TAPE
-
Posts
27 -
Joined
-
Last visited
Posts posted by TAPE
-
-
Title perhaps a little strange, but I recall a post here on the forums ages ago (cant find it :( ) where
the hiding of a dual installed OS was done by being able to boot it up using a flashdrive.
So when starting the laptop you would simply boot straight into windows, but if a flashdrive
was present you would be able to boot into the other OS installed..
Could someone perhaps give me some guidance on how best to accomplish this ?
Not sure whether I am explaining it properly, but perhaps someone out there able understand me ;)
Thanks !
-
Your bluetooth should show as hci0 so can check its status with hciconfig
you should then be able to see packets in wireshark for instance.
-
There are quite a few bluetooth scanners / loggers available on backtrack, but when you say low
power consumption not sure whether that is what you are looking for..
Some usage examples on previously available tools on BT ;
http://adaywithtape.blogspot.nl/2010/09/bluetooth-mayhem.html
You can also use Kismet if I am not mistaken.
-
Hehe,
Just thought I would put the link up of an article I
came across mentioning Darren and the latest Pineapple in NL ;)
http://webwereld.nl/analyse/109810/nep-wifi-ligt-op-de-loer.html
-
-
-
Well I call BS on the information on that site with regards to speed in finding a 10 digit numeric password.
My setup is ;
Win7
i7 2600K CPU 3.4GHz
8 Gigs Ram
nVidia GTX 590 GPU
Now when running oclHashcat and basing it on 10x numeric values, my system would take
just under 2 days days to run through it. NOw I realise standard desktops are getting
better and better, but I dont consider mine a fully standard one tbh.
c:\oclHashcat>cudaHashcat-plus64.exe -m 2500 -a 3 -n 80 capture_fubar.hccap ?d?d?d?d?d?d?d?d?d?d
cudaHashcat-plus v0.07 by atom starting...
Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 64
GPU-Accel: 80
Password lengths range: 8 - 15
Platform: NVidia compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: GeForce GTX 590, 1536MB, 1225Mhz, 16MCU
Device #2: GeForce GTX 590, 1536MB, 1225Mhz, 16MCU
Device #1: Allocating 192MB host-memory
Device #1: Kernel ./kernels/4318/m2500.sm_20.64.cubin
Device #2: Allocating 192MB host-memory
Device #2: Kernel ./kernels/4318/m2500.sm_20.64.cubin
tatus [p]ause [r]esume [q]uit => s
Status.......: Running
Input.Mode...: Mask (?d?d?d?d?d?d?d?d?d?d)
Hash.Target..: FUBAR
Hash.Type....: WPA/WPA2
Time.Running.: 1 min, 51 secs
Time.Left....: 1 day, 23 hours
Time.Util....: 111429.5ms/725.2ms Real/CPU, 0.7% idle
Speed........: 58814 c/s Real, 65038 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 6553600/10000000000 (0.07%)
Rejected.....: 0/6553600 (0.00%)
HW.Monitor.#1: 99% GPU, 66c Temp
HW.Monitor.#2: 99% GPU, 69c Temp
tatus [p]ause [r]esume [q]uit => q
Status.......: Aborted
Input.Mode...: Mask (?d?d?d?d?d?d?d?d?d?d)
Hash.Target..: FUBAR
Hash.Type....: WPA/WPA2
Time.Running.: 2 mins, 1 sec
Time.Left....: 1 day, 19 hours
Time.Util....: 121901.9ms/791.4ms Real/CPU, 0.7% idle
Speed........: 64514 c/s Real, 65040 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 7864320/10000000000 (0.08%)
Rejected.....: 0/7864320 (0.00%)
HW.Monitor.#1: 99% GPU, 67c Temp
HW.Monitor.#2: 99% GPU, 70c Temp
Started: Thu Feb 09 21:06:11 2012
Stopped: Thu Feb 09 21:08:13 2012
Now if you had a beast of a machine like the links in the bottom of my post, then possibly in a couple of hours.. but 40 seconds.. never.
http://adaywithtape.blogspot.com/2012/02/wpa-cracking-with-oclhashcat-plus.html
The wordlist size for a 10 digit numeric wordlist seems correct (104904MB), I would
be surprised if bofh28 got his calculations wrong ;)
You can test the calculation yourself with the following info ;
(x^y) * (y+1) = size in bytes
x = The number of characters being used to create the wordlist
y = The number of characters the words/passphrases in the wordlist have.
So in your case enter the below in for instance Google ;
(10^10)*(10+1) bytes to gigabytes
-
I just wanted to revert on the issues I have/had been experiencing with reaver v1.4
As previously mentioned reaver v1.3 was/is working fine on my test setup, however
v1.4 failed to associate each and every time, no matter what I tried.
I managed to bypass that issue by associating to the AP with aireplay-ng and
then using the -A switch when running reaver v1.4 ;
So first running the aireplay-ng fake auth on the router ;
mon0 aireplay-ng mon0 -1 120 -a 98:FC:11:8E:0E:9C -e FUBAR
then running reaver with the -A switch ;
reaver -i mon0 -A -b 98:FC:11:8E:0E:9C -v
That resulted in much better results !
updated blogpost ;
http://adaywithtape.blogspot.com/2012/01/cracking-wpa-using-wps-vulnerability.html
-
This is really fascinating. I didn't know this post would get this so many replies
Maybe because your topic was mentioned WPA in 10 minutes... that gets everybody's attention :D
Have to admnit this is a scary flaw indeed, I have been doing some checking and there are
a LOT of vulnerable routers as far as Walsh / Wash is showing..
When this tool first came out I thought I wouldn't be in trouble as router did not have WPS configured..
but oohhh yes I was !!
http://adaywithtape.blogspot.com/2012/01/cracking-wpa-using-wps-vulnerability.html
By the way, I am having trouble with the v1.4, Wash works great, however when running reaver it
seems to have problems associating..
Is there any limitation on that read only download ?
v1.3 works fine, so I am a little confused...
-
I'm loving it :)
nick: TAPE_RULEZ
I even got a server running, but located in NL so not of much use to
you folks too far off..
For the locals though, do a search for: Dutch Gaming Rotterdam
I increased the tickets to 600 as well for some decent play time
and reduced the min players to 1 so that you can do some
flying practice on quiet times.
-
Didnt seem to work for me..
Just dropped in in directory as you suggested. Didnt try anything else.
Edit
-----
That was a bit of a brief post done late ;) to elaborate ;
> Running BT5 KDE 32bit
> Downloaded the cewl_1.9.1.rb file
> Dropped file in '/pentest/passwords/cewl/' directory
when running got error ;
root@bt:/pentest/passwords/cewl# ./cewl_1.9.1.rb
./cewl_1.9.1.rb:61:in `require': no such file to load -- spider (LoadError)
from ./cewl_1.9.1.rb:61:in `<main>'
-
Yep, would have to revert to previous ruby version ;
-
And the challenges are not as straightforward as you may expect.. very interesting to see though !
-
His series has done the same for me, I always liked the wireless side of things
but just learned how to use the tools without really having the required knowledge
of what was going on.
Now I find myself just scrolling through wireshark captures for fun, which is new..
I also just have a good time watching the episodes, there isn't a single episode
wherein he doesn't make me chuckle :D
-
I must say that I am really liking that series as well, a very detailed look into
what is going on.
The use of wireshark in such detail is a first for me to see in videos as well which
I find very interesting.
Just hope he is able to continue with his usual enthousiasm as he is pumping out videos
like there is no tomorrow !!
-
Don't like plugging my own stuff ;) but the below post
may help you in trying out what kind of encodings can get
by some AV's.
As mentioned though, DON'T upload to VirusTotal for verification
if you want to be able to use a working encoding method in the
near future..
http://adaywithtape.blogspot.com/2010/05/creating-backdoored-exe-with-metasploit.html
-
To be honest I am not sure, I believed it used the CPUs to the max advantage
however no CUDA support as far as I am aware of.
It is pretty fast anyways and the wordlist generation speed is not going to be
the limiting factor when testing it against WPA passwords.
Its a great tool though, I hope bofh28 will have v3.0 out soon, am testing
latest version (v2.9) and discussing with author, hopefully few quirks will
be ironed out for that update.
-
@ OP
You are looking at crunching through over 36GB of data with that command.. and just using cowpatty like
you are is gonna take a wee while ;)
Check out below link for info on wordlist sizes, but the latest revision of crunch will
show that automatically for you.
(use the -u option to supress that info when piping it through)
-
The 1.8 gig wordlist that you are talking about is actually a rainbow table, that means it contains pre-comuted hashes (of the ESSID and possible passwords from a dictionary).
In order to be able to use rainbow tables, you must have the tables for the specific ESSID, it has nothing to do with the MAC address.
The crack can also be done using wordlists, however this is a lot (A LOT) slower, but if there is no rainbow table
available for your specific ESSID, then you are left with either using a simple wordlist, or making your own rainbow table.
There are many, many videos on cracking WPA/WPA2, do a google on using cowpatty and you should get some relevant hits.
-
Try using:
title Ophcrack kernel /bootoph/bzImage rw root=/dev/null vga=normal lang=C kmap=us screen=1024x768x16 autologin initrd /bootoph/rootfs.gz
/Hits self..
Having the correct 2.3.1 live cd version would have helped :)
Thanks !
-
I'm still having some trouble with the Ophcrack live cd..
Have tried various alterations, and lastly this one
title OPHcrackkernel /bootOPH/vmlinuz rw root=/dev/null vga=normal lang=C kmap=us screen=1024x768x16 autologin
initrd /bootOPH/initrd.gz
(boot folder on the root of usb = boot OPH)
however am not having much luck :(
An pointers from those who have it up and running ?
edit
-----
Have copied the files from an 8Gig SD card on which I had the live usb & XP special tables..
-
You'll appreciate this one Digip :) still looks great and you still should have got it on the standard if you ask me.
-
Any further news on this by any chance ?
I have been downloading a couple (http://www.offensive-security.com/wpa-tables/),
some seem fine, some not able to start.. and a couple stopped at 60 / 80 % :(
I have been working with Renderman to setup a backup tracker to the Schmoo group on the OMGIRC servers. I will update this posting once its up.At the moment we are looking for users that have successfully downloaded the hashes to start seeding on the backup torrent tracker. Private msg me if you can help!
-
Would imagine that if the WiFi is provided for by the appartment building, then no problem actually getting WiFI connection, just how to see the router is different story I agree..
And more than likely not want what the appartment WiFi admins want you to do..
Booting Os On Harddrive Using Flash Drive Boot
in Security
Posted
Thks digip,
Basically I have backtrack in dual boot with my xp on a netbook, and was wondering how
to set it up so that when booting it goes straight into xp without the boot options screen
from showing.
Then get the boot option for backtrack when a usb drive is plugged in.
I was being lazy and havent done any checks/tests on how to do it yet myself, will dig deeper ;)