Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

kerpap's Achievements


Newbie (1/14)

  1. hello I am trying to write a bash script that basically does this: calls aireplay-ng runs it for 5 minutes then stops aireplay then sleeps for 5 minutes I have something like this: while [ true ] do aireplay-ng -# # -a<MAC> -h<MAC> mon0 sleep 300 <somehow stop aireplay> sleep 300 done ive tried using kill a number of ways, ive tried calling xterm -e (aireplay) then try to close it from the script but nothing works any ideas? again, start and run aireplay-ng for 5 minutes stop aireplay-ng sleep 5 minutes then repeat.
  2. yup. I realized that just now.. this is my second pineapple. I remember that it was stuck to a card. thanks!
  3. I just unboxed my pineapple but I found no SD card in the box. is this normal?
  4. Hello everyone. I am building an xbee wireless sensor network and naturally the first thing that comes to mind is "How can I hack into it" I want to test the security of this sensor network as it will be integrated into a security system. has anyone heard of anyone pentesting 802.15.4 or had any experience in this? and now starts the googling!!!
  5. exactly how many amps does the pineapple normally draw? do we know the min-max? reason I ask is that I am developing a compact solar power supply for it and the solar cell generates 300mA the pineapple seems to run off it.
  6. I suppose I can also use firebug. I just really liked how easy the grease monkey script was
  7. So I am going to do a demo of session hijacking and my new laptop doesn't have the cookie injector script for grease monkey. it appears that userscript.org is down? can anyone recommend an alternative cookie injector? or an alternate link to the script?
  8. There is always more than 1 way to skin a tac I actually like this idea, I will try and whip up something. I can see a few ways of doing this in bash and python.
  9. I was really using the DHCP server as an example to help explain. I am just wondering if you can use broadcast addresses without being asked "Why" and having to explain. thanks for the feedback! I am going to try it out in a lab. I can see how it might be useful in some scenarios.
  10. lets say the environment you are in uses a DHCP server with a very short lease time. can metasploit payloads (for instance reverse_tcp meterpreter) be set with an LHOST= or the subnet broadcast address (i.e. LHOST= how would someone get around a short lease time with DHCP? I am going to lab this however I am just wondering off hand if anyone knows? the idea in this case is that the reverse shell connects to anyone listening. I am of course not referring to that specific payload. just in general. if my payload is set with LHOST= and when the payload gets executed, my address has already changed to the connection wont go through.
  11. Hello, I am thinking of taking the OSCP exam however I am wondering if you are able to download and keep the videos OR are they only available temporarily?
  12. I love that site. my office window looks right over the landing path of a major international airport and I like that FR24 shows the tail number, where it was coming from and pulls a picture of the aircraft out of a database. I have it open on my DT and watch for hours. (working of course) ;-p
  13. OMG Darren and Shannon should not have shown me the RTL SDR :-( its like half-life 2, oblivion, skyrim and WOW all in 1 anyhoo anyone can tell me how to listen to UHF/VHF in SDR#? im a radio noob.
  14. I use this one. the best IMO http://www.flightradar24.com
  15. on a Cisco switch, port security should not be configured on a port that a access-point is plugged into. now, if you are running your laptop via RJ45 to the switch and the switch port has port-sec enabled and the max allowed MACs is 1 than yes, the switch port will go into err-disabled mode when you use MAC changer. also, this is dependant on the violation mode that is set. by default it is shutdown. if restrict or protect the violating MAC address packets are dropped and the port wont go into err-disabled. (differance is restrict sends a log of the violation) most of the time though port sec is set to max-allowed 2 because for some reason, setting it to 1 will send the port to err-disabled from time to time. (not sure why, it was not mentioned in the CCNA-SECURITY curriculum. I just found it to be true in practice) with max allowed there is nothing to say which MAC addresses are allowed. so if max is 2 it can be any 2 and those can change. its max 2 at any given time. with sticky MAC you wont need to enter the allowed MAC addresses as they are dynamically learned. otherwise the admin would enter the MAC manually. with sticky MAC, if you use MAC changer and the max allowed goes over, than the port will go into its violation state. if sticky MAC is enabled and the max MAC addresses have not been filled than your spoofed MAC will be added to the list. Port security is really designed to prevent CAM table overflows which would turn the switch into a hub thus allowing you to sniff everyone's traffic. if you have a cisco switch, play around with it. lots of fun on a friday/saturday night!!
  • Create New...