PaulDotCom mailing list archives
party trick to shut up the non-believers
From: jd.mubix at gmail.com (Rob Fuller)
Date: Tue, 4 May 2010 23:04:51 -0400
You could always have HackMeBank on a VM at home "SSH home to your tools" (covertly setting up your -D 8080) and "attack" a bank. Minor tweaks to logos and account balances might be in order, but "breaking in" to an account with 13 million dollars would impress most ;-) -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com Ignore this: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* On Tue, May 4, 2010 at 4:55 PM, Craig Freyman <craigfreyman at gmail.com> wrote:
My wife get's the same treatment. Using SET is the easiest way to make a point to non-technical people. Between the site?cloning?and the java applet method in set (which is still undetected by most AVs), you can grab their attention. On Tue, May 4, 2010 at 2:19 PM, Chris Blazek <chris.blazek at gmail.com> wrote:To try and convince my wife to be very careful of public networks I did a little arp poison and cranked up webspy. I had her go into the other room and pull up whatever website she wanted and then come and look at what I had on my laptop. :) I have folks telling me I'm just paranoid and overreacting. When I show them a little mitm attack, they all see my point. Another fun thing to do is load beef into a crafted web page. Have someone visit it and use one of the tools in the framework.? :) On Tue, May 4, 2010 at 12:37 PM, Robin Wood <robin at digininja.org> wrote:On 4 May 2010 18:36, Larry Pesce <larry at pauldotcom.com> wrote:He is, and I know of....I mean Bob knows of a setup similar to this. I'll see if I can get Bob to share his properly sanitized Asterisk config to do so.That would be good.- L On 5/4/10 10:45 AM, Chris Clymer wrote:Im assuming Mick is referring to Asterisk ------------------------- securityjustice.com <http://securityjustice.com> | <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> On May 3, 2010, at 11:37 PM, Michael McGrew <mmcgrew1 at mail.csuchico.edu <mailto:mmcgrew1 at mail.csuchico.edu>> wrote:Michael, I remember hearing about that software on a PDC episode. It has a name, do you know what that is? It was either the name of the software or they just gave the "attack" a catchy name. Thank you On Mon, May 3, 2010 at 7:00 PM, Michael Douglas < <mailto:mick at pauldotcom.com>mick at pauldotcom.com <mailto:mick at pauldotcom.com>> wrote: ? ? I got a little late to the party... this is *not* a hack, but it shuts ? ? everyone the hell up because it scares them. ?And I've never had any ? ? follow up questions ? ? Here's what you do. ?It costs a few dollars (pounds in your case ? ? right?), but it's so worth it. ?ssh into a server that's running some ? ? form of VoIP software. ?(skype can work for you i suppose, but I don't ? ? know CLI for skype) ?Setup a call group that has the phone number of a ? ? good amount of people at the party... the more numbers you have, the ? ? better. ?Have the VoIP software call the group all at once (the PC to ? ? phone rate is where you have to spend $) ... all phones ring at the ? ? same time. ? Even stranger, when they answer the call, they are all ? ? talking to each other. ?Warning: the effect is highly creepy. ?I ? ? thought folks would think it was funny (cause it is!) but it really ? ? freaked everyone out. ? ? That said, I tend to laugh off the "prove it" requests, unless it's ? ? some hot girl... in which case I wake up from my pleasant dream and ? ? remember there are no parties where hot ladies are asking anyone to ? ? show 1337 skills. ? ;-) ? ? - Mick ? ? On Mon, May 3, 2010 at 5:27 PM, Robin Wood < ? ? <mailto:robin at digininja.org>robin at digininja.org ? ? <mailto:robin at digininja.org>> wrote: ? ? > Thanks for all the suggestions, I think I like this one the best, I ? ? > might set something up on a site so I can access it from my ? ? phone. Tie ? ? > this with an SMS service I've got that lets me specify the sender ? ? > number I could have some fun. Email and SMS the person from someone ? ? > else in the room. ? ? > ? ? > Robin ? ? > ? ? > On 3 May 2010 20:55, Andrew Ellis < ? ? <mailto:only.samurai at gmail.com>only.samurai at gmail.com ? ? <mailto:only.samurai at gmail.com>> wrote: ? ? >> A trick I've used for a while is keeping a protected email spoofing ? ? >> form on my web server. That way when I'm asked to "demo" my ? ? skills, I ? ? >> can simply send the person an email from theirself or the like. ? ? >> ? ? >> This has the advantage of looking pretty cool to laymen and, as ? ? far as ? ? >> I know, isn't illegal. ? ? >> ? ? >> It's definitely not a "1337 hack" but it's a nice way to show the ? ? >> types of things that can be done without getting in too much ? ? trouble. ? ? >> ? ? >> -Andrew ? ? >> ? ? >> On 5/3/10, Chris Clymer < ? ? <mailto:cclymer at gmail.com>cclymer at gmail.com ? ? <mailto:cclymer at gmail.com>> wrote: ? ? >>> Rather than a live demo, better tactic might be telling a ? ? story about ? ? >>> a vulnerability in joe sixpack terms. ?The pizza coupon thing ? ? >>> (dominos?) a few months back is a good example. ? ? >>> ? ? >>> I see a lot of downsides to letting folks at a party pressure ? ? you into ? ? >>> a live demo. ?You are basically allowing strangers to SE you. ? ? ?If you ? ? >>> show a successful demo, you just know the next question will ? ? come: so ? ? >>> can you hack into so-and-so's facebook account? ;) ? ? >>> ? ? >>> When you consider the potential for demo fail too, this is ? ? really a ? ? >>> lose/lose situation :( ? ? >>> ? ? >>> ------------------------- ? ? >>> <http://securityjustice.com>securityjustice.com ? ? <http://securityjustice.com> | ? ? <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> ? ? >>> ? ? >>> ? ? >>> On May 3, 2010, at 11:54 AM, Robin Wood < ? ? <mailto:robin at digininja.org>robin at digininja.org ? ? <mailto:robin at digininja.org>> wrote: ? ? >>> ? ? >>>> Hi ? ? >>>> At a party the other day I was asked the normal question of ? ? what do I ? ? >>>> do for a living. I said security and kept it a bit vague but was ? ? >>>> pressed so explained what pen-testing is and roughly what I ? ? do. I then ? ? >>>> got the challenge, prove it, prove you can hack a company. ? ? >>>> ? ? >>>> People would say to a dentist, prove you can do a filling but ? ? this ? ? >>>> person insisted they wanted a demo. I explained the ? ? legalities and ? ? >>>> finally fobbed them off and got away but it got me thinking, has ? ? >>>> anyone got any good party tricks that they can pull in this ? ? kind of ? ? >>>> situation that give an instant wow but are easy to do and ? ? legal? Not ? ? >>>> quite legal but I was thinking if I knew any big sites with XSS I ? ? >>>> could rewrite but none came to mind at that time. ? ? >>>> ? ? >>>> Robin ? ? >>>> ______________________________________________________________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- http://www.kingbin.net/ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- party trick to shut up the non-believers, (continued)
- party trick to shut up the non-believers Robin Wood (May 03)
- party trick to shut up the non-believers Tim Krabec (May 03)
- party trick to shut up the non-believers Michael Douglas (May 03)
- party trick to shut up the non-believers Michael McGrew (May 03)
- party trick to shut up the non-believers Chris Clymer (May 04)
- party trick to shut up the non-believers Larry Pesce (May 04)
- party trick to shut up the non-believers Robin Wood (May 04)
- party trick to shut up the non-believers Chris Blazek (May 04)
- party trick to shut up the non-believers Mike Patterson (May 04)
- party trick to shut up the non-believers Craig Freyman (May 04)
- party trick to shut up the non-believers Rob Fuller (May 04)
- party trick to shut up the non-believers Bugbear (May 05)
- party trick to shut up the non-believers Robin Wood (May 05)
- party trick to shut up the non-believers Robert McGrew (May 05)
- party trick to shut up the non-believers d4ncingd4n at gmail.com (May 05)
- party trick to shut up the non-believers John Strand (May 05)
- party trick to shut up the non-believers Robin Wood (May 04)
- party trick to shut up the non-believers John Strand (May 03)