Anton

Hi, and thanks for the reply, man had no idea google and apple collected that type of information from our devices.... i should have known though after that war driving fiasco. The google API does sound like a good idea but the app, if it does take of as intended will be used by thousands of people and the requests would used in a matter of a few minutes. Right now this is the plan for the app i have in my head. The App: Uses WiFi(or bluetooth) triangulation by calculating signal strengths of nearby routers that i would setup. Web Service: This is what the app will communicate with over the internet to retrieve information of a location (longitude and latitude coords). The App: Once the mobile device has this information it no longer needs the web service, the device/app will calculate its position (using wifi triangulation, i.e. scanning for a list of specific networks and comparing their signal strengths). Once the device/app calculates its position (knows its longitude and latitude coords) it can then calculate the distance between the position retrieved from the web service and its current position. One question i did ask my self was ok, how am i going to work out the longitude and latitude of the device (because i know the longitude and latitude of the routers - although I don't know how i am accurately going to do this as i am going to need many routers and they to will be indoors, so getting there lats and longs is going to be hard enough). But yea, thats the general idea i have in my head of what i want to do. I have been looking into using bluetooth as well (which potentially could be more accurate but would cost more because i would need a shit load of transmitters.) Also I am having a hard time trying to wrap my head around triangulation, i understand that if there was say 1 router i can measure how far i am away from that but i could be that distance away from that router in any direction. Example: So then i i read a little more and understood what would happen if i used two routers Example: So I understand things up to here, now when you bring a third router into the equation it looks like this. Example: I even understand that now I know where i am (roughly) but i could be at any point inside that triangle, how do i know where i am, or would the size of that triangle be dependant on how strong the routers broadcasting are? so the weaker the wifi signal the better accuracy i would have? (maybe thats why nokia is working on indoor navigation using bluetooth because its weaker than wifi) when i mean weaker i mean in terms of how far it can travel not the actual users position from it. Hope I am not just talking gibberish here just trying to understand things before i start programing any thing, and as for as programing a system that will work this out lol its going to take ne some time, especially in android....

lol yes it is.

Hey guy's so recently I was working on an APP that used GPS to locate the positions Latitude & Longitude of a device. Now that all fine and dandy when you're outdoors but as soon as you go indoors its a whole different ball game, because the device does not have clear line of sight to the satellites it cannot accurately (within a reasonable margin of error 1-2 meters) get the correct position of the device. So GPS was out the windows and I started looking at other solutions and figured where better to ask these questions than hak5. So far what i have learned is that in doors the position of a device can be accurately calculated using WiFi. Now I know to some of you boffins out there this will be nothing knew but this is new mind blowing territory for me and I am having a hard time wrapping my head around just how it works and was wondering if you guys could shed some noob friendly light on the whole subject of WiFi positioning and how it works. From what I have read and understood so far you take a number of WiFi routers position them throughout a building and by doing this you can accurately locate the position of the device in the building based on WiFi signal strength of the routers? < thats the bit i don't get / am getting mixed of with. Basically I need a cheap solution for wifi positioning. There are guys out there that all ready have bespoke products avalable but i am sure they are crazy expensive like these guys over at Navizon http://www.youtube.com/watch?v=Sw7gc8ic5vM Also I found this video intresting, istead of wifi these guys mention using bluetooth as a means of positioning instead of wifi http://www.youtube.com/watch?v=n0UbrkJpypc I hope we can all discuss this subject further as I really need to implement a solution like this and i just find it pretty dam interesting in general. Also as a side note I think i may have accidently have stumbled accross why google street view cars collected all that wifi info they were not suppose to be collecting. WIFI POSITIONING!!! http://en.wikipedia.org/wiki/Wi-Fi_positioning_system just a hunch but you never know! and if that wasn't enough take a listen to this guy and play close attention when he talks about drivers! http://www.youtube.com/watch?v=Skifba2SMpE

Hey Rebel Cork, Tiocfaidh ár lá! Does MDK3 actually knock the network off to the point where it is no longer visible in a wifi scan? I know how it works to the point where it de-auths the clients etc's but from what i remember using it with the pineapple any way was that the network would still be available during a wifi scan and there for could still be connected to / would still be the proffered connection to you're identical honey pot. Would be integrated to learn more about this, aint played with my pineapple in a while, might be time to whip it out again. - Anton

Thank's Darren, ps sorry for twitter spamming you my chrome has been acting a little flaky today since the big 28 update thing. Thanks Again. - Anton.

I think this is a very interesting point, There must be something in that probe request that can be pulled out / decrypted to emulate a secure wpa / wpa2 network. At the end of the day we are halfway there in the sense we can already spoof non password protected networks. The question would be, what is different about the probe request when its asking, are you my wifi. Or does a password protected probe request not even ask "are you my wifi" maybe the wpa password protected router shouts to the laptop "hey i got what ya need". Duno its all a bit confusing for me would love to learn more about it. Are their any white papers or anything like that out their. Maybe even a detailed overview of how probe requests actually work? i am a total noob when it comes to wireless radio electricity and all that malarkey i just follow tuts and feel good about being about to complete them lol. Tell us more Darren & Seb < presuming seb is a jaeger guy. I get confused to many names.

Not read this post in a while and am so glad all you guys got the use out of this. I thought i was setting it indefinitely but for some reason my utorrent crapped out, working on re adding the torrent without having to download it again. Also i would suggest using pyrit in kali / backtrack for using this list, or as shuttin mentioned aircrack might actually support a word list this size now. I am going to be testing this word list using kali linux, i'll post the commands pkms etc to give you guys and idea of just what works best. - Anton.

Glad you guy's found it useful, don't forget to seed it and keep it alive for others. :)

Which key? the WPA pass phrase? this is interesting! keep up the good work guys! maybe one day, once someone manages the blow a whole in the side of WPA, like they did with WEP our pineapple could have auto crack and emulating of WPA networks built in XD

yea, i shoulda mentioned that, take a while to decompress though, i have a phenom ii x 4 965 @ 3.4ghz it took me roughly 25 - 30 mins to decompress, well worth it though.

Compressed File Size: 4.4gb Decompressed File Size: 13gb Just thought i would share the link for those who are looking for a decent list to pen test their networks. The list contains 982,963,904 words exactly no dupes and all optimized for wpa/wpa2. Would also just like to point out that this is not my work, instead it was a guy who compiled a whole load of useful lists, including his own to come up with 2 lists (one is 11gb and one is 2gb) i will be seeding this torrent indefinitely since it is shareware! 20mb up! INFO This is my final series of WPA-PSK wordlist(S) as you can't get any better than this ! My wordlist is compiled from all known & some unknown internet sources such as; 1. openwall 2. coasts password collections 3. Xploitz Master Password Collection(s) vol 1 and vol 2 (official Backtrack 3/4/4R1 wordlist collections, Thanks Xploitz) 4. ftp sites such as; ftp://ftp.ox.ac.uk/pub/wordlists/ & others 5. all wordlists onand(as of 07/11/2010) 6. all wordlists hosted on; 7. all usernames from "100 million Facebook usernames and personal details" as leaked onto Torrent sites 8. all wordlists from the Argon (site now closed) And as a bonus my personal wordlist of 1.9 GB ! Which also includes; My "WPA-PSK WORDLIST 2 (107MB).rar" & "WPA-PSK WORDLIST (40 MB).rar" Torrent & random usernames grabed from over 30,000+ websites such as youtube, myspace, bebo & outhers sites witch i can't mention .... he he ============================================================================= ALL WITH NO DUPES OR BULL-SHIT AND IS FORMATTED TO WPA RULES OF 8-63 CHARS !! ============================================================================= Hope you enjoy. :¬) ******** P.L.E.A.S.E S.E.E.D W.H.E.N ******** The Pirate Bay Download Link ISO Hunt Download Link Torrent Hound Download Link Hope this helps any one who is starting out and learning about pen testing and network security, and don't forget to seed for others!

yea lol i am thinking maybe when he was younger or summin, but yea i duno, no offence darren!! we love u man!

Hahhaha yea, in all serious ness though for a second i was like CA hmmmm just might be him or maybe his long lost brother? lol u gotta admit though it does look like him ahahahhaah!

Ok as soon as i saw this i thought of Darren, maybe its so mad id hack from the past? lol i see it says ca? is that u darren? lol Lol u should show this in one of the episodes!! lol

yea boot looks good

HEy myst32 thanks for that, will need to try that out, cheers.

that is pretty badass badass thanks for the share!

Ok guy's i have been thinking long and hard about this, i have come up with a method that might By using tcpdump i could strip all html from a selected client/ip and then use a really simple bit of javascript to pull the images from the html, yes there would be a couple of things like images applied via css we wouldn't see but i might be able to come up with something else for that, atm i am just concontrating on the html. Here is the script that would make it all possible. function checkimages() { var images = document.getElementsByTagName('img'); for (var i=0; i<images.length; i++){ var img =images[i].getAttribute('src'); //Output them to module UI } } [/CODE] That's the easy part, the hard part will be getting javascript to communicate with tcpdump and retrieving html from a client that you would select in the module UI. Does one one have any modules that interact with tcpdump in any way that i could take a look at? Maybe javascript wouldn't even interact with tcpdump maybe i would use a shell script or something? first time doing this so i really don't know. [color=#ff0000][b]UPDATE:[/b][/color] To make it clear what i want to do is pull all html from a selected client at time intervals of 5 seconds or something like that and then dump that html to usb, i will then read that dumped html using javascript in the module and apply the javascript snipped above to pull the images from the html and dump them in an array, i would then have another piece of javascript in my module that would loop through that array and display the images, similar to drift net :) Does this seem fee sable or am i just talking tripe lol I am not trying to do it in a roundabout way am i? Cheer's - Anton.

So i was board.... hopfully we wont see any spam from these peoples again! Please wait for a site operator to respond... If you do not want to wait, please click here to leave us a message. Operator Lily Regland has joined the chat. Lily Regland02:35:14 Welcome to our site! What can I do for you? Visitor02:35:30 Hey, first of are you real? 02:35:58 Just want to make sure i am talking with a real person and not a robot lol Lily Regland02:35:59 All the items on our site are authentic. It will come with the authenticity card, serial No., dust bag and care booklet. 02:36:21 lol... this is Lily. I am not robot. Visitor02:36:47 Oh good, could you explain this Lilyhttp://forums.hak5.org/index.php?/topic/27575-wwwauthenticlouisvuittonhandbags1com-6000/#entry210307 ??? 02:37:21 It would appear that some one is spamming you're website all over forums... Lily Regland02:37:30 One second please. Let me check it. 02:39:43 Our customer post in the forum. Visitor02:40:51 Oh, well we will see if that is the case. Right now the internet police are tracking the source of the spam... i am currently on the phone with them just now 02:41:54 I have the IP addresses of who ever posted the spam, i have handed the ip's over to the police 02:43:47 Chine 02:43:50 China 02:43:52 Fujian 02:44:11 http://www.whois.net/whois/authenticlouisvuittonhandbags1.com 02:44:56 ... I will give you the opportunity to say sorry and stop spamming the forums and we can forget this conversation ever happened ok? Lily Regland02:45:53 Okay Visitor02:46:13 So i was you who posted the spam yes? Lily Regland02:47:25 No, maybe that is out technical department who does it. Visitor02:48:53 Oh, is it also safe to presume that you are not female and these hand bags are indeed fake? Lily Regland02:49:24 We sell authentic Louis Vuitton. Visitor02:49:54 Oh, right... i need you to do one last thing for me before i go..... 02:50:16 i need you to say/type 02:50:26 I GOT OWNED! 02:50:54 if you can do that for me i will be on my way 02:52:19 Can you do that for me Lily? Lily Regland02:52:54 Please tell me what I can do for you. Visitor02:53:17 i want you to type "I GOT OWNED" Lily Regland02:53:27 Why? Visitor02:53:51 because you did an because if you do i will buy hand bag. 02:55:10 Lily can you type I GOT OWNED 02:55:19 then i will leave and buy a hand bag? Lily Regland02:55:43 Why I typed that, you will buy a bag? Visitor02:55:51 yes 02:55:56 exactly! Lily Regland02:56:42 It does not have connection of the typed and the handbag. Why I typed, and you will buy? Visitor02:57:03 yes just type I GOT OWNED Lily Regland02:57:20 no Visitor02:57:32 why? 02:59:17 我键入拥有键盘和我将会离开你就 03:00:35 Lily did u understand that? Convo went cold after that, just though i would share it..... Democracy 1 The Commys 0 - Anton, Not Made In China.

Nice work on UI man, auto detection of the mon interfaces in a dropdown would be nice aswell, the same way you did with the wireless. - Anton.

Hey dustbyter its just a program/module that grabs any images passing through a network that you're monitoring, it's a pretty neat little program, u can see videos of it in action on youtube, search driftnet. - Anton.

Just thought i would start a discussion on this. I think a drift net module would be pretty cool on the pineapple, then again i have no idea how resource intensive it would be etc. I might look into it as a module one i get some ma 1337 module dev skills! lol but i am thinking that with the use of php and html that this could be very much possible. - Anton

Yea so it looks like i got by closed beta invite through, game looks wikid! i am looking forward to this, any one else? video: http://www.youtube.com/embed/jGoMeEsiqNI?feature=player_embedded

pm me you team viewer detail's and ill see what i can do, have scp all setup for me so i can go in and see the files etc. - Anton.

Can't say that i have had that problem, what fw version are you running? also double check you're alfa aint a clone, they are pretty common.