He is, and I know of....I mean Bob knows of a setup similar to this. I'll see if I can get Bob to share his properly sanitized Asterisk config to do so.
- L On 5/4/10 10:45 AM, Chris Clymer wrote: > Im assuming Mick is referring to Asterisk > > ------------------------- > securityjustice.com <http://securityjustice.com> | > <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> > > > On May 3, 2010, at 11:37 PM, Michael McGrew <[email protected] > <mailto:[email protected]>> wrote: > >> Michael, >> >> I remember hearing about that software on a PDC episode. It has a >> name, do you know what that is? It was either the name of the software >> or they just gave the "attack" a catchy name. >> >> Thank you >> >> On Mon, May 3, 2010 at 7:00 PM, Michael Douglas < >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]>> wrote: >> >> I got a little late to the party... this is *not* a hack, but it shuts >> everyone the hell up because it scares them. And I've never had any >> follow up questions >> >> Here's what you do. It costs a few dollars (pounds in your case >> right?), but it's so worth it. ssh into a server that's running some >> form of VoIP software. (skype can work for you i suppose, but I don't >> know CLI for skype) Setup a call group that has the phone number of a >> good amount of people at the party... the more numbers you have, the >> better. Have the VoIP software call the group all at once (the PC to >> phone rate is where you have to spend $) ... all phones ring at the >> same time. Even stranger, when they answer the call, they are all >> talking to each other. Warning: the effect is highly creepy. I >> thought folks would think it was funny (cause it is!) but it really >> freaked everyone out. >> >> That said, I tend to laugh off the "prove it" requests, unless it's >> some hot girl... in which case I wake up from my pleasant dream and >> remember there are no parties where hot ladies are asking anyone to >> show 1337 skills. ;-) >> >> - Mick >> >> >> On Mon, May 3, 2010 at 5:27 PM, Robin Wood < >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]>> wrote: >> > Thanks for all the suggestions, I think I like this one the best, I >> > might set something up on a site so I can access it from my >> phone. Tie >> > this with an SMS service I've got that lets me specify the sender >> > number I could have some fun. Email and SMS the person from someone >> > else in the room. >> > >> > Robin >> > >> > On 3 May 2010 20:55, Andrew Ellis < >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]>> wrote: >> >> A trick I've used for a while is keeping a protected email spoofing >> >> form on my web server. That way when I'm asked to "demo" my >> skills, I >> >> can simply send the person an email from theirself or the like. >> >> >> >> This has the advantage of looking pretty cool to laymen and, as >> far as >> >> I know, isn't illegal. >> >> >> >> It's definitely not a "1337 hack" but it's a nice way to show the >> >> types of things that can be done without getting in too much >> trouble. >> >> >> >> -Andrew >> >> >> >> On 5/3/10, Chris Clymer < >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]>> wrote: >> >>> Rather than a live demo, better tactic might be telling a >> story about >> >>> a vulnerability in joe sixpack terms. The pizza coupon thing >> >>> (dominos?) a few months back is a good example. >> >>> >> >>> I see a lot of downsides to letting folks at a party pressure >> you into >> >>> a live demo. You are basically allowing strangers to SE you. >> If you >> >>> show a successful demo, you just know the next question will >> come: so >> >>> can you hack into so-and-so's facebook account? ;) >> >>> >> >>> When you consider the potential for demo fail too, this is >> really a >> >>> lose/lose situation :( >> >>> >> >>> ------------------------- >> >>> <http://securityjustice.com>securityjustice.com >> <http://securityjustice.com> | >> <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> >> >>> >> >>> >> >>> On May 3, 2010, at 11:54 AM, Robin Wood < >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]>> wrote: >> >>> >> >>>> Hi >> >>>> At a party the other day I was asked the normal question of >> what do I >> >>>> do for a living. I said security and kept it a bit vague but was >> >>>> pressed so explained what pen-testing is and roughly what I >> do. I then >> >>>> got the challenge, prove it, prove you can hack a company. >> >>>> >> >>>> People would say to a dentist, prove you can do a filling but >> this >> >>>> person insisted they wanted a demo. I explained the >> legalities and >> >>>> finally fobbed them off and got away but it got me thinking, has >> >>>> anyone got any good party tricks that they can pull in this >> kind of >> >>>> situation that give an instant wow but are easy to do and >> legal? Not >> >>>> quite legal but I was thinking if I knew any big sites with XSS I >> >>>> could rewrite but none came to mind at that time. >> >>>> >> >>>> Robin >> >>>> _______________________________________________ >> >>>> Pauldotcom mailing list >> >>>> >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]> >> >>>> >> >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>>> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> >>> _______________________________________________ >> >>> Pauldotcom mailing list >> >>> >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]> >> >>> >> >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> >>> >> >> >> >> >> >> -- >> >> Andrew >> >> <http://blog.psych0tik.net>http://blog.psych0tik.net >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]> >> >> >> >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> >> >> > _______________________________________________ >> > Pauldotcom mailing list >> > >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]> >> > >> >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> > >> _______________________________________________ >> Pauldotcom mailing list >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]> >> >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] <mailto:[email protected]> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
