-
Posts
702 -
Joined
-
Last visited
-
Days Won
20
Posts posted by 0phoi5
-
-
9 hours ago, Joe2525 said:
I'm working in a city environment [..] i want a range of 5-10 Km
You're going to struggle to get that in a city environment with Wi-Fi wave lengths, unless you're on top of a tall building.
You're probably best off researching a way to use a much lower frequency signal, such as the 800mhz range, and use something on either end of that to convert back in to Wi-Fi.
-
Does Kismet have the ability to create a 'heatmap' of Wi-Fi signal strength, or is there any applications that Kismet data can be imported to, in order to create a visual heatmap?
-
13 hours ago, aka said:
HI,
sorry to disturb you, since you have more experience on using hashcat. can you give at aleast an average config to decrypt wpa.
i'm little confused with interface, wordlist, hybrid, bruteforce etc...
i used hascat v4.1.0, and gui v1.00rc3
Most of the time, you'll want to go for a Mask Attack.
Using Windows CMD, this would be something like;
oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1
(run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times)
The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers.
You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use;
-1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2
Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack;
oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt
I go in this order;
- Dictionary attacks, using the smallest/quickest dictionary first and the slowest last
- Mask attack using likely default password layout
- Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits
- Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig.
- 1
-
10 minutes ago, b0N3z said:
probably because beer lol
Ha no worries. I'll have to have another play this weekend
-
I use AWUS036H's myself, but as others have pointed out previously, this only works on 2.4ghz APs, not 5ghz.
Not a major issue at the moment, but going forwards in time, it may be that more APs are 5ghz. Maybe not.
-
If you have about £400 / $550 dollars available, you can do this;
https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/
Pentesting platform for GSM, as well as a proxy for a real GSM if that's what you want it for.
-
2 hours ago, b0N3z said:
i loaded the pcap into wireshark and exported the handshake only
Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack?
Thank you.
-
-
2 hours ago, b0N3z said:
I cant remember the website as I spent an entire day messing with it and havent really touched it since.
- 1
-
Loads of experience here.
Personally, aircrack-ng and oclHashCat are the way to go.
No need for 3. Those 2 do it better than anything else I've come across. Aircrack for grabbing the handshake, HashCat for cracking it using GPU (fastest method I've come across).
-
-
Sorry, you're going to have to be more articulate with your question(s) before we can help. Not certain what it is that you require.
-
Everyone's got to start somewhere. No one goes from zero to hero in an instant.
In the same way that any online game player will start as a 'n00b' and become pro with time, so then most hackers begin as Skiddies and become pro.
Just keep it to that though; no acting like a Skiddy (trolling, asking stupid questions, not taking the time to learn things properly).
-
On 6/8/2018 at 10:42 PM, i8igmac said:
2.4ghz = dropped packets or packet loss.
The more distance the more interference.
With 5.8ghz I can achieve almost" the same distance.
I can achieve 20 Times the download speed and completely eliminate packet loss... a long distance and long term stable connection.
2.4ghz. At the same distance, identical parabolic 2x2 mimo design. completely identical setup. 2.4 will crawl on the floor and deauthenticate every 5 minutes.
if you have the experience or knowledge to agree with the above. Do share plz
You're committing a bit of an anecdotal fallacy there.
Actually physics will confirm you're incorrect. 2.4ghz will always reach further than 5ghz, as per the wavelength. It will also always punch through objects better, as per the wavelengths.
Potentially, yes, it can lose more packets than 5ghz, due to the nature of longer distances equalling a higher possibility of this happening, but certainly not to the extent you are experiencing, generally. I agree with barry, there must be a reason for this interference, and it isn't the fact that the signal is 2.4ghz.
-
On 4/12/2018 at 4:37 PM, i8igmac said:
2.4 is obsolete.
Wow, definitely not.
It's slower, but much better at distance and punching through objects.
-
On 5/29/2018 at 1:19 AM, Dave-ee Jones said:
if I ran a website on a Pi (or even my phone) then I could have buttons on the website that did things like change the IP of the device, launch an app or a service and view RAM/CPU usage.
Regarding the above, just wanted to clarify; why use PHP? It appears you want to create and use a HTML GUI client-side, but PHP is a server-side language.
You'd probably be better with a client-side language such as JavaScript, VBScript, etc.
-
29 minutes ago, Just_a_User said:
That. Is. Perfect.
Literally couldn't have imagined it more spot-on :')
-
They'll Big Brother the whole thing, stick adverts everywhere, remove anything they deem a 'threat' to their precious OS (removal of Windows exploits wouldn't surprise me) and use it to monitor everyone. The usual Microsoft stuff.
Personally, I'd go elsewhere.
-
What are the contents of the ophcrack.txt file?
-
Couldn't you literally just generate a variable consisting of random digits and pipe that to a script that reaches out to a URL to check if it's alive
etc...
Could compute thousands of these a second.
-
Personally, I'd go for a big, plastic hobby box and some silicon sealant.
-
I don't like the sound of that. I can see them pulling down loads of pentesting-related code, unjustly. Maybe I'm wrong.
-
-
On 6/2/2018 at 5:14 PM, Skull_Script said:
I'm using just an old 16gig flash drive that I had laying around, and then I am going to be making it mainly in batch
Do you know what controller the USB stick uses? In order to flash a USB stick to be recognised as a HID, it needs to have a very specific build.
Long rang hacking
in Hacks & Mods
Posted · Edited by haze1434
The maximum distance I personally have managed with a simple Yagi antenna (like this) was 1 mile (1.3km).
Wi-Fi isn't really designed for the distances you are thinking about, unless you are willing to go the DIY route.
You could probably get 1-3 miles with this, I doubt any further. And I'm talking line-of-sight here, not through multiple buildings. Through buildings, you'd get a few hundred yards, not miles. This can only be mitigated by sending the signal above the buildings.
People who manage further are pretty much guaranteed to be hobbyists that have DIY'd their own Wi-Fi rigs.
It's all about frequency; Wi-Fi is too high of a frequency to travel long distances, hence suggesting using around the 800mhz range above and converting the signal on either end with an RPi / Arduino / etc connected to shorter distance Wi-Fi antennas. The ProxyHam is an exact example of this.