Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> i really want to check out some new linux just no time to tweak with it Quote Link to comment Share on other sites More sharing options...
villain Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> glad to hear about the linux. what release did you install? thanks for the cctv links. fucking dope. you work in the field? ubuntu. linux for human beings. lol. nah i don't work in the field. i'm just a full time paranoid. lol I have a ridiculous amount of security information lying around. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> i just got a box with 50 ubuntu sleeves in it. 100 cd's. one live, one install. 40 386 installs and lives, and 10 (actually 20) 64 bit versions of ubuntu. ubuntu rocks the fucking house. security is the shit. villain, post some knowledge. we've hit a slump here. although porn links aren't that bad. we should kinda keep it in line with tech. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> second row, fourth over. i think i dated her http://petiteteenager.com/ Quote Link to comment Share on other sites More sharing options...
villain Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Yeah I'm really liking ubuntu. Security... so what do you want to know about? I have stuff for specific applications and products you can buy, I have schematics and wiring diagrams so you can make shit, I have information on electronic warfare theory so you can get that straight heady science shit.... whatever floats your boat really. I haven't gotten too much into it lately cause I've been working on a graphic novel, but with me fucking with ubuntu and shit I'm up for a change of pace. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> her or someone who looked like her? Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> wow. umm, any homemade type stuff (make magazine type shits) kari sweets reminds me of someone from 12oz. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> teh pr0n http://girlsarenice.com/ Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> her or someone who looked like her? it could be her. haven't seen her since highschool. very odd resemblance. how to: bulletproof startup company http://money.cnn.com/magazines/business2/startups/index.html Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> villain: army field manuals collection http://www.globalsecurity.org/military/library/policy/army/fm/ Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> four porn channels. posted before, but i think this is cool iptv rocx0rs http://www.channelchooser.com/ Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> http://www.blacklisted411.net/index.php?option=com_content&task=view&id=127&Itemid=66 google hacking Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> http://bodsforthemods.com/ http://www.bodslist.com/ Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> for network administrators Creating Uncrackable Passwords http://www.combobulate.com/node/25 Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> you seem a little lonley casek better go find a hooker or something Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Backdoor and default passwords Many BIOSes have built in backdoor passwords to use to bypass a BIOS password which has been lost. This is, of course, an unacceptable way of handling this. No machine should have a backdoor password; this is a massive security hole. Instead, the machine should have a hardware jumper or dip switch located in a secure location that is not accessible when the case is locked. For desktops, the switch can be located on the motherboard and a locking case screw will prevent access. For notebooks, there switch should not be inside a compartment which can not be opened when the security cable slot is engaged. * Award BIOSes "Condo", "AWARD_SW", "J332", and "589589", "AWARD?SW", "lkwpeter", "aLLY", "j262", "j332". Some more are availible at pwcrack.com After 1996-12-19, Award required each OEM to set their own password. * AMI BIOSes There is a program to reveal backdoor passwords in AMI BIOSes was posted on bugtraq Some backdoor passwords used include "A.M.I.", "AMI_SW", "AMI?SW". Some more are availible at pwcrack.com . * Phoenix BIOSes "phoenix" * Toshiba notebooks Toshiba has a trapdoor password to bypass the bios password. The company has adopted a truly asinine attitude regarding this password. It turns out that if the first five bytes of sector 1 (the second sector) of a floppy in drive a are "4B 45 59 00 00" then you can bypass the password (type enter when asked for the password and you will be asked to set the password again). * Thinkpad Notebooks Thinkpads have special pads to short. Removing the battery, or letting it go dead, can wipe out the hard disk encryption key. See http://www.pwcrack.com/BIOS/bios.html for more details. * Other BIOSes "biostar", "biosstar", LKWPETER", "BIOSTAR", "j262", j256", "Syxx", "Wodj" * Clearing BIOS password using debug: O70,1E O71,FF O70,1F O71,FF * emachines At least some emachines have a dip switch on the motherboard to clear the passwords. * More info on BIOS backdoor passwords and clearing CMOS. I supplemented the info on this page with stuff from there. * Discharging CMOS RAM There is usually a jumper near the battery for this. This is often a three pin jumper and you move it from 1-2 to 2-3 or vice versa. If there is no jumper, you can acomplish the same results by shorting a particular pin on the CMOS RTC chip to ground for a few seconds while the power is turned off. Dallas 1287 24 Pin DIP replace chip Dallas 1287A 24 Pin DIP Short pins 12 and 21 Chips&Tech P82C206 PLCC Short pins 74 and 75 (upper left corner) Opti P82C206 PLCC Short pins 3 and 26 (bottom row) Motoroola MC146818AP unplug chip Dallas DS12885S 24 pin DIP short pins 12 and 20 Bechmarq bq325aS 24 pin SIP short pins 12 and 20 Actually, you could just wipe a grounded cliplead accross all the pins of the chip you suspect is the CMOS RTC/RAM chip. This is usally a 24 pin DIP. If the functionality is handled by the motherboard chipset, just do the same for all the motherboard chipset pins. Note that if there is no series current limiting resistor on the external battery, it may have enough power to melt a trace off the board; this trace will be the battery power to the CMOS RTC/RAM and you can solder in a piece of wire to replace the trace. I have never heard of this happening on a motherboard and it would be pretty common the way they are handled. It should also be noted that you can look up the manufacturer's data sheet for the chip on their web site to find out how to erase the RAM. * CmosPwd * The program CmosPwd can be used to crack the CMOS passwords on ACER, IBM, AMIBIOS, Award BIOS, Compaq, DELL, Packard Bell, Phoenix, Toshiba, and Zenith machines. This runs under Linux or DOS/windows. Cisco routers Cisco routers prevent remote logon unless the passwords have been set. * 3 Com Lanplex/corebuilder line: Login=debug, Password=synnet Linkswitch 2700, superstack 2700, cellplex 7000: login=tech, password=tech Superstack II hub and switches don't respond to the above but do have user=tech, password=tech or user=monitor, password=monitor. * IBM 8237 Hub Has backdoor password in cleartext in the image. No way to change the password without editing firmware image and hacking the checksum. * Quake servers rcon password is "tms"; appears to require that you masquerade as 192.246.40.* to use. * IRC scripts There are many trojan IRC scripts with backdoor passwords. * Unix One of the more famous and clever backdoors existed in early unix systems. Denis richie added hidden self-replicating object code to the C compiler that modified both the C compiler and the Login program when they were recompiled. So even if you recompiled the complete system from sources and inspected the sources there was still a hidden backdoor. Early systems had a default root password of "gnomes". many distributions had default passwords * Windows 95 screen lock You can bypass the screen lock on any windows 95 box if it has autorun enabled on the CD-ROM drive. Insert a special CD and it will be autorun even though the screen is locked. The autorun program can copy sensitive data to a floppy and/or kill the screen saver process. ftp://null.angel.nu/projects/95sscrk.zip is one of the programs which can be used to decrypt the screen saver password. This appears to also be a problem on windows NT machines. Autorun.inf is the magic file. * Motorola cell phones The DPC-550 cell phone has a backdoor password to unlock the phone. Typically "000000000000" or "123456123456". * UT Lexar Telephone switches Default login used by maintenance personal was "lexar", no password; customers were required by contract to maintain a dialup line. Backdoor login was "DESIGNED_BY_IC_KF". Their technicians knew that this backdoor existed but were not given its value. These deficiencies were reported to Lexar a decade ago. If they haven't fixed them by now, tough. Lexar switches print some distinctive escape codes followed by a "login:" prompt and are easy prey for war dialers. I broke into one almost by accident when it got added to a list of BBSes as a C/unix. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> we need some backdoor listings. i used to be able to find those like grass on a soccer field. that was back in the early 90's. Quote Link to comment Share on other sites More sharing options...
villain Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> villain: army field manuals collection http://www.globalsecurity.org/military/library/policy/army/fm/ Nice collection there. I've got a decent sized collection myself. Technical Manuals however would be harder to come by on the internet since those are the manuals that actually tell you how to break down and rebuild military equipment. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> you seem a little lonley casek better go find a hooker or something haha. no way. i'm just surfing porn tonight. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> random link http://iwhax.net/index.php/Main_Page Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> haha. no way. i'm just surfing porn tonight. aww what the fuck i thought you would have a joke like i have been trying to get a hold of yer mom but she hasnt been on the corner latley Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Nice collection there. I've got a decent sized collection myself. Technical Manuals however would be harder to come by on the internet since those are the manuals that actually tell you how to break down and rebuild military equipment. you would seriously be surprised. check your favorite p2p programs. navy seal sniper trianing mans http://www.torrentspy.com/torrent/714837/Navy_SEAL_Sniper_Training_Manual i'm sure a little work would turn up hundreds of the manuals you are speaking of. there are collectors. i know atleast one. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> a tutorial i had in my documents Hacking Cell Phone VMBs Section 1: The Introduction ---------------------------- In the activity known as phreaking, VMBs (voice mail boxes) are one of great treasured finds of tireless effort. Well thanks to modern cellular technology, it doesn't have to take so much tireless effort. Most modern cell phones have VMBs to take messages when the owner is away or is too much of a lazy shit to pick up the phone like somebody I know (*cough*Kyle*cough*). This makes for a seemingly endless bound of VMBs available for us to explore. Well of course in this tutorial we will be covering exactly that, methods that you can use to break into these VMBs, to play big brother, take over, or just generally mess around with. Enjoy... Section 2: The Method ---------------------- Well our first step is of course to get to the VMB. To do this we are going to call up the number of our target, and let it ring. This works best if you call at a time when the cell phone is off, so if you know your target try to figure out when the most likely time would be that they would have their cell phone off and call then, or else just call in the middle of the night and hope they aren't an insomniac. Then when the message starts playing hit either # or *. You will then hear it ask you to enter in your password. Your first try should be to punch in the last four digits of the cell phone number. If this doesn't work then here is a decent list of common passwords for you to try out... 6969 0420 1234 4321 1223 9876 1111 1010 3060 If you don't screw around with anything and just use it to listen in on saved messages, then you should be able to hold access for months. Otherwise, if you decide to use the "Change Password" option and take it over, then you probably won't be holding it for long. So yeah, I advise against doing that. Also a helpful hint is that though most service providers use 4 digit passwords for VMBs, some providers may require subscribers to have passwords of at least 6 digits. If this is the case, first try the cell phone number you are dialing as the pass. If this doesn't work, you can try one of the following common passwords... 111111 222222 333333 444444 555555 666666 777777 888888 999999 123456 654321 696969 101010 121212 If none of these work then try a variation of any of the schemes listed above, or try something like the subscriber's birthday, first name, last name, home phone number, etc. Just use your imagination. Section 3: In Conclusion ------------------------- Well as always I hope you enjoyed reading this tutorial as much as I enjoyed writing it. Life has been keeping me too busy lately to really do much else, but be sure to check in at informationleak.com to see my latest work. Until next time...Section 1: The Introduction ---------------------------- In the activity known as phreaking, VMBs (voice mail boxes) are one of great treasured finds of tireless effort. Well thanks to modern cellular technology, it doesn't have to take so much tireless effort. Most modern cell phones have VMBs to take messages when the owner is away or is too much of a lazy shit to pick up the phone like somebody I know (*cough*Kyle*cough*). This makes for a seemingly endless bound of VMBs available for us to explore. Well of course in this tutorial we will be covering exactly that, methods that you can use to break into these VMBs, to play big brother, take over, or just generally mess around with. Enjoy... Section 2: The Method ---------------------- Well our first step is of course to get to the VMB. To do this we are going to call up the number of our target, and let it ring. This works best if you call at a time when the cell phone is off, so if you know your target try to figure out when the most likely time would be that they would have their cell phone off and call then, or else just call in the middle of the night and hope they aren't an insomniac. Then when the message starts playing hit either # or *. You will then hear it ask you to enter in your password. Your first try should be to punch in the last four digits of the cell phone number. If this doesn't work then here is a decent list of common passwords for you to try out... 6969 0420 1234 4321 1223 9876 1111 1010 3060 If you don't screw around with anything and just use it to listen in on saved messages, then you should be able to hold access for months. Otherwise, if you decide to use the "Change Password" option and take it over, then you probably won't be holding it for long. So yeah, I advise against doing that. Also a helpful hint is that though most service providers use 4 digit passwords for VMBs, some providers may require subscribers to have passwords of at least 6 digits. If this is the case, first try the cell phone number you are dialing as the pass. If this doesn't work, you can try one of the following common passwords... 111111 222222 333333 444444 555555 666666 777777 888888 999999 123456 654321 696969 101010 121212 If none of these work then try a variation of any of the schemes listed above, or try something like the subscriber's birthday, first name, last name, home phone number, etc. Just use your imagination. Section 3: In Conclusion ------------------------- Well as always I hope you enjoyed reading this tutorial as much as I enjoyed writing it. Life has been keeping me too busy lately to really do much else, but be sure to check in at informationleak.com to see my latest work. Until next time... Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> aww what the fuck i thought you would have a joke like i have been trying to get a hold of yer mom but she hasnt been on the corner latley haha. yerrr moms already been over. :P Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> another useful one What is DRM? DRM is an encryption manifest file which dissallows an individual who's purchased a CD which contains the DRM directly written into the actual Audio Disk. DRM stands for Digital Rights Management. What's the cause for DRM Encryption? DRM(Digital Rights Management) is to control the internets piracy of Audio files, mp3s for example.. on P2P (Peer To Peer) Clients, (A famous one is KaZaA) for non-3rd party use. Which this means that You can rip the audio to your computer, and listen to them only at your computer and nowhere else. Now there usually is an internal ripper provided by the CD itself, for you to burn the audio to another CD-R or whatever, but if you follow my howto it'll make things alot simpler. -What you need- 1: 6-ft. (182m)* Shielded Audio Cable, 1/8/11th's stereo miniplug, to 1/8/11th's stereo miniplug. Radio shack item # (42-2387A) 2: A CD Player. 3: The CD which has the DRM encryption. 4: A Computer with working Microphone input, and soundcard output. 5: An Audio editor such as Sonic Foundry Sound forge 6.0 or something like it. Now, take the Audio chord and plug it into your CD player where you'd put your headphones, then take the other end and plug it directly into your CPU's microphone input. Once that's done, open up your Audio Editor... click on File>New> Once the new layout has opened, click "Record" now once it has started to record, click Play on your CD Diskman. (Make sure you have your Sound on the Diskman to MAX output) Now thats pretty much it... once the disk has been fully played and upstreamed to your audio editor... you can disect the Tracks and the name them on New Sound layouts, name the track... and save it as mp3. Becuase by default all audio editors save upstreamed tracks as .WAV format, and wav format is a relativelly enormus size as far as bytes are concerned. I hope you enjoyed this. and Remember, it's our right to do what we want with what we buy. Just make responsible decisions and do not pirate! Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> backtrack...whoa. looks kinda cool. i'm gonna check it out. been experimenting with getting kismet to run on winblows via kiswin an cygwin or whatever. boooooooring. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Presented here is a whitepaper on exploiting Windows device drivers, with a step-by-step explanation on how to exploit the vulnerability and get a shellcode running. DETAILS Introduction: Device driver vulnerabilities are increasingly becoming a major threat to the security of Windows and other operating systems. It is a relatively new area, thus very few technical papers covering this subject are available. To the author's knowledge, the first windows device driver attack was presented by SEC-LABS team in the "Win32 Device Drivers Communication Vulnerabilities" whitepaper. This publication presented useful technique of drivers exploitation and layed a ground for further research. Second publication surely worth to mention is the article by Barnaby Jack, titled "Remote Windows Kernel Exploitation Step into the Ring 0". Due to lack of technical paper on the discussed subject, Piotr Bania decided to share results of his own research. In this paper a device driver exploitation technique will be introduced, provide detailed description of techniques used and include full exploit code with sample vulnerable driver code for tests. The reader should be familiar with IA-32 assembly and have previous experience with software vulnerability exploitation. Plus, it is highly recommended to read the two previously mentioned whitepapers. ADDITIONAL INFORMATION The original article can be found at: <http://pb.specialised.info/all/articles/ewdd.pdf> http://pb.specialised.info/all/articles/ewdd.pdf Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> i hope windows auditors are not watching me anymore haha awwell fuck em Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> well, they could be just as bad. and most likely, they are down- loading weird brazilian goat sex flix. bil gates gets what he pays for. http://www.horsefucking.nl/index_bestanden/bigup.jpeg rofl i don't think it's legal for americans to click on that. be warned. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> iTunes 6.0 Shared Music Denial of Service/Spoofing/Flooding/Abuse* *Demo:* The following is a link to a Flash demo in which we demonstrate the vulnerability. (link to flash demo <http://www.airscanner.com/security/itwns2.html>) *URL: *http://www.airscanner.com/security/05101001_itunes.htm *Product:* iTunes 6.0 *Platform:* Tested on Windows XP and OSX *Requirements:* Nemesis for spoofing. Perl for the scripting environment. iTunes on either OSX or Windows. * Credits:* Seth Fogie Airscanner Mobile Security http://www.airscanner.com Mobile Antivirus Researchers Association http://www.mobileav.org October 10, 2005 * Risk Level:* Low: Denial of service (Shared Music anonymous forced disconnect) and list abuse attacks are both merely annoying to iTunes users. Medium: Shared Music lists from various users can be renamed and swapped, thus creating an environment in which you can't be sure to whom you are connecting. * * *Summary:* iTunes is a popular service allowing you to play music, buy music, download music, share music, create playlists, etc.; it includes a video player and other features: http://www.itunes.com The iTunes Shared Music feature allows users on a network to create playlists from songs on their computer and to share them on the network. When you create a new list and enable sharing, other iTunes users will see your lists under the Shared Music list, unless they change their preferences from the default settings. We discovered that it is possible to create spoofed Shared Music entries, to rename existing entries, to disconnect existing entries, and to re-initiate existing lists. We can also kill an existing stream without authorization via an anonymous packet. * * *Details:* iTunes Shared Music Entry Spoofing: It is possible to create fake Shared Music entries by spoofing fake domain/list names and IP addresses inside an MDNS packet that is used to broadcast existing lists. This spoofing attack can be scripted to post numerous entries to specific or all iTunes users on a network (flooding). By repeated excessive posting of Shared Music Entries, we were able to create a major system load on systems using iTunes. iTunes Shared Music Entry Rename: It is possible to rename a valid entry across the network by spoofing the IP of the originating computer. With this power, we can swap existing Shared Music Entries and trick people into connecting to the wrong list. iTunes Shared Music Entry Time To Live Spoofing: It is possible to reset the TTL value of existing lists (or new lists), thus allowing an attacker to set the TTL on an existing list to one second, resulting in the list being removed from all client computers, even if a song is currently being shared. In order to spoof entries, you have to first send a SVR packet out with all the appropriate information, which must then be followed by a spoofed response packet to convince other iTunes clients that the first packet was real. In order to create spoofed lists, or to alter existing lists, you must also spoof the originating IP. The IP does not have to be on the local subnet. For an example of what is possible, we have recorded a session in rather large swf files. Click here <http://www.airscanner.com/security/itwns2.html> or here for the 2MB web based video. Screen shot of a multi-spoof <http://www.airscanner.com/security/images/itunes.JPG> also available. *Credits and Thanks: *Special thanks to the creators of nemesis, without which this testing would have been much more difficult. We also would like to acknowledge the creators of Ethereal for an excellent sniffer. * Workaround:* Disable 'Look for shared music' option under the Sharing tab in Preferences. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.