Dave-ee Jones
-
Posts
1,488 -
Joined
-
Last visited
-
Days Won
40
Posts posted by Dave-ee Jones
-
-
20 hours ago, Nimehsib said:
Well have nothing to lose at this time!
Hate to say it, but that's a very silly thing to say.
You've got plenty to lose - and then there's jail on top of it.
13 hours ago, Nimehsib said:Thanks for the advice, this is not a normal job and we're talking about a lot of money here. I just need to show them this is possible and looking for someone to help and I'll pay for the effort and time he/she needs to put into this, that's all.
If that's what you're looking for I think you've come to the wrong forums as 99% of us don't do that sort of thing.
Hope it all turns out well, though.
-
54 minutes ago, AtariJaguar said:
In defending a network, you are looking for the adversary. But how can you defend against an adversary if you don't know what an adversary does? In being an adversary first, you know the process. I mean, I could flip this, but I still think you learn "what to look for" from a defensive standpoint, having done it offensively.
Yeah, that makes sense.
55 minutes ago, AtariJaguar said:I thought I might start her off with some basic wireless stuff... understand the purpose of encryption. I think you're right about web development too... she's actually mentioned that. Do you know of any kid-friendly web development sites? Is there like a "GeoCities" for kids or something?
Yeah you could make a test environment with an old AP that isn't configured to encrypt data and show her how to see traffic and identify what kind of traffic it is. Obviously, that can get quite in-depth as you need to know different kinds of traffic and how to read (sometimes) at the bit-level.
But yeah, that's definitely an option.
In terms of web development sites, I usually use w3schools for quick Googles. They have exercises and quizzes as well which could be useful.
59 minutes ago, AtariJaguar said:Quick question... and I think I may have asked this a few years ago. Is there anywhere that I can maybe get a list of what's legal and what's not in terms of hacking/pentesting? I'd say "common sense," but it seems there's a lot of grey area. It also seems to change day by day? I'd like if there were some laws/guidelines that were laid out simply on "does and don'ts?"
Not sure about that one. But I would say whatever you hack into make sure it's not someone else's - unless they give permission, of course.
1 hour ago, AtariJaguar said:Yeah, she'll respect others property. She's the only kid her age I know that carefully opens the door to the car so she doesn't ding the car next to her when she gets out.
Good parenting ?
-
That's pretty cool. Having being brought up in a techy-fam I can appreciate it.
The answer to your question depends on what you want them to learn. For example, if they're more interested in programming (Scratch being the beginner-side) then you could teach them neat little scripts using specific programming languages. A more specific example might be a network-scanning Javascript script. Or you could teach them about how people abuse their use in certain areas (memory-leaking to crash a computer, abusing the "Notepad Loop" in batch/cmd).
Keep in mind that "hacks" are..realised?..from learning something. So if you learn enough about networks you can know what they're restricted to and what they can't do, and you can work out ways around certain things to do something that another person wouldn't think possible.
You could teach them workarounds for Windows security, like the classic sticky-keys method to get an elevated command prompt as well. Linux is probably the funnest to work with, though.
I would recommend teaching her how to make a website, though. For me it's surprisingly useful and teaches you a fair bit about multiple languages at once (CSS, HTML, JS, and if you go deeper potentially C++, PHP etc.), and the difference between server-side and client-side script.
Keep in mind that if she's not brought up to respect other people's belongings she may abuse this privilege. (I'm not questioning your parenting here, just giving a fore-warning). I know that's one of the things that restricted my learning from my own parents. What you teach them is your responsibility, and while their responsibility is not abusing that privilege it still has potential to cause damage.
She sounds like a very bright child though ? And with that much of a headstart, too!
Yes, I read the story. ?
-
1
-
-
7 hours ago, Nimehsib said:
I've shown I can do that (send from my apple to someone else) what I need to show is to show this is possible without hacking to my iphone and by hacking the other iphone. I heard they can backup the iphone then use litesql to implant a text message and then restore that to the iphone. I want to show beside hacking my phone this could have been done by simply doing what I explained above.
That's why I like to add a text message from someone from HR who's been handling my case that simply says "Hey this is Pam saying hello" for example. If I take my phone to them showing this is done they would I hope believe me.
Thanks,
I can see this being a double-edged sword, as well.
Just be careful.
-
Couldn't you do that by logging into a Mac/PC with your Apple ID and sending an iMessage to yourself?
That would show it's possible to send messages from something other than an iPhone.
Showing that you can send as anyone is a bit more difficult, as you'd basically need to re-create the hack that the hacker used.
Google?
-
Glad to hear it's not working out, honestly.
I don't want my car stolen anytime soon.
Ever.
On 8/15/2018 at 1:06 AM, e-Euler said:Have you considered the rolling secret key in the transmission of the signal? The original signal that you capture there is likely a secret key such as 123456788 and the next transmission that comes from the fob is 123456789. It is most likely not going to increment by one but if you capture a few different transmission you can see what bits change to identify the key and try to work out an algorithm for guessing the next key.
That's true, however it's been done more cleverly.
https://www.wired.com/2015/08/hackers-tiny-device-unlocks-cars-opens-garages/
TLDR; Capture the first code before the car does, and let the second code go through (requires 2 presses on the fob) - the first code is still valid and can be replayed at any time by the device that captured it.
-
1
-
-
4 hours ago, deano123 said:
What have I started ?
Only a 4-month-long thread about people complaining.
?
-
Sorry, buddy. No one here is going to help you hack into your dad's router just so you can play games or watch videos without doing your chores.
We all need to do our chores, otherwise bad things happen.
-
1
-
2
-
-
15 hours ago, Just_a_User said:
Kinda like this?
Sneaked past me, eh?
Might have to increase my knowledge-base and post more often. I've been slacking off a lot lately - with a good excuse, though.
Work getting busier and busier.
-
6 hours ago, Bigbiz said:
Prossesor speed good
Need goOd RAM
VGA card not neccessary but nice
.pick and choose kind of like a gaming rig if you take a look on twitch.tv check out some of the big named twitchers Ninja
Timthetatman Dr.Disrespect Summit1G
I say they have pretty resonable hacking rigs. If they wanted to convert.
Someone watches too much Fortnite..
Anyway, all you need is an old laptop or PC and give it the good ol' Kali boot.
If you're looking to have a PC that runs a bunch of virtual machines I would suggest buying something along these kind of specs:
Processor: Intel i5, Intel i7 with a speed around 2.5 - 3.5 GHz
RAM: Try and aim for around 1-2 GB per Linux VM and 2-4 GB per Windows VM (bear in mind the host, assuming it's Windows, needs probably 4 GB minimum)
Storage: SSD/HDD, doesn't really matter in this situation. Try and keep around 60-80 GB of storage per Windows machine. Linux machines are generally smaller, but I don't deal with them often so I couldn't give you exact numbers.
GPU: On-board motherboard graphics are generally fine unless you're hash-cracking, playing games or mining. In which case it varies heavily in what GPU you need.Keep in mind these are optimum specs. You could get by with an older laptop or an i3 machine but you wouldn't be able to manage as many VMs (if any).
-
On 8/3/2018 at 10:58 PM, moliata said:
USB ATTACK TOOLS:
-
WiFi Pineapple TETRA (100$)
-
Designed for Penetration Testing
- A great option if you want to do network hijacking, intelligent exfiltration, keystroke injection and have a dedicated shell access.
- Ethernet, Storage, HID and Serial emulation
- Multiple payloads selection through a 3-way switch
- Boots in less than 7 seconds
-
Designed for Penetration Testing
Note: features about the every gadget is written personally by me, everyone may have different opinions.
I have a different opinion about the TETRA being a USB attack tool, haha.
I think you meant to talk about the Bash Bunny there?
I'll finish it for you (copy+paste what you said but rename the title, ha):
-
Bash Bunny (100$)
-
Designed for Penetration Testing
- A great option if you want to do network hijacking, intelligent exfiltration, keystroke injection and have a dedicated shell access.
- Ethernet, Storage, HID and Serial emulation
- Multiple payloads selection through a 3-way switch
- Boots in less than 7 seconds
-
Designed for Penetration Testing
-
WiFi Pineapple TETRA (100$)
-
13 hours ago, Bigbiz said:
You bring up a good point, plus they wont even really worry about the MAC addresses really. Who would take the time to record this. Maybe in the future.
I know I do at home, haha.
I go, "what in the world are these 5 unknown devices..." and then glance at my brand new Switch..
"Well, that's 1.."
-
On 8/3/2018 at 6:10 PM, haze1434 said:
..however when they actually connect to an access point, their real MAC address shows. I can confirm this via personal testing.
That's just Apple being Apple.
And it depends on the MAC changer. I've had a few that don't affect much at all, and then I've had a really good one (the one that is used by Nethunter for Android) that does work properly, causing even the smartest routers to believe you're a completely different device.
Of course, I don't recommend doing this for small networks as one day the admin's going to log onto the router and go "hmm, 21 unknown devices.." and get really paranoid and lock the network down even more.
-
Yes, many business grade routers have web dashboards that show data usage per device, some even showing what they were browsing.
Some examples (for SMB) are Ubiquiti, Aerohive and Fortinet (Fortigate). Taking Fortinet as an example, it can view data usage, what websites were being browsed, can control whether users can upload a Facebook post, view Facebook posts, use Facebook Chat etc. so it's pretty full on stuff but I wouldn't recommend it unless you have highly-qualified internal IT or an external IT service (preferably local). It's highly in-depth.
A "simpler" solution would be to put the company WiFi on a separate VLAN so anything connected to it cannot connect to internal services like file shares (where your data is more than likely kept). This limits it to just internet access, which is useful for everything - including emails.
Data leaks are a common problem but if your a small business (~5-30 people) then it would be easier to control them in a social sense rather than a limiting-their-access sense. What I'm saying is, if you hire them as a small business of 15 people or so you have to be able to trust them with access to your data. They're part of your business now, and if you, along with them, are planning to make money for the business they more than likely need access to business data. That's just how it is.
Hope what I've said helps!
-
On 8/1/2018 at 5:37 PM, haze1434 said:
Generally they are only spoofed on most devices when they are not connected to an AP. As soon as they connect, they show their true MAC.
I hate to say it but I don't think this is correct..
The AP can only see what your phone is programmed to send with it's connection broadcast.
I've spoofed my own MAC many times, usually with a randomiser for each WiFi. There would be no point randomising your MAC for every WiFi network you connect to if it only broadcasts the true MAC.
-
Multiple possibilities.
1. The card you're writing to might not support the same frequency for the gate
2. The cloner didn't clone everything broadcasted - only specific data that it could handle
3. Perhaps the clone tag is broadcasting something extra as well
Did you try formatting the second card first?
Newer systems have protective systems against cloning as well. If they didn't you can imagine how easy it would be to carry around 10 clones of 10 different people's credit cards.
-
Sorry, no one will help guide you into the right direction of hacking/piggybacking someone else's WiFi/connection. It's illegal and we don't support that.
You'll have to go somewhere else to find that information.
-
1 hour ago, _0NiTy said:
Yeah, it's if you're using it on Windows for WiFi >.> (it really is).
Eh, I have some problems with mine now and again. It's not overly stable for long-term purposes but short-term it's a good solution. I've probably been using mine for my home Windows PC for about 3-4 months or so it and for the most part it's okay, just inconsistent. Long term just get a PCIe adapter.
-
Hoi!
I'm looking for a secure alternative to phpMyAdmin. Anyone know of any? I've done a bit of a Google but it seems alternatives like Adminer (which apparently has a "beautiful" UI) and SQLBuddy (which doesn't even have an SSL certificate on their website) are a bit outdated..But I can't find much else? There's phpMiniAdmin, but I'm not sure if they made it any more secure or not.
Thanks!
-
On 7/12/2018 at 12:24 AM, Joe2525 said:
Alfa AWUS036ACH
I have that with large 9dB antennas. Not sure of the range in metres, though. Drivers are very hard to work with in Linux, Windows works fine though.
-
On 7/11/2018 at 10:31 PM, barry99705 said:
Pretty sure those exploits stopped working four or five years ago.
Well, the exploits you're thinking of, anyway.
On 7/2/2018 at 8:16 AM, ae3erdion said:I would like to know your ideas on what to do to a router to gain access and persistence on the network even when you leave the network. I was thinking in redirect the access of one site to a fake site that I control to infect every machine that connect to that network.
Tell the router to accept VPN connections based on their IP or whatever? That's provided the router can do VPN.
-
I like your first programming language choice! I've recently been playing with it (even made a NAS-like web server with full role-based access) and it's awesome.
Why are you getting a lot of login attempts? If it's all pre-programmed with CURL it should work everytime consistently. My guess is Netflix has a timeout and CURL's trying to login but Netflix says "Login to what? You've timed out you can't type anything in here!" while it waits 5 minutes to reset the form.
Think of it this way - when you login to a website, after 5-6 attempts of failed logins what happens? Either there's a CAPTCHA or it says "You've had too many attempts. Please try again later." in which case it locks down the form so you can't submit it for a while. If it's a CAPTCHA your CURL program won't see that and therefore it won't submit the form properly.
So both cases are a problem for your CURL program.
-
17 hours ago, Bigbiz said:
They would probly have to hack in hard wired, or on a differnet network called wMAN.(WIRELESS METROPLITAN AREA NETWORK) me think cctv would be on the same type of network too.
*Ahem*.
Just another word for WAN.
-
Sending screenshots (or other files) across Bluetooth wouldn't be a huge problem - you might have to send it a few kBs at a time (Windows/Android/iOS more than likely does that).
Implanting SMS messages
in Questions
Posted
Context.
You just lost your job because "someone implanted messages on your phone". You're now trying to replicate the exact same thing.
The jail thing aside - even if you do replicate it it only proves it can be done - not that it was done.
For all we know those messages were actually yours, your work colleagues found them and you were fired, and now you're trying to find a way back into your job because..
..and you like money.
For all we know.