Jump to content

chriswhat

Active Members
  • Posts

    118
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by chriswhat

  1. Thanks to all of my supporters and friends, we have achieved or goal (and much more). I received notification from YouTube that my channel has been reinstated. I will post my final thoughts and gratitude later today. Thank you all for standing by me... this wouldn't have happened without you. ...And thanks to those of you who doubted and criticized me. Your involvement was equally important in gaining YouTube's attention. For now, here is a link to my channel: http://hackersed.com -Chris
  2. Cooper, Why did I subtract "(or trying to, and rightfully so I might add)" from your statement? Whether or not you agree that I should earn a profit is irrelevant (don't interpret that as an insult - I value everyone's opinion). You placed emphasis on the financial component, implying that I'm primarily motivated by financial gain. This isn't true. In fact, my videos haven't been monetized since July. Money doesn't drive me. My viewers drive me. The discussions and compliments drive me. The need to help people find solutions drives me. The numbers drive me. You may not understand this but, when I lost my channel, I lost a big part of myself. I know, I know... I'm sensitive. You said "It might be that but the impression I was and still am getting is that you're not particularly interested in Youtube reversing their verdict."I think we can find a common ground here. I agree that I didn't leverage social media to its full capacity. Bad habit. Let's consider that a valuable lesson learned. However, I didn't give up... and I wasn't going to give up. I sent an email to YouTube and Google every morning. I tried calling every phone number I could find. I tracked down YouTube and Google employees, and contacted them. I reached out to my friends, family, and business contacts all over the world. Then, I called on the people who I've helped. I almost drove to the YouTube headquarters in San Mateo. I know, I wouldn't been escorted out of the building by security. A risk I was willing to take. http://www.reddit.com/r/sysadmin/comments/2ifs0b/youtube_shut_down_one_of_the_best_hacking/?limit=500 Ultimately, I was offended by the statements made by Zarabyte, not you. I just didn't want people to get the impression that I only care about money.
  3. I can hear the "jeopardy" clock fading away... and I'm anxiously waiting for a contestant to hit the buzzer.
  4. JRedded - I appreciate that you took the time to reach out. As I said earlier, it seems as though information censorship has become the core issue here. This is something that I'll discuss in my upcoming article for the Hacker News. For now, I'm collaborating with my teammates at CTF365 to make my videos available again. We'll get it figured out soon. Thanks again. newbi3 - Your contributions to this community are awesome. I've told you this in a past conversation but I'll say it again - the evil portal infusion is one of my favorite infusions. Your thoughts are shared by many others, and you're right when you say that YouTube isn't the only platform. As I said above, I'm working with some friends to get this situation resolved. It's looking like we may launch our own platform. In the meantime, we're working on a temporary solution. Thanks for your support.
  5. I'm not really sure where to begin here. I guess I'll start by thanking bytedeez for starting this thread in an effort to support me. For me, information censorship is an underlaying issue. However, it's an issue that many are finding in my situation, and it's an issue that holds significance in our community. This is something that I'll touch on later. To those of you who have an opinion but remain uninformed, the Hacker News is going to publish an article telling my story. When the article is available, I will post a link. For now, I'd like to address some inaccurate statements and attempts to ignite unjust rumors. 1) I still have all of my videos. Did you really think I'd just rest 2 years of my hard work in the hands of YouTube/ Google? Come on now... 2) Zarabyte (Matthew H. Knight) - I'd be curious to know where you gathered information suggesting that I use "misleading keywords and content" and "misleading descriptions." YouTube embeds each video's keywords in the source; and the only way to see them is to inspect the source. Is this a hobby of yours? I'll get back to the importance of this question in a moment. Regardless, my content is specific, and therefore specialized. I don't want to attract cat video lovers, home improvement hobbyists, or beer lovers. I want viewers who are interested in InfoSec, penetration testing, ethical hacking, etc. My video titles and descriptions tell the viewer EXACTLY what they can expect to learn. My custom thumbnails possess my logo and a brief description (title) of the video. My keywords are based on three categories: - Penetration testing distros (i.e. Kali Linux, BackTrack, etc.) - The overlaying subject (security, infosec, penetration testing, hacking, ethical hacking, etc.) - The video content/ sub-topic of the overlaying subject (i.e. fake ap, evil twin, word list, password cracking, MItM, packet sniffing, etc.) If I mislead my viewers, I wouldn't have achieved a 1 to 100 dislike to like ratio. I wouldn't have been on Google's first page results for "how to hack" searches. My channel wouldn't have remained active for 2 years, and I wouldn't have been a YouTube verified partner for 16 months. By involving yourself and by insulting the integrity of my work, you've left me no choice but to further translate this situation and state my defense. To be honest, I'm surprised at your audacity. I've had multiple viewers bring you to my attention. They pointed out that several of your videos share non-coincidental similarities with my videos as well as videos belonging to others. Prior to today, I tolerated you. How? I convinced myself to considered you a compliment to my work. Now, instead of thanking me, you make an attempt to tarnish my reputation and brand me as dishonest. That was a mistake; and it was a mistake that I won't tolerate. One more thing that bothered me - You said, "He was gonna start his own website to teach people anyways so he will be fine like their are not enough security schools online as it is i guess im the only one who isn't trying to make a living off the security world." Really? Is this a joke? I can't stand how contradicting you are. Did you forget that you have a Paypal donation system set up? In case you did forget, you can find your donation link here: https://matthewhknight.com/about/ I almost gave you the courtesy of a private message instead of this post; but, as I watched you continue on with your uneducated opinions and insults, the thought of courtesy dissolved. 3) Cooper - you stated, "He's clearly making his videos for profit." Let me make this clear. I do what I do because I love doing it. When you calculate my ad revenue with the countless hours that I've spent creating videos, answering questions, providing remote assistance, etc... I don't even earn 20% of California's minimum hourly wage. Also, I've reinvested the majority of my ad revenue into improving my videos (i.e. upgrading recording equipment, educating myself, buying post production software, etc). I've turned down a number of job offers simply so I can preserve enough time to serve my subscribers. Unlike Matthew H. Knight (Zarabyte), I've never asked for a donation... and I never will. I stand by my values and my belief in free education. "Skippable" advertisements do not compromise those values. Also, I am not saying "Well, that part of my life is now gone. Thanks for nothing Youtube". I have no intentions of quitting. Those who know me, know where to find me. They know who I am, what I do, and why I do it. YouTube was a big part of my life, and it was important to me for many reasons. I will reupload (why isn't "reupload" a word?) my videos elsewhere if this issue goes unresolved. However, I'm involved in other projects as well. For example, I'm part of CTF365 (http://ctf365.com), which is a security training platform. You can find my Metasploit tutorials on our YouTube channel at http://youtube.com/hackademyus. Microsoft's BizSpark has given us full support (including unlimited use of all Microsoft products). Metasploit has given us Metasploit Pro licenses ($20,000/ year licensing fee) to give away to users. We've been given recognition at security conferences and we've had articles written about us in tech and security magazines. Bottom line, I'm not going anywhere. I'm going to continue on with or without YouTube. 4) I've never asked for anything in return from my viewers. I continue to educate myself simply so I can share my education with others... and I do it for free. I take complexities and minimize them to expedite the learning process for others... and, personally, I think I've done a good job doing it. MOVING ON: For those who are interested, here is a copy of the original email notification that I received from YouTube. We'd like to inform you that due to repeated or severe violations of our Community Guidelines (http://www.youtube.com/t/community_guidelines) your YouTube account Chris Haralson has been suspended. After review we determined that activity in your account violated our Community Guidelines, which prohibit spam, scams or commercially deceptive content (https://support.google.com/youtube/bin/answer.py?answer=2801973&hl=en). My account had no strikes and was in good standing with the community. After researching the guidelines that YouTube based the suspension on, I can argue that I did not commit any violations. The only logical explanation (aside from information censorship) that I could rationalize was: My videos' comment sections were constantly being spammed with unwanted third-party advertisements and solicitations. My channel contained more than 50 videos and received an average of 3,000 unique daily views. With dozens of daily comments, messages, and emails, I couldn't possibly combat every spam comment that was posted. In addition, YouTube's spam filtering system was ineffective. Although I cannot be certain, I believe those spam comments may have justified YouTube's decision to suspend my account. Ultimately, this is why I've asked for your support. Over the last 2 years, I've received thousands of comments and messages thanking me for my time and work. This was my motivation to keep making videos. This was my achievement. Now, your support is what I need to defeat an unjust action taken by YouTube and Google. CONCLUSION: To the Hak5 team, forum admins, and community members- I'm sorry if I expressed myself in a manner that offends the purpose of these forums. I consider the Hak5 forums to be an awesome resource. I've met a lot of really cool people here and have had a lot of fun working on projects with them. I have a lot of respect for all of you, including the huge number of beginners who are simply following their newfound passion in an effort to find their place in the community. It's just very difficult for me to sit back and watch people discuss me as if I'm a topic, and not a fellow community member.
  6. This isn't necessarily accurate. Cyber law is becoming more comprehensive and well-defined, and it's something that we need to educate ourselves about. Everyone wants to take their Pineapple to Starbucks and steal Facebook passwords. My advise is this - "Don't take your Pineapple to Starbucks and steal Facebook passwords." Here are a couple of rudimentary questions that will be asked when determining legality: Was there a reasonable expectation of privacy? Like that camera in the bathroom stall... you may own the toilet, but it doesn't entitle you to the show. For what purpose was the WiFi hotspot being broadcasted? Hmm... are you a WiFi philanthropist? Did the provider disclose any terms and conditions, a privacy policy, or use agreement? You were broadcasting an open network named "Starbucks WiFi" while sipping a latte at Starbucks... but Starbucks costumers should know better. Of course, there are many situational variables that will be considered. If we're taking about your home network, things may be different... until you get the idea that you own the data traveling across your network... and use it to go shopping. Here are a few additional issues that you should consider: Civil litigation can occur regardless of whether or not a state or federal statute has been violated. It may not be against the law to hurt someone's feelings, but it doesn't mean that it won't cost you. You could be held liable for criminal offenses that occur on your network. Don't put a "borrow me" sign on a loaded gun and assume that it'll be used responsibly. More importantly, don't expect sympathy when you report it stollen. NOTE: I'm not an attorney so I cannot advise you on cyber law; however, I do provide common sense consultations at no cost.
  7. Yes, ff:ff:ff:ff:ff:ff is used to target all devices. If you leave the target field blank, it will automatically populate with ff:ff:ff:ff:ff:ff. Here's some bogus math: Default = Blank Blank = ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff = Target all devices Target all devices = Default Therefore, Blank = Target all devices
  8. I'm glad that I was able to help you out. The puzzle will never be complete. Each piece of the puzzle is a puzzle in itself... and the puzzle as a whole never stops expanding and evolving. Not to sound too philosophical. This is just one of the many reasons I enjoy security. There are too many challenges to face alone and, therefore, it never gets old or boring.
  9. Thanks for the shout out. I haven't done much with my channel lately because I've been extremely busy working on http://ctf365.com - our online security training platform. We provide our free users with access to several vulnerable-by-design servers and web applications, such as Metasploitable and DVWA. Our paid users get access to the main arena, which has real servers hosted by real people. The idea is to attack other servers while defending your own server, and our goal is to simulate the real world internet. We also hold weekend-long CTF competitions for our paid users. The next one starts on October 17. For now, I'm working on some new Pineapple tutorials. When I'm finished, I'll share them in the WiFi Pineapple University category.
  10. I'll elaborate on what jmelody said to help answer your question. The source and target fields are part of Dogma. What does Dogma do? Dogma allows you to focus your KARMA attack towards a specific device. It also allows you to specify a list of access points to broadcast. Source field - This is where you specify your access point's MAC address. You can enter your Pineapple's MAC address (default) or a spoofed MAC address. Target field - This is where you specify the MAC address of your target. You can leave it blank (default) to target all devices or you can enter a specific device's MAC address to only target that device. SSID Management - This is where you can specify a list of access points that you'd like to broadcast. These access points will be broadcasted to your target(s) when Dogma is enabled. You can manually add access points to the list or you can add them from the Reconnoissance scan results (by clicking the access point name). Here's an example scenario: Let's say that there are 10 devices sending out probe requests in search of familiar access points but you only want to target one of those devices. After enabling PineAP and Dogma, you can enter the MAC address of the device that you want to target in the "Target" field. When the target device is searching for a wireless access point, it will see the list of access points stored in the SSID Management area. The access points from the SSID Management area will not be broadcasted to the remaining 9 devices or any other devices that come within range. If you don't specify a target, the access points from the SSID Management area will be broadcasted to everyone within range. NOTE: You can use Reconnaissance to discover the MAC addresses of devices.
  11. My advice is to stop placing so much emphasis on Facebook. Many people use the same creds for most, if not all, of their accounts (i.e. social media, financial, email, etc.). Compromise one of them, and you can often compromise the rest of them. LinkedIn Wordpress Instagram Vimeo Microsoft Live PayPal Wells Fargo Chase Bank of America Fidelity Capital One IRS.gov Amazon Target Vudu RedBox HakShop DigitalOcean
  12. You're welcome. Now that the Pineapple is gaining a new foothold, I'm trying to revive my interest in it. I'll see about making a PineAP suite tutorial.
  13. I agree, and I prefer "client" over "victim."
  14. There are three network connection categories. Each category has a few connection options. 1) Ethernet Pineapple to router via ethernet cable Pineapple to ICS-enabled computer via ethernet cable 2) Wireless (Client Mode) Pineapple to wireless network, wireless AP, or WiFi hotspot via wlan1 Pineapple to wireless network, wireless AP, or WiFi hotspot via USB network adapter (wlan2) 3) USB Pineapple to USB 3G/4G modem via USB cable Pineapple to iPhone or Android via USB cable Yes. By default, wlan0 is reserved for Pineapple clients and is set to master mode (AP mode), which allows clients to connect to the Pineapple. If you wanted to, you could configure wlan0 to act as a client and wlan1 to act as an AP. Yes, the Mk V has two antennas because one (wlan1) is used as a client and the other (wlan0) is used as an access point. This allows the Pineapple to connect to a wireless network while simultaneously hosting an access point. It also allows the Pineapple to share its internet connection from wlan1 to the clients connected to wlan0. The Mk IV was only able to do one or the other without adding a USB network adapter. KARMA: Karma Attacks Radioed Machines Automatically KARMA's job is to trick WiFi-enabled devices (i.e. computers, smartphones, etc.) into connecting to the Pineapple. Here's how it works: Most devices are continuously searching for networks that they've previously connected to so they can automatically reestablish a connection. To do this, the devices send out probe requests. KARMA listens for those probe requests. When KARMA sees a probe request, it clones the network that the device is searching for and responds to the device. In other words, KARMA tricks the device into believing that the Pineapple is the network that it's looking for. This causes the device to connect to the Pineapple. I only updated to the latest firmware yesterday so I haven't experimented with the new PineAP suite yet. From what I can tell, the PineAP suite is essentially an extension of KARMA, and it was most likely developed in an effort to bring KARMA back to life. Beacon response is basically the new probe response. It's needed to exploit devices that are no longer susceptible to the traditional KARMA probe request/ response method. Harvester is used to harvest information from probe requests. Probe requests contain information about the access point that the device is searching for. Dogma gives you the ability to respond to a single probe request or respond to all probe requests. Before, KARMA would automatically respond to all probe requests. Dogma helps you to be more target-oriented.
  15. This one has me stumped. Maybe you need to buy a new laptop?
  16. My tutorial was designed to help novice users set up a working (and free) relay server but, more importantly, it was designed to explain the concept behind ssh tunneling. I feel like some people are overlooking an important lesson here - My tutorial can be applied to many situations and system setups. With some minor adjustments (if any at all), you can use my tutorial to setup your VPS/ VM on whatever cloud service you're using. Your EC2 Ubuntu instance is a VM. You shouldn't have any issues allowing inbound traffic on port 22 or port 1471. The only difference is that you're hosting your Ubuntu server VM on AWS whereas I'm hosting it on my own computer. NOTE: Amazon provides comprehensive documentation regarding firewall configuration.
  17. Finally, I started to make some sense of this thing. I intercepted some police comms and lots of strange transmissions. I'm somewhat fixated on it now. I may need to invest in an antenna.
  18. I was given an SDR (the one from the Hak Shop) for x-mas but I don't know what the hell to do with it. Just plugged it in for the first time yesterday. I'm using Mac OS X. I downloaded GQRX and started messing around with it... but I only receive static, strange spikes (with no noise), and weird bleeps (in rhythmic patterns). Can I intercept 2-way radio comms or AM/FM broadcasts? Video? What do I do with this thing?
  19. If you keep router A suspended long enough, the client will connect to the Pineapple regardless of proximity/ signal strength. Once the client connects to the Pineapple, the client will remain connected until the Pineapple is removed from the area or the client manually disconnects. Laptop A will not automatically leave its connection with the Pineapple to connect to a network with a stronger signal.
  20. When you say you'd like to learn about shell scripts, what do you mean? Do you want to learn how to write them? Basically, shell scripts are used to automate a specific process. Here's a script I wrote that creates a fake access point with airbase-ng. It asks a series of configuration questions, and then it creates the fake access point based on your preferences. I created the script as an example for some friends, and included my notes in the comments. It may help you understand bash scripting a little better. As far as using the command line, what do you want to learn to do? Navigate the file system, start/ stop infusions, etc.?
  21. Instead of using WiFi Manager to change your SSID (AP name), you should use KARMA. 1) Connect to your Pineapple via Wi-Fi or ethernet cable 2) Open a web browser and log into your Pineapple's web interface 3) Open the KARMA tile 4) Select the "KARMA Configuration" tab 5) Enter a name for your Pineapple AP in the "SSID:" field 6) Tick the box beside "Persistent:" (if you don't want your SSID to revert back to the default SSID at each reboot) 7) Click "Update" That's it. To test, use a Wi-Fi enabled device to scan for wireless networks. Your Pineapple should be broadcasting on whatever SSID you entered in the KARMA settings. WiFi Manager adds the radio interfaces to the wireless file in /etc/config/wireless. You can manually delete them in the /etc/config/wireless file. 1) Connect to your Pineapple via Wi-Fi or ethernet cable 2) Open a terminal 3) Connect to your Pineapple via SSH ssh root@172.16.42.1 <pineapple's password> 4) Open the wireless file nano /etc/config/wireless 5) Locate the additional radios and delete them 6) Save and close the wireless file Press "control + x" Press "y" Press "Enter" 7) Restart networking so the changes take effect /etc/init.d/networking restart That's it. Just open the WiFi Manager and the radios should be gone.
  22. Sure, a USB to barrel connector will work. Not sure if a laptop will supply enough power to operate consistently though.
  23. Aside from the Pineapple Wiki, the Mark V forums, and the university videos, there aren't many Pineapple resources available. I've created some video tutorials that may interest you. Here's a link to the playlist. https://www.youtube.com/playlist?list=PL4-mT0A3BzLtjpdYlZG0Z7flZTEDnZkPM To connect to your Pineapple via the command line from Windows 7, complete the following steps: 1) Connect to your WiFi Pineapple via Wi-Fi or ethernet cable 2) Open the Start menu 3) Click All Programs 4) Click Accessories 5) Select Command Prompt 6) In the command prompt window, type "ssh root@172.16.42.1" 7) When prompted to confirm the connection, type "yes" 8) When prompted to enter a password, enter your Pineapple's password That's it. You should now be connected to your WiFi Pineapple via SSH. You can manage your WiFi Pineapple from a Windows PC or a Mac via your web browser or command line (using SSH), but I would encourage you to familiarize yourself with Linux. Learning Linux basics will vastly improve your Pineapple experience. I recommend installing Kali Linux, BackTrack 5, or some other Linux distribution on a virtual machine.
  24. SixKids, Your Pineapple is the man in the middle. Many of the infusions perform some variation of a MItM attack - SSLstrip, strip-n-inject, Ettercap, DNSspoof, TCPdump, URLsnarf, Evil Portal, random roll, etc. Also, your Pineapple isn't limited to the infusions offered in the Pineapple bar. Maybe I can point you in the right direction if you tell me what you want to accomplish. What type of MItM attack do you want to perform?
  25. Redneck, I put something together for you so you can control your Mark V's LEDs with SMSer 1.4. Just follow the guide below. How To: Add Mark V LED Control Functionality to SMSer 1.4 First, we need to connect to our WiFi Pineapple and retrieve the smser.py file Step 1: Connect to your WiFi Pineapple via Wi-Fi or ethernet cable Step 2: Open a terminal Step 3: SSH into your WiFi Pineapple ssh root@172.16.42.1 <pineapple's password> Step 4: Copy the smser.py file from your WiFi Pineapple to your computer via SCP scp /pineapple/components/infusions/smser/content/smser.py <user>@<ip address>:/<path> <computer's password> Replace <user> with your computer's name or username (i.e. JohnDoe) Replace <ip address> with your computer's IP address (i.e. 172.16.42.212) Replace <path> with the location where you want to copy the smser.py file to (i.e. /Users/John/Desktop) Example: scp /pineapple/components/infusions/smser/content/smser.py JohnDoe@172.16.42.212:/Users/John/Desktop Now we need to make some changes to the smser.py file Step 5: Open the smser.py file with a text editor Step 6: Locate the following code (should be near lines 247 through 265): if "light" in payload and "off" in payload or "lights" in payload and "off" in payload: buildReply = reply, prePhrases[randPre], phrases[5], states[3] reply = ''.join(buildReply) replied = True os.system("ledcontrol wps off") os.system("ledcontrol usb off") os.system("ledcontrol wan off") os.system("ledcontrol wlan off") os.system("ledcontrol lan off") if "light" in payload and "on" in payload or "lights" in payload and "on" in payload: buildReply = reply, prePhrases[randPre], phrases[5], states[4] reply = ''.join(buildReply) replied = True os.system("ledcontrol wps on") os.system("ledcontrol usb on") os.system("ledcontrol wan on") os.system("ledcontrol wlan on") os.system("ledcontrol lan on") Step 7: Replace the code above with the following code: if "light" in payload and "off" in payload or "lights" in payload and "off" in payload: buildReply = reply, prePhrases[randPre], phrases[5], states[3] reply = ''.join(buildReply) replied = True os.system("led red off") os.system("led blue off") os.system("led amber off") if "light" in payload and "on" in payload or "lights" in payload and "on" in payload: buildReply = reply, prePhrases[randPre], phrases[5], states[4] reply = ''.join(buildReply) replied = True os.system("led red on") os.system("led blue on") os.system("led amber on") Step 8: When you're finished replacing the code, save and close the smser.py file Now we need to send the modified smser.py file back to our WiFi Pineapple Step 9: Open a terminal Step 10: Send the smser.py file back to your WiFi Pineapple via SCP scp <path>/smser.py root@172.16.42.1:/pineapple/components/infusions/smser/content/smser.py Replace <path> with the location of the smser.py file on your computer (i.e. /Users/John/Desktop/smser.py) Example: scp /Users/John/Desktop/smser.py root@172.16.42.1:/pineapple/components/infusions/smser/content/smser.py Now we need to test SMSer to determine if we can control the LEDs as intended Step 11: Connect your WiFi Pineapple to the internet via client mode, ethernet cable, or USB tether Step 12: Log into your WiFi Pineapple's web interface and ensure that SMSer is configured and running Step 13: To disable the LEDs, compose a text message containing the following text and send it to the email address that you configured SMSer to check Pineapple turn the lights off now please Within 1 to 2 minutes, you should receive a response and your WiFi Pineapple's red, blue, and amber LEDs should turn off.Step 14: To enable the LEDs, compose a text message containing the following text and send it to the email address that you configured SMSer to check Pineapple turn the lights on now please Within 1 to 2 minutes, you should receive another response and your WiFi Pineapple's LEDs should turn back on.That's it. You should now be able to control your Pineapple's LEDs via text message. If you want to control the red, blue, and amber LEDs separately, let me know and I'll post the modified code for you. Enjoy!
×
×
  • Create New...