Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won



About digip

  • Rank
    -we're all just neophytes-

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
  • Interests
    Forum Rules - https://web.archive.org/web/20150402012023/https://forums.hak5.org/index.php?/topic/7499-read-me-first/

Recent Profile Visitors

71,780 profile views
  1. That sounds like rubbish but ok. I was able to connect using netcat, but I don't have a registered nick on the server. Not sure it requires a "password" in a sense, just a properly registered user from what I can see, which looks like is done from the main website and not the normal msg nickserv.
  2. They could simply password protect a channel to block you or kick anyone who's not registered as well, so if they really want you gone, they can block you for the most part, no matter what you do. Try using a real IRC client and registering a new NICK with the server, then try again.
  3. How to redirect Facebook secure page by Kali

    You can try full SSLstrip V2 with DNS poisoning, and even then HSTS in browsers, may not load the site at all. Certain TLD's have hard coded HSTS in the browsers now and very difficult to bypass, even if supplying your own fake certificate, which will still prompt then end user. These sites will not load as HTTP any longer for a lot of them due to restrictions placed in the browser itself. Something like IE6 would work though..lol
  4. Change out USB to USB-C for LAN Turtle

    Damn Apple hipsters always ruining things with their avocado toast...
  5. Found Exploit What To Do Now?

    inxi is used to gather info on a linux OS. I gather there is an issue when used on a phone, which I assume is running some manner of NetHunter? One post you said you tried "start x" on the phone(which not sure how/why you'd do that over SSH) and now inxi, which sounds like it's crashing somewhere. I'd say more bug than exploit. If you somehow took control of the crash, to stop the crash but insert code to get root or such, then I'd say is more or less an exploit, but right now, just sounds like a crappy, crashing phone..lol Don't sneeze too hard on that LG. it might reboot.
  6. How to proceed a nmap from a router

    Thoughts on work around for this, if you have a machine you have control of on both the inside and outside the network, and you had a reverse shell to the inner machine, you could potentially use proxychains and a tunnel over the reverse shell to scan the inside of the network, from outside the network, which could let you use nmap or any other tools on your outside machine, to scan the inner network. However that is a bit of a different scenario than using the router itself, other than what is built into the router itself. Essentially, if you bridged yourself to the inner network from outside you could use pretty much any discovery, scanning and attack tools.
  7. Found Exploit What To Do Now?

    I wouldn't call SSH being an exploit. If you're SSH'ed in, and as root, you can do whatever is available for the phone. Not all commands will run if not as root, such as shutdown commands like "poweroff" but depends on the phone and security of the user context you have control of.
  8. wifiphisher in kali linux

    Have a look at FruityWifi if you can't get wifiphisher or whatever working. It's in the kali repo from what I remember but worked for me. I had to use aircrack suite to get the fake AP working on my end, but Fruity gives you the option to pick which for the fake AP with hostapd not working for me with my card. It will do nearly everything for you. It takes care of the DNS side too. All I did was start apache and use my own custom web page and PHP for the fake portal page vs the default one, which you can configure to redirect to any page or site, including one on the web if you really wanted to.
  9. wifiphisher in kali linux

    You need to spoof the DNS to redirect them to the local portal, and don't point it to, point to the local machine running the web server's IP address. Helps to have a DHCP server respond to all queries when they connect to the network and you can set yourself as the DNS server. When I've used Fruity Wifi, it handles all the scripting of the other tools like dns poisoning and redirects, but if you want to try doing it yourself you need to setup dnsmasq or some other DNS setup along with answering the DHCP call and then providing the clients with the intended info. When they make the request, they get the info directly from the attacker machine and they would then connect to the captive portal. Trying to remember if I've tried wifiphisher directly, but I think it's also used in FruityWifi which automates a lot of it, such as the IP forwarding, fake AP, etc.
  10. Windows 10 password crack

    With Windows 8 & 10, are the login resets tied in with windows live now? I don't recall setting up a windows live account with my Windows 8 laptop(in fact I know I didn't), but reading up people saying if you signed up and registered the PC with a Live account, you can reset the PC password from Microsoft directly at https://account.live.com/password/reset which to me, sounds like the owner would have had to setup a live account prior to this to make it work. If that is the case, that is one of the smartest and dumbest things ever, because if anyone managed to dump an MS database that is tied to all windows 8 and later computer logins, that is some stupid shit right there. Who the hell wants their local PC login, tied to an internet account, anywhere?? Really? Anyone ever done this, setup Win 8 or 10 for this?
  11. Known plaintext attack

    Can you post the hash?
  12. How to download WSS Frames

    If you copy the CURL request(right click the "purple" bar) and then paste into a console, it will do the same request and you could log the output. But if it expects two way data back and forth, you need to answer the responses and then reply, which you could do in a bash script, or some other language you're comfortable in. It depends on what the web socket app/service expects after the initial connect is sent. Without knowing what the thing is you're connecting to and the source for the endpoint on what it requires, kind of hard to help any more than suggestions on things to try. If people knew more about the service, and if it had an API for interacting with it, might be more helpful and easier to script something, but just try simple things like the CURL request first and log all the info and can use verbose output to see everything going back and forth. Then work out what you need to do from there and kind of reverse engineer it to be done with a script.
  13. Known plaintext attack

    No clue what you're talking about, but if it's cracking a hash you want to reverse, try throwing it in a file and cracking with JTR. John will tell you what kind of hash it thinks it is and can try multiple hash attacks against it without the need to specify the hash like hashcat will want. if it's a wireless key, might need to convert it for cracking.
  14. Windows 10 password crack

    Windows 10, still uses a SAM file. It also uses a new cached password feature since windows 8 but can't remember how it works, and is more secure(supposedly) on storing of passwords. if you can live boot, you can either dump the hashes from the SAM file and crack offline, or, use tools like chntpw (although haven't tried it on windows 8 and 10, it probably still works). You might need to use a live disc that has UEFI/EFI booting to access the drive properly, but you can always disable in bios to boot legacy thumb drives. Cracking being the long route, changing or blanking it out is probably quicker. Another thing to try, is boot into safe mode as administrator(if no password was set for the admin account) and change the password from there. edit: i see you posted this twice now > You only need post it once, and wait for replies.