Dave-ee Jones

There's loads of forum posts around answering questions like this, just have a search. Here's some stuff I found:

Potentially, but the box receiving the data might only be listening to traffic coming from specific boxes (via their IP or MAC), or there's some other kind of security handshake. Hypothetically, if there was no security and it was open to anyone injecting traffic into it, you could probably copy the packet and replay it, but you would need to capture the whole packet first. I can't really help you from here as I've never done it, I just know it's possible. :P

Kali is a good base for everyone - beginners and experts - so stick with that. You can build your own Kali iso that provides you with customised tools so you don't have to use so much space on a USB or whatever, because realistically no one is going to use every single module Kali comes with as a full iso. You could also add persistence so anything you do inside Kali is saved, rather than reset every time you reboot or change PC (assuming you're using a USB).

Nice. Yes, you can. The most common usage is with WiFi adapters. Some WiFi adapters support a mode called "monitor-mode" which allows them to monitor extra traffic passing by over WiFi, and also allows it to inject packets into a network. However, you don't need a WiFi adapter. I think there are a few Android apps that allow you to send packets over a network (dummy packets), so what you could do to have a play around is use something like those apps and then have another machine on the network use Wireshark to see the packets - giving you an idea of how it all works.

I don't know exactly, but I wouldn't say so. Try ones that are globally supported by OpenWRT and Linux. Here's a few: TP-Link N150 Ralink RT5370 (RT5370 is a chipset - common for Linux boxes - most with that chipset will work I believe) TP-Link TL-WN722N or TL-WN821N (make sure you get a V1, V2 doesn't support monitor-mode) There are lots of forum topics around asking similar questions - probably worth searching for them using the search bar. :)

Okay, Windows 10 likes UEFI more than Legacy so try booting the USB in UEFI mode. If that doesn't work it could be that the USB has not been correctly set up to be bootable. Is it one that Microsoft (or a reseller) sold you (or someone else)? If it's one you've made yourself maybe try retrying the build process (e.g. use Rufus to write a Windows 10 iso to the USB), it could be you forgot something or missed a step. Also, keep in mind that Windows 10 requires at least 16 GB of storage space, and your laptop only has 16 GB of storage space which means once Windows 10 has been installed there's no breathing room for programs, files or whatever else you want to store on the drive. It may not even let you install to the disk once you select it, as well, but I'm not sure. Hope this helps!

What Windows version are you trying to boot (7, 8, 10)? What are your boot settings in the BIOS (legacy or UEFI or auto)?

Your best bet would be Google-ing your answer, because we can't help you.

I was aware of where the links went - just not sure of his intents considering they were whited out, all put on one line and, if I remember them correctly, had nothing to do with what even he was saying, which again had nothing to do with what the OP was saying. It was just strange in general. :P

There's multiple links there, buddy.. What are you trying to do..?

He might not be able to send it back - buying it from an online auction. They might pull the "well we don't know what the guy before you did with it - you bought it, you should check it" card. Which, in my opinion, is perfectly valid - unless the auction is some official one where things are bought as new, not "as is". Unless, of course, it is still under warranty. Would the IP camera's MAC address be in the range 4C:B0:08:xx:xx:xx? The name "Shenzhen Gwelltimes Technology Co., Ltd" would have probably been retrieved from that. Chinese MAC matching a Chinese camera.

Yes.

That sounds all well and good, and quite ideal, but what kind of tasks would they be doing? I'm just thinking in terms of a practical situation. It'd be nice to play around with but what tasks would you push out? How would they share all the information into one "database"?

What intentions are you intending the botnet's intentions to be?

I use FX File Explorer (paid version supports FTP/SMB). ES File Explorer should work fine as well but I believe you also need the paid version to use FTP services as well.

$500?! Sounds like a rip off from your description of the laptop..

Does the Tetra/Nano use .11ac? If not he might have meant that, I don't know. Anyway, it makes sense to replace both devices as they are quite old and there are a lot of problems with them (from what I've seen on the forums - I don't actually own either of them), it would also kick the WiFi Pineapple section of the forums into action again, as they've been quite quiet lately - especially if you added a modular feature for people to create their own modules with. Better hardware would be nice, hopefully supporting .11ac and maybe even .11ax? 5GHz and 2.4GHz would be ideal. With all this in mind it would be better to take your time and get it done well, rather than rush out an .11ac Pineapple that will be outdated in a year or 2. :)

I know, but I'm saying that it wouldn't hurt others if someone managed to plant JS into your website when it's disabled on your own website. It doesn't matter - I was just making a random comment from another POV.

Is 217.23.5.33 the actual IP? If so, it probably means the hacker bought a server off of Worldstream (owner of IP) and is using it to hack your network.

It's funny how laptops die at the most improbable of moments, and then when we try so hard to kill them they won't die... :( That said, I don't think it's wise to encourage a child to trick his parents into buying a new laptop for him. Not the wisest thing to do.. Wait till your PC does Windows updates and take out the battery while it says "DO NOT TURN OFF PC". You'll probably get a blue screen after that. At best, bad blocks which means dead drive. If you're lucky enough maybe your laptop will update to the latest Windows update and it'll break Windows' boot partition. I know a bunch of laptops have done that with the recent Windows updates.

Yeah, I've also found updating the kernel and stuff is a huge pain with Nethunter, so I just gave up with that, installed a fresh copy and stuck with it (meaning I can't use other cool features like installing drivers for the AWUS036ACH..). Oh well, still has other cool features (favourite is probably the USB Keyboard app).

If you have a lightweight site that doesn't use JS then it wouldn't hurt to disable JS on your site. Stop people injecting JS into your website (CPU miners etc.).

Hoi there, Ishmael! I don't know if there's an ideal age to start learning pentesting, it's just one of those things you can start learning on the side of anything else, really. A genuine curiosity for pentesting is a better learning experience than having pentesting as your daily job. I don't know about everyone else here, but I've had pentesting on the side of my occupation, just as an extra learning experience that adds to my current job. It's vastly helped my knowledge of my own job, while also adding to my curiosity of pentesting, so it's been a good experience so far. However, not everyone can say that, it depends on your occupation. I completely understand where your coming from. For me (adding on to what I said earlier) pentesting is more of a hobby, so I don't mind spending a few dollars here and there, but I wouldn't go ham and buy every Hak5 product there is (I currently have the Packet Squirrel and Bash Bunny), and since it adds to my learning experience for my occupation it makes it a bit easier to spend money on helping my growth a bit. Before I touched these forums I hardly knew anything about Linux. I knew that the Linux mascot was a funky penguin, and that was it. Oh, and Mac was an extension of Linux. But now, I can (almost) comfortably use Kali Linux and get around fine, although Google helps a fair bit with this. But yeah, as @Rkiver said it never hurts to research things, especially for pentesting as it is a broad subject that covers anything related to IT, really. You gotta remember that pentesting is short for penetration testing which means finding exploits in code and hardware - but to do that you have to know what the code and hardware is, otherwise how are you going to know where the weaknesses lie? But yeah, check out the forum post mentioned by @@Rkiver and have a read of that because that's the post we point everyone to that are looking to start learning pentesting. I'll be honest though, I never read it. It probably has points in there that I've had in my own learning experience, though, and it probably has points I haven't come across yet - it's all a big learning experience. Pentesting gets bigger and bigger the more technology changes and gets bigger, so it's just forever learning, forever figuring out what the new tech does different to the old tech. Anyway, good luck and happy learning!

You could eliminate that possibility by simply searching 'windows xp' :P

Yes, it does. Think about how it has to download the file string from the server and execute it as a string and not a file.