|
Cup Runneth Over posted:Markov chains are two thousand and late. Anyone can spin up GPT-2 on their home computer and start spitting these takes out. even better, when reddit did its imposter april fools, I just recorded all the data and now randomly post it to twitter: https://twitter.com/BotImposter
|
#
¿
Jun 1, 2020 21:21
|
|
|
|
| # ¿ Apr 25, 2024 03:26 |
|
|
NPR Journalizard posted:I once had to have a bank password that was exactly 8 characters long. No more, no less. That is when you are working with old as poo poo databases with a fixed width on the field, if they are limiting you to 8char, that means /somewhere/ can't take a password longer then that, OR is storing it in the clear, OR its like DES and can only store 8chars
|
|
#
¿
Jun 3, 2020 14:35
|
|
|
Hrm.. Thats a interesting idea, making a rclone mount of SA Forums... Time to start hacking!
|
|
#
¿
Aug 28, 2020 22:32
|
|
|
CyberPingu posted:Thats not training people really, its teaching them to be script kiddies. MS is a means to a end. It really depends on what you are doing. I find its better to understand the issue of why the exploit even works so you can tell blue team how to prevent a issue like this from being a issue in the first place!
|
|
#
¿
Sep 3, 2020 21:50
|
|
|
CyberPingu posted:Dont get me wrong its a great tool. Especially for time based poo poo like CTFs. But personally, if I was building Pen Test training id try stay away from it until the course covers how the exploits work. Its pointless getting someone to run Eternal Blue in a test environment without them understanding the whys and hows as thats not teaching someone properly how to look for things. and the dangers of running random exploits on systems. Don't forget that most of the NSA Exploits have something like a 45% BSOD rate.
|
|
#
¿
Sep 4, 2020 14:30
|
|
|
CyberPingu posted:Yep, Well... The RCEs can cause DoS in most of the service/kernel level exploits. MS17-10 loves to BSOD boxes that have been running too long.
|
|
#
¿
Sep 4, 2020 14:51
|
|
|
CyberPingu posted:They have to be Ruby modules had to do that for a iDrac exploit, had coded IP/PORT in the C code that got cross compiled into another processor (Its the same processor as the dreamcast!) Kali didn't have GCC for it anymore. that to spin up a old debian VM and hand compile it. then edit the crap out of the python script to skip the compile and just send it the elf I had hand compiled.
|
|
#
¿
Sep 4, 2020 14:57
|
|
|
CyberPingu posted:Amazing. My DA Path for that pentest was iDrac>Esxi>Old Windows Template>Extract Local Admin Password>Unused, scan network for ssh>found vsphere ssh with that password>clone DC into a new VM>extract krbtgt hash>Create domain admin user using golden ticket -- One of the more interesting pens the exploit was CVE-2018-1207 I do other hacking shenanigans over at https://www.youtube.com/watch?v=PtCk3OMeV5g
|
|
#
¿
Sep 4, 2020 15:01
|
|
|
|
| # ¿ Apr 25, 2024 03:26 |
|
|
loving RIP this doesn't surpise me at all. those nerds can't even comply with 800-171
|
|
#
¿
Aug 22, 2021 02:21
|
|