0phoi5
-
Posts
702 -
Joined
-
Last visited
-
Days Won
20
Everything posted by 0phoi5
-
Thanks cooper, this helped. It lead me down an avenue, in which I discovered aircrack has the ability to do a 'chopchop attack' against WPA-TKIP. *edit* I also found this, which explains the attack process nicely. I think tonight I will be setting my router's security to TKIP and giving it a go Thank you.
-
Hi all, As the title suggests, I was wondering why WPA should be easier to crack than WPA2, and yet the process to crack them appears to be the same? The hash mode in Hashcat is exactly the same for WPA and WPA2, so surely they would take the exact same amount of time to break? Is there a quicker way to break WPA? I found http://www.aircrack-ng.org/doku.php?id=tkiptun-ng, but this appears to only be for WPA-TKIP, and doesn't look like a finished product. At the moment, are we doomed to cracking WPA using the same methods as WPA2? Thanks. -
Hi all, Does anyone know for definite whether the Ralink RT3070L chipset supports packet injection, for use with aircrack-ng? It's the chipset present in the ALFA AWUS036NH (The one with the green-tinge). Correction - That Alfa uses the RT3070, but I'm looking at the RT3070L chipset. I appear to be finding conflicting information across the web, or only finding results for the RT3070, not the L version. The aircrack-ng site doesn't appear to list the chipset. The last poster here seems to hint that it works fine. The RT3070 is listed here as good for wardriving, but it doesn't mention the RT3070L. Etc. Just need a definitive answer before I buy something that uses the RT3070L chipset and end up disappointed. Thank you.
-
Learn some programming / scripting languages, in particular Python, Ruby and C; https://www.codecademy.com/ Read through everything on Null Byte, from the start. Don't skip anything; http://null-byte.wonderhowto.com/ Read up on / follow some Pentesters; http://www.hackers-arise.com/ https://clymb3r.wordpress.com/ https://enigma0x3.net/ http://blog.harmj0y.net/ Come back when you've read all of the above, understood all of the above, and practiced all of the above. Enjoy.
-
Looks like a good possibility this was a similar attack. Found this, which explains the attack method nicely. Note that this states the emitter needs to be within close proximity to your key-fob, in this case less than 30cm. One simple method to discourage this type of attack would be to place your keys more than 30cm from your front door / front of the house. You could also place them inside something that blocks RF signals.
-
Multiple Ducky payloads will currently require different SD cards. Keep a store of cheap, low-memory SD cards and swap them out as required. The current Ducky does not have the ability to allow running of different scripts depending on some sort of user input. The only way you could achieve similar is to get the Ducky to download or create a script on the target PC, such as in Powershell or VBScript, and then run that. See here.
-
I'm not sure of the process for the Pineapple. You can use aircrack-ng or wifite. I won't explain the full process for capturing handshakes, you can find that easily enough on the above links. Once captured, use your favourite hash cracker (pyrit, hashcat, aircrack-ng). The standard passwords for these routers seem to be uppercase and numbers, 8 digits long. With a standard GPU, max 2 weeks to crack. I use hashcat. See here for instructions. *Edit* Please take the usual 'don't do anything illegal' comment in to account. Only crack your own equipment.
-
No idea what you're trying to do here. The Ducky is a keyboard. Plugging a keyboard in to a printer doesn't do anything, generally. *Edit* If you're trying to mount a Ducky inside a printer, to make it look like the USB port of the printer, so that any PC plugging in to the printer runs Ducky Script, then yes, you could fool someone in to doing this, but you would not be able to get the printer to also act as normal, unless you're a wizard at electronics. I guess anything's possible, but sounds like more effort than it would be worth. I'd try a different approach.
-
Damn, that looks useful. Much appreciated.
-
Cant get cred harvester to work outside of my ip, on backtrack5
0phoi5 replied to tankman's topic in Hacks & Mods
Ah, I see, an actual application called 'Cred Harvester'. Never used it myself. You appear to be using an outdated version. Do it the other way around. If you're not using the latest version of something, how do you know the issue you're experiencing isn't something that has been resolved? Install Kali. apt-get update. apt-get upgrade. Try again. Then come back when it fails. -
Thanks, good idea. It is Crunch, yes. I guess I was being lazy with asking this question, but I'm such a busy person! Next time I get a chance, I'll create a wordlist of all passwords between 0000 - 9999, run the following ... oclhashcat [...] ?d?d?d?d oclhashcat [...] numbers.txt crunch [...] | oclhascat [...] ... and let you guys know the results / which is fastest. Just need to find some spare time, which is easier typed than done!
-
I'd look closely at the YubiKey. Having passwords stored as plain-text on a USB (Rubber-Ducky or not) sounds like a terrible idea.
-
Cant get cred harvester to work outside of my ip, on backtrack5
0phoi5 replied to tankman's topic in Hacks & Mods
Going to need way more information than that buddy. What is this cred harvester of which you speak? Python? C? Meterpreter? Is your 'friend/victim' on the same system as you? Are they open to the same vulnerabilities? 'The web page does not load'? This could mean anything. What exactly happens? -
Hi all, Perhaps someone here has tried this and is able to advise? Say my password was a combination of lowercase letters of 8 digits. Using OCLHashCat, would it be faster to Brute Force using ... oclhashcat --hash-type [TYPE] file.hccat ?l?l?l?l?l?l?l?l ... or, would it be faster to use a wordlist, with all of the combinations of 8 lowercase letters in it ... oclhashcat --hash-type [TYPE] file.hccat wordlist.dic ... ? This is not taking in to account the time spent to generate the wordlist, or the size. Let's say that's already covered. *edit* I assume the wordlist would be slightly faster, based on there being one less step per password for the GPU to have to compute, but I guess what I'm trying to get at is whether it's a noticeable difference? Are we talking shaving only minutes or hours off, or could this potentially save days? Thank you.
-
Yep, that's sounds like an attack. I doubt they'll come back now, though. I was going to suggest a hidden camera pointing at your car, but I doubt they'll come back after that attack. They'll move on to another street in another town probably. If they do come back, they're idiots.
-
Hi all, I'm interested in going down the route of Unix Administrator, in particular HP-UX. I'm semi-decent in Linux anyway, having used Kali / Debian lots. I also work in IT so have good general knowledge I've purchased myself Essential System Administration: Tools and Techniques for Linux and Unix Administration and HP Certified Systems Administrator - 11i V3, 3rd Edition for study. Any other tips for learning Unix Administration? I'd love to get my hands on a practice HP-UX environment that I can use from home, but I haven't had any luck in finding one. Does anyone know of a practice environment for HP-UX or similar that I can use to teach myself the everyday workload of a Unix Admin? Thanks.
-
Citation needed...
-
Why re-invent the wheel? Doesn't NetDiscover do this? *edit* Also, nmap!
-
Most social media sites won't allow you to gather any IP addresses from the 'other side', you'll just end up with the social media platform's IP. Personally, I'd speak to them, first. The only other way you'd gather anything would be social engineering or Google-Fu.
-
If you're enjoying Pokémon GO, don't forget about Ingress. It's a very similar game, but it's about hacking. And it's awesome. Kind of like playing Watch Dogs in RL
-
Often, people don't realise the trail that malicious attackers can follow from even the simplest titbit of information. As an example, one of my friends recently had issues with an ex bf which concluded in her moving address. She posted that she had moved on social media, nothing more. However, knowing the guy was IT savvy and a bit of a psycho stalker, I advised of the security implications of posting this. My friend unfortunately didn't see the issue. So, I showed her. From the post being in Jan of 2014, one could deduce the approximate time my friend moved house. Her ex knew she had a lot of family and friends in the area, and wasn't moving jobs, so he was likely to work out she was staying in the same town. He knew her previous address, so I did an internet search and good-old Zoopla advised of the date her previous house was sold, Dec of 2013. From this, I did a further search for houses purchased in the same town during Dec of 2013, and lo-and-behold, only one was. And guess which one? Yep, the one my friend had moved to. With the full address. She then deleted the post saying she'd moved house and thanked me for pointing it out Just goes to show, a tiny bit of information can lead down a very long rabbit hole, even if the information itself seems harmless or 'giving nothing away'. And getting her full, new address took me less than 15mins. The internet is both amazing and scary! *edit* And a phone number? Don't even get me started with what could be done with a phone number! People should stick to giving personal information in person, not online.
-
Hi all, I'm using an Alfa AWUS036h with a 7dbi directional. I would have thought, through general reading-up, I would have gotten around 100-200 meters worth of distance with these. However, it's only picking up access points up to around 70m away, and I tried connecting to my WiFi from only 42m away and it fails to connect, even though it sees the access point. The line-of-sight is only broken by one exterior wall. TX power is currently out-of-the-box at 24 dBm. Most of the access points have worse-than-I-would-have-hoped-for signal strength, with most being worse than -60 PWR, even for access points that are less than 30m away! Any thoughts on how to improve this / why this happening? Thanks.
-
I tend to prefer OCLHashCat. GPUs are much faster at cracking than most CPUs now, plus it has nice commands. Note that it's normal for a 12 character AZ-09 wordlist to be a fairly large size on-disk and take a long time to run through (could be a few weeks to a few months). The best bet for WPA/2 cracking is to find the make/model of the router (aircrack can normally tell you this on it's own), and use your Google-fu to find out the default password standard for the hub you are attacking. If you suspect the person has amended the password, you'll need to use recon and social engineering to get at least an idea of passwords they might use. They like leather? Try 'BDSM' in the password. Etc. Not all WPA/2 passwords are crackable in a reasonable amount of time. If all else fails, or you can't wait the couple of months it might take to crack, try a different angle. Social engineer them some more. Call them, pretend to be the manufacturer of their hub. Maybe there's a recall on their model? Or perhaps you're doing a door-to-door survey of the types of hubs people are using and take the opportunity to glance at the password whilst checking which hub they own. In rare cases, you may even find the hub viewable through a window. I've seen that stupidity before! Think outside the box
-
Interesting workaround, thank you. I'll have to have a play with this.
-
I see, so I'd need to make the script in 2 different languages, but the computer the CD is inserted in to would load a different partition, with the appropriate script in?
