Multi-Mode

Members
  • Content count

    105
  • Joined

  • Last visited

Everything posted by Multi-Mode

  1. A lot of the later episodes were lost due to some poor server management and backup practices. They might exist somewhere in an evidence locker somewhere but I don't think anyone in the original crew has them.
  2. So as I've previously mentioned I'm interested in setting something up to capture RF in many ranges (a itching curiosity at this point). I was checking out the gnu radio project and it looks like it might suit my needs. Anyone play with this? Is there any way to be cost effective way to get my hands on the USRP? Anyone have a smarter/more cost effective way to capture (possibly transmit) on several different frequency's? I'm looking for good flexibility. I'd like to get a look at the GSM/CDMA control channels. Possibly build something to pinpoint a transmitter. Maybe use it to script controls on an rc car and step into the remote robotics realm.... Is this kind of project a pipe dream for someone with an hour or two to kill mon - fri? I'm basically looking for a rundown and a heads-up on those unexpected expenses.
  3. News Article: http://bits.blogs.nytimes.com/2007/11/08/h...yspace-page/?hp The demonstration...
  4. Glad to be of some use Active directory is pretty simple. Rather then storing your password and user details locally on the machine. The are stored on the active directory server. Workstations are setup and "join" the domain. The workstations now have a full trust with that server. Now when a user log's in the workstation connects to the server and validates the login. The details and profile for that user are pushed down. The security policy's pushed down are actually just registry settings pushed via group policy's. The ones you described are included with 2003 server but pretty much any reg edits can be pushed down in this fashion. Pretty cool for an admin because the can manage the workstations from one place basically. Wiki for a high level, follow the body links on anything you don't understand.... http://en.wikipedia.org/wiki/Active_Directory The Microsoft knowledge base has loads and loads of fixes and related information. Google it, and if your really itching to learn run 2003 server in vmware and set up your own domain, then run another vmware instance of xp pro and join the domain. Run wireshark on the hosting box and watch what goes no between them. The network layer is a fun place and is a good place to get started. With this setup push policy's change configs, basically learn it... You're gonna need this experience in IT, even if your a Linux guy it won't hurt your resume. The nice thing with vmware is that you can pause and save state. Useful for comparing changes made and replaying actions. This won't make you a hacker or "teach you to much". Anyone who worries about "teaching to much" is an asshat. Fuck 'em learn it yourself, you'll probably figure out more then they'll ever know in a month or two... Teaching is good because students provide just as much insight to the teacher then the teacher does the student.... ------------------------------------------------------------------------------------------- DNS is pretty simple... Don't be intimdated.... Basically DNS is Domain name service. It converts www.pr0nsite.com to the IP address the actual computer uses. Ipconfig will show you your DNS server. But ok how/why does it work... First off computers only talk to IP address's thats how they talk over the Internet. http://en.wikipedia.org/wiki/Internet_protocol_suite But humans hate working with numbers... Imagine typing in and remembering 69.59.25.200 every time you come to this site to check the forum? Imagine granny needing to do it? Life would suck (cuzz granny would always need your help to do it) So some great thinkers said hey why cant we just use words instead. And DNS was born. Remember computers still talk with just IP address's so all those words have to match up to an IP somewhere. But heres how the DNS system works. Your computer has a DNS server assigned to it. When it sees www.pr0nsite.com its going to ask its "host file" (look it up) if that site has an IP if not its going to ask your dns server. The dns server will look for a dns record for that site... If it doesn't have a record locally its going to need to go out and find that IP for you. So globally its pretty simple. You have your root authority denoted by the "." at the end of every dns address.. We don't use a "." at the end but lets just imagine. www.pr0nsite.com. The dns server . will hold records for the other dns servers like .com .net .org .us. and so on... Then the com. server will hold a record for the pr0nsite domain. pr0nsites name server will have a record for www. So you time www.pr0nsite.com in your browser. If its not in your host file stored locally on the dns server. Your dns server is going to go out and find the site for you. If it doesn't know an IP for the .com dns authority either its going to ask root authority. Hey . do you have the DNS server name for com.? The root authority will give the IP of the dns authority for .com. Now your dns server will go to the .com server and say: Hey com. do your have the dns authority for pr0nsite.com.? it gives the IP of the DNS server there.... Finally your dns server will ask: He pr0nsite.com. whats the dns record for www.pr0nsite.com.? hopefully that server has a record, if so then it will give your DNS server the IP of the website your visiting. Now your computer knows how to get to where it wants to go... and you get to the pr0nsite Its a little more involved then that but you get the picture. For more read: http://en.wikipedia.org/wiki/Domain_name_system If you like to code and really get down and dirty with dns, read the request for comments.... http://www.dns.net/dnsrd/rfc/ -------------------------------------------------------------------------------------------------------------------- Disconnecting the Ethernet cable isn't going to do anything. The computers going to try and check active directory... If it can't reach the server its going to check to see if the passwords been cached localy... If not its going to deny you access. By changing the domain and logging in locally your bypassing the active directory account and using an account on the machine. The account that you stole the password from with the boot cd Its probably not going to help you access the Internet any better if you have to hit a separate proxy to go out but i like to live by the philosophy "you never know what an admin decided to implement(or how)" Sounds like computer problems are the least of your worries at the moment.... Make Friends with your local librarian and get some good books on computers... Learn the basics bro.... Do it when you have time... Just relax, shit has a way of working out. Do what you need to do in school.... College sucks a lot less then high school and your going to need the advanced math and science background in your midnight computer sessions.....
  5. Well Legality's aside, this is pretty easy. The security permissions your looking to circumvent are pushed to the user account via Active Directory, use a local account on the machine. Not going to give you details, there are plenty of ways to do this. The most worthwhile method would be to load a Bart PE CD snatch the windows password file and reverse it using a rainbow table. This should give you the local admin account's password that would be unrestricted. This password is usually kept the same throughout the network but mileage may vary... Check out Irongeeks's page. And don't be an asshat. Theres a damn good reason people are advising against this sort of activity.... Your going to get caught and from there learn this lesson the hard way like many of us have. You should be working in a lab to hone your skills and learn as much as possible. This is how you survive being a young hacker, your arrogance is what will do you in. At the end of the day you should be doing this for fun, nothing more. And yeah when your skills are worked up you'll probably go into IT and get paid to do what you love to do. The idea that your going to run off and hack the planet and not get caught is a delusion. Your at most a novice up against an army of experts and masters. If your school just slaps you on the hand fine, consider it a lesson learned. But a few kids recently got put away for installing key loggers on school computers to escalate privleges... You won't be hacking much from jail or a detention center for sure. The biggest stage of growth for a hacker is when they finally realize they are not and will probably never be the most 1337 hacker on the planet. Your not going to run off and fight injustices of the world by hacking school networks. In the real world there are reasons for these laws, I don't agree with them all but I try to understand the reason before flying off the handle. Life will kick in shortly and you'll realize your not going to be some militant hero off in the woods of the US. Your going to need a real job to get by, and a lot of work and effort. In short basically we're saying, take an honest look at your future and the possible lack of it if you get nailed for trying to be 1337 at school. I will take a look at your site when I find the time. However, I find your take on this to be a little close-minded unless perhaps I have interpreted it incorrectly. First of all, school is wasting my time. I know what I want to do on this planet, I have my goals and I have most of what I need to reach them. It is the truth. I could outline the classes that I have and I am confident that most people would agree that I am wasting my time. I do not belive that I am a so called "freedom fighter," I just appreciate the true value of what little skills I posess, and I have ideas of where those skills would be of most value. It is definately not hacking my own router in the darkness of my own basement to find out more about how I can secure my own corporate business's routers someday, preventing [true] hackers from bringing down these greedy corporate systems that are essentially harming the world. This school takes a fascist approach to computing. I have been there since all the old ancient systems were there, and there were never any [major] problems with viruses, hacking, or kids being pervy on the internet. I feel this is wrong. I am just trying to establish some foundation upon which I base my hacking; a...why I do it, otherwise what's the point? I am also just looking for people who share the same ideas as I do. I think hacking is just so much more than just tinkering. Agreed High school is usually a waste of time. School is a social system. If you know a bit about social engineering you'll see it in play at every level there. Life is going to be full of pointless time wasting organizations in both your personal and professional life. Now would be a good time to learn how to use these systems to the fullest. Because your not going to win a fight against these systems until you know how to work inside them.
  6. IDS's look for patterns.... Nmap has lots of options to slow down a scan and switch up the pattern... A lot can be done to fool it. But really if your not a paid pentester and your worried about IDS during scans you should probably be aware of potential legal issues that arise. I would be weary of any tool claiming it can fool an IDS... Powerful meatware is key when worrying about this sort of thing... As far as the original question... google those services, try to enumerate the version, learn about the software hosting that service and its history... You should only be doing this on networks you have permission to mess around on. I would advise against poking around any production boxs on the internet unless you have a very good relationship with the admin... Even then, be careful. Read up on the protocol... check the rfc learn how it works... Check out damn vulnerable linux and play in your own sandbox... Then work your way up to other live cd's at home. Check your local laws because even using some security tools at home is illegal in some places.
  7. Comments wtf is this myspace?

  8. There's a lot that can be approved in the structure... You should have a separate main class file and define your plant in its own class. What you have is OK if you only ever want to print the info to shell but what if one day you wanted to add a gui... You should have set and get variables for all of your variables. When defining the class you need to be thinking about what the overall project is going to call for... Remember an object is an instance of a class... Your going to need to add functions inside your class to make your object useful... Looking over it real quick alls you have is a print function. If this isn't homework your likely going to want to build multiple constructors that take different input... Get functions so you can call the private variables of the object and set functions so you can redefine the objects variable. If it is homework I hope your not going to have to use this code as a base to learn inheritance..... If your not following me... By having a proper constructor you could call your object and set all of the variables at the same time.... You can also have multiple constructors for an object so you can set some values to default... Try public void plants(String new_name, String new_scientific, String new_typeofplant,int new_minheight, int new_maxheight,String new_lighting,int new_price ) { name = new_name; scientific = new_scientific; typeofplant = new_typeofplant; height = new_height; lighting = new_lighting; price = new_price; } public void output(){ System.out.println("name: " + name); System.out.println("scientific: " + scientific); System.out.println("typeofplant: " + typeofplant); System.out.println("height:" + height); System.out.println("lighting:" + lighting); System.out.println("price"+ price); } public void setName(String new_name){ this.name = new_name; } public String getName(){ return this.name; ) and so on for the rest of your variables... Its not required but its good programing practice to do this and it will make your classes more portable as you develop... So now when you need to reuse this class the objects are more functional.... then in your main class public static void main(String args[]) { plants peach = new plants("peach","prunus persica", "NA",5,10,"direct sun",20 ); peach.output(); // But now your more flexible and can do peach.setName("Peach"); // Or just print one part of your plant System.out.println(peach.getName()); } Mind you I haven't tried compiling this... its almost 2 am and hell its probaly your homework but you should get the idea with this... Hope it helps though
  9. Did you check out |)ruid's talk on real time steno of RDP.... It was fucking great! The pdf should be on your defcon CD...
  10. I run NetBSD on a similar box.
  11. I think I was 5 when I started taking things apart. My grandfather was pretty cool and started bringing me home tools, wire snippers soldering iron ect ect. It all started there I imagine. Coolest thing ever is when i discovered i could cut a wire open and use a thin piece of copper to cut a crayon (and a bunch of other things) when i connected it to a D cell battery. My grandfather worked at an idustral supply place so he used to bring me home all sorts of weird electrical gadgets.
  12. I think this would be a good idea also.
  13. But it then wouldn't be your "first" hack now would it...
  14. What I find more interesting are the premium sms pyramid scheme commercials... Text the answer to the following puzzle to ____ in the next minute and you could win 1000 dollars. and then the word is puzzle is something like... T_DAY (fill in the blank). Each sms entry costs a dollar to the sender and there is only one winner. They play the add nationwide late night and actually make a lot of money this way...
  15. The corporate sms spams you get are usually sent out by people who have smpp binds with a carrier although this kind of spam is regulated somewhat considering if its abused the carrier will just cut the vpn circuit. Email is a god awful way to send sms in bulk... but this depends on the carrier... Mind you most carriers have rules for blocking real spam. A common rule is to only allow one message to be delivered to 100 users in 60 secs. If this is exceeded the originator will be blacklisted... The rule set varies from carrier to carrier and can even be different depending on how an account is setup...
  16. Looks like the original post allows comments... http://talkback.zdnet.com/5208-12355-0.htm...essageID=579806
  17. Gonna reveal my age a bit but oh well.... I was either 13 or 14, the Internet wasn't really popular yet. People used dial up BBS's (which rocked btw). Not sure which came first. * One time I modified an install disk for the shareware version of "Duke Nukem". I renamed the setup.exe and wrote a simple batch script that would back up the old autoexec file and then replace it with an autoexec that just printed a skull and cross bones(then it would run the setup normally) Then you would just leave the disk in the Computer lab and someone was bound to try to install it....... * Another time I used a feature in word-perfect that allowed you to bind macros to any key. One afternoon I bound the home row to different letters on like 5 of the computers the next day the keyboarding classes had to share the computers because the computers in the back were "possessed" This is back before anyone knew shit about managing a network and I almost got expelled for the word-perfect key-binding bit because I "wrote a virus and was going to try and take down the school network" Luckily a few knowlegable teachers stepped in because the principle was completely ignorant.... (this is a real good way to learn not to be an asshat btw) I think 2 years later they upgraded from their 286,386,486 to Windows NT and paid for an IT Department (obviously the calculus teach doesn't know how to deal with information security when dealing with high school kids).
  18. I'm looking for some good security project ideas to play out with limited resources on a small Lab Lan with a couple box's and VMWARE. So far I've got a pretty good understanding of network vulnerability (sniffing, spoofing, replays) but have been havening some trouble putting it all together. In particular what I'm looking to work with is exploiting an open port/running service on a target OS in vm player and locking down root on the box. I'm really looking to achieve this without any victim run changes made to the local machine (ie running a rook kit or other social engineering type attack). What I'm looking for is suggestions on a viable environment / exploit to say remotely overflow a particular service and lock down root/user level access. Just to be clear I'm not looking to be an ass hat here and am not looking to exploit any particular version of any particular os. I'm just looking for a good example to actually play it out in the lab to better understand this type of attack.
  19. From what? Eating the heads of live animals is an obvious profit! The excitement of entertaining the crowd, bunking with the bearded lady... Oh the joys of being a carny.
  20. I totaly oWn this box with my mad leet skillz.
  21. I think it takes longer then five years to get into the "field", I don't think security will ever be a dead field. Talent is in demand if you got talent you're set but there’s a growing abundance of people in the "security field" who lack it or worse lack any motivation to develop any. Not only are you going to need talent but your going to need to prove it. Everyone in their mother wants to be a l33t hacker or get into the security "field". (Myself included but it takes a little time and a lot of work) You need a foundation in the basics before you start specializing in shit. Your going to have plenty of nay sayers. Go get your ccsp and start looking at the requirements for the cissp once your there you should have an opinion of your own.... But wtf do I know, I do some fun shit at work but I’m not sitting behind an ids yet. All's I'm saying is it takes a lot of dedication, as in ongoing life dedication that you might want to consider before committing yourself to security. Keep in mind that all the shit in your head is probably always going to be right on the cusp of being obsolete.
  22. I think i'll just win with regedit... From the Minesweeper Wiki:
  23. I've delt with BofA at a helpdesk to helpdesk level pretty extensivly. From what I've seen from an external perspective what you say dosn't suprise me at all. Their support structure has a lot of holes so I could see this easily happening. While I have'nt seen it as bad as you describe, I definatly see insecuritys everywhere at the larger companys I've done work for. Whats particulary disturbing is how much infromation could be removed from the intranet that isn't locked down at all.
  24. Lesson learned... back stuff up... Unfortunately I learned this the HARD way when head met platter. And I freaking had a backup that got lost in a move. Lost two years of development work (its hard to get into developing anything after that) Awesome to hear you were saved that gruesome fate.
  25. What could possibly be the motivation for removeing telnet?