User Controls
Posts by Sophie
-
2016-01-30 at 10:09 PM UTC in IP Address Question
Apparently I can't send a PM because I have to many PM saved, even though I deleted them, so I'll send it here publicly…
Dear Sophie,
Where is your SQL injection thread? I come across a site that requires a password that is exactly 8 digits long(no shorter, no longer) and I can insert what ever I want into it, regardless of length or characters(but only via a proxy). Any help would be appreciated.
Here ya go http://niggasin.space/forum/technophiliacs-technophiles/38308-sophie-s-basic-sql-injection-and-sqlmap-tutorial -
2016-01-29 at 5:03 PM UTC in How to get the most out of you cocaine.
Shit just buy some good coke dummy.
I got good coke, this just makes it better. I'm more of a meth person myself. -
2016-01-29 at 4:48 PM UTC in Pimp my network
Yeah basically.
I overwrote existing disk space and then selected the encrypt option when installing my distro. Afterwards I created a temporary user, logged in, encrypted my home folder, logged into my user account, deleted the temp user and destroyed the logs.
Then I toyed around and changed the splash screen and stuff.
I have a math exam I've been studying for so I haven't been paying as much attention to my computers. I plan on installing VeraCrypt tonight if I don't wind up seeing this MILF tonight.
Sure thing, like i said, the more encryption you have the better you frustrate forensic efforts. In my opinion VeraCrypt is one of the best encryption tools out there and i would reccomend looking into it for sure. -
2016-01-29 at 4:41 PM UTC in IP Address QuestionThey'd all have a different local adress, whether they have different public IP's would depend on the network configuration to the best of my knowledge.
-
2016-01-29 at 4:31 PM UTC in Pimp my network
So what do you think about just encrypting your drives when you install the Linux Distro and adding a 35+ character password? What if I already did this, should I encrypt it again through VeraCrypt? Suppose I already encrypted my home folder, my drive, and put a 17+ character password to lock my HDD.
Can't have enough encryption lol. But i take it you mean encrypting your Linux install during the installation process?
-
2016-01-29 at 1:08 PM UTC in Pimp my network
Development for TrueCrypt stopped in early 2014 after it was endorsed by Edward Snowden and the group actively encourages you to switch to more secure software. TrueCrypt is open source. I thought I had heard that VeraCrypt was also bad news but I'll have to check that again now.
http://www.pcworld.com/article/2987439/encryption/newly-found-truecrypt-flaw-allows-full-system-compromise.html
Just one of 100 articles like that discussing various TrueCrypt vulnerabilities.
-
2016-01-29 at 12:56 PM UTC in any good doxers on here? can payI'd redirect you to the PA thread on Baphomet but if this is the person who i think it is i don't think you'd like a bunch of bapholes having said person's PI.
-
2016-01-29 at 12 AM UTC in Pimp my network
Yeah basically.
Hey I thought everyone was staying away from Veracrypt?
Nope that's TrueCrypt. -
2016-01-28 at 11:47 PM UTC in Pimp my network
This doesn't really address my point at all seeing as you're talking about a pretty decent set-up. The average person isn't using that many layers of anonymity, which is what I was talking about. Using a VPN and TOR was the discussion at hand, which in and of themselves don't t leave people as anonymous as most of them think they are. I've even heard this kind of talk in tinychat where people think they're invincible because they're on TOR.
Also I don't use VeraCrypt.
I'm pretty happy with my setup.
Sorry i didn't read your post entirely, in any event though, if people don't opsec, that's their problem not mine. -
2016-01-28 at 11:37 PM UTC in Ok guise lets commandeer this network for keks.
Is there any valuable data within this network, or is it just a network to play with?
No clue, so far all i'll i've able to access is the router. -
2016-01-28 at 11:30 PM UTC in Ok guise lets commandeer this network for keks.MAybe i'll just let Nexpose scan the router with the credentials i provided to maybe that would make me any the wiser.
-
2016-01-28 at 11:12 PM UTC in Ok guise lets commandeer this network for keks."get tcp" showed me this
tcp checksum error: 11, tcp http ping: 0
tcp user auth: 0, tcp unknown port 0
tcp no more socket: 0, tcp syn pak error: 7522
tcp socket full drop count: 331
tcp ooo segs: 0, tcp ooo segs drop count: 0
max ooo segs: 32, default max ooo segs 32
Total sock: 5/64, debug remote port: 65535
1: inuse: 1, mode: 0, state: 0, ifnum: -1, idle: 0, timer 0
::/8181, ::/0, window: 0/0/0
2: inuse: 1, mode: 0, state: 0, ifnum: -1, idle: 0, timer 0
::/23, ::/0, window: 0/0/0
3: inuse: 1, mode: 0, state: 0, ifnum: -1, idle: 0, timer 0
::/22, ::/0, window: 0/0/0
47: inuse: 1, mode: 2, state: 4, ifnum: 0, idle: 0, timer 1(0/10)
24.213.214.22/22, 95.141.29.38/2593, window: -172350114/-1651650253/16384
50: inuse: 1, mode: 0, state: 0, ifnum: -1, idle: 0, timer 0
::/8080, ::/0, window: 0/0/0
"get interface" showed me this.
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
serial0/0 0.0.0.0/0 Null N/A - D -
eth0/0 24.213.214.22/30 Untrust 3c8a.b0af.2d80 - U -
eth0/1 0.0.0.0/0 Null 3c8a.b0af.2d85 - D -
eth0/3 0.0.0.0/0 Null 3c8a.b0af.2d87 - D -
eth0/4 0.0.0.0/0 Null 3c8a.b0af.2d88 - D -
eth0/5 0.0.0.0/0 Null 3c8a.b0af.2d89 - D -
eth0/6 0.0.0.0/0 Null 3c8a.b0af.2d8a - D -
bgroup0 192.168.55.1/24 Trust 3c8a.b0af.2d8b - U -
eth0/2 N/A N/A N/A - U -
bgroup1 0.0.0.0/0 Null 3c8a.b0af.2d8c - D -
bgroup2 0.0.0.0/0 Null 3c8a.b0af.2d8d - D -
bgroup3 0.0.0.0/0 Null 3c8a.b0af.2d8e - D -
tun.1 unnumbered Trust ethernet0/0 - U -
vlan1 0.0.0.0/0 VLAN 3c8a.b0af.2d8f 1 D -
null 0.0.0.0/0 Null N/A - U -
Dropped some system info. But guys jesus christ the documentation on ScreenOS including all commands is literally 900 pages long
PIN-ROCH-> get system
Product Name: SSG5-Serial
Serial Number: 0162112013000693, Control Number: 00000000
Hardware Version: 0710(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Flash Type: Samsung
Software Version: 6.3.0r17.0, Type: Firewall+VPN
Feature: AV-K
BOOT Loader Version: 1.3.2
Compiled by build_master at: Sun Apr 20 10:10:02 PDT 2014
Base Mac: 3c8a.b0af.2d80
File Name: screenos_image, Checksum: ca92f672
, Total Memory: 256MB
Date 01/28/2016 17:59:44, Daylight Saving Time enabled
The Network Time Protocol is Disabled
Up 1693 hours 48 minutes 40 seconds Since 19Nov2015:04:11:04
Total Device Resets: 0
System in NAT/route mode.
Use interface IP, Config Port: 8080
Manager IP enforced: False
Manager IPs: 0
Address Mask Vsys
---------------------------------------- ---------------------------------------- --------------------
User Name: netscreen
Interface serial0/0:
description serial0/0
number 21, if_info 1848, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d95
bandwidth: physical 92kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/0:
description ethernet0/0
number 0, if_info 0, if_index 0, mode route
link up, phy-link up/full-duplex, admin status up
status change:105, last change:01/27/2016 17:12:00
vsys Root, zone Untrust, vr trust-vr
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 24.213.214.22/30 mac 3c8a.b0af.2d80
gateway 24.213.214.21
*manage ip 24.213.214.22, mac 3c8a.b0af.2d80
route-deny disable
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/1:
description ethernet0/1
number 5, if_info 440, if_index 0
link down, phy-link down, admin status down
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d85
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/2:
description ethernet0/2
number 6, if_info 528, if_index 0
link up, phy-link up/full-duplex
status change:1, last change:11/19/2015 04:11:06
member of bgroup0
vsys Root, zone Null, vr untrust-vr
*ip 0.0.0.0/0 mac 3c8a.b0af.2d86
Interface ethernet0/3:
description ethernet0/3
number 7, if_info 616, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d87
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/4:
description ethernet0/4
number 8, if_info 704, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d88
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/5:
description ethernet0/5
number 9, if_info 792, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d89
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/6:
description ethernet0/6
number 10, if_info 880, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d8a
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface bgroup0:
description bgroup0
number 11, if_info 968, if_index 0, mode nat
link up, phy-link up/full-duplex, admin status up
status change:1, last change:11/19/2015 04:11:06
vsys Root, zone Trust, vr trust-vr
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 192.168.55.1/24 mac 3c8a.b0af.2d8b
*manage ip 192.168.55.1, mac 3c8a.b0af.2d8b
route-deny disable
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface bgroup1:
description bgroup1
number 12, if_info 1056, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d8c
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface bgroup2:
description bgroup2
number 13, if_info 1144, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d8d
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface bgroup3:
description bgroup3
number 14, if_info 1232, if_index 0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 3c8a.b0af.2d8e
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps -
2016-01-28 at 9:42 PM UTC in ATTN: notreal.How'd you find this place? You seem familiar, besides you certainly seem to know what you're talking about when it comes to technical matters. Which is great, we need more sec minded people here. If you'd rather discuss these matter privately, i have TOX, xmpp and other secure means of communications.
-
2016-01-28 at 9:23 PM UTC in Pimp my network
So I'm going to weigh in on some commonly held axioms of anonymity and privacy. As per my reputation, I'm pretty paranoid about the fact that we have no privacy anymore, and am known to disseminate false information about myself just to further obscure who I actually am. As a matter of fact, I'm probably going to disappear from the community again for a while. Privacy isn't necessarily security, but it's worth mentioning since that's where the conversation is going.
TOR and VPNs are usually the "go-to" when people talk about online privacy. VPNs are not a bad thing, but they're highly overrated in respect to how much privacy they actually afford you. Not sure if you guys remember, but Lulzsec got busted because their VPN turned their information over to the police when it was requested. Most if not all VPNs would do the exact same thing - paid or otherwise. Even if you're doing something as benign as downloading music or Adobe suite, why would a business risk losing money to protect you? If you want to do something banal like look at vanilla porn at the office or something, you can probably get away with using a VPN for a while (unless an admin where you work feels like being a dick or is vigilant). VPNs can also help you do basic stuff like get back onto services you've been banned from (Omegle, tinychat, whatever), but at that rate you might as well just spoof your MAC and/or change your IP.
A VPN is just basically going to hide your datagrams between the VPN client and the destination server. Any data before that point or outside of those two points is still using your traditional means of communication, meaning it isn't secure. Furthermore, it doesn't mean that your destination isn't going to see you have a VPN enabled so they know you're trying to hide something. And let's think about this, when using a VPN service, a lot of people are handing over credit card or personal information to a company under the auspices of doing so for privacy (which is pretty ironic when you think about it).
As far as TOR is concerned, I've heard a lot of worship about how this is the end all be all of privacy. I'd like to think a lot of the guys here are savvy enough to know that's not true. Sure, it's probably the minimal standard of what you'd want to do to remain somewhat anonymous online, but even upon downloading the TOR client, there's a lot of other things you need to do in order to ensure basic privacy (I'm a big fan of add-ons). Even so, people who want to find out who you are can still control TOR Nodes or even potentially flood other nodes with data in order to navigate your traffic to nodes that are being monitored. It's not really debated that TOR has been compromised. Big secure deepweb / darknet sites get shut down all the time and users are regularly arrested in the process. In fact, less than a week before this post, the New York times did an article about how the FBI recently took down a deep web criminal site, moved the servers to Washington, and collected data on something like 10,000 registered users that were using its services for a two week period. So even if you're pretty technologically literate, you're still at risk of getting into trouble if you're doing something illegal online. Part of the reason is because you might have to enable javascript, download something, or give up a drop house in order to complete your goal of what you're on the deepweb for in the first place. All of these things compromise your security.
Furthermore, I think a lot of people forget that there's an ISP that can see everything you do if their engineers feel like you're a person of interest. Don't forget, it's possible to be arrested for cocaine you sold years ago, so just because you haven't had the police banging on your door yet doesn't mean they won't eventually. In the US, there was talk of ISPs being required to store records of who visited what for like six months at a time. I'm not sure if they ever went through with it in this country, but they definitely did so in many others. It's also really not questionable that the NSA and the government work pretty closely with ISPs. Also, your ISP is going to be able to see if you're using TOR or encrypting all your data, and most user agreements with your ISP give them the liberty spy on your traffic just because they want to. Usually people rush in at this point to say "Well if I'm not doing anything bad enough to warrant attention then that means I'm okay!", but that's not a very reasonable strategy. It fundamentally ignores the fact that they can analyze what traffic they want, whenever they want to.
At the end of the day, it depends on why you want to keep your privacy. In my case, I like to keep my privacy for work related reasons. I like forums and having discourses with you guys on Tinychat and stuff, but I could lose my job if someone found out where I worked and told them I was affiliated with this website. There's no FBI guys looking for me and, if there were, they probably saw everything about me and get a good laugh about it. For those of you guys who come onto forums and boast about doing drugs, looking at CP, selling fake coupons, carding, hacking, or whatever else, you should be very vigilant because you're basically inviting scrutiny. I think what people fail to realize is that the dudes using stuff like silkroad, posting shady teen pics to 4chan, people who discuss carding, those who admit to breaking the law on sites like evilzone, or even people who spam hate on stormfront probably have enough evidence secured to charge them with a crime. Ad hoc post ergo hoc reasoning that "they didn't do it so that means they won't" doesn't logically follow. In all honesty, it probably hasn't been done because it isn't financially worth it to do and there are bigger fish to fry.
So what can you do?
My first advice is don't do anything illegal. It not only prevents you from being investigated, but a clear conscience is a joy forever. That doesn't mean you don't need to protect yourself. There's tons of creative and intelligent strategies and technologies to help your cause. I just wanted to give my two cents on the "common wisdom" because, as usual, it isn't correct.
Don't be silly.
Your box -> Hidden VeraCrypt Volume -> Favorite distro in VM -> TOR -> Anonymous VPS paid in crypto -> scripts/tools -> target. -
2016-01-28 at 5:15 PM UTC in Would everyone here be interested in a Bill Krozbylet.net?
(maybe Sophie).
Why thank you, that is awfully nice of you. Any reason in particular you maybe trust me? -
2016-01-28 at 4:55 PM UTC in Ok guise lets commandeer this network for keks.
Did you make any progress?
I had some IRL matter to take care of today, tonight when i have a moment i'll play around with it some more.
-
2016-01-28 at 8:15 AM UTC in More chicks need to look like this hottieSubscribed lol.
-
2016-01-28 at 8:13 AM UTC in More chicks need to look like this hottie"People who are fat need to kill themselves"
-Youtube QT
I like her already. -
2016-01-28 at 8:10 AM UTC in More chicks need to look like this hottie
Ya except that hottie is just a kid.
Ya, except nobody should give a fuck. -
2016-01-28 at 3:52 AM UTC in More chicks need to look like this hottieShe's really cute. 10/10.
