Jack – Page 6 – WindowsTechs.com

Is this a secure crossdomain.xml setup?

Posted on June 18, 2018 by Jack

<cross-domain-policy>
<site-control permitted-cross-domain-policies=”master-only”/>
<allow-http-request-headers-from domain=”*” headers=”*”/>
<allow-access-from domain=”*” to-ports=”80″/>
<allow-acc… Continue reading Is this a secure crossdomain.xml setup?→

What is ScriptSafe’s "Client Rectangles" and what information does it leak?

Posted on May 17, 2018 by Jack

Just wondering how this one affects the privacy and security because it breaks a lot of sites displaying images for example.

Continue reading What is ScriptSafe’s "Client Rectangles" and what information does it leak?→

protection from Backdoor hacks from disgruntled developer/ employee

Posted on May 5, 2018 by Jack

I created a ecommerce site with a developer. He completed almost all his work but in the end we had some financial disagreements so our partnership ended in a bitter dispute. That developer threatened to hack my site using a … Continue reading protection from Backdoor hacks from disgruntled developer/ employee→

Can the person who buys my old number access my old Viber contacts?

Posted on April 30, 2018 by Jack

I was using Viber on my old phone. I stopped using that SIM card/number and stopped using that phone. I forgot to deactivate my Viber account. When my old SIM card carrier sells my old number to a new person, does that person… Continue reading Can the person who buys my old number access my old Viber contacts?→

How to manually export iisWasKey?

Posted on April 11, 2018 by Jack

I know how to export RSA Key from windows. The command below can do it:

aspnet_regiis -px “iisWasKey” “D:\iisWasKey.xml”

But I need a manual way to export RSA Key and import it to a new server.
My server has broken down … Continue reading How to manually export iisWasKey?→

"The requested URL "[no URL]", is invalid." does this mean possible subdomain takeover

Posted on February 24, 2018 by Jack

I was testing a site on hackerone, and found the subdomain image.email.example.com

I noticed it showed this error message: “The requested URL “[no URL]”, is invalid.” and was hosted on AkamaiGHost.

Does this error message m… Continue reading "The requested URL "[no URL]", is invalid." does this mean possible subdomain takeover→

How to encrypt files on my SD card and still be able to access them on my phone seamlessly?

Posted on January 9, 2018 by Jack

I’m looking for a way to encrypt files on my SD card in a way that I could still access them on my phone without huge delays if the file is big (100mb).

Is there such a way to do it? I’m using Android and Windows, though I c… Continue reading How to encrypt files on my SD card and still be able to access them on my phone seamlessly?→

Odd searches returned at the end of homepage url; possible to exploit?

Posted on December 31, 2017 by Jack

I’m penetration testing a website right now (they have a policy and a system for it), and I noticed that the search feature filters brackets.

After some messing around, I also noticed if you search this: <%20> it retu… Continue reading Odd searches returned at the end of homepage url; possible to exploit?→

Printer Driver Threats

Posted on October 20, 2017 by Jack

In an environment where users connect their devices to printers through USB, the device will be prompted to install its driver if it’s the first time. As far as I’m aware for OSX, the drivers are downloaded from Apple and you… Continue reading Printer Driver Threats→

How can a website find an IP behind a proxy using DNS methods?

Posted on October 3, 2017 by Jack

I read a whitepaper from Iovation in which they discussed unmasking the
IP behind a proxy.

“The method wherein the connecting host is an anonymizing proxy or
intermediate device, measuring inconsistencies in Geolocati… Continue reading How can a website find an IP behind a proxy using DNS methods?→