bobbyb1980

Screen is what you want. Should be installed on Ubuntu and Ubuntu server by default (if not sudo apt-get install screen). screen = Create new screen session CTRL-ALT-D = Detach session Then you can close the SSH session or let it die. SSH back in when you want to regain axx and type "screen -ls" and locate your session. Then type "screen -r sessionname" and viola.

I think for Reaver to function correctly with a spoofed MAC you need to change it on the interface (ie wlan0) and not on mon0.

I'm no big multinational company, but I'm not going to hire anyone I can't trust not to play around on Facebook all day long. That should be page 1 of the boss' handbook. IMO, if you need to treat your employees like children and say 'go here, don't go there, please work and don't play' then maybe you should re-evaluate what it is they do and why they're there. Pretty soon they'll be buying those knee high doggie doors to keep employees in their cubicles : P

Thanks Sitwon, I'll have a look at that later on today. Hopefully it's still compatible with pylorcon also.

I was wondering if anyone knows any alternatives to LORCON or pylorcon? I am looking for something that can send deauth packets (within python) or similar functions. LORCON only seems to want to work with madwifi-ng and my hardware doesn't support that. Any ideas?

I don't understand quite exactly what it is you want to do, but you shouldn't need a bash script to restart the program, python is fully capable of that. What is python supposed to be watching for MAC addresses? From first glance it would appear that all of what you posted could possibly go into one or more classes inside one program. You're indentation is also messed up, macwatch.py isn't going to run like that.

I had this problem a while back. If I remember correctly, there are several VNC payloads. The one that acted as a reverse shell (where the client connects back to you and spawns a VNC session) did not work for me either. There's a payload that spawns a VNC server on the target and allows you to connect to it. Since it sounds like you're working inside of a LAN that might be a better option for you.

That did it, thanks Mr. P! For anyone reading this, the solution is... reaver -i mon0 -b ... -p (put the pin it gave you here) -vv Then it should spit out the plain text pw within a few tries.

[+] WPS PIN: '24995764' [+] WPA PSK: '0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65' [+] AP SSID: '*****'

I tried converting it from binary and hexadecimal and python didn't seem to like that. Finally when I tried to convert it from base 16 python accepted it but spit out even more meaningless numbers. The syntax is int('what you want to convert', base (2 for binary, etc)). I'd assume it's base 16 but who knows. '0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65' is what reaver gave as the WPAPSK, what I want to convert. (Not so sure it's even convertible).

I tried that but I'm not so sure it's hex. I'm going to post it here. If anyone does anything malicious with it bobby will find you. IDLE 2.6.5 ==== No Subprocess ==== >>> int('0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65', 2) Traceback (most recent call last): File "<pyshell#0>", line 1, in <module> int('0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65', 2) ValueError: invalid literal for int() with base 2: '0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65' >>> int('0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65', 8) Traceback (most recent call last): File "<pyshell#1>", line 1, in <module> int('0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65', 8) ValueError: invalid literal for int() with base 8: '0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65' >>> int('0adc817f71464835a414b7fe4182473c9780b64dc238f3534924bd1b6db69d65', 16) 4912728601205072471650314642361117843458354680102371230006898230960697285989L

Nope, I get a bad password error... anyway to use this WPS pin to my advantage?

After looking at a few reaver tutorials it appears that I am supposed to get the WPAPSK in plaintext, but reaver is giving me a 64 character WPA-PSK which does not appear to be what the average user would input into the password field... Any ideas?

Couldn't tell you bud. I can say that Ruby and Python are very similar to each other. I know some python and I can read ruby pretty well, I'll even edit some meterpreter scripts when need be. I'd imagine that many of the concepts that exist in python and ruby are present in Java also as they're in the family of OOP. Don't not learn a language because you're worried about bad habits. I don't think you'll pick up any bad habits in python or ruby anyways, I believe it's javascript and some of the languages primarily used in web design that are associated with bad programming habbits, but that's just what I've heard through the grapevine, don't know if its true or not.

Hey guys. My internet is running ultra slow today making googling a pain and I have a question that I am hoping has a simple answer. After like 8 hours Reaver finally cracked my router's WPS pin. My question is now how do I connect to this router with said pin?

I should probably also mention digininja's GAWN paper as I haven't seen it or anything like it mentioned here before (http://www.digininja.org/gawn_gold/). By the time you finish this paper, your knowledge of wifi will be comparable to that of the creators of the aircrack-ng suite. You need to have a working knowledge of python and/or ruby before you start it, and it's a lot of in depth stuff you'll need to actually study and not just read once over and copy paste commands, but it basically teaches you to do manually do the functions that aireplay-ng or airodump-ng would do using python and ruby. It also teaches you how to manually manipulate frames or "speak" to a router in "router talk" and you can take that a step further and develop your own concepts from there (which is how I assume he created Jasager).

Google has some very well written tutorials (not google docs). forums.devshed.com also seems to be a pretty helpful community of programmers.

If you google the terms you just mentioned + aircrack-ng + tutorial it will provide a wealth of information on the topic.

Your success rate for cracking WEP with a strong signal should be high, like well over 80%. Be sure to use all the different attacks (chop chop, fragment, -p0841). One should work. Also remember that if a router sends you deauth packets that doesn't necessarily mean the attack won't succeed, WEP is very insecure. Your success rates for capturing handshakes on AP's with a strong signal should be 100%. For me, more often than not airodump-ng doesn't tell me I captured the WPA handshake which can be misleading. You can open up the capture file in wireshark and run the following command and you should see 4 packets, then you know you have it. Don't be shy with the deauth packets either. eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08

A year or so ago a cute girl told me she was having computer problems so like a true IT player I offered to fix it for her. She was a real girl next door type, quiet and shy. I was backing everything up and found very graphic pictures involving her, no clothes, a mirror and a carrot. That was pretty awesome, we're friends now and I've never mentioned it. I've actually fixed a lot of girl's computers and found naked pictures of them (some more graphic than others), they don't really hide them either. The torso breast from the neck to the waist line seems to be the most common. I think it's pretty common.

This is indeed some sexy code : ) : ) Thanks again Jason!

Jason! Thanks bud, that works awesome! Who would have thought it was just writing proc.stderr, heh. I still haven't perfected this, but I read on google's python tutorials that when using regular expressions it's best to iterate and then put an if statement after, so I altered your code a bit. When I have more time this evening I also plan on throwing in another if statement so duplicates are ignored and also a few lines to match up AP names with MAC addys. But thanks again Jason, I owe you a beer! import os import subprocess import time import sys import re mac_list = [] proc=subprocess.Popen(['airodump-ng', 'mon0'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, executable='/usr/sbin/airodump-ng') time.sleep(2.5) searchmac_string = re.compile(r'([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}') for x in proc.stderr: a = searchmac_string.search(x) if a: print(x[a.start():a.end()]) mac_list.append(a) sys.stdout.flush()

Yeah, I personally don't do much pineapple style stuff but I guess it'd be good practice that if you do, you probably shouldn't keep copies of cloned pages on the drive unless they're being actively used. In the near future, I think at airports around the globe they're going to start doing more hard drive checks and not many legit purposes for a cloned page.

Hey Jason, thank you for your help! Unfortunately I tried that and results are all the same, as soon as Popen runs airodump-ng, the command just takes over the terminal and it's like the code beneath the Popen line doesn't exist. I'll try to throw in a terminate process line but I'm sceptical about that also. I was thinking that if it does indeed write to stderr, I could try to pipe stderr to the input of another program and see if it can be read like that.

Thanks Sitwon, that did solve the problem, I'm not getting the interface not specified error anymore but now it's just hanging like the other ones. Looks like my options are to either parse the csv file or find another program similar to airodump-ng to read output from as this method won't work.