Jump to content

icarus255

Active Members
  • Posts

    75
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by icarus255

  1. Dude, why don't you live boot wifislax from CD or USB? That would surely be the simplest option.
  2. It depends dude. Not all email accounts have 2 factor auth. Try registering some valid email accounts yourself on google, hotmail, etc and try logging under different circumstances i.e. VPNs from different countries, different browsers, etc to see what triggers the additional authentication. They might even profile each user to see their patterns of use and any anomalies to those patterns might trigger the additional auth. If the loggins you got are from a list that has been distributed or sold to others who have also tried to log in to those accounts then forget about it. Those accounts would be on a watch list and you'll have a next to nothing chance of getting in. I have a friend that works in IT who said they use 20 different criteria to fingerprint individuals logging into their site. Aside from browser and OS they use things like screen resolution, local PC time, language, etc. Also, I have heard of people porting phone numbers to receive the 2FA messages but I neither condone nor recommend that.
  3. Bro, we all have money problems. Recently I started filling my car with 95 instead of 98 and I stopped going to my favourite coffee store (where the cute girl casually flirts with me every morning). I now have to resort to drinking that instant shit in the office with all the other miserable staff that work there which only serves as a reminder of how much I hate my life. Still, I wouldn't walk into BMW and in front of all the staff and customers demand to know why BMWs are so expensive when I can buy a Toyota for a quarter of the price. If Hak5 let customers decide how much they want to pay for their products then they would probably end up like that restaurant in the city that tried to do the same thing. I never actually got a chance to try any of their food because it doesn't exist anymore but you get the point 😉
  4. Just wanted to see what everyone does for CTFs these days. I like the "live" feel of the various boot2root CTFs on vulnhub and I guess there's plenty of variety albeit of various quality. I think root-me.org has a nice selection of small challenges in each of the major IT areas and I can do them at work (or without loading up VMs etc). The difficulty level exponentially increases after the first 4 or 5 challenges though so anything above 6th challenge is usually top 1% grade. It would be nice to hear some alternatives or some VMs people have found interesting/exciting.
  5. How much you need bro? I know you said you're broke and all but you sound like you're good for it. How much you need? 😉 Also tell me how much interest you want to pay because I'm kind of fresh at this whole loan shark thing too...
  6. I remember there were some codes that worked in a game that I used to play. Anyway the codes should still work because the silly developers just reuse the same codes through all the games. Let me know if these work 😉 IDKFA IDDQD
  7. OK I might just have to look into this again. I'll order some readers/writers and let you know how I go 😉
  8. It depends what software, hardware is being using in the security system/network. I looked into my own Arlo security/video system a while back and sure enough being a wifi system, it suffered from the same vulnerabilities that all wifi devices do but that's where the similarities end i.e. you can bruteforce the wpa2 password being used by the security system but joining the network doesn't mean you could see all the videos/images being transmitted by the cameras because the video traffic was encrypted by Arlo. Not all systems use encryption like this so like WPA2 said, get onto the network first and then fire up wireshark to see what is being transmitted. The other vulnerability that wifi systems are prone to is jamming so try to see if deauthing the cameras through aircrack will do anything.
  9. I looked into this a while back as well but never got motivated enough to do it or to order a card cloner. I am talking about access cards that is. Even if I was motivated enough, it's not as simple as just scanning a card and then having its digital fingerprint to use whenever you want. The cards are encrypted and I can't remember how the actual authentication works but the fact that you can't clone modern MIFARE cards suggests that the encryption is not some simple one way hash. Sure there were some MIFARE encryption vulnerabilities discovered a few years back but not sure how easy it was to exploit them. I thought this was an interesting article. The guy has no sources to back himself up or even quotes any facts but some of what he says makes sense. https://www.csoonline.com/article/3199009/why-you-dont-need-an-rfid-blocking-wallet.html Anyway let us know how you go because I'd be interested to see if there some real-world application.
  10. 0day? Dude that article was written in May 2017 after the vuln was patched in April... And what did you upload to virus total? A rar file? Where's the doc file?
  11. I would host a blog about breeding cats but I'm terrible at writing and I know nothing about cats. My other idea would be to host a darkweb marketplace like alphabay sort of thing. Shouldn't be too difficult and good for the coin 😉
  12. icarus255

    C

    Unless you bought a Ferrari on your iphone, chances are no one will even bother investigating it but don't take that as gospel.
  13. Ah please, I scan from my home all day, every day. If he can hack my computer from a scan, I'll give him 10 points. I'll even leave the pc running a little while longer. It's no different to him just picking a random IP address and giving it a go.
  14. And port 21 is open as well. You can connect to a lot of these ports but the server won't accept input so I'm not really sure if it's configured like that or if this all just some bs...
  15. And: 5222/tcp open xmpp-client? But I am not sure what you are going to be doing with these open ports. Just because they are open doesn't mean they vulnerable but anyway keep us posted with this journey. I hope you get your income back, bro 😉
  16. icarus255

    Blunder Bug

    I don't know why but this made me lol pretty hard. Blunder Bug does have a certain ring to it... 😂
  17. Ah you're using Windows nmap. I've never used it so I can't comment but look it looks like you're using it incorrectly. It shouldn't be trying to resolve "nmap" or "192.99.0.33". It should just be trying to resolve "192.99.0.33" Anyway you can do a port scan online: https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Just use the "light" scan because it's free and paste the ip address into the text box. That gave me similar results to doing a full scan with my nmap anyway. I would post the results here but I'm sure that would be against some sort of policy. What's so important about this server anyway? There's not even a webpage on there. Is this some CTF or personal challenge?
  18. You can literally copy and paste this into terminal and you will get what you're after: sudo nmap -Pn -v -p 1-65535 -sV -sS -T4 192.99.0.33
  19. If you go into your browser's developer options (F12 on firefox) and hit the network tab then you will see what IP addresses the different pages and components are being requested from. You can also append -sV to your nmap scans get some info on the open ports/services.i.e. nmap -p 1-65535 -sV -sS -T4 website.com If you want to be anonymous you should be port scanning through tor and proxy chains: https://www.shellhacks.com/anonymous-port-scanning-nmap-tor-proxychains/
  20. Wrote this little password brute forcing script in Powershell while trying to decrypt a bitlocked HDD. There are some brute forcers already available that will actually test the extracted crypto values from the HDD but they are slow and cumbersome. I wanted to see if brute forcing straight through windows would be any quicker and as expected... no 😞 The code basically takes input from a text file, converts it to a "SecureString" (needed or PS has a panic attack) and then tries to decrypt the HDD. At 0.5 guesses/second, I wouldn't worry about any large word lists but it works 🙂 This was just for a bit of fun but if you know of a way to speed up the script or make it more efficient please let me know as I wrote this really to get more familiar with PS. Better yet, if you know of a way to backdoor the bitlocker encryption that would be much appreciated 😉
  21. Sometimes it's easier to register an account on a hacking forum and post your request to a group of strangers with the hope that one of them has access to cellular network equipment. I would have done the same 😉
  22. I looked into this a couple of years back and I came across some articles that talked about what all the car thieves in europe were doing. Basically if you want to boost anything decent then you will need a couple of radios for an amplification attack. One radio will amplify the signal from the key fob to the other radio that's amplifying all the signals from the car. The signals need to be transmitted in sequence to complete the handshake so there are a few technical steps in between but that's the essence of the attack. I couldn't find anything detailed or even discussions on how to set up the radio equipment so I never pursued it but might be worth a look to see if anything leaked since then. Let me know if you have some success because I was thinking about replacing my car some time soon. Cheers 😉
  23. Have you tried looking through the capture file in wireshark? If there are many mac addresses on the network then you won't have to wait very long for one of the clients to reconnect. When that happens you will capture the SSID in the packets from the client because it will have to broadcast it when it attempts to join the network.
×
×
  • Create New...