digip

Account numbers and aba routing number identify your account and local branch exchange for your bank. Unless they also have your full SS# or security passwords for online banking or such, they generally can't use it for identity theft or wire fraud. When you write a check to someone, it's on all checks, so not hard for someone to get the info. If you know the last four of someone's SS#, in some cases you could call a branch and ask them to look up your balance for you, which would need your full name, data of birth and usually last 4 of social, as they generally don't allow the customer service to see the whole SS# in the system for security purposes, but it's enough to grant them access to certain aspects. Not sure if you can do a transfer over the phone though without a signature, but you can through the online banking side in most cases, which is usually turned on by default if you use online banking. Having access to the actual bank account would be more a worry, than just an account# and aba though. Note: I should mention, many banks have automated teller info, and allow you to call and access your account over the phone with just the account#, but you normally have to setup a pin or in some cases, asks for your last 4 of your social to complete the automated call. These usually only provide current balance, last deposit and pending transactions, where other functions require help from a live person or going to the branch.

The goal should be training, and not so much a certification. Certs are a bonus. Once you HAVE the training and some practical hands-on training, and can do all the things (or some) then I'd say shoot for things like your OSCP, Sans, etc. Employers want people with skills first, and certs, while a great foot in the door, can come later and many employers today, may be willing to even pay for your course if you want to get your OSCP, and you can tell them this when being interviewed, about your training goals. I'd say, do the hard work first, self training, etc, put the time and effort in, learn everything you have an interest in (even if just introducing the concepts into your daily work), and be passionate about what you want to do. People often hit plateaus, get discouraged, or even quit because they think they can't afford it, aren't learning fast enough, but I can tell you, if you really love what you're doing, you'll find a way to pay for those courses(eventually) and that should only be for you to validate to yourself you know and understand these things, and competently do them for a living, if that is your end goal. One thing you can also do to practice, VulnHub and Hack the Box CTF's, 2 free online resources with the ability to get hands-on experience, much like you would with the OSCP course's labs. You can self pace yourself, and use walkthroughs to help better understand some of the basics as well. Just understand, labs leave you to learn on your own, where training like Security Tube, is a learning side/book knowledge and examples, where OSCP, is both lecture, reading and video materials, and, full lab access to hack real networks(which is required to pass your exam). While OSCP might be too expensive for you now, I also wouldn't say waste your money if you aren't already at some level of experience getting shells on windows and linux machines and pivoting through them on a network. You'd be better served spending a few months getting acquainted with much of this through some of those other resources I and others listed here, and I'm sure some will offer some other alternatives too. Good luck!!

proxychains allows you to forward any tool or connection between two separate subnets, more or less bridging them together. I'd say first start with some testing and learning to use proxychains and dynamic SSH connections if you want tunneling, but proxychains allows any tool to be used over it, without it having to directly support socks connections. you could run for example TOR, and then "proxychains nmap target.onion" where the proxychain sends the nmap scan to the host over the connected tunnel, allowing you to scan networks not normally accessible directly from the web side, since they reside on different subnets or even hidden networks, essentially bridging two subnets together. Google proxychains and dynamic SSH connections, you'll figure it out pretty quickly, but this is just a high level example.

depends on what you are using, but generally, clicking the icon on the toolbar(in Gnome) will allow you to list them and enable/disable the wifi. If you're not using Gnome and using a lighter desktop manager, then I would just install wicd when I want to add AP's without having to scan manually for them. If you're not familiar with using things like wpa supplicant and manually adding connections from the command line, try wicd. Works in Gnome too, but shouldn't have to fiddle too much with Gnome, most cards work if they are supported. apt install wicd If you need help with wicd, just google it. Pretty straight forward. You will have to kill wicd if you want to put your card in monitor mode though, it can interfere with tools like aircrack, but airmon-ng check kill will help with that usually.

I didn't lose anything, I just had to do the captcha to post, but fortunately I wasn't blocking it this time. On most sites I would be.

I just got one of those blocks, when pasting links from twitter. No code, just linking and quote from a tweet was enough to trigger it. https://imgur.com/a/YH7eF here is the post -

https://twitter.com/daniel_bilar/status/934138325320871936

Is the web server started? Have apache installed? If you open "http://localhost:8080/blog/" in a browser, does it load properly? If not, that is where I would start.

It's a conspiracy man...tinfoil, solves everything..

Try using the JavaScript console. CTRL+SHIFT+J opens the console. you can either try manipulating or running the function directly in the console, or open the network tab, hit refresh, then run the page. You can then click on each item, and read the header values. Export as HAR, or cURL. Somewhere between all of this, you should be able to see the headers needed, and the URL's you want, or even use the sources tab, set a breakpoint and debug the script manually. Finally, if you can download the JS, you should be able to reverse engineer it directly, but there are a number of online sites you can paste code in and it will spit out results. Deobfuscation sites or even jsbeautifier help clean up and make code easier to read and then work out the parts you need to create the end result.

Frankly, I think he's just pulling our willy and taking a piss out of us... o.O

I used to have a huge collection in the 90's of 2600, blacklisted411 and a few others i can't remember the names of. 2600 was what the others modeled themselves after for sure though. Borders Books and Music used to be where I would get them, but the store went out of business(at least in my area they did). Barnes & Nobles still have them for the most part too. https://anarchivism.org/w/Blacklisted!_411

Sounds to me he's looking for stolen credit cards, not help using one, which shouldn't be an issue. It's 2017. If you don't know how to use a credit card, get the hell off the internet and go back to kindergarten. @Frankwilly we are not a carding site. Ask your mom for help kid.

As far as I know, you can't send a meterpreter shell to netcat alone, as it sends a stager and expects certain criteria that metasploit handles during the setup of the session. A straight netcat reverse shell or TCP reverse shell, without meterpreter, is what you need, and using the "my server" as a pivot point. My suggestions is to SSH into "my server" from your "local" machine, and run the attack from the "my server", or use proxychains or such to setup a transparent tunnel, which I'd then disable SSH on the "local" box, and just have the reverse shell sent to any port on "my server" but with "my server" sending it to port 22 to the "local" machine which would be setup to listen on port 22(if that is the only one allowed into the "local" box without port fowarding). you'd need to disable the SSHd service on "local" while having msfconsole waiting for the reverse shell. If you can take metasploit out of the equation all together, then you could go for a straight TCP reverse shell with netcat, ncat or other type TCP forwarder, depending on the payload and the victim machine. There are a number of ways to send reverse shells too, depending on the OS. If Linux based victim machines, you have many options on forwarding a shell with built in features in most cases, no netcat required.

#1 - don't link to cracked/pirated software #2 - More than likely, you just got yourself hacked from the sounds of it, if any of it is true.

Try putting them in a code section as plain text(not html) see what happens?

there was another wifi project I can't remember the name of that worked on triangulation of people, without them even needing to give off a wifi signal. It was some kind of motion detection using multiple wifi devices and measuring the changes when someone walked between them, and it could sort of "image" the proximity and size of things and where they were. It might have even been a forum post here somewhere. Something along the lines of http://www.businessinsider.com/wifi-camera-sees-through-walls-2017-5 but not so much for taking imagery from it but used for "sensing" physical objects and movement in real time, could trip an alert similar to a proximity sensor for alarms, using just wifi alone. i think the invisible fence idea is a better solution though, in the even these kids don't have phones on them when they do something, detecting and documenting it with video and photos is best if you need to file charges against people. Matching a mac address to a device is only one point of correlation, but hard evidence like video or photos would certainly make things easier.

Get yourself a wifi-cactus with the latest Kistmet, and sniff all the things...if they have cells with wifi turned on and actively probing for networks, you'll see them, but you'll need to work out the whole distance/proximity side of things to correlate how close they are and at what point it should set off an alert. People driving by 100ft away could set this off if you're just monitoring for different probes alone. Key is testing with your own phone or such, and measure the signal at different distances from your AP, or if using multiple devices or capturing like a raspberry pi in each room to the outer walls of the house perimeter, then measure feet to signal strength as you're walking further from the house. You'd kind of have to measure in all directions from the perimeter and have a way to see in real time, ok I'm at X feet and signal is XX, and so on, sort of work that out. I don't know of the links above will help(most seem like unfinished questions), but the tracking script looks like it has potential. I don't own a pineapple, so not sure if that code works. Things that might help point you in the direction you want to go or to get started, since we don't know how versed you are in any of this yet, understanding scanning and probes basics: and for the cactus, which is like the above but to the 9000+ power, D4rkm4tter's cactus talk - All of the above might be overkill, if all you want is a proximity sensor on your property, you could have one setup as an invisible fence, then have it set off an alarm that triggers when people cross that threshold and then alert you either by email or text to your phone. That to me seems like a better way. Combine it with motion detection cameras(I actually did this when we lived in an apartment) that email you snapshots when triggered and will record video when triggered, and give you physical evidence in the event someone messed with your home. IP cameras are fairly simple to setup too, just not the cheapest thing for a good camera(s) and then the right software that has the recording features you want. D-link was the one I used that had all the capabilities I needed, including night vision.

I'll have to try that. I only ever piped from one command into the next, didn't know you could use them together like that, figured it couldn't touch a file already in another handle for ownership reasons, but I guess that wasn't the case. I should have realized sort-object had a unique switch like linux sort has.

I might be missing the point, but this should not be a difficult thing to the point that you would want to do this with a C program(other than maybe for the mental floss exercise and trying to reinvent the wheel with some complex routines). Depending on how much you need to modify things, just do it from the command line with utilities already designed for this, where the heavy lifting of programming has been done for you. Tools like cat and sort, handle this kind of thing and what they were designed for. If you just need to merge and sort, then a one liner command would be easiest under Linux. On linux: cat file1 file2 file3 file4 | sort -u > list.txt On windows, put your files in same directory then run the following 2 commands (windows will need a few more steps, but still easy-peasy): :: Open a cmd prompt, then open powershell: C:\ > powershell [hit enter] :: Run each of the following commands dir C:\path\to\files\* -include *.txt -rec | gc | out-file C:\unique\path\to\results\result.txt gc C:\unique\path\to\results\result.txt | Sort-Object | Get-Unique | out-file C:\path\to\sorted\wordlist.txt On windows, you can't chain the entire command up above to pipe the first into the second; while you won't get an error, it's a sharing violation of the file in use, so the second command needs to be input by itself after the first command completes or the wordlist at the end will be empty. (see https://forums.hak5.org/topic/42274-c-best-method-to-organize-massive-word-lists/?do=findComment&comment=300340 for how to chain the above in a single command) If you need anything more complicated than this, then I'd say do the database thing as suggested above so you can tag words in different groups and sort dynamically into different list categories, but to merge a sorted, unique list, keep it simple with the command line.

Everyone already knows the password, we're just not telling @manolo12 because we're leet like that.

Kali is what you want for the Pi, not Back|Track. Also, if you want more wifi card support and tweaks, update to the Re4son kernel, which is a highly tweaked version of Kali for the Pi. See his site for all the info on Pi support: https://whitedome.com.au/re4son/re4son-kernel/

Just an FYI, powershell, has a built in feature, that works, much like wget, if not better, since it's built in and no need for third party tools. you can download files and push files with powershell. It also won't get picked up by malware scanners, as wget sometimes gets flagged. Google is your friend.

Learn more in our new book "How not to pick up Women"

OpenWRT is an alternative to most linksys devices. What is the device it goes on, the manufacturer? Either that, or go to the OpenWRT site, get official 3rd party firmware, which I'm sure at some point, the OpenWRT community will patch. Unless the git repo is one of the developers for OpenWRT(I don't know them), then I would probably avoid randomly found patches. I mean, it could be legit patched, but I'm a bit more cautious when it comes to some things. Especially when I don't see the code used in them, although you could unzip all the way down to the IPK and unzip them as well, I wouldn't know where to look specifically for changes that fix this issue. They apparently have their own GIT repo as well - http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=acfb6c2181b1589e5b2d0d121180bcc7d62d37d4