Comments on: My first pentest on a friend’s network /my-first-pentest-on-a-friends-network/ A place for my thoughts when I was starting to break into the information security feild Wed, 30 Oct 2024 17:15:23 +0000 hourly 1 https://wordpress.org/?v=6.6.2 By: Graeme Robinson /my-first-pentest-on-a-friends-network/#comment-4025271 Fri, 20 Mar 2015 16:01:42 +0000 /?p=227#comment-4025271 In reply to mike.

That’s a great idea, nice one. Unfortunately he’s tightened up his security and removed most of the attack surface that I used, so I’d have to start all over.

]]> By: mike /my-first-pentest-on-a-friends-network/#comment-3772195 Tue, 03 Mar 2015 21:05:43 +0000 /?p=227#comment-3772195 Hey. Just wondering — what about sniffing the UnRAID credentials? You said that it’s running over basic access authentication, which is only base64 encoded. Maybe that interface is running over HTTPS, but you now have root so you can get the certificate for that, start sniffing traffic, and then have your friend log into UnRAID. You could even sabotage UnRAID to force him to login and fix it if asking him to log in is not realistic.

]]> By: Graeme Robinson /my-first-pentest-on-a-friends-network/#comment-174276 Tue, 02 Sep 2014 12:41:51 +0000 /?p=227#comment-174276 In reply to Ariel Barnatan.

I’m not sure as I don’t have an UnRAID box myself, but I can’t see why not. I know someone who uses UnRAID and probably also uses transmission so I can ask them if you’d like?

Update: Oh – this person used both, though transmission wasn’t running on his UnRAID sever. I’ll ask them if they moved transmission over to the UnRAID

]]> By: Ariel Barnatan /my-first-pentest-on-a-friends-network/#comment-174266 Tue, 02 Sep 2014 12:05:45 +0000 /?p=227#comment-174266 hi Graeme, very interesting article. i wonder if you know – is it possible to password-protect the transmission webgui under UNRAID?

]]> By: stejkenzie /my-first-pentest-on-a-friends-network/#comment-158 Tue, 14 May 2013 15:55:57 +0000 /?p=227#comment-158 In reply to Graeme Robinson.

I think I love you! Thank you very much 😀

]]> By: Graeme Robinson /my-first-pentest-on-a-friends-network/#comment-157 Tue, 14 May 2013 14:51:05 +0000 /?p=227#comment-157 In reply to stejkenzie.

Done, check the top of the column on the right just under the beans!

]]> By: stejkenzie /my-first-pentest-on-a-friends-network/#comment-156 Mon, 13 May 2013 16:49:51 +0000 /?p=227#comment-156 Well, I would like to subscibe to your blog. Frequency of updates doesn’t matter, at least you won’t spam my RSS reader 😉 But of course, that depends on you, I never set up RSS feed before so I have no idea how much trouble it is.

]]> By: Graeme Robinson /my-first-pentest-on-a-friends-network/#comment-155 Mon, 13 May 2013 13:43:51 +0000 /?p=227#comment-155 In reply to stejkenzie.

Hi Martin,

Thanks for the comment. To be honest I didn’t think I would update this blog often enough that anyone would want to subscribe to an RSS feed, but if you’d like I can probably set that up?

]]> By: stejkenzie /my-first-pentest-on-a-friends-network/#comment-154 Mon, 13 May 2013 13:32:44 +0000 /?p=227#comment-154 I didn’t believe those skills from hackthissite/nebula could be of any use, but you proved me wrong! Nice job man, I love this article. Just one consideration for you: how about creating RSS feed for your website? 🙂

]]>