Jump to content


Global Moderators
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by digininja

  1. I think we've reached a dead end for remote working out what is going on. It will be something to do with the box supporting FTP but the service not running yet. Something will be holding the port open ready for it.
  2. Are there any iptables rules on the box? Looking at that, my guess would be something is open to allow the FTP connection in, but as the service is not enabled it isn't going anywhere.
  3. netstat is the alternative to ss but it doesn't look like that is installed either. Have a look in the web interface, they may have an option to turn FTP on and off, off may just block access rather than disable it. ps aux may get you a list of running processes, look through that for ftp services.
  4. He didn't need to. We were working on the assumption that we would need to set up multiple access points each with different powers, but it worked without that. It would probably have been more accurate by doing that though.
  5. So there is something there and listening but not a full FTP server or something is limiting access to it. On the box itself, check what is there and listening on that port. If it's a Linux box ss -antp As root ill get you a list of ports and their associated processes.
  6. You should be able to see how it works with just a single AP broadcasting multiple ESSIDs then. You can do with with a standard WiFi card which will do AP mode as well as with an actual access point.
  7. So there is something there listening, you just can't make a full FTP connection to it. That means the scan results are correct, port 21 is open. Windows will be doing a full ack scan while Linux is doing a syn-ack scan. Try asking the bunny to do an ack scan and it might come back as closed. This is something you need to watch out for when running nmap as a normal user or as root. Root does syn-ack by default, non-root does ack. Due to socket permissions I think, it's explained on the nmap site.
  8. I don't remember the exact flags off hand, but run it on the bunny with --reason and probably -v for verbose, and it will tell you why it thinks the port is open. Have your tried making an FTP connection to that host from the bunny? You say you tried from the windows box and proved it was closed from there, but didn't prove it was closed from the bunny.
  9. I had a student do this as a university dissertation two years ago. He used a pineapple to broadcast multiple ESSIDs and then watched the location on his phone move around based on what values he broadcast. It was partially successful and he could get it to move, but as soon as you put it in a real world environment it wasn't great as his fake values were competing with real ones from the environment.
  10. Buy an old school none smart phone, use that for a couple of months instead of your iPhone. Stay off the internet as well during that time. The evil step mother will soon get bored and move on. Also, if she has that level of skill, point her at one of the big big bounty platforms as they millions for people who are able to do what you claim she is doing.
  11. Depends who they are, what backing they have, and how skilled they are. But probably not
  12. digininja

    bug bounty

    Go play with DVWA for a while and watch Security Tube videos, that should get you started.
  13. It is highly unlikely your friends are going to be able to sit upstream of your router and sniff traffic, if they could do that, then your ISP would be in a lot of trouble. As long as you are browsing your shopping sites over HTTPS, then even if they could sniff the traffic, all they would see is encrypted data which they wouldn't be able to decrypt Not sure what the comment about sys admin vs developers traffic has to do with anything, and if you are worried about your router, what does browsing in a public place have to do with it?
  14. Explain the trick and why not see if we can quantify it for you. And rather than asking me to explain p0f, why don't you do some research and find out for yourself what it can do.
  15. Traditional DNS isn't but the newer DoH is. What do you mean by identifiers? What is your ultimate question? You seem to be aiming towards something.
  16. Don't understand the question, try again
  17. If you can see all the network traffic coming out of the router, then you might be able to fingerprint distinct devices based on profiling the network traffic, see p0f for examples of how that works. You could then tie that to the protocols in use, for example you could identify a Linux and a Windows box and see the Linux box doing sporadic HTTP/HTTPS traffic while the Windows box is talking VOIP. From that you could say roughly what was going on. But you can't see through a router, you can only see what is coming out of it.
  18. In what way see through it?
  19. It isn't a ransomware attack, it is the theft of files. Without knowing what files were taken, or by who, it is hard to say why they took them.
  20. If you hit a site by IP and the certificate isn't for the IP then you'll get a warning. View the certificate and get the common name or SAN from it then you can browse to that.
  21. So you are looking at ways to bypass a captive portal to gain internet access, is that right?
  22. Can you describe the problem in more detail. I think a language barrier is blocking understanding.
  23. You don't need to have apps open for them to be running in the background. If you hit that IP over HTTPS then it gives you the domain name WWW.BOEIOT.NET.CN. Browse to that and it looks like a home automation/IOT company.
  • Create New...