Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by AshiOni

  1. We have dozens of wordlist files we have created based on human nature. Example phone numbers in the United States are ten digits so we mutate the area code of the target +7 digits. You wont believe how often we find phone numbers used as passwords during pentests. Straight 8 digits, then 9, etc. Name mutation lists username/app/portal/etc+mutation works pretty often. Of course having a box to rip through those in a timely fashion helps. We only have one GPGPU, which rocks, however there are obviously better cracking rigs out there. There are services that will crush the hashes you collect as well. Those tend to come at a premium price tho.
  2. I wouldn't use the pineapple for cracking. I'd only want it to capture the handshake so we can crack it using john on a more robust piece of hardware while the rest of the pentest is taking place.
  3. Excellent tip, thank you. Found the issue. Just needed to use wlan1 instead of wlan0. I'm assuming because its set to client mode by default? I've run in to a lot of issues in the last couple of years with monX not having the same mac address as wlanX, so I've gotten in to a habbit of macchanger --mac=XX... Reaver for example has always had troubles with wlanX having a different mac address than monX.
  4. I gave it a quick go but was unable to monitor / capture traffic airmon-ng start wlan0 python wifite -i mon0 -aircrack -crack -dict none Edit I'm guessing it needs to be on wlan1?
  5. Just curious if anyone has gotten wifite installed and or working on their Mark V? I could see that being an awesome addition to the Mark V tool set.
  6. I didn't update the firmware, maybe I will give that a shot, currently running 1.0.4 I did format the SD card and everything started working again. Not sure if there was some sort of corruption or what happening there but I'm able to use it with expected results again. Thanks for the reply. I consider this issue resolved for now. -Ashi
  7. Howdy Been playing with my pineapple mark 5 for some time now. Everything was working well but all of a sudden I started having issues where karma just seemed to stop working (randomly), normally rebooting the device would solve the issue. When it was working I noticed that I had two radio nics, wlan0 and wlan1. When it stopped working I noticed there would be four radio nics, wlan0, wlan1, wlan2 and wlan3. Rebooting would solve the issue. Meaning when I rebooted it would go back to only having wlan0 and wlan1. Randomly wlan2 and wlan3 would magically reappear. After a couple of weeks of just assuming this was standard behavior the rebooting to fix the issue stopped working as well. At which point I just started to run the "Factory Reset Pineapple" link within the GUI. This worked for about a day at which point that has now stopped working as well and has developed new behaviors. When "Factory Reset Pineapple" was working to fix the radio problem I outlined above the device would say hey, I noticed you have orphan packages on this SSD, would you like to add those back in? It no longer does that as well as wlan1 no longer seems to be present when I do the factory reset. I have br0, eth0 and wlan0 interfaces only. I'm not really sure what is supposed to be there or if some how the process I was following changed some how without me noticeing. My next step is to format the SSD and re-install the firmware. My question is: has anyone seen this behavior and figured out why it's happening. I have looked over the forums a bit and see that a lot of people that seem to have the same sorts of issues, but nothing I have read so far has worked. Thanks for your time. EDIT editing the /etc/config/wireless file to include the radio wlan1 seems to bring that back and makes it functional again. Still need to understand why the wlan3 and wlan4 radios randomly appear and what is happening with the SSD. Also, I'm now seeing yet another new behavior, the karma SSID name no longer remains persistent and the timezone resets if rebooted.
  8. I had the same problem; I received my MKIV int he mail, opened it and proceeded to assemble. Little did I know that the nut on the inside was not tight. I assumed I should turn the antenna until it was semi-tight. The only problem with that line of thought was it didn't stop turning, it started to get tight at one point then just snapped the cable off inside. When I realized what I had likely just done to the unit I got out the screw driver set to open this bad boy only to quickly learn that the transparent piece of plastic on the front is a bit thin =P and snapped it in half. In the end I ordered another cable, figured the appearance wasn't as important as function and wrote the face plate up as a learning experience. The unit is now working as expected.
  9. Not sure if I should be confused or concerned when I see "./install v1.0.9.sh: /bin/bash^M: bad interpreter:"
  10. lol - sorry it didn't dawn on me to supply that information (really tired today) Here we go airmon-ng start wlan0 (tried with various adapters) crated ssidnames.txt cat << EOF > ssidnames.txt blah1 uber blah2 etc EOF mdk3 mon0 b -f ssidnames.txt I see the expected output in the terminal and can verify they are showing up on the client after a minute or two the broadcasts just stop - I cannot seem to get it restarted without rebooting the entire laptop or tower (I've tried various pieces of hardware)
  11. In a nutshell - I start MDK and everything appears to be working as I expect to it. After a minute or two the client devices stop seeing the broadcasting device Its almost like the wifi adapter has been put in power saving mode but is not when I look. I can repeat this issue 100% of the time. Tried on various hosts with various wifi adapters. Same results each time. Thoughts?
  12. Well the control of the hosted VMs on the ESXi box would still be centralized. It just wouldn't be an active part of any other network deployments you might have on the back end. You can also look in to Citrix XenClient Enterprise - it's low cost and pretty powerful and I'm sure if you called them you could get even better pricing than they show on their website, hell maybe even free if you talk with the right people...
  13. In the example given you're probably better off finding a way to boot a clone drive of whatever flavor you want and then try the attack away from the target area. But really if you have the ability to boot a thumbdrive or disk in the first place you're probably better off just grabbing the SAM file and not the entire disk. Grabbing the entire disk is only handy if you believe there are parts of that disk you need to have access to that you wouldn't otherwise be able to read when mounted to a linux box. As for the duck, maybe just have it try the most common passwords? or possibly just have it wait extremely long periods of time before trying to collect the SAM file (assumes windows) then rinse repeat. This assumes you're willing to play the high ricks odds of getting caught... (not the best solution)
  14. Not really there are lots of products out there (Xen Client) comes to mind that allow you to run the OS on top of a hypervisor which allows you to deploy desktops from a central management system in a non-persistent state. Virtualcomputer.com also comes to mind.
  15. If it were me, I suppose I would have registered an enterprise firewall as my computer to start off with, thus allowing you to NAT your local dorm room network to their network. Try something like Sophos UTM, m0n0wall, etc. and see if that works out for you.
  16. I think we are saying the same thing - I was simply saying that within his script he has the mon0 mac address being changed, but not the wlan0 address - wouldn't you want to change the wlan0 address before you do that? - and then if you do change your mac address the man page for reaver suggests the user would want to use the --mac= flag equaling the mac address of the wlan0 interface. So maybe add lines for changing the wlan0 mac address ifconfig $interface down ifconfig $monInterface down macchanger -r $interface macchanger -r $monInterface ifconfig $interface up ifconfig $monInterface up then pick your poison as how you want to script in the $wlan0MAC in to your reaver command line reaver -i $monInterface --mac="$wlan0MAC" -b $target $reaverVars
  17. Please correct me if I'm wrong, but If you're spoofing mon0 isn't it required that you use the --mac= switch as well? And wouldn't you want to make sure the wlanX is spoofed if --mac= is set?
  18. I agree with Pwnd2Pwnr on this one - I would have just kept it to myself - true story - I had to take a basic windows admin class as a pre-req a few years ago when I was working on my homeland security cert - I refuse to test out of classes like this because no matter how much you think you know, you will always learn something (never hurts to renew your basics either) at any rate this class was using vmware virtual machines hosted locally on the windows 7 workstation - while working on my VM I hit windows+r to bring up the run command and typed regedit - I went about my day following the directions of the class session until I couldn't find something in the registry that was supposed to be there. It then dawned on me I was in the local workstation registry and NOT the VM's registry - at that point I raised my hand and said hey prof, I just figured out that I've been mistakenly editing the local registry and not the registry of the VM, you might want to make sure no one else made the same mistake AND you might want to pass along to the helpdesk that for some reason normal users have access to edit the registry in areas they shouldn't. A few days later I received a disciplinary warning letter from the school stating I had broken the terms of use policy. As I thought this was surprisingly short sighted and stupid I felt the need to fight them because it was a simple mistake that it turns most of the entire class had done as well. To get this "warning" stricken from our student files we had to go in front of a board to explain the problem. I personally have a lawyer on retainer (everyone should have one of those guys) and sent her in my place...
  19. You have supplied almost zero details as to what you were doing that got you in trouble in the first place, but taking in to account what you did tell us it appears you're talking from the same perspective that a criminal would use. Now please do not take that the wrong way (or anything I say for that matter) I'm mearly pointing out what I'm seeing. With that you cannot hack something then expect to sell that information to the owner of the network. That will land you back in jail. The only possible way to do what you're asking is to be up front with your customer base and say look, I went to jail for this (insert issue) and paid for my crime. I now consult for a living. I can be found at (insert url of your real tax paying business) and details of what we can offer are listed there as well. Create a rock solid contact that covers you in the event of problems and create a rock solid statement of work (don't do any work without them) - There have been lots of kids/adults alike that have gone to jail/prison and still went on to have great carriers in IT security, remember Kevin Mitnick? The MS Live kid? etc, etc...
  20. I agree with Harrison - It really depends on where you live - A network admin in New York will not get the same salary as one in Florida - In my opinion your goal should be 50k - If you get more and its above the cost of living in your area, kudoos... Maybe this link can help (http://www.computerw...ary_Survey_2012) - Accordig to this page a Net Admin with 10-15 years of exp. can expect a salary of 63k(ish) a year.
  21. I've run in to the same kinds of issues in the past - my solution was to abandon the solution we were using and stand up an linux box with FOG installed (http://www.fogproject.org/) - it's fantastically simple to use - create an image on one machine, add drivers for other dis-similar hardware if you need to, sysprep, capture and deploy...
  22. Sorry to see that, I've personally had great luck with Sophos - we had a horrible time with Norton Endpoint - I hear great things about Vipre and ESET however I have not used them. My suggestion for those of you using Sophos or other products that have had a hard time getting rid of viruses is to not rely on the antivirus program to purge the virus in the first place. We keep all of our endpoints as updated as possible and keep them in a non-persistent state - so when the antivirus tells the users (and us) that the endpoint in question has a virus we can simply direct the end user to shutdown their workstation and then turn it back on. All changes (i.e. the virus) vanish and the endpoint goes back to its pristine condition. Really at the end of the day IT cannot rely on a singular application to protect itself. You really have to lock everything down - examples include turning off CDROM / USB / file share usage, scan everything that comes in and goes out of the network at the perimeter, that means a good UTM/Firewall 2.0 - get some sort of DLP system in place and patch, patch, patch. Business as a whole has gotten in to this empower the end user mind set and that's great, but there are still rules to follow, otherwise every day you work is going to be a disaster and suck.
  23. Those are all very nice firewall / portals - The question for me is - are you trying to do this as a business or simply at home? If you're trying to do this at home you can use the Astaro UTM (Now Sophos) FREE of charge at home. Buy a compatible access point and you have one of the more powerful wireless access systems I've had the pleasure of playing with. The Astaro appliance has many advanced features that are right in line with what youre asking, including the ability to automatically make a random daily password and send it to you (and others) via email or allows you to supply vouchers for access time - eg give X:GiB/MiB credit or X:Mins/hours or both on a first one then the other bases. And if you need it for business its pretty in expense.
  • Create New...