Jump to content

digininja

Global Moderators
  • Content Count

    3,664
  • Joined

  • Last visited

  • Days Won

    128

Everything posted by digininja

  1. You can't just join a network then exploit things, you need to find something vulnerable first. Put something like Metasploitable on your target network then go after some of the vulnerabilities on that. They are all well published or you can use OpenVas to scan for them.
  2. It isn't a method I've used, but it is an option. More info here: https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/
  3. You can't just steal someone elses theme, that isn't how WordPress works.
  4. Connect to the file transfer system provided by your hosting provider. Download all files. Upload to the new box. Back up database using hosting provider database access software. Upload that to the new box. Or Install a backup plugin on your old site. Backup the site. Install the plugin on the new site. Restore the site.
  5. You might not be able to change things then without being able to mount the filesystem writable which you might not be able to do.
  6. Looks like sh, what does ps Return? Passwords are usually changed with passwd
  7. What do you get when you telnet in? What type of shell do you get?
  8. That's why I said I'd see how it plays out. If the next message was that they were planning to capture the data from users in a restaurant then banning would occur.
  9. Will see how this plays out, any hint of illegality and this will be removed and people potentially banned.
  10. I like the hacker curiosity spirit.
  11. I think we've reached a dead end for remote working out what is going on. It will be something to do with the box supporting FTP but the service not running yet. Something will be holding the port open ready for it.
  12. Are there any iptables rules on the box? Looking at that, my guess would be something is open to allow the FTP connection in, but as the service is not enabled it isn't going anywhere.
  13. netstat is the alternative to ss but it doesn't look like that is installed either. Have a look in the web interface, they may have an option to turn FTP on and off, off may just block access rather than disable it. ps aux may get you a list of running processes, look through that for ftp services.
  14. He didn't need to. We were working on the assumption that we would need to set up multiple access points each with different powers, but it worked without that. It would probably have been more accurate by doing that though.
  15. So there is something there and listening but not a full FTP server or something is limiting access to it. On the box itself, check what is there and listening on that port. If it's a Linux box ss -antp As root ill get you a list of ports and their associated processes.
  16. You should be able to see how it works with just a single AP broadcasting multiple ESSIDs then. You can do with with a standard WiFi card which will do AP mode as well as with an actual access point.
  17. So there is something there listening, you just can't make a full FTP connection to it. That means the scan results are correct, port 21 is open. Windows will be doing a full ack scan while Linux is doing a syn-ack scan. Try asking the bunny to do an ack scan and it might come back as closed. This is something you need to watch out for when running nmap as a normal user or as root. Root does syn-ack by default, non-root does ack. Due to socket permissions I think, it's explained on the nmap site.
  18. I don't remember the exact flags off hand, but run it on the bunny with --reason and probably -v for verbose, and it will tell you why it thinks the port is open. Have your tried making an FTP connection to that host from the bunny? You say you tried from the windows box and proved it was closed from there, but didn't prove it was closed from the bunny.
  19. I had a student do this as a university dissertation two years ago. He used a pineapple to broadcast multiple ESSIDs and then watched the location on his phone move around based on what values he broadcast. It was partially successful and he could get it to move, but as soon as you put it in a real world environment it wasn't great as his fake values were competing with real ones from the environment.
  20. Buy an old school none smart phone, use that for a couple of months instead of your iPhone. Stay off the internet as well during that time. The evil step mother will soon get bored and move on. Also, if she has that level of skill, point her at one of the big big bounty platforms as they millions for people who are able to do what you claim she is doing.
  21. Depends who they are, what backing they have, and how skilled they are. But probably not
  22. Try it and find out and if you get caught, then they do.
  23. digininja

    bug bounty

    Go play with DVWA for a while and watch Security Tube videos, that should get you started.
×
×
  • Create New...