Jump to content
Hak5 Forums

All Activity

This stream auto-updates     

  1. Past hour
  2. [RELEASE] Bash Bunny Firmware v1.5

    not sure what I'm doing wrong , used the code with lates firmware , it dose not detect OS , tried on windows 10,7 and MAC OS.
  3. Aireplay-ng deauth attack not working?

    Thank you! I had tried to change the channel, as I had an idea it had something to do with this, but apparently i changed it the wrong way. Much appriciated.
  4. Today
  5. Aireplay-ng deauth attack not working?

    You are trying to deauth while channel hopping. No workie. Your command for airodump-ng is not locking onto a particular AP nor is it locking onto a channel. If you want to deauth without airodump-ng running you will need to manually change your channel. sudo iwconfig mon0 channel <channel of ap> After that it should find it. If you are using airodump-ng then put in the bssid of the AP so it can lock onto it or even add the "-c" option and the channel number to lock it to a channel the AP is on and then it will find it. aireplay-ng does not have the ability to change its channel. It uses whatever channel the interface is currently on.
  6. If I want to run my tetra without the antennas, to work with software or other things, is this the safe and effective way to do it? A 50 ohm terminated SMA Male. I am noting this one is only rated to 3ghz but I'm not sure that actually matters. http://www.rfsupplier.com/coaxial-termination-loads-male-connector-p-1562.html
  7. ovpn payload

    Your totally right, anyway im off to get my eyes tested!
  8. Canon Connect Station CS100

    Hi @nimrud! First of all, thank you very much for all your work. Hopefully we can hack this thing! I bought 2 and I wanted to know you have only connected the hard drive to linux or you have connected the whole device. These Linux commands, what exactly do they do? Install debian? Do you install the WDTV OS? What do you have to do and put exactly to prove? I do not understand too much about hacking or linux but I am willing to try! Thanks again for your work. Greetings!
  9. Metasploit

    Afternoon all, I'm new to this so go easy... I have a local network of VM's - an XP machine, a Server 2008 machine and a Kali machine all connected to a 'host only' network within VMWorkstation. The XP and SRV2008 are both fresh installs so there's nothing else installed on them. I am trying to demo exploits using Armitage. I run the msf scan and find the hosts no problem. I then scan for attacks and the right click menu seems to change for each host, however none of them get the 'lightening bolt' to show that it can be exploited. I've tried running multiple random attacks from the right click menu however they all seem to fail with either 'timed out' or 'connection refused' errors. No firewalls on, Kali up to date etc. Any help appreciated.
  10. Aireplay-ng deauth attack not working?

    Thanks I'll try mdk3, I just don't understand why this one isn't working. I heard that the '0' was endless packages, thats why I put that. I tried with 1 with the same result, but I'll test it with 10.
  11. SSID Identification

    I have a Wifi Pineapple Nano and plan on using this device for Rogue Access Point detection. Is this the best option for doing this or should I use something else such as AirSnort. So we have two different wireless networks at our business, they all have multiple routers distributed throughout the building. However we do not know which routers are where. We have a list of the MAC addresses, manufacturer, device model and IPs associated with the SSIDs. However when I run a recon, I do not detect any of the SSIDs and they are indeed set to broadcast. I detect quite a few devices with a "Hidden SSID". When I run the PineAP feature, I get a list of quite a few SSIDs in my pool, but I have not figured out how to associate those SSIDs with the MAC. Again I am not sure that I am using the correct tool here. I really just want to verify that there are no RAPs in my facility.
  12. Aireplay-ng deauth attack not working?

    try mdk3. It should do the trick. By the way. Change this part. -0 0 -0 10 Send ten packets instead of zero.
  13. Hey. I'm having some trouble kicking clients off a certain access point. Everything seems to be working fine, until i launch the aireplay-ng deauth attack, I have double checked the MAC addresses, of both the AP and client. I tried changing the channel manually when I set up airmon-ng wlan0 'channel' to match the AP but it doesn't seem to help. Commands i use: Sudo ifconfig wlan0 down sudo airmon-ng start wlan0 sudo airodump-ng mon0 sudo aireplay -0 0 -a 'MAC of access point' -c 'MAC of client' mon0 It replies: "Waiting for beacon frame (BSSID: "...") on channel 9 "No such BSSID available" I have tried putting in the ESSID insted with -e "ESSID of access point", but it returns the same. There's a link for screenshots here: https://imgur.com/a/Q7c8t Any suggestions ?
  14. Canon Connect Station CS100

    I have a chrooted debian squeeze running! I found that the SoC it's very similar to the WDTV, so I gave it a try... tanks to http://b-rad.cc/ This means you can install available programs trough apt, but module dependant programs will not run (but at first step I think it's a huge one!) More or less the steps I followed: cd /home wget http://files.wdlxtv.de/debian-squeeze.img.tgz mkdir /home/debian tar xzvf debian.tar.gz -C /home/debian mount -o loop debian-squeeze.img /home/debian/ mount -t proc proc /home/debian/proc mount -t sysfs sys /home/debian/sys mount -o bind /dev /home/debian/dev mount --bind /dev/pts /home/debian/dev/pts chroot /home/debian/ /bin/bash echo 'Acquire::Check-Valid-Until "false";' >/etc/apt/apt.conf.d/90ignore-release-date echo "deb http://archive.debian.org/debian squeeze main" > /etc/apt/sources.list echo "deb http://archive.debian.org/debian squeeze-lts main" >> /etc/apt/sources.list apt-get update ... use it under your own responsability!
  15. Canon Connect Station CS100

    result of mtd_dumpxenv.sh (0x00) 4 x.boot 00.58.00.00. 0x00005800 (0x00) 4 z.stage1_ga 00.00.60.81. 0x81600000 (0x00) 4 x.pll.1.pll 24.00.00.01. 0x01000024 (0x00) 4 x.mux 01.02.00.00. 0x00000201 (0x00) 4 x.ddr.0.density 06.00.00.00. 0x00000006 (0x00) 4 x.ddr.1.density ff.ff.ff.ff. 0xffffffff (0x00) 4 x.ddr.grade 04.00.00.00. 0x00000004 (0x00) 4 x.ddr.fmin_mhz 5e.01.00.00. 0x0000015e (0x00) 4 x.ddr.fmax_mhz 8f.01.00.00. 0x0000018f (0x00) 4 x.ddr.method 50.31.01.10. 0x10013150 (0x00) 4 x.ddr.verbose 01.00.00.00. 0x00000001 (0x00) 4 a.avclk_mux 00.00.40.17. 0x17400000 (0x00) 4 a.hostclk_mux 31.01.00.00. 0x00000131 (0x00) 4 a.pll.1.div 0f.06.00.00. 0x0000060f (0x00) 4 a.cd0_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd1_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd2_freq 00.d8.b8.05. 0x05b8d800 (0x00) 4 a.cd3_freq 00.87.93.03. 0x03938700 (0x00) 4 a.cd4_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd5_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd6_freq 00.d8.b8.05. 0x05b8d800 (0x00) 4 a.cd7_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd8_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd9_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd10_freq 00.00.00.00. 0x00000000 (0x00) 4 a.cd11_freq 00.00.00.00. 0x00000000 (0x00) 4 a.irq_rise_edge_lo 06.ca.28.ff. 0xff28ca06 (0x00) 4 a.irq_rise_edge_hi 1f.00.10.8c. 0x8c10001f (0x00) 4 a.irq_fall_edge_lo 00.c0.00.00. 0x0000c000 (0x00) 4 a.irq_fall_edge_hi 00.00.00.00. 0x00000000 (0x00) 4 a.gpio_irq_map 00.08.0a.00. 0x000a0800 (0x00) 4 a.pcidev1_irq_route 01.01.01.01. 0x01010101 (0x00) 4 a.pcidev2_irq_route 01.01.01.01. 0x01010101 (0x00) 4 a.pcidev3_irq_route 01.01.01.01. 0x01010101 (0x00) 4 a.pcidev4_irq_route 01.01.01.01. 0x01010101 (0x00) 4 a.gpio_dir 0c.4b.10.00. 0x00104b0c (0x00) 4 a.gpio_data 0c.40.10.00. 0x0010400c (0x00) 4 a.pb_def_timing 02.02.08.03. 0x03080202 (0x00) 4 a.pb_cs_config 03.00.33.00. 0x00330003 (0x00) 4 a.pb_cs_config1 00.00.00.00. 0x00000000 (0x00) 4 a.pb_cs_ctrl 22.00.00.00. 0x00000022 (0x00) 4 a.pb_timing0 02.02.08.03. 0x03080202 (0x00) 4 a.pb_use_timing0 f3.03.00.00. 0x000003f3 (0x00) 4 a.uart_used_ports 07.00.00.00. 0x00000007 (0x00) 4 a.uart_console_port 00.00.00.00. 0x00000000 (0x00) 4 a.baudrate 00.c2.01.00. 0x0001c200 (0x00) 4 a.uart0_gpio_mode 6e.00.00.00. 0x0000006e (0x00) 4 a.uart0_gpio_dir 00.00.00.00. 0x00000000 (0x00) 4 a.uart0_gpio_data 00.00.00.00. 0x00000000 (0x00) 4 a.uart0_baudrate 00.c2.01.00. 0x0001c200 (0x00) 4 a.uart1_gpio_mode 6e.00.00.00. 0x0000006e (0x00) 4 a.uart1_gpio_dir 00.00.00.00. 0x00000000 (0x00) 4 a.uart1_gpio_data 00.00.00.00. 0x00000000 (0x00) 4 a.uart1_baudrate 00.c2.01.00. 0x0001c200 (0x00) 4 a.uart2_gpio_mode 7f.7f.00.00. 0x00007f7f (0x00) 4 a.uart2_gpio_dir 1d.1f.00.00. 0x00001f1d (0x00) 4 a.uart2_gpio_data 19.19.00.00. 0x00001919 (0x00) 4 a.uart2_baudrate 00.c2.01.00. 0x0001c200 (0x00) 4 a.ezb_origin 06.02.00.00. 0x00000206 (0x00) 4 a.stage2_origin 00.00.00.00. 0x00000000 (0x00) 4 a.scard_5v_pin 02.00.00.00. 0x00000002 (0x00) 4 a.scard_cmd_pin 01.00.00.00. 0x00000001 (0x00) 4 a.scard_off_pin 00.00.00.00. 0x00000000 (0x00) 17 a.board_id 63.6d.73.74.31.5f.4d.54.44.2d.63.75.73.74.6f.6d.00. cmst1_MTD-custom (0x00) 97 xmb.comment 2d.2d.2d.20.72.65.76.69.65.77.20.78.6d.61.73.62.6f.6f.74.2f.63.6f.6e.66.69.67.73.2f.70.65.67.61.38.36.37.33.5f.4d.54.44.2d.63.75.73.74.6f.6d.2e.63.6f.6e.66.69.67.20.66.6f.72.20.64.65.74.61.69.6c.73.20.5b.78.6d.62.64.30.2d.65.7a.62.6f.6f.74.63.65.2d.6e.61.6e.64.5f.73.74.32.5d.20.2d.2d.2d.0a. --- review xmasboot/configs/pega8673_MTD-custom.config for details [xmbd0-ezbootce-nand_st2] ---. (0x00) 4 a.enable_devices f8.03.23.00. 0x002303f8 (0x00) 15 a.eth1_mac 30.30.3a.31.36.3a.65.38.3a.30.30.2f.32.35.00. 00:16:e8:00/25 (0x00) 4 a.cs0_rsvd_pblk 00.08.00.00. 0x00000800 (0x00) 4 a.cs0_nand_timing1 06.0a.28.02. 0x02280a06 (0x00) 4 a.cs0_nand_timing2 28.06.04.08. 0x08040628 (0x00) 4 a.cs0_nand_devcfg 35.00.00.00. 0x00000035 (0x00) 4 a.cs0_nand_cfg1 19.00.da.01. 0x01da0019 (0x00) 4 a.cs0_nand_cfg2 bc.02.10.27. 0x271002bc (0x00) 4 a.cs0_nand_cfg3 40.00.5a.1a. 0x1a5a0040 (0x00) 4 a.sata_channel_cfg 27.85.00.00. 0x00008527 (0x00) 4 z.boot0 00.00.10.00. 0x00100000 (0x00) 4 z.boot0_in_virtualzone 01.00.00.00. 0x00000001 (0x00) 4 z.boot1 00.00.40.00. 0x00400000 (0x00) 4 z.boot1_in_virtualzone 02.00.00.00. 0x00000002 (0x00) 4 z.boot2 00.00.e0.00. 0x00e00000 (0x00) 4 z.boot2_in_virtualzone 02.00.00.00. 0x00000002 (0x00) 4 z.imatromfs_offset 00.00.e0.01. 0x01e00000 (0x00) 4 z.imatromfs_in_virtualzone 02.00.00.00. 0x00000002 (0x00) 4 z.imatromfs_size 00.00.40.00. 0x00400000 (0x00) 4 z.imatromfs_mm 00.00.00.00. 0x00000000 (0x00) 4 z.xmatromfs_offset 00.00.80.01. 0x01800000 (0x00) 4 z.xmatromfs_in_virtualzone 02.00.00.00. 0x00000002 (0x00) 4 z.xmatromfs_size 00.00.60.00. 0x00600000 (0x00) 4 z.xmatromfs_mm 00.00.00.00. 0x00000000 (0x00) 4 z.drm_keys_offset 00.00.14.00. 0x00140000 (0x00) 4 z.drm_keys_size 00.00.02.00. 0x00020000 (0x00) 4 z.drm_keys_in_virtualzone 01.00.00.00. 0x00000001 (0x00) 4 z.interactive_boot_idx_sel 01.00.00.00. 0x00000001 (0x00) 2 z.bootdev_order 00.01. .. (0x00) 9 y.testvar 79.61.6d.6f.6e.66.6f.6f.00. yamonfoo (0x00) 95 y.b0 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.76.20.30.78.30.31.30.30.30.30.30.20.30.78.61.34.61.30.30.30.30.30.20.30.78.30.34.30.30.30.30.20.30.3b.20.64.75.6d.70.20.72.6f.6d.66.73.20.30.78.61.34.61.30.30.30.30.30.3b.20.6c.6f.61.64.20.7a.62.66.20.30.78.61.34.61.30.30.30.38.30.3b.20.67.6f.00. nflash read -v 0x0100000 0xa4a00000 0x040000 0; dump romfs 0xa4a00000; load zbf 0xa4a00080; go (0x00) 94 y.b1 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.62.20.30.78.34.30.30.30.30.30.20.30.78.61.37.30.30.30.30.30.30.20.30.78.61.30.30.30.30.30.20.30.3b.20.64.75.6d.70.20.72.6f.6d.66.73.20.30.78.61.37.30.30.30.30.30.30.3b.20.6c.6f.61.64.20.7a.62.66.20.30.78.61.37.30.30.30.30.39.30.3b.20.67.6f.00. nflash read -b 0x400000 0xa7000000 0xa00000 0; dump romfs 0xa7000000; load zbf 0xa7000090; go (0x00) 94 y.b2 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.62.20.30.78.65.30.30.30.30.30.20.30.78.61.37.30.30.30.30.30.30.20.30.78.61.30.30.30.30.30.20.30.3b.20.64.75.6d.70.20.72.6f.6d.66.73.20.30.78.61.37.30.30.30.30.30.30.3b.20.6c.6f.61.64.20.7a.62.66.20.30.78.61.37.30.30.30.30.39.30.3b.20.67.6f.00. nflash read -b 0xe00000 0xa7000000 0xa00000 0; dump romfs 0xa7000000; load zbf 0xa7000090; go (0x00) 94 y.fb0 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.76.20.30.78.31.30.30.30.30.30.20.30.78.38.34.61.30.30.30.30.30.20.30.78.30.34.30.30.30.30.20.30.3b.20.64.75.6d.70.20.72.6f.6d.66.73.20.30.78.38.34.61.30.30.30.30.30.3b.20.6c.6f.61.64.20.7a.62.66.20.30.78.38.34.61.30.30.30.38.30.3b.20.67.6f.00. nflash read -v 0x100000 0x84a00000 0x040000 0; dump romfs 0x84a00000; load zbf 0x84a00080; go (0x00) 94 y.fb1 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.62.20.30.78.34.30.30.30.30.30.20.30.78.38.37.30.30.30.30.30.30.20.30.78.61.30.30.30.30.30.20.30.3b.20.64.75.6d.70.20.72.6f.6d.66.73.20.30.78.38.37.30.30.30.30.30.30.3b.20.6c.6f.61.64.20.7a.62.66.20.30.78.38.37.30.30.30.30.39.30.3b.20.67.6f.00. nflash read -b 0x400000 0x87000000 0xa00000 0; dump romfs 0x87000000; load zbf 0x87000090; go (0x00) 94 y.fb2 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.62.20.30.78.65.30.30.30.30.30.20.30.78.38.37.30.30.30.30.30.30.20.30.78.61.30.30.30.30.30.20.30.3b.20.64.75.6d.70.20.72.6f.6d.66.73.20.30.78.38.37.30.30.30.30.30.30.3b.20.6c.6f.61.64.20.7a.62.66.20.30.78.38.37.30.30.30.30.39.30.3b.20.67.6f.00. nflash read -b 0xe00000 0x87000000 0xa00000 0; dump romfs 0x87000000; load zbf 0x87000090; go (0x00) 91 y.commit 6e.66.6c.61.73.68.20.77.72.69.74.65.20.2d.76.20.30.78.63.30.30.30.30.20.24.78.65.6e.76.5f.61.64.64.72.20.30.78.32.30.30.30.30.20.30.3b.20.6e.66.6c.61.73.68.20.77.72.69.74.65.20.2d.76.20.30.78.65.30.30.30.30.20.24.78.65.6e.76.5f.61.64.64.72.20.30.78.32.30.30.30.30.20.30.00. nflash write -v 0xc0000 $xenv_addr 0x20000 0; nflash write -v 0xe0000 $xenv_addr 0x20000 0 (0x00) 38 y.get_xxenv 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.76.20.30.20.30.78.61.37.30.30.30.30.30.30.20.30.78.32.30.30.30.30.20.30.00. nflash read -v 0 0xa7000000 0x20000 0 (0x00) 11 y.xxenv_addr 30.78.61.37.30.30.38.37.34.38.00. 0xa7008748 (0x00) 102 y.xcommit 6e.66.6c.61.73.68.20.72.65.61.64.20.2d.76.20.30.78.30.30.31.38.30.30.30.30.20.30.78.38.34.30.30.30.30.30.30.20.30.78.32.30.30.30.30.20.30.3b.20.67.6f.20.30.78.38.34.30.30.30.30.30.30.3b.20.6e.66.6c.61.73.68.20.77.72.69.74.65.20.2d.76.20.30.20.30.78.61.37.30.30.30.30.30.30.20.30.78.32.30.30.30.30.20.30.00. nflash read -v 0x00180000 0x84000000 0x20000 0; go 0x84000000; nflash write -v 0 0xa7000000 0x20000 0 (0x00) 62 y.nwk 6c.6f.61.64.20.2d.62.20.74.66.74.70.3a.2f.2f.31.37.32.2e.33.30.2e.32.2e.32.31.32.2f.45.53.35.2f.76.6d.6c.69.6e.75.78.2d.6c.61.74.65.73.74.2e.62.69.6e.20.30.78.38.34.30.30.30.30.30.30.00. load -b tftp://172.30.2.212/ES5/vmlinux-latest.bin 0x84000000 (0x00) 116 y.nwg 67.6f.20.2e.20.72.6f.6f.74.3d.2f.64.65.76.2f.6e.66.73.20.6e.66.73.72.6f.6f.74.3d.31.37.32.2e.33.30.2e.36.33.2e.31.33.3a.2f.72.6f.6f.74.73.2f.64.65.62.69.6e.73.74.2d.79.6f.75.72.6c.6f.67.69.6e.20.69.70.3d.3a.3a.3a.3a.3a.3a.64.68.63.70.20.72.64.69.6e.69.74.3d.2f.6e.6f.6e.65.20.63.6f.6e.73.6f.6c.65.3d.74.74.79.53.30.20.6d.65.6d.3d.31.33.35.4d.42.00. go . root=/dev/nfs nfsroot=172.30.63.13:/roots/debinst-yourlogin ip=::::::dhcp rdinit=/none console=ttyS0 mem=135MB (0x00) 4 a.cs0_pblk_part1_offset 00.00.00.00. 0x00000000 (0x00) 4 a.cs0_pblk_part1_size 00.00.40.00. 0x00400000 (0x00) 4 a.cs0_pblk_part2_offset 00.00.40.00. 0x00400000 (0x00) 4 a.cs0_pblk_part2_size 00.00.a0.00. 0x00a00000 (0x00) 4 a.cs0_pblk_part3_offset 00.00.e0.00. 0x00e00000 (0x00) 4 a.cs0_pblk_part3_size 00.00.a0.00. 0x00a00000 (0x00) 4 a.cs0_pblk_part4_offset 00.00.80.01. 0x01800000 (0x00) 4 a.cs0_pblk_part4_size 00.00.60.00. 0x00600000 (0x00) 4 a.cs0_pblk_part5_offset 00.00.e0.01. 0x01e00000 (0x00) 4 a.cs0_pblk_part5_size 00.00.40.00. 0x00400000 (0x00) 4 a.cs0_pblk_part6_offset 00.00.20.02. 0x02200000 (0x00) 4 a.cs0_pblk_part6_size 00.00.00.06. 0x06000000 (0x00) 4 a.cs0_pblk_part7_offset 00.00.20.08. 0x08200000 (0x00) 4 a.cs0_pblk_part7_size 00.00.a0.00. 0x00a00000 (0x00) 4 a.cs0_pblk_part8_offset 00.00.c0.08. 0x08c00000 (0x00) 4 a.cs0_pblk_part8_size 00.00.40.07. 0x07400000 (0x00) 4 a.cs0_pblk_parts 08.00.00.00. 0x00000008 (0x00) 11 a.cs0_pblk_part1_name 62.6f.6f.74.62.6c.6f.63.6b.73.00. bootblocks (0x00) 11 a.cs0_pblk_part2_name 6d.61.69.6e.6b.65.72.6e.65.6c.00. mainkernel (0x00) 13 a.cs0_pblk_part3_name 72.65.73.63.75.65.6b.65.72.6e.65.6c.00. rescuekernel (0x00) 10 a.cs0_pblk_part4_name 78.6d.61.74.65.72.69.61.6c.00. xmaterial (0x00) 10 a.cs0_pblk_part5_name 69.6d.61.74.65.72.69.61.6c.00. imaterial (0x00) 13 a.cs0_pblk_part6_name 72.65.73.63.75.65.72.6f.6f.74.66.73.00. rescuerootfs (0x00) 12 a.cs0_pblk_part7_name 64.69.61.67.70.72.6f.67.72.61.6d.00. diagprogram (0x00) 9 a.cs0_pblk_part8_name 72.65.73.65.72.76.65.64.00. reserved (0x00) 36 a.linux_cmd 63.6f.6e.73.6f.6c.65.3d.74.74.79.53.30.20.72.6f.6f.74.64.65.6c.61.79.3d.31.30.20.6d.65.6d.3d.31.38.30.4d.00. console=ttyS0 rootdelay=10 mem=180M (0x00) 4 z.log2_xpu0_size 17.00.00.00. 0x00000017 (0x00) 4 z.dsp0_size 00.00.50.00. 0x00500000 (0x00) 4 z.zdata0_size 00.40.00.00. 0x00004000 (0x00) 4 z.uzdata0_size 00.c0.00.00. 0x0000c000 (0x00) 4 z.log2_xpu1_size 00.00.00.00. 0x00000000 (0x00) 4 z.dsp1_size 00.00.00.00. 0x00000000 (0x00) 4 z.zdata1_size 00.00.00.00. 0x00000000 (0x00) 4 z.uzdata1_size 00.00.00.00. 0x00000000 (0x00) 4 z.ruamm0_offset 00.00.40.0b. 0x0b400000 (0x00) 4 z.ruamm1_offset 00.00.00.00. 0x00000000 (0x00) 4 z.stage2_ga 00.00.00.80. 0x80000000 (0x00) 4 z.xos_public_mm 00.00.00.00. 0x00000000 (0x00) 4 z.log2_xos_public_size 11.00.00.00. 0x00000011 (0x00) 4 z.channel_index_mm 00.00.00.00. 0x00000000 (0x00) 4 z.ih_api_mm 00.00.00.00. 0x00000000 (0x00) 4 z.ios_mm 00.00.00.00. 0x00000000 (0x00) 4 z.ios_size 00.00.40.00. 0x00400000 (0x00) 4 z.splashscreen_enabled 01.00.00.00. 0x00000001 (0x00) 4 i.sp.scaler 04.00.00.00. 0x00000004 (0x00) 4 i.sp.digital_enable 01.00.00.00. 0x00000001 (0x00) 4 i.sp.component_enable 01.00.00.00. 0x00000001 (0x00) 4 i.sp.analog_enable 01.00.00.00. 0x00000001 (0x00) 4 i.sp.digital_standard 23.00.00.00. 0x00000023 (0x00) 4 i.sp.component_standard 65.00.00.00. 0x00000065 (0x00) 4 i.sp.analog_standard 7b.00.00.00. 0x0000007b (0x00) 19 i.sp.picture 73.70.6c.61.73.68.5f.70.69.63.74.75.72.65.2e.73.64.64.00. splash_picture.sdd (0x00) 4 i.sp.hdmi_chip 01.00.00.00. 0x00000001 (0x00) 4 i.sp.animation_enable 00.00.00.00. 0x00000000 (0x00) 4 i.dac.cav.bs f4.00.00.00. 0x000000f4 (0x00) 4 i.dac.cav.rs f4.00.00.00. 0x000000f4 (0x00) 140 a.ps.mt3_hs 1b.20.00.01.01.03.00.00.01.04.00.00.1a.00.14.35.2b.13.65.45.21.00.01.00.1a.00.14.35.2b.13.65.45.21.00.01.00.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0b.0c.0c.0c.0c.80.80.80.80.7d.7f.7d.7f.05.05.05.05.05.05.05.05.0c.0c.0c.0c.80.80.80.80.7c.7c.7a.7a.05.05.05.05.05.05.05.05. . .............5+.eE!......5+.eE!...........................................................................}.}.................||zz........ (0x00) 4 a.ps.pll2 00.00.00.00. 0x00000000 (0x00) 4 a.ps.pll0 00.00.00.00. 0x00000000 (0x00) 12 a.standby.mt3_hs 1f.80.00.01.01.00.00.00.01.04.00.00. ............ (0x00) 4 a.standby.pll2 00.00.00.00. 0x00000000 (0x00) 4 a.standby.pll0 00.00.00.00. 0x00000000 (0x00) 4 a.standby.gpio_dir 80.02.00.00. 0x00000280 (0x00) 4 a.standby.gpio_data 00.00.00.00. 0x00000000 (0x00) 4 z.xmat_microcode 00.00.00.00. 0x00000000 (0x00) 6 a.model_id 43.53.31.30.30.00. CS100 (0x00) 17 a.eth_mac 44.38.3a.34.39.3a.32.46.3a.46.36.3a.46.46.3a.41.42. D8:49:2F:F6:FF:AB (0x00) 12 a.sn 30.36.30.30.35.31.30.31.34.32.38.30. 060051014280 (0x00) 4 z.default_boot 01.00.00.00. 0x00000001
  16. Import modules

    ok im finish. TOPIC CLOSED
  17. Import modules

    hey please help. How I can import / replace modules? to Pineapple Tetra? https://github.com/esa101/NetworkingPlus i need this solution. Thanks
  18. CISSP

    Has anyone done the revamped CISSP? I'm planning on doing it and keen to learn how it was and how different it was to the previous CISSP format and subjects
  19. Network of Compromise

    If you are able to lock the network servers down to a point you are sure they can't be compromised, why not do the same to the clients. That should probably be easier as servers generally have to expose more services than clients to do their job. Segmentation is the base of a lot of hardening guides, is a good idea and is nothing new. I think the concept you are going for is the same as client isolation on a wireless network where devices are not allowed to talk to each other, only the AP and devices on the other side of it. If you subnet down to small groups or teams then that helps isolate them in the event of a compromise but as a lot of compromises bounce from workstation to server and the servers would need to have access to other groups, the network could still be traversed it would just be harder. More choke points introduce more chance of detection so that is a positive.
  20. Canon Connect Station CS100

    No much progress, just want to show the result of "binwalking" the dumped images of the mtd: mtdblock0.S34ML02G1.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 264408 0x408D8 CRC32 polynomial table, little endian 490424 0x77BB8 ZBOOT firmware header, header size: 32 bytes, load address: 0x01000000, start address: 0x00000100, checksum: 0x62616E55, version: 0x7420656C, image size: 1701847151 bytes 526552 0x808D8 CRC32 polynomial table, little endian 752568 0xB7BB8 ZBOOT firmware header, header size: 32 bytes, load address: 0x01000000, start address: 0x00000100, checksum: 0x62616E55, version: 0x7420656C, image size: 1701847151 bytes 1048576 0x100000 romfs filesystem, version 1 size: 220048 bytes, named "YAMON_XLOAD" 1310720 0x140000 romfs filesystem, version 1 size: 2896 bytes, named "DRMKEYS" 4194304 0x400000 romfs filesystem, version 1 size: 5761056 bytes, named "MIPSLINUX_XLOAD" 14680064 0xE00000 romfs filesystem, version 1 size: 5760912 bytes, named "MIPSLINUX_XLOAD" 25165824 0x1800000 romfs filesystem, version 1 size: 449584 bytes, named "xmaterial" 31457280 0x1E00000 romfs filesystem, version 1 size: 3975728 bytes, named "imaterial" 35651584 0x2200000 UBI erase count header, version: 1, EC: 0x1, VID header offset: 0x800, data offset: 0x1000 mtdblock1.bootblocks.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 264408 0x408D8 CRC32 polynomial table, little endian 490424 0x77BB8 ZBOOT firmware header, header size: 32 bytes, load address: 0x01000000, start address: 0x00000100, checksum: 0x62616E55, version: 0x7420656C, image size: 1701847151 bytes 526552 0x808D8 CRC32 polynomial table, little endian 752568 0xB7BB8 ZBOOT firmware header, header size: 32 bytes, load address: 0x01000000, start address: 0x00000100, checksum: 0x62616E55, version: 0x7420656C, image size: 1701847151 bytes 1048576 0x100000 romfs filesystem, version 1 size: 220048 bytes, named "YAMON_XLOAD" 1310720 0x140000 romfs filesystem, version 1 size: 2896 bytes, named "DRMKEYS" mtdblock2.mainkernel.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 romfs filesystem, version 1 size: 5761056 bytes, named "MIPSLINUX_XLOAD" mtdblock3.rescuekernel.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 romfs filesystem, version 1 size: 5760912 bytes, named "MIPSLINUX_XLOAD" mtdblock4.xmaterial.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 romfs filesystem, version 1 size: 449584 bytes, named "xmaterial" mtdblock5.imaterial.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 romfs filesystem, version 1 size: 3975728 bytes, named "imaterial" mtdblock6.rescuerootfs.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 UBI erase count header, version: 1, EC: 0x1, VID header offset: 0x800, data offset: 0x1000 mtdblock7.diagprogram.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 UBI erase count header, version: 1, EC: 0x1, VID header offset: 0x800, data offset: 0x1000 mtdblock8.reserved.binwalk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- (empty)
  21. language issue after upgrade

    I have already change the language.
  22. RT @jnordine: Finally got around to handling the outstanding pull requests for https://t.co/H9Js6l1TqN last night. Huge thanks to all of th…

  23. https://t.co/vmUEfMDkLM

  24. [Official] nmap

    Did you have a factory flash file for 1.xx? if you flashed one of the upgrade bin files that could be messing with it.
  25. [Official] nmap

    Papers installs to sd, dependency installs, builds cert, applies cert and redirects, can also remove cert. 100% OK. For me at least. So far i have issues with nmap, get(on tetra) ngrep and meterpreter modules ( I haven't tried all modules), Dwall was fixed, I know get module was never designed for tetra so maybe has a hard code issue somewhere inside it. ngrep had a dependency ipk issue but Seb aware. meterpreter installs but when you try to launch it it "cannot open socket".
  26. [Official] nmap

    Key manager is correct. Did you go from the 2.02 to the previous 1.xx version? Upgraded both the tetra and nano to 2.02 but I wanted some ngrep and nmap modules. So I reformatted the SD via web gui V 2.02. Then flashed the nano with the last official 1.xx firmware to end up with the issues stated above.
  27. language issue after upgrade

    So you wish to change the language? Is there a 'languages' folder on the USB's storage? You can check for a 'fr.json' file, and then you can edit the 'config.txt' to say.. DUCKY_LANG fr
  1. Load more activity
×