Jump to content

no42

Dedicated Members
  • Posts

    925
  • Joined

  • Last visited

  • Days Won

    17

Profile Information

  • Gender
    Male
  • Location
    Earth
  • Interests
    RIP

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

no42's Achievements

Newbie

Newbie (1/14)

  1. RIP the Legend of Snake

  2. RIP Snake; 42

  3. Snake is gone?

  4. $5 wrench technique always a winner: https://xkcd.com/538/
  5. and he becomes a master / ducky-jedi
  6. Depends on how the database/system is implemented? Part 1: Getting access to the database. SQL injection through web applications is usually the most common ways, as web applications are so common these days. What people sometimes forgot is that binary/native/thick applications can also communicate with databases, and sometimes a network port is available. But usually if the application is in the public domain a web gateway is used to proxy the database traffic; as opposed to internal (eg. corporate) domains will have the databases accessible across an internal network. With logical access to the database services; you can try many other attacks; brute-force the login, apply any remote code election exploits, some database versions even suffer authentication bypasses. Part 2: Configuration of the database With access to the database, the next step is usually a privilege escalation to get database administrator (DBA) privileges; some databases are misconfigured that you may have logged in as the DBA. But if you haven't, your looking for a weakness in the functionality or a stored procedure to give you extra permissions or alternatively brute-force the dab admins credentials. Once dba privileges have been achieved you can plunder all the databases stored on the affected server. In addition to all the associated users passwords hashes; its likely that passwords are repeated by developers on other systems, or could be domain-accounts leading to further compromise.
  7. Do you have a USB keyboard? and can you use a USB sniffer to captcha the key combination of \ looks like the encoder needs to be updated.
  8. Just look at the ducky decode website, any newer encoders are now on google drive. Another way is to post the inject.bin file; i can easily reverse it; or hopefully others can, I'm pretty sporadic on here these days
  9. Can you try the offline encoders? I want to figure out what version this bug might have crept in. Thanks ~
  10. You have 2 options: 1) Use 2x HackRFs (1x receiver, 1x transmitter) - due to the 1/2 duplex nature 2) Use a bladeRF - as its full-duplex
  11. Source code is available, just make the necessary changes and recompile.
  12. This is currently only possible in the hard-coded firmware. Currently not possible in DuckyScript. Hardcode.zip
  13. Easy enough to implement, I just don't have the time these days. The source is available, a suggestion would be to do it your-self.
×
×
  • Create New...