i8igmac

do you have this gpu in your possession? Post your pyrit benchmark speeds. My labtop is around 13000per second nvidia 560m and my desktop was like 17000per second. Nvidia something... So, a little bit of math. 36**8=2,821,109,907,456 2.8 trillion combinations possible. And how many seconds will it take me to complete the 2.8trillion using 2 of my machines... 36**8/30000=94,036,996 It will take me 94 million seconds to complete this 2.8trillion crunch... but we hope to find it half way threw lol... 31,536,000 thats how many seconds in a year so... 3 years of my machines crunching away at this...

Are you watching the live data pass threw the wire? Step one, start a packet capture tool (wireshark, tcpdump, tcpick, etc) capture 2 packets, $request and $response... !step one (Bigmacs way) open 2 terminals and launch 2 cammands... this will filter out the client request and the server response in separate windows. Tcpick -i eth0 -bPS -C Tcpick -i eth0 -bPC -C with your browser, send off the packet your trying to mimic and then copy down the request and response. Open a 3rd console, nc place.ip.address (press enter) (Paste a copy of the request from step one) (Press enter twice) 2 new lines represents the end of the request. If a exact copy of the request is sent off and fails, then this will show that the token must be updated after every transaction... With these 2 consoles still running, you can now attempt curl commands and watch live results... you may also want to try wget... maybe there is a token that changes after every request, witch will require some trickery. burp suite is updating this token automatically

I do the same thing. I have been running a raspberry pi Kali machine with 2 Alfa cards, you will need a usb powered hub witch makes it a mess of wires. .. I purchased a pogoplug for 15$ off Amazon that can run debian witch has enough power to run all the devices you want plus hard drives...

Try some of those client side attacks, smb Windows file share exploits... try sending a pdf attachment or mp3 Internet explorer I would guess. Grab the user-agent of the machine. .. How can I unroll into this class... my Brian is automating the email exploit process...

I never tried. But if your instructed to do so. I would assume it works fine. I have netcat on all my machines, first learn netcat basics. Try and have 2 machines connect and communicate. Send files threw the pipe. Maybe try a quick webserver... LEARN THE BASICS... follow all the tutorials you can find with netcat. Would be worth writing a tutorial and make it sticky... If 2 machines can connect with netcat, then so will meterpreter , always test your connection s with netcat first to know for sure there is nothing blocking the connection.

I have read articles about XOR being detected religiously. the method you come up with should be unique, what if you simply base64 encode the key log function, I would assume saving the file to the hard drive will not set up any Flags.

This looks like fun. What if was staged. Get the keylogging function from a remote location so it never hits the hard drive?

Try other WiFi cards that use different drivers.

Try Curl A "Mozilla" -h -c "session" link-here

Maybe check each machine on the network for hops... If you have a lab setup. Try this command Nmap -O -v 192.168.0.* I think bridge mode puts this VM machine on the same subnet as the hosting machine. The hosting machine should be another hop...

I would think a string exist in ram. When ram is maxed out then you will discover the break point... BUFF="" 100,000,000.times do |x| BUFF<<x Puts BUFF.size # puts the buff size # buffer will grow by one, until the buffer is maxed out. End

ruby on rails so, im updating this post... server sent events is the new subject... with use of actioncontroller::live i can do live streaming of data with my web browser... ill post some example code that has allowed me to run a linux application on my web server, stream each line as live output to the web browser... when the command completes the page will respond with a DONe message... it was a little tricky finding exmaples that worked well enough to build off... /app/controllers/messaging_controller.rb require 'open3' class MessagingController < ApplicationController include ActionController::Live def send_message response.headers['Content-Type'] = 'text/event-stream' #response.stream.write "data: #{l.chomp.to_json}\n\n" #run a application, until it finishes Open3.popen3("ping -c 10 google.com"){|i,o,t,p| while l=o.gets response.stream.write "data: #{l.chomp.to_json}\n\n" end} #kill the process on completion response.stream.write "data: kill_stream\n\n" rescue IOError puts "error" rescue ClientDisconnected puts "he discconected" ensure response.stream.close end end this will run `ping -c 10 google.com` and send each line to the web browser. when the execution completes, this controller will send the client a kill_stream message. here is a index file that will connect to the action controller and display the stream as it happens... there is a #progress id and a #Kill id... each message will show in the appropriate div... /app/views/messaging/index.html.erb <div class="container-fluid"> <h3>Completion</h3> <div class="panel panel-default"> <div class="panel-body"> <div id="kill"></div> </div> </div> <hr /> <h3>Progress</h3> <div class="panel panel-default"> <div class="panel-body label-success"> <div id="progress"></div> </div> </div> </div> <script type="text/javascript"> jQuery(document).ready(function() { setTimeout(function() { var source = new EventSource('/messaging'); function eventLogger(event){ if (event.data == 'kill_stream') { $("#kill").append("DONE.." + "<br>"); source.close() } else { $("#progress").prepend(event.data + "<br>"); } } source.onmessage = eventLogger; }, 10); }); </script> and you need to modify your routes.rb /config/routes.rb root 'messaging#index' get 'messaging' => 'messaging#send_message'

go for the dual boot. dual voot installation is automated... My suggestions, install kali first with the gui... then install linux mint with the gui and select 'side by side installation" So the mint will boot first by default.

this works good enough... ip route delete default dhclient wlan0

I agree with this...How much hard drive space do you have... dual boot is nice some times...

i have looked into a few examples of metric, seems like it could be the right place... so, ill start off by showing what my machine looks like with wlan2 down... im ssh into the machine by eth0 turdsplash@192.168.96.148# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.96.1 0.0.0.0 UG 0 0 0 eth0 192.168.96.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 all my machines can talk threw this gateway... here is a little trick to get your external ip address turdsplash@192.168.96.148# curl http://ifconfig.me 71.212.63.195 Typically if you want to use a wireless card to connect to a access point and start surfing the internet, you would do something like this... turdsplash@192.168.96.148# wpa_supplicant -Dnl80211 -iwlan2 -c/etc/wpa_supplicant.conf –B Successfully initialized wpa_supplicant wlan2: CTRL-EVENT-SCAN-STARTED wlan2: SME: Trying to authenticate with 14:ab:f0:11:d0:90 (SSID='HOME-D092' freq=2412 MHz) wlan2: Trying to associate with 14:ab:f0:11:d0:90 (SSID='HOME-D092' freq=2412 MHz) wlan2: Associated with 14:ab:f0:11:d0:90 wlan2: WPA: Key negotiation completed with 14:ab:f0:11:d0:90 [PTK=CCMP GTK=TKIP] wlan2: CTRL-EVENT-CONNECTED - Connection to 14:ab:f0:11:d0:90 completed [id=0 id_str=] turdsplash@192.168.96.148# dhclient wlan2 RTNETLINK answers: File exists authentication worked and dhclient has issued me a new working ip address of 10.0.0.24 you can now ping all the machines on this newly accessible network... turdsplash@192.168.96.148# ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=9.17 ms ^C --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 9.172/9.172/9.172/0.000 ms turdsplash@192.168.96.148# nmap -sP 10.0.0.* Starting Nmap 6.40 ( http://nmap.org ) at 2016-03-06 20:06 PST Nmap scan report for 10.0.0.1 Host is up (0.0023s latency). MAC Address: 14:AB:F0:11:D0:91 (Arris Group) Nmap scan report for 10.0.0.19 Host is up (0.11s latency). MAC Address: 2C:41:38:3D:0B:54 (Hewlett-Packard Company) Nmap scan report for 10.0.0.24 Host is up. Nmap done: 256 IP addresses (3 hosts up) scanned in 24.20 seconds all is going as expected, until you try and ping google.com and you notice the packets are still passing threw the default gateway assigned to eth0... this default gateway assigned to eth0 is the priority for many reasons, one might be quality or strength of this connection is better. turdsplash@192.168.96.148# curl http://ifconfig.me 71.212.63.195 you can see above, that this machine is still using the same ISP (external ip address) (instead of the new one) at this point here is a route -n showing eth0 is still holding the default gateway turdsplash@192.168.96.148# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.96.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan2 192.168.96.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 so, to complete the connection you have to perform these next 2 steps (i hope to eliminate the ip route commands) turdsplash@192.168.96.148# ip route delete default turdsplash@192.168.96.148# ip route add default via 10.0.0.1 turdsplash@192.168.96.148# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 wlan2 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan2 192.168.96.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 turdsplash@192.168.96.148# curl http://ifconfig.me 73.225.146.158 now things are working as it should... you can see the new isp address and the default gateway the traffic is passing threw... i hope to simply run 2 commands to complete this interface (wpa_supplicant and followed by dhclient) Mr-protocal made a suggestion of changing the metric values but i have not been successful... maybe some example commands? How to remove this eth0 priority

Thank you for this. perfect!

Nice video. Can some post the script on pastbin... I would like to view source... It looked like the networking service was restarted at the end of the video that suggest a wpa config was made with the pin configured and authentication with the access point was completed?

http://www.t1shopper.com/tools/port-scan/ I use this tool when checking of a port is open... make your changes and try the scan again... Are you using a modem and a router?

I have 2 systems that share the same situation... (I'm sure all linux will do this) Debian arm version 2016 network-manager was not present but I see networking service. It fails to stop when I run service stop (witch was frustrating) I had hopes to find exactly what controls this priority scenario... If eth0 is associated then Hold this gateway. what if eth0 does not provide internet? Its still the priority over any other device! In my situation, eth0 is simply providing me remote access via ssh server... (I wont be able to. Test your commands until I get home)

my understanding. If eth0 is up and working, then you launch wpa_supplicant -iwlan0 Eth0 gateway ->192.168.0.1 Wlan0 gateway->10.0.0.1 You will notice eth0 is still the active connection. route -n will show the gatway is still 192.168.0.... I can change this with ip route gw add via 10.0.0.1. so, what service or config is responsible for device priority? eth0>wlan0

my understanding. If eth0 is up and working, then you launch wpa_supplicant -iwlan0 Eth0 gateway ->192.168.0.1 Wlan0 gateway->10.0.0.1 You will notice eth0 is still the active connection. route -n will show the gatway is still 192.168.0.... I can change this with ip route gw add via 10.0.0.1. so, what service or config is responsible for device priority? eth0>wlan0

if you remove a antenna while the device is still powered on, I think Andrew McNeill has said this may cause damage to the radio... I may have experienced this kind of damage when building my own antennas... but its hard to say the exact cause in my situation... if you see zero access points then I would say this damage is permanent... Bigger Xdbi Omni directional antennas, work very well in the right situation... you will achieve much farther distance but line of site matters greatly. Every wall or object will effect the signal, even rain fall can effect your signal when dealing with great distances... if you look at your smaller dipole antenna, it will produce a invisible radiation Bubble... this big bubble can cover multiple floors very well because of its height and width. If you look at a 9dbi omni directional antenna, it will produce the Same amount of radiation but squeeze this bubble into a pancake and now you can cover a greater distance but no longer reach the second floor of a building... Maybe look into directional or semi directional