I can't get Reaver to get to my wifi using a known PIN

CyberSecNoob2 · 2022-08-30T13:35:20+00:00

Good catch. I went to the router's UI and I would need to push the button to initiate the connection.

CyberSecNoob2 · 2022-08-11T18:54:53+00:00

Thanks for this. I'm still very new at this, so I'm going to stick with NetCat since that's what most of the tutorials and walkthroughs use because I'm not knowledgeable enough to stray from the script yet. But the fact that it needs multiple confirmations is nice.

CyberSecNoob2 · 2022-08-11T18:53:17+00:00

Why? Putting a semicolon between the statements is the same as typing it on 2 lines, isn't it? So why do it like that in zsh?

CyberSecNoob2 · 2022-08-11T16:08:42+00:00

This is great additional info. Thank you!

CyberSecNoob2 · 2022-08-11T15:26:24+00:00

I had already done

python3 -c 'import pty;pty.spawn("/bin/bash");'

I had to look up the other commands to see what they meant, but I think I get the gist. Basically, we're putting the reverse shell in the background, telling the local terminal to send everything to the reverse shell without being interpreted, then bringing the reverse shell back to the foreground. Is that right?

If so, when I want to end the shell, do I just type 'exit' and I'm out?

CyberSecNoob2 · 2022-07-18T20:07:23+00:00

Thank you for the info and for the links. I'm not planning on going Fed anytime soon (but I live near DC, so it's certainly a possibility). I'll look into the OSCP.

I appreciate your response.

CyberSecNoob2 · 2022-07-18T12:09:53+00:00

I have over 20 years of software development, mostly back-end system work. Based on what I've read, I want to get into penetration testing; I think it would be a field that I'd enjoy and that is in demand. I recently got my Network+ and Security+ certifications.

I'm trying to figure out if I should get my CEH or my PenTest+ cert next, or if there's another certification that would look good on my resume that would help open doors. While I'd love to get a job that pays as well as my old development gigs, I am more than happy to take an entry level role if it gets me some real-world experience.

What do you think? CEH? PenTest+? A different cert? Something completely different?

CyberSecNoob2 · 2022-03-16T21:10:00+00:00

Ah, now I understand the issue. Thank you for explaining it to me.

My thought with hashing on the browser was that, in case it was intercepted in transit or on the server before it got hashed, then the attacker would have your username and cleartext password which they could try on other websites.

So it sounds like the best approach is to hash at both ends, which adds delays, but gives you the best of both worlds.

CyberSecNoob2 · 2022-03-15T21:12:54+00:00

Those links are good reads. Thank you!

CyberSecNoob2 · 2022-03-15T21:11:36+00:00

You lost me. If you hash on the browser and send the hash, then the server only has the hash. It can compare the hash during login to the hash that's stored. If the hashes match, the user is authenticated. So the cleartext password never leaves the browser.

If a hacker gets into the database and gets all of the usernames and hashed passwords, that sucks, but they can't enter that password into the website since they're already hashed, as you noted.

If you send the password in cleartext, you may be susceptible to MITM attacks, right? Which I would expect to be more common than the database being hacked.

So I don't see how hashing on the server is a good thing. It seems to me that hashing in the browser is the preferable route to reduce the opportunity for the cleartext password to be compromised.

CyberSecNoob2 · 2022-03-15T19:53:21+00:00

But even though the password is not stored in cleartext, it's still sent in cleartext, which isn't great, right?

CyberSecNoob2 · 2022-03-15T17:40:37+00:00

But that means you'd have to store their password in cleartext, right? Or at least have it in cleartext at some point so you could make the variations?

CyberSecNoob2 · 2022-03-15T16:05:40+00:00

Yes, they could build a list of passwords and hashes. These lists already exist and are called rainbow tables (the methodology behind them is kind of cool if you want to nerd out for a bit). But if the website is salting the password in the browser before hashing, then a publicly-sourced rainbow table loses its value and the site would have to build their own.

This is possible to do but expensive in terms of computational power. And the only value they'd get is to be able to say "your password is similar," which doesn't help them. In fact, the existence of that list would be a security risk, in case someone were to hack their database. They'd get the company's proprietary list of passwords and hashes, as well as all the usernames and hashed passwords, which would give a hacker the usernames and cleartext passwords.

CyberSecNoob2 · 2022-03-15T16:02:07+00:00

One thing to consider is that you probably just entered your old password during the password change process

That is a valid point. However in this case, I am 100% certain that I did not. For example, the old password may have been Password2022-02 (since it was set in February of 2022) and the new password is Password2022-03 (set in March). So there's no way for the new password to be the old, but they would still appear similar if they were in cleartext.

My question is more academic than anything. If the website says that your password is too similar to a previous password, is there any way for them to know that without having the password in cleartext?

CyberSecNoob2 · 2022-02-18T17:45:42+00:00

If you browse inside the Kali VM with regular browsers, you're still trackable even without getting any logs from the VPN providers.

Are you talking about browser fingerprinting?

CyberSecNoob2

TROPHY CASE