i8igmac
-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
My wife got me the flip but I can't have it until xmas.
it will my web development machine. I think it will be capable of some older gaming. Counterstrike 1.6 warccraft III.
ill start off with a duel boot linux mint configuration with maybe gnome shell 3 for a nice looking tablet style interface.
Any one running Linux on a chrome book? Or specifically any one running linux on a asus chromebook flip?
-
5 hours ago, Bigbiz said:
Sounds about right
I miss lead these people to a improper math statement.
36**5 is doable as some one said above with a 1080ti would do this in 105 seconds.
Here is the answer to the original post.
asus@asus:~$ crunch 12 12 "0987654321ABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@
Crunch will now generate the following amount of data: 4362076160 bytes
4160 MB
4 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 335544320If you are only using Capital letters and 0-9 then only 4 gigs of data is generated.
how do you do the math when the 7th char is only 0-9 then 5 chars 0-9+A-Z.
36**5 = 60466176
60466176*10 ?
Educate me some one lol.
-
("0".."9").to_a+("a".."z").to_a+("A".."Z").to_a.permutation(6).each{|x| puts("0MGSM2"+x.join) }
save this one liner as file.rb.
test Run it like the 2 commamds below.
Ruby file.rb
or
ruby file.rb > OMGA.list
here is a modified version that for speed will save to a file.
g=File.new("OGSM.list", +a)
("0".."9").to_a+("a".."z").to_a+("A".."Z").to_a.permutation(6).each{|x| f.puts("0MGSM2"+x.join) }
f.close
The above should be quicker then the console method . But I haven't tested to confirm this...
there is no output for this method but you should expect to see something like this in your OSGM.list
Expected output
0MGSM0ABHXIN
0MGSM9ABHXIO
0MGSM8ABHXIP
0MGSM7ABHXIQ
0MGSM6ABHXIR
0MGSM5ABHXIS
0MGSM4ABHXIT
0MGSM3ABHXIU
0MGSM2ABHXIV
0MGSM1ABHXIWcrunch 12 12 "0987654321abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@
This should work for your crunch command. Its 79 gigs.
% = 0-9
@= a-z A-Z 0-9
And this one below is 4 gigs and maybe what your looking for.
crunch 12 12 "0987654321ABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@
-
1
-
-
post a example short list of what you expect to see.
A-Z
0-9
total 36 characters correct?
5 places of each random character?
5 to the 36th power
5**36=14551915228366851806640625
what's your performance of your gpu' s
if you had one 1080ti gpu and your cracking wpa with this word list. here is how many seconds it would take you to complete this task
((5**36)/580000)/(24*60)
=> 17423270148906671if you had one hundred 1080ti's here is the amount of time you need to complete the is process.
((5**36)/(580000*100))/(24*60)
=> 174232701489066wait. i think that's how many days you need to process this list...
-
its all automation like clock work. If you clone the site, you could easily add or modify this data before it gets sent out.
-
Ok. I have a idea. a proxy that clones the target or destination address.
Get /amazonDotCom
set toolkit-clone amazonDotCom
Provide fresh-cloned-new-response to the client.
There doesn't work on everything. Its doable.
Arpspoof is the best mitm tool I use. iptables to redirect all traffic back and forth on the network. Or from
Client <-> proxy-tamper.rb
wont be hard to do in bash. Automate what you want to happen. I can make This for you. I prefer ruby but I have worked with people befor that built half of a toolkit project build. direct message me.
-
1 hour ago, anao00 said:
Do I need to be locally present, close to the target?
If I set up rails in the middle on a webserver that is also running a DNS server and them make, somehow, the user use that DNS instead of the ISP's, could I temper a request from www.amazon.com and add something to the index.html page?
How could I possibly protect myself from that besides regularly checking my DNS to see if its the correct one?
I want to test that thing. I spent almost 2 days thinking about this and trying to figure out ways to make it work, and then how to make it not work on my machines. Haha.
For what you want to do. man in the middle vs amazon may be impossible for publicly available tools... you should learn this stuff. fallow a ettercap filter tutorial... follow sslstrip tutorials...
It might work if by chance the web surfer visits a out of date web server or if the advertisement on the screen uses http protocol or not encrypted traffic...
I have a video of doing exactly what your asking for. I made a mitm ruby proxy that would replace any executable with a meterpreter.exe during the download process. it would depend on the traffic being not encrypted or at least when sslstrip worked.
-
There might already be some man-in-the-middle tools that provide this types of technique.
To do this yourself will take research, it's not that hard to accomplish but also not that simple to explain.
The quickest suggestion I have is with a ettercap filter.
What I have done in the past with a ettercap filter, replace a html lstring like
</TITTLE> with your payload
</TITTLE><iframe SRC=rat.exe>
do research on ettercap. Learn what works and does not work.
-
1
-
-
if your learning python. don't use bash or pipes to grep your information. Get the information you need with python.
System('Iw dev'){ |input,output,thread|
write.input('type yes to save')print(output)
Print thread.pid.info
If thread.poop then
thread.kill.pid
End
}
This code is generic. check if python has a lib popen3. Write to stdin, read stdout, get pid and thread information. Use python to get the information you need.
-
I would use 'iw dev' (i think)all of the linux wireless networking software is a wrapper of `iw`
iw dev |grep -i grep interface.
System('iw dev'){ |line|
if line include?('interface')
puts line.split[1] #=> wlan
End
End
Just a ruby snip. what if you have multiple wireless interfaces. I would assume you don't want the one associated with a access point. So further system variable checks would need to be made...
I'm unsure of your plan. Automatic wifi attacks?
-
On 10/9/2018 at 1:15 AM, vailixi said:
For whatever reason the text file I ended up with had some extra carriage return or newline characters and crunch was counting some of those as extra characters so crunch was throwing errors. So I wrote a quick python script to write out all of the digits.
#!/usr/bin/python import sys l = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9"] for a in range(0, 9): for b in range(0, 9): for c in range(0, 9): for d in range(0, 9): with open("/root/Desktop/areacodes/one.txt") as f: for line in f: i=(line.strip())+(l[a])+(l[b])+(l[c])+(l[d]) print iIt took about 11 minutes to generate the list. 1,090,503,810 lines and a little under 12GB which is about 11% of the 10,000,000,000 lines and 102 GB that crunch would have produced. At any rate generating a rainbow table that size would probably take months so splitting it into lists with local numbers then generating the tables would probably be the way to go. I'll put the list of up for download like with my other wordlists because it took a little bit of work to put together.
python permutation might be faster.
Here is how i do it in ruby
[0,1,2,3,4,5,6,7,8,9].permutation{|x| f.puts(x.join)}
Edit this one produces the correct results.
[0,1,2,3,4,5,6,7,8,9].repeated_permutation(6){|x| puts x.join}
http://rubyfiddle.com/riddles/69c8c
Test the code with the link
I was looking at cuda libs for ruby to see if things can run quicker. You should check python for cuda libs.
-
Crunch.
./crunch 10 10 -t 206%%%%%%% -o /root/206.txt
206 Seattle Washington phone number area code.
Personal phone numbers and 1800-provider numbers are commonly used.
edit.. I didn't read the entire post.typically pipe the results to pyrite or hashcat instead of generating a file.
-
I was recording my network during the time of the mass alert text message. What I found is my current gps location, contacts list and phone operating system version and other device information was sent to a server with insecure plain text protocol.
This was a proof of concept alert(hello world) test. Direct code injection on a mass scale.
Ill post my findings on github.
-
1
-
-
Here is what I completed today. I do all my coding from my android phone to a remote server from when I'm sitting in 2hours of traffic to and from work. (The remote server is my debian router)
Syntax highlighting... its almost sublime text in the browser and android friendly. Sit down at any web browser or phone and start working on your project. I have a slick looking file tree already to go.
This will speed up productivity and eliminate the everyday struggles I experience with only having a phone in my pocket... cheers...
-
Ill give you some props here.
I also have been working on a router Front end.
debian based router. Rails server and bootstrap styles. this page shows a live stream of my current wifi signal strength in real time.
I plan to add basic wifi tools for network management and then exploit tools.
Live data stream from console applications is the proof of concept seen in the picture. this is a basic template I made I can now duplicate for other tasks like running reaver for example and see the live data stream at the front end.
-
1
-
-
This user is a drive by poster...
-
CONTENT COUNT 1
1 -
JOINED September 13
September 13 -
LAST VISITED September 13
September 13
-
-
im looking for a web browser ide that i could run from my current rails app that will provide a sublime-text style interface. currently my solution involves coding this myself ?
this is turning into a time consuming project before i even get to start my actual project. i hope to find suggestions that work out of the box for my rubyonrails/linux server.
it wont be a hard thing to do for a very basic file editor, but trying to incorporate all the basic needs and features like undo, file backup create new files, or session management.
god the list could go on for days.
so far i have 2 plug-ins that will do the majority of the work. jquery.treeView and Ace-Code-editor...
both of these would provide the basic look i need for a sublime-text environment ... but im struggling to implement treeView with rails...
any tips suggestions or ruby on rails fans have input. i appreciate your help.
-
Is this for a monero miner
-
Evga Gtx 1070 ti sc ($370)
I see online hashcat wpa/wpa2 almost 300,000 hash/s
I made up my mind... I'm getting 2 of these for sure, maybe 3...
I have this budget build at $630 x 2
I'm confident they will perform like top of the line rigs.
EVGA GeForce GTX 1070 SC GAMING ACX 3.0 Black Edition, 8GB GDDR5, LED, DX12 OSD Support (PXOC) 08G-P4-5173-KR
-
Here is a bench mark list i reorganized based on speed...
original list from 2017.
https://tutorials.technology/blog/08-Hashcat-GPU-benchmarking-table-Nvidia-and-amd.html
Radeon HD 4350 #1900 hash/s
Radeon HD 4550 #2000 hash/s
Radeon HD 4650 #8800 hash/s
Radeon HD 4670 #10000 hash/s
GeForce GTS 250: #10000 hash/s
GeForce GTX 260: #10100 hash/s
Radeon HD 5550 #10200 hash/s
GeForce GTX 275: #11400 hash/s
Radeon R7 240 #12000 hash/s
GeForce GTX 285: #13200 hash/s
GeForce GTX 550 Ti: #13400 hash/s
GeForce GTX 280: #14300 hash/s
Radeon HD 5570 #15100 hash/s
Radeon HD 4830 #15600 hash/s
GeForce GTX 460: #17600 hash/s
Radeon HD 5670 #18000 hash/s
Radeon HD 6570 #18100 hash/s
Radeon HD 4860 #19000 hash/s
Radeon HD 4730 #20400 hash/s
Radeon HD 4770 #20400 hash/s
GeForce GTX 465: #21000 hash/s
Radeon HD 4850 #21300 hash/s
GeForce GTX 670: #23700 hash/s
GeForce GTX 560 Ti: #24500 hash/s
Radeon HD 7750 #24700 hash/s
GeForce GTX 295: #25400 hash/s
Radeon HD 4870 #25500 hash/s
GeForce GTX 470: #26800 hash/s
Radeon HD 4890 #28900 hash/s
GeForce GTX 680: #29000 hash/s
Radeon HD 5750 #29200 hash/s
GeForce GTX 480: #33100 hash/s
GeForce GTX 570: #34609 hash/s
Radeon HD 7770 #38700 hash/s
GeForce GTX 580: #38900 hash/s
GeForce GTX 760 #39000 hash/s
Radeon HD 5770 #39500 hash/s
GeForce GTX 750 #42000 hash/s
Radeon HD 6850 #43200 hash/s
Radeon HD 5830 #52000 hash/s
GeForce GTX 770 #52000 hash/s
Tesla S1070 400: #53100 hash/s
Radeon HD 7850 #53300 hash/s
GeForce GTX 690: #54300 hash/s
GeForce GTX 750 Ti #55000 hash/s
Radeon R7 260x OC #56000 hash/s
GeForce GTX 750 Ti oc #56000 hash/s
Radeon HD 6930 #57100 hash/s
Radeon HD 6870 #58500 hash/s
Tesla S1070 500: #59000 hash/s
Radeon HD 5850 #60600 hash/s
GeForce GTX 750 Ti sc #61000 hash/s
GeForce GTX 590: #61200 hash/s
Radeon HD 6950 #68100 hash/s
Radeon R9 270 #70000 hash/s
Radeon R9 270X #77000 hash/s
GeForce GTX 780 #77000 hash/s
Radeon HD 7870 #77400 hash/s
Radeon HD 5870 #79000 hash/s
Radeon HD 6970 #81800 hash/s
GeForce GTX titan #88000 hash/s
Radeon HD 7950 #90700 hash/s
GeForce GTX 780 Ti #100000 hash/s
Radeon R9 280 #101000 hash/s
Radeon R9 280X #105000 hash/s
GeForce GTX titan black #105000 hash/s
Radeon HD 7970 #114600 hash/s
GeForce GTX 960 #115000 hash/s
Radeon HD 5970 #134000 hash/s
Radeon R9 380X #145000 hash/s
Radeon R9 290 #147000 hash/s
GeForce GTX 970 #150000 hash/s
Radeon HD 6990 #154300 hash/s
Radeon R9 290X #163000 hash/s
Radeon RX 480 #185000 hash/s
GeForce GTX titan Z #188000 hash/s
Radeon R9 390X #200000 hash/s
GeForce GTX 980 #200000 hash/s
Radeon RX 580 #224000 hash/s
GeForce GTX 980 Ti #240000 hash/s
GeForce GTX titan X #279000 hash/s
GeForce GTX 1070 #285000 hash/s
Radeon R9 295 x2 #347000 hash/s
Nvidia GTX 1080 #396800 hash/s
GeForce GTX titan XP #520000 hash/s
Nvidia GTX 1080Ti #576000 hash/s -
so, i talked my wife into letting me spend a bunch of money on building 2 gaming machines for our 2 sons ?
i plan to setup a gaming room. but also these machines will be used for hashcat cracking ?
the gpu i believe is estimated on the hashcat site at around 120,000 hash/s... at a cast of about $170 each...
i already have 2 gaming rigs, somewhat out of date but still excellent performers.
including my old machines, i estimate ill get around 300,000 hash/s with current shopping-list...
maybe ill sneak into the budget a new Gpu for my own Desktop rig...
comments suggestions, tips on hashcat gpu's... suggestions on bang for the buck...
i might revise the shopping-cart and lower the cost of cpu/motherboard/ram and free up more cash for a better performer Gpu.
maybe ill budget $100 on cpu...$40 on ram...$60 on motherboard... this could free up quit a bit for a higher end gpu.
i could bump up the budget per PC/gpu from $168 to $275
i could go side by side SLI configuration with a budget per card of $140 x 4 or so...
Sli or no Sli?
Shit i could even build one monster machine and make it a multi monitor Virtual gaming machine.
my amazon shopping cart sits right here...
Gpu $168 Gigabyte Geforce GTX 1050 Ti OC 4GB GDDR5 128 Bit PCI-E Graphic Card (GV-N105TOC-4GD)
Cpu $149 AMD Ryzen 5 1600 Processor with Wraith Spire Cooler (YD1600BBAEBOX)
motherboard $89 MSI Gaming AMD Ryzen B350 DDR4 VR Ready HDMI USB 3 CFX ATX Motherboard (B350 TOMAHAWK)
ram $79 Ballistix Sport LT 8GB Kit (4GBx2) DDR4 2666 MT/s (PC4-21300) SR x8 DIMM 288-Pin - BLS2K4G4D26BFSE (Red)
power supply $59 EVGA 550 B3, 80+ BRONZE 550W, Fully Modular, EVGA ECO Mode, 5 Year Warranty, Compact 150mm Size, Power Supply 220-B3-0550-V1
case $34 Rosewill ATX Mid Tower Gaming Computer Case, Gaming Case with Blue LED for Desktop/PC and 3 Case Fans Pre-Installed, Front I/O Access Ports (CHALLENGER S)
ssd $26 Silicon Power 120GB SSD 3D NAND S55 TLC 7mm (0.28") Internal Solid State Drive (SP120GBSS3S55S25AE)
Total $610 x 2 = $1220
Gigabyte Geforce GTX 1050 Ti OC 4GB GDDR5 128 Bit PCI-E Graphic Card (GV-N105TOC-4GD)
AMD Ryzen 5 1600 Processor with Wraith Spire Cooler (YD1600BBAEBOX)
MSI Gaming AMD Ryzen B350 DDR4 VR Ready HDMI USB 3 CFX ATX Motherboard (B350 TOMAHAWK)
Silicon Power 120GB SSD 3D NAND S55 TLC 7mm (0.28") Internal Solid State Drive (SP120GBSS3S55S25AE)
-
Did you generate a meterpreter_bind_tcp.exe
If you did, post the command you used
-
On 3/28/2018 at 1:07 AM, DarrenRainey said:
Hello everyone just though I would say my JavaScript network scanner project here : https://github.com/DarrenRainey/JavaScript-Network-Scanner
Currently I it will scan and fingerprint devices based upon what files exist or don't exist on the device and once it fingerprints or can connect to a device it sends a post request with the fingerprint such as the routers model, the internal ip address and the user-agent from the victims PC. This code could be embedded into any website and sent a victim for recon. Currently it only scans a few predefined ip address's in the test.html file but I plan to make it scan the local subnet automatically and report any found devices to the attacker web server.
The scanning code is based of lan-js with some custom code for identifying and sending the data to the attacker.
I forgot about this... I will test this tonight... it looks clean. I do hope to get some free time to produce some working examples related
-
Crunch password list
in Applications & Coding
Posted
Crunch will now generate the following number of lines: 335544320
The reason I asked for help with this multiplication. Crunch reports 335544320 lines and mathematically I can't prove this is accurate