Jump to content
Hak5 Forums

digip

Active Members
  • Content count

    8,915
  • Joined

  • Last visited

  • Days Won

    144

About digip

  • Rank
    -we're all just neophytes-

Contact Methods

  • Website URL
    http://www.ticktockcomputers.com/
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    RnVjayBPZmYh 192.168.100.1
  • Interests
    Forum Rules - https://web.archive.org/web/20150402012023/https://forums.hak5.org/index.php?/topic/7499-read-me-first/

Recent Profile Visitors

72,764 profile views
  1. digip

    Need help hacking myself.

    Boot off a live disc like Kali linux and use chntpw to reset it to whatever you want. You could also use Konboot to do the same thing.
  2. digip

    SSID Identification

    Try airmon-ng to put a network card in monitor mode and survey your location using airodump-ng. With only one network card, you'll have to test per channel one at a time, then stop and start the airodump-ng tool again with a new channel each time, since hopping on all channels, will give poor results and not work properly. Once you locate all the SSID's and can see the signal strength get stronger as you get closer, then try probing for your AP at each location. If anything comes back with a MAC address(BSSID) not supposed to be on your manufacturer list, this is most likely a rouge AP, but not a perfect solution for testing since they can also be spoofed. Ideally scanning locally on the intranet with tools like nmap, would be a quicker way to identify all devices and their MAC addresses, and you can then work out what matches to what location of each AP and the associated SSID when comparing them to the nmap results and an airodump-ng scan, sort of match them together. Once that's mapped out, figure out what doesn't belong if you end up with an a MAC address in airodump-ng, that wasn't on the nmap scan. There are probably better ways or tools to do this for a wifi survey, but I'm just throwing this out there off the top of my head. Documentation from when they were setup would also help you eliminate your devices against rouge ones, other than those that impersonate the MAC of an AP, which is also quite difficult to detect if that is what someone decides to do but you can use airodump-ng to sort them by signal strength and then as you walk closer observe more where they are. If you find that one is really far from where it should be, like at an edge wall of the office, then try doing the same from outside and start narrowing down where it is to find it. Others may say use kismet, as it can do this as well and has some more tools for surveying signal strengths, but I'm not really familiar with the tool, so you'd have to dig in on that one.
  3. digip

    Computer lab penetration

    No one is going to help you attack someone else's network. Please don't ask questions for help with these types of scenarios.
  4. digip

    Kali Linux Metasploit Issue

    The executable you created for windows, is it 32 or 64 bit? make sure it matches the victims system.
  5. digip

    Networking issues in kali

    In bridged mode, you're virtual adapter for the VM gets an IP on the network like a real machine would. It shares the main hosts adapter for real connectivity at all times in any mode, but in bridged, it can be treated like it's another machine on the network. host-only adapter, is so that the VM can only talk between the host machine(windows) and the guest machine(VM), and is isolated - not supposed to be able to see the rest of the network, even if on same subnet. In theory you could setup routes to reach elsewhere, but pretty sure the host-only setup will block this until you add in a bridged adapter and add routes. If you want it in both host-only and on the regular network, you use 2 NIC interfaces, with a bridged interface able to see everything, and the host-only, only sees the host. If a tool you use fails to work, some let you assign an interface to it, so if you want to test something outside the host-only network, you need to tell the tool to use the bridged adapter. For example, netdiscover tool can be assigned to an interface before running, by default I believe it takes eth0 or the first adapter, but to find machines on the network, you'd need to assign it to the bridged adapter. If you set any to NAT, it's as if it's behind a router, which means port forwarding issues and reaching it from other machines becomes a problem, similar to host-only connections, but you can use NAT on multiple VM's in VBOX to create a new network subnet where the HOST machine acts as the router/gateway and then the other VM's only see each other and the HOST. Adding in then a bridged adapter on one of those machines, lets you then pivot between the different networks/subnets. Might be a good idea to read up on networking in general, routes, subnets, network masks, etc. Will make more sense when you have a better understanding of network fundamentals.
  6. digip

    Kali linux

    What desktop interface and theme are you using? Check the second one down -https://bugzilla.redhat.com/show_bug.cgi?id=1329311 May be a bug with the theme, try a different theme or layout
  7. digip

    WPA3

    needs more tinfoil. and bacon.
  8. digip

    WPA3

    WPA3, while being announced, still needs adoption and testing and then support for devices and OS's, which is probably still a year away or more. WPA2 is also still getting updates and patches. Hopefully I'll be able to keep my existing routers and just get updates to support WPA3, but I have a feeling vendors aren't going to be so nice.
  9. digip

    Kali linux

    Yup. We just put that up yesterday.
  10. digip

    Pentest Questions

    Offsec has a sample pentest report on their site - https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf It's not however a template, but something to at least see how one company has theirs formatted. I think SANS may also have something on their site, but you'd have to google for it.
  11. digip

    CES Hacked?

    I think they also had a storm, lot of rain? http://appleinsider.com/articles/18/01/10/2018-las-vegas-consumer-electronics-show-stymied-by-blackout-heavy-rain-and-flooding
  12. digip

    Linux functions and weird problems..

    The \r is a carriage return, and \n is new line(line feed). Linux generally treats \n as both in scripts, but if you ever download and open in windows, things like regular notepad, will make it all one line, which windows wants both the carriage return and new line. Notepad++ will treat \n like \r\n depending on how you have the settings, but you can also ctrl+h and set it to extended, to change \r\n to \n and then save it. If you click the icon to show all characters, you will see it adds a CR LF at the end of new lines. Also edit > EOL conversions, change to Unix, will remove CR LF and replace with LF ;)
  13. digip

    Linux functions and weird problems..

    Copy pasta also causes this in linux too, not just notepad++. When I copy code off web pages, and paste then save, I often get errors related to \r\n vs the \n that linux likes to use. You can open a python or bash script in nano, and it will actually highlight the issues, and python will even tell you about it in the error output of the terminal most of the time, then look in nano to see the highlighted blocks at the end of in middle of lines, to be removed. Sometimes it's also fancy quotes, something wordpress blogs are known for, vs a regular single quote, and can break code when you visually see or think it's a single quote in a text editor, when opened in a hex editor, you'll see it's not the proper character(s). Examples of what I mean. bad characters: e2 80 99 " ’ " should be single quote " ' " 27 e2 80 9d " ” " should be double-quote " 22
  14. digip

    Freedom

    I'm curious how you would disable their "tools" on "their" network though? Going around filters is one thing. To be able to control aspects of their systems and "tools" is another. Unless I'm not understanding what you describe above.
  15. digip

    Freedom

    Attacking your government and their filters, will probably not end well. Especially, now that you've publicly announced it. https://vlipsy.com/embed/acR1rJOb
×