Jump to content

digininja

Global Moderators
  • Posts

    3,819
  • Joined

  • Last visited

  • Days Won

    167

Everything posted by digininja

  1. Just buy yourself a second access point and you can then configure that however you want.
  2. digininja

    MSI Laptop

    Looks like a BIOS password to me, I assume it is shown pretty much as soon as the machine is turned on. You could test this be trying to get into the BIOS settings by hitting whatever key it needs, usually F2, escape or sometimes delete. If it is that, and you've tried resetting the BIOS using whatever method the manufacturer says to use, then you might be out of luck. I'm not a hardware hacker so don't know of any other ways to reset it. Worst case, you can still pull the drive and access all your files by putting it in another machine. It does seem odd that this could have been enabled with random key presses. Passwords like this usually need to be entered twice. Try asking him what he would have put in, you might be able to guess your way in.
  3. digininja

    MSI Laptop

    Can you send a screenshot of the password screen? BIOS info isn't battery backed any more and some of the settings, like requiring a password, can't be cleared with a reset as they are designed to lock the machine down regardless of what happens to it.
  4. Please keep discussions public, that way we can make sure things stay fair, legal, nothing bad happens, and no one gets taken advantage of.
  5. If you don't own the systems then what you are requesting is illegal and so we can't help with that.
  6. As it is not in your possession then it is probably illegal to be attacking it, in which case, we can't help.
  7. There are some vulnerabilities which can be triggered by just sending network traffic to a machine, but they are rare and very unlikely. More likely, she has installed something bad and that is what is being used. Wipe the machine completely and rebuild it from scratch, it's your only way to guarantee it is clean. You should probably also consider all the old data compromised so get rid of as much of that as possible, especially office documents.
  8. Look at the CHAR function, you might need USING with it. You also may need CONCAT.
  9. Reading and then understanding error messages is a massive part of testing and one that a lot of beginners for some reason tend to ignore. We get so many issues raised in the DVWA GitHub tracker about not being able to connect to the database. You ask for a screenshot showing a successful login on the command line and most send back a failed login screenshot and say "there you go, it works" when there is an obvious "login failed" message. Keep trying, keep learning, it never really gets easier, rarely less frustrating, and you never get "there", wherever that is, but I think it is worth the effort.
  10. It is exactly that. The statement you are injecting into ends with something like WHERE ID=<your value> So when you put a quote you break the statement and get a syntax error, similarly when you add the ORDER BY you get an error, but that one is a database error telling you you are referencing a column which doesn't exist. Both are errors, but both generated from different areas of the system. What you need to practice is understanding what is causing the reply you are seeing and then use the error to visualise the statement being used. The last error is telling you to things, that adding the quote makes the statement syntactically incorrect and also, if you read it carefully, that the quote has been escaped in some way which is why it reports it with the leading \.
  11. You are massively over complicating things. Go back to basics, you can dump all the users with a simple or statement.
  12. digininja

    Wireshark

    Any sites using HTTPS and PFS (most site today) you won't be able to see any traffic, the keys to decrypt HTTPS traffic are never transmitted so you won't be able to do it. https://en.wikipedia.org/wiki/Forward_secrecy
  13. Who's system is it you are testing?
  14. You can't just join a network then exploit things, you need to find something vulnerable first. Put something like Metasploitable on your target network then go after some of the vulnerabilities on that. They are all well published or you can use OpenVas to scan for them.
  15. It isn't a method I've used, but it is an option. More info here: https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/
  16. You can't just steal someone elses theme, that isn't how WordPress works.
  17. Connect to the file transfer system provided by your hosting provider. Download all files. Upload to the new box. Back up database using hosting provider database access software. Upload that to the new box. Or Install a backup plugin on your old site. Backup the site. Install the plugin on the new site. Restore the site.
  18. You might not be able to change things then without being able to mount the filesystem writable which you might not be able to do.
  19. Looks like sh, what does ps Return? Passwords are usually changed with passwd
  20. What do you get when you telnet in? What type of shell do you get?
  21. That's why I said I'd see how it plays out. If the next message was that they were planning to capture the data from users in a restaurant then banning would occur.
  22. Will see how this plays out, any hint of illegality and this will be removed and people potentially banned.
  23. I like the hacker curiosity spirit.
×
×
  • Create New...