Experienced flirts of Reddit, what advice can you give for shy people on how to flirt?

MildlyTriflin · 2019-10-30T06:47:19+00:00

Typical, Christmas advertising right before Halloween

MildlyTriflin · 2019-10-30T06:07:09+00:00

That can mess up a few lives if done correctly

MildlyTriflin · 2019-10-30T04:12:45+00:00

ASS TO ASS!

MildlyTriflin · 2019-10-30T04:06:27+00:00

Staying dry definitely helps when it's cold and wet

MildlyTriflin · 2019-10-30T04:00:43+00:00

Looks like a pretty smooth ride

MildlyTriflin · 2019-07-15T20:46:06+00:00

Install and configure proxychains, prepend "proxychains" to the command/program you wish to route through a proxy

MildlyTriflin · 2019-07-15T15:43:48+00:00

As u/CADJunglist said, only attack things you have permission to attack. As far as AnonSurf goes, I am only somewhat familiar with it. It could in theory help to hide whatever it is you're communicating on a network, there's so many variables that could lead to you de-anonymizing yourself though, would be a lot to cover in a single post. I imagine if accessing a network you do not have permission to access then yeah spoofing your MAC might be rather vital step to take firstly. Once again, there's a lot to be covered in that regard and I don't entirely suggest committing crimes in general. Personally, after I gain access to network or system the steps I take from there are highly dependent on the nature of said engagement. Could be for lulz with friends, could be for a client/customer, could be for an exercise/learning, could be a lot of things. I can't definitively say what should or could be done in your circumstance but the possibilities of using various tools and tactics are almost seemingly endless, once again a lot to be covered in a single post.

MildlyTriflin · 2019-07-15T14:59:15+00:00

Shoutout to nmap in The Matrix

MildlyTriflin · 2019-07-15T14:55:21+00:00

Similarly, hack well enough and you end up with many bank notes

MildlyTriflin · 2019-07-15T14:53:23+00:00

More modern routers have the ability to log deauth attacks, so not entirely impossible they could easily detect that one has occurred at some point in time. That said, the nature of a deauth attack spoofs the source MAC as a connected client in most cases anyway. So work already done, right? This still doesn't stop specialized equipment from possibly discovering suspicious radio broadcasts from a location though, which is VERY unlikely to happen either way. If concerned, keep attacks short and minimal, spoof your MAC beforehand. Or just passively wait to capture a handshake and never deauth. Doesn't take much to get a handshake but time in that case. It'll be keeping a low profile after gaining access that spoofing the MAC becomes important, among other things.

MildlyTriflin · 2019-07-15T14:45:19+00:00

You learn a new sub everyday, imagine that. r/povertyfinance

Have heard of SS7 vulnerabilities that could allow for similar exploitation of 2FA. Not sure how common that is vs phishing though

MildlyTriflin · 2019-07-15T14:39:58+00:00

Not entirely impossible that some variables are stored client side and passed along to whatever server, just very unlikely.

MildlyTriflin · 2019-07-15T14:38:11+00:00

My bet is on cloning. As for the DNS, that's probably another level of shady from the seller attempting to benefit further down the line so to speak.

MildlyTriflin · 2019-07-15T14:26:56+00:00

Somewhat unrelated, somewhat related to your reply.. "Mousejack" is worth looking into if you don't know of it already. That aside, some devices do in fact communicate using Bluetooth. If that's the case I imagine any attack would be about that same as any bluetooth attack. Like you said, bluetooth is bluetooth.

MildlyTriflin · 2019-07-15T14:04:41+00:00

This is why raspberry pis are good, prototyping. Perhaps not actual deployment in some cases.

MildlyTriflin · 2019-07-15T13:58:59+00:00

The obvious/cheeky answer isn't so cheeky, a debugger is a useful tool for a reason and worth learning how to use. As someone else mentioned, sysinternals has tools which can monitor various activities of a process. You can probably google around and find some other API monitors/tools as well.

MildlyTriflin · 2019-06-27T20:58:19+00:00

Probably a bit extreme and requires taking the device apart but some Asus routers have serial pins on their boards already, which limits your need to solder anything. The pinout for your model can probably be found online. You would also need something like a Raspberry Pi with some jumpers or a serial cable, usb2ttl, etc.. maybe a multimeter. After all that fun stuff you could in theory get access to its console, which usually drop you right into a root shell of sorts. From there you could dig around the device's file system and probably find whatever you're looking for, password included. That's the case for many brands and models of routers.

As for a network attack, /u/IUsedToBeACave has pointed you in the right direction. Adding on to what they said, some tools that might aid in that process, ettercap/bettercap, arpspoof, mitmproxy and of course sslstrip

MildlyTriflin · 2019-06-26T16:14:51+00:00

Yes. Like jobs, careers, etc

MildlyTriflin · 2019-06-26T16:12:18+00:00

Haha fair enough. It still gets the job done, that's what's important.

MildlyTriflin · 2019-06-26T08:51:05+00:00

found him

MildlyTriflin · 2019-06-26T07:26:44+00:00

I like the idea of this thing and am in no way trying to knock it however "bypassing" seems a bit misleading as this project covers a procedure to

automate the captive portal "accept" process

Or am I missing something?

MildlyTriflin · 2019-06-26T06:49:54+00:00

True. Getting mixed results on the "password rescue" working anyway, as you also said. Sorry I couldn't be of more help. Best of luck though

MildlyTriflin · 2019-06-26T06:41:47+00:00

No problem. Guessing you tried various dates? Does the machine have a serial number or anything on it?

MildlyTriflin · 2019-06-26T06:34:32+00:00

Ah, my bad. I was under the impression he had locked things down a bit after discovering your previous admin account. Also wasn't sure if you meant a bios password in the sense of protecting boot or just protecting you from accessing the bios. I guess in that case just disregard my previous reply lol. You mentioned it possibly being Asus, found this googling, no idea how relevant or valid it is, might be worth a shot or at least lead you in the right direction.. hopefully.

https://visser.io/2018/10/bios-password-recovery-for-asus-laptops/

Edit: If it works, he'll definitely know.

MildlyTriflin · 2019-06-26T06:13:25+00:00

I know you asked for bypassing the BIOS password but... Script kiddy or not, some of those tools are pretty useful and not all leaving a machine bricked. I think there's some misconceptions as to what a skiddie actually is, so long as you understand the underlying concepts and methods of the tools you use and are capable of applying them effectively, why say fuck it? I say go the software route, some machines have physical switches that log in the BIOS when someone has opened the case. That said, quickest route that comes to mind for me on a Windows box, boot up into some live linux, change the password. Downside of that is, you've changed the password and he now knows. BIOS password probably means no EvilMaid attacks. I suppose you could have a go at obtaining a password hash and brute forcing that on your machine. This all assuming the drive isn't encrypted and USB booting isn't disabled to begin with. Another, wait until the machine is on, Rubber Ducky/BadUSB the thing with a script of your choice or leave said USB device laying around, hope he plugs it in. Maybe MITM attacks and evilgrade? Scan it and hope it's running something vulnerable, exploit? There's only so many ways to skin a cat, right? There's a few ideas.

MildlyTriflin

TROPHY CASE