bobbyb1980

In response to digip, I wonder if having devices like this is considered illegal. I know in some places it is considered illegal to have cloned copies of webpages.

The way I learned was just by diving into it. Open up a terminal (applications - accessories - terminal for Ubuntu based distros) then try navigating to where you keep your files. Then try to make a directory, then try to delete it, and think of any task you can in the GUI and try to do it from the cli. Like Mr. P said, if you study a little bash programming, it will bring you a very long ways in Linux because the shells are bash based.

Thank you for the response Jason, however I was trying to avoid using that method. Sitwon, I tried what you said and every variant of and the closest I can get is a 'no interface specified' error from airodump-ng. When playing with stdout and stderr and when the code is run from a bash shell it just hangs infinitely. Results are a little different when run from the interpreter but regardless still not working. The error I am getting is from popen and airodump-ng is not seeing the "mon0" on the end of the file, all the actual bash shell is seeing is 'airodump-ng'. Looks like a problem with blank spaces or the way that python is passing the code to the bash shell. I'm going to paste the code below, to verify that the pipes were redirecting properly I ran this code and then iterated the output and python can see airodump-ng's output in this form but now the problem looks like it may be with bash. I've also tried all the other combos I know of formatting the Popen expression and they all yield the same results. Any ideas what that could be? r, w = os.pipe() proc = subprocess.Popen(['mon0'], stdout=os.fdopen(w, 'w'), stderr=subprocess.PIPE, shell=False, executable='airodump-ng' ) time.sleep(2.5) client_out = os.fdopen(r, 'r').read() for x in client_out: print(x) The output of this code will display a "no interface specified" error...

Thanks Sitwon! Once again, that works! I'm having another little hiccup I was hoping you'd be able to assist with. I have airodump-ng writing to a fifo but the problem is, is when I run my code from the terminal it writes the airodump-ng output to the terminal. IE- as soon as the 'airodump-ng mon0' command is run it's like the code beneath it doesn't exist and airodump-ng takes over. I've tried playing around with stdout but that doesn't seem to be the issue. The goal of this code is to execute airodump-ng, let it read the airwaves for 3 seconds, then extract all mac's from it's output and put them into a list for further usage. Any idea what's happening here? The code seems to work with anything that isn't airodump-ng : ( Should I be researching xterm? mac_list = [] r, w = os.pipe() proc = subprocess.call(['airodump-ng', 'mon0'], stdout=os.fdopen(w, 'w'), ) time.sleep(3) client_out = os.fdopen(r, 'r').read() iterable = client_out.split('\n') searchmac_string = re.compile('([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}') for x in iterable: a = searchmac_string.search(x) if a: print(x[a.start():a.end()]) mac_list.append(a)

Sitwon, I am trying this, but the following is the only method I can get to return results. searchmac_string = '([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}' for x in iterable: a = re.compile(searchmac_string).search(x) if a: print(x[a.start():a.end()]) When I change this, and place the variable "a" outside of the for loop the iteration does not complete properly. Would that be cause it uses a variable outside the scope of for?

Thanks a lot for the help Sitwon! Got the named pipe concept down and playing around with it to get airodump-ng writing to it : )

Thanks for another great explanation Sitwon! I definitely owe you a drink! Up until now I haven't really been copying that much code but the thought has crossed my mine. I do however read a lot of other scripts then I can use different methods of doing what they do to accomplish the same task (ie wifite-ng used find to look for mac addys, I use regex. It iterates airodump-ng from an output file whereas I'll iterate it from a named pipe, etc. Hopefully that's alright. It is surprising to know that Python coders like to code cross platform. I would have figured that most are linux people with a firm anti-Windows stance like most in the security community : P I have a question I was hoping you'd be kind enough to answer. I have been reading a lot about regular expressions (Google has some GREAT python documentation!) and I have figured how to find IP's, but it's returning more than I am bargaining for. I'll show you and example and please let me know if I'm doing this whole process right and if the comments of my understandings are correct. The goal of this code is to locate IP addys within the output of ifconfig. def getIP(): proc = subprocess.Popen(['ifconfig'], stdout=subprocess.PIPE) #pipes ifconfig output to stdout stdout_value = proc.communicate()[0] #communicates stdout to generator object iterable = stdout_value.split('\n') #removes \n's from generator object and makes iterable (?Not really sure if it makes gen obj iterable but python wont iterate properly without stripping it) get_ip = r'\d+.\d+.\d+.\d+' # Intended to match 4 consecutive numerical groupings of any size separated by periods for x in iterable: # begins iteration a = re.compile(get_ip).search(x) #compiles search string and searches iterated objects if a: print(x[a.start():a.end()]) #if the search string is matched print what was found ip_list.append(a) The code works, it will identify what I need it to, however I also get some extra garbage that I can't seem to get rid of. Here is the output of the file. 127.0.0.1 192.168.161.1 172.16.178.1 192.168.1.2 1562839 1347534 1344840896 I can't seem to shake those numbers at the bottom. Any idea what is happening here? It also won't find the same set of characters twice, ie it will locate 192.168.1.1 but it will not locate 192.168.1.255.

Sitwon! Thanks for the informative response, it's nice to read answers to these questions! About classes, I'm still learning the concept of classes, I actually just started the introduction to classes part of my book yesterday. To my understanding they are data structures of functions and used for program organization. I'm still not quite there yet to the point where I can incorporate the concept of classes into my programs (well, not programs, better said random groups of functions!) but I hope to be soon. In regards to regex, yes, per your advice I have changed and it is much more versatile than using find() and 10 times more versatile than using line[x:x] == 'searchstring' to match patterns. On the negative side it's not the easiest module to use and takes a little getting used to : ( I've figured out how to make it ID mac addresses but I'm still working on making it identify IP addresses. Dude, mannny thanks for the fifo pipe advice. I haven't had time to read in depth into this concept but this weekend I am going to and will definitely share my findings. From what I have seen, there are no python programs out there yet that use this technique of parsing output and I hope to be the first! I have a question for you on the ethics of coding Sitwon. My book constantly talks about writing code so it can be easily read and reused by others. I assume it's "ok" for me to use other's code? I mean... some things are a little over my head, but if I copy paste them from another program, I can usually catch on to what it's doing and figure out a way to rewrite it so it looks like I did it and didn't just copy and paste, but from what my book is telling me it's ok to just copy paste code from other open source programs? Coming from a capitalist environment, this concept isn't heavily accepted and I want to make sure it's ok hah : P

First off, I'm still a n00b when it comes to python, well computers in general, so don't mark what I say in stone. To my knowledge, regex is going to be faster because it uses C libraries or is somehow based on C. From what I have read C is always going to run a little faster than Python as it's already compiled (ie - the apache server w/java applet attack is going to be smoother than the python server w/java applet attack as apache is written in c). Regex is also a lot more versatile. Find is only going to match characters where regex is going to match character patterns. I haven't messed with wifite-ng in a few weeks, but from what I remember, it had a little difficulty capturing WPA handshakes because it only sent 3 deauth packets one time then just waited. Perhaps the probability of a successful WPA handshake capture might increase if deauths are sent every minute or more than one time. Another issue that this script has it that it's writing the output of airodump-ng to a file. While this isn't an 'incorrect' way of doing it, there are other ways you can pipe stdout so that you don't have to write to a file (which should also be faster) and it's more of a linuxy way of coding the function. If you look in the thread I made in the applications and coding forum Sitwon gives an explanation of how to code this.

I've been doing a lot of stuff similar to this lately. Sitwon was nice enough to give me some advice in a thread I made in the application forums. It appears that this script is heavily reliant on "find" which I have been advised not to use. I rewrote one of the functions to use regex which will allow much more versatility when parsing info. I'll have to time it to verify but I think it's faster also. def getmac(): proc=subprocess.Popen(['whatever command u want to run'], stdout=subprocess.PIPE) #executes process vis=proc.communicate()[0] #communicates w/generator object readable = vis.split('\n') #divides into tupples searchmac_string = '([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}'#searches for 6 consecutive pairs of hexdecimal characters for x in readable: # iterates through generator object a = re.compile(searchmac_string).search(x)#compiles search string if a: #if search string is found, will append it to list and print out for humans to read print(x[a.start():a.end()]) TARGETS.append(a)

Really, thanks for your help Sitwon, not easy finding info on this stuff. I hope I can trouble you for another question or two : P I assume by the amount of info you know about Python that you're familiar with it. I've found that for a lot of what I'm doing, mainly wifi stuff, I use subprocess a lot and I parse a lot of data (from output files). For example, I'll use subprocess and Popen to run airodump-ng, then I'll iterate over the output file looking for MAC's or IP's or what have you and take the findings and append them to a list or dictionary for later use. Could you recommend and module packages/concepts that I should be learning to assist me in these types of operations? This is also a problem I've been having for a few weeks now. I want to parse output from airodump-ng but I'd like it to run "in memory", ie no output file, this just seems like a more "Pythonic" way of doing it since in theory I could read and iterate over simple files in bash. I've gotten airodump-ng to pipe it's output to stdout I believe it was, but when I try to iterate over the output (using both for and while, the output is in the form of a human readable tupple) of airodump-ng it always finds nothing. Can you recommend any modules or concepts that I should study to get around this? Once again thanks for your help.

It's like that here. Funny to see internet cafes running custom Linux distro's w/hacking documentation laying around everywhere in the middle of a 3rd world village w/no pavement or running water : P

I read about the mall using phones to track customers. They setup a lot of antennas with the confines of the mall, normal urban and rural areas do not have coverage like that mall experiment did. In theory, for someone to track 3g movements, they'd have to track it first from the telco's towers, then setup a bunch of their own antennas in that 50 meter area to further track it. In my apt building there are 6 - 12 apts in any given 50 meter area. You could always get several SIM's or different modems and interchange them for further anonymity and obviously you keep it off when you're not using it. There have been plenty of cases where the FBI has gotten people for using stolen wifi. Also where I am, WEP is rare and you wouldn't be able to depend upon being able to crack wifi wherever u go. I guess we'll have to agree to disagree, I personally feel that it is more difficult to resolve a physical location from a 3G + VPN/TOR based connection than a wifi + VPN/TOR based connection.

Wow, thanks for all that info Sitwon! I have to say, info regarding this stuff does not seem very easy to come by. Currently I'm reading Python by Mark Lutz and it's a good read and I try to stay progressing everyday. Can you recommend any books on C? What about Java? I know that Java is a pretty commonly used programming language, would you consider Java similar to python in the way C is similar to python? Would you recommend learning C or Java after python?

digi - I understand what you're saying but it appears that the vast majority of your argument is based on speculation. 3G is not GPS. At least publicly, there is no central 3g tracking center designed to give coordinates on all 3G users. The goal of using 3G is to limit the probability of someone finding your PHYSICAL location As you mentioned, if I were interested in hiding traffic or preventing traffic from being sniffed, all I would need is to connect to a VPN via 3G. You are incorrect about "them" being able to track your movements. Assuming wikipedia provides correct info, in a best case scenario they'll only get up to 50 meters accuracy of the location of the modem. As opposed to hacking over a landline? And they can't do this on landlines? It's actually much easier for them to do this on landlines, no? Once again, it would be easier for LE to do this if you were using a landline... and once again, the goal is not hiding data, it's hiding a physical location. I have a question, are you aware of any cases where someone's physical location was tracked down from using 3g? I am not. I am aware of MANY recent cases where physical locations were determined, even though the target was using wifi + VPN/TOR. If FBI affadavits tell us nothing else, they tell us they have the technology to determine the physical location of someone using TOR/VPN who is connecting from a landline. Not saying 3G is a sure shot way to hide your identity, but it seems LE isn't quite there yet.

You can't get viruses from watching hak5. Reinstall windows on all ur machines and try again if you really think theyre infected.

In theory one would be able to insert a USB drive or Rubber Ducky and get it to deliver a meterpreter payload that has a listener setup with "run keyscan_start" to autorun in the options setting of the listener.

digi - I don't really understand what it is you're saying. While google can trace wifi signals on phones accurately, to my knowledge 3G runs on completely different frequencies with different properties. Don't a lot of those phones have GPS devices embedded also? Read this paper on geolocating IP's on 3G networks. www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCQQFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.210.2072%26rep%3Drep1%26type%3Dpdf&ei=Ut2ST_3EN46Jtwfk-eG1Cw&usg=AFQjCNGzseTqbg_1gEj0LTXyxxMMc5S8fA If you skip to section 6 in the conclusion part, it basically says that accurate geolocation using IP addresses on cellular networks is near impossible. While it still would be possible to triangulate the signal to get physical location, wikipedia says that is only accurate up to 50 meters in urban settings and even more inaccurate in rural settings. http://en.wikipedia.org/wiki/Mobile_phone_tracking "Advanced systems determine the sector in which the mobile phone resides and roughly estimate also the distance to the base station. Further approximation can be done by interpolating signals between adjacent antenna towers. Qualified services may achieve a precision of down to 50 meters in urban areas where mobile traffic and density of antenna towers (base stations) is sufficiently high. Rural and desolate areas may see miles between base stations and therefore determine locations less precisely." I also noticed in the affidavits I've read that the people the FBI are catching, they aren't using 3G. I'm not very knowledgeable on this topic so take what I say with a grain of salt, but I've heard through the grapevine that this type of technology is pretty advanced and only used in the upper echelons of federal agencies and the military, IE, you'd have to do something really really bad for them to come after you with this technology. And even if they do, just take the SIM card out of the 3g modem when you're not using it and there is nothing to trace.

Or you could take that same prepaid card and buy a 3g modem (obviously don't put any of your real info on any papers). When they trace GSM signals in urban environments their accuracy is about ~50 meters, which means if you were in an apartment complex they'd literally have to search a 50 meter radius in the complex which could mean 10 or 20 diff apartments, which 9 times out of 10 they won't do as it would completely give themselves away. I'm also going to guess, that at least US law enforcement, isn't going to use this type of technology to trace cell phones to physical locations for cases that aren't related to drugs or terrorism. The FBI has very strict protocols they must follow to indict someone. These protocols, thanks to anonymous, are public info. If one were to read them one could see how to avoid detection... Its funny that anonymous and all those groups were mentioned in this thread. I've never said it before but personally I think they're some kind of trap, I don't know. All I know is that the hackers that I've met IRL over the past 5 years or so, I've never had a conversation about politics with any of them and they definitely weren't hungry for any type of attention.

Hey guys. I plan on starting to learn C. I've been doing Python for a number of months now and it has been very rewarding for me. Do you guys think that C is harder/easier than Python, or are they just different? The Python book I have makes a lot of references to C. Should I start with C or C++ or does it make a difference? How long should it take to become an intermediate C programmer, 6 months, a year? Lately I've been writing some rinky dink programs, I still have a looot to learn but I made a few modules to deauth people from AP's and try to detect rouge AP's and make a DNS entry on bind9 where u just type the host and IP and run the module and it automatically writes the zone files without having to go through the obscure process of adding zones. I'd be using it for stuff like that, mainly various pen testing applications. Thanks.

I read the FBI affidavit on Sabu... it seemed that they actually pinned all that stuff on him from setting up a device similar to a pineapple outside his home and verifying that it was indeed his MAC addy connecting to his router where they were able to see he was connecting to TOR. If the dude would have just spoofed a MAC or set it to a random one everytime the machine booted and leeched off of his neighbor's wifi, then they wouldn't have been able to catch him (using their rules of engagement, or it would have been much more difficult). I'm not saying it's right to do that, I'd never do that, but come on, if you're gonna hack gov contractors you can't just connect to your home router and jump on TOR thinking you'll be protected.

I've been doing an hour or two per day of Python for 6 months or so now and while it is extremely time consuming I have to say it's been worth it. I bought a giant 1100 page book on it and just work through that. I plan on starting C after this book. It's pretty amazing how versatile it is and the amount of applications it has, from security software to financial forecasting to google and youtube (which are both mostly C based and Python). I think from doing it, it has also taught me to view a lot of tasks in a different light. I think what language to learn really depends on what you want to do with it.

Good topic, I've been wondering the same thing for a while and it seems relatively straight forward. I'm going to give it a shot this week.

Hey guys. I was cleaning up around the office today and started asking myself why I don't encrypt all the data I have stored. If someone were to break in all they'd have to do is plug in a hdd and they'd have my life's work. I currently have my home folder encrypted, but something tells me that isn't enough. I keep my sensitive info stored offline on a usd hdd, but I'd like to double up and put some type of password or encryption that will make it difficult if not impossible for someone who isn't me to read. Any advice for encrypting info on a linux machine? What's your setup? Thanks.

I saw one of these the other day. Thanks for posting the links, I'm going to build one as soon as I get some spare time. Will update as to how it goes.