Uncue

Members
  • Content count

    25
  • Joined

  • Last visited

Everything posted by Uncue

  1. It's been over 15 years since I have used talk, but this should work. Type talk userid@address [tty] (the @address part is not needed if you are talking to someone on the same machine as yourself, and the tty part is only necessary if you wish the message to go to a specific tty and not the first one the system finds). You will need to know what tty the person is using you want to talk to. If you use the who command it shows who is on and what tty they are using. Since everyone logs in the with same name, figuring it out may be difficult. The user you want to talk to should be able to determine what tty they are on by just using the tty command according to this link. http://www.ussg.iu.edu/UAU/navigate/tty.html HTH Uncu╬Á
  2. It's based on the organizational unit (folder) that the computer resides in in Active Directory. You can only stop it if you are an administrator. I remember an older 2600 article that talked about how to stop group policy being applied to your machine. I didn't really read it because it didn't affect me, but after some googling this is the only thing I can find: http://blogs.dirteam.com/blogs/gpoguy/arch...07/21/1229.aspx I think the quickest route is for you to try unplugging the network cable like the link above suggests right after you login.
  3. In order to login with cached credentials, don't you have to select the domain from the dropdown list on the login screen? With the computer not being in the domain, you are forced to authenticate to the local machine and are not able to select the domain in order to used cached credentials. I'll be honest, I've never actually tried logging in with cached credentials after a machine is removed from the domain, but I'd be willing to bet you lunch that this wouldn't work. Another issue is that if the user is required to change their password and then they go to a computer that can't talk to the domain they will have to login with their old password that is cached on the machine. This may be of use to you: http://windowsitpro.com/article/articleid/...oup-policy.html
  4. This isn't exactly what you want, but it may get the data you are after. It's a php page that parses the ettercap log. http://www.irongeek.com/i.php?page=security/wallofshame
  5. Nessus for finding missing patches/older IOS versions http://www.nessus.org/nessus/ Torch is an older security scanner for Cisco devices http://www.securiteam.com/tools/5EP0F1FEUA.html Yersinia for fun with Cisco protocols like CDP, STP, VTP, etc. http://www.yersinia.net/
  6. If you have some type of command line access on the box, I've done it just like this in the past. http://www.tburke.net/info/misc/vnc_remote.htm Hope that helps...
  7. This is how Nessus uses nmap. It actually uses it via a plugin. http://www.nessus.org/documentation/index.php?doc=nmap-usage The reason I suggested Nessus is because he specifically said he was looking for open ports, but in the next sentence says vulnerabilities. nmap should be used to find open ports and Nessus for vulnerabilities.
  8. Without getting into a long drawn out explanation, when connecting to an access point you don't control even SSL can't be trusted. You are on a network that someone else controls so man it the middle attacks are very possible. That being said at least with SSL you aren't broadcasting unencrypted. I suppose it's better then nothing. Both are good points. If you were going to depend on SSL, I'd use just a site with SSL that you have control over. You could put CGI-Proxy on it if you wanted to surf without anyone seeing what you are doing. However, it's my opinion that a man in the middle attack wouldn't work unless you accepted a bad certificate that has been spoofed or you can get trick someone to install a root certificate into their browser from a non-trust CA. Granted it could be done, but I would hope not to someone who is technically savvy. Uncue
  9. Are you sure it's a 192.168.x.x address? In RFC 1918, a 16bit block (Class B ) is reserved for non-routable internal IPs. Did the IP match the local IP that you were assigned when you connected to the network? If you are sure it's in this block, it's possible that you are being proxied and the that proxy server is leaking your internal address in the http header. An attacker could nefariously get someone's internal IP address (http://www.metasploit.com/research/misc/decloak/), but I seriously doubt whatismyip are doing this because it would defeat the purpose. Hope that helps... Uncue Edit: Sorry for duplication. Someone came in my office as I was writing this and McGrew beat me to the punch.
  10. Anything you do CAN be stored. It may not be stored directly on the WAP, but it can be stored. Anything stored would point back to your MAC address if you don't change it. If you are doing something that you don't want to be stored, you should connect to the WAP then use a VPN Tunnel or SSH Tunneling.
  11. I've read about people use nokia n770 and n800 for pentesting. However, I don't know anything about the samsung.
  12. All are very good points. I have a Western Digital (yeah I know) that I use on a mac mini that I have setup as a server. I didn't want to have to provide extra power for it. It uses one usb port for both power and data. The Seagates use 2 plugs. I did look at the specs before I posted. It has three usb ports on it, but I didn't think about the battery life issue. I personally use a Lenovo x61t as my primary box and I love it. It's way more expensive, but it's also small, light, and fast.
  13. Actually -sS means just send SYN Packets and -sT mean complete the connection (this will take longer). Reference here. (I'm providing this for people who don't know, not you Remix) For a TCP connection to be created, there are three parts, SYN, SYN/ACK, and ACK. If you are scanning thru a cisco firewall with the FW feature set that is tracking connections, It keeps track of all the SYNs that are created as your port scanner does a half open scan. The scanning machines respond to your SYNs with SYN/ACKs, but your scanner never completes the connection by responding with ACK packets. This is the reason that the connection table fills up and causes the router to crash. I'm just pointing this out as something to be cautious about. Agreed. The only thing that I would add is that not all firewalls/routers are doing NAT. Say you have a Router with the FW feature set blocking connections from in this case the resident LAN from say the Accounting LAN where are all the important information is stored. Their would be no reason for students to access these systems. The would also be no reason for the account LAN to be NATed. Hope that makes sense. Very good point about know your network before scanning blind. This goes back to why I brought up this point.
  14. Why not just plug a usb hard drive into it and save your log files there? I know that makes it somewhat less portable, but it's just a thought.
  15. I found this: http://support.microsoft.com/kb/555428 and this: http://forums.microsoft.com/MSDN/ShowPost....45&SiteID=1 and several more like the last one. Most of those were people just talking about the driver was incompatible and that they had to what for the next release for their software to work. Also saw you posted it on ExpertsExchange and WindowsITPro, so you have probably already seen these. I'd suggest posting it to the TrueCrypt Forum. Hope you get an answer there. Uncue
  16. What's wrong with porn? Google is so much your friend it gives you free porn. Seriously, I just searched for "mandriva review 2007" and got tons of useful info. Hope that helps. Uncue
  17. Are you serious? Google is your friend and I mean this is the nicest most respectful way possible. http://www.linuxforums.org/reviews/mandriva_2007_review.html http://www.linux.com/articles/58164 http://www.linux.com/articles/61827 http://www.softwareinreview.com/cms/content/view/53/ http://lunapark6.com/review-mandriva-2007.html
  18. If you are behind a cisco router that is keeping track of half open connections, I would recommend not using the -sS switch, instead opting for the -sT (Connect) switch especially since you have permission. By using the -sS switch you will fill up the connection table on the router and no one will be able to route to either side of the router. The default amount of connections the router tracks is something crazy like 3 billion, but that's nothing for an nmap scan of all ports to chew threw. There is no way to tell the router to ignore connections from one workstation.
  19. check out this SANS presentation by Ed Skoudis. It covers everything you could possibly need for hutting malware from the command line. The cool thing is that it uses WMIC which is included in all MS professional operating systems and there is no need to have extra software installed. https://www2.sans.org/webcasts/show.php?webcastid=90649 Hope this helps.. Uncue
  20. I hope you find this useful. I used rockbox way back in the day before iPods were out. The developers created an alternate firmware for the Archos mp3 player because the factor firmware sucked because it would tank if you put too many songs on it. Anyway, I digress. I just went and looked thru some of the documentation and it looks like the two links in this post on the forum will help you setup playlist from itunes in rockbox. http://forums.rockbox.org/index.php?topic=13609.msg102489 Uncue
  21. That brings up another point, Nessus can kill a server. I wouldn't run the DoS plugins. I'd also recommend running it in lab that has some servers/workstations that are similar to what you will be running them against on your live network so that you have some idea if it's going to cause problems or not. If you don't have extra machines, you can use vmware to create a couple of virtual machines.
  22. arp poisoning
  23. If you are scanning for vulnerabilities, I would recommend you use Nessus. If you just want OS and open ports, any of the apps previously listed should give you what you are looking for. I will say that most people reach for nmap when they need to do a scan. SuperScan 4 is nice. It will enumerate the windows hosts it finds. I have no experience with essential net tools, but I googled it and looks like it will meet your needs. Hope that helps Uncue