i8igmac

Can you dump the password hash... boot up kali usb on the machine... all the tools are there... many many years ago I did this with backtrack 2. The password dumping tools were located on backtrack /pentest/windows/binary/passdump.exe lots of cool binaries located in this directory, was fun uploading each file to a windows machine from meterpreter and see what each executable can do., I used to have a copy of all these binaries... Sbd.exe was bad ass netcat clone if any one can concur? I think kali has a windows-binary package in the repo

I could use this... I am on company data plan and there sending me a bill for data over usage. nott sure if this make sense or would even lighten the data usage... a squid like proxy caching for android

as cooper said. Create a new vm and install... But this rootkit stuff is alot of fun trying to sort out. Its been years since I have played around. find all the registry entries related to all scripts and executables.. HKLM /currentversion/run type stuff... There have been few rootkits that had me defeated... just experienced one the other night to fix a friend's Alienware machine. I just ran out of time and set him up for a reinstall... Could be a fun topic and conversation. " how to make a unremovable rootkit" Everyone can post All there working examples. " post all the possible registry entries where a rootkit Might hide..."

I would assume, the firewall has banned your ip... Try changing your local ip and perform a less aggressive port scan... it should look like normal activity... Ip change in linux. ifconfig wlan0 inet 192.168.0.66 Dhclient wlan0 Ip change on winblows ipconfig /release Ipconfig /renew Now the nmap scan nmap -O -p 135,139,445 (target ip)

Disregard my last post

my brain recalls years ago I was crafting all kinds of packets for ddos style attacks using hping3... I'm sure any packet can be crafted with hping just takes proper research and a understanding of the 3 way handshake

navigating threw a files system where a directory includes spaces is frustrating. Does tab completion work? Type the first sevral leters of the folder then press tab. ls name(tab or double tab) What about wild cards? ls name* ls name\ of\ folder\ location The slash enables the space to be read (not sure if my illiterate brain has served this up properly) You will find special characters will give you the same problem... if your file or folderhas fancy chars in it, place a slash befor it... "Name of location(2015)" ls Name\ of\ location\(2015\) \( \) \ <---space

You can make that alfa card work with airbase-ng instead of hostapd... hostapd is best used with atheros chip, the card and driver must support master mode... I would think hostapd gave out some errors? Ifconfig wlan0 down Iwconfig wlan0 mode monitor Ifconfig wlan0 up Airbase-ng -i wlan0 -c 6 -b wifipi (New tab device has been created at0) Ifconfig at0 up 192.168.69.1 Dnsmasq should have identical configuration as explained in the tutorial but the device name is at0

I agree with fugu, p0f is the tool that comes to mind. passive OS fingerprint sniffing. p0f -i eth0 Start up arpspoof to get some traffic passing threw eth0 or wlan0. Lots of tutorials online.

I have experience identical problem with DDWRT. can I ask you to confirm the problem with a separate tools/services.. ftp, http, netcat, can the machines establish a connection with out worrying about encryption keys. you say its a one way street. I have seen this with ddwrt via wifi connections... a machine connected to ddwrt by eth0 is accessible but not machines connected over wifi. Its also in my situation a random occurrence...

can you show virus scan results?

I have hostapd running on my pi... 2 alfa cards, one for hostapd and another in monitor mode. depending on the power consumption of these devices, may require a powered usb hub. ssh root@kalipi With my android phone I can accomplish alot threw ssh Install hacker key board on your android, tab completion works over ssh for quicker execution

A tablet/phone/labtop ssh to the pi?

Noice ^^

I have cleaned cap files before. When the are super large and only want the relevant information... processing extremely large pcap files eat up resources and causes delay results if you plan on processing the file multiple times over and over again... You should be fine.

I'm working on my pogoplug pro. I need to pull out the wifi card and replace with something supported by hostapd. 'Mini pcie atheros' searched on Amazon. Not sure if ill make the right purchase... Ath5k Ath9k Ath10k seem to be the drivers supported by hostapd. If any one has had success with a minipcie card please share a model number

Not exactly social engineer, you can arp spoof and inject a iframe src=metasploit.link exploit It can happen in the background when the client is web surfing.

I was also At chillis on the 16th and spotted my Samsung s3 was somehow connected to my ddwrt-v7 home network. I thought hmmm interesting, i logged the hardware address and My attorney will contact hak5 soon to take legal actions... Ps. change the default login credentials.

this device has a decent tool selection with a decent amount of automation and a user interface to help simplify certain tasks and techniques. Can give anyone the L33T hacker status at a party when conversation skills lack and you want to stand up a say look at me... Learning how this stuff works is a lot of fun. learning your way around linux is my suggestion and following tutorials on these exploit techniques. The problem here is the lifespan of a exploit like sslstrip. years ago I had so much fun exploiting, automating, hijacking traffic. if you design a device that relies on this exploit how long does the window stay open? The lifespan of all exploits are somewhat limited, patches come out and a new holes are discovered but not made public until the secret is passed onto a child who don't understand how to use it but wants to stand up at a party to show off what he can't do. Thanks to Edward snowden, security standards are now higher and tech giants are plugging these holes to ensure long term customer security. (Or so they say)

https://blog.g0tmi1k.com/2011/01/owning-windows-xp-sp2-vs/ client side attacks... try this tutorial

Looks about right... this fire wall wont let connections in BUT outbound trafic is allowed, you can exploit this with a crafted web link. You should look into client side attacks for port 445... metasploit will launch a webserver hosting exploit code, when the target machine clicks the link, you should see the magic happen. This also means your payload should be configured as a reverse_shell of some kind.

With the firewall turned on. Run a nmap port scan on 445 Metasploit says the connection timed out on port 445

I think the fire wall blocks income port 445. Exploit fails.

This device I found on Amazon CECTDIGI android ultra-thin mobile phone @175$ I hope to get some ideas for a mini battery powered android device I could make into a sports music Pandora player. I skateboard every year and hope to find a extremely small device that will sit in my pocket unnoticeable... small as possible. Battery power, a few hours. Android/linux. Wifi 2.4ghz. Headphone jack. with some start up scripts, I can make do with out a touch screen, But would be... if it was wifi enabled I can place my phoone in my car with a hotspot enabled... I was thinking about android watches? But have not looked much into these... Any hacky ideas?

I have seen these kinds of packets before... my first thought was maybe these are attempts to exploit a specific wireless chip. I seen metasploit has broadcom exploits maybe worth reading the source on these types of exploits... I have also seen 00:00:00:00:00:00 access point with wep encryption... I find strange...