Network Security
Discussions on network security, holes, exploits and other issues...
122 topics in this forum
-
Get past an Incapsula block HTTP request
by akzainda11- 1 follower
- 2 replies
- 3.8k views
Im simply trying to make an HTTP request to this product on the Pokemon Center website. If you have cookies cleared and open the url then the request will succeed (200 status), but without any cookies Pokemon only responds with a `Set Cookie` (no html body) and then the webpage reloads with the received cookies and the GET request succeeds and returns the actual html. I'm having trouble replicating this in Golang: my first request responds with 200 and the set cookies, the second request should have the cookies but responds with the same thing instead of actually returning the html. There's a bunch of requests that take place between the first product page GET reque…
-
Tempering TCP Request/Response on Fly
by BeeS7Er- 1 follower
- 6 replies
- 12.5k views
Dear Geeks., I used Fiddle4 to breakpoint and manipulated each http/https request and response traffic . How we can achieve the same in TCP - 3306 port Mysql Protocol Packets. Through Wireshark, I can able to sniff but i cant able to edit the packet .,? Any best tool and solution for available? suggestion/recommendation? Thanks In Advance.
-
Network LAN Tools
by CodeExplorer- 1 follower
- 1 reply
- 10.7k views
Network LAN Tools />http://www.ehow.com/list_7176375_network-lan-tools.html
-
Logon Session Monitor
by JMC31337- 1 reply
- 8.1k views
This can be used to monitor any user login sessions that transpire on a Server or Standalone system using services API call (yes this could probably be coded as an ACTUAL service but that's left for another day) Compile and run (I've tested this on a basic user account with no ACL except their own profile folder ACLs and it gathers all logged in users maintaining an array and comparing it against the total number of logged in sessions) Note: various source codes were changed around I just don't remember all the sites i used to put this together There is an embedded smtp mailer that will connect to zoho (for this example) along with a way to email the alert…
-
- 1 follower
- 0 replies
- 8.9k views
Kerberos on AD DS w/ IIS DHCP DNS Installed There were so many tutorials on how to properly get Kerberos configured on an AD DS setup, mostly utilizing kerber with a 3 party cloud system, I wanted to establish Windows Authentication using only 1 provider "Negotitiate:Kerberos" You can try to simply enable only this provider but it still wont work. Ive seen videos/tutorials explaining you need another account added into the AD or you need to setup a "service" account and yes technically this could be done, but here's step by step kerber provider only without any added accounts or services - you will however need to properly set your SPNs, and that was where I went …
-
MITMing application with specific configs
by learnReverse- 8 replies
- 9k views
I'm wondering what is the best possible way to MITM an application that uses TCP and unknown application layer(could be https) but if this application does not accept system's proxy configs thus impossible to use some known HTTP packet analysers such as Fiddler etc. I had in mind 2 approaches and was wondering how is it possible to execute them? 1. Create local DNS record that resolves to my own proxy server that im hosting localy. So the connection would go like APPLICATION->DNS_RESOLVE->MY_PROXY->TARGET->MY_PROXY->APPLICATION 2. Because applications dont accept system proxy settings, maybe i can create custom VPN and use that virtual network…
-
The Hitchhiker’s Guide to Online Anonymity
by H1TC43R- 0 replies
- 7.3k views
I came across this as I'm in the process of upgrading my modem, router etc.. and thought it might be useful, i haven't read it yet as its looks quite a read Here's a snippet from the site This is a maintained technical guide that aims to provide introduction to various online tracking techniques, online id verification techniques and guidance to creating and maintaining (truly) anonymous online identities including social media accounts safely and legally. hxxxs://anonymousplanet.github.io/thgtoa/guide.html
-
Bytenode v8
by brooke- 1 follower
- 0 replies
- 11.1k views
hi am having troubles with a exe protected with bytenode, has anyone here successfully created a decompiler for bytnode v8
-
How to access any cisco course for free
by Derberux- 2 followers
- 2 replies
- 22.3k views
Well, I wanted to share this trick to access any cisco course for free. Video https://streamable.com/tyueck The value of the cookie must be set to the current day number, instead of 3 like the video, if today is 8 of june, set its value to 8 and it'll work Few list of courses NetAcad Curriculums CCNA Routing and Switching version 6 Semester 1: Introduction to Networks https://static-course-assets.s3.amazonaws.com/ITN6/en/index.html Semester 2: Routing and Switching Essentials https://static-course-assets.s3.amazonaws.com/RSE6/en/index.html Semester 3: Scaling Networks https://static-course-assets.s3.amazonaws.com/ScaN6/en…
-
I'm new to packet injecting, doing it on my own programmes and tryhackmes,can anyone help me get started?
by toxicball111- 2 followers
- 0 replies
- 8.4k views
Hello people! I'm very new to the community and just looking for some help on packet injecting (on the fly) if possible. Can anyone fill me in with there infomation on the subject? Anything will be great, cheers guys!!
-
- 11 replies
- 15.5k views
Hello Every One Any other way to bypass icloud id permanently in apple i phone 6. Please answer me if any one have idea about it. Thank you
-
HTTP MITM tool
by KDN- 8 replies
- 16k views
HI all, lets say I have a program that is activated online, you enter a serial number and the application makes an http post with the serial number to their server, and the server responds back (lets keep it stupidly simple) with either 'accepted' or 'rejected' What I want to do is make a small exe that listens to all http requests, can match against the url and maybe some post values then spoofs the response back to always be accepted. I know this might seem really stupid, and why I wouldn't just patch the original program, but this is something I have been looking at for a while with no success I think it will be fun to try. I can do exactly this with pr…
-
Game bot, client reaction when sending a packet?
by Netskyes- 1 reply
- 15.2k views
Hey all, I've created a packet sniffer and lets say I've hooked up a game and can intercept all traffic, modify packets, replay etc. Now the question is, when I replay a packet, lets say Moving packet, how does the game client know it should move when I only send it to server and receive a response? Does the client upon receiving that info from server move or? If anyone has any idea on how exactly this part works I'd appreciate the input. Thanks!
-
SQL Server Logon trigger
by Slaifer- 0 replies
- 16.6k views
Hello everyone, Well, i block the sql connection with a logon trigger, filter by ip example: If ip != 127.0.0.1 then block the connection So, it's possible to change the ip connection for the local ip and then bypass the trigger? or exist any other form to bypass the trigger? sorry english and thanks PD:i use SQL Server 2014
-
Why ping doesn't work???
by CodeExplorer- 7 replies
- 12.6k views
Why ping doesn't work??? I have two computers: one laptop with Windows 7 SP1 and one PC with Windows XP SP2. I have internet access on all computers. If I connect computers trough routers -> ping (command prompt) doesn't work (time out) while the ping from the router page works ok. If I reinstall on PC with Windows XP SP2 the OS Windows 7 SP1 ping doesn't work neither - so that won't solve my problem! If I connect the two computers with an UTP cable, I make a peer-to-peer network, I set proper IPs: result: the ping works ok. The IP addresses from router page seems to be of all devices with was once connected, and not devices which are currently connected!…
-
Router DDOS option
by CodeExplorer- 2 replies
- 10.1k views
On my router settings: I know what DDOS attack is! But here is the question: what this suppose to do??? It would be something like protect against DDOS I would understand!!! Hell if I know what's up with that!
-
Short networking tutorial
by CodeExplorer- 0 replies
- 10.8k views
Short networking tutorial Let me know what you think of it. Short networking tutorial.zip
-
Getting passed cloudflare?
by hotpockets- 6 replies
- 13.5k views
Hey, I was wondering if anyone here knew how to get passed cloudflare? I'm aware you can just get the original main IP, but that thing is hidden away. Even when trying to bypass it using subdomains.
-
SSL Labs's results on Chinese websites
by SkyProud- 5 replies
- 13k views
Disclaimer: It is the evaluation of the website itself, not the content on it. Be careful when assessing the content of these websites! Summary: HTTPS web mail: QQ mail: A 163 mail(netease): A(This server's certificate will be distrusted by Google and Mozilla from September 2018. ) Sohu mail: C(This server's certificate will be distrusted by Google and Mozilla from September 2018. ) Sina mail: F Website: Taobao: B Baidu: C 360: C(Router Test gets F) Kingsoft(Jinshan): F Huawei: T(hostname mismatch, browser gives bad message) Online banking: ICBC: B BOC: C CCB: C ABchina: C CMBchina: C My comment: I began my HTTP…
-
How to Investigate Like a Rockstar
by sparcflow- 1 reply
- 14.6k views
Hi, I would like to share with you a book that might help you on forensic and incident response engagements. It describes in detail a security incident inspired by real life events, from the first doubtful call made by a bank to the height of tension caused by preliminary forensic analysis. Together, we explore : Memory analysis Perfect disk copy Threat hunting on a Mainframe Data carving We also share the insights of real crisis management: how to steer people in the right direction, what are the crucial reflexes of a first responder, what to say and do in the first minutes of a security incident, and how to address the inevitabl…
-
- 1 reply
- 12.6k views
The problem: I have a certain program which runs through a launcher. Basically there is none other official way to download the program itself apart from downloading it through the launcher. The problem is 1. the program is quite large 2. after complete downloading the launcher afterwards acts as an uploader for peer to peer seeding. I want to know how to check from which website/address it is downloading the data (the original program). Also I am not interested in disassembling the launcher as it itself is quite large and I believe there are easier ways to do things I am looking for.
-
KRACK - Breaking WPA2 by forcing nonce reuse
by Extreme Coders- 9 replies
- 12.8k views
INTRODUCTION We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be ab…
-
- 0 replies
- 9.2k views
According to Microsoft, this is a feature. https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
-
Infected by just HOVERING over a hyperlink !
by Techlord- 8 replies
- 14.5k views
Zusy: New PowerPoint Mouseover Based Malware Relevant and Interesting Extracts from the Article : Technical Analysis Details of this malware can be found here in this article .
-
- 0 replies
- 9.5k views
Hi, I put in place a real pentesting platform for you to pwn. No simulation, no regex, no sharing, you get 24-hour access to real machines with real flaws. Up to you to exploit them in a meaningful way without crashing the systems. On the menu : - Multiple windows machines in AD environment - Local restrictions (applocker, GPO, etc.) - Pivoting with some constraints (UAC, Firewall rules, etc.) I could go on but I don't wanna spoil the whole thing. Have a peak here : https://www.hacklikeapornstar.com/training/ Coupon for 30% reduction : HLP090807 Cheers, Sparc Flow
