SOLDIERX.COM Nobody Can Stop Information Insemination

Hey guys, i know this is a question that is largely asked all over the internet but with few responses so far.
And please bare with me if any mistake arises.

Bluetooth hacking on BT4

For your case this is not a tutorial on hacking bluetooth. You can visit;-
http://www.youtube.com/watch?v=PvxccqVC4Oo
http://www.youtube.com/watch?v=6z1d3sXD9RU

The updated versions on the latest Blue_ron exploit:
http://www.youtube.com/watch?v=J5nnzA_8Uo0
http://www.youtube.com/watch?v=GsLw6QYK3cY&feature=channel

What do i have on my box
First, i wrote a script to configure my Bluetooth device so that i wouldn't have to keep typing every time i need to set it up. This is what it looks like

Just curious, are any of the people on these forums familiar with auditing code for vulnerabilities? Is anybody currently auditing code?

Looking for some good people with specific talents.

My dad lists things on CraigsList. There has been someone flagging listings like crazy. Being a genuine Pain in the ass. He has become a harassment to a whole lot of people on there. We have his IP address. is there anything that can be done? either to locate or stop this from happening? IP is: 71.97.202.249. Not looking for someone to do any foot work per-se just ideas and suggestions. Thanks.

**EDIT**
OK did some research and port scanned>open port: 4567
found a vulnerability for actiontec and westell routers designed for the Verizon FiOs service.
Has something to do with remote firmware upgrades by Verizon.
Link Here: http://www.dslreports.com/forum/r19531564-Port-4567-The-Evil-Port

Found it quite interesting but I'm not sure where to go from there.
any ideas?

Grey

I have a customer that is requesting to have a database password hacked. One of his ex employees used this program to put in client data and used their own password. Now that he is terminated from the company, no one has access to the database file. The program is called PcLaw by LexisNexis.
We just need to get the password for the admin account on this. From what I can tell, the database is using c-tree. Is there anyone that would be willing to help, as this is extremely important to the my customer.

here is the link to the backup file which does have the password in it.
http://www.jjstechnology.com/downloads/software/db/

Just pointing out that the exploit from the recent "China Hacks Google" headlines was added to the MSF exploit database.

I added a few new tutorials recently. Just finished the fast track info.

https://www.soldierx.com/tutorials/Fast-Track-Intro-Internal-Network-Havoc

https://www.soldierx.com/tutorials/Local-root-password-reset-Nokia-IPSO

https://www.soldierx.com/tutorials/Extending-your-MSF-Exploit-list-Packe...

https://www.soldierx.com/tutorials/quick-intro-DBautopwn-Framework-3

I've previously read some information on this but wanted to ask what other peoples experiences have been?
I know that a lot depends on the environment and what software was used for the virtualization, but just curious if any new exploits or ways of attack have been brought up. It's my understanding that if you gain control over the hypervisor for redhat's zen virtual environment, you are essentially able to have root on all of the virtual machines on that server. One of the articles I had previously read, stated someone attacked a virtual environment during the time when it was transferring data or doing some type of backup (<----probably incorrect terminology here).

It's because the threat of potentially loosing all servers during an attack vice just one that gets rooted; we have normally stated virtualization is a bad idea in terms of security.
But regardless of what we say "corporate" is going to say "look at all the money we can save on server cost and power bills!!!"

Hi readers

when you create a fan page on facebook, it is possible to inject malicious code in the name of the group.

the code is executed when you want to delete or stop following a fan page.

1. Creating a fan page with malicious script: http://img192.imageshack.us/si.php?img=creaciondelapagina.jpg

2. The page was created: http://img63.imageshack.us/si.php?img=paginacreada.jpg

3. fan page before to be deleted: http://img29.imageshack.us/si.php?img=eliminacion1.jpg

4. XSS on Facebook : http://img63.imageshack.us/si.php?img=eliminacion2.jpg

this vulnerability will allow malicious users to steal session or execute malicious scripts XSS, also may be used for phishing.

Att: c7b3r
http://www.colombiaunderground.org

I wanted to post this link up, we have a listing for it in the tools db, but no real info it appears after searching the site. This will get you pointed in all the write directions for brute forcing RDP/Terminal Server Session on Windows with several applications.

The link is circa 2007. but has aged well. Terminal servers are still widely used in the wild, often without even having to connect to a VPN first. This is a dismal idea. Leaving RDP in general open isn't something one should take lightly.

http://www.ethicalhacker.net/content/view/106/1/

A tip for anyone who has a company web page where after authentication to the web page (often even over http) the terminal session will pop up with the connected address right in the bar, once you have that, you simply RDP to the same ip/hostname with whatever crack app your using.

A co-worker showed me this and I thought you guys might also like to read about it, you can even test it if you have fios.

http://samy.pl/mapxss/