Interesting conversation

Discussion in 'Computer Security' started by johns, Feb 25, 2004.

  1. johns

    johns Guest

    I'm sitting in the CAD lab today installing software, and
    I overhear a conversation between two Ag Engineering
    students. Now these guys are not normally all that interested in computers
    ... too outdoorsy. One says to
    the other: "I tried this program today, and it only took
    me about 3 minutes to crack into his laptop" ... guy
    was nodding towards another student across the room,
    and indicating his own wireless system. I leaned over
    and quietly asked, "Where did you get that?" He said,
    "I just downloaded it off the web. It is free." It worked
    too. We sat and toured our victims hard drive, and
    he suspected nothing. The students teach me plenty
    here. Couple months ago, I dl'd a little proxy server
    which took about 30 sec to install on my workstation.
    Ran it, and it analyzed our University Network, and
    said, "Ready". I went into the CAD lab which is on a
    tightly secured network limited to our domain only ...
    pointed IE6 to the proxy, and was out like a jailbird
    in 2 minutes ... one of those minutes was spent walking
    to the lab. It took me a month to set up that secured
    network. Hackerware busted it in 1 min 30 sec.
    Couple years ago, I dl'd a Linux / ntfs passwd cracker.
    It generates a bootable floppy, and can crack any
    ntfs passwd. Useful to me when the locals corrupt
    their boxes ... also free to anybody else. ???

    johns
     
    johns, Feb 25, 2004
    #1
    1. Advertising

  2. johns

    Jim Watt Guest

    On Tue, 24 Feb 2004 22:58:09 -0800, "johns" <>
    wrote:

    >Couple years ago, I dl'd a Linux / ntfs passwd cracker.
    >It generates a bootable floppy, and can crack any
    >ntfs passwd. Useful to me when the locals corrupt
    >their boxes ... also free to anybody else. ???


    Interesting.

    However, is there one that works with W2K as
    I tried the NT version that I used to solve those sorts
    of problems and the machine I tested it on became
    un-usable after running it. The disk was a new install
    so there was nothing lost.

    However, this reinforces the view that physical
    security of servers is important.
    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Feb 25, 2004
    #2
    1. Advertising

  3. johns

    John Guest

    Jim Watt wrote:
    >>Couple years ago, I dl'd a Linux / ntfs passwd cracker.
    >>It generates a bootable floppy, and can crack any
    >>ntfs passwd. Useful to me when the locals corrupt
    >>their boxes ... also free to anybody else. ???

    >
    > However, is there one that works with W2K as


    ERD Commander?
     
    John, Feb 25, 2004
    #3
  4. johns

    johns Guest


    > However, is there one that works with W2K


    Yep. Works fine with any ntfs file system ..
    directly edits the SAM file, and changes the
    passwd to whatever you want. Has never
    failed on any system I've tried .. NT4, W2K, XP

    > However, this reinforces the view that physical
    > security of servers is important.


    Not anymore. That little laptop program was
    running remote. Guy says he can sit outside a
    building and see other systems. This wireless
    thing is a whole new ballgame ( ugh - metaphor )!
    I just put in a request to my dept to get me
    one. I need to go talk to the hacker students
    and get them to teach me how to vandalize
    proper. Then I can MAYBE defend my labs.
    It is scary to see how really smart some of
    this crap is. My little proxy server is only 30k,
    and it ate our network security. I'm having to
    gpedit every single system by hand to prevent
    proxy access now. Of course the laptops can
    hook in by USB, and get right out on wireless.

    johns
     
    johns, Feb 25, 2004
    #4
  5. johns

    johns Guest


    > ERD Commander?


    vmlinuz .... .. offshore! I don't know if it
    is legal to have or use it, but it is out there,
    and it works perfectly. One dangerous little
    floppy !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! The
    only defense against it is no bootable removable
    disks, and passwd on bios .. fat chance!
    The free hacker stuff is now way smarter than
    we are. I admit it. If security people don't get
    this stuff dl'd and study it, they are in for some
    nasty little surprises.

    johns
     
    johns, Feb 25, 2004
    #5
  6. johns

    Jim Watt Guest

    On Wed, 25 Feb 2004 09:23:14 -0800, "johns" <>
    wrote:

    >
    >> ERD Commander?

    >
    >vmlinuz .... .. offshore! I don't know if it
    >is legal to have or use it, but it is out there,


    Why should it be illegal? I don't live in a police state.

    Although the last NT machine I had to do password
    recovery on belonged to the Police. It came with
    an officer to guard it.

    >The free hacker stuff is now way smarter than
    >we are.


    I don't think so, and as pointed out, physical
    security prevents anyone doing this sort of thing
    against servers.


    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Feb 25, 2004
    #6
  7. johns wrote:

    >
    >> ERD Commander?

    >
    >vmlinuz .... .. offshore! I don't know if it
    >is legal to have or use it, but it is out there,
    >and it works perfectly. One dangerous little
    >floppy !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! The
    >only defense against it is no bootable removable
    >disks, and passwd on bios .. fat chance!
    >The free hacker stuff is now way smarter than
    >we are. I admit it. If security people don't get
    >this stuff dl'd and study it, they are in for some
    >nasty little surprises.
    >
    >johns


    This serves to underscore the fact that you (as many others have
    pointed out) are too ignorant to be in the computer security field.
    Vmlinuz is not a program, it's the compressed Linux kernel.
     
    Micheal Robert Zium, Feb 25, 2004
    #7
  8. johns

    johns Guest


    > Vmlinuz is not a program, it's the compressed Linux kernel.


    No dumbass! It is a hint for the informed to go get it
    if they need it ... NOTE: ....."uz" Nincompoop!
    It is offshore!

    johns
     
    johns, Feb 25, 2004
    #8
  9. johns

    JT Guest

    On Wed, 25 Feb 2004 15:51:41 -0800, "johns" <>
    wrote:

    >
    >> Vmlinuz is not a program, it's the compressed Linux kernel.

    >
    >No dumbass! It is a hint for the informed to go get it
    >if they need it ... NOTE: ....."uz" Nincompoop!
    >It is offshore!
    >
    >johns
    >


    The uz has nothing to do with "offshore" That is just name ALWAYS assigned
    to Any compressed linux kernel, which by itself does nothing for this
    topic. If you actually new Linux, you would know that you get a vmlinuz
    file every time you compile a kernel. You would also know that it only
    contains the kernel, and no other programs.
     
    JT, Feb 26, 2004
    #9
  10. johns

    johns Guest

    I just can't believe the stupidity here. Go google
    vmlinuz and passwd cracking .. and take the offshore
    link to SWEDEN. What kind of security group is
    this? You guys seem really lost when it comes to
    the details of this subject. If we are going to have
    useful discussions without "selling the store" all of
    you are going to have to catch up, because the kids
    are miles ahead of you .. and they don't have to
    know beans to do it.

    johns
     
    johns, Feb 26, 2004
    #10
  11. johns

    JT Guest

    On Thu, 26 Feb 2004 09:33:53 -0800, "johns" <>
    wrote:

    >I just can't believe the stupidity here. Go google
    >vmlinuz and passwd cracking .. and take the offshore
    >link to SWEDEN. What kind of security group is
    >this? You guys seem really lost when it comes to
    >the details of this subject. If we are going to have
    >useful discussions without "selling the store" all of
    >you are going to have to catch up, because the kids
    >are miles ahead of you .. and they don't have to
    >know beans to do it.
    >
    >johns
    >


    What revelation are you trying to put out here? 1, that there are many
    programs that will crack NT/2K/XP/?? passwords? Or 2. that many of them
    will run on small self booting Linux disks? Neither of those is new, and
    Vmlinuz just gets you into threads dealing with Linux.

    This is very old news. If it is new to you, then you are the one way out of
    touch with security. The speed that the passwords were found indicate
    ignorant users with weak, simple, or dictionary based passwords. Why were
    you surprised. The tools to do that have been out there for years. No
    vmlinuz required. No Sweden required. Just simple, even dos based tools and
    access to the machine is all that is needed.
     
    JT, Feb 26, 2004
    #11
  12. On 26 Feb 2004, in news:c1laml$bj6$, "johns"
    <> scrawled:

    > ... because the kids are miles ahead of you .. and they don't have to
    > know beans to do it.
    >
    > johns
    >
    >


    Because there are plenty of scripts and freely available "tools" to do this
    without requiring complete and correct knowledge on the part of the "user".

    Hmmm, perhaps you fall in that skiddie group (??)

    --
    Skorpion (CET)

    -------------------------------------------------------------
    People who wear Halloween costumes are sometimes mistaken for
    monsters.
    -- Bruce Sterling
    -------------------------------------------------------------
     
    Skorpion (CET), Feb 26, 2004
    #12
  13. johns

    Dazz Guest

    On Thu, 26 Feb 2004 09:33:53 -0800, "johns" <>
    wrote:

    >I just can't believe the stupidity here. Go google
    >vmlinuz and passwd cracking .. and take the offshore
    >link to SWEDEN.


    I've googled for "vmlinuz & password cracking" and I didn't see
    anything with a link to Sweden.

    http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=vmlinuz & password cracking&spell=1

    Perhaps you'd like to post the link here, unless you're full of shit.

    Do you happen to know what vmlinuz, in respect to linux, is?

    Doesn't sound like it.

    Ever used Linux?

    Doesn't sound like it.

    By the way, the following is a Norwegian link, but it does exactly
    what you are saying the "vmlinuz password cracking" program does.

    http://home.eunet.no/~pnordahl/ntpasswd/

    That isn't the link you have been referring to, is it?

    Did you realise that there is also a bootable CD and not just a
    floppy? I've been using it for a year or two already.

    >What kind of security group is
    >this? You guys seem really lost when it comes to
    >the details of this subject.


    No, we're all just trying to deal with a damn fool who posts
    information that is years old, but has only just discovered it.

    >If we are going to have
    >useful discussions without "selling the store" all of


    Umm, we do have useful discussions in alt.computer.security. Or at
    least that is until some moron comes along who posts stuff that is
    years old and that everyone already knows about.

    My question is, what kind of a moron are you? I don't think you're
    really all that capable of having a "useful discussion" because it's
    quite clear that you know less than the average script kiddy when it
    comes to security ... and they usually know **** all.

    >you are going to have to catch up, because the kids
    >are miles ahead of you .. and they don't have to
    >know beans to do it.


    lol. The kids are miles ahead of you, but they aren't necessarily
    miles ahead of *everyone* in this group.

    First of all, you showed your naivety in this newsgroup by being
    surprised about various software that can crack passwords, allow you
    to access wireless networks etc.

    This is old stuff.

    But what you showed to me in your first and subsequent posts, is that
    you shouldn't even be looking after a network, let alone a single
    solitary desktop.

    Do yourself a favour and disconnect from the internet for ever.

    Actually, I'm sure you'd be doing everyone a favour.

    Dazz

    >johns
    >
     
    Dazz, Feb 27, 2004
    #13
  14. johns

    Jim Watt Guest

    On Wed, 25 Feb 2004 09:13:59 -0800, "johns" <>
    wrote:

    >Not anymore. That little laptop program was
    >running remote. Guy says he can sit outside a
    >building and see other systems. This wireless
    >thing is a whole new ballgame


    Read the manuals and look under the topics
    Encryption, non advertising, restrict MAC address

    Witeless can be hard or easy, depending on what you
    want. Whatever, it would have been hard to use one
    from the last serious computer room I built as it was inside
    a welded steel box.
    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Feb 27, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Justin

    one way voice conversation

    Justin, Dec 14, 2003, in forum: Cisco
    Replies:
    0
    Views:
    555
    Justin
    Dec 14, 2003
  2. john.janebutler

    msn messenger 6.0 - webcam conversation

    john.janebutler, Sep 11, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    471
    john.janebutler
    Sep 11, 2003
  3. Frez

    Audio conversation----help

    Frez, Nov 25, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    499
  4. anthonyberet
    Replies:
    7
    Views:
    555
    anthonyberet
    Jan 3, 2004
  5. Replies:
    5
    Views:
    508
    Whiskers
    Aug 19, 2006
Loading...

Share This Page