i8igmac
-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
not sure if kali needs sudo. Bit give it a try
sudo msfconsole
Also you should not use a port that kali currently has in use by other services.
Type netstat -ntlp
this shows ports currently in use
-
post your commands for generating meterpreter and using multi/handler from metasploit.
I use payload/android/meterpreter_reverse_tcp
-
You could enable 'display_errors = on' in your php.ini file...
just close your eyes and type on your keyboard if you want to practice blind sql injection.
As said by digninja. You don't see any Data display on the page that a error exist or data has been modified due to the web applications design.
If you see your page sleep for 20 seconds then display data then this is how you prove sql exist.
it may take multiple attempts to confirm injection exist.
Like telling the server to ping your remote machine. Tcp connect to a remote machine. Email a personal account.
-
has any one tested this... this seems huge.
Pineapple effected. Openwrt/ddwrt effected.
-
14 minutes ago, Spoonish said:
Ive got two acer 11’s CB3-131-C3SZ.i’ve piddled around with linux on them but never balls to the wall. Love them, lightweight, ips screen, 9-11 hr battery. Plus you can odten get them at or just above $120.
I’ve got my eBay eye open for a good price on an acer Chromebook 14 CB3-431-C5FM or a Acer Chromebook 11 C740 which you can swap out the HD for a 128 or 256 SSD.
check out http://www.fascinatingcaptain.com/product-reviews/best-chromebooks-for-linux/ for some 2016 information
The perfect mobile linux development device.
-
22 minutes ago, ThoughtfulDev said:
The intel ones do work with e.g Gallium OS(which is ubuntu + the necessary chromebook drivers). (use it myself)
have you tried gnome shell v3.
-
I was thinking a chromebook with intel chip. I don't see any one talking about them here.
my wife has one with a intel chip. I have been itching to fire up linux. I have read its hardware works out of the box.
They are cheap.
The toucch sccreen might perform well with gnome shell3 and will give it a greate tablet style user interface...
Long battery life.
-
21 hours ago, i8igmac said:
Proxysploit.
have done with my phone instead of the bunny but the concept is the same. turn the device into a proxy and your high performance metasploit machine from home sends the exploit code to my phone and is then passed onto the wifi network...
I have a video on youtube with the poc. I posted here somewhere...
The simplest way to do this is install a reverse meterpreter on your bash bunny... then pivit your exploits onto the network...
This can all be done in metasploit...
-
Proxysploit.
have done with my phone instead of the bunny but the concept is the same. turn the device into a proxy and your high performance metasploit machine from home sends the exploit code to my phone and is then passed onto the wifi network...
I have a video on youtube with the poc. I posted here somewhere...
-
1
-
-
2 minutes ago, sqtqnforlife said:
I'm downloading burp-suite right now. A quick tutorial if possible would be great !
After you configure your browser to use burp proxy. perform all the steps to connect your browser to chat room.
This is the screen you want to see...
Start with a fresh session, new ip, new nick and maybe another device like your phone...
-
5 minutes ago, sqtqnforlife said:
You can choose your nickname, age, ... etc, however even if I choose a new nickname, age, mail, ... etc still getting banned !!! The problem is not the username, but more complicated than this, it has something to do with the browser (Read carefully my first post here) !!!
Do you know how to use burp-suite... you can tamper with the data here...
Here is a list of agents.
-
1 minute ago, sqtqnforlife said:
Thank you for your answer, however I've tried so many '' User Agent Add-On '' that seem to change my Device / Browser version / .... on Firefox, Opera, Chrome, .... etc But still getting banned !
I think either these Add-On are just scam, or there is another parameter in the browser that allow TecAdmins / NetAdmins or OPs to catch me ...
N.B: I've tried '' Tamper Data '', but it's no longer available / compatible for newer version of Firefox.
when you open your browser to this irc application. The user name is random generated?
-
your user agent... simply change it...
with your web browser, install a tool like tamper Data. It will allow you to quickly change this user agent to something else...
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; it-it) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16"
try and change a single number like 528.16. ---> 568.16
should be enough to evade banning. If not then change a little more.
This hole process could be automated... even the part where you release your routers ip. I have done this before, its a single page request to your router, it will almost instantly be released and renewed...
learn sockets with any language of your choice... python, perl or ruby.
-
10 hours ago, Philip From Australia said:
I'm calling shenanigans.
Absolutely. Meterpreter does not exist for iphone.
I guess this is a simple form of social engineering. I can unlock the iphone and give instructions to siri or navigate threw the phone and change what I like.
Complete access!
This is my boss's iphone. My boss's audio clip. the potential here is unlimited or limited to what the device's capabilities.
i can use this audio clip to remove his voice recognition with Siri and replace it with my own. Essentially locking him out completely. If I was also to post on his lock screen a bitcoin account for deposit... um hopefully you get the rest of this hypothetical scenario...
I have only goofed around.
'Siri remind me to give my smartest employee a substantial raise'
-
10 minutes ago, JKAIN said:
I have found an exploit that turns off a phone. I am wondering how i can develop this into something?
is this a proper exploit.
like the old iphone crash with a simple string that you would tx msg or post on facebook.
effective. Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗 --
Or is your exploit something you need physical access...
-
8 hours ago, digip said:
POC||GTFO..lol
Show us some video demos. Shouldn't be hard to test possibilities, but I don't own an iPhone.
Its all theoretical lol... like everything we do around here...
I guess you could send contact list via email (boring). Maybe set 100 thousend reminders of pwned(kinda funny). Set a reminder to visit your favorite gay porn site and don't forget the lube. or maybe even launch a porn video...
I also don't have iphone. This was something I did in fun and jokes... currently I am sitting next to my boss and his iphone.
I could have alot of fun with this.
-
6 hours ago, Dave-ee Jones said:
One (or many) major flaw (or flaws) with this..
There is no iPhone I know of that actually downloads a shell (being iOS as well) and executes it. From what I've found with iOS you can't download ANYTHING except for images and text - let alone execute it.
And recording someone's voice while they're talking to Siri? Surely you would've been at least 2m away, how can Siri understand anything? I've tried to talk to Siri with an iPhone and she mistook "Hey Siri, call Jack" with "Looking up Saul Mack", and that was while it was in my hand. Not to mention you can't even say "Hey Siri, go to bigmac.com/meterpreter". She's BOUND to get something wrong there, being a URL.
Seems like complete fiction to me.
However, I reckon the idea would work in terms of spoofing being the iPhone's owner to Siri. But the way you did it sounds soo dodgy.
It is almost complete fiction. When I said download annd execute meterpreter. Siri responded far from what I instructed...
My friend watch me do the hole thing. his reaction was priceless...
-
8 hours ago, Exmix said:
It's maybe 2 years old. So i'm sure i'm fine.
A small drop? It's an internal HDD, in a desktop that I don't move. Take those unnecessary insults somewhere else.
I apologize.
-
1 hour ago, Exmix said:
I just ended up using an old 350GB HDD and slapped that in and dual-booting with that. I just never really thought to try it or look into it. Most the time myt laptop is my Linux station.
Your at a higher risk of loosing your data with this old spinning disk.
A small drop is all it takes... its happened to me twice... the first time was walking with it still plugged in and jerked out of my hands... the second time was a jealous girlfriend giving it a good smack...
Old spinning hard disks are for sad depressed people... follow my advice before you become this person...
Take out the tampon and GO for it lol...
-
1 hour ago, Dave-ee Jones said:
I wouldn't say that's the same thing as one SSD partitioned into two though. Those 2 SSDs can still use their own power to boot themselves, while the one has to 'boot' two different partitions which could contain two different OS' ('boot' being in quote marks because it's still only booting the one SSD, but has to separate itself).
I've never done it, probably never will, probably never need to. Get two 256GB SSDs, they'll do the job. I've got one 500GB Samsung Evo SSD, works fine, and fast.
its the writing that would cause a ssd to go bad or deleting and over writing.
Think of it like this. If you write 10 gigs of data every day to the drive, your drive would last you about ten years.
its the life expectancy of the drive that should be advertise by the manufacture. this is a low ball guess but a safe guess at 100 terabytes of data write before failure...
Booting up your os is not going to consume the life expectancy. Letting your computer idle causes more damage then powering the device on.
as I said before. Go for it... it is safe...
-
Password protected archive. And maybe place a binary file in the root directory like 7zip or something alike
-
Go for it.
I have 2ssd's in raid zero in my laptop. This baby powers up with a snap of a finger.
Just always be careful with the data you store on this machine.
I have setup a raid backup file server on my desktop. I put all important stuff here.
Four drives 2 terabyte each.
If one hard drive fails, I can replace the drive and recover the data.
-
1 hour ago, bored369 said:
Also with the dolphin attack and ultra sounds you could play it from your pocket right beside someone and have their phone freak out in their hand
I was thinking this could be done with parabolic reflector. Could maybe achieve great distance with recording and transmitting...
-
This was about a month ago.
I notice all the guys I work with have iPhones and constantly use siri.
So I turned on my microphone recorder. And record my friends voice when he ask siri a question.
Bingo. Lol I now have his keys to his phone...
A quick test. I played the voice I recorded
'Hey siri.mp3"
Then I spoke the first command that come to mind.
"Download a file from bigmac dot com/meterpreter and execute"
And boom. I was given a meterpreter shell And all his porn accounts now belong to me ;-)
So, has any one thought of ways to exploit this?
Metasploit Multi Handler failure to Bind
in Hacks & Mods
Posted
Just a quick test. Set RPORT to its default 4444.
If I read your post correctly, you said apache is on port 8079 and your handler faild to bind to this port because it is already in use?