Search:

Type: Posts; User: SilicaG; Keyword(s):

Search: Search took 0.00 seconds.

  1. Replies
    12
    Views
    9,108

    Re: Privilege escalation on win7

    Hi, you can try something like Windows Task Scheduler Privilege Escalation (http://www.exploit-db.com/exploits/15589/) or KiTrap0D (http://www.exploit-db.com/exploits/11199/).
    You can also upload a...
  2. Replies
    1
    Views
    2,714

    Interactive remote shell

    Hi all,
    since I learned "how to land a shell" the problem was about the interactivity of this shell.
    If i setup a netcat listener and then connect to it I can get a simple shell:

    nc -lvp 4444
    ...
  3. Replies
    23
    Views
    25,553

    Re: Advanced WPA(2) attack methods?

    MMM I'm not sure about that. AFAIK That's right that you can emulate a real AP with same ssid/mac, force deauth to let the client disconnect the real AP and connect our rougue AP, but simply you run...
  4. Replies
    4
    Views
    3,679

    Re: LM, NTLM and Rainbow Tables

    Hi,
    you are right the first il LM and the second NTLM
    To decrypt LM, with simple password, you can paste the hash directly in google or use some site like...
  5. Discussioni: SSH question

    by SilicaG
    Replies
    8
    Views
    7,829

    Re: SSH question

    Have you genetated the server fingerprint key?


    sshd-generate

    After that, if the nerwork is all right and ssh service is up, you'll be able to connect.
    Second thing: to be able to connect...
  6. Replies
    4
    Views
    9,657

    Re: enumeration techniques

    I tryed Unicornscan and works great. Thank you.
    Is a good tool for the first-pass, but now i have to learn it :D
    Someone use self-made-scripts to launch LAN scan?
  7. Discussioni: CSRFTester

    by SilicaG
    Replies
    0
    Views
    1,971

    CSRFTester

    Hi all!
    I'm testing a DVWA web application. Now I'm on the Cross Site Request Forgery vulnerability.

    I have 3 VM:
    - Metasploitabe_VM 10.0.2.100 (the web server)
    - BT4_VM 10.0.2.111 (the...
  8. Replies
    11
    Views
    3,207

    Re: John Cracked Sam File - Unknown Users?

    Fqdump works great. In BackTrack you can use msfconsole, but first you have to exploit the win PC. I think also Cain & Abel can dump hash
  9. Re: How to get rid from startx command in backtrack5R2 ?

    It sounds very good ;)
  10. Re: Looking for a wifi radar which tells the direction of the frames of an AP is comi

    I use wigle to perform a big area scan (android APP) and import the map on google maps.
    Then use another android APP called "analizzatore di rete" to refine my search.
  11. Replies
    4
    Views
    9,657

    Re: enumeration techniques

    I Never tried Unicornscan, I will make it.
    Me too, after the discover, try the -sV option, but thank for remember me the UDP protocol...too many times I forget it :p
  12. Replies
    4
    Views
    9,657

    enumeration techniques

    Hi all!
    I want to illustrate my basic LAN enumeration techniques and lern new from you.

    Basicly i use nmap, nbtscan (or nbtstat on win), sbmclient and rpcclient.
    Supposing a 10.0.2.0/24 net
    ...
  13. Re: Looking for a wifi radar which tells the direction of the frames of an AP is comi

    You need a directional antenna, try to see here http://www.turnpoint.net/wireless/cantennahowto.html or search for "cantenna"
  14. Re: How to create a domain user admin thru an exploited domain PC

    This is the purpose of the tutorial: illustrate the risk to use a domain admin user to run prosess remotely in a domain, such as policy or script. If there is not the token "you can't" create a...
  15. Replies
    23
    Views
    25,553

    Re: Advanced WPA(2) attack methods?

    That's very good. Rougue AP with a html request password page give always good results. If I remember well there was a test in a university with a similar AP and the attacker has collected a lot of...
  16. Replies
    23
    Views
    25,553

    Re: Advanced WPA(2) attack methods?

    You can create a rougue AP with same ssid (and mac) of the target AP and capture the handshake for the WPA or the data for the WEP (caffe-latte attack). You can simulate the AP and share your...
  17. Replies
    16
    Views
    30,703

    Re: 26 characters wpa/wpa2-psk wordlist

    Yes man! But, I think, that a simil wordlist is without sense. This is not a wordlist anymore, but a brute force. So if you have anought time (http://lastbit.com/pswcalc.asp) you can try to process...
  18. Replies
    23
    Views
    25,553

    Re: Advanced WPA(2) attack methods?

    It's Right, the WPS, now, is the only way for a strong WPA.
  19. Replies
    10
    Views
    13,110

    Re: I left KDE and installed GNOME

    Same for me. In KDE I can't properly install my ati driver; in GNOME, with difficulty, I can.
  20. Replies
    7
    Views
    2,615

    Re: Nessus starting with SSL Error

    You're welcome :D
  21. Replies
    16
    Views
    30,703

    Re: 26 characters wpa/wpa2-psk wordlist

    You can use crunch.


    crunch 26 26 abcdefgABCDE123:-Ó -o wordlist.txt

    This will generare a file named wordlist.txt using the characterset "abcdefgABCDE123:-Ó". All the words will be 26...
  22. How to create a domain user admin thru an exploited domain PC

    Hi all!
    the "how to" forum is closed, so I post here.

    This is how to create a domain user admin thru an exploited domain PC with local machine administration rights.

    The domain is called...
  23. Replies
    7
    Views
    2,615

    Re: Nessus starting with SSL Error

    Hi! It's normal: your are trying to connect with https on your web server (127.0.0.1).
    You haven't loaded a certificate on web server and the browser give you an error.
    If you only use in local...
  24. Replies
    2
    Views
    2,852

    Re: Ettercap: No poisoning between [host] -> [router]

    Hi!
    in the ettercap config file (/etc/etter.conf) is activated the iptables redirect? By default isn't.
    If is acrivated, when trying to connect to a https web page from the victim PC, you will...
  25. Discussioni: Official hello thread

    by SilicaG
    Replies
    1,439
    Views
    197,598

    Sticky: Re: Official hello thread

    Hello to everyone!
Results 1 to 25 of 25