Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - neusbeer

Pages: [1] 2 3 ... 12
1
Hacking and Security / Re: Where do I find modern techniques?
« on: January 09, 2015, 07:41:49 pm »
You can use Cain & Abel for this (if you are a windows user).
http://www.oxid.it/cain.html

you can poison dns, intercept passwords and even bruteforce them with it,
catching urls, etc.



2
Hacking and Security / Re: help needed for a cyber challenge - level 5
« on: April 21, 2014, 10:49:35 pm »
I can't get it to work, when I add im to virtualbox it's gives errors.
gonna do string searches in the hope to find something.
And try out sleuthkit

3
Hacking and Security / Re: help needed for a cyber challenge - level 5
« on: April 21, 2014, 10:58:52 am »
Yeah that mail I found, where pjotr is angry and demanding his money.
Used the same way with Wireshark, but I thought I missed something

I wasn't 100% complete with the info, the gave also a vmdk file besides the raw mem file.
http://ccc.tweakzones.net/mail.zegzv.be.vmdk.tar.bz2
it's encrypyted

But maybe I need both files to get the answer.

the pcap is just a part of that memdump, so could be somewhere else in dump.

4
Hacking and Security / help needed for a cyber challenge - level 5
« on: April 20, 2014, 12:55:53 pm »
Ey guys,

Can anyone help me with this, I'm busy with a cyber challenge, and working on challenge 5.

Story: Pjotr is communicating with somebody else who calls the shots, Pjotr is a hacker or something,
the challenge is about investigating a murder.

Now in challange 5 ...
I got a memory dump (linux), and I have to find
the name of a file (and within that file a username and password) which has been send
by Pjotr, I found 1 mail where he's asking about the money after the file transfer 2 weeks ago.

I can't use Volatility, because I'm not sure which linux rep it is.
I used (in kali linux) bulk_extractor. and got some info (also a pcap)
https://dl.dropboxusercontent.com/u/4378489/cyberchallenge/packets.pcap


But still no clue about the asked file.

Any1 can help?  Tips how to read the raw mem.

NB, it's in Dutch :-)

File: https://dl.dropboxusercontent.com/u/4378489/cyberchallenge/mail.zegzv.be.RAWmemory.bz2

5
oef..pretty nasty bug indeed..
took 5 sec. to get a sessionid from a site and to log in.

6
Hacking and Security / Re: password AfXNtpa38x
« on: February 18, 2014, 07:50:30 pm »
Well it's logical that the IP cams use a default password, like many things such as routers and shit. People just forget or don't care enough, to change that password.


True, but this ain't the standard password, that's admin:admin I think.
looks more like vendor password or such.

7
Hacking and Security / Re: password AfXNtpa38x
« on: February 11, 2014, 11:18:58 pm »
Code: [Select]
around 40 yeah. like password,123456 etc.. ain't that much..
Acunetix uses fast bruteforce with a few standard words to speed up..
(still slow though..)
I think brand password..

8
Hacking and Security / Re: password AfXNtpa38x
« on: February 11, 2014, 10:35:32 pm »
But why is it in a the wordlist of Acunetix scanner, which uses a small list of often used passwords and the password of a random cam. how big is the chance.

9
Security Tools / Re: Veil Framework
« on: February 11, 2014, 09:19:12 pm »
kuddo's.. nice tool..
works great..

10
Hacking and Security / password AfXNtpa38x
« on: February 11, 2014, 08:02:57 pm »
I was busy pentesting ip cam's. and found a 'strange' thing.
I use noisy scanning with Acunetix (yeah I'm lazy), and it bruteforce about
40 passwords including this one.
Example log of Acunetix scan: [size=78%]http://www.webprocomponents.com/photographer-portfolio-pro/Wildlife-portfolio1-demo/admin/attackers/94.220.67.55.log[/size]
(see the bruteforce part) note, this ain't my log ;)


When testing a ipcam, the actual password of the HTTP Auth was AfXNtpa38x.
Not really a password you see everyday, and when I google it, there aren't many hits. (only a leak pastebin with also the same password in it. http://pastebin.com/2vMgHkYk)

Why does this (dutch) IP cam have this password.


Am I missing something? is this a standard password for IP cam's of this type or somekind of buildin hardcoded password.

11
Reverse Engineering / Re: WinICE problem
« on: May 12, 2012, 02:27:25 pm »
found it.. pff took me a few hours.. :P lol


had to delete Registry key: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NTICE


thnxs for the link btw.

12
Reverse Engineering / Re: WinICE problem
« on: May 12, 2012, 02:13:22 pm »
yeah but no winice.exe
look at the dir structure


Code: [Select]
Het volume in station C heeft geen naam.
 Het volumenummer is 3807-71C9


 Map van C:\Program Files\NuMega


12-05-2012  14:12    <DIR>          .
12-05-2012  14:12    <DIR>          ..
12-05-2012  14:12                 0 dirlist.txt
11-05-2012  23:34    <DIR>          SoftIceNT
               1 bestand(en)                0 bytes


 Map van C:\Program Files\NuMega\SoftIceNT


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
25-01-2000  04:05             4.237 CommRef.CNT
25-01-2000  04:05           706.560 Commref.hlp
11-05-2012  23:34    <DIR>          Examples
25-01-2000  04:05            81.997 icedat.dll
25-01-2000  04:05           102.462 IcePACK.exe
25-01-2000  04:05           106.556 KD2SYS.exe
25-01-2000  04:05            36.951 KD2SYSXLAT.exe
25-01-2000  04:05             3.692 loader32.cnt
25-01-2000  04:05         1.855.468 loader32.exe
25-01-2000  04:05           109.091 Loader32.hlp
11-05-2012  23:34    <DIR>          Network
25-01-2000  04:05            98.372 nmsym.exe
25-01-2000  04:05           413.766 nmtrans.dll
25-01-1996  16:36                17 ntice.bat
15-11-1996  16:25             7.398 ntice.ico
20-01-2000  16:29            30.788 Readme.htm
25-01-2000  04:05            16.529 Serial.exe
25-01-2000  04:05            73.788 Serial32.exe
11-05-2012  23:34    <DIR>          Setup
11-05-2012  23:44               314 siload.ini
25-01-2000  04:05           114.746 SINet.exe
25-01-2000  04:05         1.681.120 SoftICE Command Reference.pdf
11-05-2012  23:34            76.086 SoftICE.isu
25-01-2000  04:05         2.273.989 Using SoftICE.pdf
11-05-2012  23:34    <DIR>          Util16
20-11-1996  10:34            67.072 Whatsnew.doc
25-01-2000  04:05            12.409 Wldr.hlp
              23 bestand(en)        7.873.408 bytes


 Map van C:\Program Files\NuMega\SoftIceNT\Examples


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
11-05-2012  23:34    <DIR>          GDIDemo
               0 bestand(en)                0 bytes


 Map van C:\Program Files\NuMega\SoftIceNT\Examples\GDIDemo


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
25-01-2000  04:05            15.020 Bounce.c
25-01-2000  04:05             2.298 Bounce.h
25-01-2000  04:05             8.827 Dialog.c
25-01-2000  04:05             6.853 Draw.c
25-01-2000  04:05             1.369 Draw.h
25-01-2000  04:05             8.869 Gdidemo.c
25-01-2000  04:05               743 Gdidemo.def
25-01-2000  04:05             2.863 Gdidemo.h
25-01-2000  04:05               766 Gdidemo.ico
25-01-2000  04:05             4.222 Gdidemo.rc
25-01-2000  04:05             7.091 Init.c
25-01-2000  04:05             1.636 Makefile
25-01-2000  04:05             4.101 Maze.c
25-01-2000  04:05             1.195 Maze.h
25-01-2000  04:05            12.207 Poly.c
25-01-2000  04:05             2.100 Poly.h
25-01-2000  04:05               116 Readme.txt
25-01-2000  04:05             3.012 Wininfo.c
25-01-2000  04:05             7.396 Xform.c
25-01-2000  04:05             1.262 Xform.h
              20 bestand(en)           91.946 bytes


 Map van C:\Program Files\NuMega\SoftIceNT\Network


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
11-05-2012  23:34    <DIR>          3C90X
11-05-2012  23:34    <DIR>          NE2000
               0 bestand(en)                0 bytes


 Map van C:\Program Files\NuMega\SoftIceNT\Network\3C90X


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
25-01-2000  04:05            22.542 NETNM3C.inf
25-01-2000  04:05            81.872 NM90XBC4.sys
25-01-2000  04:05            85.080 NM90XBC5.sys
25-01-2000  04:05            95.652 NM90XND4.sys
25-01-2000  04:05            95.092 NM90XND5.sys
25-01-2000  04:05            49.329 OEMSETUP.INF
               6 bestand(en)          429.567 bytes


 Map van C:\Program Files\NuMega\SoftIceNT\Network\NE2000


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
25-01-2000  04:05            18.121 NETNMNE.INF
25-01-2000  04:05            18.348 NMNE2K4.sys
25-01-2000  04:05            24.080 NMNE2K5.sys
25-01-2000  04:05            31.202 OEMSETUP.INF
               4 bestand(en)           91.751 bytes


 Map van C:\Program Files\NuMega\SoftIceNT\Setup


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
24-01-1996  13:43                11 AUTOEXEC.NT
24-01-1996  13:44                10 CONFIG.NT
25-01-2000  06:18            24.576 sindos.exe
24-06-1997  17:15               545 SINDOSNT.PIF
25-01-2000  06:18            36.864 sinsetup.dll
25-01-2000  06:18            45.056 SiSetup.exe
25-01-2000  06:18            90.112 sividset.dll
25-01-2000  04:05           241.788 siwvid.sys
22-12-1999  11:26            12.662 Vsetup.ini
               9 bestand(en)          451.624 bytes


 Map van C:\Program Files\NuMega\SoftIceNT\Util16


11-05-2012  23:34    <DIR>          .
11-05-2012  23:34    <DIR>          ..
25-01-2000  04:05           156.160 Dbg2map.exe
25-01-2000  04:05            18.909 Dldr.exe
25-01-2000  04:05             1.763 Dlog.exe
25-01-2000  04:05             4.972 Msym.exe
25-01-2000  04:05             4.111 Util16.txt
25-01-2000  04:05           116.272 Wldr.exe
25-01-2000  04:05            12.409 Wldr.hlp
               7 bestand(en)          314.596 bytes


     Totaal aantal weergegeven bestanden:
              70 bestand(en)        9.252.892 bytes
              26 map(pen)  179.926.364.160 bytes beschikbaar

13
Reverse Engineering / Re: WinICE problem
« on: May 12, 2012, 12:37:57 pm »
hmmm... taking a closer look. it's SoftIce. (Isn't that the same?)

anyway, don't have winice.exe


but ehm, at the beginning of the installation, he asked to change some registry things.
(Turning debugging on I think)
Any idea where to search in regedit?

14
Reverse Engineering / WinICE problem
« on: May 12, 2012, 09:50:33 am »
Not sure where to put this question.



I installed WinICE, but I wanna deinstall/deactivate it.
how can I do this?


If I start an other program now I get a message that it won't run
because of there's a debugger running.
It's in win xp sp3, where can I get this option to set off?


Deinstalling WinICE won't work, I still got the same message from the other programs.


15
Hacking and Security / Re: Abusing Password Managers with XSS
« on: April 26, 2012, 11:05:50 am »
Yep, also it won't work with Opera since it requires users interaction by filling in the passwords.

Pages: [1] 2 3 ... 12


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Bluechill or Kulverstukas on the forum or at IRC.