-
Posts
8,919 -
Joined
-
Days Won
144
Content Type
Profiles
Forums
Gallery
Events
Posts posted by digip
-
-
On 4/25/2019 at 3:21 AM, leo26 said:
I use a simple direction scan tool to scan a web-site, and there's an URL exhibited as "http://xxx.com/%23abc.mdb"
I wonder the real meaning of %23 in the position, I guess it hide a real path for this database.
could you provide a method to exploit this ? thanks
Nothing to exploit, but if you want to learn search for URL encoding and how it works.
-
What desktop manager are you using? If Gnome with the default hidden taskbar, go into the tweak tool and enable the taskbar and programs to show in it. That is if I'm following what you're describing.
-
Boot off a live disc like Kali linux and use chntpw to reset it to whatever you want. You could also use Konboot to do the same thing.
-
Try airmon-ng to put a network card in monitor mode and survey your location using airodump-ng. With only one network card, you'll have to test per channel one at a time, then stop and start the airodump-ng tool again with a new channel each time, since hopping on all channels, will give poor results and not work properly. Once you locate all the SSID's and can see the signal strength get stronger as you get closer, then try probing for your AP at each location. If anything comes back with a MAC address(BSSID) not supposed to be on your manufacturer list, this is most likely a rouge AP, but not a perfect solution for testing since they can also be spoofed.
Ideally scanning locally on the intranet with tools like nmap, would be a quicker way to identify all devices and their MAC addresses, and you can then work out what matches to what location of each AP and the associated SSID when comparing them to the nmap results and an airodump-ng scan, sort of match them together. Once that's mapped out, figure out what doesn't belong if you end up with an a MAC address in airodump-ng, that wasn't on the nmap scan.
There are probably better ways or tools to do this for a wifi survey, but I'm just throwing this out there off the top of my head.
Documentation from when they were setup would also help you eliminate your devices against rouge ones, other than those that impersonate the MAC of an AP, which is also quite difficult to detect if that is what someone decides to do but you can use airodump-ng to sort them by signal strength and then as you walk closer observe more where they are. If you find that one is really far from where it should be, like at an edge wall of the office, then try doing the same from outside and start narrowing down where it is to find it. Others may say use kismet, as it can do this as well and has some more tools for surveying signal strengths, but I'm not really familiar with the tool, so you'd have to dig in on that one.
-
No one is going to help you attack someone else's network. Please don't ask questions for help with these types of scenarios.
-
The executable you created for windows, is it 32 or 64 bit? make sure it matches the victims system.
-
In bridged mode, you're virtual adapter for the VM gets an IP on the network like a real machine would. It shares the main hosts adapter for real connectivity at all times in any mode, but in bridged, it can be treated like it's another machine on the network.
host-only adapter, is so that the VM can only talk between the host machine(windows) and the guest machine(VM), and is isolated - not supposed to be able to see the rest of the network, even if on same subnet. In theory you could setup routes to reach elsewhere, but pretty sure the host-only setup will block this until you add in a bridged adapter and add routes. If you want it in both host-only and on the regular network, you use 2 NIC interfaces, with a bridged interface able to see everything, and the host-only, only sees the host. If a tool you use fails to work, some let you assign an interface to it, so if you want to test something outside the host-only network, you need to tell the tool to use the bridged adapter. For example, netdiscover tool can be assigned to an interface before running, by default I believe it takes eth0 or the first adapter, but to find machines on the network, you'd need to assign it to the bridged adapter.
If you set any to NAT, it's as if it's behind a router, which means port forwarding issues and reaching it from other machines becomes a problem, similar to host-only connections, but you can use NAT on multiple VM's in VBOX to create a new network subnet where the HOST machine acts as the router/gateway and then the other VM's only see each other and the HOST. Adding in then a bridged adapter on one of those machines, lets you then pivot between the different networks/subnets.
Might be a good idea to read up on networking in general, routes, subnets, network masks, etc. Will make more sense when you have a better understanding of network fundamentals.
-
7 hours ago, Mr.many said:
I need help with gparted I keep getting this error ** (gparted bin : 1927) : CRITICAL **: murrine_style_draw_box: assertion 'height >= -1 ' failed
What desktop interface and theme are you using? Check the second one down -https://bugzilla.redhat.com/show_bug.cgi?id=1329311
May be a bug with the theme, try a different theme or layout
-
-
WPA3, while being announced, still needs adoption and testing and then support for devices and OS's, which is probably still a year away or more. WPA2 is also still getting updates and patches. Hopefully I'll be able to keep my existing routers and just get updates to support WPA3, but I have a feeling vendors aren't going to be so nice.
-
On 1/10/2018 at 1:00 PM, barry99705 said:
Yup. We just put that up yesterday.
-
Offsec has a sample pentest report on their site - https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
It's not however a template, but something to at least see how one company has theirs formatted. I think SANS may also have something on their site, but you'd have to google for it.
-
I think they also had a storm, lot of rain?
-
The \r is a carriage return, and \n is new line(line feed). Linux generally treats \n as both in scripts, but if you ever download and open in windows, things like regular notepad, will make it all one line, which windows wants both the carriage return and new line. Notepad++ will treat \n like \r\n depending on how you have the settings, but you can also ctrl+h and set it to extended, to change \r\n to \n and then save it. If you click the icon to show all characters, you will see it adds a CR LF at the end of new lines.
Also edit > EOL conversions, change to Unix, will remove CR LF and replace with LF
;)
-
On 1/4/2018 at 4:04 PM, Dave-ee Jones said:
I thought that as well but I dismissed the idea because I ran it as a bash subshell once and it came up with errors for every empty line. Not to mention the start of that function again.
I'll try it though.
<insert bad pun here>Guess I forgot to write the whole shebang..So that fixed the test.sh but not the payload.sh. The payload apparently doesn't exist. Staring right at it, bro.
EDIT #998: So, I've found that it's Notepad++ causing the issue. It likes to put "^M" characters right before every new line, which means that every new line is a "^M" character combo. Classic Notepad++. It's a good program, they said. Never have an issue, they said. Best editor, they said. Mhm.
Copy pasta also causes this in linux too, not just notepad++. When I copy code off web pages, and paste then save, I often get errors related to \r\n vs the \n that linux likes to use. You can open a python or bash script in nano, and it will actually highlight the issues, and python will even tell you about it in the error output of the terminal most of the time, then look in nano to see the highlighted blocks at the end of in middle of lines, to be removed. Sometimes it's also fancy quotes, something wordpress blogs are known for, vs a regular single quote, and can break code when you visually see or think it's a single quote in a text editor, when opened in a hex editor, you'll see it's not the proper character(s).
Examples of what I mean.
bad characters:
e2 80 99 " ’ " should be single quote " ' " 27 e2 80 9d " ” " should be double-quote " 22
-
2 hours ago, ABK said:
I'm not attacking anything, first I thought my anonymity was garanteed here, and even if it's not I don't have knowlege for that, second there is nothing bad whith studying a network, tertio there is nothing stupid when it comes to defend individual freedom in my opinion
I'm curious how you would disable their "tools" on "their" network though? Going around filters is one thing. To be able to control aspects of their systems and "tools" is another. Unless I'm not understanding what you describe above.
-
Attacking your government and their filters, will probably not end well. Especially, now that you've publicly announced it.
-
You can leave kali in virtual box. I have it in both vbox and vmware, as well as natively installed in several places, but the point is, to pentest and practice, you don't really need expensive new equipment, or any specialized laptop for penetration testing. Any computer can be used to learn with for the most part, and in many cases, when you go into a real pentest, you aren't allowed to bring in laptops or equipment, often have to use their equipment, and use something like a Live DISC to load into one of their machines, or have to leave yoru equipment with them and not be allowed to leave their premises with anything, including thumbdrives, HDD's, etc.
The whole point BackTrack was invented, the predecessor to Kali, was because on some engagements, they were required to leave their HDD's or equipment with the companies they did the pentest on, so having a CD or DVD of an OS with tools on it, let them bring just that into the environment, and can be tossed in the trash afterwards when done. Your laptop just needs to have reasonably decent hardware support and stability for the kali distro, and if needed, some external Wifi cards where needed.
In some instances, people are using small appliances, like the Intel Nuc or a raspberry pi, as plugin devices to the network, and setup for remote administration, so a company doesn't even have to physically show up on site, only need a bridge to the internal network, to perform their assessment, depending on the scope and scenario in place, or for when you are only allowed a connection from a conference room of a business, but not access to the data center or such, plug and play makes things convenient for the security companies, which is the main purpose of Kali, in putting all the things in a small package for a wide range of uses.
-
TOR is an option as mentioned, but just an example of a number of types of services such as proxies and VPN services or other tunneling scenarios, such as purchasing a domain from someone like Dreamhost, and then enabling shell access, and SSH tunneling over the domain, to reach other sites. Also changing your DNS to something like OpenDNS, can in some instances, unlock some things that might only be blocked by a simple DNS filter on the ISP's DNS side only, and if not filtered by some other stronger method of blocking mechanisms, although tunneling would probably be the best route around filters and blocklists.
-
On 12/29/2017 at 2:21 AM, unverified said:
I just had the same thing happen to me. First I must say that I find some of the answers here amusing, I remember having to show an ID card when using a creditcard, I just cant remember if it was in the 1980's or 1990's. Since then we have PIn+Chip and Mastercard securecode.
"Our order processor flagged the transaction while authorizing the payment. They need some additional information before it can be processed. That means it won't be able to ship it until some information has been verified."
So according to my bank the money was taken from my account in the same second as I pressed the order button. So the problem was not with the credit card or securing the payment. There was some other information missing or needing verification.
I was asked to e-mail a picture of a photo ID card showing my address but with any sensitive information like license ID covered.
Since highly evolved countries dont have addresses on ID cards I couldnt do that, but there was a second option. E-mailing a picture of a photo ID without the address and a picture of the creditcard showing (perhaps they meant - only) the last 4 digits of the card.
So what information did they really want that they didnt have yet ? A photo of me for sure, a photo of a partial ID card in a foreign language, a partial credit card.
Mastercard does not have my photo. It's unlikely that the call center can read and verify the partial ID card.They also say that the information that is e-mailed will be promptly removed once this "verification" is done.
Given that it probably takes less than 5 minutes to photoshop an ID card and a creditcard, what is it that they hope to achieve by the process ????
I sent a question to customer service about what "problem" they had found, then I canceled my order. I also sent a question about how to cancel my account with Hak5 (no point in having once since I cant order). But so far nothing useful back.
It's obviously futile to post about this problem in this forum, but perhaps someone reads this before ordering from Hak5 and decides that companies that behaves like this shouldnt get any business.
Valid feelings, but still, not like Hak5 does this on purpose to piss people off. It's the merchant billing that is requiring it, as it's been flagged, they don't have a choice really. Until the purchase can be verified, the purchase can't be done. So what do they do? They try to verify the transaction to ensure its not fraudulent. Then by chance your info was stolen, faked, etc, they are in compliance, and not responsible, when they do what is required of them. It's to cover all the bases, and everyone's ass, so that if you do need to go after someone, there is now a trail, whatever little bits there are, to go after the people.
-
@amrita Check out http://kali.training/ to learn Kali,and you can download Virtual Machines of Kali at www.offensive-security.com or ISO images from Kali.org if you want to burn and run a live disc on your laptop or desktop. If you're in windows 10, you'd need to disable UEFI to boot Kali on those machines natively, or just use it in a VM when learning, which is my suggestion. I am not a believer that you need to learn Linux first, before getting acquainted with Kali. While Kali is specialized in it's tools and default user of root, you always add users with Sudo like you would on ANY other distro, and Kali is Debian based, and a rolling distro with updates just like any other Debian based distro. I run it on my laptop natively, on one of the family desktop machines as the main OS that my wife and kids use, and in a VM on my desktop. As with anything, best way to learn is by doing, don't be afraid to dive right in with Kali as your first distro. It's Linux like every other distro, at its core, and works just like every other distro.
-
If you have a laptop or desktop machine already, and can install VMware or Virtual Box, then you can setup a lab at home with little to no cost for setup. Also, places like Vulnhub, offer freely downloadable virtual machines that will run in VirtualBox(VBox) and VMware, most of which will run better in VBox based on how a majority of them were created. I personally use Kali in Vmware on my desktop, and use VBox for all the downloaded virtual machines form Vulnhub for my home test lab, which is basically just boot and root CTF machines I attack from the Kali VM.
If you want more involved systems and scenarios, or windows machines to attack, sign up with Hack the Box, also a free service, and will require you to use a VPN to get into their networks to attack their machines(they provide the VPN), which are all on their systems that you remote into from your home machine over the VPN. No downloading or installing anything, other than the tools you choose to do the pentesting, which if you wanted to, could just be your desktop, although I'd advise you to use a VM or segregated machine, as this is a LIVE network, with other users, who can and may try attacking you! Be warned, it's a hostile network, so take precautions when on their network.
-
3 hours ago, haze1434 said:
I would never let another person touch my baby
I'm not talking drive in, automated, or even paying for detailer.. but here, we have wash bays you pull into, put some quarters in a machine, and you wash the car yourself. Sure, costs a bit in change, but you get to use their wash facilities and vacuum machines.
Something like
Which we have a lot of them in my area. Really great for when you go mudding in your truck too, and need to get all the crap off, or after a snow storm and need to get the salt off in the winter. High powered hose and foaming brush, plus you can use your own soap, sponges and towels if you want instead of their brush. When you live where you do, with neighbors that close, this might be the better alternative vs building a wall that might fall on the neighbors car and then have to pay them for damages.
-
Or, just go to the carwash, you know, where other people wash their cars too..lol
Looking for help
in Everything Else
Posted
Everyone loves a mentor, but 99% of hacking, is trying something, failing, and then trying again. Best hands-on is by doing. Watching someone do it, still requires the muscle memory, and that only comes from repeatedly doing it over and over.
Head over to Vulnhub, download a free VM and then follow the guides that come with them, even if they don't make sense at first. Once you have done a few of them, try one without using a guide and only go on your instinct and ability to recon and assess the objective.
The link above that Rkiver gave will also help get you pointed to some fundamentals more specific to a category you may have interest in, such as programming in C, other languages, or various other topics related to the field. Can't run before you walk. Having an understanding of networking alone will be a huge help, so basics like Network+, can help understand the "why" behind how something works, not just the "what did he type next when I get here?"