help with a hacking problem. please

Noobaside · 20 Dec 2011 at 13:24

ide love to learn how you lot do all this network security stuff is facinating to me

J.B · 21 Dec 2011 at 10:51

Ev0 said:
Wish I was still doing it tbh, aw well.

My mood flips week on week really. Some weeks I love my job and it's the most fun anyone could possibly have while getting paid. Then other weeks it's repetitive and dull and has no real career ladder!

Noobaside said:
ide love to learn how you lot do all this network security stuff is facinating to me

I find that most people have the technical knowledge already and just don't understand how to apply it in a security context. Once you get into the mind frame it's easy!

Noobaside · 21 Dec 2011 at 13:12

but its how to apply what knowledge i already have and knowing what gaps i need to fill in with research and asking questions.

droyden · 21 Dec 2011 at 14:39

As mentioned earlier, is it not possible to firewall 21/tcp to a specific IP address?

Edit: Or change ftp to run on a non default port?

KIA · 21 Dec 2011 at 15:02

Noobaside said:
but its how to apply what knowledge i already have and knowing what gaps i need to fill in with research and asking questions.

Start experiment using a virtual machine.

Ev0 · 21 Dec 2011 at 15:24

J.B said:
My mood flips week on week really. Some weeks I love my job and it's the most fun anyone could possibly have while getting paid. Then other weeks it's repetitive and dull and has no real career ladder

I was the same tbh, whilst I was in my last job I was just looking at moving on as prospects at the company were not great and the location was awful for me.

Got a bit fed up with all the red tape I had there as well (I was an in house tester), had to do a lot of naff admin stuff.

But now I'm not doing the job I do miss it

Noobaside · 22 Dec 2011 at 10:13

KIA said:
Start experiment using a virtual machine.

i may just have to try that any suggestions on os's

KIA · 22 Dec 2011 at 11:51

Noobaside said:
i may just have to try that any suggestions on os's

Server 2003?
Server 2008?

Whatever you're running at work.

kerrgreg · 22 Dec 2011 at 12:48

KIA said:
Server 2003?
Server 2008?

Whatever you're running at work.

A form of lunix is also a very good idea as its allot more conman to use lunix (or easier) to perform the actions to break through.

KIA · 22 Dec 2011 at 15:39

kerrgreg said:
A form of lunix is also a very good idea as its allot more conman to use lunix (or easier) to perform the actions to break through.

oO

lunix = linux
conman = common

bigredshark · 22 Dec 2011 at 15:45

Noobaside said:
and there passwords are audidted they just got lucky

That's naive, if the passwords are any good then nobody gets lucky. You need to review your complexity requirements urgently if they 'got lucky' on a password you thought was secure.

10 Characters minimum, caps and numbers mandatory, at least basic complexity checking. You don't get lucky on that.

Noobaside · 22 Dec 2011 at 16:06

oo never played around with linux might have a go with it weve got pretty much every type of microsoft server at work and one or 2 linux ones but never been envolved with the linux ones

but surely any password will be cracked if you leave the right program running long enough theres a finite combination of combinations you can have of the letters a-z and 0-9 even if you use caps

Ev0 · 22 Dec 2011 at 16:31

Given the right amount of time yes, but that's why you have other measures in place such as account lockouts, regular password changes, logging/alerting to a number of failed attempts etc.

growse · 22 Dec 2011 at 18:23

Noobaside said:
but surely any password will be cracked if you leave the right program running long enough theres a finite combination of combinations you can have of the letters a-z and 0-9 even if you use caps

http://howsecureismypassword.net/

'I have 5 Dwarf Donkeys' would take 122 septillion years to bruteforce. 'L7d3jBAd' would take 10 days. Big difference.

mrbios · 22 Dec 2011 at 18:44

growse said:
http://howsecureismypassword.net/

'I have 5 Dwarf Donkeys' would take 122 septillion years to bruteforce. 'L7d3jBAd' would take 10 days. Big difference.

omg all this time i thought i had a strong password but that tells me 10 days! Now changing to one that would take 25 million years

Hyburnate · 22 Dec 2011 at 18:55

Yeah boi, mines About 1 duovigintillion years

mrbios · 22 Dec 2011 at 19:04

Hyburnate said:
Yeah boi, mines About 1 duovigintillion years

pffft childs play compared to: 22 septentrigintillion years

(achieved by mashing the keyboad and randomly pressing shift at random intervals lol)

TNGL · 22 Dec 2011 at 19:57

71 Thousand years here.

Noobaside · 23 Dec 2011 at 10:53

assuming its the last password it trys it could take 10 seconds

J.B · 23 Dec 2011 at 14:08

Noobaside said:
assuming its the last password it trys it could take 10 seconds

What?

If you have a long, complex password what are the odds of someone guessing that straight away?