Jump to content

digininja

Global Moderators
 View Profile  See their activity

  • Posts

    4,005

  • Joined

  • Last visited

  • Days Won

    210

 Content Type 

Posts posted by digininja

    arp packages in wifi behind ap?

    in Security

    Posted

    ARP packets don't pass through routers so if you do a broadcast then it will be seen by all devices on the same subnet. If you target a single device then, if it is on the same subnet, it will get the packet.

    I think, if I read your question right, that if the AP is acting as a NAT device then the ARP packets you send won't hit the LAN but if it is just a bridge then they will.

    My Account's are Under Attack!

    in Security

    Posted

    I'd ignore it, go play with your kids, watch a movie or go to the pub. Never try to hack back, it isn't worth it and, no disrespect, but if you are asking on a forum about how to do it, then you probably don't have the skills to do it well enough to get anywhere (I wouldn't trust my OPSEC enough to do it).

    If you really wanted to do it, you'd be looking to get a shell on the box (unlikely from a single UDP port), dig out enough information to find out who owned it and then get revenge in some way. You also have to consider that there is a good chance they are using a box they hacked and took over from someone else so all your effort could be directed against someone innocent.

    To do it you would need perfect OPSEC otherwise you get into a spiral of them coming back after you and they have shown that they are happy doing illegal things so are likely to do worse things to you than you would to them.

    My Account's are Under Attack!

    in Security

    Posted

    Get 2FA on all your accounts, set good passwords and make sure you pay attention to any alerts of people trying to log into your account.

    I'd say it is very unlikely you'll be able to do anything to stop them, just keep things locked down and hope they go away.

    Please, I need some help urgently!!

    in Security

    Posted

    Getting rushed help from a forum isn't the way to learn something like this. If it is a challenge then talk to the people who are doing well and have them explain things to you or ask the organisers what they have put in place to help you learn from what you are doing.

    rar2john producing 6.8gb hash file

    in Security

    Posted

    I would expect small files with just hashes in so the second example makes sense. Have you tried other files? Try something a few meg in size and see what that creates.

     

    It could be a bug with the convertor, they may not have anticipated files so large as input so you may be overflowing something.

    Compile john the ripper

    in Security

    Posted

    I just built bleeding-jumbo from github and I've got rar2john, it is a symlink to john: 

    src $ ls ../run/*rar* -al
lrwxrwxrwx 1 robin robin 4 Feb  8 12:11 ../run/rar2john -> john
src $ ../run/rar2john
Usage: ../run/rar2john <rar file(s)>


    If you want to diff our configures, here is mine

    https://pastebin.com/mV6tfCsy

    If not, try the current source from github and see if that works.

    Testing Yourself

    in Security

    Posted

    I'd agree with getting it in writing to say what you are allowed to do and what is out of scope.

     

    I'd also make sure you stress that whatever you do, you are identifying issues, not proving issues don't exist. Another way to put it, if you find 2 issues from your testing you should write:

    I found two issues on our network, there might be more.

    Not:

    We have two issues on our network.

    It is a subtle difference but with the second, if they fix those two issues they will go away thinking they are done and secure, with the first, you are covering yourself from anything you missed.

    I'd also be careful with your terminology, a vulnerability assessment looks for issues, a penetration test then exploits them to see where you can get. Without skills, you are probably going to be able to identify vulnerabilities but unlikely to be able to properly exploit things without the potential for things going wrong (i.e. running Metasploit exploits against the domain controller is bad). Drop the word hacking completely.

     

    If you have any systems hosted on cloud platforms, make sure you have full permission of the hosting company, some care, some don't, some see it as you are paying so you control it, some will come after you.

    If you are going to scan your exterior across the internet then be careful where you scan from, some ISPs don't like to see scanning traffic leaving their networks. Again, talk to them and get something in writing.

    Best license/encryption program

    in Security

    Posted

    I doubt it, if people can pirate Microsoft by bypassing their licence technology then anything else is going to be breakable.

    Plus, if you use anything off the shelf and someone creates a generic bypass for it then you are screwed but if you create your own, you probably aren't going to do a better job so screwed that way as well. It comes down to how much you are prepared to spend on technology and time compared to how much you are losing. Would the pirates have bought the software if they couldn't get it for free? If not you've not actually lost anything.

    I'd build into your business model that piracy will happen and write it off. Look to recoup the costs through support or online only features which can't be shared or pirated.

    wget/curl help? (netgear vuln)

    in Security

    Posted

    Either without quotes, or in double quotes, strings starting with dollar signs are treated as variables, in single quotes they are treated as literals as you can see in this screenshot.

     

    What is your exact problem, from your last post it doesn't sound like it is the variables that are causing you the issues.

    variables.png

×
×
  • Create New...