Jump to content


Global Moderators
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by digininja

  1. Kali contains software which can do malicious things and so AV picks up on an this if you can it. Metasploit on its own probably accounts for a fair bit of that list.
  2. These are the people who can help, it is their product. https://support.google.com/
  3. And another one https://www.fail2ban.org/wiki/index.php/Category:HTTP
  4. I assume you've fully read all the fail2ban documentation? https://www.fail2ban.org/wiki/index.php/HOWTOs
  5. It does sound like "answer my homework", but lets see...
  6. Give us more information, what type of information are you looking for, meta data, steganography, hidden but obscured content?
  7. The first thing I would do is to ditch Metasploit and test it all out with netcat. Run a listener internally, set up your ngrok, then try to connect to it using netcat on the outside. That will help you get an idea of how it is all working and to debug it in a much cleaner way.
  8. The pineapple can do all sorts of other things, the bit you are focused on is getting someone to connect to your rogue AP. Checkout all the available modules. Site Survey is built in.
  9. You don't try to go for encrypted APs you go for unencrypted ones, most people have connected to at least one unencrypted AP in the past which is now stored in their favourites list. Think the free one at McDonalds or the hotel they stayed at. There was a bug at one point with a very small number of supplicants where they would happily downgrade to cleartext if the AP they expected to be encrypted wasn't, but doubt there are many of those around any more.
  10. Do you have any stats or data to back that statement up?
  11. Don't know if you've worked this bit out yet, but all you downloaded was a copy of what was there on screen. To get the exploit, you need to download the tgz file from GitHub, decompress it, and then read its readme file for instructions on how to use it. Are you sure this is the right vulnerability? This isn't a beginner level exploit.
  12. Good luck with it then, it's a lot of work you have to do perfectly every time and unless you know you are targeted then I reckon you'd get fed up of it very quickly.
  13. Wouldn't it be easier just to get a new phone? Anything that involves so much work to try to be secure often ends up failing because steps get cut or misunderstood and so not followed correctly. Also once you put a custom ROM on there, you are responsible for keeping it patched which again isn't easy. Finally, you are going to have to put apps on the phone to make it usable, what are you going to do to ensure all of those are fully trusted? I'm sure what you are asking for is possible but often too complex to be practical and not worth the effort.
  14. Read the output, the scan has failed so it won't create any output. Don't know why, check disk space or file access permissions.
  15. ARP packets traverse layer two switches, these are the most common type, but not layer three switches or routers. The easy way to think of it is a router is where your network address changes so it does its work by IP address whereas switches work on the same subnet and so work by ARP first. That isn't really the best way to describe it, but should give you the idea.
  16. digininja


    Over here, local libraries and coffee shops often have free internet access. Don't know if it is the same in SA.
  17. Still exactly the same advice, leave him and tell the police. If you want more advice, after you've left him, buy new hardware and change ALL your passwords to something unique for each site. Change your cell number, only give it to trusted friends one at a time with a couple of weeks between each one, if he gets the number you know roughly who has leaked it.
  18. Leave him and go to the police if it is that bad.
  19. Not on a Windows box, to do that you would need something like RDP or VNC to view the screen and then do things. The only alternative I did use once was a mixture of taking screenshots and using mouse move and key press to interact with the app. That was a very long and impractical session but got me what I wanted in the end.
  20. You will keep getting errors till you shut down whatever is already listening on port 53 as dnsmasq can't bind to the port when it tries to start up. Check the output from ss and that will tell you what is listening, probably another copy of dnsmasq, which you can then kill to make room for your version.
  21. @chrizree It would fail if there is already a process running that has port 53 locked @sinistergeek Try running the command again as root and it will include the processes which control those ports.
  22. No. If it has Karma activated then try to connect to an ESSID that isn't there. If you connect then it could be a pineapple.
  23. I've no idea what Omicron is, but to do that you would need to also be the DHCP server so you can tell users to use you as the DNS server. After that, just look at dnsmasq or bind, both fairly easy to set up and host whatever domains you want.
  • Create New...