jsm725

Forum Replies Created

Viewing 14 reply threads
  • Author
    Posts
    • #39566
      jsm725
      Participant

      Just came across a vulnerable web app that google lets you play with.

      https://google-gruyere.appspot.com/

    • #40545
      jsm725
      Participant

      Yeah I probably went a little overboard with the LulzSec posts… :-[. I guess my point was to drive conversation about what we are considering ethical hacktivism. I agree what LulzSec is doing in illegal. But wasn’t it also illegal to set up proxy servers that allowed the Egyptian protestors to coordinate using facebook and twitter. They were violating the law of the land to facilitate their right to protest. Do we consider that ethical hacktivism? How do we protest in the digital era? Is there even such a thing as ethical hacktivism if a “hack” is considered an act of war?

    • #40428
      jsm725
      Participant

      The shear number of potential attacks and ease in which SET executes them scares the living crap out of me. You can protect your network all you want, but end users will almost always be the weakest link. Protect your network from your users!!!!

    • #40479
      jsm725
      Participant

      I was worried when Rapid7 “acquired” metasploit. I thought they would immediately stop work on the free version and only release updates for the commercial versions. But they didn’t. They kept the updates rolling and left it open-source.

      So it will be interesting to see what they do with John. But I am (perhaps naively) hopeful.Β  πŸ™‚

    • #40404
      jsm725
      Participant

      Sounds like El33tsamurai has the USB card on the host and not mounted directly to the VM. I just took the OSWP training using a virtual image and an Alpha card. It shows up (when mounted directly to the VM) as wlan0.

      Also, definitely look into GNS3. A seriously awesome tool.

    • #40439
      jsm725
      Participant

      People tend to focus too much on the technical side of recon. Sometimes you need to think outside of the box.

      I am assuming he is living at home since he is a minor.Β  So you should be able to look up his parents property tax info by last name, which would give you an address. Completely free information that can be obtained legally on the internet.

      If you know what this guy looks like (facebook and dating sites usually have pictures) and his general location…why not just do some old fashion detective work and stake out the neighborhood? Wait till you see him and figure out which house he goes into. Completely legal since you are observing people in a public place. Just don’t go looking through windows.

    • #40328
      jsm725
      Participant

      I am glad to see movement against these guys. My only hope is that the authorities can differentiate punishment between leaders and high-school or college kids that think installing LOIC on there personal computers makes them hackers. Should they be punished? Absolutely. Should it ruin the rest of their lives? Absolutely not.

    • #40323
      jsm725
      Participant

      ***Disclaimers about how LulzSec is doing illegal things and they are bad people, etc., etc., etc.***

      On one hand I do see it as a revolution. High profile attacks give us (white hat professionals) backing when we make claims that security is not just a cost center but a worthwhile and necessary investment.

      On the other hand, average Joe’s (including the media and Executives) don’t understand these attacks. It’s hard to find stories in mainstream outlets that explain the attacks adequately. If there is one thing that scares people, it is the unknown. These attacks take place in a realm that might as well be supernatural as far as an average person is concerned. This type of fear can lead to unnecessary and far reaching efforts to crack down on internet activity. And that is almost as scary as steady string of high-profile attacks.

      IMHO of course. Β πŸ˜‰

    • #40232
      jsm725
      Participant

      hehe…Instead of a DDOS its a Distributed Crank Call.Β  πŸ˜€

    • #40230
      jsm725
      Participant

      Another thing to consider…will these type of attacks tilt public opinion to favor a governmental crack down on our currently unregulated and uncensored open internet?

    • #40229
      jsm725
      Participant

      *disclaimer* Although the attacks are illegal and break the “ethical grey hat” rules of no disclosure…/*disclaimer*

      When you preach this is an imminent risk, you need to be prepared, for God’s sake please listen to me and then those risks are realized, it does make you feel a little better.

    • #39744
      jsm725
      Participant

      I have been trying using the script that was posted, but I have run into some issues due to my lack of bash script understanding.

      Issue 1: Backtrack 5 doesn’t have the airpwn tool so no wep_keygen command
      Issue 2: Backtrack 4 is working, but wep_keygen isn’t creating the WEP keys correctly, I am getting an error about the WEP key being fed into Airdecap not being the correct length. I think the script is just grabbing the wrong thing, by I don’t have time to fix it because…
      Issue 3: I am supposed to be working… πŸ˜‰

    • #39594
      jsm725
      Participant

      @Jamie.R wrote:

      looks interesting but only in the USA πŸ™

      They will ship international, you just need to email them.Β  πŸ˜‰

      http://pwnieexpress.com/faq.html

    • #38778
      jsm725
      Participant

      Saw the episode last night. I forced myself to watch the whole thing. I would be surprised if it made it past one more episode. The acting is poor, the dialogue is lame and pretty dirty at some points, and the tech talk is mind numbingly inaccurate. So sad… :'(

    • #39031
      jsm725
      Participant

      A new RUaNinja Challenge?Β  πŸ˜‰

Viewing 14 reply threads

Copyright Β©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?