Sildaekar
-
Posts
135 -
Joined
-
Last visited
-
Days Won
3
Everything posted by Sildaekar
-
Hmm...apparently he has been demonstrating this for years now. Also, every time someone asks for a price and/or possible release date he talks about demonstrating it more. It very well may not be, but I'm calling BS on this. -
Just had to share this:
-
This forum does not condone illegal activity. Attempting to bruteforce the password on servers that are not your own is illegal. (Even if the account is yours) Go through the "Forgot Password" procedure.
-
Suggestions for sealing exploits on network?
Sildaekar replied to jason_guy_yeah's topic in Security
Yeah, all the tools in the world won't work without having those policies in effect. The weakest link in security is the human element, and if no one is willing to enforce it at that end, then it's not going to work. (That was one big run-on wasn't it?) Basically I would just try to shove it down everyone's throats that they need to start enforcing this, or you could anonymously post your company's name somewhere and tell everyone the extreme lack of security prevalent, I'm sure that would have attacks from everywhere rolling in and would force them to put these policies in place. The down side to this is being in the position you're in, you would have to clean it all up :/ I hate this but you're really between a rock and a hard place. -
I hate misleading titles...
-
Suggestions for sealing exploits on network?
Sildaekar replied to jason_guy_yeah's topic in Security
Step 1: Silently infect one computer with 2-3 viruses, and 1 worm. Step 2: Once the worm spreads to other machines tell your boss about it Step 3: Inform his boss that it was his fault for allowing all of what you mentioned Step 4: Congrats you have all the security policies in place AND a new boss Note: Don't actually do this. -
No, the second amendment means "weapons" and the supreme court has interpreted it as weapons that can do bodily harm (firearms, knifes, etc)
-
Just to add a little bit more to your comment on IE, you are correct. Currently it seems as though IE does not support HSTS but it will in Windows 10, and if the victim is currently running a release client for Windows 10 it is working. http://blogs.msdn.com/b/ie/archive/2015/02/16/http-strict-transport-security-comes-to-internet-explorer.aspx
-
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&uact=8&ved=0CD8QtwIwBQ&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2EY7GUWYqHw&ei=EIh0VZzgHtPYoASX9YGYAg&usg=AFQjCNHMR5-LHsj6Pa-NLODRs6hmfuWCwQ&sig2=-A_0dH4ZZ7vL6PUNvfRz5w
-
Short Answer: No Long Answer: Yes. Get a SSL cert signed by a CA and install it on your server. The only downside is that this will require you to pay for it ($50 - $100 / year) and it is highly unlikely that this would happen in a real world scenario as anyone that is up to anything malicious is not going to link their real name with the attack. Also the cert will be locked in to a domain so you would have to register the domain as well (about $10/yr). Best course: Just stick with the setup you have, most users are just going to accept it anyways without even looking. Just generate a self-signed cert made out to Facebook Inc. or something (make it look professional) and they probably won't even care.
-
You could just learn basic HTML and PHP to make them, or copy the files that SET makes to the pineapple.
-
tibyarad: Can you run sslstrip from the command line? hacalox: Have you installed the actual sslstrip program? The infusion is just an interface for the program, installing the infusion does not install SSLSTRIP
-
All of the things I suggested is because if you want to learn then (depending on what attack vectors you plan on focusing on) you will need them.
-
Just some things to think about... 2 or more wireless NICs thaat support monitor mode and injection. Decent cpu for doing stuffs Bluetooth adapter NFC adapter RFID reader/writer
-
With the Ducky alone, what you are asking is impossible. What I would do is create a program that shutsdown all AV on the victim, then put it on a mass storage device, have the ducky copy it over and run.
-
Lol different strokes for different folks I guess, I really enjoyed it. It's one of those "Wow, this is so horrible it's actually pretty good" movies.
-
I haven't had a chance to been busy and going on 28hrs no sleep -_- But I'm gonna try it tomorrow and I'll report back if it works.
-
Awesome! Thanks man.
-
http://store.steampowered.com/app/373180/
-
Sad but true To me that's what makes it so great haha Haven't played the game yet or anything, kinda scared how it might be.
-
Just curious if anyone else here has watched Kung Fury yet? I thought it was a pretty good movie, best 30 minutes wasted ever. Now if I could just get a PowerGlove so I could hack time to go back and kill laserraptors.
-
I'm very new to the metasploit framework and meterpreter but I've been playing around with it a bit and managed to gain access to two different android phones I had laying around as well as a windows box. The only problem I've been able to find is that there are some commands that need to be ran almost immediately after I gain a session (persistance and the like). My question is this: Is there any way to automate these commands so that they run as soon as a session is gained? I'm sure there is as I've found only ONE reference on the topic through google but have yet to find any actual instructions. The basics of what I want to do is this: 1. Navigate to specified directory 2. Upload file to device 3. Drop to shell 4. Execute file Any and all help is greatly appreciated. PS: This question is mainly directed at the android devices.
-
Let smartphone connect automatic to the pinapple.
Sildaekar replied to lxx's topic in WiFi Pineapple Mark V
Yeah, different phones have different settings. In my travels I have found very few phones that automatically connect to a known SSID right out of the box, usually it takes playing around with the settings some. I guess it's just at the manufacturer's discretion? I don't know, maybe someone with some more insight could comment on this. -
Starting out it was going to be a static class instead of the program itself, I never removed the static calls. EDIT Just cleaned it up a LOT, but again I'm still sure that there is a lot that can be done to improve on it. Would love to move it away from depending on Privoxy and implement some sort of SOCKS5 client into it so it can connect to TOR directly. Probably going to look into doing that tomorrow, I'll just have to learn how to interact with raw sockets.
-
It does come with an international plug, I'm here in the US and mine came with one. It does not have an internal battery, you would need to supply it with some sort of battery pack, either one you make (there are details around here somewhere) or the Pineapple Juice which comes with all the bundles.
