Thursday, July 31, 2003
Setting up a Ram Disk
Tuesday, July 29, 2003
Plugins for Mozilla
Useful if you're using Mozilla or a Mozilla-based (e.g., Galeon) browser.
Monday, July 28, 2003
You don't know where that terminal has been!
SunSpot.net has an article about the sentencing of a hacker who logged keystrokes on 14 of Kinko's public terminals and then used one of the captured logins to access someone else's home computer via GoToMyPC (somewhat like VNC or PCAnywhere). The hacker was caught because the actual owner of the computer was sitting in front of his machine when the cursor started moving around by itself.
In other instances, sensitive corporate data has been gleaned from the convenience terminals in hotel business centers.
Think about what you're doing before using a public terminal! You don't know who's watching!
IDS Theory
Saturday, July 26, 2003
Here it comes!
This is a bad thing in a couple ways. First, it's the Microsoft RPC utility. It's responsible for all of that pop-up spam (not the browser pops but the Windows pop-ups) that has been appearing more and more as of late. Second, every version of Windows (except ME) since 95 has the darn thing.
Now that the code for the exploit is out, we'll probably see a "test" version of a worm, using the exploit, in the next few days.
Friday, July 25, 2003
Automating with SSH/SCP
NBTScan
NBTScan is one of those tools that you come to depend on. It's main strength is being able to gather miscellaneous NetBIOS data by scanning IP's. This is what you need when you're trying to figure out what the NT hostname is at an IP address so's you can point smbclient at it.
You can wrap nbtscan in a Perl script, tie it to a database and maintain a history of what machines are connected to your network. This is made even more powerful in that nbtscan can also grab the MAC address of the remote machine if it's running NetBIOS.
Network Hacking
Vi Tutorial
This tutorial only covers basic use. If you scan the Internet for more tips and tricks, you realize that there's a lot of power under the hood with this one.
Note: this is a personal preference of mine. Any attempts at religious jousting over "which editor is better" will be ignored or deleted.
Thursday, July 24, 2003
QOTD
I've been having to think fast-on-my-feet all day and the feet in my head are tired!
-- Me
Amazingly, the mental hot tub I needed turned out to be about 3 hours of cleaning out/rewriting DNS zone files.
Wednesday, July 23, 2003
Getting more out of the BSOD
NMap Basics
Now we're being spammed by morons!!
Anyways, following is the header and body of the message after it passed through SpamAssassin. The message purported to be from rickisok@bahn.de but actually originated from a originated from an IP address belonging to the Department of Social Security of UK!!! (Methinks that someone is testing a Jeem or SoBig worm-compromised system within the GB.)
For those of you new to reading message headers, you read the "Received" lines from the bottom up (for chronological order). I can vouch for anything generated by cox.net as being legit.
|