mess. The ideal would be to grab "pages-meta-history.xml.bz2", which is a database dump of every page, with every revision (this way you could sort out situations where folks have removed things that you would want for docdroppers). There are a few problems with this, though: 1) It's going to be *massive*. The last complete one I believe was 1 terabyte uncompressed. 2) It's hard for the wikimedia folks to even generate. It's been months and months since a complete dump finished successfully. 3) They started the current dumping process on October 25, and it's not expected to finish generating the file until December 19th. If you want to keep an eye on that, cross your fingers and check up here: Another option would be to grab "pages-articles.xml.bz2", which has the current revisions of every article. It's "only" 3 gigs compressed (I don't know how much uncompressed). It may be missing some things that have already been taken down that you're wanting for docdroppers unfortunately. You can try hunting down older dumps, or work with some of the static html downloads that are older, like this one from April: