Search:

Type: Posts; User: orgcandman; Keyword(s):

Page 1 of 3 1 2 3

Search: Search took 0.00 seconds.

  1. Replies
    7
    Views
    1,719

    Re: how to scan for base network?

    You might also check out ping -R (find an IP4 compliant network node, like themanadrain.com) and see what goodies it reveals.
  2. Re: A tool/theory to prevent all MiTM attacks for any computer

    There are a whole lot of assumptions being made, the biggest I see is the assumption of a flat network. Most enterprise/corporate environments that are more than just 15 workstations have an...
  3. Discussioni: CEO vs ICT

    by orgcandman
    Replies
    4
    Views
    2,570

    Re: CEO vs ICT

    Here's the thing, in my experience, a penetration test is something that doesn't get organized overnight. There's a lot of back and forth with legal, and it's usually a few days before the contract...
  4. Replies
    1
    Views
    2,547

    RPC via GDB - a primer/discussion

    I don't know how useful this might actually be on pentests. It's recently come up a few times in work, and also a few times on IRC, so I thought I'd write a little script and primer on using GDB and...
  5. Replies
    13
    Views
    8,192

    Re: The Dynamo Thread (screenshots & download)

    As someone who develops a few different open source projects, trust me when I say, this is tough to get until you hit a pretty good maturity. In fact, don't count on people requesting features -...
  6. Replies
    6
    Views
    4,893

    Re: Hack Lab for me and my son

    I'd suggest also getting an older ASA/PIX and setting that up.
    You can get a technet subscription for $200/yr, and it gives you dozens of licenses for various MS products (SQLServer, Win7, Win2k8,...
  7. Discussioni: USB Security Key

    by orgcandman
    Replies
    2
    Views
    1,744

    Re: USB Security Key

    The theory is sound. It's not really a good way of preventing someone from booting BT4R2 - unless the OP manages to encrypt the entire BT partition as well. Otherwise, anyone could simply configure a...
  8. Replies
    4
    Views
    1,901

    Re: Persistence demystified

    This information is pretty easy to discover, and I've posted about it before.

    The BOOT= and boot= lines are not "kernel" arguments. Rather, because you can have anything appear on the...
  9. Replies
    7
    Views
    4,292

    Re: detecting honeypots in backtrack

    It also depends on greatly on the actual honeypot. For instance, something like kippo - detectable with regular expression matching. A real live OS that someone sets up to be broken - not so...
  10. Replies
    2
    Views
    2,099

    Re: ps and sudo'd users

    You may find a roundabout way using pstree, ps, and looking at the auth logfile.
    As an example, I did a sudo bash on my machine. ps details:


    root 27946 0.0 0.0 11208 2016 pts/3 S+ ...
  11. Discussioni: GSM scanning

    by orgcandman
    Replies
    3
    Views
    5,529

    Re: GSM scanning

    In short - not without building a lot of stuff yourself. Take some time to read through the 3gpp docs. The OTA stuff has at least 9 different permutations of MAC where different logical links pass...
  12. Replies
    3
    Views
    3,353

    Re: Autostart vncserver after autologin

    Additionally, ubuntu runs upstart, which is pretty easy to make a script for.

    If you have an auto-login as root, why even bother with kdm? Just write an upstart script to start X.
  13. Replies
    1
    Views
    1,858

    Re: problem how to registers GNU gdb 6.8-debia :(

    Did you read the gdb error message at all? I understand that english isn't your first language, but the error message is pretty basic - you should be able to figure it out.

    EDIT: I wish I had read...
  14. Discussioni: Possible WICD bug?

    by orgcandman
    Replies
    4
    Views
    2,154

    Re: Possible WICD bug?

    In the same room - no obstructions.


    As I posted - when I manually wrote out a wpa_supplicant config file, and used dhclient, the issue went away - which is why I suspect a WICD bug.
  15. Replies
    1
    Views
    2,900

    [Committed] Simple Fuzzer

    Tool name: Simple Fuzzer
    Tool function: A highly configurable, intuitive, protocol fuzzer

    Tool description: Simple Fuzzer is a very simply configured fuzzer which allows the user to construct...
  16. Replies
    9
    Views
    3,301

    Re: DHCP Exhaustion Issues?

    Yikes! Why do you have the multicast bit set on your source mac address?
  17. Discussioni: Possible WICD bug?

    by orgcandman
    Replies
    4
    Views
    2,154

    Possible WICD bug?

    I'm using BT4R1 (haven't done a complete upgrade, yet). Seems like if I use wicd to connect to my WPA network, the connection randomly resets. I've looked through google and the logs, but haven't...
  18. Replies
    9
    Views
    3,301

    Re: DHCP Exhaustion Issues?

    I'm not sure if there are any specific 802.11 headers that need to be set, it's an avenue for investigation.
  19. Replies
    9
    Views
    3,301

    Re: DHCP Exhaustion Issues?

    Are you sure you're generating the request properly? I don't know how you're trying to accomplish this - I'm guessing you're sending out over a raw eth socket. Try this - try physically plugging into...
  20. Replies
    4
    Views
    2,506

    Re: What career to pursue for the moment?

    All that follows is from someone who has done both software engineering (currently) and network administration (10+ years ago).

    Let me put it to you this way -

    if you want to get into exploit...
  21. Re: Buffer Overflows - Help Understanding EIP and ESP Interaction

    +1 to this.

    Your jmp calculator is really a 32-bit endian reverse.
  22. Replies
    16
    Views
    11,653

    Re: dd-wrt redirecting traffic to a sslstrip box

    Wish I had seen this thread earlier. There's already a decent project which does a lot of the stuff you'll want to do called Jasager. You might want to google 'hak5 pineapple', or 'jasager'. It's...
  23. Re: Buffer Overflows - Help Understanding EIP and ESP Interaction

    Just to correct a misconception that people derived - the EIP does not contain two halves. The system always behaves as if every non-branching instruction were followed by "eip = eip + [length of...
  24. Re: Immunity Debugger (powerful new way to write exploits) for Windows by wine

    While I normally wouldn't question a mod's posting, I am curious whether or not you have read this:

    http://www.backtrack-linux.org/forums/tool-requests/571-immunity-debugger-v1-73-a.html

    If so,...
  25. Replies
    5
    Views
    1,537

    Re: embarassed to ask but Trouble with dual boot

    Did you try removing the map statements from the winxp section, like I suggested?
Results 1 to 25 of 70
Page 1 of 3 1 2 3