Spoonish

Active Members
  • Content count

    70
  • Joined

  • Last visited

  • Days Won

    3

About Spoonish

  • Rank
    Master of ÷ Nothing

Profile Information

  • Gender
    Not Telling
  • Location
    Pointland
  • Interests
    Building stairs to nowhere and holes deeper and deeper still.

Recent Profile Visitors

795 profile views
  1. Iv've been thinking about your setup for like two weeks now and I want to impliment something similar but not as nice looking (not intentionally). Great project.
  2. Salt of the earth you people are.
  3. Line by line through the registry? Replace hardware with fresh/new duplicate hardware and look for changes in registry/management policies? Inspecting full packet TCPdump before,during and after the first two? Self inflict high dollar ransom ware and let the higher ups deal with it? Somehow, some way (but still understandibly) the laptop finds itself in saltwater or an emp..? Trust that good things always come after bad things, it's the timeframe that we hate. good luck.
  4. Instead of creating a new post, I'm going to quasi-jack this one. Sorry;not sorry. What's the best way to find the version of the tetra and the nano?
  5. When I first started, I started a thread as sort of my own way of tracking information I found useful. I've taken many breaks from the pineapple but I keep coming back. I haven't posted to the thread lately but please feel free to use it for the same. I hope this helps you. https://forums.hak5.org/index.php?/topic/38165-new-to-the-nano-new-to-kalilinuxcli-new-to-pentestingsec-auditingtroublemaking-i-am-so-here-are-some-links/ The panel antenna's are fantastic for 'soaking up the landscape' as another poster said. The stock antenna are fantastic because they're essentially a bubble of wifi. Anything taller/more will start to strengthen but flatten out the signal requiring slight forthought into your positioning and possible targets. Good luck!
  6. Legality can easily cross lines, for example via employment contracts or ownership rights. The users here wear white hats, sometimes sideways or backwards. If something is deemed less than white, it's often locked down. Otherwise, intelligent questions and sincere replies recieve the quality attention. Good luck.
  7. I've been excited to see the results for the past few months when they announced an audit. https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/ Theres a section on insecure settings which have some good suggestions.
  8. That's very cool. The bottom grey box reminds of an original NES.
  9. Thanks for the chrome heads up
  10. Found it at ycombinator apparently: https://news.ycombinator.com/item?id=14130241 also found these which may be of relevance: https://news.ycombinator.com/item?id=14132066 https://news.ycombinator.com/item?id=14119713 I only ever link click so I don't know if these are replies to the main one or how that works there but looks like a good toilet read.
  11. This thread takes me down a peg or two. I still have a lot of learn especially in the CLI and ssh department.. and iptables.
  12. Found this on Lobste.rs: https://www.xudongz.com/blog/2017/idn-phishing/ A nugget Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co". From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack. Chrome was the only broswer on my iPhone that gave me an apple.com url. Might be an interesting thing to use on the pineapple if possible.
  13. NetworkToolbox - Network scanning and analyzing by Marcus Roskosch https://appsto.re/us/9wa2M.i https://networktoolbox.de/ Shits extensive. I don't pay for apps willy-nilly, this one has not failed to impress. Heres a list of it's features: Features of NetworkToolbox Scan your local home- or corporate-network within seconds. Explore all connected devices and get a complete picture of your network. Over 26 individual tools are available to analyze your network, to perform various security checks or even connect to devices on your network. SCANNING – FAST AND COMPLETE The included Network scanner runs repeated scans to get the most accurate results. To prevent from being detected by Firewalls or IDS (Intrusion detection systems), the scanned addresses are selected randomly. For the fastest possible speed, scans will be performed in hundreds of concurrent tasks at the same time. This results in the fastest and most reliable scan results compared to any other app. Devices, found by the Network scanner can be further analyzed by scanning for services using the Portscan tool. Portscans may reveal known and unknown (hidden) services of devices. All tools are highly integrated. Wherever you want to dig deeper into the results of one tool, a single tap will allow you to open the internal browser, start a telnet or FTPsession, ping the host, get information about a SSL certificate, perform certain security checks and more. Scan results can also be logged and multiple scans can be compared to each other. This way, it is easy to find out, if devices have been added, removed or changed between two scans. NO NETWORK SPECIALIST – (YET) ? If you are not a network expert, don’t worry and don’t be scared. NetworkToolbox makes it easy for you to dig into those networking details. Several included How-To’s and Guides will show you how easy it is, for instance, to perform an open-port analysis. By this, you will be able to quickly scan your home network to find ports that are unintentionally open to the web. Such ports will often be used by cyber criminals to break into your internal network. The app also includes Video tutorials, samples and other learning resources. Each tool also has a comprehensive Help text that explains the purpose of each tool and how to use it. Last but not least, a Glossary is included that explains terms from A like “Access control” to Z like “Zero day”. TELNET AND SSH TERMINAL NetworkToolbox also includes a telnet or SSH terminal which allows you to connect to linux devices, routers with telnet interfaces or any other telnet or SSH device. SHODAN AND MORPHEUS DEVICE SCANNING SHODAN is a search engine that lets you find specific computers (routers, servers, etc.). SHODAN can be seen as a public port scan directory. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in finding computers running a certain piece of software (such as Apache)? Or if you want to know which version of Microsoft IIS is the most popular? Or you want to see how many anonymous FTP servers there are? Maybe a new vulnerability came out and you want to see how many hosts it could infect? Traditional web search engines don’t let you answer those questions. SHODAN is fully integrated in NetworkToolbox. In addition to SHODAN, NetworkToolbox integrates it’s own Device scanning engine called Morpheus. Like SHODAN, Morpheus runs on a distributed network of scanning engines around the world and can be queried from inside NetworkToolbox. ALL FEATURES : The above just shows a fraction of the possibilities of NetworkToolbox. Below is a list of features. This list may already incomplete because NetworkToolbox is being extended and updated continuously. If you are missing a feature or have questions, please feel free to ask. Local device and network information Local and public IP address Network Gateway and DNS Server addresses WiFi network information Cell network information Shodan and Morpheus search engines DNS lookup Reverse DNS lookup IP Geo-Location Provider information MX, NS, SOA DNS Server record information Graphical PING Network Scan Shows Device Type MAC address Device Network name Device Vendor Individual names can be assigned Port Scan Individual port ranges Traceroute Telnet client FTP client SSH client SFTP client HTTP Header analyzer Internal Webbrowser Individual User-Agents to mimic iPhone, Windows PC, Mac Individual Mime types Standard password test function HTTP traversal exploit test function Source display with syntax highlighting XML browser Website Spider WEB-Service analyzer Individual Endpoint, Service header and body GET, PUT, POST methods XML, JSON, plain-text SOAP, REST support Results will be displayed in a drill-down browser SSL Certificate inspector Bonjour scanner Bluetooth LE (4.0) scanner Port forward tool MAC address database IP address calculation Security check tool Router exploit tests mongoDB exploit test and more Mail server check Reports mail client settings Identifies mail server issues Glossary Logbook To collect scan results To remember Addresses and links To compare two scan results and find differences Ability to integrate external apps For instance, your preferred VNC or SSH app can be fully integrated Support URL-Scheme Other apps can call NetworkToolbox e.g. to use the WebService tool Additional resources and links Vulnerability databases Exploit archive Internet Storm Center and definitely much more…
  14. I haven't heard any leaks or vulnerabilities; or really anything about https://saaspass.com/. Maybe it's flown under whoevers radar giving me a subtle warm feeling. Plus it's used by NASA /salt https://saaspass.com/images/authh.png
  15. I was passivly collecting SSIDs and utilizing it for extended wifi range while at work. After 6 hours or so I noticed I lost internet connection but got busy and forgot about it. Two hours later back in the car I see the LEDs are still working, the battery pack is half full but no web. Shut down the pineapple and drive. I get home and and pull the hub out and the a ralink dongle just sort of collapse out of the slot. As if exhausted to death. Looking closer, the second ralink and the mini hub are wonky warped. Heres a few pictures.