Jump to content

0phoi5

Dedicated Members
  • Posts

    702
  • Joined

  • Last visited

  • Days Won

    20

Everything posted by 0phoi5

  1. I can only assume that when you connected to her WiFi, you were actually connecting to a Man-In-The-Middle access point, like a Raspberry Pi. Quite easy to do. She then set it up to forward traffic between your phone and the real WiFi access point, picking up anything in-between with tools like Wireshark. I doubt she would be able to read text messages, as that would involved a Femtocell, which is more complex and highly illegal. She's likely over-exaggerating about that, seeing your internet traffic would be enough to work out the topics you were researching.
  2. The quickest way to crack a WiFi password is to know it's standard before attempting, otherwise you'll be waiting for weeks, months or even years. See my old post below. Most of it will still be relevant, although obviously you should go and do your own research about the likely keyspace.
  3. I would use Python for this, something like; import threading import time import win32gui import win32api import win32con # Define the text inputs and their corresponding completions input_mappings = { "hello": " world", "goodbye": " cruel world", "foo": " bar" } # Function to send key strokes def send_keystrokes(text): for char in text: win32api.SendMessage(win32con.HWND_CURRENT, win32con.WM_CHAR, ord(char), 0) time.sleep(0.05) # Thread function to monitor user input def monitor_input(): while True: window_title = win32gui.GetWindowText(win32gui.GetForegroundWindow()) if window_title != "Python": # Listen for specific text inputs if window_title.lower() == "hello": send_keystrokes(input_mappings["hello"]) elif window_title.lower() == "goodbye": send_keystrokes(input_mappings["goodbye"]) elif window_title.lower() == "foo": send_keystrokes(input_mappings["foo"]) elif window_title.lower() == "closeapplication": break time.sleep(0.1) # Create and start the thread to monitor user input input_thread = threading.Thread(target=monitor_input) input_thread.start() # Keep the script running until the input thread is finished input_thread.join() I used ChatGPT to assist in writing this. Add as many input_mappings as you like. It will run in the background. Typing 'closeapplication' will make it shut down. You'll need to install pywin32 using pip install pywin32
  4. Aircrack can do what you require. Example; airmon-ng check kill airmon-ng start wlan0 airodump-ng wlan0mon Under the second section in the output, where the last column is 'Probe', you can see Station MAC addresses and the Probe is the name of Wi-Fi access points they are attempting to reach out for. For example, in the following image, the device with MAC BC:D1:1F:0A:6D:AE is attempting to reach out to a Wi-Fi access point with the ESSID of "JioFi2_D0A281". You could then create an 'Evil Twin' using Aircrack, with the same ESSID and no password, and hope that the device connects to it. Get close and boost the signal strength. Note that this will only work if the Probed-for ESSID is passwordless. If it has a password assigned (most will, of course), then your Evil Twin will need to have the same password. Looking out for something like 'McDonald's WiFi', 'BT Open' or 'Public' Probes may suggest an easily spoofed AP that is likely passwordless. If you need to create an Evil Twin with the same ESSID and password as the target's Probe's are looking for, you will need to find the Access Point, capture and crack it's password. Something like https://www.wigle.net/ may give you information on where a Wi-Fi AP is located, if it's name is unique enough. You can then go there, capture, crack and then re-locate the target device and set up an AP with the same ESSID and password.
  5. If it's something you want the target to click/load, https://iplogger.org/ will do this for you. There's an option, on creating the URL, that gives the target a message to confirm consent.
  6. Unaffiliated recommendation; TCM Security's courses are excellent, and only about $35 each - https://academy.tcm-sec.com/courses Start with "Practical Ethical Hacking - The Complete Course".
  7. You're going to have to be way more specific than that. Brute Forcing a login prompt? Cross Site Scripting? SQL injection? Bypassing 403? Specific architecture, such as Apache? Metasploit module assistance? ???
  8. Sounds like paranoia more than anything else. There's no way for you to know or confirm that data was taken from your device, unless the attacker specifically showed you the data they had gotten, so unless that's the case then this is 100% just paranoia. Retrieving data from an air-gapped machine, whilst possible, is insanely difficult and requires very specific equipment that is not available to the average Joe. It also requires extremely specific knowledge of the machine you are attacking and a sniper-precision hardware and payload creation. Unless you are a billionaire or hold the secrets to who killed JFK on your machine, I can guarantee that no one is targeting your air-gapped machine. Not plausible.
  9. If I wanted to do this, I'd use Python. Something like this; import os import requests from bs4 import BeautifulSoup def download_media(url, depth=0): # Set maximum depth if depth > 2: return # Request the page content response = requests.get(url) soup = BeautifulSoup(response.text, 'html.parser') # Create a directory for the current page's media page_dir = url.split('/')[-1] if page_dir == '': page_dir = 'index' if not os.path.exists(page_dir): os.mkdir(page_dir) # Download all images and videos for tag in soup.find_all(['img', 'video']): src = tag.get('src') if src is None: continue if 'http' not in src: src = url + src filename = src.split('/')[-1] filepath = os.path.join(page_dir, filename) try: response = requests.get(src) with open(filepath, 'wb') as f: f.write(response.content) print(f'Downloaded {filename} from {url}') except Exception as e: print(f'Error downloading {filename} from {url}: {e}') # Recursively download media from linked pages for link in soup.find_all('a'): href = link.get('href') if href is None: continue if 'http' not in href: href = url + href download_media(href, depth=depth+1) if __name__ == '__main__': url = input('Enter a URL: ') download_media(url) I used GPT to assist in writing the above. Prompts for a URL, then downloads media up to 3 levels deep.
  10. I feel a valid question might be "why?" I can foresee one of 2 scenarios; You have long term physical access to a target computer You only have a brief window for physical access to a target computer For scenario 1, you would just use that target computer. Why hook up another computer to it, simply for keystroke injection, when you can just use a keyboard plugged in as per a normal setup? For scenario 2, you would use a Rubber Ducky, because there's no reason for using something slower and more cumbersome like a second computer.
  11. Is that the literal script, or are you using functions? Note that variables within a function will not be available outside of a function unless set to global. Also, are you sure that's correct syntax? When setting a variable, I don't believe you place a $ at the beginning, only when you are calling it, so; VARIABLE = "blabla" echo $VARIABLE
  12. 0phoi5

    I'm new

    https://www.codecademy.com/ https://www.youtube.com/@theurbanpenguin https://academy.tcm-sec.com/p/python-101-for-hackers https://academy.tcm-sec.com/p/python-201-for-hackers https://academy.tcm-sec.com/p/rust-101
  13. 1.) "My Datatransfer was interupted and I can´t read my Data short I can´t open my Dataplate. I think I have a Cryptovirus or had a bruteforce attack before, because of that my key ist lost" makes absolutely no sense whatsoever, not just on a written language level, but also on a logical level. 2.) "have consulted a specialist that can´t help me, because his work lays nearly one year in his Storage without beeing over worked" also makes absolutely no sense whatsoever, not just on a written language level, but also on a logical level. 3.) New account, no previous reputation Ergo, I smell BS. Sorry, you won't get that kind of help here. If you want to try and crack in to other people's Bitlocker databases, try somewhere nefarious. This is not that place. You haven't lost your own Bitlocker access, because all excuses you gave are absolutely terrible.
  14. The idea of having a 'wide' antenna is the capture of data, via a higher chance of capturing the signal output from a distant radio source. So, yes, having two antennas is best, one either end. However, you can capture traffic with one antenna, your end, from a much smaller antenna the target end. You just might struggle to send data, such as keeping a shell open for example. Distance also matters. Having a large, wide antenna your end, say a mile/1.3km away, when they only have a standard WiFi hub would be OK for capturing a 4-way handshake for later cracking, but probably not good enough to keep a reverse shell open without issue. Get a little closer though, say 300 metres, and a wide antenna would be ideal. Now a 'Yagi' antenna is the opposite of the above. It is 'long' rather than 'wide', which means it's more suited for transmitting data, so great for reverse shell over long distance, but you might struggle to keep a connection open because the capture of signal back your way would be diminished. This is why a 'cantenna' exists; it's a little of both. A Yagi, one-directional signal is transmitted, but the 'can' captures a bit more of the wavelength coming back towards you and keeps it's signal bouncing around within the can for a moment, allowing the antenna to pick it up again more easily than not having a 'can'. There is a possibility of using both, and configuring the transmitting of data from a Yagi and the capture of data from a wide antenna. And none of the above comments take in to account the dBi of different shaped antennas, which again plays a role.
  15. For anyone that comes across this old thread, LoRaWAN is also an option, and has the capability of producing a shell between 2 RPis, for example.
  16. 00000100 is a disk I/O error code. It's picking up a disk/partition, but can't read it. I've had similar issues in the past where 1 disk/partition actually shows as 2; one OK and one corrupt/unreadable. Try unplugging all USB related items first and check if it disappears after one of them is unplugged. Then, try disconnecting your Hard Drive temporarily (just unplug it internally, but leave in situ) and booting from an external OS. See if the errored disk shows up then. You could even make the external OS a Linux one and use something like GParted to see if there are any unreadable partitions anywhere. Lastly, if it's not too much of a pain, try backing up your system, formatting your HDD and reinstalling everything. Sounds like a pain, but usually only 1-2 hours work nowadays.
  17. Hi all, Creating some monitoring scripts for a HP-UX environment, however I don't actually have direct access to the HP-UX environments to test the syntax. Does anyone know of a POSIX compliant Korn Shell distro, similar to HP-UX, that I can throw in to a VM and use for testing syntax? Thanks
  18. This is regards a HP-UX box. I have the following; #!/bin/bash # Exit script if program fails or an unset variable is used set -eu server="BLABLA" port="443" graceperiod_days="30" # Get expiry date of SSL certificate, in format 'Jan 31 11:59:00 2018 GMT' enddate="$(openssl s_client -connect "$server:$port" 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##')" # Get today's date in format DD-MM-YYYY todaysdate="$(date "+%d-%m-%Y")" echo "Today's date is $todaysdate" # Convert $enddate to format DD-MM-YYYY enddate_formatted=$(printf '%s\n' "$enddate" | awk '{printf "%02d-%02d-%04d\n",$2,(index("JanFebMarAprMayJunJulAugSepOctNovDec",$1)+2)/3,$4}') echo "Certificate expiry date is $enddate_formatted" # Compare expiry date with today's date if "$todaysdate" -ge "$("$enddate_formatted" - "$graceperiod_days")" then echo "$todaysdate is greater than $enddate_formatted. SSL certificate has expired!" elif "$todaysdate" -lt "$("$enddate_formatted" - "$graceperiod_days")" then echo "$todaysdate is before $enddate_formatted. Everything is OK!" else echo "ERROR"; fi As far as I can tell, this should work, however the output is; Today's date is 29-08-2018 Certificate expiry date is 21-07-2018 ./test[22]: 21-07-2018: not found. ./test[22]: 29-08-2018: not found. ./test[24]: 21-07-2018: not found. ./test[24]: 29-08-2018: not found. ERROR What's going wrong?
  19. https://paleoflourish.com/recipe-copyright/ "The general test for copyright protection is originality, and the original and creative portions of the work must be able to be separated from the utilitarian/functional aspects of the work." "Likewise, courts have generally ruled that recipes are functional and therefore not able to be copyrighted." "“[The] recipes’ directions for preparing the assorted dishes fall squarely within the class of subject matter specifically excluded from copyright protection by 17 U.S.C. § 102(b)."" etc. If it's your fair, then fair enough, you can stop people from using phones etc. But legally, generally, food recipes are not covered by Copyright and therefore any competitors have the right to attempt to make their own version. Besides, what's to stop someone taking a sample and analysing it easily anyway? You'd only have to look at a food sample under a microscope for a short while to work out all of it's ingredients. Or, what about people with really good memories? Are you going to ban them, in case they remember the recipe? A bit of logic is required here. Generally, food based companies rely on customer service, competitive pricing, location, advertising, cooking techniques, hiring really good chefs etc. to beat the competition, it's not possible to just blanket ban other companies from making the same food as you. Think about Pizza, Burgers, Fries; all the same concept.
  20. Agreed, however I said generally. Of course us techies know you can use things like macchanger to spoof your MAC, but I believe the OP was looking at 'normal' users, rather than unscrupulous individuals Apple phones, for example, do iterate through spoofed MACs when out in the wild, to stop access points in monitoring mode from tracing them, however when they actually connect to an access point, their real MAC address shows. I can confirm this via personal testing.
  21. Also, here's a nice text-only list of which companies own which OUIs: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf
  22. Generally they are only spoofed on most devices when they are not connected to an AP. As soon as they connect, they show their true MAC. Wikipedia actually covers quite a lot on this page; https://en.wikipedia.org/wiki/MAC_address
  23. Thanks all, I've ordered a Float Switch :) Hopefully be with me soon and then I'll start rigging her up.
  24. Hi all, I'm working on a project to track the water levels in a water butt in my garden. I plan on installing a DIY irrigation system, which will consist of a pump sitting in the water butt. As I don't want the pump to switch on when the water level is too low, to save it running dry, I wish to monitor the level of the water inside the water butt. I've researched around for the best method, but it's very difficult to judge which will work best and is most cost effective! So far, I've considered doing one of the following with a Raspberry Pi; A reed switch/sensor, with a magnet floating on the top of the water, inside a tube, in the water butt. When the magnet reaches a low point within the tube, the reed switch picks it up and trips. An ultrasonic sensor on the underside of the lid on the water butt 2 long metal rods, with current, sitting down to near the bottom of the water butt. When the current running between the rods drops, when the water goes lower than the tips of them, then a script will kick in. Any thoughts on these? Has anyone done anything similar or have any ideas? Thank you
  25. As Rkiver states, unfortunately you won't get much here. Pentesting over the internet, and not LAN/WAN is pretty much guaranteed to be nefarious. If you were pentesting for a company, with signed consent, you'd either be on their LAN/WAN or already have the details of how to attack from externally. Therefore, it's assumed you're trying to pentest someone you shouldn't. So no chicken dinner, sorry.
×
×
  • Create New...