Jump to content


Dedicated Members
  • Content Count

  • Joined

  • Days Won



About digip

  • Rank
    -we're all just neophytes-

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
  • Interests
    Forum Rules - https://web.archive.org/web/20150402012023/https://forums.hak5.org/index.php?/topic/7499-read-me-first/

Recent Profile Visitors

74,421 profile views
  1. Personally I use Opera, which has the benefits of the same base engine chrome uses, but without the chrome issues above. Also has built in ad-blocker, if you so choose, but I use Ad Block and Script blockers along with some other extensions. I can't see Opera limiting the same as Google is doing, considering their ad-blocker is built into Opera, it's an advantage built in at this point. I did use Brave for a while but somewhere I read that in doing so, you authorize them to use your data for other things, ie: they are the tracker you would otherwise be blocking with all the add ons like ad blo
  2. What you would be doing, is renaming utilman.exe, to something like utilman.old.exe, and copy cmd.exe, to utilman.exe, after booting off a live boot disc. Then on reboot, do the shift key to launch utilman, only instead,it will launch the copied cmd.exe in its place, as a system process, and allow you to add users from the command line, etc. For me, if I am going to be in on a live boot, I'd just change the password, or get konboot, to login without a password and then reset while in.
  3. Except when your PC didn't ship with install media(which most don't these days) and you have to reinstall from the rescue partition, which, puts all the crapware back, to full install.
  4. Why wipe the machine? If you created a new user, take ownership of the old account/files, and move their files over to the new profile, then nuke the old user profile. I actually do this for people when I fix their machines and they've broken their profile somehow. No need to reinstall everything unless you believe there is malware on it.
  5. With Windows 8 & 10, are the login resets tied in with windows live now? I don't recall setting up a windows live account with my Windows 8 laptop(in fact I know I didn't), but reading up people saying if you signed up and registered the PC with a Live account, you can reset the PC password from Microsoft directly at https://account.live.com/password/reset which to me, sounds like the owner would have had to setup a live account prior to this to make it work. If that is the case, that is one of the smartest and dumbest things ever, because if anyone managed to dump an MS database that is t
  6. Windows 10, still uses a SAM file. It also uses a new cached password feature since windows 8 but can't remember how it works, and is more secure(supposedly) on storing of passwords. if you can live boot, you can either dump the hashes from the SAM file and crack offline, or, use tools like chntpw (although haven't tried it on windows 8 and 10, it probably still works). You might need to use a live disc that has UEFI/EFI booting to access the drive properly, but you can always disable in bios to boot legacy thumb drives. Cracking being the long route, changing or blanking it out is probably qu
  7. Does "alt+f2" bring up a prompt to run/search? If so, type term, terminal or xterm, or whatever the default OS terminal is.
  8. Nothing officially talked about(that I have seen) but check the hak5 YouTube channel, can get a glimpse of the logo in last 2 episodes. https://www.youtube.com/user/Hak5Darren/videos
  9. What is a packet squirrel? It's a device from Hak5. And why dont a own one Cause you no can haz packets! Only for squirrels!
  10. Battlefield Bad Company 2, BF4, BF3, BF1, in that order.
  11. You can turn off everything, and still reach he router on port 80 from INSIDE the lan. You need to disable remote administration, so port 80 will be closed to people on the internet and outside your lan. Also, if the device has the options, disable admin interface over wireless, and also make it use https only, and not http for the admin panel login. This way, if someone is on your local lan, they can't intercept your login credentials sent in the clear over port 80, and will force it to only allow HTTPS for encrypting all logins to the router. Not 100% guaranteed, but way better than using de
  12. Redriect all your traffic to flow through them and run off their DNS, and MITM proxy all your traffic, including SSl traffic and you'd be none the wiser. Not to mention, possible to port forward to known hosts on the network, attack individual machines on the LAN if they are vulnerable, if he/she can see traffic, they can see your OS, Browser user agent, software in use, such as flash, adobe reader, java, etc, then serve or inject payloads into pages and compromise your hosts, then log directly onto your workstations, pivot off one vulnerable machine to the rest of your network and scan your i
  13. As stated above, disable ALL remote management, and I would also advise, if you have the option, to disable uPnP, asap, as well as SSDP. They can be used to open ports, probe for responses about the devices and pull other info. If FTP , Telnet, and port HTTP are viewable from the internet, that is NOT a good thing.You also have SNMP on?? Big no no. Try hitting your router from an external IP with metasploit or Armitage. It will show you all kinds of things using SNMP attacks and scanning for further fingerprinting, most likely using an open community string. NONE of the ports you listed, sho
  14. Scanning from local lan can sometimes lead to false positives, but I would try from an external scan just to be safe. Try from a remote machine to scan your home IP if you can, which should hit your router, and that to me would be a better test. Also, try several other scans for various results at getting ports to pop and give up info, such as "nmap -v -A -PN --open --reason -sV -sC -p 1-65535 x.x.x.x" where x.x.x.x is your IP address. Go to ipchicken.com or type "what is my IP address" into google and google should tell you as the first result in bold(google knows everything). Sometimes, a p
  • Create New...