i8igmac

Nethunter is kali?Root@kali:~#ruby autopwn.rb @datahead I don't know much about reavers pixisust fuction. my understanding, k1 k2 k3 will target a specific chip driver?

currently, my raspberry pi in my attack space, is running kali 1 updated reaver that includes pixiedust Aircrack-ng 1.2 rc1 (i dont think it will matter) how many cards do you have? my previous post i was successful with only using one card and creating multiple tap interfaces mon0 mon1 mon2 mon3 there is a bit of a adjustment i need to make to better performance with this method... Your better off running the script like below... @device_list=ARGV[0] change this line at the top of the script... open several terminals, and run like this... of course stop network managers and such... ruby script.rb wlan0 ruby script.rb wlan1 ruby script.rb wlan2 ruby script.rb wlan4 ruby script.rb wlan5 there is so much to explain and i will fail to get the information out properly ,-) different devices show different scan results, so, same goes for devices using different antennas... i hope to get more time to modify things and help you create a better video! i feel like a nerd talking to his labtop

#ap_scan=2 network={ ssid="mywlan" scan_ssid=1 proto=WPA RSN key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP psk=b22ec921c254c73f99b31b76ff876692ecde36839a1f2d92150829e6afcb5515 } I have looked at some quick examples of wpa_cli... group, pairwise, key_mgmt, proto... these variables will be automatically configured? If I set a minimal config that only includes ssid and psk, wpa_cli can automate the rest of the configuration process?

Iwlist scan will report all the information you need to know about a access point. to build a proper config for use with WPA supplicant you need to include the access point variables in your config file. if the access point is not satisfied with your config file used during Association. you will be disconnected from this access point. I was thinking about automating this process but I wonder if this has already been done? All the tools that already exist for this process? Sorting threw iwlist scan and building a proper config file?

I hope to get help with the java script... I can put this script on jsfiddle for online testing... I need to mark the focus point on the grid... Java script experts?

So, im back on this project, i have a working printer now...a simple proto type, i can glue some tin foil to construction paper and cut out the templates printed from this online parabolic plotting tool... the second more sturdy prototype, i also built a spot welder out of a old micro wave transformer... i can spot weld sheet metal together... Looking at this online tutorial i still struggle to locate this focal point(left side, right side) on the horizontal grid... i hope to modify the source to place a X at the correct location... this will make a excellent wifi antenna...

I should make a tutorial on traffic watching and how to reproduce the stream with tools like curl, wget, netcat and ruby... Apt-get install tcpick This is a tool I use daily, its a lot like tcpdump... a console base traffic sniffer... With 2 consoles run these 2 commands... tcpick -i wlan0 -bPS -C tcpick -i wlan0 -bPC -C Now with your web browser, log into the web page... you will see the traffic in both consoles. One console will show your client request... the other console will show your server response ... You can then press ctrl-c with both console's to kill the application... copy the data you see into a text editor... You can now start both console's back up then run your hydra, wget, curl tests... watch the traffic and identify when you have a proper authentication...

if you send a proper request, you should see a response... if you already have a scripting language of choice. you truly are better off. a tool like Hydra is developed for a broad range of protocolS. any plugins modules or firewalls this server may have installed could potentially cause Hydra to miss... you need to look at the traffic, investigate 2 scenarios... what would a failed response look like? what would a successful response look like? what I have done in the past through a scripting language, sort through your password list processing each line with wget you can then grep threw the output files generated by wget. this is a fun subject. I encourage you to spend the time and experiment on other services as well... you will come across firewall rules that make this subject much more exciting :-) Like a chess game with your eyes closed.

you will have more success scripting your own tool rather then depending on some one else's tools... As cooper said. Open up a packet capture tool and look at the client/server headers... if u can duplicate what u see on the wire with hydra. Test with a single "-u admin -p password" until u see the proper results You can use curl or wget...

i

glad to see it worked for you... i figure it would work out of the box on a kali machine... Update on my findings using one wireless card to attack multiple access points in a multi-threaded or multi-processed fashion... i did successfully crack a new device with this configuration... @device_list=["mon0","mon1","mon2", "wlan1"] i ran airmon-ng start wlan1 several times on a single wireless card to create multiple tab devices... then launched the script... this script is designed to micro manage multiple interfaces... i would like to see if any one abjects to this kind of setup... i have done this before in the past with other kinds of attacks... Take a look at this scan of airodump... airodump-ng wlan1 --essid-regex=my z0:4A:03:C3:D6:B5 -55 17 0 0 11 54 . WPA2 CCMP PSK myqwest6671 z8:39:44:5B:48:AC -56 20 0 0 6 54e WPA2 CCMP PSK myqwest6322 z0:26:88:E2:CF:28 -60 6 1 0 11 54e WPA2 CCMP PSK myqwest3957 z0:24:7B:6F:A5:D4 -66 6 1 0 11 54 WPA2 CCMP PSK myqwest6947 airodump-ng wlan1 --essid-regex=HOME z4:04:15:0F:42:14 -48 11 0 0 11 54e WPA2 CCMP PSK HOME-7EC8_EXT zC:35:40:75:38:99 -53 10 0 0 1 54e WPA2 CCMP PSK HOME-3899 z8:7B:8C:26:EE:F5 -54 3 2 0 1 54e WPA2 CCMP PSK HOME-051F_RE z8:F7:C7:66:19:8F -56 11 0 0 11 54e WPA2 CCMP PSK HOME-198F z0:71:C2:EF:7E:D0 -56 10 0 0 11 54e. WPA2 CCMP PSK HOME-06B1-2.4 z4:AB:F0:11:D0:90 -62 4 0 0 6 54e WPA2 CCMP PSK HOME-D092 z4:BE:F7:E8:BA:48 -63 4 0 0 6 54e. WPA2 CCMP PSK HOME-5AF7-2.4 z0:1D:D4:8C:19:00 -63 5 0 0 6 54e WPA2 CCMP PSK HOME-1902 z4:85:2A:97:9D:D8 -67 2 0 0 6 54e. WPA2 CCMP PSK HOME-7804-2.4 why would you think these routers share the same name? perhaps these are identical devices, identical firmware or ihardware issued by identical Internet service providers...Look at these cracked pins... ill bet you money i can guess the default pin for all the routers above! wlan1 z0:26:88:E2:CF:28: [+] WPS PIN: '12345670' wlan1 z0:26:88:E2:CF:28: [+] WPA PSK: 'pupy20103251' wlan1 z0:26:88:E2:CF:28: [+] AP SSID: 'myqwest3957' wlan1 z0:71:C2:EF:7E:D0: [+] WPS PIN: '12345670' wlan1 z0:71:C2:EF:7E:D0: [+] WPA PSK: '9H3TDTH9HVCPDT7Y' wlan1 z0:71:C2:EF:7E:D0: [+] AP SSID: 'HOME-06B1-2.4' mon1 z0:76:00:1C:D9:C8: [+] WPS PIN: '12345670' mon1 z0:76:00:1C:D9:C8: [+] WPA PSK: 'i6bz7dd8s7haxt' mon1 z0:76:00:1C:D9:C8: [+] AP SSID: 'myqwest4681' wlan1 z8:39:44:5B:48:AC: [+] WPS PIN: '12345670' wlan1 z8:39:44:5B:48:AC: [+] WPA PSK: '003368f2006dd11b8b052f0995' wlan1 z8:39:44:5B:48:AC: [+] AP SSID: 'myqwest6322' wlan2 z4:E0:C5:03:D9:23: [+] WPS PIN: '00000000' wlan2 z4:E0:C5:03:D9:23: [+] WPA PSK: 'akDztnO2giB53LYSUr5JHUSQ4xJD78' wlan2 z4:E0:C5:03:D9:23: [+] AP SSID: 'SEC_LinkShare_f50c6f' So, try to imagine why reaver has failed to crack all these default pins...SIGNAL STRENGTH!!! the success packet holding all the gold just never made it to your machine and reaver reported a failed attack after long hours of work... to build a successful attack, all i need is a list of default pins and a directinal antenna... Bobs your uncle... PeWnND lol

if you install open3 successfully, post your install method... I never had any problems but can't remember my install method

I don't remember exactly. It looks like it cycles threw all clients... I tested it for about a minute... I should start a little tutorial on ruby automated wifi attacks... starting with a custom deauth attack using airebase... Thread.start{Open3.popen3("airodump-ng -w log -d wlan1")} This will start logging in plain text a csv file witch holds all the clients associated with a access point. All the information you need is easy access in ruby... just need to orginize everything and launch a attck of your choice...

i have done this before, using 2 cards, set one card to log the handshakes, and another card to deauth all clients... i spent some time scripting all this kungfoo and was apart of my script, but turns out, i found a simply way... airodump-ng wlan0 mdk3 wlan1 d (deauthenticate all clients from all access points)

I updated the script above, I didn't change mutch, you will notice on the reaver command -K 1It seems that reaver is attacking the chip driver, K 1,2,3... I would think reaver is capable of detecting the wireless chip and performing this attack with out even declaring -K I can't remember how I installed open 3.I believe installing Metasploit May include open 3 Gem install open3 Apt-cache search open3 there is a github I believe... You can require ' /home/some/git/clone/location/open3.rb' This device u posted, looks interesting... I'm interested in a device advertised on the kali home page, 'trim slice' runs on 12v.

Bluetooth sound bars are popular, would be fun to try and play porn in some ones living room...i don't think there is any security pins required... I have been thinking about this for a long while now... What about Bluetooth hands free device? Carwhisper comes to mind... record from a microphone or play a mp3 file threw the headset...

ill look into this pixie dust attack. I may put this on a github... ill clean it up and correct the output... currently works well when I place this script in my /etc/rc.local... just needs to wait for the drivers to load before the script starts... simply sleep for 30 seconds...

I decided to open this scriptlast night and launch this attack. (In a controlled test environment of course) in about 4 hours I have cracked 4 wireless access points... it really is a success! The way this algorithm controls reaver and can micro manage multiple alfa cards to quickly alternate threw a list of access points... set it and forget it... only need kali and a wifi card, the more the better! I really need to work on my presentation... EDIT: check the new script above and video

I made a correction to the title... the device is called stingray... And yes. What frequency would I need to transmit?

I have read a few articles about changes with law inforcment, witch require search warrants in most situations to allow use and logging of information gathered from a stingray... cell phone calls, text, etc My lame term(cell phone tower mitm attack) Can I build one of these? I would think the process is identical to karma like attacks...

You can rip wood down, cut a groove down The side to allow for plexy glass to slide in like building a picture frame... seems that cost is a big part of the project and with enough time on a table saw you can construct something affordable

wpa2 and wps pins have become harder to crack... wep does not exist... xfinity is not bad, i find it convenient because its everywhere... just dont look past whats simple... https://wifilogin.xfinity.com/start.php i have not tested yet, i would like to see this traffic redirected to a local machine, to see if a hand held device will still auto authenticate with my local server... i would love to see some plain text... maybe some iptables and a mitm proxy can get control of this traffic before its encrypted... it would be simple to produce a fake login page, but im not interested... the idea here is, "Auto connect and auto authenticate"

These xfinity hot spots are everywhere... there is so much to explain... I have a raspberry pi kali with 3 alfa cards. One card is associated with a xfinity open access point... at this time we are not yet authenticated with login.xfinity.com... with a second alfa card I will broadcast a encrypted access point for my home device's to connect to... some iptables will complete the configuration along with dnsmasq to issue local ip address to my device's... (I will post command line configuration later) And now the exciting part... when a device in my home authenticates with login.xfinity.com, this will allow all my devices internet access ;-) because this legit login will come from my raspberry pi... How so? when a paying xfinity customer is in range of a xfinity access point, there handheld device will automatically connect and authenticate with login.xfinity.com... How can I exploit this? I can use a 3rd alfa card to broadcast a open xfinity access point and some more iptables... only need one paying xfinity customer to pass by my house... Now, I can point a long range antenna broadcasting xfinity at a highway or a road lots of cars travel down ,-) Not much of a exploit, I don't have to tamper with the traffic... it just works

Lhost on your exploit handler should be set to your local ip... your router should port forward this same port and local ip When the exploit handler is running you should now see with a online scanner.. this is a TCP reverse shell?

Nmap -p 2 192.168.0.* You can scan for all ip address with open port 22 there was a strange situation I ran into, running ddwrt for my home router, I could not connect to my services if they were using wifi... frustrating problem with no explanation