Jump to content

digininja

Global Moderators
  • Content Count

    3,768
  • Joined

  • Last visited

  • Days Won

    150

Everything posted by digininja

  1. That's OK, we believe you. I strongly recommend destroying the phone and terminating all accounts you have with Apple. You are fully compromised and all your data is now infected, you cannot get it back. I would also recommend disinfecting your PC, use a number of different products, just in case one is not enough. Move to Android and also move house, they know where you live now so you'll never be safe.
  2. Glad you got to the bottom of it.
  3. Nmap's OS fingerprinting is not always accurate, especially when it says it is only 87% sure, so I'd not put much weight on that. The easiest thing to do is to change the wireless password and then see what happens. Only change the password on devices one or two at a time and see if it comes back. If it does, check on the last few you updated. If it is someone who managed to get your key, as long as you pick a good strong one this time you should be able to keep them off. At least for a while. Did you do any check of things like HTTP headers from the web server? Banner grabbing or in
  4. As Confucius says: If all you can do is move backwards, then turn around, now you are moving backwards, but in the right direction.
  5. There is a deliberate part of the interface that wipes your knowledge of being in the program, if the knowledge is leaking through then something is going wrong with it. Try very hard to think about the last six months, you might be able to reveal some answers.
  6. It definitely says you've been hacked. This type of hack is irreversible, the only way to recover is to buy a new phone. Do not reuse the SIM or you'll reinfect your new phone. I would go Android over iPhone so it can't leap over from your backups.
  7. What type of vulnerabilities do you want? Your best option may be to install OpenWRT on a raspberry pi and then create a few vulnerabilities yourself. That will be cheaper and more consistent than trying to bulk buy specific devices.
  8. I don't know what the current state is but that paper is from 2016 and I remember when MAC randomisation started some vendors messed it up and didn't really randomise it. It should be a lot better by now. There were also tales of Apple being able to decode iPhone random MACs if you paid them cash. Don't know if it was true, but if they did it, someone else would have worked out how to decode them as well.
  9. The Pineapple won't help you secure your family and if you are a complete novice then there are a lot more things you should be doing well before looking at tools like this. The NCSC has some great advice on helping to protect yourself and your family. https://www.ncsc.gov.uk/section/information-for/individuals-families
  10. Legal as in stuff discussed on these forums has to be used for legal purposes. It sounds like what you are requesting isn't going to be used for that.
  11. The Ducky is for injecting keystrokes, not for collecting them. We don't allow discussion of illegal hacking on these forums, please be careful what you are asking about.
  12. No hacking back, and if you know enough about them to send them details, go talk to the police.
  13. You did. If you meant fill the form in using JavaScript then surely you would have said that. Anyway, as before, you obviously know exactly how things will work so I'm out again. What I suggest is you go off and build this mighty project, show it working in a number of real world environments, and the come back here with a "See, I told so" post. Till then I still say it is way to over complicated to be practical in the real world.
  14. Does Chrome autofill on IP address based sites over HTTP rather than HTTPS? And is a user likely to have their router creds stored in Chrome in their phone? I don't.
  15. Get VMware or VirtualBox installed then, download some Linux ISOs and do some installations. Learn what they do, how the VM process works, how different types of networking affect things, how to communicate effectively between the VMs, and how to troubleshoot all the issues that come up as you go along. That will probably keep you busy for a while and give you a good idea of basic networking and virtualisation.
  16. You are paying for convenience vs effort and quality. If you want to build it all yourself, you'll have to put the time in, you'll probably learn more about building machines in the long term, which is good, but it will be a very slow start if as you are starting with very little knowledge of the area.
  17. If you want to try an environment were you don't have to worry about doing anything on your own machine, try Pentester Academy, you do all their stuff through a browser. They give you access to a test machine which then has access to the vulnerable targets. A very good setup and easy to use but I'm biased as I'm one of their course authors.
  18. TOR is a routing protocol, it doesn't have Captchas. What is the actual problem you are having?
  19. You were talking about webview, not standard browsing.
  20. There are two types of web traffic, HTTP and HTTPS. Assuming the application is using HTTPS and not doing certificate checking, which most should be doing, I'll admit though, not all, you will not be able to proxy or modify any of the web traffic. This will block you injecting things. You would have to hope to get lucky and either see HTTP traffic or find a request from an app that isn't doing cert checking. The link to the article doesn't mention certificates or how to get around them. And on the webview, unless the application has caching enabled, which from that one article (could
  21. You can't control the webview though, only the http response. An extra thought, you'd have to find one that was running over http or didn't do certificate checking to inject your code in.
  22. Did you check about webview caching responses? Looks like it doesn't by default so you would need to find an instance where it is enabled https://stackoverflow.com/questions/34606785/how-to-enable-caching-in-webview-android#:~:text=You can use the WebView cache to enable caching in WebView.
  23. If you can write it as a very stable module that works in over 90% of cases and appealed to the masses then it might get added. But I can't see this getting there, as I said before, this seems like a very niche attack that is going to be quite fiddly to get working practically outside the lab.
  24. If it is Burp, not brup, you want help with, not sure where to ask, have you looked to see if Portswigger has a forum?
×
×
  • Create New...