Howdy all, requesting help on a media project

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Howdy all, requesting help on a media project

Post by SAI-Revenant on Sun Jan 24, 2010 6:24 pm
([msg=33833]see Howdy all, requesting help on a media project[/msg])

Hi there.

I am by no means a hacker, I do not intend to ever hack, save for the basic knowledge I need to have to protect myself and my things.

What I am asking for, is help on some terminology for a media project that myself and my team are working on. I am sick and tired of seeing movies like Live Free or Die Hard try to tell us that the entire world will blow up with a few key strokes. That's terrible.

I was hoping some of you would be willing to help me out with terminology, so that I may better portray the intended story. I can't go into specifics, but I can tell you that the characters are supposed to be rather versed in cryptology and encryption.

Let me assure you, I am not here to learn how to do this, I am only looking for terminology. If the staff of this website wants me to talk to them about that, I am more than willing to talk in private. This info will be used on a media project with fictional characters, no actual application.

Again...just terminology, no application please. I want to make our project look realistic without going over the deep end. If some of these things arent possible, please let me know, so we can get things back on track.

If anyone is willing, I am looking for the following:

1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.
5. Monitoring one location contacting another by Email, from one specific email account to another, without interfering.

Thanks kindly!
SAI-Revenant
New User
New User
 
Posts: 5
Joined: Sun Jan 24, 2010 6:08 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by insomaniacal on Sun Jan 24, 2010 6:39 pm
([msg=33834]see Re: Howdy all, requesting help on a media project[/msg])

SAI-Revenant wrote:1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.
Thanks kindly!


1: Not quite sure what you mean, most forums have options to restrict users from viewing certain things though.

2: Guessing is pretty much all you could do. You could try to SQL inject the forum and download a list of the usernames and passwords. The passwords will more than likely all be hashed, in which case you'd have to run them through a cracker, using either a brute force method, or a dictionary attack.

3: You can look up a fair bit about an IP with WHOIS lookups. However, to find out any more, you'd have to make some phone calls and social engineer people into giving you more specific information.

4: You could somehow get root access to a computer that is a part of a network, and then use that computer as a proxy. But you should be more specific, do you mean a part of a LAN?

These are some pretty basic answers, but hope they help a bit.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by Bren2010 on Sun Jan 24, 2010 6:40 pm
([msg=33835]see Re: Howdy all, requesting help on a media project[/msg])

SAI-Revenant wrote:1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.


1. You can use DoS/DDoS, and with enough power you can block everyone from a forum. However, you can't be picky with DDos/DoS attacks, it's everybody or nobody. You can read about them here.

2. I would imaging a brute-force script. However nowadays almost every forum has something to protect against that (CAPTCHA, temporarily locking accounts).

3. I'm not going to say that impossible, but it's pretty hard. Using some sort of computer program, you'll normally only get the providers location or a general location, (I checked my IP, it only showed up to the the county). However, I have heard about people using SE to trick providers into revealing an exact location.

4. I'm sorry, I don't understand. You mean like some sort of AI experiment?
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by SAI-Revenant on Sun Jan 24, 2010 6:57 pm
([msg=33837]see Re: Howdy all, requesting help on a media project[/msg])

insomaniacal wrote:
SAI-Revenant wrote:1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.
Thanks kindly!


1: Not quite sure what you mean, most forums have options to restrict users from viewing certain things though.

2: Guessing is pretty much all you could do. You could try to SQL inject the forum and download a list of the usernames and passwords. The passwords will more than likely all be hashed, in which case you'd have to run them through a cracker, using either a brute force method, or a dictionary attack.

3: You can look up a fair bit about an IP with WHOIS lookups. However, to find out any more, you'd have to make some phone calls and social engineer people into giving you more specific information.

4: You could somehow get root access to a computer that is a part of a network, and then use that computer as a proxy. But you should be more specific, do you mean a part of a LAN?

These are some pretty basic answers, but hope they help a bit.


1. Suppose 2 users are on a forum, neither have administrative access, but one of those users wants to prevent the other from being able to view the specific website. Suppose the admin team is trying to help, but cannot use the traditional forum banning and suspension procedures. Is that even possible?

2. We're using the second as an interactive thing with the intended audience, so, we'll be leaving hints...didnt think there was anything, thought I'd ask.

3. Sounds good. That's easy to work with.

4. Can someone wirelessly hack into an intranet system used by a "big bad firm"? I guess to supplement that, a security system name, and how someone would crack into it (an old system is fine...not the whistle hack though...but something plausible)? If Im making sense here?

I apologize, Im not to knowledgeable in this.

Thanks
SAI-Revenant
New User
New User
 
Posts: 5
Joined: Sun Jan 24, 2010 6:08 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by thetan on Sun Jan 24, 2010 8:18 pm
([msg=33840]see Re: Howdy all, requesting help on a media project[/msg])

SAI-Revenant wrote:1. Suppose 2 users are on a forum, neither have administrative access, but one of those users wants to prevent the other from being able to view the specific website. Suppose the admin team is trying to help, but cannot use the traditional forum banning and suspension procedures. Is that even possible?

2. We're using the second as an interactive thing with the intended audience, so, we'll be leaving hints...didnt think there was anything, thought I'd ask.

3. Sounds good. That's easy to work with.

4. Can someone wirelessly hack into an intranet system used by a "big bad firm"? I guess to supplement that, a security system name, and how someone would crack into it (an old system is fine...not the whistle hack though...but something plausible)? If Im making sense here?

I apologize, Im not to knowledgeable in this.

Thanks

1.) Still have no idea what you're trying to say

2.) To make it realistic, hackers rarely guess passwords. Instead you might want to look into something like using a SQL exploit to overwite or retrieve a password hash like insomaniacal suggested. or steal the logged in users session with XSS injection.

3.) GeoIP, http://www.geoiptool.com/

4.) Yes, most WEP encrypted wifi networks can be broken into in minutes using tools such as aircrack-ng. WPA networks can be brute forced relatively fast with distributed tools like this: http://www.wpacracker.com/ or japanese hackers have recently devised i way to crack WPA even faster: http://www.v3.co.uk/v3/news/2248580/res ... -crack-wpa
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by SAI-Revenant on Sun Jan 24, 2010 9:39 pm
([msg=33841]see Re: Howdy all, requesting help on a media project[/msg])

Thanks for all the replies!

The first one...I guess my terminology sucks.

Easiest way I can say about this, can you deny a specific computer from being able to access a specific website, without affecting other users, or being in control of an administrative panel?

The point of this section, is that the protagonists want to lock the antagonist out of the website, without affecting other users, and without being able to use the administrative powers that the admins have (they'll claim that they are unable).

Thanks.
SAI-Revenant
New User
New User
 
Posts: 5
Joined: Sun Jan 24, 2010 6:08 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by sanddbox on Sun Jan 24, 2010 10:10 pm
([msg=33843]see Re: Howdy all, requesting help on a media project[/msg])

SAI-Revenant wrote:The point of this section, is that the protagonists want to lock the antagonist out of the website, without affecting other users, and without being able to use the administrative powers that the admins have (they'll claim that they are unable).


Yes, but it's not very elegant or 'hacker-y'. A simple DDOS attack (sending many requests to their IP address to eat all the bandwidth in their network) would do the trick (assuming you had more bandwidth than them).
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by Goatboy on Sun Jan 24, 2010 10:11 pm
([msg=33844]see Re: Howdy all, requesting help on a media project[/msg])

As far as restricting a single user, unless you get root (admin) access to the server, it's pretty much up to physical means. Unfortunately, that usually means vandalism. As sanddbox just said, a DDos would work, but would require that you already had a botnet or some other means of carrying it out.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2785
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by tarantulas on Sun Jan 24, 2010 11:17 pm
([msg=33850]see Re: Howdy all, requesting help on a media project[/msg])

Call me old fashioned, but there is the old method of breaking the person's hands and fingers. They cannont access much of any websites that way.
User avatar
tarantulas
New User
New User
 
Posts: 22
Joined: Sun Aug 23, 2009 9:09 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by SAI-Revenant on Sun Jan 24, 2010 11:46 pm
([msg=33851]see Re: Howdy all, requesting help on a media project[/msg])

heh.

Thanks guys.

Better than just saying that the characters are able to control the world's internet and steal all the money and bring down planes and whatnot, eh?

Thanks for the knowledge.

I dont think a DDoS claim is gonna help...

how bout this route.

How can a person bring down a the server that the computer is being accessed on? (To note, the college around here, the entire system was forced down due to what they say was a Trojan, they didn't allow anyone on campus to sign on, thereby forcing the entire system from being used.) IE: Prevent a user from actually being able to use the computer?
SAI-Revenant
New User
New User
 
Posts: 5
Joined: Sun Jan 24, 2010 6:08 pm
Blog: View Blog (0)


Next

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests