Jump to content
Hak5 Forums


Global Moderators
  • Content count

  • Joined

  • Last visited

  • Days Won


About digininja

  • Rank

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
    Sheffield, UK
  • Interests
    Hacking, Coding, Climbing

Recent Profile Visitors

17,319 profile views
  1. Require admin login and password - IP Camera

    I'd send it back as not usable under warranty then if you can't log in and use it.
  2. Require admin login and password - IP Camera

    Have you tried contacting the supplier? There are plenty of sites that give lists of default IP camera credentials, I'd go through them and give them all a try. These things usually reuse firmware so there is a lot of password reuse.
  3. New-ish idea

    They can both be made to do the same things, the Interceptor just takes a lot more work and effort.
  4. New-ish idea

    I created the first Interceptor on a La Fonera + I think, really old hardware but worked fine. You can build any of the Hak5 products yourself on commodity hardware and that is how most of them start, the Pineapple started on a basic Fonera then developed. If you want to build your own to save some cash the go for it, there is nothing stopping you and it will probably be a brilliant learning experience. There are two reasons to buy the products, the first is to save time and effort, if you want a tool that works straight out of the box and has active community support, then that is what your money is getting you. The second reason is to support the show, cash raised from the shop goes to keep the Hak5 shows on the air.
  5. Any Way to be in MITM into a network

    Do you have consent?
  6. Any Way to be in MITM into a network

    What do you mean by access? Do you have consent to access them?
  7. You've got it the wrong way round, he was asking about disabling it in the browser not on a site.
  8. It depends on what you allow to run, if you are very careful and selective then maybe. Some sites are insisting that you allow JS to allow their adverts to load before giving you access to the content. If you do, then any malicious advert served through that network gets you owned. There have also been a few recent examples of sites which have been compromised and things like JS based crypto miners added to their own, local JS libraries so if you allowed that, otherwise legit site, to run JS then you'd be owned. So I'd say it isn't pointless, just really hard to make work without making it pointless by allowing too much to make it useless.
  9. Like you say, good luck using the internet without JS. I tried it for a while years ago and it was a pain then, having to whitelist all the sites that I wanted to use and then tweak the policies to get things working. I think that it is a nice idea but one that is doomed to failure.
  10. CryptoMining Via Youtube?

    It is an amazing area, you just have to keep a very open mind and never rule things out.
  11. CryptoMining Via Youtube?

    Even if it was HTTPS not HTTP, it wouldn't matter as I have full control of the content you are viewing, the only difference is whether you are viewing it over an encrypted channel or not. The lesson, not meaning this in a bad way, is never to think that you are perfect and don't make mistakes or do things you really know that you shouldn't. For anyone who doesn't believe me, read up on how Anonymous was taken down. One small slip by Sabu brought the whole thing down and regardless of what you think of them morally or ethically, they are/were a bunch of very intelligent people. Back to your original question, as I said, there are loads of different ways they could have got you and, without a lot more info that could only really have been collected at the time, you'll probably never know. You could try keeping an eye on this history list, maybe daily, and if you notice any additions then check your browser history for that day. You can't rule anything out as even top corporate sites can include malicious adverts, but you might be able to spot a pattern and narrow things down.
  12. CryptoMining Via Youtube?

    If I'd redirected you to a page that had a bunch of youtube videos embedded in it then that would have achieved the same as you were describing at the start. You don't need to be "attacked" or to be vulnerable in some way, you just have to use the internet.
  13. CryptoMining Via Youtube?

    There you just proved that you will click on a HTTP, not HTTPS link from a random stranger. Everyone does it, most people won't admit it though.
  14. CryptoMining Via Youtube?

    You can call yourself whatever you want so yes, could be. Or they could have other bits to their bot that also do crypto mining and this is just the bit that you've noticed. If it is this, you could have got caught in loads of different ways, have a look at this <link removed> for some ideas.
  15. CryptoMining Via Youtube?

    I don't see how adding extra videos to your watch list would help in crypto mining. I can see it being used to increase the viewer rate of certain videos. The attack would be to silently open a tab or use an iframe and auto play the video muted so that as far as youtube is concerned you've watched the video in a legit way. There is probably a minimum time that would be needed to count as a watch before the window could be closed.