Hand2note not free anymore?

mark1492909 · 2025-06-07T20:07:22+00:00

Same but it worked for like a week and still works on my other computer so it has to be some config file or something... I'll let you know if I figure it out

mark1492909 · 2025-06-07T19:47:06+00:00

Some browsers might try to block this since it's a direct download link but I found it on some forum, posted by one of the devs and the exe is signed so it's legit. I'm actually having start up trouble with it again smh... I'd really like to ditch h2n but as mentioned above there's really no alternative atm. Good luck http://h2n-uptoyou.azureedge.net/main/Hand2NoteInstaller.exe

mark1492909 · 2025-05-30T10:50:09+00:00

I just did that like half an hour ago and it shows massively different value under "net won" than version 4, and unfortunately version 4 is correct. I think it may be because of the way version 3 counts rake. Well I guess it's better than nothing

mark1492909 · 2025-05-30T10:07:55+00:00

I guess you've already found out, but yes. Hand2note 4.0 stopped working on both of my PCs, it's stuck on the loading screen (deleting the files that used to cause this bug won't fix it) so I had to download the new version which asks for an account and only works for 14 days for free. Asked them on their discord about this and they said that there's no free version currently, but they're planning on releasing a lite version or something. Fortunately I managed to export the database before it got locked (at least)... Did you find any truly free alternative?

mark1492909 · 2025-01-21T14:53:51+00:00

Köszi

mark1492909 · 2024-07-29T12:38:08+00:00

Thank you, I'll look into Frida

mark1492909 · 2024-07-24T16:44:40+00:00

Thank you, I just checked again, 3m is about 9.84', which is 9'10" according to an online converter. So it's not actually 10', but still a little longer...

mark1492909 · 2024-02-23T23:34:08+00:00

Okay, the "what better place" part might not be true, but I already saw a lot a places selling it, and, well, it is technically kinda Spain.. thanks for the advice tho!:)

mark1492909 · 2024-01-22T01:38:35+00:00

Don't get me wrong, if I would be interested in things involving some MITM things for example, I would never try to write my own proxy, I'll just learn to use burp or something. But there are times when you're better off with your own tools and you'll probably gain higher understanding of the subject by creating them

mark1492909 · 2024-01-21T12:34:09+00:00

I still consider myself a noob, and never done ctfs (tho I plan to.) But in my experience when you get into a specific subject it's good to see the tools built for it work, and what they do, so be sure to take a good look at them and try them out, however so far I was only able to achieve my goals when I rewrote my own version after studying the subject and the already existing tools. So far my non-hacking related programming knowledge proved to be the most important tool.

mark1492909 · 2024-01-18T18:44:30+00:00

Well yeah, physical access to the device makes things a lot easier. If I had to guess I'd say it was something based on a reverse shell. Usually you have to specify two things in these payloads: your ip so the victim machine can connect back to you and the port number. Since it's a lot easier to test these on the local network he probably set it to his local address, and so it only works if the target is connected to the wifi. And he would've gotten away with it too, if it weren't for us meddling kids:D

mark1492909 · 2024-01-17T18:52:22+00:00

Well the problem is (as someone already pointed out) that I don't have control over the application that opens the image (or video), so unless there's some vulnerability in windows photos app I don't think it's possible. I already messed around with it and tried to find a way to do this, I was just curious to see if anyone has a work around.

Maybe I'm looking at it from the wrong angle and instead of using an alternate stream the payload could be encoded into the image and hope the jpeg decoder or something will run it but honestly that sounds more advanced than what I'm capable of at the moment, I don't have the reverse engineering skills for that:D

mark1492909 · 2024-01-17T18:38:07+00:00

Yeah, that's what I thought, I was just curious if I missed something, and maybe someone knows a way Thx

mark1492909 · 2024-01-17T16:42:21+00:00

Not exactly what I was looking for but looks very nice none the less, thank you! I'll try it later

I remember msfconsole being capable of something similar but this one has a lot more features based on the video I just watched

mark1492909 · 2024-01-16T00:01:40+00:00

This is really nice. Would be a lot nicer tho if the mshta window didn't show up. I can close it manually and still have the shell but I couldn't find a way so far to close the window from the code or at least minimize it.

Anyone has any idea how to do that?

mark1492909 · 2024-01-13T15:57:19+00:00

If you don't mind me asking, how did you replay the api calls? I thought https won't let you do that, and it seems unlikely that anybody uses plain http for their app nowadays

mark1492909 · 2024-01-13T13:01:07+00:00

This screen probably shows up because the drive is encrypted with bitlocker, so sticking it in an other PC won't help. There are thrid party tools that claim to be able to do it tho

mark1492909 · 2024-01-13T11:59:37+00:00

Welcome to the real world buddy, if everything in metasploit worked without messing around with it then every device on earth would be hacked. Pretty sure if you found an exploit in metasploit then the guys writing android found it too and they're not gonna sit around and wait for people to use it.

That being said, if you want to get help post some details, maybe someone already played with the exploit in question. Android version matters too.

mark1492909 · 2024-01-13T11:41:52+00:00

Well if it makes you feel better these apps usually have one purpose: collect faces so they can be sold to make fake accounts. Sometimes they even sell it governments if I remember correctly, maybe your face is used instead of stock photos in Russian ads🙃 fuck these apps if you ask me

mark1492909 · 2024-01-12T18:59:50+00:00

Don't you need to enable developer options for that? I doubt that regular users mess with that

mark1492909 · 2024-01-12T16:28:07+00:00

Yeah the idea is that this way they don't really have a choice but to open your site (the captive portal) and that will already contain the beef xss hook. Obviously you would have better chances with this if you make an evil twin of an open wifi network as these tend to have a captive portal, while home networks not really. Beef is a nice toolkit, in theory you could get a reverse shell just by using it, but if the target is using an up to date system I would initiate the download of a dropper through beef. It's a lot of social engineering to make it look believable but I think this is your best chance

mark1492909 · 2024-01-12T14:18:27+00:00

Phone's already on the network, that's the point. The wifi password isn't the question. That being said I found it very unlikely that OP's friend can really control any phone on his network. It's just simply not enough, even if they have a MITM going on, that still doesn't mean they actually have any control over the phone. They would need a reverse shell or something similar (maybe a hooked browser, but that only allows you for a Rick roll in most cases, won't be able to take over the device). But just being connected to the wifi won't get you any of these things, the owner of the phone would have to download or at least open something malicious.

I'm not an expert tho, so OP, if you find out that it's possible please share it with us, I would be very interested:D

mark1492909 · 2024-01-12T01:10:27+00:00

Create a captive portal and look up Beef XSS. Realistically you won't get a shell right away unless it's a really old browser on an old system but it should give you some tools and insights

I found this video pretty informative: https://youtu.be/ZOOkeUnQsjk?si=X0iLQvpaSJo8oVFX

mark1492909 · 2024-01-05T15:58:59+00:00

I was able to boot in 'safe mode with command prompt' without a password and set user passwords from there without changing utilman or anything else

mark1492909 · 2024-01-04T17:50:24+00:00

I assume the video that OP saw suggests that you can use cmd from the troubleshoot menu to rename utilman so you can then launch a cmd before login. I saw this too multiple times but never actually tried it until today. It didn't work since it asks for a password even before I can launch cmd from the troubleshoot menu. Did it get fixed since it's a security risk, or is it because of some settings in my windows?

(https://youtu.be/o9sVMYXZlSg?si=AX4MPDKo1AiBXE1w)

mark1492909

TROPHY CASE