Jump to content


Global Moderators
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by digininja

  1. Is postgresql started? Have you run the command it says to run in the screenshot?
  2. If netcat can't connect then you've got something messed up in either NAT or routing. Metasploit won't bind to your public IP if that isn't an IP on your local machine as it doesn't know which interface to bind to, you bind it to the IP that the NAT rule comes in to. Forget Metasploit for now, get it working with netcat, then move back to Metasploit
  3. If you have problems, use netcat to set up a listener on your end and see if the other computer can connect to it with netcat. If they can't then routing is messed up.
  4. That sounds right. It assumes your ISP isn't blocking things and gives you a public facing IP.
  5. It depends what their firewall is doing. If it allows all outbound connections then they don't need to disable anything, if it blocks things then they might need to.
  6. In a reverse connection, the target is connecting back to you so the have to be able to reach your listener. That means you need to set up whatever routing and NAT is required to make this happen.
  7. Something like this will give you the IDs of the phones they are using. https://youtu.be/UjwgNd_as30 But if the police aren't investigating even after a shooting, I doubt they'll do much extra if you go Sherlock Holmes and take a bunch of computer data to them.
  8. digininja

    CSGO & faceit

    As others have said, we won't help you cheat on specific games. If you are interested in general discussion on how cheating and anti-cheat systems work, then there may be someone who has knowledge about it. If c0ncept is known to cheat, try asking them for specifics, not us.
  9. Glad you got to the bottom of it.
  10. Nmap's OS fingerprinting is not always accurate, especially when it says it is only 87% sure, so I'd not put much weight on that. The easiest thing to do is to change the wireless password and then see what happens. Only change the password on devices one or two at a time and see if it comes back. If it does, check on the last few you updated. If it is someone who managed to get your key, as long as you pick a good strong one this time you should be able to keep them off. At least for a while. Did you do any check of things like HTTP headers from the web server? Banner grabbing or info in the HTML header may tell you the OS or give some indication about the device.
  11. What type of vulnerabilities do you want? Your best option may be to install OpenWRT on a raspberry pi and then create a few vulnerabilities yourself. That will be cheaper and more consistent than trying to bulk buy specific devices.
  12. I don't know what the current state is but that paper is from 2016 and I remember when MAC randomisation started some vendors messed it up and didn't really randomise it. It should be a lot better by now. There were also tales of Apple being able to decode iPhone random MACs if you paid them cash. Don't know if it was true, but if they did it, someone else would have worked out how to decode them as well.
  13. The Pineapple won't help you secure your family and if you are a complete novice then there are a lot more things you should be doing well before looking at tools like this. The NCSC has some great advice on helping to protect yourself and your family. https://www.ncsc.gov.uk/section/information-for/individuals-families
  14. Legal as in stuff discussed on these forums has to be used for legal purposes. It sounds like what you are requesting isn't going to be used for that.
  15. The Ducky is for injecting keystrokes, not for collecting them. We don't allow discussion of illegal hacking on these forums, please be careful what you are asking about.
  16. No hacking back, and if you know enough about them to send them details, go talk to the police.
  17. You did. If you meant fill the form in using JavaScript then surely you would have said that. Anyway, as before, you obviously know exactly how things will work so I'm out again. What I suggest is you go off and build this mighty project, show it working in a number of real world environments, and the come back here with a "See, I told so" post. Till then I still say it is way to over complicated to be practical in the real world.
  18. Does Chrome autofill on IP address based sites over HTTP rather than HTTPS? And is a user likely to have their router creds stored in Chrome in their phone? I don't.
  19. Get VMware or VirtualBox installed then, download some Linux ISOs and do some installations. Learn what they do, how the VM process works, how different types of networking affect things, how to communicate effectively between the VMs, and how to troubleshoot all the issues that come up as you go along. That will probably keep you busy for a while and give you a good idea of basic networking and virtualisation.
  20. You are paying for convenience vs effort and quality. If you want to build it all yourself, you'll have to put the time in, you'll probably learn more about building machines in the long term, which is good, but it will be a very slow start if as you are starting with very little knowledge of the area.
  21. If you want to try an environment were you don't have to worry about doing anything on your own machine, try Pentester Academy, you do all their stuff through a browser. They give you access to a test machine which then has access to the vulnerable targets. A very good setup and easy to use but I'm biased as I'm one of their course authors.
  22. TOR is a routing protocol, it doesn't have Captchas. What is the actual problem you are having?
  23. You were talking about webview, not standard browsing.
  24. There are two types of web traffic, HTTP and HTTPS. Assuming the application is using HTTPS and not doing certificate checking, which most should be doing, I'll admit though, not all, you will not be able to proxy or modify any of the web traffic. This will block you injecting things. You would have to hope to get lucky and either see HTTP traffic or find a request from an app that isn't doing cert checking. The link to the article doesn't mention certificates or how to get around them. And on the webview, unless the application has caching enabled, which from that one article (could be old or wrong, I don't know) seems like is not the default, then any injection you do, even if you set all the cache headers, will be lost as the app won't cache the response.
  • Create New...