Jump to content
Hak5 Forums

digininja

Global Moderators
  • Content count

    3,412
  • Joined

  • Last visited

  • Days Won

    74

About digininja

  • Rank
    Hacker

Contact Methods

  • Website URL
    https://digi.ninja
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Sheffield, UK
  • Interests
    Hacking, Coding, Climbing

Recent Profile Visitors

17,794 profile views
  1. digininja

    How to get started in Cyber Security?

    Sounds like a Challenge Anneka or 321 clue if you have to work it out like that.
  2. digininja

    How to get started in Cyber Security?

    Are some of your posts done by a bot as this makes no sense at all.
  3. digininja

    How to get started in Cyber Security?

    That is true, it will teach you how to install them which involves understanding dependencies, versioning, using repos such as GitHub or such as PPA, permissions and all sort of other stuff which is really helpful. If you know how to install all the key tools you use then when you pop a shell on a client's network and need to pivot through it you don't have a sudden learning curve. It also makes you focus on the tools you actually need. If you are going to spend time installing a tool you may as well be installing the correct one for the job, so do some research, work out what will do what you need, then install that, rather than just looking in a pre-selected list of tools other people use and picking one at random because you need something for X and it is in the X category. You also need to remember that not all tools are Linux based, I use a lot of Windows tools when I'm testing Windows networks, at that point, if all you've learned to use is Kali you are screwed. In the DVWA support team we get loads of people asking how to get it working, the vast majority of the time it is because they are missing a really obvious library or have missed setting the permissions on a file. If you can't install the app that you are trying to hack, it doesn't bode well for your changes on actually hacking it.
  4. digininja

    How to get started in Cyber Security?

    The recommendation is the same to everyone, learn as much as you can in as many areas as you can and show your enthusiasm for the subject by blogging, tweeting and getting involved. As for Kali Vs Parrot Vs anything else, they are just Linux distros with pre installed tools. You don't learn Kali, you learn the tools. My recommendation is to pick a standard distro such as Debian, and install the tools yourself. That way you improve you sys admin skills, understand how the tool works and get to pick the tools you want to use rather than fumbling through a raft of them picked by someone else.
  5. digininja

    42.zip bomb

    It is only a problem if you do a recursive decompress. Pick a single file and just pull that out, that will be a compressed file. Repeat the process. If you are worried about crashing the computer, create a fixed size drive and mount that so it can't escape beyond it and kill things.
  6. digininja

    42.zip bomb

    extract a single file
  7. digininja

    42.zip bomb

    The easiest way would be to grab a copy of 42.zip and have a look how it is made: http://www.unforgettable.dk/
  8. digininja

    acceesing network from outside

    That will probably just be a problem with NAT or open ports. Do some research, it's well documented.
  9. digininja

    acceesing network from outside

    There is no difference in exploiting a box based on its location, the difference is in post exploitation as you might not have direct access between the boxes. You can stimulate this locally with virtual machines, no need to use internet based hosts.
  10. digininja

    acceesing network from outside

    Not everything can be compromised, unless you've installed a deliberately vulnerable versions of software or deliberately configured them with weaknesses. If you have, then get them off the internet now otherwise someone else will compromise them and you'll lose your box. Why are you wanting to attack something over the internet? What are you trying to achieve with it? Attacking a service is the same regardless of whether it is local or remote and you can very easily build a VM environment to simulate a remote network if you really want to.
  11. digininja

    changing header host to view content behind a login

    That has absolutely nothing to do with the original question which was about failure to correctly check authenticated. I would disagree with them even if we were talking about input validation.
  12. digininja

    changing header host to view content behind a login

    What are you talking about? No one mentioned quotes and what is rule 3?
  13. digininja

    changing header host to view content behind a login

    The weirdest one like that I've seen was you could put a . in front of the domain name the requests bypassed authentication, ie https://.hak5.org would bypass things, https://hak5.org would get restricted. Didn't work with any other messing with the host or domain so I suspect a slightly broken regular expression somewhere but could never prove it.
  14. digininja

    changing header host to view content behind a login

    Sounds like they've just messed up their vhost configuration and the authentication is only checking on the site.com vhost but the server returns the same content regardless of whatever vhost is requested.
  15. digininja

    Is it right to start as a script kitty?

    And it is script KIDDY not kitty.
×