DroidKali
140 posts
原来台式机没有GPS模块也能靠WiFi定位?我访问了北京竞心科技有限公司的LBS仓库(cellocation.com),根据自己的相关信息查询了下,得到的结果相当精准!
不仅有国内基站、WiFi正反查询,还有经纬度转换接口,可以把加密的GCJ02(火星坐标系)转到未加密的WGS84(世界大地测量系统),解决偏移问题。
这些数据源匪夷所思,这种小公司若是开着一台测绘车接收数据那也不止,跑遍全国再算上人力成本纯纯不可能。唯独能想到的是有厂商无线网卡在扫描周围无线WiFi信号时进行上报,或是国内部分SDK(像是美团的接口)泄露得来。我才在想,公司搬到新场地后,员工连WiFi点餐的位置都还在原地区,令人细思极恐。
如果假设成立,那么判断你是哪里人就非常容易了。像Cellular-Z这类测试软件,在取得电话权限后就可以知道本机的关键信息,足以配合上述的接口完成基站定位。连极度受限的浏览器,都可以通过WebRTC获取真实IP,以User-Agent判断时区和语言,最基础的用户画像就组好了。
中文
Maybe another backup tool for the kali nethunter chroot backups.
Faster than Tar and more secure than Tar!
github.com/restic/restic.…
#backing-up-your-system-without-running-restic-as-root" target="_blank" rel="nofollow noopener">restic.readthedocs.io/en/stable/080_…
@yesimxev @kimocoder @kalilinux @androidmalware2
English
English
How To Install NetExec In Kali Linux 2024 | Bye Bye CrackMapExec ☹️
youtu.be/nOfK0YmeZV4?si… via @YouTube
YouTube
English
@Infosecpat @YouTube Can you install netexec in nethunter?
English
Today - for the first time ever - I wrote a text for the WPS Pixie Dust WIFI attack. Never faced that one in any environment before 😂
So funny to see there are really still exploitable systems.
English
@ProbiusOfficial @ckcsec 笑死,之前我也遇到过,陪别人给人家学员做CTF培训,结果学员一个个连环境都不会配,burp也装不上我就给他们一个个配了一个下午的环境
中文
太抽象了,进门找不到插卡的地方,
一看,插卡在柜子后面(
空调控制器在上面(
电视打开是tfboys(
外面全是小卡片(
什么buff酒店()
中文
@jiyilide @momika233 至少我的4.7 hash 能对上
# Cobalt Strike 4.7 (August 17, 2022)
c1cda82b39fda2f77c811f42a7a55987adf37e06a522ed6f28900d77bbd4409f
日本語
@cxaqhq @momika233 hash对不上的,从4.5以后客户端和teamserver就分离了,流传出来的都是从原版jar包里解压出来的客户端jar和TeamServerImage文件,自然对不上hash
中文
@jiyilide @androidmalware2 QCACLD-3 SoCs have packet injection. But only on some platforms
English
WiFi spam using Android
You can generate SSIDs using rooted Android with an external WiFi adapter. If combined with deauthentication, it might be an interesting local advertising tool 😀
github.com/adamff-dev/WiF…
English
@androidmalware2 Because the internal WiFi chipset doesn't support packet injection function
English
🇨🇳 DingTalk Database Leaked
The threat actor announced that it accessed the elasticsearch servers of Alibaba subsidiary DingTalk and compromised some data. DingTalk is an enterprise communication and collaboration platform developed by Alibaba Group. The compromised data allegedly includes people's pictures, contact names, addresses, emails, phones and detailed reports on their work performance.
#China #Darkweb #Leak #Dingtalk
English
@viehgroup If there has a form table, you can just simple run
sqlmap --random-agent --form -u "<URL>"
English
Find SQL Injection 🔥 on Login Pages: 🤯 🔥
➡ sqlmap -u "<URL>" --data "username=admin&password=admin" -p "username,password" --method POST
Credit: Ashok Karki
#sqlinjection #sqlquery #login #vulnerability #bugbounty #bugbountytips #vapt #infosec #recon #bughunting
English
@Dennys_rev @androidmalware2 @tech @0dayCTF You can also use the nRFConnect app to done this and it does not required kernel support
English
English
You can locally #DoS iOS devices even in #Airplane mode while on lock-screen using Flipper or Android
It is possible due to the latest dev build of Unleashed #FlipperZero firmware that can spoof these pop-ups (kudos @tech @0dayCTF)
Blog: mobile-hacker.com/2023/09/07/spo… #NetHunter
English
