C0de_Expl01t
-
Posts
5 -
Joined
-
Last visited
Posts posted by C0de_Expl01t
-
-
Pineapple is easy to use. Whatever government you are associated with should contract myself or someone more experienced if you yourself clearly do not know to fully utilize it.
Pro Tip: Do not insult people who give responses about legalities when it seems that you yourself have no clue on how it works. If you are actively doing the 'investigation' you need the proper warrants and paperwork to essentially 'wire-tap' the individual/s.
If you are doing it in a lab environment as 'training' then you are fine, given all parties have given a form of consent to allow such activities to take place on their connections.
Also in order to get into gmail/facebook (sounds like you are some amateur wanna be hacker, based off of your 'leet-speak' username and specified interest in gmail/facebook with poor spelling.) you will need to circumvent the SSL that is in place on most logins. You would probably have more success with using social exploitation, a legal warrant to get the account information, or learn how to properly MITM.
Also, the Jasager/Pineapple project can be done with a laptop with multiple wifi cards or one wifi card with 1 LAN card, and an internet source. It can also be done with ANY router and sniff the traffic with a laptop being the MITM (Although this method will not 'trick' users to connect to it).
ok, so let me type slowly this time to avoid the spelling mistakes.
the law enforcement side of things, well i am not doing this, this is a requirement of the project. in any case... just out of interest, this internet cafe is doing 419 scamming (Nigerians)when you provide google with a warrant they have to give the account holder a opportunity to respond to this claim, and this is where the case get compromised. The 419 scammer can then delete/change the evidence... hence the law enforcement agency want to intercept the transmission without anybody knowing about this.
** so i guess somebody is going to say something about this now again, so let's forget side of the story. **
i dont care if it is legal or not, i despise these 419 scammers, so i will assist them in getting there device to work.
just so that you know, i am not involved in the investigation, at all. i am just assisting them... enough said.!
i know the jasager project can be done with a laptop and any wireless AP, i used this about a year ago...
"(Although this method will not 'trick' users to connect to it)" that is why i have suggested the pineapple.
i already have this device working and can see all the traffic, it is being routed trough a notebook, so all the clear text passwords are being captured. i use cain and wireshark to get this info.
my main question was around hamster and ferret.
"(sounds like you are some amateur wanna be hacker," whateva whateva whateva.... and again you have to attack the person, you start of in your pro tip to say ... do not insult people... and what do you do ?
My goal was to setup a Certificate service that will offer a fake cert to the victim, .. to decrypt the SSL connection and the encrypt it again...but i will look for the answer on another forum, clearly you guys are only interested in the person and the nic, but not the question at hand.
-
Pineapple is easy to use. Whatever government you are associated with should contract myself or someone more experienced if you yourself clearly do not know to fully utilize it.
Pro Tip: Do not insult people who give responses about legalities when it seems that you yourself have no clue on how it works. If you are actively doing the 'investigation' you need the proper warrants and paperwork to essentially 'wire-tap' the individual/s.
If you are doing it in a lab environment as 'training' then you are fine, given all parties have given a form of consent to allow such activities to take place on their connections.
Also in order to get into gmail/facebook (sounds like you are some amateur wanna be hacker, based off of your 'leet-speak' username and specified interest in gmail/facebook with poor spelling.) you will need to circumvent the SSL that is in place on most logins. You would probably have more success with using social exploitation, a legal warrant to get the account information, or learn how to properly MITM.
Also, the Jasager/Pineapple project can be done with a laptop with multiple wifi cards or one wifi card with 1 LAN card, and an internet source. It can also be done with ANY router and sniff the traffic with a laptop being the MITM (Although this method will not 'trick' users to connect to it).
ok, so let me type slowly this time to avoid the spelling mistakes.
the law enforcement side of things, well i am not doing this, this is a requirement of the project. in any case... just out of interest, this internet cafe is doing 419 scamming (Nigerians)when you provide google with a warrant they have to give the account holder a opportunity to respond to this claim, and this is where the case get compromised. The 419 scammer can then delete/change the evidence... hence the law enforcement agency want to intercept the transmission without anybody knowing about this.
** so i guess somebody is going to say something about this now again, so let's forget side of the story. **
i dont care if it is legal or not, i despise these 419 scammers, so i will assist them in getting there device to work.
just so that you know, i am not involved in the investigation, at all. i am just assisting them... enough said.!
i know the jasager project can be done with a laptop and any wireless AP, i used this about a year ago...
"(Although this method will not 'trick' users to connect to it)" that is why i have suggested the pineapple.
i already have this device working and can see all the traffic, it is being routed trough a notebook, so all the clear text passwords are being captured. i use cain and wireshark to get this info.
my main question was around hamster and ferret.
"(sounds like you are some amateur wanna be hacker," whateva whateva whateva.... and again you have to attack the person, you start of in your pro tip to say ... do not insult people... and what do you do ?
My goal was to setup a Certificate service that will offer a fake cert to the victim, .. to decrypt the SSL connection and the encrypt it again...but i will look for the answer on another forum, clearly you guys are only interested in the person and the nic, but not the question at hand.
-
If you're "assisting law enforcement" they should be able to get a warrant from google directly, and they can send you the passwords so you won't have any need to illegally steal cookies.
Is this where all those billions of government spent techonology dollars go, to guys like you to come on Hak5 to ask if Ferret & Hamster works for session hijacking?
WOW nice reply!, clearly you know nothing about law enforcement! or what we want to achieve with this. and you don't even have a clue what government i am assisting. So if you cannot post anything positive or relating to the topic, please keep your pie hole closed!
By the way, this government agency bought 6 pineapples from hak5 , but they struggle to get them to work, That is why they got me involved.
-
Greetings to everybody that is reading this tread.
I recently got my hands on a wifi pineapple v1.
i configured it inthe following way..
my laptop ethernet interface 192.168.137.10/24 and the wifi 192.168.137.1 this is to route all the traffic trough my laptop
my internet connection is trough my wireless so i get all the traffic from the ethernet and pass it onto the wireless.
i got this all working an can see all gthe traffic in wireshark...
So now i am sort of stuck at Man-In-The-Middle atack...
with my other projects i used firesheep and cain to get all the session cookies...
Before i ask my question let me state that i am assisting law enforcement with a project.
This is what i want to achieve.
i need to get access to the cookies/sessions .. i need to be able to log into their gamil/facebooks accounts.
Here is my question:
What will you use to steal session information
Does ferret and hamster still work ? or is there new tools that is being used.. to get this information.
I am still reading and watching videos in this matter, and must say that the majority of them are still referring to hamster and ferret.
now i know that firesheep does not work on gmail and facebook anymore.
i am just pushed for time, that is why i am asking this quesiton
regards... Oh and nice site... i really enjoy the videos
First Time User Usb Rubber Ducky
in Classic USB Rubber Ducky
Posted
My ducky arrived today and i got the same error/condition.
I had a red flashing LED, i then formatted the SD card and tried again... Now i got a Green pulsing LED.
funny enough i also typed the same hello world example. i then used the duckencoder to encode it to inject.bin into the root of my ducky..
i then took it to a windows 7 machine.... nothing , i tried this 4 times... the device is recognised but nothing run... no notepad..
i then tried a windows XP system, nothing...
i also tried a server 2008. again nothing,..
nothing seem to run. and i am following the "quack guide"
VERY SAD!!
is there anybody that can help...?
it will be appriciated.!!!