ethicalhack.org

Wireless Cracking Videos

goatmaster — Tue, 12 Jan 2010 23:19:58 +0000

Here are a couple of videos I put together for my employer Assurance.com.au. The first one is cracking WEP using the AirCrack Suite on Linux.

The second one is cracking WPA PSK using the AirCrack Suite on Linux.

Thanks to Snare (Loukas) from Rex Banner for allowing me to use a couple of their tracks in the vidz.

wfuzz

goatmaster — Thu, 12 Jun 2008 23:22:32 +0000

It’s been a while since I did some sharing, so here you go…I’ve started using this web application fuzzing tool recently called wfuzz:

http://www.edge-security.com/wfuzz.php

It is a cool application for fuzzing parameters in web applications, including login forms. An example of of wfuzz syntax attempting to brute force a web application login form (in this case a Cisco VPN admin page (wishful thinking : P)):

wfuzz -c -z file -f /wordlists/big.txt –hc 404 –html -d “login=admin&password=FUZZ&ok=Login” https://10.10.10.10/admin.html 2 > cisco_vpn_admin.txt

You enter FUZZ in the parameter you wish to fuzz. Pretty simple once you get the hang of it…

ethicalhack.org – Site Stats

goatmaster — Thu, 07 Feb 2008 05:50:55 +0000

It’s been a while since my last update, I don’t really have an excuse, but my current job is keeping very busy and I’m also studying for the CISSP exam. I just thought I would post a lame blog entry with some site stats for the past two years…So here goes:

For the year of 2006:

62,000 Unique Visitors
800,000 Hits
145 GB Bandwidth

For the year of 2007:

100,000 Unique Visitors
1,125,000 Hits
220 GB Bandwidth

Thank you to all those who donated via PayPal. As you can see the site is quite bandwidth hungry, so even the small donations are greatly appreciated.

All the best for 2008!

It’s Movember!!!

goatmaster — Thu, 01 Nov 2007 02:57:17 +0000

Movember is an annual, month-long November charity event involving the growing of moustaches. It is held primarily in Australia, New Zealand and is being launched this year in the United Kingdom, United States, Spain and Canada.

I am taking part…

Poor old Johny Howard got hacked…

goatmaster — Wed, 10 Oct 2007 01:04:01 +0000

It looks like the Liberal Party’s official website has been hacked to make it look like Prime Minister John Howard enjoys “smoking the bone”. In the image below it reads, “The Liberal Party of Australia, John Howard Says “I like to suck dick!”. This has been achieved through the use of XSS.

A spokesman for the Liberal Party’s federal secretariat said that officials were investigating the matter.”It appears to be a hoax, but we’re checking it out,” the spokesman said.

Has the truth finally come out??? ; )

Wanted: This man photographed sexually abusing children

goatmaster — Wed, 10 Oct 2007 00:32:57 +0000

It’s been all over the news, but I guess it can’t hurt posting the article here too. INTERPOL is seeking the help of the public to try to identify the man in the photos below. He has appeared in photographs sexually abusing children in a series of images posted on the Internet.

According to INTERPOL, the photos shown below are from a series of around 200 pictures involving 12 different young boys, believed to have been taken in Vietnam and Cambodia in 2002 or 2003.

These pictures have been produced by specialists from Germany’s federal police force, the Bundeskriminalamt, working from originals found on the Internet, which had been digitally altered to disguise the man’s face.

The images were recovered from pictures taken off the Internet in which the man’s face had been blurred using something like Photoshop’s Filter > Distort > Twirl tool.

If you know this piece of shit, you should contact your local police or INTERPOL’s Trafficking in Human Beings Unit via email.

Windows XP SP3 Build 3205 released to beta testers

goatmaster — Mon, 08 Oct 2007 00:23:30 +0000

Microsoft has officially released a build of Windows XP SP3. It is reported to have 1073 patches/hotfixes and several new features. Windows XP SP3 does ship with a few new features, the majority of which have been backported from Windows Vista.

GFI Endpoint Security

goatmaster — Fri, 01 Jun 2007 08:10:31 +0000

We all know how much time and effort is invested into keeping an organisation’s network secure. Then someone brings a USB device into the organisation with a virus or some illegal software and it is the organisation that pays (and sometimes the end user ; ) ).

GFI EndPointSecurity allows administrators to actively manage user access and log the activity of these portable USB devices. It’s well worth a look.

0day was the case that they gave me

goatmaster — Sun, 11 Feb 2007 11:23:38 +0000

Oh dear! The Solaris 10/11 telnet daemon has been exploited. Kcope posted the exploit to Full-Discloser (local mirror) this morning, and the worst part about it is that it doesn’t require any skill. If you can execute a command on the command line, you can exploit this vulnerability, which also means that it can easily be scripted. All you need to do is pass a ‘-fusername‘ as an argument to the –l option you get full access to the OS as the user specified except ‘root’. Here is a command line example:

telnet -l “-fbin” target_address

In my experience, I have seen the telnet daemon enabled on a lot of hosts that I have reviewed even if ssh is used.

I hear the sound of system administrators frantically disabling the telnet daemons throughout their Solaris environments. : )

Apple Releases the iPhone

goatmaster — Wed, 10 Jan 2007 00:27:28 +0000

At Macworld this year, Apple has released the iPhone. There has been a lot of hype around this release, but it seems that reality has out done the hype for a change.

A couple of the highlights are:

The device runs on OS X.
No stylus is used. The iPhone is designed for the user to use their finger as a pointer.
One button (The Home button) all the rest of the functions are controlled via the touch screen.
iPod built in.
Internet capable (with Safari Browser).
Last but not least, there is a phone in there somewhere too!

Check out the full write up on ZDNet.
As I thought, Apple has joined Google and Microsoft in the race for world domination…