[Just ordered the Mark V]

Ordering mine soon! Can't wait

[(I was) hacked]

No,its ok for me.

[Bash Script to Update Facebook]

Hey gang!

Wanted to share this cool little script I ran into for updating your Facebook Status with Bash! B) For Linux and (Get ready) Mac OS X

http://360percents.com/posts/bash-script-to-update-facebook-status-linux-mac-os-x/

[ios 7 full restore without apple id password]

Put the iPhone into DFU mode (google is your friend), then open iTunes, it should tell you that you have an iPhone in Recovery/DFU mode, shift-click the Restore button and select the iOS 7 IPSW, then it should be happy days.

Agreed. Outside of that, you'd be looking at hacking the ipsw (you might as well find a jailbreak after going through that work)

[Reaver Pro ~~ Wifi Pineapple]

At least buy a second pineapple, so you have one (Actual) Wifi Pineapple , and the second one is your hack-apple (May it Rest In Peace)

[Has anyone thought of a smartphone app for Hak5]

Actually I'd like to try to mock up an iPhone app , and see what Daren and the crew thinks! I used to back in the long long ago make apps (real uber basic) for iPhone

[My Quack Won't Hak]

Just out of curiosity, how big is your inject file? Making sure the code is actually getting compiled :)

[Hydra in BT5r3]

unless that specific version of micro_httpd has published vulnerabilities then it doesn't make any difference

O-o Hmm, Time for some research!

[Hydra in BT5r3]

Hang on...

It's running micro_httpd. Can that make a huge difference? I think it does

[Hydra in BT5r3]

Im driving home from work to try this

****

Ok now that I have tried this:

It downloaded 136 files (WOW! I learned something new) but it looks like the CSS , Images , JS items with the index and login.html files. That's it. Did the grep and only brought up the js for the login.html

**

Looked in the login.html

- Username in plain text HOWEVER, the password is protected:

" The support console is password protected and for support personal use only"

[Hydra in BT5r3]

So i can essentially wget -r (routerIP) and grep to an output file?

Im not sure whats up with Hydra, never saw this error before. No luck resolving it direct so far

[Hydra in BT5r3]

Cool! Thanks for the good advice there :)

Yeah I had a feeling I'd just have to build a specific environment. Wanted to see if there was something else before immediately going to that. Good deal, thanks man!

[Hydra in BT5r3]

So here's one:

I was poke-poking around in xHydra, and I got this:

ERROR Compiled without LIBAFP support, module not available!

Anyone know if this is as simple as using apt-get to fix this?

[Hydra in BT5r3]

Very good question! By what I see, it's a form based, I'm going to look into if it's direct HTTP(S) or not too.

The list I'm wanting to use I made of all the possible passwords I could have used. I know the reset button makes life much better but that's just too easy :P (plus I can also get some of my Pentesting practice on within a controlled environment)

Everyone would also be VERY proud to know the username is NOT "admin", lol!

[Hydra in BT5r3]

Yo Hak5 Comm! Hope everyone is well.

So I have a confession to make: I forgot my router login credentials.

That having been said , I have a plan of attack: Backtrack 5r3 in VM ware on my iMac (that is hardlined ) to my Century Link all in one (I know I know )

Is there any reason Hydra can't bruit force a Century Link router? I think it's still an https protocol so I personally don't see why not. BUT I wanna make sure from those who have more experience than I.

Also Hydra can accept .txt lists right? Or does it really need something like a .lst format?

Thanks as always!! B)

["Pineapple bar: Available"]

Wohoa, That's a doozie.

What's the version you're rockin'?

[Need help hide my privacy with backtrack]

> spoof mac - macchanger

> spoof ip - VPN or Proxy, both of which you have to trust the provider, and can be monitored by law enforcement or the owner of the services you use

> spoof ttl values - really not going to help, since browsers still leak info and other ways to decipher when most are HTML5 compliant today, they'll give up the answer with the right query

> spoof http header - burp or something to mitm traffic before sending it back

> spoof dhcp - not going to help you. connected to a network whether static assigned IP or DHCP, your machine shows on the network, packets have to travel back to you to reach you

> use live cd - yes, and no. Yes, use Tails, no if you're at home. Use on free wifi, and never same place twice, maybe, but don't stay too long, and don't login as yourself anywhere while on

> use rdp - um, yeah, like remote desktop to where?

> use proxy - see spoof IP

Short of breaking wifi, stealing someone else's wifi connection, with all spoofed mac, OS and on a system with no HDD using a live CD, and never connecting and logging into sites, or speaking to anyone you know, you won't have a whole lot of luck hiding tracks. All packets coming to you, in some way shape or form, leave a trail to you. Stay in one place long enough, and they will be able to triangulate you if they really wanted to. If you're that paranoid about hiding all your info, then you're most likely up to no good, and for that, you're on your own. Privacy isn't so much an issue, as you can encrypt conversations, etc, but you can not send and receive data without basic network 101. Packets need to be able to reach you, to receive them. Unless you're sending spoofed packet requests and have another node as a listener to receive files to, you'll never receive the data, and when you go to retrieve it from the other stored location, you connect, and are leaving the same trail. Sure, hacked wifi can get you on and do stuff, but only so far, and eventually, if someone wants to get to you, they will.

Pretty much spot on. Either all that or just don't even connect to the WiFi.

[Help With cracking passwords]

If you're running BT5 , Fcrackzip would be worth the try

[Evil Portal - Captive Portal]

Very awesome stuff man! Shenanigans all around :)

[Need help hide my privacy with backtrack]

Definitely a Live CD, But I've personally only had experience with Macchanger:

Same should apply with eth0 (Anyone who's had much more experience than I, please correct me. I'd actually like to know myself)

sudo ifconfig wlan0 down
macchanger -m 00:11:22:33:44:55:66 wlan0 (or mon0)
sudo ifconfig wlan0 up

[Reaver Pro ~~ Wifi Pineapple]

I was so confused by that too!! Personally I wouldn't hack my Pineapple for anything, but at least they have a proof of concept.

[Another Facebook Vulnerability that Facebook fails to address]

Well poop, lol

[Another Facebook Vulnerability that Facebook fails to address]

Have you guys read the recent news? http://thehackernews.com/2013/09/hacking-facebook-to-delete-any-account.html

The researcher literally shares the single .php line to put into the URL that is needed to delete ANY facebook account, and even the ID data needed is publicly available too.

It's an even more shame because the researcher turned this into Facebook (for those who know, Facebook pays those who find bugs in their system) and they won't even look at his submission.

It's a shame

[A little help please...]

Shouldn't have an issue, Yeah it looks like you're down to the syntax :-) I use that on Win8 and it cranks out the code while yawning! B)

[A little help please...]

What I did on iDucke,

take out your REM (iDucke didn't like it with me for whatever reason), and add in a DELAY 3000, I was able to get a 3k file using this:

DELAY 3000
GUI -R
STRING notepad
ENTER
DELAY 500
STRING this is my first ducky script
ENTER

Give that a try with iDucke. You might wanna re-install Java to fix that unrecognizable command