anode
-
Posts
197 -
Joined
-
Last visited
-
Days Won
3
Posts posted by anode
-
-
-
There are powershell keyloggers out there. And other high level lang. versions. (check github)
Find one you like and doesn't get flagged.
make a duckling to download or 'type' the logger
set reg key to run at boot
use schtask to set a scheduled task to run a powershell file to gmail it.
(if windows is target OS)
We're hackers; we learn. (usually by beating our heads against walls, and by too many failures.)
-
I can't log in the normal way.
It keeps telling me to use a valid data for my name.
I have to use the lost password option to reset and get in.
Thought it might be a FF add-on issue, but same in Safari.
Edit: nevermind. lol It needed email as username
-
Already been fixed. Seems it was just a bug in the FireFox add-on
-
wget -r <website> ?
-
Use hashcat. (will do CPU, GPU, or a combo of the two) It will restore if you want to stop it and pick it up again later, and doesn't need a file for a bruteforce.
But a dictionary attack with some rules would be best for a WPA password. Not too many people will use a big random passwords for WiFi Its usually pretty easy to remember.
Phone numbers and rockyou.txt have gotten me hundreds of PWs
-
Pay for it. It will still be a magnitude slower then your ISP.
Look for lifetime deals. Can find them from time to time for like $30 US.
I also say find the deals for 2 different VPNs. Nice to have a back up
-
About a fat year ago, a lot of cars were broken into, just like you described. A small device opens the door, without setting off the alarm. But can't start the car. If memory serves me right, its a relay attack, where a device picks up your fob, then relays it to the car.
-
I'm having some issues with hydra with a http_form_post
Using a:
"/Default.asp?bhcp=1:textfield=^USER^&textfield2=^PASS^:F=Invalid"returns a valid password for every try
Changing the F: to a S: then fails on every try (when there is one correct PW 1/2 way through the file)
My main question is the F: or S: value can it be any text on the returned page or am I looking for something else?
I've poked around a bit with Burpsuite, but no luck
TIA
-
We're gonna do a 180, and have an *IMPORT* restriction on encryption :P
-
Can I power the MK4 via PoE on that port? (I'd think thats the point of it, no?)
Would be nice to and VLAN it for set up and such.
-
I upgraded to Kali 2.0. What a friggin trainwreck!!
aircrack suite is all mucked up and unreliable.
VNC needs to be a different then default windowmanager
etc, etc.
Kali has always been funky but at least usable for the most part.
With PTF, (PenTester's Framework) I'm pondering just doing a more mainstream linux install and using PTF to keep the goodies going.
(I do installs, not live CDs or USB sticks.)
-
For delivery, I had pondered using a large helium balloon as a lift assist. Would need to be done during 'off' hours.
-
Any stealthy screen recorders that will trigger on a screensaver deactivate?
(don't want hours of screeensaver)
Not a snapshot/screen cap, but video?
Would be awesome if it could stream it to a different computer.
Targets are from Win2k up.
-
I got frustrated with this too. I've just made a small bash kluge:
#! /bin/bash cli="$(airmon-ng | grep mon)" arr=($cli) mon=${arr[1]} echo $monthen in a bash script just call it:
.... mon="$(getmon)"
-
Picked up a LT @ Defcon finally sat down with it.
Updated everything (v2 shell)
When I go to the module manager, it won't start. Just pops up a box with the "Press OK or CTRL-C to exit"
I exit and its 'stopped'
and
bootup status 'enabled'
reboot it and same.
is this a prob?
-
I can NOT get a WiFi adapter (various RealTek based ones on hand) to even associate from the command line.
GUI works fine. (But I don't use the GUI on a Pi.)
I've turned off (and even removed) NetworkManager.
ifconfig down/up the IF
iwconfig wlan(x) essid <network>
iwconfig wlan(x) essid <network> channel x
iwconfig wlan(x) mode managed essid <network> channel x
---All fail. (with no message)
(also tired using iw dev wlan connect <network>)
iwlist scan does show the APs being there.
Even on open networks, including the WiFI-Pinapple.
(Now I can get airmon-ng with work with them OK.)
Raspbian and Kali images both give same results. (going to try the old PwnPi)
The GUI vs CLI has got me stumped.
-
Thanks guys!
The -vv and additional ports have same results.
the -vv doesn't show (to me) and error/issues
XP SP3:
Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-09 20:43 EDT NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating ARP Ping Scan at 20:43 Scanning 192.168.1.188 [1 port] Completed ARP Ping Scan at 20:43, 0.07s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 20:43 Completed Parallel DNS resolution of 1 host. at 20:44, 13.00s elapsed Initiating SYN Stealth Scan at 20:44 Scanning 192.168.1.188 [2 ports] Discovered open port 445/tcp on 192.168.1.188 Discovered open port 139/tcp on 192.168.1.188 Completed SYN Stealth Scan at 20:44, 0.08s elapsed (2 total ports) Initiating UDP Scan at 20:44 Scanning 192.168.1.188 [1 port] Discovered open port 137/udp on 192.168.1.188 Completed UDP Scan at 20:44, 0.09s elapsed (1 total ports) NSE: Script scanning 192.168.1.188. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 20:44 Completed NSE at 20:44, 0.72s elapsed Nmap scan report for 192.168.1.188 Host is up (0.00066s latency). Scanned at 2015-06-09 20:43:58 EDT for 14s PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds 137/udp open netbios-ns MAC Address: XX:XX:XX:XX:XX:XX (Asustek Computer) NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 16.18 seconds Raw packets sent: 4 (194B) | Rcvd: 4 (337B)
-
I've tried agaist XP, Win7 and Server 2012 R2. VMs and real machines and 2 dirrerent networks.
Typical output:
nmap --script smb-enum-users.nse -p445 192.168.1.70 Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-08 10:32 EDT Nmap scan report for 192.168.1.70 Host is up (0.0012s latency). PORT STATE SERVICE 445/tcp open microsoft-ds MAC Address: 00:1C:42:6F:D1:A1 (Parallels) Nmap done: 1 IP address (1 host up) scanned in 15.79 seconds
Ideas? Suggestions?
-
Just saw this. Haven't look into it. But looks like it could be a good module.
-
Thanks for the reply!
I did a cursory look at kippo (listened to info about it on a podcast) But it goes further then I want. From what I have gathered (by a quick look at it, could be wrong) is it provides a sandboxed shell on the 'hacked' remote system for the attacked to play in.
I'd like to stop it before being (falsely authenticated) and have them try *more* login attempts for me to log names/pws
I'm trying to build word lists for usernames and pw's
-
Hi guys, have a VPS I'm not utilizing much.
But after looking through the logs, I see a LOT of ssh login attempts. (of course I've moved my actual ssh port off 22)
So here's my idea: Set up a fake login prompt to harvest the names & PWs they try. (could be very useful in oclHashcat!!)
Anything already out there for it? Or can a simple bash or Python script do it? (I'm happy to try *if* its possible. I hate chasing the unobtainable)
Would like it to bail on the IP after x failed attempts. (logging the IPs would be nice but not a must)
TIA
-
Has anyone played with SSLStrip2?
https://github.com/LeonardoNve/sslstrip2.git
"This is a new version of Moxie´s SSLstrip with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism."
-
wpa2 handshake not capturing
in Security
Posted
Are you getting back ACKs in both columns when deauthing?
05:04:05 Sending 64 directed DeAuth. STMAC: [xx:1B:xx:46:xx:xx] [52| 45 ACKs]
I have a script that does the deauthing until a handshake is found. (with pauses between deauths)
If I don't get a handshake in 4-5 minutes, I probably won't.