cooper
-
Posts
6,071 -
Joined
-
Last visited
-
Days Won
139
Posts posted by cooper
-
-
I actually scripted a sequence generator a while back:
-
The difference will be fractional. Generating a sequence in memory will be faster than a chunk of IO to acquire some structured data and then parsing that read data.
Personally, I'd separate the two. Isn't there a wordlist generator (crunch or something?) that can do the generating and just pipes out the data which can feed into oclhashcat. Is probably easier to make continue from a certain point and/or distribute sections of the keyspace to multiple machines.
-
Is this a good time to mention that BackTrack Linux 5 R3 (the newest) is almost 4 years old and has since been superseded by Kali?
-
Yubikey is the 2FA device, not a keystore. All you can feign is that you can't find the damned thing, which is quite implausible... Kinda like claiming to not know the passwords. Unless this frenemy is a child this excuse would last about 5 seconds.
You're putting a lot of time, money and effort into allowing a girl to be dumb. It's a lot more efficient to tell her to not be dumb.
-
You have 2 keys, right? Both are fobs and both should Just Work (tm), no matter what had happened to the car before. If the key and the car really did go out of sync it means that you're re-synced one key but not yet the other. I'm quite sure the key syncs to the car and not the other way around so if it really is a case of the two of them being out of sync the spare key should STILL be out of sync. Try that.
My guess is that whatever had happened put the car's lock system out of whack and it just wanted to verify that a valid key was present, i.e. inside the car. So bring the car to the dealer and let them run some diagnostics. This stuff should pop up and indicate in some way what happened when and with a bit of luck even how. While you're there, give the dealer an ear full about how such a modern car can be opened this trivially, and what THEY are going to do to prevent this from happening in the future.
-
-
I would recommend you follow the advices given in response to this ServerFault question:
http://serverfault.com/questions/123639/hp-ux-pa-riscitanium-virtualisation-on-x86-64x86
-
You're busy solving the wrong problem.
What you want is the PC to have multiple user accounts - one for her to get serious on, one for the frenemies who can go mental on the thing. At the end of a day, just wipe the frenemy account and make a new one.
-
Look at any of the talks by Arne Swinnen. He found a slew of issues in the Facebook and Instagram apps and indeed needed to do *something* within Burp, but I can't recall any more what it was. Here's a very recent one:
-
I'm puzzled. Did you actually try it?
Laptops are peculiar beasts. What works on one might not on the other. So give it a go and just report back. Many Linuxes have a live USB option so you can try without even removing anything from the system.
-
Many social media platforms have a means of reporting someone. Anything you want to do will have to go through them. They might require you to file a police report in case of serious issues. If you want to get information out of them that'll probably require a court order because of privacy issues, but you can ask them to keep this data around (as opposed to delete it along with the account) in preparation of this court order. They'll likely just inform you about their retention policy which basically means that if you really do want to get a lawyer involved, this is the timeframe within which you and your lawyer must now act if you really do want this to go anywhere.
-
It hasn't. Your comments are right here:
OP decided to triple-post his question around the forum and you simply replied to one of the other threads.
-
Mentioned because of this:
-
The way this community typically works is that you try shit, get stuck, ask a question and people help you along.
I'm not seeing the 'try shit' phase yet, so work on that and holler when you reach the 'get stuck' phase.
-
And as a minor aside, at https://sumofpwn.nl/ they're targeting WordPress for a month, disclosing what they've found at the end of this month and in just the first week they claim to have already found 1 RCE, amongst a host of other problems. When they disclose, you're probably going to want to make sure the stuff you chose to use isn't in there.
-
Someone mentioned this to me today, which rather drives home the message. Although it is, to some extent, still fear mongering...
Data on the Go
You're more at risk of identity fraud than you think. Sharing personal details like your date of birth, address and phone number can make you vulnerable. Don't make it easy for identity fraudsters. Start by setting your privacy settings. - www.identityfraud.org.uk
Posted by Cifas UK on Tuesday, July 5, 2016 -
So WPS is off and you're farther away from/transmitting with less power than the AP than the regular clients. What's strange?
-
Read your message closely and see what information about your situation you're divulging:
- Clients don't connect to your tetra
- No word on what these clients are (iphone, android, chromebook, windows laptop, linux laptop, macbook, wifi extender)
- No word on what, if anything, you did to get them to connect
- In fact, you may not have even managed to connect it yourself yet, while knowing the specific SSID and the password
- Worse, the damned thing could, for all we know, have been powered off. Your description doesn't even clarify this either way.
- You followed "all" the vids. Be SPECIFIC. There's a *LOT* of videos on youtube and I'm not going to watch them all hoping to hit the same ones you did.
- You now being frustrated only means you took too long trying to work it out before asking for help. The only cause for that is that person you see in the mirror.
I would suggest 2 things.
- Ask your question in the Tetra-specific section of this forum, here: https://forums.hak5.org/index.php?/forum/91-wifi-pineapple-tetra/
- Ask an actual, actionable question and provide LOTS AND LOTS of DETAIL. If the info you provide is vague, your answers are going to be vague.
So say, in disgusting detail, what you did, what you expected and what you noticed instead. That's the best way to get a useful, helpful response.
-
As you seemed to have established that existing guide(s) didn't help you, pick one and write about your experience following it. Allow others to chime in saying you took a wrong turn. Asking someone else to do a full, high-detail write-up for you to follow is the act of sucking other people's time which is why I suggest you spend your time making it as you try to get the thing to behave and allow others to correct you whenever they notice you do something off, which is much less time-draining for them.
-
The Pineapple is a wifi device that is by no means Kali-specific so for starters try using it with an OS you're intimately familiar with (and if that actually happens to be Kali, that's of course totally fine).
Next, take a text editor you're comfortable with, and write down everything you do with your Pineapple. So you get a sheet like:
- Turn on Pineapple, wait for light combo ...
- Open browser, go to http://1.2.3.4:5678
- Enter username root, password root and click continue
- etc, etc, etc
Start with reflashing the device with the latest firmware and without an SD card for now, just so we know the baseline and other people who also have a Pineapple can perform the exact same steps you are performing which should result in either a step where someone says "Hey, you're not supposed to do that like that", or someone says "Huh? I get something *WAY* different". I'm sure it sounds horrendously tedious, but the point is that, indeed, either YOU are doing something wrong or your device is defective. It's of no use to anybody when you (or anyone for that matter) to spouts off vague complains about the thing "not working" - we need a *precise* and reproducible scenario.
It also helps when you include in the list things that surprise you. Like "I was expecting X to happen here but instead I'm seeing Y (link to screenshot or anything)".
-
If you look at the headers of any email you've received, you'll find that there's a whole batch of SMTP gateway servers that chose(!) to add a line to the header.
There's NOTHING preventing a gateway from stripping some of those headers and/or adding a few extra more based on random data.
-
Nice. Thanks for that.
-
I remember the long-haired guy coming to Steel Con with you last year. Fairly sure I've seen the guy in the foreground before too.
Bottom pic: That is one HELL of a large antenna for a handset...
-
While I certainly appreciate the effort you've put into this, is there some document to reference that uses the same single-letter attributes to describe the same algorithmic elements? I mean, you already state in the struct that Eliptic_Curve.n is the order, so why not refer to that attribute as... well... order? Same for the others.
Has my street been hacked
in Security
Posted · Edited by cooper
Very interesting reading. It does imply that the lock being out of whack had exactly nothing to do with the attack since everything that was happening did so according to protocol.
The suggested mitigations seems valid too: Keep the key in a metal container when at home, or if you choose to leave it out in the open (on a table or something) verify that clicking the unlock button on the fob at that distance doesn't actually open the car.
Main thing though, which you thankfully did right: Don't keep important/expensive shit in your car overnight.