Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - mr.sinister

Pages: [1]

Anonymity and Privacy / Re: Raspberry pi VPN

« on: August 13, 2015, 02:52:53 am »

you could use a tor hidden service on the ssh port for ip anonimity and as a reverse connection to the device, then tunnel throught ssh to the devices end as said above.
maybe you could set a sleep timer of some sort to enter a 'low power state' turning off wifi and any services.
Then set a 'wakeup'time that starts all the services and wifi, auto connect to the AP and you can login over the ssh hidden service again.

Hacking and Security / Re: Bypass compulsory proxy or find proxy password on windows PC

« on: July 27, 2015, 08:54:44 pm »

you cold try a mitm attack to capture the data when your connected router

OR
gateway poison
ettercap with gateway poisoning enabled
plus a listener
nc -l -p 8080 -t
would record anything meant to be send to port 8080 on the router so might capture some details that way

OR

i understand if you know they wifikey you can capure the wifi signal with some air sniffer program on a laptop and decode it with the known password. so it would be like a remote packet capture.
most wificards can at least record in a hacky way.

OR

a live disk like hirens bootdisk to lift/load the registry hive from the pc you have access to and get a reg editor onto it .

hope this helps S

Hacking and Security / Re: taking it to the next level (Distributed Computing)

« on: July 27, 2015, 08:42:21 pm »

I tried some cluster b-wolf setups before they require ALOT of bandwidth.
(big cluster supersomputers use unlimited speed lan routers)
a slave can only work as fast as the data can be send and fetched from them.
so its not really feasable for zombie systems, its a bit obveouse if all your internet and cpu is being used by some autostarted exefile.
but people are stupid so why not give it a try anyway

Hacking and Security / Re: is session hijacking still possible nowadays?

« on: July 27, 2015, 08:33:12 pm »

ssl strip and a mitm is needed mostly for session hijacking
but most sites have different cookies for differnet parts of the site.
example
with yahoo you can capture session data and be 'logged in' on the search page but when you goto the emai section it askes you for the password.
prpbably because of the 'hacky'nature of session.
but with other more basic sites that use simple logged in or not cookies it is very possable still.
on andoird intercepter-ng is great at it
set sslstrip run the mitm and wait for a cookie
press the cookie and the site loads with the cookie set and you are logged in as whatever user.
it worked with facebook messenger app but as i said before moveing from once site service to another is a bit dodgy in recent years

Hacking and Security / Re: 1 day of running a SSH honeypot

« on: July 27, 2015, 08:16:36 pm »

port 22 brute force attempts are pretty much a permanent thing on all if my servers

so i change the port and they dissapear

plus a permanent p0f logger captures the attempts on port that are not open.

Web Oriented Coding / Re: Best PHP resources

« on: July 22, 2015, 03:42:25 pm »

i would throw in a vote for https://www.codecademy.com/ as well i am just starting the javascript.

might i add geany is a great ide for php as will as notepad a with your apache.log and error.log open.