haze1434

Active Members
  • Content count

    420
  • Joined

  • Last visited

  • Days Won

    14

1 Follower

About haze1434

  • Rank
    Hak5 Pirate

Profile Information

  • Gender
    Male

Recent Profile Visitors

1,783 profile views
  1. Agreed with barry. RPis are fantastic little things for having an on-the-go box for pen testing, however they certainly shouldn't be used for password cracking themselves. Use an RPi to grab a password hash or WiFi handshake, sure, but then transfer the hash to a more powerful machine or use an online service to get the password. RPis would take years to crack a hash, compared with days for a desktop PC.
  2. Please see the below topic.
  3. Huge difference. And yes, this is probably the case. Most older hub passwords only use A-F, which is so insecure. So, the new math; 6 possible randomised digits A-F or 0-9 1 digit with 3 possiblities (4,5,6) (6+10)^6 + 1^3 = 16,777,217 My GTX 970 could crack this, with oclHashCat, in 2 minutes. Your laptop CPU, with HashCat, could do it in 3 hours. -a 3 -1 ABCDEF?d 2511,456,?10?1?1?1?1?1 Absolutely laughable security, if this is indeed their password standard.
  4. https://hashcat.net/wiki/doku.php?id=mask_attack -a 3 -1 ?d?u 2511,456,?10?1?1?1?1?1
  5. 12 characters Format : 2511[4,5,6]*0***** 6 possible randomised digits A-Z or 0-9 1 digit with 3 possiblities (4,5,6) (26+10)^6 + 1^3 = 2,176,782,337 My GTX 970 could crack this, with oclHashCat, in 4 hours. Your laptop CPU, with HashCat, could do it in 14 days (2 weeks)
  6. I don't have any figures to hand, but the 1080 should get more. I would guess around 200,000 per second, but that is a complete guess. It certainly won't be worse than the 970.
  7. Do you parents have the same WiFi router? Sounds like the router is doing something to make the Tetra hang. Maybe a security feature, or simply the way in which it transmits it's data. Try your hub elsewhere?
  8. Use HashCat (uses CPU) / oclHashCat (uses GPU). It'll have that baby cracked in no time. If it's the IT Director, the password is probably 'bossman123'. Anyone else, it would be 'Tuesday123'.
  9. Rubber Ducky can do that fine. With any, and all, hardware for pen testing, it entirely depends on the circumstances. Rubber Ducky is (slightly) more discreet, cheaper, and maybe easier to set up, but not as powerful. Bash Bunny is powerful, but costs more. Personally, I'd get both. But if you have to buy one at a time, get the Ducky first, then play with it and learn whilst you save for the Bunny.
  10. Couldn't agree more :) I think that, in this case, it would be whatever was best for the situation of the pen test.
  11. NetHunter is really great, of course, however; It doesn't work on iPhones It's created by someone else. RPi's mean you can install whatever you like. It's not as anonymous. It's way more expensive, if you take in to account that you can use any cheap phone + $40 RPi vs having to buy a Nexus device. It's in BETA. I'm cheap I like playing with RPis
  12. https://null-byte.wonderhowto.com/how-to/hide-virus-inside-fake-picture-0168183/ I assume this is what you want to do?
  13. Yep. For general instructions, if it helps; 1.) Install Raspbian (I've also had this working with Kali) on an RPi3. 2.) Use these instructions to turn it in to a WiFi hotspot when there is no recognised WiFi nearby 3.) Install Termius on your iThingy/Android/Potato 4.) Connect your iThingy/Android/Potato to the WiFi hotspot the RPi3 is kicking out 5.) Use an application to confirm the RPi's IP address (I use Fing on Android, there's loads of applications for listing WiFi stations), or you may be able to figure that out from the instructions followed in step 2. 6.) Connect to that IP address, using port 22 and the credentials required (Raspbian is userID pi and password raspberry, so it would be pi@0.0.0.0:22 as an example) 7.) Profit. Install what you like (nmap, aircrack etc.), plug in an extra wifi card, throw it in a backpack or a pocket with a mini battery and off you go. PRO TIP: Create BASH files and simply run them using SSH from your phone. Hardly any typing, quick and easy.
  14. Much appreciated, thank you.
  15. Hiya barry, Sorry to be a pain, but are you able to elaborate or provide a link? I did a search for 'fox and hound signal locating' but didn't have much luck finding a good explanation. Cheers.