Jump to content

digininja

Global Moderators
  • Content Count

    3,544
  • Joined

  • Last visited

  • Days Won

    101

Everything posted by digininja

  1. So give us your reasoning for thinking bad things are happening. Explain what Pegasus and obliteration are and then you might get some help. Dumping pages of text with no real context is unlikely to get anything back.
  2. Please give some context to this or I'll lock it as being too vague and looking a lot like spam.
  3. Use a good VPN and make sure you do full certificate checks when authenticating. Only visiting HTTPS based sites, and again, checking certificates, will also help.
  4. Depends if you've got permission.
  5. First, it depends on your location and local laws, check those as they may limit what you can do. In the UK, and I'd guess the USA, it depends how you use it. If you use it in a lab at home and don't attack anyone else, it's fine, if you use it against a client where you have a contact, that's fine, if you use it in school or the local shopping centre to attack random strangers, that's not fine.
  6. digininja

    joomla

    Check their advisories for known issues. Why are you particular interested in the login panel? If it is secure enough is a question only you can answer. Do a risk analysis, work out your threats and then decide
  7. digininja

    joomla

    Why? What version?
  8. Any decent router/modem would not have the admin interface listening on the WAN side so default creds or not, they would not be able to access it to do any damage. If you can get on to it in some way then yes, you could potentially install stuff and do damage, but that assumes it is vulnerable to an attack, there is an exploit available, and that there is something interesting that can be done after exploitation.
  9. First, it should not be possible to connect to a router from the outside, the admin interface should be locked down to internal only. If you aren't doing anything to do with the internet then there is no traffic to sniff. If all you are doing is writing a document in word then there is no network traffic generated. If setup correctly, HTTPS covers all the connection, from first visiting the site, through logging in, and all your surfing. All of it would be encrypted and not visible. This assumes the site is setup correctly though.
  10. Yes and no. I'm going to assume web traffic here as it is easier to start with. If a remote user gets access to your router then you have a lot of problems. Depending on the router the may be able to redirect traffic through things like DNS attacks and so your traffic to site X would go to their site rather than the real one so they would see the traffic. But, if you are using HTTPS and it is set up correctly with HSTS or you don't accept invalid certificate warnings, then all they would probably be able to see is encrypted traffic which isn't much good to them. The is a lot more to it than that but there is your starting point.
  11. When you say "on location" do you mean on a different site? Can you connect to the windows share on the machine from yours?
  12. It is exactly as the error message says, it can't reach the port xx.xxx.xx.x:445. Assuming you are attacking your own machines, are you running one the has SMB enabled and if accessible from where you are?
  13. We remove all bad posts that are made and block accounts that are obviously spam as soon as we spot them or they are reported. If you want to help, get reporting.
  14. I don't know, but I wouldn't use Cain, it is ancient and no where near as efficient as any of the modern crackers. I also don't think it uses the GPU so your effort may be in vain anyway. I'd go with Hashcat or John and if you want to use the GPU just do a live boot.
  15. Contact the Hak5 shop but I doubt there is anything they can do to help. You should have checked the process before getting in to it.
  16. Have a look through the forums and see what others are discussing. I'm sure you understand the difference between legal and illegal acts, have a think about what you are posting, if it is asking about illegal stuff - like hacking someone elses server - then don't post it.
  17. No, it is because you were asking for illegal things. Hacking Russian game servers is illegal and we don't allow questions about that here.
  18. You keep asking for people to do illegal things for you on online games, I've explained this in at least a couple of PMs and in the warnings. If you don't like our policy of not allowing illegal stuff on this forum, feel free to go elsewhere.
  19. Whatever you are asking for it's probably illegal and not something we would help with on these forums.
  20. Not an appropriate question for this forum.
  21. They are supposed to be unique so you don't get replacements, you just get new tags, disable the old ones and enable the new ones.
  22. Depends if you are looking at high or low frequency. The high frequency are the MIFARE style with encryption and stuff like that, the low frequency are the basic ones such as the ones used in stock control that only hand over a number. It isn't a good idea to use the low frequency in badge systems but they often are because they are a lot cheaper.
  23. Again, from memory, the number printed on the card is the number it sends over. The assumption is security through obscurity, an attacker would have to see a number and then create a card. The other attack I've seen here is where a company buys a large amount of cards, much more than they need. They enter the full range into the badge system but then try to recoup some cash by selling some of the remaining cards. If you can get one of those, your number is already in the system.
×
×
  • Create New...