Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About icarus255

  • Rank
    Hak5 Fan ++

Recent Profile Visitors

667 profile views
  1. Dude, why don't you live boot wifislax from CD or USB? That would surely be the simplest option.
  2. It depends dude. Not all email accounts have 2 factor auth. Try registering some valid email accounts yourself on google, hotmail, etc and try logging under different circumstances i.e. VPNs from different countries, different browsers, etc to see what triggers the additional authentication. They might even profile each user to see their patterns of use and any anomalies to those patterns might trigger the additional auth. If the loggins you got are from a list that has been distributed or sold to others who have also tried to log in to those accounts then forget about it. Those accounts
  3. Bro, we all have money problems. Recently I started filling my car with 95 instead of 98 and I stopped going to my favourite coffee store (where the cute girl casually flirts with me every morning). I now have to resort to drinking that instant shit in the office with all the other miserable staff that work there which only serves as a reminder of how much I hate my life. Still, I wouldn't walk into BMW and in front of all the staff and customers demand to know why BMWs are so expensive when I can buy a Toyota for a quarter of the price. If Hak5 let customers decide how much they want to
  4. I don't really know much about encoding audio and audio formats but it sounds pretty interesting so I'll check it out this weekend. There are some practical limitations though. At 0.15KB/s you aren't going to be ex-filtrating much but it's a sneaky way to exfil once you encode the data. What will this overcome? If you can execute the loader then you can execute the main bin or did I miss something? Yea you can call it the SneakyKitten 😉 Nah I'm jk. I was only asking what the sneaky kitten bins were because there was no description on github. Anyway SqueakyKitten has a better ri
  5. Just wanted to see what everyone does for CTFs these days. I like the "live" feel of the various boot2root CTFs on vulnhub and I guess there's plenty of variety albeit of various quality. I think root-me.org has a nice selection of small challenges in each of the major IT areas and I can do them at work (or without loading up VMs etc). The difficulty level exponentially increases after the first 4 or 5 challenges though so anything above 6th challenge is usually top 1% grade. It would be nice to hear some alternatives or some VMs people have found interesting/exciting.
  6. Pretty sweet idea dude. I like it but do you have some instructions or a readme file for noobs like myself to follow? What are those squeaky kitten binaries? I would rather compile from source if you get what I'm saying 😉
  7. How much you need bro? I know you said you're broke and all but you sound like you're good for it. How much you need? 😉 Also tell me how much interest you want to pay because I'm kind of fresh at this whole loan shark thing too...
  8. I remember there were some codes that worked in a game that I used to play. Anyway the codes should still work because the silly developers just reuse the same codes through all the games. Let me know if these work 😉 IDKFA IDDQD
  9. OK I might just have to look into this again. I'll order some readers/writers and let you know how I go 😉
  10. This is not just an old people thing. A lot of ISPs (at least here in Australia anyway) use phone numbers as default wifi passes for the 3G and 4G modems (and many others). And yes I agree, this is a great way to start your brute forcing. You don't need to pipe this through crunch though. You can use hashcat's mask generator 😉 hash64.bin -a 3 -m 2500 TelstraA84A9F.hccapx 253?d?d?d?d?d?d?d (this will generate 7 random numbers following "253" which presumably you know). A lot of the netgear modem/routers use a combination of adjective+noun+XXX (where xxx is 3 random digits) e.g
  11. It depends what software, hardware is being using in the security system/network. I looked into my own Arlo security/video system a while back and sure enough being a wifi system, it suffered from the same vulnerabilities that all wifi devices do but that's where the similarities end i.e. you can bruteforce the wpa2 password being used by the security system but joining the network doesn't mean you could see all the videos/images being transmitted by the cameras because the video traffic was encrypted by Arlo. Not all systems use encryption like this so like WPA2 said, get onto the n
  12. I looked into this a while back as well but never got motivated enough to do it or to order a card cloner. I am talking about access cards that is. Even if I was motivated enough, it's not as simple as just scanning a card and then having its digital fingerprint to use whenever you want. The cards are encrypted and I can't remember how the actual authentication works but the fact that you can't clone modern MIFARE cards suggests that the encryption is not some simple one way hash. Sure there were some MIFARE encryption vulnerabilities discovered a few years back but not sure how easy
  13. 0day? Dude that article was written in May 2017 after the vuln was patched in April... And what did you upload to virus total? A rar file? Where's the doc file?
  14. I would host a blog about breeding cats but I'm terrible at writing and I know nothing about cats. My other idea would be to host a darkweb marketplace like alphabay sort of thing. Shouldn't be too difficult and good for the coin 😉
  • Create New...