shesellsseaSHELLS
-
Posts
8 -
Joined
-
Last visited
Posts posted by shesellsseaSHELLS
-
-
Yes sorry i used the wrong terminology. It is encrypted you are correct, My further question is, The possibilty of remotely de-crypting the hash through sequel injection. Either that or obtaining admin password and somehow getting remotely client side. Just hypothetical of course !
-
Hi there guys,
Just conducting an assesment recently when i found a hash i've never seen before.
Here's the sample " UceWpAaS6iw55I1cwoc75xjsXDk= " Without the quotes.
It was from a mysql 2000 server i am wondering if anyone has seen this type of hash before.
If so what is the name of it.
Any input would be greatly appreciated. Cheers
-
I think i understand what you mean, But what im saying is if there's two people that have exactly the same 'linksys' wifi router and they both have made a custom password which is the same = password1 the only difference being that 1 user has renamed the SSID to 'mywifi' but the other has left original 'linksys' how would someone know to use the " LINKSYS RAINBOW TABLE " if the ssid was changed to MYWIFI ?
-
Hey guy's can i ask, How does the SSID relate to the WPA passphrase ? If the user has made a custom passphrase for their wifi network.
-
I had assumed this to be one method of exploitation (metasploit) However, Metasploit in my past has been VERY unethical for gaining Remote desktop. I use metasploit in a VM instance of Backtrack but i always have technical difficulties, i do find trojan tools alot more simple with client and server (SCRIPT-KIDDIE) i know lol but do you know much on private encryption of exe files ? Because i could then DNS poison all computers on network to a JAVA DRIVE BY DOWNLOAD
-
Well MSTSC is not really what im looking for because i dont have passwords for the computers on the network. So yeah Exploitation would be my best option, Any ideas on exploitation ?
-
Okay guys first off to save alot of time-wasting and misunderstandings i will re-create a scenario so you can give the best possible feedback !.
SCENARIO
STEP 1: Find unsecured WIFI network or crack WEP of secured.
STEP 2: Connect to WIFI network
STEP 3: Login to Router 10.1.1.1 or any other type 198.162.1.1 doesn't matter
STEP 4: Okay here is what i mean by possibilities, Of course my main objective is to establish a remote desktop connection or be able to view files. I was thinking to do something with DNS re-direct so i can redirect all there attempts to a site of my own which would force a malware download, However this seems to be a little unethical due to the fact that creating a java-drive by will need a crypt of the trojan bla bla bla, So if anyone can think of any other methods i would greatly appreciate it.
So my final goal is to be able to have remote desktop on the other computers of the network or atleast one of them and/or view the files on there boxes.
Brute-force
in Security
Posted
Hi guys just very curious as to how or if there is any tools in the backtrack distro's that allow brute-forcing dictionary attacks on HTTPS forms.
Im curious as to how linux would handle the " Human Vericode Verification " after a certain number of failed passwords.
If there is any scripts/tools that allow some way for this technique to be acheived please do explain.
I guess what made me think of this is a recent story about some of hollywoods e-mail's being cracked with brute-forcing the email passwords,
Is this attack possible for example on ymail or gmail or any other generic email providers even when they prompt for a veri-code authentication after a certain amount of wrong passwords.