Search the Community

I was pointed to this by an LE contact: http://insider.foxnews.com/2018/02/07/google-tracking-you-tucker-carlsons-report-silicon-valley-surveillance-capitalism The kit used by the reporter - anyone know what it is? I can tell that these are being used: The device in the middle is a Throwing Star Lan Tap: https://greatscottgadgets.com/throwingstar/ The device on the right is an Intel CPU stick: https://www.amazon.com/Intel-Compute-Computer-processor-BOXSTK2m3W64CC/dp/B01AZC4IKK The rest of it looks like probably standard WiFi, maybe a large battery to power the whole setup. I'd guess SSLstrip or something similar to penetrate https, but what about the software being used? Anyone know what it might be? I also assume this kit isn't a package, but if so, the LE guy wants one :)

Does any of you got a script dor the rubber ducky to steal a google/youtube password and or username?

Are Google URLs truly vulnerable to Open Redirection like explained here https://www.indusface.com/blog/?p=1646 Can it happen to anyone's website?

Yeah that Right, Google's New Toy can't even work with Security key.. You can only have one running at one time not both. This is really freaking odd!

I had a question that I wanted to see if anyone has encountered or heard of. At my work 2 devices had all search results in Google Chrome redirect. On the desktop all image search results would come up with large people. On a Chromebook any search result came back with porn. Unfortunately someone wiped out the desktop so I was unable to get my hands on it to look it over. The systems are generally locked down (the desktop by GPO) and the Chromebook by Google admin. Anyone run into this before? Thanks

Basically if you append /%%30%30 to the end of any url you manually enter it will crash chrome (desktop) and a mouse over of a link containing it can crash chrome, or just the page you were on with the link. On mobile Chrome only mouse over works at least from testing it on my tablet and phone.

For instance, all I know is this person's username on youtube. He's one of those trose whom are of course annoying. 4Chan people are able to find information quickly by doxing but I don't understand how? There was this one Dox for an obvious troll who screams out troll on Youtube - whom was identified as Griffon not Dillion. Most of the youtube trolls don't even read their messages - so to get their ip address isn't any help. Also, getting someone's IP will not reveal their name just close approx of street address. Also he called himself Dillion Prescott Henderson but that name isn't real. The Dox that came up was like someone pulled a rabbit out of the hat. He has a imgur page but when I typed in google: intitle:"Dill With It" site:imgurl.com The link never showed up - does this mean it's listed as private? Perhaps the Dox was made before the troll got smart and decided to keep his real name private. Spokeo isn't an option because I don't want to be ripped off. Pipl - I am guessing it's a hit and miss with that site. Even TinEye has some hits and misses. I kind of feel bad to call someone and pretend to be someone for the Social Engineering purposes. How would I go about dox someone with not really a lot of information?

Hello, I just received my wifi pineapple mark v, I put sslstrip running, but I only worked on hotmail.com, if I try to go to facebook or youtube the security HTTPS still on, can someone help me on this?. thank you

Big Up Date The Project is now at Halt due to fact that my Rubber Ducky Has Red Light And i cant fix it so i will be buying a new one after i saved up for WiFi Pineapple i will be still coding it but cant really test any thing that needs a rubber ducky SORRY Read Me First This project was pick up From Hak5 User SEE CREDITS FOR NAME'S But seem project was drop so i takeing on my self to carry this on due to amount of people Requesting this am not coder i only really know batch (KILL me i know) i fort why not make something of use and not other webpage reader like android store is full of them so this will take time more time than any one else so thanks Know Bug's 1.Load Payload dose not work 2.save .bin dose not save to cd but to phone internal memory Credit Old Project Owner: joseph pintozzi I have given right to edit this project and give modified Project away UPDATE'S V0.0.1 Exported project to android studio ( taken me last 2 days to fix it all then Google make update that make all my work go to hell so GG all fixed now) Working on save as it not playing nice may need to make folder for all saved for trying to work out how to make it open ever .text or .bin will look about may need some help google my friend ========================================================================================== Q1.Will it be on Google store A1.i hope so but google may not like what it used for but i cant see why not they have terminal so why hell not i will be email them to see were i stand Dont worry if not i will Host it on my own site For you guys Q2.How much will this cost? A2.Free Why? one it not my it free code and two Shareing is caring Q3.Can we the users help ? A3.God yes i will all ways love your input and help as i said i am very new so it will help me if i am stuck Q4.Can we ask for stuff to be added ? A4.Yes but keep in mind i am new But ye for sure i cant think this all out on my own If you like to post in Q&A Just put Q.A In your pm or comment and it will be add ==========================================================================================

Ok, so there's a lot of cool Ducky scripts out there, my personal favourite is the script that steals Windows passwords - AWSOME!!! But do any scripts aim to get more than just a Windows password? Do any of them "Backup" Google Chrome Login Data, WiFi keys, Windows Product Keys or Replace the Administrator password or even hide the account so you can have "stealthy" remote access via Windows Shares (Known as SMB)? I THINK PAYLOADS SHOULD DO MORE! So... I introduce the ULTIMATE DATA THEIF!!! Payload: Unfortunately, the forum only allows a maximum of 500kb of upload space and the extra data is just over 1MB so I put the file on my Dropbox account instead. Link: https://www.dropbox.com/sh/ad8jegywipd3l76/jo2KqlU3CB READ ME!!.txt contents: SCRIPT/PAYLOAD BY LAVANOID VOLCANIC THE DIRECTORIES ABOVE OR BELOW (DEPENDING ON YOUR CONFIGURATION) SHOULD BE COPIED TO THE ROOT DIRECTORY OF THE DUCKY DRIVE. YOU SHOULD EDIT THE SP.BAT FILE AND THE INJECT.TXT FILE TO SUIT YOUR REQUIREMENTS. FILE LOCATIONS: SP.bat -- Data\SP.bat inject.txt -- Scripts\Projects\Steal_Data\inject.txt Compiler.bat -- Scripts\Compiler.bat COMPILER.bat description: The compiler batch file basically takes away the hassle of entering all those annoying time draining commands. If the Compiler.bat file is stored on the Duck, the compiler will ask if you want to install it on the Duck. WHAT I HOPE: I hope that my project will be featured in one of the Hak5 videos since I do like some attention. THIS WORLD IS LONELY YOU KNOW!! Thank you for choosing to spend a bit of your time by poking your nose into my work.

I have been having a bit of fun with the search engine [url"http://www.shodanhq.com]Shodan[/url]. It was mentioned in this episode of Hak5 and in a few old discussions in these forums. Unlike other search engines it indexes technical information about services that run on the Internet. For example, it lets you search by web server type, or by strings in the headers sent when sessions are initiated. For example, I was kind of interested to know if there are a lot of people with Internet facing instances of the http://www.rejetto.com/hfs/'>HFS web server. If you access a web server via telnet and ask for /index.html (I'm not 100% sure what the proper http command is to get the root web page, I need to look it up), you get a few http headers and then the start of the 404 error page. (see below) garda@localhost:~$ telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /index.html HTTP/1.1 404 Not Found Content-Type: text/html Accept-Ranges: bytes Server: HFS 2.2f <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <style>