Jump to content

NoExecute

Active Members
  • Content Count

    35
  • Joined

  • Last visited

  • Days Won

    1

About NoExecute

  • Rank
    Hak5 Fan +

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Okish, let's try this. If you run a whois against 85.17.135.243, you should get this inetnum: 85.17.135.192 - 85.17.135.255 netname: LEASEWEB descr: LeaseWeb Netherlands B.V. Note inetnum so Leaseweb own's all IP's in the range 85.17.135.192 - 85.17.135.255 SO, they can, and did assign an IP of 85.17.135.243 to webservice.be. (That's a webservice. SO, they can use namebased Apache virtual hosting, to host multiple sites on that single IP) since you find 110,995 ports open, it's maybe a primary mail server used for namebased virtual hosting, and 143 problably is a webserver witl SSL Nothing wrong with that. Namebased virtual hosting on Apache is pretty standard for hosting multiple websites on separate domains on a single IP. That way you don't pay for IP's you don't use, and the end result is nearly the same. I think the same goes for the other server you found. Namecheap owns the range 199.192.16.0 - 199.192.31.255 But, keep at it. You'll solve the mystery somehow 😉 Much Happy Hunting 🙂 /Kent
  2. There would be a mail server running on the primary server. Confirm that with a portscan against the primary server. Like in your listings, there "could" be a mailserver on altgroupltd.com. In the case of mdmconsultancy, it's called mail, and a separate domain name called mail, so the FQDN is, have the mail.domain.com. Remember domains are read from right to left, with the country as place / value one (toplevel), place two (primary domain), and three (subdomain/ hostname), and four --> x being subdomains / hostname. And for which company provides the services ?, who owns the IP address / ip range ?, what hostname do you find when taking a closer look ?
  3. Stop stealing other peoples work :) You can see if you can figure out what base-theme they used, and base your own design on that. The same for plugins, and the like, but plain downloading everything, throw it on a new server doesn't make it your content, and yes, it is theft, and copyright infringement. You can buy base-themes and use for a starting point in your own design, some allow that. So, going that route would be the right route, everything else is plain wrong. Be creative on your own :) And yes, it can take a lot of time designing a website, that's half the fun :) If it's for a phishing campaign, stop doing something illegal :) You cant just download a WP site, you'll need the files, AND the DBase, to have a complete backup / copy. If you don't have creds, and can't get them, you're on the wrong path :) /Kent
  4. https://192-168-1-1ip.mobi/default-router-passwords-list/ Something like this ?
  5. In /etc/NetworkManager/NetworkManager.conf [main] plugins=keyfile [keyfile] unmanaged-devices=mac:YOUR:MAC:HERE #To do it by name of the interface [keyfile] umanaged-devices=interface-name:ethx If your machine is using new names for interfaces (eg NOT ethx), you can get it back like so : Edit /etc/default/grub GRUB_CMDLINE_LINUX="" Change to GRUB_CMDLINE_LINUX"net.ifnames=0 biosdevname=0 " Run "update-grub" and reboot, your interface names should be wlanx, ethx format. Remember Kali is based on Debian, so a lot of the tutorials for Debian, works on Kali. A couple of good books to read through. https://www.kali.org/download-kali-linux-revealed-book/ https://debian-handbook.info/get/now/ For more advanced work, as in customizing Kali, I would recommend reading through the Debian Dev docs 🙂 Have fun 🙂 /Kent
  6. I can understand that concern, thats a tough place to be 😞 The problem with the Ducky is that's it's basically just a keyboard that you can program, it's not "A Silver Bullet". If he hasn't gotten s standard user password, how can he use the system ? As long as you keep the admin / root password, there's no harm in that. What i mean with VPN, is that you get the machine to connect back to you, then you SSH into the machine, read the log files / control the firewall, job done. If it can only go online through VPN, and you control the VPN, then you control what he can access.. Not the best solution, but a solution none the less. Have a look at Bash / Python programming. Making a script that collects the log files, zips them, and then upload them to a server / emails them is a rather simple task. Run it as a protected user, then he'll have a hard time shutting it off. And the point isn't if he can. Let him know it's running. And let's face it. If you' re worried he'll find ways to self injure online, well, most don't need to find ways to do that, any ol' sharp object will do, trust me, i know. Some times, it can also be a comfort to talk to someone else online who's been there, not to get ideas, but to get support. Maybe he want's to talk to you, but don't want to upset you. Again, trust, love and support is the way to go, not mistrust and spying.. But, I do hear what you're saying, and I'm sorry you have to deal with this, and my heart goes out to your kid too :(, I hope you'll find a way, together 🙂 Much love /Kent
  7. Hmm.. Maybe a little faith and trust can go a long way ? How old is he ?. Since you're saying teenager, i guess between 13-19 ? If my parents installed spyware on my machine, when I were that age, I would have had a fit ! Maybe it's simply just an idea to talk to him about what's okay, and what's not okay, and let him know he can talk to you if he needs it. No matter how clever solution you come up with, there's a chance he'll find it, and turn it off.. If you have the admin password / root, something like a vpn that connects home, and let you remote admin it, og, a script that finds out when the machine is online, and collects the logfiles, and emails them to you, is simple to do, you don't need a Ducky for that. That does require creds, I know. If you haven't gotten that, or can get them from his mother, then what happens on that machine, is not your bussiness. Just my 2c /Kent
  8. Thanks, but that's not really what i'm looking for 🙂 Right now, i'm working on psychological strategies of phishers and the effects they got on the reciever, and that requires samples 🙂 /Kent
  9. Yep, you read that right 🙂 I'm asking for the community's help. Right now i'm looking for phishing email samples regarding to covid-19 scams. I've captured a few, but not anything real solid to build an article case on, so if anyone having any, could you please forward them to me ? Any phishing links, i'm interested in too 🙂 Yes, i do know, and accept I'm opening up a can of worms here, so any thoughts or suggestions and ideas are more than welcome 🙂 Email, kent@labet.dk /Kent
  10. Okish, trying to get this. You say, you're note able to deauth the clients due to Protected Management Frames, because its turned on in the Access Point, right ? But, then you also say, you got the handshake ? If you do, then the attack succeeded, and you don't need anything more. But if you know that the password is 8-10+ mixed alpha, forget it. It wont crack under any normal conditions, the chance of that, is next to nothing. But, if it's your AP, start with WEP, then WPA, WPA2, WPA2-Client attacks, and then on to some of the other tools. A valid strategy, is an AP clone, with the same name, and see if you can trick the client into sending the handshake. Or, as someone else have allready said, WPS. Read, and try harder :)
  11. NoExecute

    Is HAK5 dead?

    TY 🙂 Sorry, for any misspelling, im Danish 🙂 I'm thinking right now. IF someone would pick up the torch, and make new video content. It would maybe have to be hosted on private servers. Thats why it aint gonna happen. First of all, it's not easy to find a hosting provider that allow it due to bandwith usage There's the first problem.. Second, video / audio takes a shitload of space. I'm working as a sound engineer for a local church. Recording 32 Audio tracks, with a service that lasts two hours, takes up 50 GB space on my laptop. It's nothing compared to video. So, if someone would try to carry on, hosted on private servers, it would cost and arm and a leg to do it. As I see it, it would be the only way, but maybe some of the H5 crew could pitch in, and give their thoughts. But, as I see it, hosting on "ordinary open sites, is simply not an option any more" The problem is that, people are scared of "hackers", be it bad or good. They dont see there's a difference between white, grey or black. Society think it's the same. Luckily for me, i've found a boss thats not like that. I can work from the office, at home, and work on what I want, so it's a small dream come true 🙂 He allows me to "hack", and do strange experiments, with permission of course, so I find myself to be a very lucky man. I just hope, everyone is just as fortunate 🙂 /Kent
  12. NoExecute

    Is HAK5 dead?

    I have to say, i also have noticed the decline in new content, and feel a little sad, i really miss the show. But, on that note, i actually worry more about the crew, if they are okay, doing good and hopefully are busy with day to day life and work 🙂 But, producing digital content / media content IS a lot of work. A good crew, can produce 45 minuttes of content in 7 working days. Lets remember that Darren, Snubs and the rest, did all this, because their hearts burned for it, they believed in it. So, i think it's fair they take some time off, they deserve it more than anyone. Maybe, it could be time for someone else to carry the torch, make new content, and ask H5 to just distribute it, if they want. Anyone willing to step up to the plate ? But, lets face it. Researching "hacking", and being public about it, are hard times. I ran my own little research shop, and my own small infrastructure, focusing on Kali, lockpicking, alarmsystems and CCTV. I just shut down shop, because it was giving me problems, so as a "hacker", these are not good times. I believe its important to share knowledge, to do what we can to inform the public, but right now, i'm thinking "why bother". All my best, to the entire Hak5 crew, past and present, and thanks for being there, for everythng you did, and still do. It's very much appreciated 🙂
  13. The Old fashion way could work. Use a clapper board. Make the music, Play it back through speaker, record it as cue sound on the cam, and in post production, sync the Sound, and edit the video, including sound. The same can work for sound when you record separate sound with a audio recorder, and shoot with digital cameras.
  14. Ouch, a pretty tough question. Here's my 2C on that. I can see why H5 wont go for it, for one. It isn't the makers problem if the users / customers have a hard time getting it to work. They provide a hardware platform with a modified OS nothing else. They do provide docs, and try do do support as promised, which is cool. But again. When it comes to getting exploits / scripts to work, thats on "us". It can be a veery bad thing for the buttom line in your books to offer a "Buy back" solution. When do you decide when to buy back ?, from who do you decide to buy back, in what condition ? I have a few things from H5, usually the things I cant get somewhere else, or what suits my projects. I agree they are expensive, but then again, custom gear always is. What matters for me is, I can get a skeleton hardware platform, and a starter OS made for pentesting. If I had to do it myself, starting from scratch, I would be so much more expensive in time and much more frustrating. This is what I pay for, when I buy custom. In that way, H5 haven't failed me one bit. If i have the patience and skills to make it work, it does. As I see it, that's what matters :) Okay, that's my 2C. Beatings welcome (as long as they're verbal ) :D /Kent
  15. Can you Hack a PC over the internet without a user clicking on a link or running a virus? Depends. If there are open ports, running vulnerable services, or through a web driveby targeted at the browser, maybe. But you will have to get code execution one way or the other, if you cant get a virus / payload onto the system, or exploit open port, no. Get on to a domain without knowing the credentials If you can get a foothold on a domain joined system, you dont have to have credentials. They help, and are good to have, but with a good enough exploit collection, credentials doesn't matter. Get Hacked if you are not even connected to the internet without physical access No. If there no connection network, no internet, no radio based keyboard / mouse, and the system have restricted physical access, you're pretty safe. But, that's still a system thats pretty hard to safeguard, and not very userfriendly 😉 just some random thoughts 😉
×
×
  • Create New...