Infiltrator
-
Posts
4,287 -
Joined
-
Last visited
-
Days Won
22
Content Type
Profiles
Forums
Gallery
Events
Posts posted by Infiltrator
-
-
You could implement, port knocking, it would be more effective.
-
<html dir="ltr" lang="EN-US"> <head> <title>Sign In</title> </head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033" /> <meta http-equiv="X-UA-Compatible" content="IE=5" /> <meta name="description" content="Powerful free e-mail with security from Microsoft - Windows Live Hotmail is a best in class e-mail service that helps you organize and manage all your online stuff in one place" /> <meta name="PageID" content="i5030" /> <meta name="SiteID" content="64855" /> <meta name="ReqLC" content="1033" /> <meta name="LocLC" content="1033" /> <body> <noscript> Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked. <br /><br /> To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help. </noscript> <script type="text/javascript"> var g_dtFirstByte=new Date(); </script> <base href="" /> <link rel="shortcut icon" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/favicon.ico" /> <link rel="image_src" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/Windows_Live_v_thumb.jpg" /> </body> </html> -
I agree with Digip, try elevating your privileges by bypassing Windows 7 x86/64 with SET and Metasploit.
Here's nice video, demonstrating how to do it.
-
You could configure those systems to be a webserver and MySQL server and use them for practicing your pen-testing skills. That's what I would do with them.
-
Here's a quick guide, to help you out.
-
If you are comfortable with Linux, you could use IP tables to forward your Apple TV traffic to your SSH tunnel.
-
From memory you’re like me, in Australia our ISP’s are too lazy or too stupid to offer this level of support.
Most entry level and cheaper routers have a remote access option, eg you can access the management interface from the WAN interface, some routers like Billion also have an option to only allow this from a set subnet or for a set time period after a reboot.
The 2wire seems to be the chosen replacement for ISP that used to punish customers with the Thompson range.
They also use a “default” password, which is normally set by the ISP and is mostly a mangulation of the mac address, serial number (also used for default WPA key)or the users account name or number, or just a random 8 to 10 character string, and this seems to vary between ISP’s, a bit like the Thompson’s.
The password maybe be stored in the flash RAM somewhere, and I would hope it is encrypted, but I have been proven wrong, I also have a suspicion that the ROM on these are modified for the ISP, so the default password could be hard coded.
I also believe the 2wire doesn’t run a linux variation or something that can easily hacked or modded, so unless there is diag feature, which I doubt as these are cheaply mass produced and are a throw away, rather than repair item, you may be out of luck.
Unless you are handy with a soldering iron and know how to dump the ROM contents, or you could try a factory reset, but that would lose or your settings etc.
Oh Yes you are right, my cisco router has an option that allows remote WAN management. By default, it's turned off and I hate the idea of having a third party managing it for me. I rather manage all my IT gears myself. I'm also from Australia, by the way.
-
I can think of MITM style tactics to trick someone into typing the password on a bogus router login page... but other than that this will be a toughy.
How does the router store the password? Is it hashed? What OS is the router running?
How is the ISP remotely resetting it?
I've never seen that before, can an ISP really have control over your router! I thought only the end users, could access the router NOT the ISP.
-
Solved. The problem had to do with migration.
Before meterpreter will drop into a shell with system privileges, it first has to migrate to a process with system privs. If you drop directly in like I was doing you'll have whatever privs the browser was running with.
Aer the migration to a process with sys/admin privs, if you drop into a shell you'll have sys privs.
Without proper privelege you won't go very far. Glad you got it sorted.
-
thanks guys i have used to etercap ! its awesome tool
! like this
is there a way to sniff someone system outside the network !
It's possible but you need to be in between the victim and his ISP, which would be a very challenging thing to do. That requires having direct access to their routers.
Another scenario would be, via a wireless access point, if he/she has one.
Or you could use RATs, to do some keylogging.
-
I'd agree with Jason, just use the InnoDB MySQL Enginne, it will be much more reliable and offer a good level of performance. In addition, for incresed read performance, I'd use a NAS device in RAID 5 or 10.
If you need more information, check out the MySQL Engines reference manual.
-
Honestly (and I know allot of people will disagree with me on this one) do as much as you can!
No matter what field of IT you are in, it is important to know as much about all of the surrounding technologies because trust me, you will eventually come across them.
Personally I am in IT Networking/Network Security, most of my colleagues only have experience and certifications in Networking and it shows.
It helps me a great deal to know about, Data storage, servers, Microsoft, virtualization, VoIP, CCTV, when there are problems with a network.
Probably the biggest must have if you ask me is CCNA - it is a great course for learning networking fundamentals (Far better than N+)
I wouldn't disagree and in fact, the more you know the better it will be for you and your job career. It will make you stand out more in the crowd. Of course, It will be a disadvantage for some, because they lack the experience but for you its a benefit that pays off.
-
Are the victims able to obtain an IP address at all, when connecting to your Evil Twin?
-
Proxies are generally used for bypassing certain firewall restrictions, like schools or corporate blocking users from accessing certain websites. Proxies won't make your IP address be completely hidden, if you were to commit a cyber crime, they will still be able to trace back to your IP address.
-
They both have their own advantages and disadvantages, from a learning pespective I'd recommend you to learn them. Get a feel and experience for both, but knowing more won't hurt you, will only make you more knowledgable and smarter.
-
Its fun to see people looking in the back seat and i have this meter wide antena on the back seat :) if it works just do it :)
google gogles thinks its a TP Link TL-AN2424B but its not :)
Have you even gotten into trouble or ever had anyone approaching you because of the antenna?
-
It sounds like you may have some hardware problem.
1) Is the power supply overheating at all?
2) Make sure the CPU Fan is sitting properly.
3) Make sure all cables are clean and in good condition!
4) If else fails, it could well be the CPU or Mobo, that's causing the lockups/freezes
-
I am using metasploit and I tried to use hail mary with armitage to expose a remote computer on a different network than the one I am using with metasploit. I downgraded to metasploit 3.7 and tried the same thing with db_autopwn. It still did work. I was not getting any meterpreter sessions, however there where several exploits I could use. My question is do I need to portforward to exploit a remote computer with meterpreter or any other metasploit exploits. Also how do I do this. I know how to portforward.
If the remote computer is behind NAT/Firewall, than you won't be able to attack it directly. You will need to get around it, by using a reverse_TCP_connection.
You can do that, by encoding a reverse shell into a PDF file and opening it on the remote computer.
Furthermore, if your attacker machine is also behind a NAT/Firewall, you will need to enable port forwarding on the router, or else you won't get the reverse shell.
-
Check out this website for more info.
-
ok bro, wen the switch re discover more than ip with same mac address wha would happen ? the interception would not be possible ?? or how to come up from such situation ?
yeah yo right in wireless case we don have a switch instead Access points ! how do i add static entries in their machines ? when i have no access to thier system ? sniffing from the gateway interface would not enough to look up the victims encrypted passwords and in and out using ettercap ?
Digip is right on the money, watch this video for more information.
-
Hi everyone :)
I am developing a toolkit with new tools for man in the middle attacks.
Quick question/survey : Should i use sqlite3 or should i make a text-file-database ?
From a performance point of view I'd use SQLlite3.
It's a lot easier and cleaner to maintain than flat-file database.
-
Yeah I know the point is legal content. However, we all know that isn't what the main use is. And we all know that hardly any of us just leave stuff seeding forever.
You made a good point, and for as long as we keep the contents for ourselves, and do not distribute in any way, shape or form. I wouldn't consider it piracy.
-
Right, so I've got backtrack inside VMWare, but I'm wondering if it would be possible to try out exploits from within Metasploit on the host machine (Windows 7)?
I don't quite follow you on this one! Are you trying to exploit your Windows 7 machine?
-
I've used Debian and Fedora before and they can be quite complex and difficult to learn, specially if you are a beginner.
I'd use Ubuntu, it will be a lot easier to learn, and there are plenty of tutorials on Google, on how to use it.
It will also give you the experience you will need, for later when using Backtrack.
Xerox Scan To Folder
in Business and Enterprise IT
Posted
Apart from making sure, the scanner has the correct user/pass, also make sure the shared folder, has write permission set or the scanner will not be able to save the documents.