xpath
-
Posts
12 -
Joined
-
Last visited
Posts posted by xpath
-
-
-
A way to protect yourself which has been mentioned a lot is to create a fake access point and save it to your devices. So if your laptop or iPod Touch or whatever sees the network called "Pineapple Proximity-abc123" that you created then it can work as an alert system to say "Hey this might not be a good place for WiFi Banking".
and how many average people would know how to do that excatly? lulz
microsoft and hardware Co's should do some thing about this to help protect users from this kind of attack.
apart from being a easy to use pen test tool they offer little other function.
and to be honest you can do everthing the pineapple can do in linux alone.
-
its all good making things like this, but there is little information (ok edit there is little information avaliable to the general public)
on how some one can protect them selves from the "skiddy" who missuses the devices
that are being sold @ the shop.
an interceptor and pineapple all in one would be good for proper pen testing but as far as being useful
for the wanerbe hacker its just an over priced toy to anoy people with.
-
First off let me say that I'm very new to linux. I know basic commands but that's about it. I decided to try my hand at really learning linux and security testing at the same time. To that end I installed BackTrack5 on an old Acer Aspire One netbook. Now I'm trying to set up an Alfa AWUS036H. It doesn't seem to be recognizing it. From the searching I've done it seems that the proper drivers for this adapter are already built in to BT5. I've tried manually adding wlan1 to the /etc/network/interfaces file to no avail. I know it has to be something really simple that I'm missing and I'm probably going to feel like the biggest idiot but I'm really not sure what to do. Any assistance would be much appreciated.
does it work with windows or any other OS when you install the required drivers for the os?
i didnt have any problems using mine with BT5 or windows xp/7
you might have a faulty card if it wont work with any other os.
-
Open it in a text editor, convert the base 64 to a binary, save as rar file.
I managed to find all the the other files, including a blank PNG I assume has a hidden stego message in it. Didn't manage to find or crack anything on it though. All in all, I thiunk there were 4 docx files with some embedded blank images, all of which say "this is file 1 of, 2 of, etc."
ok il try that .
i also came across some http trafic on port 80 that linked to a microsoft site. when i loaded the data the page loaded but there was a missing image
this might have been the .png file. so il keep hunting for ideas :D
-
yeah it's in plain text labelled backup password , and if you get that far you'll see 3 text files like the one I posted above and a fourth one..
yeah the password and rar file were easy to find, but when i try to open the rar file
i get a message saying archive unknown or damaged. have tryed downloading a new .pcap using
other browsers and disabled antivirus
im using network miner to extract the .rar file.
but found them it wireshark.
-
It does sound like a cool idea to help bring some awareness to those who don't have some basic form of protection on there wireless
networks, it cant hurt to let your locals know that open are a bad thing. but as the others have said the average home user
is not going to understand whats going on. you could write up some very basic reports to explain the issues to them.
but this will also help you with your report writing skills because the report in a proper pen test is properly one of the most important
things you are providing the enduser.
but to be honest you would be better off setting up your own networks and pentesting them from out and inside
and the writeup your reports. because you wont really get much use out of cracking the hockey moms WiFi password, other than developing
your cracking skills or using tools like the pineapple. its a very grey area you are talking about but just be carful how you implement your
plans.
-
I realize I should have been more descriptive earlier, but sadly it's not a ribbon cable. It's literally 6 2-pin jumpers, of which 3 are fake and 3 are real. They apparently really don't want anyone to get into these things.
In the pictures below, you can see the jumpers as well as the sliding trays that were attached to the side walls that pulled them all off.
i didnt realise you had posted the same question in another thread, so here is the link to the thread
ive helped you out with. can a mod please merge
-
this might help you
http://forums.att.com/t5/3G-MicroCell/jumper-locations/td-p/2734453/page/2
and also this,
http://www.reddit.com/r/netsec/comments/d7450/i_just_recently_got_my_hands_on_a_attcisco_3g/
wish there was an edit post button
-
Has anyone out there successfully taken apart an AT&T Microcell? I managed to get the thing apart, but I accidently pulled the 6 jumpers on the PCB, which act as a kill switch if not replaced in the correct way before powering back on (3 are fake jumpers and 3 are real ones, I believe). I need to know how they go back on.
this might help you
http://forums.att.com/t5/3G-MicroCell/jumper-locations/td-p/2734453/page/2
-
Saw the episode from Defcon coverage and saw the Silica software from immunity inc. looks great. However, I am wondering if there other software out there that is all-in-one type software that I can run either on my macbook pro or in a virtual machine (running Parallels).
Thanks
if your looking for an interface based pen testing product and you cant afford immunitys silica
check out secpoint.
http://shop.secpoint.com/shop/the-portable-penetrator-357p.html
they sell various licence types. and the basic version [not the lite version] only lets you scan 1 ip per session.
and has no updates. the other versions have 3 years of updates an still 1 client scan.
the price goes up depending on how many concurrent scans you wish to have, IMHO
the immunity product is much better and will have greater support. iam not saying this product is FAIL
but its a quick and easy tool for the beedroom bound n00b who wants to be a "l33t haxor" with out having to learn
backtrack.
Power Plug Pwn
in Security
Posted
http://pwnieexpress.com/products/power-pwn
its a pineapple that is static and connects to the wall outet.
what do you guys think about it and can we use any of the features in this
device in the next build of FW for the pineapple?