Jump to content

0phoi5

Dedicated Members
  • Posts

    702
  • Joined

  • Last visited

  • Days Won

    20

Posts posted by 0phoi5

  1. I can only assume that when you connected to her WiFi, you were actually connecting to a Man-In-The-Middle access point, like a Raspberry Pi. Quite easy to do. She then set it up to forward traffic between your phone and the real WiFi access point, picking up anything in-between with tools like Wireshark. I doubt she would be able to read text messages, as that would involved a Femtocell, which is more complex and highly illegal. She's likely over-exaggerating about that, seeing your internet traffic would be enough to work out the topics you were researching.

  2. The quickest way to crack a WiFi password is to know it's standard before attempting, otherwise you'll be waiting for weeks, months or even years.

    See my old post below. Most of it will still be relevant, although obviously you should go and do your own research about the likely keyspace.

     

  3. I would use Python for this, something like;

    import threading
    import time
    import win32gui
    import win32api
    import win32con
    
    # Define the text inputs and their corresponding completions
    input_mappings = {
        "hello": " world",
        "goodbye": " cruel world",
        "foo": " bar"
    }
    
    # Function to send key strokes
    def send_keystrokes(text):
        for char in text:
            win32api.SendMessage(win32con.HWND_CURRENT, win32con.WM_CHAR, ord(char), 0)
            time.sleep(0.05)
    
    # Thread function to monitor user input
    def monitor_input():
        while True:
            window_title = win32gui.GetWindowText(win32gui.GetForegroundWindow())
            if window_title != "Python":
                # Listen for specific text inputs
                if window_title.lower() == "hello":
                    send_keystrokes(input_mappings["hello"])
                elif window_title.lower() == "goodbye":
                    send_keystrokes(input_mappings["goodbye"])
                elif window_title.lower() == "foo":
                    send_keystrokes(input_mappings["foo"])
                elif window_title.lower() == "closeapplication":
                    break
            time.sleep(0.1)
    
    # Create and start the thread to monitor user input
    input_thread = threading.Thread(target=monitor_input)
    input_thread.start()
    
    # Keep the script running until the input thread is finished
    input_thread.join()

    I used ChatGPT to assist in writing this.

     

    Add as many input_mappings as you like.

    It will run in the background. Typing 'closeapplication' will make it shut down.

    You'll need to install pywin32 using pip install pywin32

  4. Aircrack can do what you require.

    Example;

    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon

    Under the second section in the output, where the last column is 'Probe', you can see Station MAC addresses and the Probe is the name of Wi-Fi access points they are attempting to reach out for.
    For example, in the following image, the device with MAC BC:D1:1F:0A:6D:AE is attempting to reach out to a Wi-Fi access point with the ESSID of "JioFi2_D0A281".

    wifi1.png

     

    You could then create an 'Evil Twin' using Aircrack, with the same ESSID and no password, and hope that the device connects to it. Get close and boost the signal strength.
    Note that this will only work if the Probed-for ESSID is passwordless. If it has a password assigned (most will, of course), then your Evil Twin will need to have the same password. Looking out for something like 'McDonald's WiFi', 'BT Open' or 'Public' Probes may suggest an easily spoofed AP that is likely passwordless.


    If you need to create an Evil Twin with the same ESSID and password as the target's Probe's are looking for, you will need to find the Access Point, capture and crack it's password. Something like https://www.wigle.net/ may give you information on where a Wi-Fi AP is located, if it's name is unique enough. You can then go there, capture, crack and then re-locate the target device and set up an AP with the same ESSID and password.

  5. On 6/6/2022 at 7:22 AM, Miloš said:

    Hello guys, 

    I know this topic is old, but I'll give it a try. Someone at the start of the topic said that long-range hacking could be done if you get a yagi antenna. But in that case we would need two yagi antennas, right? One at our place, and one at victim's place? Otherwise, we'd basically have one way communication, and how useful can that be? The solution to have a yagi antenna near the victim doesn't sound real.

    Sorry if I didn't get something right, I just had to ask to see if I'm missing something. 

    The idea of having a 'wide' antenna is the capture of data, via a higher chance of capturing the signal output from a distant radio source.
    So, yes, having two antennas is best, one either end. However, you can capture traffic with one antenna, your end, from a much smaller antenna the target end. You just might struggle to send data, such as keeping a shell open for example.

    Distance also matters. Having a large, wide antenna your end, say a mile/1.3km away, when they only have a standard WiFi hub would be OK for capturing a 4-way handshake for later cracking, but probably not good enough to keep a reverse shell open without issue. Get a little closer though, say 300 metres, and a wide antenna would be ideal.

    Now a 'Yagi' antenna is the opposite of the above. It is 'long' rather than 'wide', which means it's more suited for transmitting data, so great for reverse shell over long distance, but you might struggle to keep a connection open because the capture of signal back your way would be diminished.

    This is why a 'cantenna' exists; it's a little of both. A Yagi, one-directional signal is transmitted, but the 'can' captures a bit more of the wavelength coming back towards you and keeps it's signal bouncing around within the can for  a moment, allowing the antenna to pick it up again more easily than not having a 'can'.

    There is a possibility of using both, and configuring the transmitting of data from a Yagi and the capture of data from a wide antenna.

    And none of the above comments take in to account the dBi of different shaped antennas, which again plays a role.

  6. 00000100 is a disk I/O error code. It's picking up a disk/partition, but can't read it.

    I've had similar issues in the past where 1 disk/partition actually shows as 2; one OK and one corrupt/unreadable.

    Try unplugging all USB related items first and check if it disappears after one of them is unplugged.

    Then, try disconnecting your Hard Drive temporarily (just unplug it internally, but leave in situ) and booting from an external OS. See if the errored disk shows up then. You could even make the external OS a Linux one and use something like GParted to see if there are any unreadable partitions anywhere.

    Lastly, if it's not too much of a pain, try backing up your system, formatting your HDD and reinstalling everything. Sounds like a pain, but usually only 1-2 hours work nowadays.

  7. This is regards a HP-UX box. I have the following;

     

    #!/bin/bash

    # Exit script if program fails or an unset variable is used
    set -eu

    server="BLABLA"
    port="443"
    graceperiod_days="30"

    # Get expiry date of SSL certificate, in format 'Jan 31 11:59:00 2018 GMT'
    enddate="$(openssl s_client -connect "$server:$port" 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##')"

    # Get today's date in format DD-MM-YYYY
    todaysdate="$(date "+%d-%m-%Y")"
     echo "Today's date is $todaysdate"

    # Convert $enddate to format DD-MM-YYYY
    enddate_formatted=$(printf '%s\n' "$enddate" | awk '{printf "%02d-%02d-%04d\n",$2,(index("JanFebMarAprMayJunJulAugSepOctNovDec",$1)+2)/3,$4}')
     echo "Certificate expiry date is $enddate_formatted"

    # Compare expiry date with today's date
    if "$todaysdate" -ge "$("$enddate_formatted" - "$graceperiod_days")"
             then echo "$todaysdate is greater than $enddate_formatted. SSL certificate has expired!"
     elif "$todaysdate" -lt "$("$enddate_formatted" - "$graceperiod_days")"
             then echo "$todaysdate is before $enddate_formatted. Everything is OK!"
     else
      echo "ERROR"; fi

     

    As far as I can tell, this should work, however the output is;

     

    Today's date is 29-08-2018
    Certificate expiry date is 21-07-2018
    ./test[22]: 21-07-2018:  not found.
    ./test[22]: 29-08-2018:  not found.
    ./test[24]: 21-07-2018:  not found.
    ./test[24]: 29-08-2018:  not found.
    ERROR

     

    What's going wrong?

  8. https://paleoflourish.com/recipe-copyright/

    "The general test for copyright protection is originality, and the original and creative portions of the work must be able to be separated from the utilitarian/functional aspects of the work."

    "Likewise, courts have generally ruled that recipes are functional and therefore not able to be copyrighted."

    "“[The] recipes’ directions for preparing the assorted dishes fall squarely within the class of subject matter specifically excluded from copyright protection by 17 U.S.C. § 102(b).""

    etc.

     

    If it's your fair, then fair enough, you can stop people from using phones etc. But legally, generally, food recipes are not covered by Copyright and therefore any competitors have the right to attempt to make their own version.

    Besides, what's to stop someone taking a sample and analysing it easily anyway? You'd only have to look at a food sample under a microscope for a short while to work out all of it's ingredients.

    Or, what about people with really good memories? Are you going to ban them, in case they remember the recipe?

     

    A bit of logic is required here. Generally, food based companies rely on customer service, competitive pricing, location, advertising, cooking techniques, hiring really good chefs etc. to beat the competition, it's not possible to just blanket ban other companies from making the same food as you. Think about Pizza, Burgers, Fries; all the same concept.

  9. 7 hours ago, Dave-ee Jones said:

    I hate to say it but I don't think this is correct..

    The AP can only see what your phone is programmed to send with it's connection broadcast.

    I've spoofed my own MAC many times, usually with a randomiser for each WiFi. There would be no point randomising your MAC for every WiFi network you connect to if it only broadcasts the true MAC.

    Agreed, however I said generally. Of course us techies know you can use things like macchanger to spoof your MAC, but I believe the OP was looking at 'normal' users, rather than unscrupulous individuals :ph34r:

    Apple phones, for example, do iterate through spoofed MACs when out in the wild, to stop access points in monitoring mode from tracing them, however when they actually connect to an access point, their real MAC address shows. I can confirm this via personal testing.

  10. Hi all,

    I'm working on a project to track the water levels in a water butt in my garden.

    I plan on installing a DIY irrigation system, which will consist of a pump sitting in the water butt. As I don't want the pump to switch on when the water level is too low, to save it running dry, I wish to monitor the level of the water inside the water butt.

    I've researched around for the best method, but it's very difficult to judge which will work best and is most cost effective! So far, I've considered doing one of the following with a Raspberry Pi;

    • A reed switch/sensor, with a magnet floating on the top of the water, inside a tube, in the water butt. When the magnet reaches a low point within the tube, the reed switch picks it up and trips.
    • An ultrasonic sensor on the underside of the lid on the water butt
    • 2 long metal rods, with current, sitting down to near the bottom of the water butt. When the current running between the rods drops, when the water goes lower than the tips of them, then a script will kick in.

     

    Any thoughts on these? Has anyone done anything similar or have any ideas?

    Thank you

  11. As Rkiver states, unfortunately you won't get much here.

    Pentesting over the internet, and not LAN/WAN is pretty much guaranteed to be nefarious. If you were pentesting for a company, with signed consent, you'd either be on their LAN/WAN or already have the details of how to attack from externally.

    Therefore, it's assumed you're trying to pentest someone you shouldn't. So no chicken dinner, sorry.

    • Like 1
  12. 3 hours ago, Kajo said:

    anyone tried how it works?

    We'll need more information.

    Searching online, there's quite a few things 'netman' could be. Link?

    Also, please advise what you are looking for; are you getting an issue with it? Are you looking for advice on how to do something in particular? Are you looking for resources to learn how to use it?

  13. On ‎7‎/‎13‎/‎2018 at 6:40 PM, elkentaro said:

    Why not keep it simple and use a lte mifi spot or GSM modem and have the pineapple setup a reverse ssh pipe to a server online. That way you can connect to it from anywhere...

    :ohmy: Completely forgot GSM. Woods from the trees n' all that. This would be a very good idea also, yes.

    I guess my above post could work in the wilderness where there was no GSM available.

  14. Wi-Fi Camera > RPi set up to forward all traffic, using MACChanger to spoof it's MAC > Your Wi-Fi AP

    As long as the software thinks the RPi is actually your camera, this should work. You'll have to scan the camera for all the ports that it uses and make sure that all of these are open on the RPi and being forwarded.

  15. I've been toying with this idea for a while, but have yet to buy a Sonnet and so am uncertain if it would work (note the arrow directions)...

    Attack Box  >  Wi-Fi connection  >  Sonnet     > > > > >     Sonnet  <  Wi-Fi Connection  <  RPi  >  Wi-Fi Connection  >  Target AP

    In theory, if the Sonnet allows this correctly, you could connect over a long distance, however the throughput would be pretty slow. OK for terminal though.

  16. Just had to mention hackthebox.eu

    An excellent website for practicing pentesting; real-time, hackable machines of various skill levels and types.

    You can sign up for a free account, or pay £10 a month for an upgrade. Well worth it.

    The free account gives you access to almost everything, the upgrade is just to improve server availability and the hardware you are hacking against, speeds up the process a bit, but you don't have to pay if you don't wish.

    As a side note; to sign up, you have to hack your way in! (hackthebox.eu/invite) :ph34r:

  17. 13 hours ago, Joe2525 said:

    Ok back to tge main question what is the best range i can get in this situation? 

    Very circumstantial, based on how large the buildings are and the materials the walls/windows etc. are made from.

    You're likely to be able to penetrate 2-3 of these building, but certainly not 10. You defiantly need to either;

    • Get higher, so the signal travels over these buildings
    • Use a much lower frequency for the signal than Wi-Fi (LoRa, mobile network etc.)
    • Get closer.
  18. 15 minutes ago, Joe2525 said:

    So my best choice for now is a yagi antenna so is it best for me to use with alfa or the pineapple nano? 

    Note: the network that I'm aiming to catch for now is 800-900 meters away from me.

    Is it line-of-sight, or through objects? If through buildings/trees etc, could you give us an indication of how much is between you and the Wi-Fi?

×
×
  • Create New...