Guy pestering you sounds like a tool. Personally I would have told him to get away from me or I was going to demonstrate how a nose bleeds. That wouldn't fit you "legal" requirements I suppose and I have been told I need to manage my anger ;)
On Tue, May 4, 2010 at 11:04 PM, Rob Fuller <[email protected]> wrote: > You could always have HackMeBank on a VM at home "SSH home to your > tools" (covertly setting up your -D 8080) and "attack" a bank. Minor > tweaks to logos and account balances might be in order, but "breaking > in" to an account with 13 million dollars would impress most ;-) > > > -- > Rob Fuller | Mubix > Room362.com | Hak5.org | TheAcademyPro.com > Ignore this: > x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* > > > > > On Tue, May 4, 2010 at 4:55 PM, Craig Freyman <[email protected]> wrote: >> My wife get's the same treatment. Using SET is the easiest way to make a >> point to non-technical people. Between the site cloning and the java applet >> method in set (which is still undetected by most AVs), you can grab their >> attention. >> >> On Tue, May 4, 2010 at 2:19 PM, Chris Blazek <[email protected]> wrote: >>> >>> To try and convince my wife to be very careful of public networks I did a >>> little arp poison and cranked up webspy. I had her go into the other room >>> and pull up whatever website she wanted and then come and look at what I had >>> on my laptop. :) >>> >>> I have folks telling me I'm just paranoid and overreacting. When I show >>> them a little mitm attack, they all see my point. >>> >>> Another fun thing to do is load beef into a crafted web page. Have someone >>> visit it and use one of the tools in the framework. :) >>> >>> >>> >>> >>> >>> On Tue, May 4, 2010 at 12:37 PM, Robin Wood <[email protected]> wrote: >>>> >>>> On 4 May 2010 18:36, Larry Pesce <[email protected]> wrote: >>>> > He is, and I know of....I mean Bob knows of a setup similar to this. >>>> > I'll see if I can get Bob to share his properly sanitized Asterisk >>>> > config to do so. >>>> >>>> That would be good. >>>> >>>> > >>>> > - L >>>> > >>>> > >>>> > >>>> > On 5/4/10 10:45 AM, Chris Clymer wrote: >>>> >> Im assuming Mick is referring to Asterisk >>>> >> >>>> >> ------------------------- >>>> >> securityjustice.com <http://securityjustice.com> | >>>> >> <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> >>>> >> >>>> >> >>>> >> On May 3, 2010, at 11:37 PM, Michael McGrew >>>> >> <[email protected] >>>> >> <mailto:[email protected]>> wrote: >>>> >> >>>> >>> Michael, >>>> >>> >>>> >>> I remember hearing about that software on a PDC episode. It has a >>>> >>> name, do you know what that is? It was either the name of the >>>> >>> software >>>> >>> or they just gave the "attack" a catchy name. >>>> >>> >>>> >>> Thank you >>>> >>> >>>> >>> On Mon, May 3, 2010 at 7:00 PM, Michael Douglas < >>>> >>> <mailto:[email protected]>[email protected] >>>> >>> <mailto:[email protected]>> wrote: >>>> >>> >>>> >>> I got a little late to the party... this is *not* a hack, but it >>>> >>> shuts >>>> >>> everyone the hell up because it scares them. And I've never had >>>> >>> any >>>> >>> follow up questions >>>> >>> >>>> >>> Here's what you do. It costs a few dollars (pounds in your case >>>> >>> right?), but it's so worth it. ssh into a server that's running >>>> >>> some >>>> >>> form of VoIP software. (skype can work for you i suppose, but I >>>> >>> don't >>>> >>> know CLI for skype) Setup a call group that has the phone number >>>> >>> of a >>>> >>> good amount of people at the party... the more numbers you have, >>>> >>> the >>>> >>> better. Have the VoIP software call the group all at once (the >>>> >>> PC to >>>> >>> phone rate is where you have to spend $) ... all phones ring at >>>> >>> the >>>> >>> same time. Even stranger, when they answer the call, they are >>>> >>> all >>>> >>> talking to each other. Warning: the effect is highly creepy. I >>>> >>> thought folks would think it was funny (cause it is!) but it >>>> >>> really >>>> >>> freaked everyone out. >>>> >>> >>>> >>> That said, I tend to laugh off the "prove it" requests, unless >>>> >>> it's >>>> >>> some hot girl... in which case I wake up from my pleasant dream >>>> >>> and >>>> >>> remember there are no parties where hot ladies are asking anyone >>>> >>> to >>>> >>> show 1337 skills. ;-) >>>> >>> >>>> >>> - Mick >>>> >>> >>>> >>> >>>> >>> On Mon, May 3, 2010 at 5:27 PM, Robin Wood < >>>> >>> <mailto:[email protected]>[email protected] >>>> >>> <mailto:[email protected]>> wrote: >>>> >>> > Thanks for all the suggestions, I think I like this one the >>>> >>> best, I >>>> >>> > might set something up on a site so I can access it from my >>>> >>> phone. Tie >>>> >>> > this with an SMS service I've got that lets me specify the >>>> >>> sender >>>> >>> > number I could have some fun. Email and SMS the person from >>>> >>> someone >>>> >>> > else in the room. >>>> >>> > >>>> >>> > Robin >>>> >>> > >>>> >>> > On 3 May 2010 20:55, Andrew Ellis < >>>> >>> <mailto:[email protected]>[email protected] >>>> >>> <mailto:[email protected]>> wrote: >>>> >>> >> A trick I've used for a while is keeping a protected email >>>> >>> spoofing >>>> >>> >> form on my web server. That way when I'm asked to "demo" my >>>> >>> skills, I >>>> >>> >> can simply send the person an email from theirself or the >>>> >>> like. >>>> >>> >> >>>> >>> >> This has the advantage of looking pretty cool to laymen and, >>>> >>> as >>>> >>> far as >>>> >>> >> I know, isn't illegal. >>>> >>> >> >>>> >>> >> It's definitely not a "1337 hack" but it's a nice way to show >>>> >>> the >>>> >>> >> types of things that can be done without getting in too much >>>> >>> trouble. >>>> >>> >> >>>> >>> >> -Andrew >>>> >>> >> >>>> >>> >> On 5/3/10, Chris Clymer < >>>> >>> <mailto:[email protected]>[email protected] >>>> >>> <mailto:[email protected]>> wrote: >>>> >>> >>> Rather than a live demo, better tactic might be telling a >>>> >>> story about >>>> >>> >>> a vulnerability in joe sixpack terms. The pizza coupon thing >>>> >>> >>> (dominos?) a few months back is a good example. >>>> >>> >>> >>>> >>> >>> I see a lot of downsides to letting folks at a party pressure >>>> >>> you into >>>> >>> >>> a live demo. You are basically allowing strangers to SE you. >>>> >>> If you >>>> >>> >>> show a successful demo, you just know the next question will >>>> >>> come: so >>>> >>> >>> can you hack into so-and-so's facebook account? ;) >>>> >>> >>> >>>> >>> >>> When you consider the potential for demo fail too, this is >>>> >>> really a >>>> >>> >>> lose/lose situation :( >>>> >>> >>> >>>> >>> >>> ------------------------- >>>> >>> >>> <http://securityjustice.com>securityjustice.com >>>> >>> <http://securityjustice.com> | >>>> >>> <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> >>>> >>> >>> >>>> >>> >>> >>>> >>> >>> On May 3, 2010, at 11:54 AM, Robin Wood < >>>> >>> <mailto:[email protected]>[email protected] >>>> >>> <mailto:[email protected]>> wrote: >>>> >>> >>> >>>> >>> >>>> Hi >>>> >>> >>>> At a party the other day I was asked the normal question of >>>> >>> what do I >>>> >>> >>>> do for a living. I said security and kept it a bit vague but >>>> >>> was >>>> >>> >>>> pressed so explained what pen-testing is and roughly what I >>>> >>> do. I then >>>> >>> >>>> got the challenge, prove it, prove you can hack a company. >>>> >>> >>>> >>>> >>> >>>> People would say to a dentist, prove you can do a filling >>>> >>> but >>>> >>> this >>>> >>> >>>> person insisted they wanted a demo. I explained the >>>> >>> legalities and >>>> >>> >>>> finally fobbed them off and got away but it got me thinking, >>>> >>> has >>>> >>> >>>> anyone got any good party tricks that they can pull in this >>>> >>> kind of >>>> >>> >>>> situation that give an instant wow but are easy to do and >>>> >>> legal? Not >>>> >>> >>>> quite legal but I was thinking if I knew any big sites with >>>> >>> XSS I >>>> >>> >>>> could rewrite but none came to mind at that time. >>>> >>> >>>> >>>> >>> >>>> Robin >>>> >>> >>>> _______________________________________________ >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> >>> >>> >>> -- >>> http://www.kingbin.net/ >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
