House of Hackers

d@v|d
  • Bar Harbor, ME
  • United States
Share 

D@v|d's Friends

d@v|d's Groups

d@v|d's Discussions

HoH domain

Replied Apr 22

HoH domain

Replied Apr 22

Hacking and Magic

Replied Mar 10

 

d@v|d's Page

Gifts Received

Gift

d@v|d has not received any gifts yet

Give d@v|d a Gift

Latest Activity

rosebaby left a comment for d@v|d
November 23
cybernet alien commented on d@v|d's blog post 'How To; Windows XP local Privlage escalation reasearch. [using the "at" cmd]'
about to try that trick on win XP sp2...
November 16
d@v|d left a comment for dozzyjean
September 23
d@v|d added a photo
September 2009 002
September 23
Juza commented on d@v|d's blog post 'How To; Windows XP local Privlage escalation reasearch. [using the "at" cmd]'
Works fine for me (Win Xp sp3). Good Job!
August 13
dozzyjean left a comment for d@v|d
August 10
XayOn commented on d@v|d's blog post '"Zombie Macs Launch DoS Attack "|| BREAKING NEWS! || APPLE'S CHERY POPPED! WINDOW'S USERS GET REVENGE AFTER YEARS OF CONCEITED COMMENTS BY FANBOYS!'
Not at all, mac users tend to think their os is not vulnerable, every os is, that's all, and most important thing: most users are vulnerable :-D The problem is usually PEBKAC.
May 4
d@v|d replied to Anarchy Angel's discussion 'HoH domain'
Yeah Mod ^ Anarchy angel for Admin status!
April 22

Profile Information

Real Name:
david james
Occupation:
Technology Consultant
Website:
http://www.monkeyvat.com
Description:
Computer consultant | Hacker | from Maine.

AMD debuted its 45nm Phenom II processors

sweet

d@v|d's Photos

d@v|d's Videos

D@v|d's Blog

d@v|d

"Zombie Macs Launch DoS Attack "|| BREAKING NEWS! || APPLE'S CHERY POPPED! WINDOW'S USERS GET REVENGE AFTER YEARS OF CONCEITED COMMENTS BY FANBOYS!

APPLE'S CHERY POPPED! WINDOW'S USERS GET REVENGE FOR YEARS OF CONCEITED COMMENTS BY FANBOYS.
"OSX Botnet found and there was much rejoicing!" David James -April 16 2009

Ryan Naraine over at the "ZERO DAY" blog reports:


"Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks"

(Read more) Link,… Continue

Posted on April 17, 2009 at 1:30am — 3 Comments

d@v|d

Buiding the $800 Gaming machine [AMD Dragon Style]




I love technology, fast computers and amazing graphics; unfortunately though my budget is limited. I have been planing to build my gaming rig for a while now, waiting patiently for A.M.D. to release the Phenom x4 then the Phenom 2, and finally the new AM3 platform with support… Continue

Posted on March 30, 2009 at 6:20pm — 2 Comments

d@v|d

Poor Mans I.D.S.

I have been thinking of implementing a poor mans IDS/ file Integrity checker using a simple Md5 hash tool for quite some time.
There are Many instances where i would like to know exactly which files/folders have been altered.

Yesterday I stumbled on the perfect little [elegant?] solution for this sort of thing "File check MD5" (w00t w00t!)
http://www.brandonstaggs.com/filecheckmd5/

Continue

Posted on January 7, 2009 at 2:00am —

d@v|d

"Jump to URL" help option in Vista

In my last Blog I talked about using the "Jump to Url" option included in windows Calculator to launch a command prompt by simply inserting file:///c:/windows/system32/cmd.exe as the URL.
Keep in mind a U.R.L. stands for "Uniform Resource Locator" and simply means a specific location for a given resource.
So While it is usually used in context as a location on the web this is not the case here.
H.O.H. user univaxContinue

Posted on January 6, 2009 at 2:30am — 1 Comment

d@v|d

How To; Windows XP local Privlage escalation reasearch. [using the "at" cmd]

I wrote this my freshman year. I thought perhaps someone here will find it useful. I don't know if these techniques work in Vista. If anyone does please drop me a line For research on your own computer only. This could cause permanent problems with windows.
[It permanently caused the "Bliss" desktop to flash at boot time on my computer]

Think before you hack ...[ Am I sure this Computer/IP doesnt belong to a Hospital!?]

Windows XP local Priv
Continue

Posted on January 5, 2009 at 1:00am — 10 Comments

Comment Wall (11 comments)

You need to be a member of House of Hackers to add comments!

Join this Ning Network

At 7:45am on November 23, 2009, rosebaby said…
rose.david50@yahoo.com
HELLO
My name is miss Rose i saw your profile today at(houseofhackers.ning.com) and fund you worthy to be mine as some one whom i can lay on his arms as long as love is concern, caring and teassing you all the nightlong and ,l will also like to know you the more,and l want you to send an email to my email address (rose.david50@yahoo.com) so l can give you my picture for you to know whom l am. Here is my email address I believe we can move from here! I waiting for your mail to my email address above. miss Rose
(Remeber the distance or colour does not matter but love matters alot in life)
At 7:40am on August 10, 2009, dozzyjean said…
yeah i am the admin of the site but i created a sub name and i gave them admin privilege still yet i cannot make use of the at command
At 12:06am on April 9, 2009, Aquina said…
Sorry, but I didn't understand your question. In case you require a secure distribution you'd stick with Debian, Slackware or something like EnGarde Linux. Of couse you need to have a lot of know how. [L] is a good start for Debian. I recommend it bacause of it's superior package management system. What else do you wanna know about penetration testing? The name of the distribution you refered to is unknown to me. I think though, that Ubuntu should be roughly tested in productive environments, but that is more a matter of project management, assessments and thelike. Hardening our distro took more than one year.

[L] http://translate.google.com.au/translate?u=http%3A%2F%2Fwww.debian.org%2Fdoc%2Fmanuals%2Fsecuring-debian-howto%2Findex.de.html%23contents&sl=de&tl=en&hl=de&ie=UTF-8
At 5:05pm on April 8, 2009, Aquina said…
"Fedora Core" is ultimately outdated. The (new) Fedora releases from 7-10 are ok when it comes to up2date hardware support and usability. The repos also provide a lot of stuff. What I don't like is that functionality is broken much too often. That's why I decided to go to Canonical. ;-) We're running Ubuntu 8.04 LTS server and a hardened Xubuntu 8.04 (called "Shield Edition" v1.0) fork on our clients.
At 3:01pm on April 8, 2009, Aquina said…
Interestng profile! :-) Nevetheless I do not understand why you are still using M$ Windows!?
At 9:17pm on March 11, 2009, Cee said…
Hey thanks.. i like your photo as well.. did you photoshop that? lol
At 10:55pm on January 18, 2009, univax said…
OK, I gave a try the XP admin password hack described at the link you mentioned but I really don't see this as being very useful or practical.

I did the test with VMware running XP Pro SP3. I set up 2 accounts; one admin and one limited user. The following are some of the problems I came across:

a) The response to mkdir temphack was "access denied". No way around this. I had to go back and upgrade the limited user account to an admin account before this would work. So what's the point really?

b) Continuing on anyway, del logon.scr at first appeared to complete correctly, but the response to ren cmd.exe logon.scr was that file with same name already exists. Checking the contents of the directory showed that logon.scr was still there. Openning Windows Explorer to view the system32 folder also showed logon.scr present. I right-clicked to deleted it from explorer, It disappeared. I tried the rename command again, but with same result. Opening explorer again showed logon.scr restored to the directory. Finally I decided to delete logon.scr and rename cmd.exe to logon.scr from explorer. I then typed exit at the prompt and closed the session.

c) The logon screen after closing the session did not allow me to enter the password for any user, so had to reboot. The result however was getting the normal logon screen again. No admin shell prompt. Logged on the user as normal. Nothing different seen. Checked the system32 directory and both cmd.exe and logon.scr had been automatically restored. (?)

d) Gave up on changing logon.scr and the next step a try, c:\net user username password . Successfully changed the admin password while logged in to the other user account (but of course this worked only because the normal user account had been previously elevated to admin priviledges).

e) Changing the admin password effectively wipes out the original password. No way to restore it again to it's previous value, unless you already know what it was.

f) Covering tracks: Besides copying the contents of the temphack directory back to system32, if this hack ever did work (which I now doubt), the article fails to mention that \temphack also should be removed afterwards. On the other hand, if you irreversibly change or erase the admin password it's pretty obvious to the administrator that the computer has been hacked.

Conclusions: Not very useful since you need admin rights anyway to do anything. Messing around with logon.scr and cmd.exe in this particular case doesn't seem to accomplish anything. Actually there were several comments on the website where this was posted debating its usefulness. Also, if there was ever anything to this, note that the article is from 2006, and so Microsoft has had plenty of time to patch it (by automatically restoring cmd.exe and logon.scr if deleted for example? I don't know this for sure, just looked that way to me in my test.)

Don't think I'll ever use or recommend this hack, but it was fun trying to check it out. Let me know if you come across something else possibly interesting.
At 7:28am on January 13, 2009, Maxx said…
David, thanks for the direction. I was jus thinking all these hack tricks, if they should be called so r very usually very successfull only on stand alone sys, maybe 90% times only. I tried escalating one of the stand alone sys from guest to system acc, but it didnt work out. The biggest of the challenge is to escalate privilages from a user acc in domain logged computer to systems acc. tat wld be some real hacking !! we have resources, it needs research and direction, so i believe u wld like to initiate ?
At 11:04pm on January 6, 2009, univax said…
Hi,

Yes, I saw your new blog post about the url jump effect in Vista. Let's see if you get any more feedback on it.

The new admin shell hack you referred to looks interesting. I'll give it a try on a Windows VM I've set up when I get a chance. I'm wondering though about whether simply copying back the contents of the /temphack folder is sufficient to cover your tracks. What about the admin passwd that was changed to get it? Is it also reset to its original value when restoring back the orginal cmd.exe and logon.scr files? If so, fine. But if not, that's a clear sign someone's been in, even if the entry method is covered. I'll play around with it this weekend maybe when I have time.

Thanks.
At 10:56pm on January 5, 2009, univax said…
I think that the important thing about url jumps is that they are accessible from programs/accessories available to users from the Start menu, perhaps even if they don't have admin priviledges. I'm sure it has its limits, but deserves more investigation.

View All Comments

 
 

About

pdp pdp created this Ning Network.
 

© 2009   Created by pdp on Ning.   Create a Ning Network!

Badges  |  Report an Issue  |  Privacy  |  Terms of Service

Sign in to chat!