digininja

Most wifi printers will just show the PSK in the web GUI so all you need to do is to log into it and ask for it. That assumes it also has a wired interface, if not then it is possible to collect enough packets from the handshake to attempt to crack them.

The pot file will be in your current directory. $ ls -l john.pot ls: cannot access 'john.pot': No such file or directory $ ./john --format=Raw-MD5 --wordlist= /tmp/passw /tmp/md5pass Loaded 1 password hash (Raw-MD5 [MD5 128/128 AVX 12x]) Warning: poor OpenMP scalability for this hash type, consider --fork=2 Will run 2 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status password (?) 1g 0:00:00:00 DONE (2016-11-28 14:56) 25.00g/s 88650p/s 88650c/s 88650C/s 123456..sss Use the "--show" option to display all of the cracked passwords reliably Session completed $ ls -l john.pot -rw------- 1 robin robin 53 Nov 28 14:56 john.pot $ ./john --format=Raw-MD5 /tmp/md5pass --show ?:password 1 password hash cracked, 0 left $ rm john.pot $ ./john --format=Raw-MD5 /tmp/md5pass --show 0 password hashes cracked, 1 left

If you have word mangling turned on then modifications are made to the words in the list. Both Obiwan6 and obiwan are in that list so I'd assume that is where it came from. Delete the john.pot file and then rerun the command that brought you here and you should find that it doesn't find anything

Had you previously cracked those two passwords using a word list? Anything already cracked is stored in the pot so it doesn't have to be cracked a second time.

All you could want to know about the GECOS field: https://en.wikipedia.org/wiki/Gecos_field For the second part: "single crack" mode is much faster than wordlist mode. i.e. it doesn't use a word list, it just uses the GECOS info

Wish they would stay consistent with their offerings. That used to be there but then disappeared for a while and all you could get was the trail version of pro which was knobbled in various ways over various releases, the current way is that it is capped at a max of 7 days. If this works as it sounds then it would be good for scanning your home network.

Openvas is free but has a poor reputation compared to Nessus. Check the plugin but I'll bet it has to tie into a licenced version.

Unless you are using an ancient version from before they went closed source you have to have either a trial licence which only runs for 7 days or a pro licence that costs around £900.

You pay for a Nessus licence to run on a RPi at home?

ye, they would have to accept the requests, just an upload won't tell you (I don't think) which are in the system and which aren't.

It depends on what you are sending him, if it is a script that formats his drive or drops malicious malware then yes, it will kill his machine. If all you want to do is get the file to him, encrypt it and tell him the password, then nothing can scan inside the archive and so should allow it through. Where are you hosting the file?

It depends on what is detecting the virus, it won't be your browser, it will be AV or something in Dropbox. If you encrypt the file and tell him the password for when he has downloads it he can get it onto his machine if it is Dropbox, if it is his AV then tell him to disable it. I'd recommend doing all of this in VMs so that when something goes wrong you don't kill his machine.

Does linked in or Facebook tell you which were accepted or rejected when you do the import? If not then you are just feeding a list in and hoping that people accept the request.

Don't know about Facebook but linked in would still require them to accept the invite. There may also be a limit to the number you can import.

If you want to know what things are, turn all the devices off then scan again, slowly turn things on again and you'll see what things are what. Once you've identified everything you can then work out what the open ports are.

Is 192.168.178.0/24 your internal network? Do you share it with anyone else?

It means something responded to probes on those IPs. Without any more information that is about the best anyone can say. If you want a better answer you'll need to tell us things like: Is it an internal or external scan Are the hosts you scanned up or down - do you know for sure Are the services really running on those machines - if they are ones you own then you can check them from the machine themselves

Looks like snake oil to me

Read up on your tools, intruder on the free one degrades more and more over time. You are seeing expected behaviour.

Free or pro version of burp?

Depends on the database type, #, -- and /* are all possibilities

/* is the start of a comment so it will comment out the rest of the query. It will work in MySQL, Oracle and MSSQL as far as I know http://dev.mysql.com/doc/refman/5.7/en/comments.html https://technet.microsoft.com/en-us/library/ms188621(v=sql.105).aspx In your example, only this should get executed by the server: select username,pass from users where username='admin'

Don't know off the top of my head but just look for the authentication instead, look for EAPOL packets.

You can filter data into wireshark.

Are you sniffing on the right channel? Have you tried running wireshark and watching for EAPOL packets to see what happens during the deauth/auth? And why do you need to know how to get handshakes for a business trip?