Jump to content

cooper

Dedicated Members
  • Posts

    6,071
  • Joined

  • Last visited

  • Days Won

    139

Everything posted by cooper

  1. Since you're currently completely in the dark either find *any* SBC to see how close you get to where you want. Once you know the performance you need you can assess which board would be (more) sufficient for this task. For ease of development I would start with a Pi. (Arduino would be better-suited for ease of low-level development, but if you're worried about performance the Pi is a more potent device).
  2. The words you're looking for are XSS and CSRF. It's a seemingly eternal problem that's not going anywhere. Also, check out how ad platforms are being leveraged as a delivery vector for malware. That stuff gets embedded into the website and is hosted elsewhere.
  3. Sorry about skylu being a bit of a dick. Most people here tend to be a bit more willing to help. The problem with your question is that "getting into hacking" is a very broad thing. It's like saying "I want to become a surgeon", but that can be anything from a vet to a brain surgeon. So maybe you could elaborate a bit on what, specifically you want to do? Something that might be able to get you started is this very lengthy thread in our security section. It's mostly about how hacking programs, coming to grips with the underlying technology and working out why things act the way they do, but there's a couple of outliers there. Just browse through that, see if there's anything that tickles your fancy and go from there. One thing I will say is that questions, while very welcome, tend to get a better response when you show that you've already done some of the basic work in researching the subject (google, wikipedia...) yourself and your questions is about something somewhat specific.
  4. I'm puzzled why you have 2 separate but almost equal IRC classes.
  5. I'm going to slightly hijack this thread, sorry. What's the maximum acceptable weight (by which I mean the bag and its contents combined) for an EDC? As you see here, people generally say bag X can carry everything I put in, but once you cross, say, 10 pounds your EDC becomes a millstone to drag around as opposed to the nimble toolbox people often claim it to be. Also, with a given weight you need a certain quality bag for it to last a while. This is why any good quality bag tends to have a significant price tag. My regular laptop is too huge (and, at 6 pounds, *WAY* too heavy) to get involved in any EDC discussion. My Chromebook interestingly enough tends to be too small for most bags. These days I rely on a mostly cheap shoulder bag I got for being a HitB crew member. It's great because by the time the thing would become too heavy to hang over your shoulder, it's just full. I can fit my Chromebook, an A4-sized writing pad, some pens, MP3 player and 2 books. The things I do are such that all my kit goes into a trolley case (Pelican 1510 - it's *great*!). If my Chromebook won't cut it, I'll bring my beast of a laptop in its backpack which means I try as much as I can to limit everything else since it weighs me down so much.
  6. The other option is to use the monitor port. Just plug in a coax cable, run it up to your home and attach it to a CCTV monitor. That monitor can be the gameboy the guy had, but it can just as easily be a standard monitor. I'm sure ebay or craigslist or whatever has a few on offer for a normal price. I suspect the coax cable can be a longer run than the VGA one but in either case you need a more-than-low-grade cable to bridge the gap. I have plenty of experience with recording problems resulting from using shoddy coax. Shielding really is key.
  7. http://www.instructables.com/id/Make-your-own-VGA-cord-of-CAT5-cable/ You can go up to 250ft away from the source with this if the resolution is low-ish (like, 1280x1024 or 1024x768). Cat6 cable is a bit more rigid and better shielded, so you might get more distance with that.
  8. cooper

    Cruch Usage

    I made a script to output a sequence. The lines with ' echo "$CURRENT" produce the output so that can be trivially adapted to become "usr${CURRENT}pass${CURRENT}" on a sequence going from 1 to 99.
  9. For advice on what are good cards, look at this post.
  10. Unless your 'devices' include a phone, I'd say have a look at qtpass. It's a Qt front-end over the 'pass' program, which uses gpg for encryption and git for syncing (optional - you can just put the files on a usb stick or whatever). It uses the pinentry command for receiving your passphrase, which can be made to (also) do 2FA with, say, a YubiKey. All open source, all free.
  11. If your firewall has 445 open and https isn't working, it's because https doesn't run across port 445. Same with the FTP thing. I'm not saying you should open additional ports, I'm saying either your firewall or your attack program is likely misconfigured which would explain why you're not getting the expected results.
  12. I recently got an introduction to the concept of a zone director. It's a device to manage a (large) group of APs within a venue. Think conference centre, multi-story disco or camp site where you want people to be able to roam without any interruption. The goal is that when someone starts to play a youtube movie and decides to walk around the device automagically switches between APs and the movie never skips a beat. Your zone director can manage this. One feature of at least one of these zone directors, no doubt restricted to the expensive models, is that you can load it with a 3D model of the site and enter into it the location of the various APs. Once you do that you can see the devices travel through this 3D space based on where which AP sees it. Flashy stuff. To do it yourself, do what haze1434 says. There's a topic in Hacks & Mods where someone tried to do something similar but for reasons I can't remember also wanted to drop the signal frequency from 2.4 to something a lot lower... Probably to be able to do the tracking using an SDR which has a limited signal frequency range that it can pick up. This might not be something you need but the discussion there was generic enough to at least give you a decent head start.
  13. https is 443 and one form of FTP relies on port 20 I think for data transfers so if those stall, either switch from passive to active (or vice versa - I *always* get those mixed up) or open the extra port.
  14. The problem with sslstrip (any of them) is that browsers these days are being equipped with a pre-populated list of hosts that the browser must only connect to via HTTPS. This is a problem because even sslstrip2 relies on the first attempt to connect being via http. Read this Using bettercap the idea is that you *somehow* get the user to access the wrong url for which bettercap will produce the correct url but while being in the middle and while using either http or https but in case of https producing its own certificate which is valid for this specific domain. Like IinkedIn.com (notice that the first character is a capital i instead of the expected l). If the user ends up going to the correct url by its own accord there's nothing you can do.
  15. To quote you "utilize the hdmi out ... receiver of the pine64 board's hdmi output". An HDMI out is nothing like an HDMI input (so the quick answer is "No"). It tends to require different circuitry to receive a signal rather than send it. So unless it was devised from the get-go to perform this function it's physically incapable of it. And if it was designed with this capability in mind, it would've been marketed as such. Bottom line: no, this can't currently be done.
  16. But if you're doing something legal (which is rather a requirement here) you should also have access to the device you intended to de-auth. Did you actually notice this device getting de-authenticated? It wouldn't surprise me at all that you didn't see the handshake because the deauth didn't produce the result you were expecting it to.
  17. http://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-it-matters/
  18. From what I gather there's a lot of cheap knock-off Alfa's out there that use this chipset and fail in all sorts of horrible ways. Bottom line: get a genuine one.
  19. First problem: What, specifically did you try and how did you tell that it wasn't doing what you expected it to do? What is the internal card in a macbook? Did you google to see if it might simply not support the stuff you want it to do? Second problem: How are you executing reaver (what are the command line options you provide) and how did you discover it would not associate and/or inject? Third problem: There's a difference between memory and storage. RAM is memory, USB is storage. Which of the 2 is running out? Final problem: Maybe someone else can chime in on this, but you'd think that there's some walkthrough guide out there for getting Kali on a MacBook. When I google on the last 5 words of that previous sentence I get this which seems to be exactly what you need.
  20. Could you be more specific about "The wget method"? What was the *exact* command you gave that didn't produce the desired result, and what was the *exact* response wget gave you when trying to access the css.
  21. Well I'm no routing guru but the theory seems sound.
  22. As it happens, we've got a stickied topic on this very forum to answer that exact question.
×
×
  • Create New...