Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Anton

  1. This article might be of interest Link: https://www.raspberrypi.org/rickmote-rickrolling-chromecast-users/#comments is there any thing air crack cant do! lol I am interested to see if there is a way to obtain the stored WPA key/keys of the networks it has connected to previously. Only found it because i was trying to work out a way to stream openelec from my pi 2 to the chromecast for a cheap make shift wireless HDMI connection. Of which I am still trying to figure out if any one has any ideas.
  2. Hey Guys, I haven't forgotten about this post i just work away allot and the list is on my desktop machine! the only time i am home is at the weekend before i need to travel again. Ill upload it the first chance i get. Thanks, -Anton.
  3. Woohoo! I know you can buy FM transmitters for phones and stuff that have predefined frequencies so you can tune in you radio the the transmitters frequency. Now legality's aside for a moment, because no doubt doing something like this would go agents some FCC rules/laws or w/e. What kind of output power would you need to over ride? presumably something more powerful than that main station that has the license for the frequency in that area of the country or....? just take a shot in the dark here as i am not all clued up on fm transmissions. - Anton.
  4. Thought I would share this link with you all. Some of you may have came across Lucid Science before, but for those who haven't here is a link. Lots of cool little hacky project on this page to pass the time. Link: http://lucidscience.com/pro-showall.aspx P.s. would it be possible to override a cars FM receiver with a powerful transmitter set to the same frequency that cars FM radio is tuned into? i.e. i roll up next to someone, hear that there listing to a certain station turn on my transmitter and, play a bit of Rick Astley through there speakers? rick rollin! haha? - Anton.
  5. Thanks for the reply singe, ill take a look at that when I get the chance. Cheers, - Anton.
  6. Hahaha!!! BEST. BREAKDOWNS. EVER! Made me laugh so much reading that. But I now understand exactly how it works, and it makes sense! Now I know exactly what I need to be reading about. Thanks again, much appreciated! - Anton.
  7. Ok well that cleared up a few things :) let me see if I got his in simple terms so I know exactly what I need to be learning about and reading up on. Just tell me if i have picked something up wrong or going a stray. Internet | MiTM | Client As long as I (MiTM) can give the client a valid cert, then I can view all traffic between myself and them? The part i am trying to understand is how https with hsts actually works. I get that it tells the client that all communication from this point on will be https only, but what you are saying is, all traffic between me and the client is http? so i can sniff it or do i give the client the impression that i am, i.e. facebook with this cert thing? thus allowing me to decrypt the traffic on the other end? as i am facebook? or so they/their browser thinks? Breakdown: MiTM: Hello client i'm facebook Client: ORLY whers my https hsts cert thingy ma bob? MiTM: Here it is! So the client/browers/mobile app (A)now thinks its using https? or (B)it actually is using https? And if (A) I understand how i would be able to sniff it because its actually http and not https? If (B) I decrypt the https because i have the cert? Have i got the jist or am I still confused lol? the whole main cert then serving up another cert and using a captive portal thing confused me aswell. - Anton.
  8. Thanks zara, buy a cert? i'm not following. Would be cool if someone documented how it was done and how to combat against it. - Anotn.
  9. Will get fresh links up as soon as i get time :) - Anton.
  10. After reading a good bit about sslstip, hsts and how hsts prevents sslstrip attacks, I am intrigued to know if mobile apps send and receive data over a secure https hsts connection. And if https with the hsts implementation is exploitable. So how would I go about seeing if for example, an app like facebook (because the facebook site implements hsts) uses hsts. Which tools would i need and what would i be looking for? Secondly are there any known hsts exploits in existence?, sorry if these are all nubish questions but I'm friarly knew to this whole area, links/reading material would be appreciated. As a side question does hsts effect cookie jacking? i.e. if a clients cookie is obtained and used when visiting a site such as facebook are you goign to see that users page or would hsts prevent this. Another question I have is.... I know we can use tools like DNS spoof to redirect a browsers request for example *.facebook.com to my.evil.web.server.com but can the same with be done with mobile apps? i.e. do they request urls like a browser? Cheers - Antony, hsts :)
  11. Would be interested in doing this, i have heard chit chat about it in the past. Are there any tuts out there? i wouldn't know where to start.
  12. Man wish i could have flown out for the event, pint at the baltic!
  13. Just been reading this post on gizmodo, http://www.gizmodo.co.uk/2013/09/google-knows-the-wi-fi-passwords-of-all-android-users/ was pretty shocked and suprised but really, i don't think i should be any more... I feel privacy is quickly becoming a thing of the past... it really frustrates me!
  14. Yea that sounds like the best idea, in the words of steve baulldmer, experiment, experiment, experiment lol.
  15. Ah cool! I am in Lanarkshire, just outside Glasgow.
  16. Thanks for that tip! is that using reaver? the -S command?
  17. really? which part of bonnie Scotland are u from?
  18. Thanks for the replays guys, after reading them I have to the conclusion that a weaker router might be better for accuracy or better yet a using Bluetooth. As you say in a building there will be obstructions, the idea is to mount them 9-10ft in the air and have lots of them so i can always calculate the signal using 3 or more routers. The fact that I will end up using a fingerprinting technique using rssi will also help, i mean it will involve more work i.e. surveying the site and taking readings and then mapping but i see the effort being worth it. The finger prints would be taken at 5ft distances apart. en This is another reason i think bluetooth would be better. Its a pitty GPS III wasn't out already apparently its going to impove indoor navigation, to what extent thought i dont know, and also if it need a special type of reviver.
  19. hahaha nah irc ain't (is not?) that bad, but as for the punctation I put it down to being scottish, by nature we hate everything english, we don't even speak the language right ahaha. Will see what i can come up with. Cheers - Anton.
  20. Yea totally agree with you, they are also allot harder to work with. I also don't really have much success with WPS cracking either due to all the big OEM vendors implementing time delays for how many times you can try a wps pin but yea, here is hoping someone finds a bigger flaw some day, or not lol i just enjoy wireless communications.
  21. Hey guy's, I think we could be doing with a new forum banner to spruce up the forums a but, i cant even really see the banner because it blends in with the forums. No a big deal just thought i would mention it. I can create a new one if i get the hak5 font n stuff.
  22. Hey cyberjackcyberjack thanks for the reply and sharing the wordlist had really helped me allot, pyrit ftw!
  • Create New...