vailixi

I'm pretty sure the videos on YouTube are an animation but the tech exists to make it happen. Basically it's a mini smart board. So really you could detect touch on a projected surface. Calibrating the thing to the shape of your wrist and you skin tone and features is doable. I'm not sure about all of that is a small package. All of the software required to make this work already exists. The older smart boards use a projector and I remember there being a program you could use the would do a best fix if the screen was ripped or warped. There were a lot of really smart math people worked on that stuff. They are a huge money waster for the government and corporations looking for write offs. But they kick ass to play video games on. The first real problem I see with the short throw projector is that one a sunny day the light isn't going to be bright enough to overcome the sunlight. You'd probably find yourself in the shade a lot interacting with your wristband. So it's less of hardware or software issue. Oh snap! I just thought of the solution. Use an infared imitter and put a polarizing filter that will allow you to see the IR reflection. Problem solved. Oh the IR goggles are a great hack if you want some cheap night vision. The problem is obviously the infared totally gives away your position to anyone who has infared capable night vision goggles. IR would make for a pretty sick high contrast interface. UV is probably an option or basically just use some wavelength of light that is less common in the everyday environment. Then just filter out the other wavelengths of light. With IR you would have another layer of security against shoulder surfers as well. Many security cameras won't pick it up. Many cameras can be disrupted by IR if it's bright enough so you could effectively cloak yourself. There's another perk. Just on the hypthetical. That sounds really cool.

I was just thinking that as well. There are water proof cases and shock resistand cases. But not a lot of cases that are both. And not a lot for a wide variety of phones and tablets.

True the Juggernaut does make other tactical armbands look like complete crap. But most of the other armbands are junk you find on ebay from like Flyye tactical or Condore and those brands don't really fit my definition of tactical. They're more like airsoft gear honestly. Pretty much if it is securely fastened and not flopping around it's legit. Waterproof and shock resistant are a must. Mounts as securely and closely to the body or gear as possbly while still allowing for personal comfort and maximum mobility. In a combat environment my biggest concern would be the device doesn't get hung up things while I'm climbing through a window or something like that. Because getting your gear snagged is a bummer. But I'm more looking for something to take with me on day trips just for a quick way to interface with the other computers I'm carrying in my backpack without pulling out a laptop and typing away every time I want to check something out or issue commands. But really I would probably own one of these things right now if not for the price. $300-600 for wrist mount is really steep. A regular sports armbands start around $10. Stuff to implement in design. waterproof shock resistant durable lightwieght gear compatible ergonomic affordable Anything to consider?

Really good point on changing the database. I've been making this way to complicated.

You'd think they would have come up with a more positive attachment than a single strap in the center. For $300+. But kudos for selling it to the army and getting paid. One more reason to hate paying taxes.

Gotta love one liners. These are all really good suggestions.

+1 for sure. A call to to wget might be the easiest way to handle this on a Linux box. Powershell on Windows as someone had suggested. Maybe just system calls. Coding. Thanks guys.

That gave me an idea. I found a photo from a build someone posted Maybe something from molded plastic or 3D printed. http://hypercats.deviantart.com/art/Pipboy-3000-build-comparison-195511490 Then and maybe finish it off with some cool woven paracord. Maybe put a survival kit in it.

I like the powershell idea. I think doing this on Windows is going to be pretty simple. Maybe just write out an array of all of the possible networking tools and their possible install locations and loop through until it finds a networking tool that will do the job. I had a heck of a time trying to do this on Ubuntu because it wanted a sudoer password for each system call. The code executes but it needs user interaction. Debian is set up with the root user as default so you can run a bunch of system calls without any extra permissions. I'm actually really surprised there isn't some kind of downloader payload already available. This is the simplest example I could come up with thus far. Python. #!/usr/bin/python import urllib urllib.urlretrieve("http://hak5.org/wp-content/uploads/2012/08/hak5-50.png", filename="hak5-50.png") I suppose I can make that happen py2exe, one of those python compilers. QB64 has some simple networking features but they currenly only work on Windows. Not that that is a bad thing. Also anybody know a scripted way to do this with metasploit? I'll probably come up with quite a few ways to do this by the time I'm finished. Thanks everybody for ideas.

Agreed. I need some new hardware $$.

I picked up a Toshiba Satelite. It has Core i7 and 8gb of RAM. Does what I need. The onboard card wireless card doens't support injection mode. But I got an ALFA. The other problem I'm noticing with the S55 series laptops is the screens are crap. There is a line through my screen and it's been there since 2 days after I bought it. Performance wise it's fine other than not having GPU acceleration for cracking. If I had a little money I would get a gaming laptop just so I have some portable cracking power. If I had money to burn I would get a Eurocom or build something custom. I'm not sure if there are any other octa-core laptops on the market right now other than Eurocom. Tigerdirect has some laptop deals once in a while. You can subscribe to their mailing list and get notification on sales.

I thought it might be cool to make a tactical wrist computer. I'm thinking a 7" tablet would be idea for this. I don't know much about tablets though. But I'm looking for something I can easily install a debian based linux on. Some pluses I'm looking for: Removable stoage Flashable can run a real linux distro USB data ports shock resistant water resistant decent batery life quad core 2 gb of memory or better Doesn't cost a ton Any of you guys have more experience with tablets and want to suggest a model?

I saw something kind like this a couple of years ago where they were using two wireless routers basically as a doplar radar and you could see what was in the next room behind closed doors. Application is for close quarters combat in urban environment. So it's something a SWAT team might have. But really you could adapt it for just about anything. Make it turn on a webcam, mic, lights, stereo, or your machine gun turret kek! If you are running some kind of physical security application you could also log the client MAC addresses with airodump-ng and sort them by manufacuturer along with the probes. So in the event someone broke into your building you might be able to find them via the wireless access point they've visited and their phone's MAC. most burgalars and probably not going to think to turn of their cell phone, spoofing a MAC, or turning off active probing. Not sure have the terminology right there.

Looking for an minimal FTP or WGET type program that I can use as part of a payload. Just has to really simple and very small program. No command line arguments or GUI needed just code in the URL of the file you want to get. Doesn't require outside libraries ie curl, boost, .NET, so it is a standalone program that will run on most machines. Just need to get a few files from the internet and and save them to a specific location on the target machine. Basically want to download the programs to the machine and run them on startup. Seems like all of the "simple" programs that will do this require a lib that is like 2400 additional files. I'm wondering if I can do this with maybe 1, 2 or 3 files? If you want to post an example in another language that's cool. Doesn't have to be C. Just easily deployable. Any thoughts?

Are there some programs that will attack salts from a dictionary file? Something like: cracker -w <wordlist> -s <saltlist> -h <hashfile> If the salt were something like a date of birth or a telephone number it would be trivial to attack that along with the. Running a dictionary attack against the password and salt concurrently would require two open filestreams and some kind of nested looping structure. So it would work something like this pseudocode: open wordlist; while wordlist is open read line for each line open saltlist; while saltlist !=eof if sha512(word+salt) = hashfromhashfile print word print salt print hash So the program would essentially read through the wordlist and for each iteration of the wordlist it would open the salt file and iterate through the salt file appending each salt to the current word and creating a compound word + salt for every possible word + salt combination. Conceptually it's not difficult to code. But the compute time.

So a salted hash is going to be something like this? hashfunction(password + salt) hashfunction(salt + password + salt) Or something like that? So we are just appending some other characters to the string before running the hashing algorithm against it. So really to brute to a strong hash you need to brute the plaintext, the salt(s), and the initial state? Is that pretty much it in a nutshell? So if you have know the plaintext of a given output you can try salts and initial states until you get the desired output? I like the idea of the email address being a salt rather than each hash having the same salt that sound a little tough to break. Or I guess anything like that. But I think non-personal information would make it more secure. Sites like pipl. I have done some skip tracing with pipl and I can usually find somebody's d0x in about 15 minutes. (Find people to serve court papers. Not target reconnaissance but that would be just as easy.) As far as asking your mother's maiden name, pet's name, city you are from, email address, that stuff isn't any good because a lot of times you can find that kind of stuff on a person's facebook or LinkedIn profile. But that would still be more secure than just hash(password). Maybe something like: string = password; string hash = sha512(password + dateofbirth) string hash1 = sha512(hash + currentcity) string hash2 = sha512(hash1 + mothersmaidenname) print sha512(hash2 + todaysdate) or string = password; string hash = sha512(password + randomstring) string hash1 = sha512(hash + randomstring) string hash2 = sha512(hash1 + randomstring) print sha512(hash2 + randomstring)

So without: srand( (unsigned int)time(NULL) ); The first code example would continue to produce the same output? Hence the hashes would be pretty easy to crack if you knew the initial random number. OK this is starting to make sense. I had to read a book on crypto and come back to this. I remembered this thread because I'm at this spot a Python tutorial with random numbers. All of the cool kids were some Python scripts and I felt left out so I resolved to learn the language. Mostly I was curious about Veil-Evasion which also uses some random functions for code obfuscation. Is seeding salting the same? Or is does salting happen later in the hashing function? So I'm thinking to crack a bunch of passwords it would be ideal to have to hashing function used to create them or be able to recreate it. If it were a website a person could create a user account before dumping the database and use the hash from the his/her user account to help determine what operations were done against the plaintext because the plaintext and the hash values are known. But that still seems like a lot of work. Am I far off here? What are some other elements to consider in secure hashing or cracking stronger hashes?

Yeah it's on my shopping list. I've been looking for some gear for long term deployment so solar is a way to go. The battery with the Pineapple I think will do for most applications. It seems like there would be more demand for this kind of product with all of the laptops and microcomputers out there. One of the problems with a lot of solar panels is the reflective cells. Possibility of finding something subdued, tactical, rather than orange or pink or bright blue with shiney cells.

Any of you guys use ADAPTIVE Communication Environment (ACE)? I'm having some difficulty installing in on Debian. I tried following the documentation at vanderbilt.edu but to no avail. Anybody installed ACE on Linux lately want to post some command line history?

I've been reading up on encryption a bit. I'm probably still not on the level to have an educated conversation on the subject. But I wanted to ask a question about encryption programs. What is the a recommended program for encrypting a file or folder for secure storage? It's been mentioned that truecrypt is no longer secure. People are recommending using veracrypt? There's another program I've seen called zulucrypt but that also looks a lot like truecrypt? In your opinion what is the best encryption program? Why? Also was curious about which block ciphers are the hardest to crack? Have you cracked a truecrypt file? How long did it take? What cracker did you use?

Using bitcoin or other cryptocurrencies rather than USD or other Rotheschild one of many ways to stick it to the man. I support anything that goes against the established systems of economic exploitation and taxation. Bitcoin may no longer be a sound investment but there are always new cryptcurrencies being developed. If you can get in on them at ground level either by mining a bunch before the difficulty goes up or just doing some work for the coin. I did some dev work on a cryptocurrency wallet a while back but then the coin wasn't released. The guy shelved it for some other projects. It has some unique crypto and I think he will still let have the source code. Just for the hashing function if nothing else. I have always fancied the idea of having a lot of mining rigs around that I could also use for distributed computing projects when I need.

So am I to understand that a rainbow table is much more than plaintext hash pairs binary form? Also I'm not understanding what initial state is. Can you clarify this? Any recommended reading? Mostly doing this to understand how it works. So basically what I want to do is create an md5 or sha256 table from a wordlist. I'm also happy to do some coding. What is a barebones program for rainbow tables? I was thinking this would be pretty straight forward like opening a file stream and reading through a text file line by line and running the hashing algorithm against each line and outputting the plaintext : hash pairs to a file. I'll apply this to something more advanced and possibly useful when I have the general concept down.

I have a nice wordlist with something like 1.2 billion entries. It's about 13.5gb and it takes a long time to run dictionary attacks. How do I create a procomputed table from a wordlist? I'm willing to make this wordlist and any tables I generate available for download. What are the steps here? I've been looking around and I've been only found articles about creating tables for character sets for certain lengths or strings. I just want to use the list I have to make a variety of tables for cracking.

TY Cooper.

This is really a pretty awesome hack.