Computer_Security

Fair point. Even the ones outside of the USA?

Sounds like you have a DNS problem on your hands. See how your network adapter is configured and if you want to statically assign a DNS server I suggest 1.1.1.1

Just curious why a security-driven community would block tor exit-nodes from accessing the forum?

I don't know if anyone is familiar with this exploit framework but I have recently been messing around with it. I have a device on my network that has a vulnerable FTP with default creds. When I use the framework it is fine but once it "finds" the credentials it never displays them to the user. Anyone else have the same issue or know any fix? rsf (FTP Default Creds) > run [*] Running module... [*] Starting attack against FTP service [*] thread-0 thread is starting... [*] thread-1 thread is starting... [*] thread-2 thread is starting... [*] thread-3 thread is starting... [*] thread-4 thread is starting... [*] thread-5 thread is starting... [*] thread-6 thread is starting... [*] thread-7 thread is starting... [*] thread-0 thread is terminated. [*] thread-1 thread is terminated. [*] thread-2 thread is terminated. [*] thread-3 thread is terminated. [*] thread-4 thread is terminated. [*] thread-5 thread is terminated. [*] thread-6 thread is terminated. [*] thread-7 thread is terminated. [*] Elapsed time: 5.070053577423096 seconds [+] Credentials found!

Ohhh okay makes sense. What box are you using for pfsense?

It's a cloud-based box that I set up using OpenVPN, I would be tunneling my traffic through tor but I think Hak5 forums blocks traffic if it detects a tor exit node. That's actually very interesting and yea I figured that if the government wanted to know who was running the box, they would just get a warrant from the parent company. Why would running all of my devices through the VPN cause leaks? I have done many DNS leak tests and have yet to experience one. Also in your opinion, do you feel it is better to trust a service such as NordVPN, who claims to not log, over creating your own server?

That is true, but let's say they do.... the cool thing about tor is that I can change my route/ endpoint at any time. So I'm actually curious, how would they keep track of the endpoint I am currently using? I'm not saying the government can't track me I'm just saying I'm going to make it a pain in the ass for them ? So far I have everyone in my immediate family connected to my VPN and I haven't seen or experienced any throttling. As for streaming media, I typically use Youtube, Kodi or a movie service such as Netflix or Hulu on my firestick (That why I asked you about adding that to the VPN earlier today). Even watching youtube videos on my laptop, I have yet to see any noticeable difference from when I wasn't using the VPN.

Yea! I tend to have it on even for home network use and of course, I don't trust my ISP/government/Network with information. I am not defending against anything, in particular, per say but more just seeing where the bounds of security and convenience lie for me.

Hey, So I am curious what creative ways you guys use to protect yourselves while on any network. I also thought I would share some of the steps I personally take to stay security conscious. -I have a VPN always running that I am administering for all of my, and my families, devices. -In addition to the VPN I also am hooked up to the tor network, running ghostery, https everwhere and pixel block while in chrome. -I also take the usual physical security precautions such as having all of my drives encrypted and using a Kensington lock. There are probably other things as well that I just can't think of right now, just thought I would share to get the conversation started.

@digininja Didn't think of that, thank you so much!

Hey, so I have a cloud-hosted VPN set up using openVPN and was wondering if anyone knew a way to add my firestick? Thanks!

My current favorite is Parrot OS, but I also have Kali, AttifyOS (IOT hacking distro) and even Backtrack r3 just to remind me of the good ol' days.

Update: I have looked further into the firmware file and used binwalker to extract some of the files since they aren't encrypted. One is called chpasswd.sh and the contents is: #!/bin/sh # $Id: chpasswd.sh,v 1.1 2008-05-19 13:08:34 winfred Exp $ # usage: chpasswd.sh <user name> [<password>] usage() { echo "Usage:" echo " $0 <user name> [<password>]" exit 1 } if [ "$1" == "" ]; then echo "$0: insufficient arguments" usage $0 fi echo "$1:$2" > /tmp/tmpchpw chpasswd < /tmp/tmpchpw rm -f /tmp/tmpchpw Also after port scanning using -sS I found that there are more ports than I originally thought, most are filtered though. Starting Nmap 7.40 ( https://nmap.org ) at 2018-03-16 11:37 EDT Warning: 192.168.1.6 giving up on port because retransmission cap hit (10). Nmap scan report for Jacques.home (192.168.1.6) Host is up (0.62s latency). Not shown: 986 closed ports PORT STATE SERVICE 70/tcp filtered gopher 389/tcp filtered ldap 500/tcp filtered isakmp 514/tcp filtered shell 1095/tcp filtered nicelink 1112/tcp filtered msql 1533/tcp filtered virtual-places 1700/tcp filtered mps-raft 1900/tcp filtered upnp 5414/tcp filtered statusd 7777/tcp open cbt 9010/tcp filtered sdr 49152/tcp open unknown 50500/tcp filtered unknown Nmap done: 1 IP address (1 host up) scanned in 975.17 seconds I feel like I am on the right track but some help would be appreciated. Also I can post the folder of all the files I extracted from the .bin firmware file If you guys want

Im currently working on a project of trying to pen-test this cheap IP camera I bought online I've port scanned it a few times and the only thing open is PORT STATE SERVICE 7777/tcp open cbt 49152/tcp open unknown I've done some research and a few wireshark scans and have found out that the 7777 port is for transmitting the image of the camera and port 49152 is for UPnP and port forwarding. Is anyone familiar with any vulnerabilities that I could exploit using this information? This is my first hardware pen-test btw. I'm thinking about opening it up and trying to see if there is any serial connections. Any advice is appreciated :)

I am a complete noob when it comes to hardware but I would love to start vulnerability testing pieces of hardware to learn more. I have a tenvis IP camera and was wondering where you guys would suggest me to start researching or where to start?