kerpap

hello I am trying to write a bash script that basically does this: calls aireplay-ng runs it for 5 minutes then stops aireplay then sleeps for 5 minutes I have something like this: while [ true ] do aireplay-ng -# # -a<MAC> -h<MAC> mon0 sleep 300 <somehow stop aireplay> sleep 300 done ive tried using kill a number of ways, ive tried calling xterm -e (aireplay) then try to close it from the script but nothing works any ideas? again, start and run aireplay-ng for 5 minutes stop aireplay-ng sleep 5 minutes then repeat.

yup. I realized that just now.. this is my second pineapple. I remember that it was stuck to a card. thanks!

I just unboxed my pineapple but I found no SD card in the box. is this normal?

Hello everyone. I am building an xbee wireless sensor network and naturally the first thing that comes to mind is "How can I hack into it" I want to test the security of this sensor network as it will be integrated into a security system. has anyone heard of anyone pentesting 802.15.4 or had any experience in this? and now starts the googling!!!

exactly how many amps does the pineapple normally draw? do we know the min-max? reason I ask is that I am developing a compact solar power supply for it and the solar cell generates 300mA the pineapple seems to run off it.

I suppose I can also use firebug. I just really liked how easy the grease monkey script was

So I am going to do a demo of session hijacking and my new laptop doesn't have the cookie injector script for grease monkey. it appears that userscript.org is down? can anyone recommend an alternative cookie injector? or an alternate link to the script?

There is always more than 1 way to skin a tac I actually like this idea, I will try and whip up something. I can see a few ways of doing this in bash and python.

I was really using the DHCP server as an example to help explain. I am just wondering if you can use broadcast addresses without being asked "Why" and having to explain. thanks for the feedback! I am going to try it out in a lab. I can see how it might be useful in some scenarios.

lets say the environment you are in uses a DHCP server with a very short lease time. can metasploit payloads (for instance reverse_tcp meterpreter) be set with an LHOST=255.255.255.255 or the subnet broadcast address (i.e. LHOST=192.168.1.255) how would someone get around a short lease time with DHCP? I am going to lab this however I am just wondering off hand if anyone knows? the idea in this case is that the reverse shell connects to anyone listening. I am of course not referring to that specific payload. just in general. if my payload is set with LHOST=192.168.1.10 and when the payload gets executed, my address has already changed to 192.168.1.19 the connection wont go through.

Hello, I am thinking of taking the OSCP exam however I am wondering if you are able to download and keep the videos OR are they only available temporarily?

I love that site. my office window looks right over the landing path of a major international airport and I like that FR24 shows the tail number, where it was coming from and pulls a picture of the aircraft out of a database. I have it open on my DT and watch for hours. (working of course) ;-p

OMG Darren and Shannon should not have shown me the RTL SDR :-( its like half-life 2, oblivion, skyrim and WOW all in 1 anyhoo anyone can tell me how to listen to UHF/VHF in SDR#? im a radio noob.

I use this one. the best IMO http://www.flightradar24.com

on a Cisco switch, port security should not be configured on a port that a access-point is plugged into. now, if you are running your laptop via RJ45 to the switch and the switch port has port-sec enabled and the max allowed MACs is 1 than yes, the switch port will go into err-disabled mode when you use MAC changer. also, this is dependant on the violation mode that is set. by default it is shutdown. if restrict or protect the violating MAC address packets are dropped and the port wont go into err-disabled. (differance is restrict sends a log of the violation) most of the time though port sec is set to max-allowed 2 because for some reason, setting it to 1 will send the port to err-disabled from time to time. (not sure why, it was not mentioned in the CCNA-SECURITY curriculum. I just found it to be true in practice) with max allowed there is nothing to say which MAC addresses are allowed. so if max is 2 it can be any 2 and those can change. its max 2 at any given time. with sticky MAC you wont need to enter the allowed MAC addresses as they are dynamically learned. otherwise the admin would enter the MAC manually. with sticky MAC, if you use MAC changer and the max allowed goes over, than the port will go into its violation state. if sticky MAC is enabled and the max MAC addresses have not been filled than your spoofed MAC will be added to the list. Port security is really designed to prevent CAM table overflows which would turn the switch into a hub thus allowing you to sniff everyone's traffic. if you have a cisco switch, play around with it. lots of fun on a friday/saturday night!!

I am thinking of a 9v battery and a solar cell to charge it. so 2 solar cells total. during the day the pineapple will run off the solar cell while the 9v gets charged then at night the 9v will supply power to the pineapple. so this should be an interesting project. I am not sure how I am going to do this so we'll see

sorry the pic is high res so if you have 14.4k speed, it will take a while. here is a smaller pic

so far its a basic solar cell 5V 1400ma and the little DC plug. I got them at an electronics store. im sure Marvac or Radio shack has them. Fry's anywhere that sells componants. you can also most likely order online. the solar cell cost $30.

So, I like the Idea of roof top deployment. I also like the idea of a solar powered deployment. I am working on a project that will incorporate a solar cell and a pineapple juice battery pack. right now what I have made is a simple solar cell pineapple power supply shown below. I am in the works of prototyping a light sensor to switch over to the power pack when there is not enough sunlight. either that or just a transistor that will kick over to the power pack once the solar cell no longer produces enough juice. more to come! I will keep you guys posted.

Thanks for the feedback! cheers!

does your backdoor device support VPN? meaning could you configure an IPSEC tunnel to your attackserver.com server? or a router to the bdd VPN? I see potentially if this is possible, you could get a router and configure a VPN to the bdd. if you can do a little on-site packet sniffing you might enumerate what routing protocol is running. most likely OSPF and you might be able to add the router to the OSPF area which would be really cool because the router would have the whole network topology on it as OSPF is a link-state routing protocol.

Ive looked into offensive security. actually to correct myself from my previous post, I knew 1 coworker who was OSCP certified but was real secretive about it and has since moved away somewhere and I lost contact with him. I took a class in college called "Ethical Hacking" and I have also taken an online class of the same name but found them to be very basic. more conceptual and less hands on. sure we used NMAP and john and cain and able etc. but I never felt it gave me anything usable other than understanding the process of pentesing. ive been scared to take the OSCP course as it is a huge chunk of change but more and more lately I find myself leaning towards doing it.

No, I'm not going to ask "How do i become a pentester" what I want to know is How did YOU become a pentester? What is a good course of action to find a job with a firm that does pentesting? what/who might they be looking for? are there internships? what if your experience is limited? for instance I have done security testing with back-track/kali but mostly white box stuff as part of my roll in general security. I am mostly self taught. I want to get more experience and want to do this full time however it seems like a chicken and egg scenario where as in order to get a job pentesting I need experience but to get experience I need to have worked doing pentesting. OR I would have had to do black/grey hat type stuff. its not that easy to get access to a corporate network (legitimately) to practice on and practicing on my home network seems not enough. I would guess that a "job interview" would consist of a lab. "here is a laptop, get from point A to B and avoid detection" or something like that to prove you understand the basics of pentesting (recon, foot printing, exploiting, cover your tracks reporting etc etc.) maybe I am looking at it the wrong way I dont know. I dont know anyone else who even remotely comes close to being a "hacker" even within my peers at work. I know tons of people who can implement security solutions but none who can audit it strangely enough. I know a brilliant web coder and I asked him if he can help me audit web apps he said "I dont know how to hack". what have some of your experiences been?

in the GUI under the Karma sub-page 3rd tab over Karma config you will see SSID. the default is Pineapple_<last 4 of the MAC> change that to "Starbucks" if you are using the CLI the config file is /var/run/hostapd-phy0.conf scroll to the bottom you will see wpa=0 ssid=pineapple_123 <--edit this bridge=br-lan NOTE: dont go messing with the settings unless you know what you are doing. otherwise you'll have to flash the FW.