Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - n01xxv

Pages: [1] 2
1
General discussion / Re: Current Careers & Aspirations
« on: January 24, 2016, 12:48:59 am »
I'm an IT security & PCI-DSS consultant.

2
Hacking and Security / Re: Your Hacking Routine
« on: January 22, 2016, 11:26:02 pm »
Jackal : you are really a constructive guy ... :(
b00ms1ang : First I think they must learn pratical network/systems & dev things, like wireshark :)
After, like others said, learn them reco/enumeration/scanning and when they understand perfectly what they see learn them how to find vulnerabilities and exploit them.
You have many topics on this forum for this kind of question ;)

After you want to know what I do, and what techniques I use ... in fact it depends on what I'm faced so reco/enum !!! :)

3
Hacking and Security / Re: Password Security ?
« on: January 17, 2016, 12:28:08 pm »
Number of possibility for a password with the length n and k is the possible number of character :


So I think that n1ckl3b4ck is not so secure :D

Try password like passphrases type :
alula undress hiccup maison sorry dedicate gombroon shoal kingfish
And you can add some special caracter :
alula!undress#hiccup;Maisonsorry dedicate.gombroon,sh0alkingfish

But don't do thing that are derived from nickelback it can be guessable ;) Only use random caracter or passphrase with random words choose on different dictionnaries.

4
Hacking and Security / Re: Using a self-written message system as C&C
« on: January 16, 2016, 12:39:27 pm »
Humm ... if you but a malware that communicate with a C&C, this malware will act like a client, so you don't care about port scan ! And TOR client can be configure to go though firewalls ...
After if the target network have L7 inspection (IPS/IDS/L7 Firewall) you can find some evasion techniques.
But anyway IRC is too easy to detect.

5
Networking / Re: Should I bother trying to get a DevOps job with no degree?
« on: January 16, 2016, 02:20:08 am »
First I think you post that in the wrong section ;)
And I think you don't have enough experience, devops is more than configure some linux servers and dev some scripts, is a team working (with dev & sys adm), process making, work with other business unit than IT, etc ... but nothing ventured, nothing gained so yes you can try :).

6
Hacking and Security / Re: Using a self-written message system as C&C
« on: January 16, 2016, 02:11:44 am »
Some things :
  • Do you think that police will not seize your server and discover that your IRC server is in fact a C&C ?
  • Like Jackal says IRC's botnet are so old :)
  • Try to use TOR ...

7
Hacking and Security / Logjam attack : PFS implementation fail
« on: May 20, 2015, 02:39:55 pm »
It seems to be an attacks similar to FREAK but against DH. Logjam successful attack can downgrade TLS connection to 512 bits.
Servers who accept DHE_export ciphers are affected.
Website :
Code: [Select]
https://weakdh.org/Related paper :
Code: [Select]
https://weakdh.org/imperfect-forward-secrecy.pdf

8
Hacking and Security / Re: GPU Malware
« on: May 13, 2015, 01:20:43 pm »
r3verend, sources please ?
And if you talk about that :
Code: [Select]
http://dcs.ics.forth.gr/Activities/papers/gpumalware.malware10.pdfit's not exactly the same thing.

9
Hacking and Security / GPU Malware
« on: May 12, 2015, 08:41:33 pm »
I found that today : some GPU malware proof of concept.
It seems that actually no AV software can detect this kind of malware.
PoC seems to have been done under Linux 32 bits + Nvidia GPU. Function like keylogger use DMA for their tasks.
Code: [Select]
https://github.com/x0r1They have a JellyScan folder (for detect GPU malware) but it is empty :D.
Do you know if someones have use this king of method (GPU malware not DMA :)) for a real attack/infection ?

10
Hacking and Security / Escape restrictive job objects : Windows 8.1
« on: May 06, 2015, 02:25:17 pm »
It seems that Microsoft will not patch this vulnerability (but it is not easy to exploit in fact).
New publication from Google Project Zero :
Code: [Select]
http://googleprojectzero.blogspot.nl/2015/05/in-console-able.html

11
Hacking and Security / Re: So I Decided to go for it
« on: May 05, 2015, 03:07:09 pm »
Yes all materials of this course are available for free (or some low price books). But if you have money to spend why you don't try OSCP course+lab+certification.
If it's for learn and update your CV I think it is more effective !
If it's just for learn : use free papers, some books, and free available labs/challenges ...

Have fun anyway !

12
Hacking and Security / Re: D-Link DSL CSRF Exploit . How to Use/Test ??
« on: May 03, 2015, 12:51:52 am »
Maybe the place of this topic is in the newbie section because it seems that you don't know what is a CSRF vuln.
Read this : https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

The important part of the exploit is that :
http://192.168.1.1/redpass.cgi?sysPassword=new_password&change=1
Replace 192.168.1.1 by the ip address of the target router. After you have "just to" trap an admin, if he go on this URL this will change his password to the wanted one (in this case : new_password and if he is logged as router admin).
The html code that you paste just redirect to this link (with the onload in the body section).

Have fun !

13
Beginner's Corner / Re: How to Find Out AP IP?
« on: May 02, 2015, 08:38:22 pm »
I think you must find more information about how WLAN works and read some paper about IEEE 802.11x ...
If you are not connect to the network I don't believe you can find private ip address of the router. And in fact even if you find it by any mean you can't connect (so attack) to it because you are not in the same network !

If you want the public address of the router, if it connect to a public network (ie Internet), try SE techniques to force the user to connect to one of your server.

But in fact I think you must learn how networks work before try hacking things or play with hacking tools :) .

If you are connected to the network so try that to find ip address ranges :
http://www.aircrack-ng.org/doku.php?id=find_ip
or just a traceroute ... you will go through the router for join another network. Or go like a pig and "nmaped" all the ip range :)

14
Hacking and Security / The Spy in the Sandbox – Practical Cache Attacks in Javascript
« on: April 22, 2015, 11:17:20 pm »
I don't know if you have see that :
Quote
We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim's machine -- to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today's web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al., allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on other benign uses of the web browser and of the computer.
http://arxiv.org/pdf/1502.07373v2.pdf
http://arxiv.org/abs/1502.07373
http://www.forbes.com/sites/bruceupbin/2015/04/20/new-browser-hack-can-spy-on-eight-out-of-ten-pcs/

 

15
Tutorials / Re: Understanding PHP Object Injection
« on: February 08, 2015, 11:51:32 am »
No it's not my blog. Just a cool tuto so I share it :)

Pages: [1] 2