Jump to content


Global Moderators
  • Content Count

  • Joined

  • Last visited

  • Days Won


About digininja

  • Rank

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
    Sheffield, UK
  • Interests
    Hacking, Coding, Climbing

Recent Profile Visitors

20,196 profile views
  1. digininja

    MSI Laptop

    Looks like a BIOS password to me, I assume it is shown pretty much as soon as the machine is turned on. You could test this be trying to get into the BIOS settings by hitting whatever key it needs, usually F2, escape or sometimes delete. If it is that, and you've tried resetting the BIOS using whatever method the manufacturer says to use, then you might be out of luck. I'm not a hardware hacker so don't know of any other ways to reset it. Worst case, you can still pull the drive and access all your files by putting it in another machine. It does seem odd that this could have been enabled with random key presses. Passwords like this usually need to be entered twice. Try asking him what he would have put in, you might be able to guess your way in.
  2. digininja

    MSI Laptop

    Can you send a screenshot of the password screen? BIOS info isn't battery backed any more and some of the settings, like requiring a password, can't be cleared with a reset as they are designed to lock the machine down regardless of what happens to it.
  3. Please keep discussions public, that way we can make sure things stay fair, legal, nothing bad happens, and no one gets taken advantage of.
  4. If you don't own the systems then what you are requesting is illegal and so we can't help with that.
  5. As it is not in your possession then it is probably illegal to be attacking it, in which case, we can't help.
  6. There are some vulnerabilities which can be triggered by just sending network traffic to a machine, but they are rare and very unlikely. More likely, she has installed something bad and that is what is being used. Wipe the machine completely and rebuild it from scratch, it's your only way to guarantee it is clean. You should probably also consider all the old data compromised so get rid of as much of that as possible, especially office documents.
  7. Look at the CHAR function, you might need USING with it. You also may need CONCAT.
  8. Reading and then understanding error messages is a massive part of testing and one that a lot of beginners for some reason tend to ignore. We get so many issues raised in the DVWA GitHub tracker about not being able to connect to the database. You ask for a screenshot showing a successful login on the command line and most send back a failed login screenshot and say "there you go, it works" when there is an obvious "login failed" message. Keep trying, keep learning, it never really gets easier, rarely less frustrating, and you never get "there", wherever that is, but I think it is worth the effort.
  9. It is exactly that. The statement you are injecting into ends with something like WHERE ID=<your value> So when you put a quote you break the statement and get a syntax error, similarly when you add the ORDER BY you get an error, but that one is a database error telling you you are referencing a column which doesn't exist. Both are errors, but both generated from different areas of the system. What you need to practice is understanding what is causing the reply you are seeing and then use the error to visualise the statement being used. The last error is telling you to things, that adding the quote makes the statement syntactically incorrect and also, if you read it carefully, that the quote has been escaped in some way which is why it reports it with the leading \.
  10. You are massively over complicating things. Go back to basics, you can dump all the users with a simple or statement.
  11. digininja


    Any sites using HTTPS and PFS (most site today) you won't be able to see any traffic, the keys to decrypt HTTPS traffic are never transmitted so you won't be able to do it. https://en.wikipedia.org/wiki/Forward_secrecy
  12. Who's system is it you are testing?
  13. You can't just join a network then exploit things, you need to find something vulnerable first. Put something like Metasploitable on your target network then go after some of the vulnerabilities on that. They are all well published or you can use OpenVas to scan for them.
  14. It isn't a method I've used, but it is an option. More info here: https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/
  15. You can't just steal someone elses theme, that isn't how WordPress works.
  • Create New...