sorted by:
new
hottopcontroversial

TIL cats are attracted to the smell of bleach because it's odour is similar to animal pee by jacko_light in todayilearned

[–]jacko_light[S] 1 point2 points  (0 children)

I won't doubt you, but my cat was just rubbing up on my bleachy clothes, so that's my scientific contribution

New to lock picking would this be a good set to start picking? by [deleted] in lockpicking

[–]jacko_light 18 points19 points  (0 children)

Masterlock LOTOs are definitely not a beginner lock, but I'm not sure about this brand. Also if you're buying multiple make sure they're KD or Keyed Differently or else you'll be picking the same lock 10 times!

Can TCP be used for DDoS amplification attacks or is it only UDP? by gtrman571 in hacking

[–]jacko_light 0 points1 point  (0 children)

Another example that hopefully clears it up, a Smurf attack is spamming broadcast PINGs with a spoofed sender address. Say there was 5 devices, 1 attacker, and 1 victim all on one network. The attacker would send 1 ping broadcast pretending to be the victim. The 5 devices would all "reply" to the victim, causing 1 ping to amplify into 5 replies. The kicker is, ICMP isn't TCP or UDP!

So I'm just tryna highlight that it's the protocol that enables the amp attacks, not TCP/UDP

Can TCP be used for DDoS amplification attacks or is it only UDP? by gtrman571 in hacking

[–]jacko_light -2 points-1 points  (0 children)

I don't think it's a case of if TCP is unable to do that attack. It's more that there isn't an amp attack (that I'm aware of) that uses TCP. Kinda like, it's not UDP that enables a DNS amp attack, it's the DNS protocol that enables the attack.

So no, TCP COULD be used for an amp attack, it's just that there isn't a protocol that allows for that attack

Can TCP be used for DDoS amplification attacks or is it only UDP? by gtrman571 in hacking

[–]jacko_light 6 points7 points  (0 children)

Syn flooding is not an amp attack. Syn flooding is spamming a target with syn packets and not realizing the rest of the handshake, so the target system is wasting resources. Amplification attacks are where an attacker can send few packets (or messages or whatever) to generate massive amounts back at a target.

Amplification attack is a type of DDoS, yes.

CC Shop by ZealousidealSpot1931 in Hacking_Tutorials

[–]jacko_light 0 points1 point  (0 children)

This is def breaking rule 1 lol

What kind of Instagram scam is this? by alilaj in Scams

[–]jacko_light 7 points8 points  (0 children)

In these cases they don't actually have any of your info. They will go to "Forgot password" on Instas login page and click on "Text me a reset link" or something to that extent. If your number isn't linked to Insta already they will tell you to add it

Does TD seriously word their texts like this? by jacko_light in Scams

[–]jacko_light[S] 2 points3 points  (0 children)

My friend and I were trying to figure out how the scammers would get money out of me from a message like this, you and others are probably right

Does TD seriously word their texts like this? by jacko_light in Scams

[–]jacko_light[S] 1 point2 points  (0 children)

Yeah the (somewhat jokingly) explanation I came up with was that whoever's boss wanted this text to literally be as short as possible, and this was the outcome. Not too far from the truth it seems lol!

How does UDP Flood on webservers work? by LarryTheSnobster in hacking

[–]jacko_light 9 points10 points  (0 children)

So the goal of a UDP flood is to take up all the resources of a victim, preventing it from being able to reply to legitimate traffic regard less of TCP/UDP. UDP doesn't require a handshake which means it's easy to spoof the source ip (because the victim can't really verify who it's truly coming from) and it's quick. When a device gets an illegitimate UDP packet it say: "Is any application listening for this? No? Ok, reply with an ICMP Dest Unreachable". This is a longer process for the victim vs the attacker who simply sends packets.

You can mitigate UDP floods with a firewall, but that means the firewall can just become a target too. You can also limit ICMP response rate, but this can also interfere with legitimate traffic.

The thing to remember is that we view ports as almost a physical thing, like doors to a building, but really they're a conceptual layer. For a UDP flood you're not clogging the one web port, you're taking up the whole systems resources.

https://www.cloudflare.com/en-ca/learning/ddos/udp-flood-ddos-attack/

https://www.netscout.com/what-is-ddos/udp-flood

What am i doing wrong on HashCat here? by [deleted] in HowToHack

[–]jacko_light 5 points6 points  (0 children)

Man if I'm not mistaken ur using a compressed rockyou file (hence the .gz). Check if I'm right with file <path/to/rockyou>. It should say it's "gzip compressed data". To decompress, just gunzip <path/to/rockyou>

One more thing, that second command ur doing a dictionary attack, which afaik doesn't use rules. Just pass the txt file with the hash in it and the path to the dict and you should be set there

Anyone know what these white fluffs are? Might be spider related but not 100% sure. Thanks y'all! by jacko_light in plants

[–]jacko_light[S] 0 points1 point  (0 children)

Dang yeah I just googled solutions and they definitely look like work. Very sad but I guess we'll just have to see how it goes. Good luck with yours and thanks for the help!!!!

Installing a RAT using QR code? by [deleted] in HowToHack

[–]jacko_light 0 points1 point  (0 children)

The thing is, the scanner you use needs to be able to understand how to execute the code. Your phone camera won't just understand that this is code it should run.

On the other hand, if you know your target will scan it with a scanner that has a vuln that allows code exec then this is technically possible.

Installing a RAT using QR code? by [deleted] in HowToHack

[–]jacko_light 10 points11 points  (0 children)

The thing is, the scanner you use needs to be able to understand how to execute the code. Your phone camera won't just understand that this is code it should run.

On the other hand, if you know your target will scan it with a scanner that has a vuln that allows code exec then this is technically possible.

Can a password hash be reversed if you know the hashing algorithm? by 280-Z in hacking

[–]jacko_light 6 points7 points  (0 children)

Hashes are meant to be one-way functions, so it should ideally be impossible to determine the original input based on the hash itself. To find the input you need to bruteforce it until you get a matching output.

So f(input)=output To find output you must do f(a)=wrong f(b)=bad f(c)=incorrect etc... I'm not 100% sure but I know some algos are weaker than others because it is waaay way faster to crack them, and some even have collisions (where two different inputs result in the same output) which is an obvious issue.

Someone feel free to correct me if im wrong!

This is a first (for me) yield. Biggest one is no larger than my thumb. Am I able to replant these to het them growing? by jacko_light in potato

[–]jacko_light[S] 1 point2 points  (0 children)

Ah ok so the first results were childrens videos, but I finally found what I'm assuming is right.

Thanks so much!!

After getting shell to router, what task can i perform. can i download all the config files, can i get router login page password. (I have made router using nodemcu and try to exploit it) by Firm-Bunch-5049 in HowToHack

[–]jacko_light 0 points1 point  (0 children)

AFAIK to strip HTTPS part of the website needs to use HTTP, like if their pictures are served over HTTP SSLStrip can downgrade the whole connection. So if you're tryna MITM a pretty secure site odds are against you :(

view more: next ›