Survey, Any help appreciated Options

[MarkDorley]

Hi

I was hoping you could fill out this myspace type survey... it's research for a university assignment. If you'd prefer not to then thats good to


1. What is your favorite thing to wear?
2. Last thing you ate?
3. One place you will NEVER eat at?
4. Would you date anyone you met online?
5. The last place you went out to dinner to?
6. Who/What made you angry today?
7. What are your pets called?
8. Do you feel safe online?
9. Ever gone skinny dipping?
10. Favorite type of Food?
11. Favorite holiday:
12. Do you download music:
13. Opinion of Chinese symbol tattoos?
14. Have you ever bungee jumped?
15. Have you ever Sky-dived?
16. Have you ever gone white-water rafting?
17. Has anyone ten years older than you ever hit on you?
18. How many pets do you have?
19. What are you listening to right now?
20. What is your current favorite song?
21. What was the last movie you watched?
22. Do you wear contacts?
23. Where was the last place you went besides your house?
24. What are you afraid of?
25. How many piercings have you had?
26. Do you have any tatoos
27. What do you usually order from Starbucks?
28. Have you ever fired a gun:
29. Are you missing someone?
30. Favorite TV show?
31. Ever done an IQ test, if so what score?
32. Favorite movie of all time?
33. Have you ever been caught doing something you weren't suppose to?
34. Favorite smell?
35. Butter, plain, or salted popcorn?
36. Do you consider yourself bad/average/good with computers?
37. Do you like Michael Jackson?
38. What's the longest time you've gone without sleep?
39. Where is the weirdest place you have slept?
40 Who was your last phone call?

thank you.

[MonkeyFiend]

hmmm...

[MonkeyFiend]

1. What is your favorite thing to wear?
Not being a great follower of fashion, Jeans I guess
2. Last thing you ate?
Apple
3. One place you will NEVER eat at?
McDonalds
4. Would you date anyone you met online?
spose
5. The last place you went out to dinner to?
'Upstairs at the grill'
6. Who/What made you angry today?
An old version of Linux and some BMC software not working
7. What are your pets called?
*
8. Do you feel safe online?
* yes
9. Ever gone skinny dipping?
Don't think so actually
10. Favorite type of Food?
*Chilli!
11. Favorite holiday:
Snowboarding or possibly diving in Thailand
12. Do you download music:
Indeedily
13. Opinion of Chinese symbol tattoos?
don't like some, can be bit tacky
14. Have you ever bungee jumped?
yes
15. Have you ever Sky-dived?
yes
16. Have you ever gone white-water rafting?
yes
17. Has anyone ten years older than you ever hit on you?
unfortunately
18. How many pets do you have?
none at the moment
19. What are you listening to right now?
Prodigy new album
20. What is your current favorite song?
* I quite like the BPA toejam
21. What was the last movie you watched?
Far cry 2... my brain feels squishy now
22. Do you wear contacts?
Sometimes
23. Where was the last place you went besides your house?
Work as usual
24. What are you afraid of?
Not a great fan of dentists, no general fears though.
25. How many piercings have you had?
about 4
26. Do you have any tatoos
nope
27. What do you usually order from Starbucks?
macchiato or latte
28. Have you ever fired a gun:
Yes, including a sniper rifle and an ak47
29. Are you missing someone?
perhaps
30. Favorite TV show?
* Family guy i guess
31. Ever done an IQ test, if so what score?
yes, 142 /boast
32. Favorite movie of all time?
*maybe fight club or lord of the rings
33. Have you ever been caught doing something you weren't suppose to?
fraid so
34. Favorite smell?
fresh coffee
35. Butter, plain, or salted popcorn?
depends on my mood
36. Do you consider yourself bad/average/good with computers?
*good, hehe
37. Do you like Michael Jackson?
well, he's hot.. oh right...if you mean musically then yeah
38. What's the longest time you've gone without sleep?
about 40 hours, I was hallucinating by the end of that one
39. Where is the weirdest place you have slept?
In a train station, in a farmers field, on some stairs
40. Who was your last phone call?
insurance company spam

thank you.
[/quote]

* ok Mark, at first I thought this was spam but on investigation it turn out to be legitimate college (not university ) work. Basically a college level psychology-esque piece of work realting to social engineering.

What we have here is several usual myspaz type survey questions with a couple of custom ones rolled in, the purpose of which is to guage whether people reveal details about themselves that could be used against them e.g. gaining passswords, if the password was a pets name etc., and a general questions asking computer based expertise to correlate this against how people perceive their IT knowledge and whether they inadvertantly give out potentially revealing information.

Obviously after this explanation this renders the survey results from this site invalid, however it is more important for me to ensure security of user accounts here. Sorry.

Your details led me to a website you've made penetration testing (a pet subject of mine ), While no doubt social engineering does work, I believe a lot more security breaches are weak password related, combined with brute forcing.

It takes very little time to brute force a 5 character dictionary word + 3 number type password. I would suggest you change your website password and mark me down as the first successful security breach

Anyway, good luck with the school project and if you get a copy of Left 4 Dead you should drop by for a game

MonkeyFiend

P.S. A good one for social engineering is to ask people what their pornstar name is (explaining that you make their pornstar name using their street name and their mothers maiden name) - quite a subtle way of getting 2 bits of personal info

[Magik5]

It takes very little time to brute force a 5 character dictionary word + 3 number type password. I would suggest you change your website password and mark me down as the first successful security breach

rofl

i dont think its deletion worthy... especially on request by someone who rarely comes here ;p

[=R6= Raile]

his favourite tv show is family guy

/sigh

[HYPOBOXER]

This looks like one of those password phishing questionaires!!!

[Lawpf2001]

1. Blue hoody
2. Some mixed fruit and nuts
3. Wimpy
4. Erm why not
5. Burger King
6. My english teacher
7. n/a
8. Relatively
9. Nope
10. Lasagne
11. Canada
12. Yep
13. Bit common
14. Nope and never will
15. Want to
16. Yes
17. Not that |I know of. But i hope my business teacher does shes hawt
18. 0
19. Radio 1
20. 65daysofstatic - Await Rescue
21. High School Musical 3
22. Yep
23. School
24. Moths
25. 0
26. Nope
27. Espresso or Frappacino
28. Air rifle and .2 rifle. And a deactivated bullet less AK47 which my dad has
29. no
30. QI, Family Guy
31. Yes cant remember between 90-100
32. Snatch
33. Plenty of times
34. Petrol, Meths, Coffee, Bacon
35. Butter
36. good
37. no
38. 44 hours
39. In a field using a guys leg as a pillow
40. Girl friend

[Magik6]

1. What is your favorite thing to wear?
Salopettes
2. Last thing you ate?
Hash brownie
3. One place you will NEVER eat at?
The Ritz
4. Would you date anyone you met online?
Depends how ugly they are
5. The last place you went out to dinner to?
Moshi Moshi
6. Who/What made you angry today?
Southern Train conductor
7. What are your pets called?
Magik5
8. Do you feel safe online?
Not with Monkey around
9. Ever gone skinny dipping?
Nope
10. Favorite type of Food?
Edible food
11. Favorite holiday:
Reading Festival 2005
12. Do you download music:
No, I'm quite a materialistic person when it comes to music I like
13. Opinion of Chinese symbol tattoos?
They always say, 'I'm a fag who can't read Chinese' or something of that reflection
14. Have you ever bungee jumped?
Nope
15. Have you ever Sky-dived?
Nope
16. Have you ever gone white-water rafting?
YES!!!!
17. Has anyone ten years older than you ever hit on you?
Nope
18. How many pets do you have?
Refer to question 7 answer
19. What are you listening to right now?
Long train runnin' - The doobie brothers
20. What is your current favorite song?
It changes a lot, but atm, The riverboat song - OCS
21. What was the last movie you watched?
Quantum of solace
22. Do you wear contacts?
Yup
23. Where was the last place you went besides your house?
Imperial College
24. What are you afraid of?
Cable, he keeps coming on to me
25. How many piercings have you had?
None
26. Do you have any tatoos
Nope
27. What do you usually order from Starbucks?
Tea!
28. Have you ever fired a gun:
Nope
29. Are you missing someone?
Yes, but thats a story for another time
30. Favorite TV show?
South park
31. Ever done an IQ test, if so what score?
Never taken one
32. Favorite movie of all time?
The first batman film with Adam West
33. Have you ever been caught doing something you weren't suppose to?
Yup
34. Favorite smell?
Issey Miyake or a good old 2 stroke engine, absolute bliss
35. Butter, plain, or salted popcorn?
All popcorn is wrong
36. Do you consider yourself bad/average/good with computers?
Very bad
37. Do you like Michael Jackson?
When he was black
38. What's the longest time you've gone without sleep?
I can't remember
39. Where is the weirdest place you have slept?
The boot of a peugeot 306
40 Who was your last phone call?
My brother

Hope this helps with your work dude.

[MarkDorley]

fuck, didnt think my motive for my project would be that obvious. Thx tho.

1 question i have MonkeyFriend I understand you gained access to the webhost through a weak password which was part of the challenge, but how did you make the raw access logs show monkey-waz-ere-2009 like 10000 times?

I asked my teacher and have looked on the web and everyone reckons this is impossible, how can you access a website without leeving any trace or IP in the logs? Everyone I've asked has said this is impossible?????

I've secured the weakness on the website and have used a complex brute force proof pasword.. you can try and get in again if you want

thx

Mark

[MonkeyFiend]

I'll reply to this (and take a look at the website) later... when I get some time free

However I just wanted to say

IT'S MONKEYFIEND

FIEND!

with an FIE!

There's no R in there!

MONKEYFIEND!

[fido77]

loling for the rest of the day cause of this!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
def don't delete this monkeyfriend!!!!

[fido77]

1. What is your favorite thing to wear?
nothing
2. Last thing you ate?
McDonalds
3. One place you will NEVER eat at?
Monkeys house
4. Would you date anyone you met online?
your mom
5. The last place you went out to dinner to?
McDonalds
6. Who/What made you angry today?
rocks
7. What are your pets called?
animals
8. Do you feel safe online?
never
9. Ever gone skinny dipping?
yes, by myself
10. Favorite type of Food?
salad
11. Favorite holiday:
none
12. Do you download music:
no
13. Opinion of Chinese symbol tattoos?
they scream out "I'm GAAAAY!!!"
14. Have you ever bungee jumped?
no
15. Have you ever Sky-dived?
no
16. Have you ever gone white-water rafting?
no
17. Has anyone ten years older than you ever hit on you?
yes, all the time
18. How many pets do you have?
3
19. What are you listening to right now?
me typing
20. What is your current favorite song?
can't touch this
21. What was the last movie you watched?
Rocky 2
22. Do you wear contacts?
no
23. Where was the last place you went besides your house?
mail box
24. What are you afraid of?
poo on a stick
25. How many piercings have you had?
1
26. Do you have any tatoos
no
27. What do you usually order from Starbucks?
coffee
28. Have you ever fired a gun:
yes
29. Are you missing someone?
no, everybody's here and counted for
30. Favorite TV show?
family fued
31. Ever done an IQ test, if so what score?
no
32. Favorite movie of all time?
Rocky 2
33. Have you ever been caught doing something you weren't suppose to?
touching myself at night
34. Favorite smell?
vanilla
35. Butter, plain, or salted popcorn?
no popcorn for me
36. Do you consider yourself bad/average/good with computers?
the worst
37. Do you like Michael Jackson?
why, did he say he likes me?
38. What's the longest time you've gone without sleep?
what's sleep???
39. Where is the weirdest place you have slept?
jail
40 Who was your last phone call
some dipshit tryin to ask me questions like these

[MonkeyFiend]

ok, finally got around to this again.

Your new password: Str0ng.p4ss***2 should indeed be enough to stop people brute forcing it.. better luck next time

*** I've removed these numbers, you really shouldn't use any digits from a home phone number for anything online

Logging in as you/web admin I wouldn't be able to falsify the raw access logs, so try ockhams razer: you know the logs are tampered, you know that it's impossible to login as an admin and tamper them, so in what others ways can they be tampered with?

We're ok for security testing here, but thanks for the offer. Speaking of which, I see you beavering away with a bruteforce on http://sneakymonkeys.com/forums/admin area - so you can stop now, please

As you may know invision uses this admin folder for super admin logins, which is precisely why I removed it and replaced it with a fake login page that has no users/passwords and doesn't go anywhere.

I mean, it doesn't even look legitimate!

It never fails to amuse me when people spend several days running dictionary and bruteforce attacks against this

Anyway, this isn't a hacking tutorial site, so I'll wish you good luck with your projects

MonkeyFiend

(no R in FIEND!)

[Foxx_in_Socks]

Thought i'd do this for fun, since everyone else has

1. What is your favorite thing to wear?
Flip Flops
2. Last thing you ate?
Cereal
3. One place you will NEVER eat at?
a weatherspoons
4. Would you date anyone you met online?
never thought about it, since im stuck with monkey anyways
5. The last place you went out to dinner to?
Rosies tearooms
6. Who/What made you angry today?
accidentally waking up at 1 oclock
7. What are your pets called?
n/a
8. Do you feel safe online?
yeah
9. Ever gone skinny dipping?
no
10. Favorite type of Food?
pizza
11. Favorite holiday:
Australia
12. Do you download music:
Yeah
13. Opinion of Chinese symbol tattoos?
meh
14. Have you ever bungee jumped?
Nope
15. Have you ever Sky-dived?
Nope
16. Have you ever gone white-water rafting?
nope
17. Has anyone ten years older than you ever hit on you?
yer
18. How many pets do you have?
none
19. What are you listening to right now?
nothing
20. What is your current favorite song?
daft punk, stronger
21. What was the last movie you watched?
i am legend
22. Do you wear contacts?
no
23. Where was the last place you went besides your house?
work
24. What are you afraid of?
pigeons
25. How many piercings have you had?
11
26. Do you have any tatoos
yes
27. What do you usually order from Starbucks?
white hot chocolate
28. Have you ever fired a gun:
Nope
29. Are you missing someone?
nah
30. Favorite TV show?
Bones
31. Ever done an IQ test, if so what score?
116 rings a bell
32. Favorite movie of all time?
Lord of the rings maybe? cant really think
33. Have you ever been caught doing something you weren't suppose to?
Yup
34. Favorite smell?
mens- Jean Paul Gaultier, womens- poison
35. Butter, plain, or salted popcorn?
salted
36. Do you consider yourself bad/average/good with computers?
average?
37. Do you like Michael Jackson?
music yes, as a person-no hes a weirdo
38. What's the longest time you've gone without sleep?
53 hours
39. Where is the weirdest place you have slept?
in a graveyard
40 Who was your last phone call?
my friend faye

[Magik5]

but seriously, why try hack a website where you know the admin is incredibly more knowledgeable in the subject then you.

[fido77]

i love it when people do stupid shit like this. it's so funny!!!! is there a way we can get more of this?
what kind of teacher did mark ask? his english teacher?

[MarkDorley]

Sry bout the bruteforse - just wanted to see how the security was here. And to fid077 - no I obviously asked my IT tutor and along with that if you look around google I found whole bunches of people on experts-exchange, ask, answerbag that say it's not possible to adjust raw logs without leaving any trace.

Apart from the logs being tampered with and a crazy song about monkeys in the root.

The only thing I've found from referrers

a user with a custom operating system
a custom browser with a .net version4.8 wtf?
The IP resolved to south america, then resolved to vietnam, then didn't resolve anymore - how the hell can a IP point to different places and then go nowhere?

[MonkeyFiend]

pfft, that dog won't hunt seigneur.

I notice lots of link-to's from your college, I assume this site has beeen posted on an intranet or something... unfortunately I'm not the IT equivalent of the pied-piper of hamlin, so will no be replying to "haxx0r my mates p00ter, plox" or "teach me everything you know in 24 hours" type posts or emails.

There areplenty of books out there on security, protocols and computing in general. Go read

[fido77]

maybe your in the wrong school. i showed a couple of my teachers this and they say it is simple. maybe u should change your major to nursing or something like that what school do you go too? where is it located?

[MonkeyFiend]

to be fair it's not that simple......

If this was some spotty linux wannabe that flattened their dell pc and stuck on red hat and apache just to be l33t, then yes... there's probably a lot one could do.

If on the other hand we're talking about a shared linux/apache webhosting service.. same as many you'd rent from around the place. The markdorley user is not a superuser and has no root access. In fact he has no actual real permissions within the server structure. For reference kernel 2.6.24.2dn.am with apache 1.3.41

Assuming I created a site called markdorleycantdowebsites.com and was assigned by the powers ((or scripts) that be a user account called fidoisgay with permissions to write files within the public html or www direcotories

The fidoisgay user is a restricted.

Commonly (unfortunately.. chroot jail ftw!) the owner of the access-logs is root (0) - even if the fidoisgay user ftp'd to their shiny new hosting and went to their access-logs folder they would find a bunch of files with 640 or similar permissions owned by root, (-rw-r------ if you prefer), the group can read em, but only the owner can write to them and I mentioned before the owner is root .

Fidoisgay would not be able to tamper with these files and would logout safe in the knowledge that his access logs are secure and could return to failing at bf2