Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] client - server

from [Micheal Espinola Jr] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] client - server
Date: Mon, 28 Feb 2005 12:11:11 -0500 
A MAC address can be queried on a windows box via the registry - if
you have access.  This can be done with [null] sessions and netbios.

So, depending on security, connectivity, access permissions, etc - it
may be possible to obtain this information.


On Mon, 28 Feb 2005 11:18:49 -0500, Michael Holstein
<michael.holstein@csuohio.edu> wrote:



which informations can a server get about a client running M$ windows XP ?
I cannot access a website because i have been "banned" and I'd like to
understand how they recognize me for sure.


All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a
bunch of tests. Java is one excellent way to steal the goods (and many
browserspy tests use that).

The 'short' answer is, however, probably a simple IP check.


I mean:
- a simple ip check doesn't work with dynamic addresses...
- cookies can be deleted
- computer name can be changed
- mac address can be changed (even I wasn't able to, because I have a usb 
dsl
modem and I cannot change its MAC working with regedit or using tools like 
smac )


MAC address? That's not visible past the DSLAM. As for dynamic
addresses, have you kept track? I have (supposed) dynamic addresses at
home and it's not changed in over a year.

You should dump the DSL modem and get a conventional ethernet one. Then
change the MAC on your ethernet card at will (this will get you new
addresses). There probably is a way to access the innerds of the USB one
but you'd probably have to take it apart and locate the serial port.

~Mike.


Anything else ?
How the hell do they recognize me ?

Matteo Giannone




____________________________________________________________
6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero!
Scaricalo su INTERNET GRATIS 6X http://www.libero.it



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




-- 
ME2

my home: <http://www.santeriasys.net/>
my photos: <http://mespinola.blogspot.com/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] client - server, Matteo Giannone
Next by Date:  Re: [Full-Disclosure] client - server, Matteo Giannone
Previous by Thread:  Re: [Full-Disclosure] client - server, Michael Holstein
Next by Thread:  Re: [Full-Disclosure] client - server, Marcus Specht
Indexes:  [Date] [Thread] [Top] [All Lists]