Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

pr0l3's Achievements


Newbie (1/14)

  1. Just saw the big announcement. Can't wait. Details on twitter? Who should we follow?! http://hak5.org/blog/wifi-pineapple-event-october-12-2013
  2. Let me explain... I originally heard about the FREE WIFI towers during the Occupy movement. There was a guy from the Free Network Foundation broadcasting a signal that people could connect to that was pumping free internet connectivity via a 3G modem. Then, I heard about the piratebox. The idea around a WIFI access point that people can connect to OFFLINE to chat, host and share files and more, all under the internet - not actually online and therefore not being constantly monitored by the big companies and governmental entities. So, I've got an idea, and I'm looking for input. I've got a network rig being built. Top down, a high gain 2.4ghz omni antenna, on a mast held in place by a mobile tripod. The antenna is plugged into a Mikrotik router running RouterOS. ALL outgoing traffic on port 80 is routed to a webserver. The webserver at a base station can be a rig as big as you want, for mobile uses a nettop could be used. Now, on this webserver, in my lab, I'm currently running turnkeylinux for Wordpress. Why Wordpress? Because I know it - that's the only reason. Inside Wordpress I've only done a few things, but as most of you know the plugin repo is massive - for instance, I'm running bbpress as a forum within the site. Eventually, I could see multiple uses - a file repo for anonymized users, a streaming "free radio", a chat/messaging/emailserver and more. The whole point is to keep it off the web. Massive capabilities here for community networks or activist infrastructure supports. Was thinking of running OwnCloud for file storage, or maybe some FTP front end for wordpress. I think WP will work very well for communication... file hosting and streaming I havn't attempted anything past buddypress with group documents. So, what are some of the best way to accomplish these things? Anyone here with experience in Mesh Networking?
  3. Believe it or not, we're in the middle of a top-down restructuring of our security protocols. You've pointed out some glaring flaws.
  4. I've been designing a workshop to provide to my clients that will be based on a paper I'm going to write. The paper will be based on a social experiment I'm running. It's basically about trusted relationships and how social engineers manipulate them. Specifically in social media. I put together this website. I'm trying to collect hits. Basically hits = clicks. Clicks = simulated pwn. www.theinternetistrue.com The premise is basically that I've found we're more likely to trust unknown content coming from social media than we are from email. We're trained to not open suspicious documents and such in email because we know they might be viruses. We're quick, however to just click randomly on links we've never heard of if they show up in our facebook feed. If this link was tied to a status update like: "IRON MAN 4 PREVIEW LEAKED!" - I'm sure someone would click on it - in this case it's safe but a bad guy could redirect you to something bad. Get it? We're more likely to just randomly click stuff based on the trust we have for social media because we apparently know the people posting. What if my account got hacked and the bad guy was posting AS me... there's no way for you to tell. I'm trying to find a few companies / users who would spread this link on their Facebook pages as part of the experiment - you'd be mentioned in the talk and put on some kind of 'supporters' page if your company can contact me after posting - I'd love to get a screen grab of the post itself...
  5. Well said - it's pretty much the way I feel know. My dad has built an IT company that employs 8 people based on _only_ experience. He started small and now manages 100 or so offices. I think I'm going to approach infosec much in the same way... as I have been.
  6. So here's the dilemma, I wanted to go get my C|EH, but there's this nagging in my head saying it's just not worth it. A little background. I work for a family owned business - we provide IT solutions to small businesses. We're pretty buttoned up; cloud backups, email, web dev, TV and media installs, infrastructure, networking, server and workstation installs and support - your basic all-in IT provider. I've been a basement hacker for a few years, I've got a decent little VM-based hack lab set up. We've hired on guys that have NO net+ sec+ or a+ as most of the candidates we spoke to had no front line customer service skills to back up the theoretical. I've been wanting to 'add' security to our list of services to provide. I know that in the enterprise world, we wouldn't even be considered for a placement because none of us are certified. We all have years of real experience - our response to crisis situations is documented and positive. Is it possible through self study to attain the knowledge to really call yourself a security guy, without the certs? Not look for flames here, just some honest advice.
  7. It just started working randomly. I'm now trying to set it up again and am stuck int he same loop. Working a trade show in two days - want to open up a WIFI hotspot and any traffic goes to our website... stuck in the loop. Ideas?
  8. Agreed. I'll keep it in the lab. I've become pretty proficient - but it seems that when I ask these types of questions (albeit without the 'I'm gonna use it' added on) I just get told that if I don't know what it does I shouldn't be using it. It's become one of those things where I'm kind of caught in a loop. The practical side I can teach myself - that's what a lab is for. The theoretical side of things is different. Can you guys - especially the ones who DO know the 'back end' stuff, point me towards some reading material?
  9. I don't plan on using an aggressive exploit - basically ONLY social engineering. And yeah, I'm basically just looking to grab and dash. Print out the documents as an 'example' and show them what's possible. Nothing persistent.
  10. Here's the scenario. I work for a small business - an IT firm. We're considering implementing a red team test against one of our larger clients as an educational experience for the staff. My quesiton is - in using meterpreter, what lasting effect does it have on a system?
  11. Good question - I don't know how to find ANY 3rd party modules.
  12. Same here. USB doesn't mount correctly - unless I'm on DC.
  13. You can most certainly count me in, if you're still in need for beta testers.
  14. Used a different key AND plugged in directly to the wall - not sure which one fixed the problem but it's running now.
  15. So, I got it recognized and had the 'install to usb' button when trying to install randomroll.. Click it, loads, and goes back to 'Pineapple Bar' with: Sorry, there was an MD5 missmatch. Please try again Ideas?
  • Create New...