Search the Community

Goal is to build payload that restarts the adb service if phone restarts without having to connect phone back into laptop. Currently I am able to setup the phone, not rooted: adb device connection sustain server connection once device is unplugged from usb without using wifi (requires additional applications) able to establish connection back to laptop over cellular network, not wifi (requires additional applications) Once phone dies or restarts, the original server session is killed, I have use laptop and/or pi to restart the server. I have just opened my bash bunny to build this out as one of my first use cases. From my research I seen I needed to install adb toolkit, so I first ran "apt -y update && apt -y upgrade" and I start getting 404 errors. From that I did research on the 404 errors and was directed to looking into "/etc/apt/sources.list". Keep in mind I am able to ping out "ping 8.8.8.8" from bad bunny. The following was the first issue I had: root@bunny:~# apt update Get:1 http://archive.debian.org jessie-backports InRelease [166 kB] Ign http://archive.debian.org jessie-backports InRelease Ign http://archive.debian.org jessie-backports/main Sources/DiffIndex Ign http://archive.debian.org jessie-backports/main armhf Packages/DiffIndex Get:2 http://archive.debian.org jessie-backports/contrib Translation-en [6946 B] Get:3 http://archive.debian.org jessie-backports/contrib armhf Packages [7980 B] Get:4 http://archive.debian.org jessie-backports/non-free armhf Packages [6692 B] Hit http://archive.debian.org jessie-backports/main Translation-en Hit http://archive.debian.org jessie-backports/main Sources Ign http://archive.debian.org jessie-backports/non-free Translation-en Err http://archive.debian.org jessie-backports/main armhf Packages 404 Not Found [IP: 151.101.66.132 80] Fetched 188 kB in 6min 9s (508 B/s) W: GPG error: http://archive.debian.org jessie-backports InRelease: The following signatures were invalid: KEYEXPIRED 1587841717 KEYEXPIRED 1587841717 KEYEXPIRED 1587841717 KEYEXPIRED 1587841717 KEYEXPIRED 1587841717 KEYEXPIRED 1668891673 W: Failed to fetch http://archive.debian.org/debian/dists/jessie-backports/main/binary-armhf/Packages 404 Not Found [IP: 151.101.66.132 80] E: Some index files failed to download. They have been ignored, or old ones used instead. I ran: apt-key adv --refresh-keys --keyserver hkp://keys.gnupg.net apt-key adv --refresh-keys --keyserver hkp://keyserver.ubuntu.com I made the following changes to the /etc/apt/sources.list: deb http://archive.debian.org/debian jessie-backports main deb-src http://archive.debian.org/debian jessie-backports main deb http://archive.debian.org/debian jessie-backports contrib deb http://archive.debian.org/debian jessie-backports non-free Now I am getting: E: The value 'jessie' is invalid for APT::Default-Release as such a release is not available in the sources I have reverted back to the original sources.list: deb http://archive.debian.org/debian jessie-backports main deb-src http://archive.debian.org/debian jessie-backports main I am still getting the following error: E: The value 'jessie' is invalid for APT::Default-Release as such a release is not available in the sources Please help and thank you in advance, -D14b0l1c

Hi, I am a complete noob to everything ever so just please bear with me. I want to buy myself a basic laptop which will allow me to begin learning to hack - I have a strong knowledge of computers and want to learn Internet security and pentesting properly. I have a £450-£500 budget and I maybe can push it if needed. I want to be running Kali Linux on it and I will be partitioning a drive to get to that. I was hoping for a 15.6" screen, i5, 8gb RAM and a 1TB HDD with as much battery life as possible. I have seen normal laptops with this for £400 so I think I can get this. My real question is if there are any things I will NEED to get me started; for example I know certain wireless cards make pentesting much easier but I don't know which models or which laptops contain them (I was hoping not to buy an external one). I guess if need be I can change a wireless card but I would like to stay away from fiddling with internals. Any suggestions/help would be greatly appreciated. Thanks, MrJaMilne

Compressed File Size: 4.4gb Decompressed File Size: 13gb Just thought i would share the link for those who are looking for a decent list to pen test their networks. The list contains 982,963,904 words exactly no dupes and all optimized for wpa/wpa2. Would also just like to point out that this is not my work, instead it was a guy who compiled a whole load of useful lists, including his own to come up with 2 lists (one is 11gb and one is 2gb) i will be seeding this torrent indefinitely since it is shareware! 20mb up! INFO This is my final series of WPA-PSK wordlist(S) as you can't get any better than this ! My wordlist is compiled from all known & some unknown internet sources such as; 1. openwall 2. coasts password collections 3. Xploitz Master Password Collection(s) vol 1 and vol 2 (official Backtrack 3/4/4R1 wordlist collections, Thanks Xploitz) 4. ftp sites such as; ftp://ftp.ox.ac.uk/pub/wordlists/ & others 5. all wordlists onand(as of 07/11/2010) 6. all wordlists hosted on; 7. all usernames from "100 million Facebook usernames and personal details" as leaked onto Torrent sites 8. all wordlists from the Argon (site now closed) And as a bonus my personal wordlist of 1.9 GB ! Which also includes; My "WPA-PSK WORDLIST 2 (107MB).rar" & "WPA-PSK WORDLIST (40 MB).rar" Torrent & random usernames grabed from over 30,000+ websites such as youtube, myspace, bebo & outhers sites witch i can't mention .... he he ============================================================================= ALL WITH NO DUPES OR BULL-SHIT AND IS FORMATTED TO WPA RULES OF 8-63 CHARS !! ============================================================================= Hope you enjoy. :¬) ******** P.L.E.A.S.E S.E.E.D W.H.E.N ******** The Pirate Bay Download Link ISO Hunt Download Link Torrent Hound Download Link Hope this helps any one who is starting out and learning about pen testing and network security, and don't forget to seed for others!

Hello Everyone, I wrote a blog on my finding with a Smart LED Light bulb which uses Bluetooth Low Energy protocol, which i was able to reverse Engineer using no extra tool/hardware like BLE Sniffers. Check out the original blog post here: http://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/

Please post general comments here so we can have one place to answer the common questions.

Hi all, I'm a newbie to Hak5 Forums, so if this thread is in the wrong category, it would be great if the admins could move it to the correct category. Most of you are probably using 'BO' as the region for 'iw' on Linux. This allows the WiFi interface to operate at 30dBm (1 Watt) at max. However, if you're like me and have a device that is capable of transmitting over 1W (I have Alpha Network AWUS036NH - 2W), you might be interested in increasing the TX power beyond 30dBm. By default, selecting 'BO' as the region only allows the device to operate at a maximum of 30dBm. I tested this on my Raspberry Pi 3, Model B running Kali Linux (with the kali-linux-full metapackage). *** If you are lazy and don't want to follow these manual steps below, I made two bash scripts that will work on Kali Linux and Ubuntu : https://github.com/hiruna/wifi-txpower-unlocker Working directory: /root Steps: 1. Update and upgrade apt-get update apt-get upgrade 2. Install dependencies to compile apt-get install pkg-config libnl-3-dev libgcrypt11-dev libnl-genl-3-dev build-essential 3. Download the latest Central Regulatory Domain Agent (CRDA) and Wireless Regulatory Database I downloaded crda-3.18.tar.xz and wireless-regdb-2017.03.07.tar.xz wget https://www.kernel.org/pub/software/network/crda/crda-3.18.tar.xz wget https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2017.03.07.tar.xz 4. Unzip the downloaded files tar xvJf crda-3.18.tar.xz tar xvJf wireless-regdb-2017.03.07.tar.xz 5. Navigate into wireless-regdb-2017.03.07 cd wireless-regdb-2017.03.07 6. Open db.txt and locate the region BO section nano db.txt You will see something like this: country BO: DFS-JP (2402 - 2482 @ 40), (30) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) The number in the second set of brackets (for each frequency) is the txpower. Since I'm using the 2.4Ghz and want a txpower of 2W (~33dBm), I changed the 20 to 33, and saved the file: country BO: DFS-JP (2402 - 2482 @ 40), (33) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) I also noticed that region AU allows 36dBm for 2.4Ghz, so you could just continue without modifying the region BO: country AU: DFS-ETSI (2400 - 2483.5 @ 40), (36) (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW (5250 - 5350 @ 80), (20), NO-OUTDOOR, AUTO-BW, DFS (5470 - 5600 @ 80), (27), DFS (5650 - 5730 @ 80), (27), DFS (5730 - 5850 @ 80), (36) (57000 - 66000 @ 2160), (43), NO-OUTDOOR However, I checked with Kali Linux (without compiling and changing the regulatory.bin) and it showed that max txpower was only 20dBm: country AU: DFS-ETSI (2402 - 2482 @ 40), (N/A, 20), (N/A) (5170 - 5250 @ 80), (N/A, 17), (N/A), AUTO-BW (5250 - 5330 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW (5490 - 5710 @ 160), (N/A, 24), (0 ms), DFS (5735 - 5835 @ 80), (N/A, 30), (N/A) So I'm assuming Kali Linux is using an old regulatory.bin and legislation in AU has changed. 7. Compile make 8. Backup up your old regulatory.bin file and move the new file into /lib/crda mv /lib/crda/regulatory.bin /lib/crda/regulatory.bin.old mv regulatory.bin /lib/crda As mentioned in https://wireless.wiki.kernel.org/en/developers/regulatory/crda and https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb, we need to include RSA public keys in crda-3.18/pubkeys. I noticed that there are already 2 .pem files in crda-3.18/pubkeys: sforshee.key.pub.pem linville.key.pub.pem 9. Copy root.key.pub.pem into crda-3.18/pubkeys. I also copied sforshee.key.pub.pem from wireless-regdb-2017.03.07 as it was newer: cp root.key.pub.pem ../crda-3.18/pubkeys/ cp sforshee.key.pub.pem ../crda-3.18/pubkeys/ I found that there are two other pubkeys located at /lib/crda : -rw-r--r-- 1 root root 451 Jan 18 12:58 benh@debian.org.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 linville.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 sforshee.key.pub.pem So I copied them too (wasn't too sure whether I needed to copy them): cp /lib/crda/pubkeys/benh\@debian.org.key.pub.pem ../crda-3.18/pubkeys/ cp /lib/crda/pubkeys/linville.key.pub.pem ../crda-3.18/pubkeys/ 10. Navigate into crda-3.18 and open the Makefile cd ../crda-3.18 nano Makefile In Kali Linux, crda is located at /lib/crda instead of /usr/bin/crda, so in the file change the 3rd line REG_BIN?=/usr/lib/crda/regulatory.bin to REG_BIN?=/lib/crda/regulatory.bin : REG_BIN?=/lib/crda/regulatory.bin 11. In the Makefile, find the line CFLAGS += -std=gnu99 -Wall -Werror -pedantic and remove the -Werror option (I couldn't compile without changing it as it treats warnings as errors): CFLAGS += -std=gnu99 -Wall -pedantic 12. Compile make clean make make install That's it! I rebooted my Raspberry Pi after compiling. reboot 13. Now let's change the region and set the txpower to 33dBm: ifconfig wlan1 down iw reg set BO iwconfig wlan1 txpower 33 ifconfig wlan1 up

Hello people, I was recently doing some work with those VEX Robotics wireless control robots and I had some ideas about packet sniffing attacks, replay attacks, man in the middle attacks, and de-authentication attacks. The robots use the Vex cortex, which has a wireless adapter through a USB port, it says that is is 2.4 GHz, and another USB wireless adapter is plunged into a controller, like a joystick. My school did a competition with these robots, and it ended last week, now we are doing another thing just as a school, they said we were doing battle bots. When I did some research I hadn't seen anybody do anything like this and I though I would look into it. When I was doing research I found that, the robots don't use any encryption it is end to end, the controllers or create there own network an access point that the robot connects to, the network it creates is hidden it does not broadcast its SSID and has to be pared with the cortex, they are 2.4 GHz, they all have independent channels or mac addresses (many can operate at the same time without interference). The first thing I though of would be a deauth attack, where I would send out deauth frames to disconnect their robot from the controller from the cortex leaving their robot powerless, I was tinging I could do this with Aircrack-ng, put my wireless card into monitor mode with airmon-ng, find the mac address and channel of the robot with airodump-ng, deauth with aireplay-ng. The next attack I though of was if I could intercept packets from the remote to the cortex and either replay them to keep doing an operation or send in my own by finding out what commands correlated to what packets and injecting them while impersonating the robot. I have not done much with packet sniffing/replay/injection if anybody knows anything on how I could do that? or if anybody has done anything with these robots? or if you have any ideas on wireless attacks? I am all ears and I would love help and suggestions, this seems like a really cool project. I would love to hear your thoughts, thank you

Hi, im new to this forum and i have a question related to wireless penetration testing. I have a Alfa AWUS036NH Card and amped it to 33dBm and a Yagi-uno antenna with 25dBi of gain.. If i'm correct the EIRP calculation should result in 58 Watts / EIRP. So my question is how far would i get with this setup and another thing i live in a place where surrounded with a lot of houses does that mean that the walls, roofs etc block the signal and decrease the signal so i get less further than when (i.e on top of a building.)

Hi guys & girls, what is the best way to root an android tablet? The tablet in question is a Asus Zen pad z300m. was wondering if Kali linux would run on this device? if not, what can I install on the tablet to learn wireless security. Can I also install nmap?

Hi all, I was playing with hoover.pl last night, which works great, apart from when it gets to line 108; (system("$iwconfigPath $interface mode monitor")) && die "Cannot set interface $interface in monitoring mode!\n"; It returns the above die error, with the reason given being; Error for wireless request "Set Mode" (8B06) : SET failed on device wlan1 ; Device or resource busy. I am using a RPi3 with an Alfa Wi-Fi card connected to one USB port. The internal Wi-Fi chip is wlan0 and the external Alfa card is wlan1. I have the internal chip wlan0 connected to my home Wi-Fi, as intended, so that I can SSH to the RPi. However, I believe the issue above is stemming from the fact that, when I run iwconfig, both wlan0 and wlan1 are showing as being connected to my home Wi-Fi. I don't want this; I would like wlan0 to connect to my home Wi-Fi, but wlan1 to stay available to use in monitor mode. I have tried; iwconfig wlan1 down iwconfig wlan1 mode monitor (and/or) airmon-ng start wlan1 iwconfig wlan1 up No luck; wlan1 still insists on reconnecting to my home Wi-Fi and setting itself back to Managed mode. How can I stop wlan1 (Alfa card) connecting to my home Wi-Fi, but leave wlan0 (RPi3 internal) connected to it? Thank you.

Violation of CoC

Okay okay I know, hold on. Before you mark this question as a repeat question and yell at me to search the forums a little bit harder, hear me out. So I recently became the (very) proud owner of a Wi-Fi Pineapple Tetra. I'm fairly well-versed in terms of the Linux system layout, but there is one thing that confuses me... For those of you who are unaware, (and this is the part where I need guidance, as I may be wrong) a Wi-Fi Pineapple Tetra is equipped with 2 radios, each radio having 2 antennas to meet a total of 4 antennas. That fact alone was pretty difficult for me to find, because looking at it from the operating system, I was under the impression that there were 3 radios, which is what has been confusing. All the schematics and descriptions I've seen describe the Tetra as having 2 radios... but then, how can there be three wireless interfaces? An even better question, how can they operate independently (I.E. one be in monitor, one be in managed, and one be in master mode)? Here is my hypothesis: there are 2 radios, wlan0 and wlan1. Wlan0-1 is somehow a hybrid of the two, utilizing some weird feature that allows us to make a pseudo-interface that isn't actually linked to a specific piece of hardware, but instead shares the workload between the two radios... but that violates the fact stated in the statement above: they can all act independently of one another. Then, another article I read described wlan0 as the first radio and wlan0-1 as the second radio, but then, where did wlan1 come from? I thought it only had 2 radios? I understand that wlan0 is the open/hidden AP from the Networking module and that wlan0-1 is the managed AP, that much I gathered from /etc/config/wireless. So I guess my final question is simple: Can someone please please please please help me understand where these radios are on the actually hardware device?? I'm looking into building some upgraded antennas for parts of the Pineapple, and I'd like to know exactly how they will affect what. I do know that wlan0 is hooked up to the two antennas closest to the ethernet port, and that wlan1 is the two antennas closest to the reset button, but that still leaves the vital question: where is wlan0-1? Plus, I'm curious and confused. Those two aspects of me like to combine into either hours of research, or a forum post. I've tried hours of research with no results, and so here I am. Any help would be greatly appreciated. Cheers!

OK, I have not scripted anything in a number of years, and those scripts were either a batch file for powershell v1 and v2. I thought it would be fun to write a script that I could set to run at start up and use with a Raspberry Pi and the proper WiFi dongle to automatically capture open WiFi traffic based on the most active network. I would greatly appreciate the community taking a look at what I have and help me clean up and refine the code. <this is of course purely for educational purposes> I thinks this could also be converted to a useful pineapple module #/bin/bash # references the interface wlaninterface=wlan0mon # sets the base file name for the wireless survey recon=scouted # sets the file name for the pcap file to write too pcapfile=DaCapFile # sets the lenth of time to run the survey for - in seconds recontime=30s # sets the lenth of time to run the packet capture for - in seconds capturetime=600s # finds the open WiFi network with the most active traffic and get the channel number channel=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $6}') # removes the comma from the output of the previous line ch=${channel::-1} #finds the open WiFi network with the most active traffic and get the ESSID network=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $19}') # removes the comma from the output of the previous line ssid=${network::-1} # general house cleaning to remove previous captures rm $recon*.csv &> /dev/null rm $pcapfile*.cap &> /dev/null # setting wlan0 into monitor mode airmon-ng check kill airmon-ng start wlan0 # running the wireless survey airodump-ng -w $recon --output-format csv $wlaninterface &> /dev/null & sleep $recontime kill $! #running the packet capture airodump-ng -c $ch --essid $ssid -w $pcapfile --output-format pcap $wlaninterface &> /dev/null & sleep $capturetime kill $!

I do not know if is possible <Uber Noob Here> but I'm trying to automate the capture of open WiFi traffic to be used with a headless Raspberry Pi or possible WiFi Pineapple. What I have so far is a basic Bash script (which a plan to run on startup) that set the wlan0 into monitor mode. Then does a 30 second capture of airodump-ng and writes the results to a csv file. From there I can use grep to fine only the lines that apply of a bssid with open authentication. What I want to do next, and the part that I currently have issues with is to find the bssid (row) with the highest value for iv's (traffic) and out put the value to it's channel column. From there I plan to restart airodump-ng to capture traffic on that defined channel and write it to a pcap file. Any suggestions on how to accomplish this next step? or am I going about this all wrong?

Hello there! Anybody know about Warberry Pi ? I have a link which will take you to the code of it, but I don't have an exact idea about its technology and other stuff, and my question is what is the hardware required to use this? or only these scripts would work? Here's the link! https://github.com/secgroundzero/warberry

I've dual booted Kali Linux in my laptop. I tried to hack my WiFi password for the first time and was successful at it but from the second time on wards, I'm getting this problem wherein I'm not able to capture handshakes. No matter how many deauths i send and how many times i repeat it, still I'm not getting a handshake. Could there have been any mistake I might have did in the first time so that there could be these handshake errors occurring ?

What are the most possible things i can do with my Alfa AWUS036H? Other than wifi password hacking and flooding mode?

I am completely and utterly disappointed. i have been searching for weeks to find out how to preform a arp-poising MITM attack to sniff plain text credentials, the best thing i could find was Responder. There is no guide on how to use this explicitly on the WiFi Pineapple. I have basically paid $250 for a box. The last person to ask about this did not get anywhere in terms of help either. Please Can somebody in this entire forum show me how i can configure Responder to work on a Wireless network. Like from the ground level. What options do i select, do i connect in client mode (Wlan1, Wlan0) ect. Please, this was a big investment for me.

When I connect the TETRA to a Fedora Linux laptop, the wireless connection does not work . ( if I disconnect the y-cable eth connection wireless does NOT work ) ( if I re-connect the y-cable eth connection wireless does work ) this is very strange has anyone encountered this behavior..

I have google searched for a few days, but I was hoping that someone could give me the answer I need. What is the full character set for WPA/WPA2 passwords? I believe it is a minimum of 8 digits, but I have read that the maximum is 40 and also that it is 63. Could you please clarify? I know we have all upper and lower case letters and the numbers 0-1, but I would like to know what special characters are allowed as well. so what i have for sure is: 1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ There must be some special characters to add onto that. Thanks in advance.

Hi there, I am fairly new to using the pineapple wifi Mark V and have been getting used to it over the past week but there is something I am having trouble with. I am trying to make my pineapple completely mobile, I have a portable battery with it, I can get it to connect wirelessly to my 3g network and can access the management console with my android that is also connected to the 3g network (I can also do the same with my laptop). The problem here is multi tasking is not possible when I have it set up this way, when I attempt to go into recon mode and scan for clients/APs, I lose the connection from my pineapple to the 3g network and thus losing my connection to the pineapples management window... I am assuming this is because there is a clash with recon mode trying to perform on the same interface as the one that is connected to the 3g network? I am also trying to find a way to log the information retrieved from devices mac addresses and what SSIDs they are probing for which can be found in the logs part of the PineAP module. Ideally I would like to have them sent to myself in an email, I have configured my email configuration in logs and reporting but it doesn't seem to work for me. Any help would be much appreciated. Thanks

Hello all, I've been trying to do my own research but I've hit a wall. The problem I'm trying to solve is extending an ISP coaxial signal to a house that is set pretty far back from the road without running aerial or burial cable to the residence. I was toying with the idea of using MoCA to a 5GHz wireless bridge setup but I'm thinking that I'll lose the TV single on the other end due to the MoCA device operating on a different frequency range than the TV will expect. Also not able to locate something that'll just extend the coaxial signal over a wireless bridge as a commercial purpose made device. Any one ever toy or tackle this issue before or have thoughts on a solution?

I'm working on a visualisation of wireless signal strengths and wanted to check if i have the correct information. I have read that wireless signal strength ranged from -50db to -100db where -50db is a strong signal and -100db is bad. I've read this on an windows dev site, so my question is; is this only true for windows or it this the standard? Thanks!

Hello Everyone first post for me and i have a problem with Wifi.what the problem is the in-gated community my aunt is in has a contract with AT&T but they screwed up and didn't run enough lines to all the homes and they said estimated time of repair is within the next 2 years on top of that the contract states no other company can come in and place there lines so she is stuck without internet. but she live on the back wall side and about a football field away there is a time warner hotspot. i can get an account to use that wifi hotspot but i need a device to reach that and connect to it.log into the hotspot and receive the internet and shell it out to multiple PC's or a router in the home threw its RJ45 jack. when i emailed Ubiquiti i was told the PowerBeam M2 and M5 can do just that. so i spent 100 bucks and bought the PowerBeam M2. i have it on top of the roof aimed at the hotspot about 650-700 fetish now the problem is when i connect to the hotspot it says im around 70-90 -dBm around 70 noise. it stays connected for about 4seconds then drops and reconnects right away.i called time warner and the tech says the login auth was working but was getting what is called "Challenge TimeOut" i have the PowerBeam M2 wireless set to " Station " mode with WPA2_AES auth and under the networking part i have had it in "Bridge" mode with DHCP enabled. I Attached 3 images of the PowerBeam M2 GUI settings "Main, Wireless and Networking Tabs ". any help would be great and thank you ahead of time p.s.s sorry ahead of time to grammer and spelling nazi's :-p

txpower on laptop keeps switching from 20dbm to 16dbm everytime i reboot or restart my wireless in linux and ubuntu. My default txpower for my wireless interface is 16dbm but if i type "iwconfig wlan0 txpower 20" it goes upto 20dbm like it should. Its very annoying to do this every time i boot up my laptop just to get a decent signal. Is there any way to make it so that 20dbm is the default instead of 16dbm?