Happy-Dude's Friends

View All

Happy-Dude's Groups

HoH Incubator

44 members
C/C++ Programmers

91 members

Reversing

195 members
Student h4x0r's

208 members

[PHCN]

32 members

View All

Happy-Dude's Discussions

help me

Replied Sep. 21, 2008

What os do you use to hack?

Replied Sep. 13, 2008

What is your current security setup?

Replied Sep. 13, 2008

View All

Happy-Dude's Page

Latest Activity

Profile Information

Real Name:

Stan

Occupation:

Student

Comment Wall (16 comments)

You need to be a member of House of Hackers to add comments!

Join this Ning Network

At 4:40pm on December 22, 2008, System_Admin said…: Hey i wanted to let you know about www.4shared.com
you can search for dumps on that site and dl them FYI

At 4:36pm on September 16, 2008, Aquina said…: :-) This [1] will help you when it comes to understanding the usage of IPM within OSes. Finally I wouldn't try to understand IP-Masquerading itself only, because you need to gather how the OS makes use out of it. I furthermore assume that you don't care too much about academical stuff. In case you need decision-trees, math. models, code or something like that I recommend you to study IT/CS or read domething like "The Design Of The UNIX Operating System" (Prentice Hall) or become a kernel hacker. ;-))

1] http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/index.html

At 12:35pm on August 5, 2008, System_Admin said…: No issues at work
Patched Immediately
Since i work for the Government we had the patches when the vendors did before they were released to the public.

At 11:51am on August 1, 2008, System_Admin said…: Alright in regards to Dan's DNS finding
1) Port Randimization allows users to be pushed to incorrect sites or locations for other protocol transfers.
2) The DNS flaw is right because it is part of the underlying source code. No one can change this all that can be done is to hide it aka basically make it time consuming to hack.
3) Simply put it this way if you can point a user that thinks they are going to www.google.com to send them www.sysadmins.google.com and insert and flash or Active X download script you can take control of there network. For example the TTL (Time to live) on a cache of a company may be 24 hours. If you can change this within say the first 19 hours of the ttl then you will have every user and server pushing ppl to www.sysadmin.google.com for 5 hours. This could allow you to push malicious software to every machine that accesses this site.
You could also infect a server with Malicious code this way and allow you to manually at a later time reroute whatever traffic you wanted provided the code you gave the server allows access at any time.
Dan will show examples of how and what to do
I may attend this Security conference however if i do not there will be video streams of this online this way we can watch it.
Basically its explained like this if you are trying to penetrate a home user it is not worth it. The best ones would be an ISP server.
You then have thousands or millions of users pointing to a fake location.
I have done some reverse engineering on the patches from Microsoft and they have done a great job covering up this error in the code.
Since this exploit is in the source code in order to completly fix it you would have to rewrite DNS which is almost impossible considering it is implementing on every router/switch/server/host in the world
regardless of the O/S
Any other questions?

At 2:42pm on July 30, 2008, System_Admin said…: What is your questions on the reading you sent me regarding Dan's DNS exploit ?
Anything Specific?

At 12:13pm on July 26, 2008, System_Admin said…: im doing a server upgrade today so while i have some downtime i will read up and let you know details about this DNS flaw dan found

At 1:22pm on July 24, 2008, System_Admin said…: I havent forgot about the email you sent me im on work trip ill be home sunday ill send it to you when i get home
I have the file on my server @ home
Just wanted to update you on the software

At 4:56pm on July 23, 2008, Aquina said…: Yeah it's over but I have to do some stuff within the next weeks. There's a lot of work to do which I cannot talk about. Finding the balance can be difficult at times... :-/

What are you doing?

At 11:43am on July 22, 2008, System_Admin said…: I never received your email regarding the A+ send it to michaeloconnell3@gmail.com
other then that regarding DNS port randimization allows for mutiple data I/O and allows for updates and upgrades on network access in the future. Dan's DNS flaw has to do with the source level of DNS. I dont really have much more information on that yet since the Convention where he will release the flaw is in the beginning of august once i get more information i can give you an explaination of it.

At 7:02pm on July 9, 2008, System_Admin said…: I sent you an email back
Check it and then you will get the software
buddy

No comments yet!

View All Comments

Welcome to
House of Hackers

Sign Up
or Sign In

About

pdp created this Ning Network.

Badges | Report an Issue | Privacy | Terms of Service