SOLDIERX.COM Nobody Can Stop Information Insemination

I figure quite a few of you enjoy reading "hack logs" and related material. The following is quite similar to the ZF0 (Zero For 0wned) e-zines that have become popular reading amongst the security/anti-security community. Check the following post for a link.

Hey guys. First off, great site, and don't ever stop.
Props aside, here's my situation. I currently enjoy a full on hi-speed cable internet connection. However, I jump back and forth between 2 locations and I need to hack the wifi at the other site. I was thinking of either attacking tengointernet or some neighboring routers.
Any suggestions?
Thanks in advance....
dechyld

hey all im just getting back into setting up networks and network security and you all know what that leads to if your implementing it all day. The urge to take it apart thats right. Anyone who would be able to give me a push in the right direction would be much obliged ive made a good effort on my own to learn thus far before asking for help.Im also getting back into c++ programming so anyone who may be experienced in that field any help or advice would be much obliged and of course if anyone need any help in return if possible il do my best.thanks in advance y'all.

Br@wdCa5t

Microsoft IIS fully patched web servers are vulnerable to remote code execution. Critical vulnerability. Any IIS server that allows users to upload images, such as an avatar, is vulnerable. By appending a semicolon with a benign file format extension, the filters that would normally prevent malicious files from being uploaded can be easily bypassed.

Example: Let's say we have a shell called c99.php and we want to upload it to an IIS web server that allows us to upload images with the .jpeg extension. All we have to do is rename the file to "c99.php;.jpg" in order to bypass the filter. Then when we go to execute the file, the server recognizes it as a php script and executes it accordingly.

Just in time for Christmas. Merry Christmas and Happy Hacking!

SET is to phishing what MSF is to hacking. (MSF = Metasploit Framework)

The following should give you a decent understanding of what SET is. Glance at the menu options listed below to get an idea of what I speak of.

[---] The Social-Engineer Toolkit (SET) [---]
[---] Written by David Kennedy (ReL1K) [---]
[---] Version: 0.3 [---]
[---] Report bugs to: [email protected] [---]

Welcome to the Social-Engineer Toolkit (SET). Your one
stop shop for all of your social-engineering needs..

UPDATE: Version 0.3 is almost completely rewritten with a
ton of new updates and improvements on existing code. Be
sure to review the readme/CHANGES to see a full listing
of new and exciting things.

Select from the menu on what you would like to do:

1. Automatic E-Mail Attacks (UPDATED)
2. Website Java Applet Attack (UPDATED)
3. Update Metasploit
4. Update SET
5. Create a Payload and Listener

A lot of fellow nerds have been asking me what has happened to their beloved milw0rm.com. To avoid a wall of text, I'll point you in the right direction -> http://exploit-db.com (or) http://explo.it -- the latter is merely a redirect to the prior.

Some of the folks from Offensive Security opted to maintain milw0rm.com and handle the many database submissions. This short lived attempt eventually manifested itself under a new name: The Exploit Database.

If you aren't familiar with the Metasploit, you're certainly missing out on it's features.

Recently a feature called Autopwn was added. This is very familiar to the Autopwn Automation included in Fast Track.
Both Framework2, 3, and Fast Track are all included in BT4 pre by defualt.

To get the db_autopwn feature, you're going to need to update with ./msfupdate from the /pentest/exploits/framework3 dir. On most machines you should also have the svn-update.sh script.

Most of this is covered in the wonderful documentation for MSF, but hopefully this will help you get started quickly. This will help the white hats bulk test with the available exploits in meta3. For the more savvy, this will just give you a way to quickly match your larger exploit list to individual hosts.

A couple things you will need are a 1. Database, 2. a host (or hosts), 3. a port scan output, 4. Exploits

schiz0id sent me here to get help.
I am having some serious trouble crackin this router. It is a BCM96348 ADSL Router from ASUS Tek. Port 23 is open on it. Any tips?

I have been trying to get this file to convert to a .doc for months with no result. I thought it would've been a simple hack, but oh no, this isnt ho-hum. A friend introduced me to this business in a box software which has .btd file extensions. Very challenging I must say for something seeming simple.
Check it out.. http://www.biztree.com/ If you manage to convert at most ONE let me know. Thanks

TORK: TOR GUI+ for BT4
----------------------------------

This guide will likely work for any Linux you toss it at, but I've only tested it on BT4 pre full disk install.

To be honest, I'm not 100% certain each of these steps is absolutely required, if you're a more advanced Linux gangster and see something that's incorrect, or not required here Please let me know. This is how I was able to get it working on my machine.

If you wondering what Tork is, it's just a fancy GUI for TOR that will let you change your identity, launch anonymous apps including Firefox, email and terminal, View your circuit, and my personal favorite. The Traffic Log. It will also allow you to start various servers and hidden services, but I wont be touching on this.

The traffic log is *Very* nice and minimal, it's 2 columns, Tor'd and non-tor'd traffic. This makes monitoring your outbound traffic very easy, and can save time vs tcp dumps and checking a test remote systems logs.