«

I'm sitting in the CAD lab today installing software, and
I overhear a conversation between two Ag Engineering
students. Now these guys are not normally all that interested in computers
... too outdoorsy. One says to
the other: "I tried this program today, and it only took
me about 3 minutes to crack into his laptop" ... guy
was nodding towards another student across the room,
and indicating his own wireless system. I leaned over
and quietly asked, "Where did you get that?" He said,
"I just downloaded it off the web. It is free." It worked
too. We sat and toured our victims hard drive, and
he suspected nothing. The students teach me plenty
here. Couple months ago, I dl'd a little proxy server
which took about 30 sec to install on my workstation.
Ran it, and it analyzed our University Network, and
said, "Ready". I went into the CAD lab which is on a
tightly secured network limited to our domain only ...
pointed IE6 to the proxy, and was out like a jailbird
in 2 minutes ... one of those minutes was spent walking
to the lab. It took me a month to set up that secured
network. Hackerware busted it in 1 min 30 sec.
Couple years ago, I dl'd a Linux / ntfs passwd cracker.
It generates a bootable floppy, and can crack any
ntfs passwd. Useful to me when the locals corrupt
their boxes ... also free to anybody else. ???

johns

On Tue, 24 Feb 2004 22:58:09 -0800, "johns" <>
wrote:

>Couple years ago, I dl'd a Linux / ntfs passwd cracker.
>It generates a bootable floppy, and can crack any
>ntfs passwd. Useful to me when the locals corrupt
>their boxes ... also free to anybody else. ???

Interesting.

However, is there one that works with W2K as
I tried the NT version that I used to solve those sorts
of problems and the machine I tested it on became
un-usable after running it. The disk was a new install
so there was nothing lost.

However, this reinforces the view that physical
security of servers is important.
--
Jim Watt http://www.gibnet.com

Jim Watt wrote:
>>Couple years ago, I dl'd a Linux / ntfs passwd cracker.
>>It generates a bootable floppy, and can crack any
>>ntfs passwd. Useful to me when the locals corrupt
>>their boxes ... also free to anybody else. ???
>
> However, is there one that works with W2K as

ERD Commander?

> However, is there one that works with W2K

Yep. Works fine with any ntfs file system ..
directly edits the SAM file, and changes the
passwd to whatever you want. Has never
failed on any system I've tried .. NT4, W2K, XP

> However, this reinforces the view that physical
> security of servers is important.

Not anymore. That little laptop program was
running remote. Guy says he can sit outside a
building and see other systems. This wireless
thing is a whole new ballgame ( ugh - metaphor )!
I just put in a request to my dept to get me
one. I need to go talk to the hacker students
and get them to teach me how to vandalize
proper. Then I can MAYBE defend my labs.
It is scary to see how really smart some of
this crap is. My little proxy server is only 30k,
and it ate our network security. I'm having to
gpedit every single system by hand to prevent
proxy access now. Of course the laptops can
hook in by USB, and get right out on wireless.

johns

> ERD Commander?

vmlinuz .... .. offshore! I don't know if it
is legal to have or use it, but it is out there,
and it works perfectly. One dangerous little
floppy !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! The
only defense against it is no bootable removable
disks, and passwd on bios .. fat chance!
The free hacker stuff is now way smarter than
we are. I admit it. If security people don't get
this stuff dl'd and study it, they are in for some
nasty little surprises.

johns

On Wed, 25 Feb 2004 09:23:14 -0800, "johns" <>
wrote:

>
>> ERD Commander?
>
>vmlinuz .... .. offshore! I don't know if it
>is legal to have or use it, but it is out there,

Why should it be illegal? I don't live in a police state.

Although the last NT machine I had to do password
recovery on belonged to the Police. It came with
an officer to guard it.

>The free hacker stuff is now way smarter than
>we are.

I don't think so, and as pointed out, physical
security prevents anyone doing this sort of thing
against servers.


--
Jim Watt http://www.gibnet.com

johns wrote:

>
>> ERD Commander?
>
>vmlinuz .... .. offshore! I don't know if it
>is legal to have or use it, but it is out there,
>and it works perfectly. One dangerous little
>floppy !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! The
>only defense against it is no bootable removable
>disks, and passwd on bios .. fat chance!
>The free hacker stuff is now way smarter than
>we are. I admit it. If security people don't get
>this stuff dl'd and study it, they are in for some
>nasty little surprises.
>
>johns

This serves to underscore the fact that you (as many others have
pointed out) are too ignorant to be in the computer security field.
Vmlinuz is not a program, it's the compressed Linux kernel.

> Vmlinuz is not a program, it's the compressed Linux kernel.

No dumbass! It is a hint for the informed to go get it
if they need it ... NOTE: ....."uz" Nincompoop!
It is offshore!

johns

On Wed, 25 Feb 2004 15:51:41 -0800, "johns" <>
wrote:

>
>> Vmlinuz is not a program, it's the compressed Linux kernel.
>
>No dumbass! It is a hint for the informed to go get it
>if they need it ... NOTE: ....."uz" Nincompoop!
>It is offshore!
>
>johns
>

The uz has nothing to do with "offshore" That is just name ALWAYS assigned
to Any compressed linux kernel, which by itself does nothing for this
topic. If you actually new Linux, you would know that you get a vmlinuz
file every time you compile a kernel. You would also know that it only
contains the kernel, and no other programs.

I just can't believe the stupidity here. Go google
vmlinuz and passwd cracking .. and take the offshore
link to SWEDEN. What kind of security group is
this? You guys seem really lost when it comes to
the details of this subject. If we are going to have
useful discussions without "selling the store" all of
you are going to have to catch up, because the kids
are miles ahead of you .. and they don't have to
know beans to do it.

johns