Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - 650m

Pages: [1]
1
Hacking and Security / Re: SMTP Brute Force / Dictionary Attack
« on: January 13, 2015, 08:23:52 am »
Quote from: madf0x on January 13, 2015, 07:02:23 am
And if it isn't thats still a nifty idea. Not sure when the next time comes around that I'd have to restrict bruteforce attempts, but its a neat idea to try.

As for OP, one of the better way to do bruteforcing against some anti-bruteforce measures is to use a smaller wordlist, like 3 password attempts small, and then use a LARGE potential users list. Many anti-bruteforce measures these days don't limit against user attempts. Granted this is only useful if you need to target a bunch of low hanging fruit for secondary purposes or if you are targeting a large organization. Oh and be sure to check for some sort of password policy. Wasting an attempt on Password123 won't help if they need a symbol, then youd use P@ssword123 ;P
Well, if you targeting  one particular account, a 3 password list won't help at all :D

I think for a successful brute force attack it needs an exploit which allows a large attempts of password tries.

Another question: what do you guys thing about brute forcing via VPN ?

2
Hacking and Security / Re: SMTP Brute Force / Dictionary Attack
« on: January 12, 2015, 11:58:24 pm »
So you want to say, that these false positives are forced by Google?

3
Hacking and Security / SMTP Brute Force / Dictionary Attack
« on: January 12, 2015, 06:09:31 pm »
Hi,

I have some issues with smtp brute forcing:

I tried to brute force my own gmail account with hydra (Im using Kali Linux)

I have a little wordlist where I included the password of the account.

The probem is that hydra sometimes show different positive password matches.

My syntax:

Code: [Select]
hydra -S -l account@gmail.com -P wordlist.txt -e ns -V -s 465 smtp.gmail.com smtp
As I said, the process works but sometimes I get false positives...

Can someone explain how to fix this or are there good alternatives for smtp brute forcing?

4
Hacking and Security / Re: How to pass anti phishing software in browsers
« on: October 18, 2014, 02:42:39 pm »
Quote from: Deque on October 18, 2014, 10:25:25 am
Reopened.

Thank you, this discussion is not for illegal purpose

So I tried encoding the page with Base64 - useless

-->google chrome runs every site in sandbox mode to test it
So I'm just wondering which method would bypass it


5
Hacking and Security / XSS - How to find the exploits
« on: October 18, 2014, 12:36:57 am »
Hi guys, I'm really new to this topic but it's interesting as hell
I read alot and I think I got the differences between the XSS types and how they work.

But I'm still confused how to reveal exploits where I can inject the script
I know that I need to look for user inputs but not exactly what to do with the URL to test the exploit

Especially Reflected XSS is interesting for me, but like I said, I have some troubles with testing if exploit work or not

I found the OWASP Cheat Sheet but this is overwhelming 


6
Hacking and Security / Re: How to pass anti phishing software in browsers
« on: October 17, 2014, 07:02:26 am »
ok, i will look into it - what about Hosting?

i tried phpnet.us, but after one day the site is offline

i also secured my site with an extra .php script which reveals the original site online if the correct code was entered in the URL
otherwise it will just show "404"

the original .html files were reneamed to .jpg

so im wondering how the crawler could reveal the phishing site


which free hosters are good for hosting phishing sites? i know there are alot of topics for this question , but domains like 000webhosting and co. are just to suspicious.


7
Hacking and Security / Re: How to pass anti phishing software in browsers
« on: October 16, 2014, 11:16:43 pm »
sounds good, the thing is that i already got a modified website, so nothing you could easily clone from the original website


is this also compatible?

8
Hacking and Security / Re: How to pass anti phishing software in browsers
« on: October 16, 2014, 10:57:33 pm »
Quote from: Khofo on October 16, 2014, 09:58:19 pm

No Chrome does block phishing sites, but only poor made ones (Copy/Paste HTML on free host like 000webhost and a tiny script to retrieve the email + passwd or whatever)however it doesn't detect phishing made with se-toolkit or any advanced phishing website


im relatively new to this topic, no wonder that the sites gets blocked


i also looked into xss, which is still a bit confusiong to me but i got the point


can anyone post a link for some good phishing guides?








9
Hacking and Security / Re: How to pass anti phishing software in browsers
« on: October 16, 2014, 08:31:54 pm »
thanks for the answer...i guess you mean antivirus when you said av, right?




edit:
i am pretty sure that chrome itself is blocking the site
https://www.google.com/transparencyreport/safebrowsing




10
Hacking and Security / How to pass anti phishing software in browsers
« on: October 16, 2014, 07:45:00 pm »
Hi guys,


dont know if this is the right thread and i didnt found anything relating my question...


how can i pass the build in anti phishing software in browsers like in google chrome?




my phishing page always gets blocked by chrome, IE and firefox allow it






Pages: [1]