Jump to content

Computer_Security

Active Members
  • Posts

    179
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by Computer_Security

  1. Fair point. Even the ones outside of the USA?
  2. Sounds like you have a DNS problem on your hands. See how your network adapter is configured and if you want to statically assign a DNS server I suggest 1.1.1.1
  3. Just curious why a security-driven community would block tor exit-nodes from accessing the forum?
  4. I don't know if anyone is familiar with this exploit framework but I have recently been messing around with it. I have a device on my network that has a vulnerable FTP with default creds. When I use the framework it is fine but once it "finds" the credentials it never displays them to the user. Anyone else have the same issue or know any fix? rsf (FTP Default Creds) > run [*] Running module... [*] Starting attack against FTP service [*] thread-0 thread is starting... [*] thread-1 thread is starting... [*] thread-2 thread is starting... [*] thread-3 thread is starting... [*] thread-4 thread is starting... [*] thread-5 thread is starting... [*] thread-6 thread is starting... [*] thread-7 thread is starting... [*] thread-0 thread is terminated. [*] thread-1 thread is terminated. [*] thread-2 thread is terminated. [*] thread-3 thread is terminated. [*] thread-4 thread is terminated. [*] thread-5 thread is terminated. [*] thread-6 thread is terminated. [*] thread-7 thread is terminated. [*] Elapsed time: 5.070053577423096 seconds [+] Credentials found!
  5. Ohhh okay makes sense. What box are you using for pfsense?
  6. It's a cloud-based box that I set up using OpenVPN, I would be tunneling my traffic through tor but I think Hak5 forums blocks traffic if it detects a tor exit node. That's actually very interesting and yea I figured that if the government wanted to know who was running the box, they would just get a warrant from the parent company. Why would running all of my devices through the VPN cause leaks? I have done many DNS leak tests and have yet to experience one. Also in your opinion, do you feel it is better to trust a service such as NordVPN, who claims to not log, over creating your own server?
  7. That is true, but let's say they do.... the cool thing about tor is that I can change my route/ endpoint at any time. So I'm actually curious, how would they keep track of the endpoint I am currently using? I'm not saying the government can't track me I'm just saying I'm going to make it a pain in the ass for them ? So far I have everyone in my immediate family connected to my VPN and I haven't seen or experienced any throttling. As for streaming media, I typically use Youtube, Kodi or a movie service such as Netflix or Hulu on my firestick (That why I asked you about adding that to the VPN earlier today). Even watching youtube videos on my laptop, I have yet to see any noticeable difference from when I wasn't using the VPN.
  8. Yea! I tend to have it on even for home network use and of course, I don't trust my ISP/government/Network with information. I am not defending against anything, in particular, per say but more just seeing where the bounds of security and convenience lie for me.
  9. Hey, So I am curious what creative ways you guys use to protect yourselves while on any network. I also thought I would share some of the steps I personally take to stay security conscious. -I have a VPN always running that I am administering for all of my, and my families, devices. -In addition to the VPN I also am hooked up to the tor network, running ghostery, https everwhere and pixel block while in chrome. -I also take the usual physical security precautions such as having all of my drives encrypted and using a Kensington lock. There are probably other things as well that I just can't think of right now, just thought I would share to get the conversation started.
  10. @digininja Didn't think of that, thank you so much!
  11. Hey, so I have a cloud-hosted VPN set up using openVPN and was wondering if anyone knew a way to add my firestick? Thanks!
  12. My current favorite is Parrot OS, but I also have Kali, AttifyOS (IOT hacking distro) and even Backtrack r3 just to remind me of the good ol' days.
  13. Update: I have looked further into the firmware file and used binwalker to extract some of the files since they aren't encrypted. One is called chpasswd.sh and the contents is: #!/bin/sh # $Id: chpasswd.sh,v 1.1 2008-05-19 13:08:34 winfred Exp $ # usage: chpasswd.sh <user name> [<password>] usage() { echo "Usage:" echo " $0 <user name> [<password>]" exit 1 } if [ "$1" == "" ]; then echo "$0: insufficient arguments" usage $0 fi echo "$1:$2" > /tmp/tmpchpw chpasswd < /tmp/tmpchpw rm -f /tmp/tmpchpw Also after port scanning using -sS I found that there are more ports than I originally thought, most are filtered though. Starting Nmap 7.40 ( https://nmap.org ) at 2018-03-16 11:37 EDT Warning: 192.168.1.6 giving up on port because retransmission cap hit (10). Nmap scan report for Jacques.home (192.168.1.6) Host is up (0.62s latency). Not shown: 986 closed ports PORT STATE SERVICE 70/tcp filtered gopher 389/tcp filtered ldap 500/tcp filtered isakmp 514/tcp filtered shell 1095/tcp filtered nicelink 1112/tcp filtered msql 1533/tcp filtered virtual-places 1700/tcp filtered mps-raft 1900/tcp filtered upnp 5414/tcp filtered statusd 7777/tcp open cbt 9010/tcp filtered sdr 49152/tcp open unknown 50500/tcp filtered unknown Nmap done: 1 IP address (1 host up) scanned in 975.17 seconds I feel like I am on the right track but some help would be appreciated. Also I can post the folder of all the files I extracted from the .bin firmware file If you guys want
  14. Im currently working on a project of trying to pen-test this cheap IP camera I bought online I've port scanned it a few times and the only thing open is PORT STATE SERVICE 7777/tcp open cbt 49152/tcp open unknown I've done some research and a few wireshark scans and have found out that the 7777 port is for transmitting the image of the camera and port 49152 is for UPnP and port forwarding. Is anyone familiar with any vulnerabilities that I could exploit using this information? This is my first hardware pen-test btw. I'm thinking about opening it up and trying to see if there is any serial connections. Any advice is appreciated :)
  15. I am a complete noob when it comes to hardware but I would love to start vulnerability testing pieces of hardware to learn more. I have a tenvis IP camera and was wondering where you guys would suggest me to start researching or where to start?
  16. I was just wondering the benefits of purchasing a tetra over a mark v. Im guessing updated hardware and updated gui but other than that can you do any different attacks with new radios or other hardware? Also what are the main differences and advantages of having a tetra over a nano? Thanks
  17. You can enter in a gift card instead of a credit card
  18. Does anyone have any funny IT stories that they are willing to share?
  19. I have noticed that no one on the forums has brought up this current event so here I go... Lizard squad is a new up and rising group that has been tormenting the gaming community recently. If you are not familiar with what they have done here is a nice list. -They have taken down xbox.com -They have taken down xbox live -They have taken down PSN -They have taken down destiny servers -They have taken down GTA V servers -They have taken down the MLG stream -They have made a bomb threat to the CEO of Sonys plane and made the plane land -Hacked Machinima.com -Hacked Steve-o's twitter -They have taken down Steam -They have taken down EA -And this is only the stuff they post on twitter And they live tweet the whole thing and somehow have not been caught yet and to make it worse they tweet pictures of themselves and the names of everyone in the "squad". This is unbelievable! I mean they are probably using proxy servers that they set up and Vpn's and all that good stuff but C'mon the amount of times they have took down xbox live is ridiculous. People are saying that they are DDOSing these servers but to take down these servers like microsoft and sony (which are meant to comply with high volumes) they must have a huge botnet, right? I have also heard that they fried a few sony servers and had to throw them out I don't know how accurate that is but what ever... I was also thinking about what you would need to do this probably a powerful computer to control the botnet and the IPS of the servers (is that public information or NO?) Also I believe that ONLY xbox's and xbox ones can connect to these servers so... did they get a botnet of xbox's, that dosen't seem right? Another possible theory that I had was since I heard they were frying servers my mind immediately went to the program SOCKSTRESS. So pretty much what I wan't to know is what you guy's opinion is on how they did this because honestly looking at their twitter they don't seem like you'r average hacker. (look it up you will get it)
  20. So I am trying to figure out a way to somehow change my Mac Address on my ipod 4 (it is jailbroken) and ive tried a few things in terminal but overall no luck and as far as I can see no one else has any Proof that they can change their mac address either. Can anyone help? Thanks
  21. Very clever and one of the funniest things ive heard done with the Ducky
  22. I want to know how can you find the "source" aka the machine that is running the VPN
  23. Coursera is offering a few computer classes right now, the classes are like videos that you could watch at any time and there is one on Surveillance Law and one on Internet history along with others. there was one on computer security but It was a while ago and i missed it and some courses you can get "diplomas" for lack of a better word right now there is one on software security
×
×
  • Create New...