Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won



About digip

  • Rank
    -we're all just neophytes-

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location

Recent Profile Visitors

69,956 profile views
  1. ps1 is just a text script. how do they "not" allow hosting of these? I can't see them blocking by filetype, but if so, put them in a zip, upload, done.
  2. If you start the card into monitor mode, by default should see all channels. If you start airodump-ng for example, it will scan on all channels unless you specify a specific channel. I would recommend though, picking a single channel you want to work within though, ie: if your router you want to test is on channel 6, set it to channel 6 in airodump-ng(which might also make it only see channel 6 in wireshark). In wireshark, it sees everything as far as I know unless you specify a specific capture filter for the mac address of the device you want to filter out/capture only, or change the nic's wireless channel specifically from the command line when you put it into monitor mode. example: ifconfig wlan0mon mode monitor channel 6 I don't know of a setting in wireshark to work by channel, but maybe there is a capture filter specifically for the wifi channel settings.
  3. Nmap can get the hostname ;) and you can output it in grepable format to use later Hostnames will only work if netbios or samba is enabled, or is in it's dns name as far as I know. MDNSrecon, is also be able to get the names for you while scanning for devices. You have to start avahi service first, then run "./mdnsrecon.rb x.x.x.x/x" to scan the subnet where x.x.x.x is the subnet and /x the subnet mask. I use it to scan my network to get machines and their names when I'm doing VulnHub CTF's. - https://github.com/darkoperator/MDNSRecon Mdnsrecon gives you some more info about the device as well, and is pretty fast at what it does. Expect requires a separate file for the expect commands and uses a different header than bash's #!/bin/bash. You can call it form a bash script, but can't use the expect commands directly in the bash script. Expect is not my strong suit. I've used it with a SMTP script before, but it's not something I'm fluent in. Might help you a bit - http://www.admin-magazine.com/Articles/Automating-with-Expect-Scripts
  4. maybe because of the user name and password?
  5. Well, I joined the forums after they've been around a short bit, but been watching since episode 1 came out. Found them by accident on an old WinAmp playlist of IPTV shows back in like 2005/6 or so that had just begun to surface, such as Sean Kennedy's SKTFMTV and such.
  6. There are 4 methods to WPS that I know of, with the PIN based being the only one I know of that is open to attack(other than getting lucky with PBC pairing). Pin based or entering the pin between the router and client, Push button connect(PBC) which is automatic, sometimes requiring 2 clicks of the PBC on the router before and during client connect(which also presses a WPS button on the NIC, or in software on the wireless connection software side), NFC(like tapping 2 phones together to exchange data) and USB config which I believe was used in Windows XP networks mainly, I've never had to use it though. As far as I know WPS PBC basically drops it's pants and bends over for ~2 minutes, which should allow ANY other device trying to connect, to get onto the AP in question without the need for passwords since it's automatic between the devices(so long as the client/nic presses WPS button on their side as well). Even when WPS Pin code is disabled, the WPS PBC method should still work on most AP devices for pairing them since it's a hardware button press that starts the process, except when set to something else, like toggling the radio on and off(which is what my ASUS routers are set to do) or explicitly disabling WPS in the router config, which I also have disabled. The only attack I see with WPS PBC, is a social engineering attack that gets someone to press that button for you, by which you'd then be able to connect to it without the need for a password so long as you press WPS on your NIC or in the connection software(My netgear USB card, has an actual WPS button on it). You'd more than likely need to attack the client, and have access to their machine to see the password, and that's only if stored in their system, or, access the router's web interface to see the password from it's config. Short of capturing the 4 way handshake and brute forcing the WPA password, not sure there is much you can do in the event the WPS Push button was pressed other than be actively trying to connect when it's enabled. I don't know that it's actually using the password at any point during a WPS PBC session. I don't know of any tool that sniffs the WPS PBC connections specifically for use in an attack. You can capture the data with tools like Wireshark though. How you tell when the button is pressed, I have no idea. This would probably be a good place to start for sniffing with various filters specific to your testing target: https://www.wireshark.org/docs/dfref/w/wps.html Someone with an extensive Wifi pentesting background would def know more than I would, and I could also be wrong about the info I mentioned above.
  7. "This seems so obvious to me - how can I retrieve the wifi configuration/password from a router with the WPS push button pressed?" If you don't "sniff" anything, how do you plan to capture the data? Locally on the device? Where/how are you capturing the data, if not sniffing wifi or probing devices with injection or queries? WPS is only used with things like WPA for automation, so, what exactly are you expecting to accomplish, while NOT sniffing the wifi? You want the password from a WPS connection, but don't want to crack the pin to obtain the password through the process, I think maybe I'm missing something, or your not explaining yourself well enough.
  8. Personally I think if screenshotting, you might want to just grab the entire clipboard and write that back to the ducky to work on later, which is probably the simplest thing to do and work on it locally. Mousekeys through ease of access would be hell to try and make work, and unless there is a powershell equivalent of code to move the cursor x,y coordinates, then you're probably not going to have much luck other than keyboard app shortcuts, ie: alt, select menu item by sitcky letter for known app menu shortcuts. Also, x,y coordinates will be different for diff screen sizes,a nd if this is all automated, do you know what is the open app, top most window(s), etc, what is your end goal, may be an easier task or route to end results.
  9. Probably not on the ducky, but with the new bash bunny, I imagine that since it's fully Linux under neath, that an OCR kit could be used to say, screencap text to images, convert the image using OCR to text, then dump to file for you to use in some manner. This all depends on what you're trying to do, and how you're going to use this data you gather. The duck could alternatively screenshot info you want and ex-filtrate but this would need an external setup to work with the data, or, use the victim OS to send it out to some third party, which may be caught in transit alert someone on the network you're doing something that shouldn't be happening. In any case, the ducky at most would be used to gather screenshots, but it's not going to decode it unless the victim OS has tools to do so, and the ducky is specifically setup to take advantage of the OS it's plugged into.
  10. On the premise of "Why would the BIOS need access to HID?" this is the basics of a booting system. HID is just another term for input device, ie: keyboard, mouse, etc. "Human Interface Device" is what HID stands for, and on boot, every BIOS of a system checks for very basic things on boot, such as, HDD, keyboard, mouse, monitor, the system itself and the basic hardware to make everything work. This is normal and to be expected. In order to interface with a machine on boot, a set of basic drivers or instructions have to take place when detecting hardware and then utilizing that hardware. This is the purpose of the BIOS(and firmware for most every computerized like device including phones, tablets, etc). The bios contains the instructions either in firmware or on disk that allow the computer/device work with the hardware. ie: basic input and output for the system. For the links above, the "drivers" in this case, would seem to me for specific hardware, such as laptop with extra function keys, like toggle wifi, screen bright or dark, volume controls, etc. Not sure where you see a vulnerability in anything you link to or what exactly your concern is.
  11. So obvious to me too. You are missing something. Effort. There ARE tools out there for sniffing wifi and cracking WPS. What I will say is, you haven't looked hard enough nor tried enough to test on your own. There are posts on these very forums for tools that will do what you ask, and sure google will find you an answer as well with little trouble. YouTUBE should find you a quick walk through in showing you various tools as well. I'm not even going to list a single tool. Too easy. There is a tool though, that will do almost all of the above, automatically.
  12. Boot off a live Linux disk List your HDD's, "fdisk -l" and look for the one windows is on. Most likely largest partition in /dev/sda or /dev/hda (sda for SSD and hda for HDD) Enter : "dd if=/dev/zero of=/dev/sda" (or "dd if=/dev/zero of=/dev/hda" depending on your hardware and it's ID) When done(will take a while) type "vbscript is sexy and I am l337 withouten I cant even" Have a smoke and a cup of coffee, you pro haxor you...now pat yourself on the back for a job well done.
  13. Kali shipped with the CPU only version of hashcat(at least, 2016.1 as far as I know). When I updated and dist updated, I lost ability to use it until I backported to the older version that used the CPU. However, that may not be the case with yours, something to look into. Updates can break things or cause issues, but in general, make sure it's not something as simple as the card has the wrong drivers, or just not compatible with the tool.
  14. Season 1 had a DVD(which you may still find a torrent for but don't hold your breathe). I don't think this will ever happen again, given all their episodes, are on YouTUBE and most smart TVs can do youtube these days. Archive.org has a lot of the older stuff as well - https://archive.org/details/hak5bestofseasonone https://archive.org/search.php?query=creator%3A"Hak5"
  15. STOP posting the same question over and over - https://forums.hak5.org/index.php?/profile/56156-monkeyshell/