Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. LOL it's a joke really. it didn't take long at all. I took the **most** basic, hello world script that I could find and replaced what gets typed into notepad, to ask the person to please just email all their loot.
  3. Yesterday
  4. hah I need script who run my backdoor.exe from switch1/2 but I cant find that easy script anywhere,somebody can help me? Hershell_MacLinuxWindows_ReverseShell dont work idk whats is wrong with that. Another scripts its example D&E but I want run downloaded backdoor. Thanks
  5. This isn't an unknown problem, I've announced it in one of the (many) other threads about this issue, but I will state again: Hak5 do not write the community modules for the WiFi Pineapple platform. The responsibility to update them is with the module owner, but we usually will try to maintain compatibility if they break due to an update, as I have done for most of the modules by generating the packages they need. The packages that these modules rely on used to be in the OpenWRT repos - they are not anymore. I will continue to try and build the necessary packages when we can, but as these are not official Hak5 modules that ship with the firmware, there is no guarantee when they'll be available.
  6. Hi, sorry for the delay, I had some time today to try this again. No go. I formatted the sdcard, put it in the Nano and it does not detect it. It is crazy how hard it is to use it with a mac.
  7. Hello TheShidoshi!!! Me too!!!!!!!!!!! many week searching on a videos for scripts, tutorials and demos for running RubberDucky I doubt if he says to do what he does .. Good Luck
  8. Download Now | SQLI Handbook 2019 [Red Hat Edition] Book Cover All Publishing Rights Reserved Gaza Hacker Team 2019/2020 Ahmed El Melegy [ BlackRose ] – GHI Leader Once you have this book you will put your foot on the real professional ladder full of knowledge and power in professional ways like no other You will become an expert in injecting databases of all kinds with all the necessary tactics and methods that will help you overcome the biggest difficulties and obstacles You will have twelve years' experience with this book at your fingertips Red Hat Edition Red Hat -He has the knowledge of [Ethical Cyber Security] and the experience of [Black Hacker] so all information in this book belong to this kind of knowledge and experience About The Book Once you have this book you will put your foot on the real professional ladder full of knowledge and power in professional ways like no other You will become an expert in injecting databases of all kinds with all the necessary tactics and methods that will help you overcome the biggest difficulties and obstacles You will have twelve years’ experience with this book at your fingertips Red Hat Edition Red Hat -He has the knowledge of [Ethical Cyber Security] and the experience of [Black Hacker] so all information in this book belong to this kind of knowledge and experience English Edition 258 Page 29,910 Words 196,113 Characters The Book and indexes The First Chapter [ Security and Knowledge ] will deal with many subject divided into sections as following In Section Zero we will discuss together the answer to this question : • Who are you and What are your tendencies | Hacker or Ethical Hacker? In Section One will deal with the subject of self-security fully on internet Why is this important? More people than ever before in history are going online, and with that, there are increasingly more security concerns. It’s smart and makes sense to take time to learn more cautious Web browsing habits, The neediest to be security are hackers, You understand what I mean here. Section One Contents To be secure in internet you need to Learn how to • Using a VPN Service • Using Tor • Using a Proxy Server • Using Free/Public WiFi In Section Two we will get to know what is SQL Databases Injections as First Step [ Knowledge ] Section Two Contents • Introduction to Injection Attacks • What Are Injection Attacks? Types of Injection Attacks • Code injection • CRLF injection • Cross-site Scripting (XSS) • Email Header Injection • Host Header Injection • LDAP Injection • OS Command Injection • SQL Injection (SQLi) • XPath injection Introduction to SQL Database Injection • What is SQL Injection (SQLi) and How to Prevent It • How and Why Is an SQL Injection Attack Performed • Simple SQL Injection Example • Example of a Union-Based SQL Injection Types of SQL Injection • In-band SQLi (Classic SQLi) • Error-based SQLi • Union-based SQLi • Inferential SQLi (Blind SQLi) • Boolean-based (content-based) Blind SQLi • Time-based Blind SQLi • Out-of-band SQLi How to Prevent an SQL Injection The Second Chapter [ How To Find SQLI Vulnerable Sites ] will deal with The best ways to detect site Have SQLI Vulnerability as following in section one will learn how to scan custom site for sqli Vulnerability and then we will learn how to search for sqli Vulnerable sites generally manually in section two and by tools section three Contents • How to Test any Site For SQL Injection Vulnerability | By Tools • Search For SQL Injection Vulnerability sites By Dorks | Manually • Search For SQL Injection Vulnerability sites By Dorks | Automatic Mode The Therd Chapter [ Get Started ] This chapter is the final stage before hands-on how to manually and automatically inject live sites Chapter III contents Section One | How to get the sites parameter to Test for sqli Vulnerability In this section we will learn together how to get sites parameter to Test for sqli Vulnerability Contents • Introduction • What is a URL • URL structure • First: How to get the site parameter using manually • Second: How to get the site parameter using Tools Section Two | Manually Detect SQL Injection Vulnerability In this section we will learn together how to detect sqli Vulnerability manually They are ten manual methods used in this section As following • The First Test: Using Apostrophe • The Second Test: Using Quotation mark • The Third Test: Using English Alphabet • The Fourth Test: Using Single Quote / Quotation mark / English Alphabet • The Fifth Test: add Point before the variable number and add Apostrophe after it • The Sixth Test: add Point before and after variable number at the same time • The Seventh Test: Add the Apostrophe before the variable number • The Eighth Test: Delete the variable number and add the Apostrophe only • The Ninth Test: Delete the variable number and add a slash • The Tenth Test: Using Logical expressions Section Three | Basic of Injecting Parameter Links [ Types of Injection < Get The Point > ] Determine the type of injections of Parameter Links of the basics of injection science, no one should be oblivious to it as one of the key factors in the success of any injection test definitely, It is according to my classification are several types and this can be called ‘Types of Injection’ and they are as follows Types of Injection Contents • Type I: SQL Injection Integer Based • Type II: SQL Injection Strings Based • Type III: SQL Injection Closures Technic • Type IV: D.I.V Injection • Type V: Hidden Vulnerability The Four Chapter [ SQL Database Injection The Black Box ] will deal with all the correct steps to inject a site are from zero until the sensitive data is collected as following The Work Plans Contents • First, Look For a Target • Second, Test The Target For SQL Vulnerability • Note: Testing for Version Third, Find the Total Number of Columns • Key Issue Find the Total Number of Columns 1- Another Method | Full Ask 2- Another Method | INTO+At sign 3- Another Method | PROCEDURE ANALYSE 4- Another Method | The Waf Behaviour • Four, Find The Number Of Vulnerable Columns • Five, Find The Table Names • Six, Find The Column Names • Seven, last Step Extract The uname and pass Column’s Detail • Eight, Get The Control Panel All Previous Steps By SQLmap Tool SQLmap Tool Contents • Introduction • What is Sqlmap used for? • What is Sqlmap tool? • Is using Sqlmap illegal? • SQLmap Overview • What Java JDBC • Why Should We Use JDBC • Do You Know • What is API • Publishable Operations • General Conditions • This tool can test • Clarify what queries are • Vulnerable Urls • Discover Databases • Find tables in a particular database • Get columns of a tables • Get data from a Columns The Five Chapter [ DIOS [Dump In One Shot] Syntax Queries ] will deal with DIOS queries as following The queries used in the previous chapter are simple queries and we will slightly expand on the queries for data extraction in quick combined commands called DIOS or extract in one command. By Using the DIOS queries and once you place in Vulnerable column you will see magic DIOS [Dump In One Shot] Syntax Queries Contents • Part 1: First Inquiry [full One] • Part II: The Second Inquiry [Benchmark One] • Part III: Third Inquiry [MID One] • Part IV: Fourth Inquiry [Export_set One] • Part V: The Fifth Inquiry [Reverse One] • Part VI: The Sixth Inquiry [Replace One] • Part VII: Seventh Inquiry [LPAD One] • Part VIII: The Eighth Inquiry [Make_set One] • Part IX: The Ninth Inquiry [Complete Information DIOS] • Part X: Tenth Inquiry [Database.Table.Column With All Recording] • Part XI: Eleventh Inquiry [All in Full Table] DIOS Syntax Queries | Another Miscellaneous Technicals • First: Print Multiple Variables • Second: Extract Data Count DIOS Syntax Queries | Targeting Specific Database Tables • Extract all database names on the site • Extract all tables linked to the specified database The Sex Chapter [ Error Based Injection ] will deal with all the methods of Error Based Injection as following Error Based Injection Contents • The First Method: The General style • First: Getting The Version • Second: Getting The Database Name • Third : Getting The Table Names • Fourth: Getting the column names within the users table • Fifth: Getting the final data from the columns The second method: Cutting The Value of The Parameter • First: Getting The Version • Second : Getting The Table Names • Third: Getting the column names within the users table • Fourth: Getting the final data from the columns Appendix Number One Of The Chapter: Error Based at a Second • First: Getting The Version • Second : Getting The Table Names • Third: Getting the column names within the users table • Fourth: Getting the final data from the columns Appendix Number Two Of The Chapter : Non-Geometric Error Based Techniques • First: Getting The Version • Second : Getting The Table Names • Third: Getting the column names within the users table • Fourth: Getting the final data from the columns Appendix Number Three Of The Chapter : Procedure Analyse With (XPATH) To Dump All Data In One Shot • 1- get version • 2- get Tables • 3- Dump all columns In One Shot • 4- get Data Appendix Number Four Of The Chapter : BIGINT Overflow Error Based SQL Injection • 1-Test For Version. • 2-Getting table names. • 3-Getting column names. • 4-Retrieving Data. Appendix Number Five Of The Chapter : Error Based SQL Injection Using EXP/ BIGINT [ Dump In One Shot ] • 1-Error Based SQL Injection Using EXP. • 2-BIGINT Overflow Error Based SQL Injection. The Seven Chapter [ The Popular SQL Injection WAF Bypassing ] will deal with SQLI WAF Bypassing Method as following Chapter Contents • What is a Web Application Firewall (WAF)? • Testing For WAF If Exist • Basics Of SQLI WAF Bypassing • CPP-SQL-FUZZER [fuzz Union Based & tables] • New Version Of WAF Bypassing Stuff Security solutions to overcome most of the famous protections Stage Contents • [1] Error: 1271 – Illegal mix of collations for operation ‘UNION’ • [2] Error: Fatal Error Occurred • [3] Error: 307 Temporary Redirect • [4] Error: 400 Bad Request • [5] Error: 409 Conflict | BIND technique • [6] Error: 404 Not Found • [7] Error: boolean given in • [8] Error: Sucuri WebSite Firewall – CloudProxy – Access Denied • [9] Error: The used SELECT statements have a different number of columns • [10] Error : Query failed: Unknown column ‘1’ in ‘order clause’ • [11] Error : Fetching take long time or The connection was reset • [12] Error : Operand should contain 1 column(s) • [13] Error : Subquery returns more than 1 row • [14] Error : multiple queries • [15] Error : Error: (1054) Unknown column ‘xxx’ in ‘field list’ • [16] Error : 418 Unused • [17] Error : ERROR 502 – BAD GATEWAY • [18] Error : Fatal error: Maximum execution time of 30 seconds exceeded • [19] Error : 412 Precondition Failed • [20] Error : 412 Error Your request got filtered out due to possible security issues • [21] Error : The page cannot be displayed because an internal server error has occurred • [22] Error : Column only accepts numbers | New Technic • [23] Error : Can’t Extract Column Number With Order By | New Technic • [24] Error : Solve the problem of the digital values during injection of the asp page | New Technic • [25] Error : Can’t Extract Column Number With Order By The Eight Chapter [ Injection of Miscellaneous Databases ] will deal with Many Miscellaneous Databases And explain how to inject it Injection of Miscellaneous Databases Contents • Part I: Injection of Postgre database Using Union Based • Part II:Injection of Postgres By Error Based Using Nextval • Part III: Sybase Database Injection • Part IV: Oracle Database Injection • Part V: Oracle Databases Blind injection using DBMS_PIPE.RECEIVE MESSAGE • Part VI: Firebird databases injection • Part VII: MS-SQL(Microsoft Server SQL) Injection Download The Book Price $ 10 https://payhip.com/b/hjMp 50% discount for 15 days as book promotion Discount coupon number : HY9DXEC84D Regards
  9. Information Gathering HandBook 1983 Book Cover About Book • 325 Pages • 54,201 Words • 348,092 Characters What we will learn during the stages of this book ? [Information] Intelligence Gathering Open source tools are as follows Contents Introduction To Information Gathering Main Section Web & platform & Tools • Netcraft web application • Maltego platform • The‬‬ ‫‪Harvester Tool First Bifurcation : Platforms That gathering information by searching for vulnerability • Nessus platform • NMAP tool • Shoudan site • Mozilla Launches “Observatory” • UpGuard Web Scan Second Bifurcation : Platforms that gathering information through web scanning • SSLSCAN Tools • Nikto tool Third Bifurcation : Platforms That gathering information through internal network scanning Local Area Network • Arp Ping tool Contents • Introduction • Understanding how ARP works can allow you to do many useful things • ApPenDix | Way Of Discovering Computer On Network Using ARPING • ApPenDix | Detect Duplicate IP Address With arping command under Linux • ApPenDix |Use arp-scan to find hidden devices in your network • NbtScan tool • Scapy tool Fourth Bifurcation : Platforms That gathering information through SMTP protocol • SMTP protocol Introduction • Swaks tool • smtp-user-enum tool Fifth Bifurcation : Platforms That gatherin information through DNS protocol • DNS protocol Introduction • Knock tool Download mediafire mega Regards
  10. I don't see any. We have a few different wifi networks with various Macs, Windows, Android, and IOS devices and nothing shows up. Maybe I'll take it home and see if I get the same results. I didn't have it connected to the internet. But that didn't seem to make a difference.
  11. Hello Community, Staff: If i'm not in right section sorry and could you move it please Just few words about wi-fi .... Smartphones, tablets, laptops, raspberry pi's,arduino's,consoles, etc ..., many devices around us emit wifi. But when we analyze datas (frames) issued by all these devices, we realize that they are constantly seeking the access points(ISP box) on which they were connected, this is what the we call "Probe Requests". If you have already connected to the wifi of a mcdonald,a supermarket or in a friend's home, you will notice that each time you are near a network to which you have already been connected, and that your wifi is activated, your device will automatically connect to it without asking for a security key again. The probe requests issued by your device are automatically recognized by the access point, so you are automatically connected! Interesting so far ... and ?? And if we could get all its probe requests in real time, classify them by mac address, identify the device that emits them and even observe the power of the device to get an idea of the distance to which it is located from ourself.. and all with a device holding in your pocket !! It would be great indeed ... We could know which device connected to where, so we would have crucial information about our target, such as where she lives, what other places she connected to (hotel, coffee-shop,etc ..) and all with a lightning precision up to its exact address with a live view with street view! Prerequisites: 1 Android device / Smartphone or tablet An internet connection: 3G / 4G or WiFi 1 Micro-USB cable 1 OTG adapter Wifi of device you want to track must be activated. THAT'S ALL! For these investigations i built 2 android apps. Respectively called "AP Sniffer" and "AP Tracker". Where "AP" is Access Point. We need also a piece of cheap hardware to get the job done,a NodeMCU v3.0 module is your guy! Some arduino code to sniff and display results with AP Sniffer app. We need to connect our module with an OTG adapter as in the following image: Once plugged in,we launch the AP Sniffer app. As soon as the connection is made with your module this one will immediately sniff all the devices around you, identify them in real time thanks to their addresses mac (Apple, Samsung, etc ..), determine the power of the signal emitted and especially what are all the access points to which they have already been connected! Let's see this in detail: RSSI: Power of the signal emitted by the devices around you. Measuring in dBm, the more you climb to the -90 plus the device in question is far. Conversely, the lower you get to -50 dBm, the closer the device will be to you. To give you an idea, if the box of your home is in the room next to where you are, you will average -60 dBm. The dBm is an abbreviation of the power ratio in decibels (dB) between the measured power and a milliwatt (mW). DEVICES: You guessed it, these are the devices that surround us. Note that sometimes there may be some latency to appear devices, because the module must first wait for the probe requests so that the application can make a lookup in a text file internally. An up-to-date list of more than 23,000 manufacturers to determine which mac address matches which manufacturer. Also note that some devices issue probe requests every X minutes depending on the model ... Sometimes it can take several minutes to get all the probe requests around you! Each device is different!! You must also take into account the limit of the wifi antenna of your module! If we gain in discretion by the size of the module, we lose in signal range, do not expect to recover all the probe requests of a whole street without moving, be realistic! ACCESS POINTS: As its name implies, it is all access points to which all devices have already connected at least once. These famous probe requests transformed here into mac addresses! You can see how easy it is to see all the requests made by the devices around us. And ?? It's fine but what we do with these mac addresses ?? How do I know where the guy lives with his samsung near me ?? All sweet we come. Now you know which device you want to track, you just have to open our second app AP Tracker. Once started you just have to type the chosen mac address and press Track! I let you observe the impressive result! Now you know the exact address from where this device were connected at least one time! In addition you will have a live view with street view API and GPS coordinates! You are able to track all the probe requests of all the devices that your module will have sniffed ... you now understand the dangers... We reach the end of this story,hoping it will be useful for your own security. Cheers!
  12. What's the best pace to have secure and reliable DDoS protection service? I have found a lot of positive reviews of ddos-guard [dot] net, are they as good as they are spoken about?
  13. hey guys thank you all very much for the pointers i will work my way through the sites along with my training
  14. Hi I’ve been looking at the proxmark3 easy, mostly on flea bay...eBay 😁 Has anyone on here had any experience with the Proxmark clones? Any good?
  15. @Bob123 I can't really say much on the bash bunny side of things as I haven't used them much recently. Payloads should remain functional through firmware versions as long as a dependency or syntax change doesn't occurs, but it is possible for firmware updates to cause the issue if so. One common issue I have seen with the bash bunny payloads is users not configuring them correctly or they payload not be compatible to work on the user target system. Depending on the configuration of the target system a payload may not work at all. For example, some payloads can be blocked by admin settings on for say a Windows 10 system. This is a long debated topic. I think it really goes both ways depending on the situation. If you have a direct need from a system and have it working the way you want, don't risk updating unless you are for sure the update is confirmed working or you have a reason to update. But on the other side, if a system is used in general it is best practice to update for improvements and patches you may be unaware of. I'm sure this could be debated for days but when it comes down to it, do whats best for you and your needs.
  16. Whats your experience with CAD software? I know Fusion 360 does not meet two of your four requirements (It is cloud based but can be cached offline, it is free - not open source) but it is very easy to use and a lot of documentation online to help you learn if you are new to CAD. Not the best software if you want to edit STLs but great if you want to design then export STLs for printing. FreeCAD is a good option as well but it is better suited for someone with some CAD experience or if a beginner plan to do a lot of reading/videos to learn. It has a ton of features and addons that make it very versatile but just not always the easiest to use. OpenSCAD is another option but it is different from what some users know as CAD software as it is a programming style software. It has some advantages like once a design program is written it can have editable parameters so others can easily change the design with just a few value changes. There are other options as well but really comes down to desired features and your background in CAD software.
  17. The module does not work with the latest firmware, yet. I haven't had much time to work on it. But it's coming. However, the hostapd-mana package does work, so if you're experienced with using hostapd-mana, you can use it manually in the terminal.
  18. Thanks for info. Didn't look at the github for that module but when tested it the module will install but not the dependencies.
  19. @Zylla, Hello! ManaToolkit can not install yet. Please, tell me, when you update dependencies?
  20. Rkiver


    Which phone? Which OS? Which OS version? I'd suggest googling your make, model, OS version and then "non pc root".
  21. Bwag88


    Does anyone know how to back into the root of a smart phone without having use a pc?
  22. Hi, you can try repairing the USB Root Hub. here are the detail steps, hope can help you. Step1: Press Win+R and type devmgmt.msc and then open Device manager of your computer system. Step2: Look for “Universal Serial Bus Controllers” and click on it to expand the list. Step3: Now, search for “USB Root Hub” option and right click on it to select the properties. Step4: After this, open “Power Management” option to uncheck the option “Allow the computer to turn off this device to save power” and press “OK”. And I think you can download the Bitwar data recovery on your PC in advance to avoid data loss. Good luck
  23. Last weekend I've been looking for more info on CAD-software to design a case/enclosure for multiple dongles with a Raspberry Pi. I've seen dozens of possibilities, but have no idea which tool to choose. This is what I am looking for; - Software to design enclosures for PCB's - Preferably free/open-source - Not cloud based - For use with an Ultimaker printer (compatible file types: STL, OBJ, X3D, 3MF, BMP, GIF, JPG, PNG) Hopefully someone has any tips about good software to use for creating enclosures for various types of hardware. Looking forward to hearing the experiences in using different CAD-software and recommendations. What software does Hak5 uses to create the enclosures for the different products for sale? Thanks!
  24. Just remove screw back your Lan Turtle & see socket for expand micro SD slot. sry for english
  25. urlsnarf not working with 2.6.0 even if in github quotes "upgrade to 2.6.0"
  26. Last week
  27. Would the same be true with quickcreds and openvpn modules on the bash bunny and lan turtle? I tried to help others months ago and their brand new bash bunny and lan turtle wouldn't work yet mine seemed to work right from the get go. These are older modules and I guess I don't remember having issues back in the day when they were first popular but my firmware is also several revisions older than what's out there now. And I never did find out if it was a firmware issue or and update to the linux software. I've noticed a lot of people doing software updates on their devices "apt-get" and I'm curious why that would ever been necessary. Apt-get one piece of software sure but apt-get upgrade just to do it??? Why?
  1. Load more activity
  • Create New...