digininja
-
Posts
4,005 -
Joined
-
Last visited
-
Days Won
210
Everything posted by digininja
-
This sounds a little dodgy, especially cracking the neighbours wi-fi. As Mr P. says, don't do anything illegal. Cracking WPA isn't something you would do on a pineapple, you collect a handshake then crack it elsewhere.
-
Good tool but I got shafted by their commercial licencing outsourced partner so not their biggest fan any more.
-
Can't think of the names of any off hand but there are loads of live disks that will just clear the password. Trinity or something similar was the last one I used. Or you could just get a newer OS and reinstall it, probably cheaper than paying you to do it, especially if you go for Linux.
-
Shadowing and having a mentor at the start of a career is vital I think. I mentor a few people and watching them go from no idea to be able to go out on their own is great. Also trusting them enough that they will ask for help rather than BS through things makes a big difference.
-
I'd say they are a really bad place to start. If you mess up the security for a school think about all the sensitive information that could get out, personal information for tens or hundreds of kids. Add to that the potential for grade changes and cheating by looking at papers and staff notes. A bad test for a school could be pretty disastrous.
-
No we aren't... Some people read books then go out and sell their services as testers and let people down. That reflects badly on the industry and can get clients into trouble if they trust bad advice or rely on faulty results. Some people pose as testers to ask questions that they know if they asked offering their real intentions that they would be kicked off. Some people are just hobbyists. Someone who is a working pen tester would know how to scan a network to find user names and would know that you can't know what reach you have into a network without looking.
-
If you are hiring out your services as a security tester then 4 and 5 are things that you should know about and how to do already.
-
You realise you are digging up a three month old post here?
-
Curious, what are you planning to do with these IPs once you have them?
-
Two easy ones to get you going, commercial support and simplicity to get running.
-
usb rubber ducky. Can we make a rubber ducky with a normal USB?
digininja replied to nagasrikanth's topic in Security
No, they are two completely different devices. One is mass storage, one is a hid device. -
Patience is a virtue.
-
In which case, fire up wireshark and watch the traffic. You'll see your deauth packets and you should see the authentication (EAPOL) packets straight after them, they will be the handshake. See how far you get.
-
Are there clients connected to kick off with the deauth? Are you sniffing on the right channel? Are you channel hopping and missing the handshake Are you running the deauth on the right channel?
-
You do understand that not every machine can be exploited don't you? You need to do more research, work out what versions of software are running then check things like exploit-db and security focus for known vulnerabilities.
-
Please don't hijack other people's questions, start your own thread with your new question.
-
Sort of. They can't disable your Wi-Fi but they can use deauth as a denial of service and they can't force you to login twice but most Wi-Fi supplicants will automatically reconnect if disconnected so there will be multiple authentication attempts.
-
Nice.
-
You got the punctuation wrong there, I know Kismet and can it but I was trying to remember what Thomas's tool was, it is this one here: http://www.aircrack-ng.org/doku.php?id=airtun-ng
-
Kismet can do this and if I remember right, Thomas who does aircrack-ng also did a Wi-Fi IDS app.
-
always better to go direct to the source
-
Ask on the jtr mailing list, you'll probably get the person who wrote the code to help you. http://www.openwall.com/lists/john-users
-
That value is set server side and you can't modify it.
-
I've been given a few invites to the first SANS one hour CTF. Below is the official invite written by Ed. For this first event they are looking for people with CTF experience so, if that is you and you are you want an invite let me know. It isn't first come first served, I'll have a look at then make a decision. --------- I don’t know if you’ve heard, but the SANS Counter Hack team has created a brand-new challenge called One-Hour CtF. They’ll be debuting it in real time at Noon Eastern, July 27, 2016. It’ll run for just one hour. It’ll be lots of fun with some nice prizes awarded at the end too. Counter Hack has provided me an invite code that will work for five people (including me), and I’d like to extend one of my invitations to you. There are a very limited number of these invites, so please only use it if you really can make it for that one hour. When: July 27, 2016, Noon Eastern What: A CtF in One Hour Register here: https://www.onehourctf.com If I need to brush up on one thing to get ready, what would it be? Reverse Netcat backdoor shells. What tools should I bring? You need nothing other than an HTML5-enabled browser and HTTPS access to the Internet. All tools you’ll need will be available from within a browser-based session.
-
Yes they are but if you read Google's bug bounty information you'll see that they don't consider it a problem as the sites are operating as expected. You have to look at the issue, and knowing your environment decide if it's a risk. URL shorteners are all vulnerable but as it is part of their business model it's not a problem, if it was on your back though it would be a problem.
