[Linset or Fluxion on a smartphone?]

I've had success with Fluxion on an RPi, in a pocket, and SSH to it with a 'PwnPhone'. Works great.

[Poor Man's Ducky]

What hardware are you going to be using?

[Can i run a payload(meterpreter) on android with rubber ducky]

The Ducky is simply a HID emulator. You'd basically need to know exactly what keyboard shortcuts do what on the specific phone you want to attack.

Plug an actual keyboard in to the android device (or Bluetooth on to it) and experiment with the keys, to work out which ones do what.

Then, play around with the best method to do what you want to achieve; pressing a series of buttons on the 'keyboard' until you navigate around on the phone and do what you need to do. Copy this same key press series to a Ducky script. You can buy USB to Micro USB adapters to then plug the ducky in to the victim phone.

Honestly though, I think a Rubber Ducky to attack an Android phone is probably not the best method. Perhaps a fake AP or Bluetooth attack would be better.

[Target Machine drops connectivity when i run arpspoof against it]

What does it act like on other devices, other than iOS ones? At least then you can start to narrow down if it's an iOS thing. Could be they have inbuilt security measures to spot ARP spoofing, although I'd have to research to confirm.

[Hacker EDC? defcon EDC? every day carry?]

On ‎5‎/‎28‎/‎2018 at 6:36 AM, Alt3ma said:

why lock picks ? , i drink alot of energy drinks , sometimes 6 day as im a tradesman and most of the time bathrooms that are nere were i am working are closed after hours so i like to be able to shit in a toilet and not in the grass. 

Literally the best lockpick 'excuse' I've ever read.

[Can i run a payload(meterpreter) on android with rubber ducky]

2 hours ago, HackerofTR said:

@barry99705 i mean having the target pls help

Sorry, the context of your English isn't too clear here. Do you;

a.) wish to attack an Android device using Meterpreter, using another device as the attack platform (https://null-byte.wonderhowto.com/how-to/create-persistent-back-door-android-using-kali-linux-0161280/)

b.) wish to use the Android device as the attack platform? (https://www.kali.org/tutorials/kali-linux-android-linux-deploy/)

[Any RDP Cracker in the house?]

The only (bodge-job) method I ever managed was;

• Create SendKeys based VBScript to press 'yes' on a Remote Desktop Connection approval pop up
• Copy VBScript to target machine
• Create Scheduled Task on target machine, to run as logged in user, using PSEXEC, to run the above VBScript.
• Send a Remote Desktop Connection request just before the above runs.
• Profit.

This does require some pre-requisites, such as an admin account credentials.

[how to hack OTP site]

https://hashcat.net/wiki/doku.php?id=example_hashes

 

Not a recognisable hash. I would say it's one of their own making. You'd need the code from the other side (Java by the looks?) to see what happens with that 'hash' after the HTML form.

[Not a hacker, need help.]

I would;

• Contact the Police and give them as much information as possible.
• Contact Instagram Customer Support with details of the previous account names the culprit has used and quote to them the Police contact details and case number, so that they can pass along details of the phone numbers/email addresses used to sign up with. Hopefully from this the Police will have some evidence of your ex or someone associated with them setting the accounts up.

[Hacker EDC? defcon EDC? every day carry?]

On ‎5‎/‎14‎/‎2018 at 7:25 AM, Dave-ee Jones said:

Yeah, I know my bag is getting a bit too full. It's a this-would-be-really-useful-but-the-scenario-that-it's-useful-in-only-happens-twice-in-a-lifetime scenario, but I don't want to remove them from my bag ? 

This. Then you come across the I-need-the-thing-I-only-removed-from-my-bag-2-days-ago-because-i-never-used-it scenario

[Smartwatch hacking]

On ‎4‎/‎30‎/‎2018 at 3:37 AM, joyce_mor said:

Is that even possible? I don't think it is appropriate to do that. 

Under UK law (and likely most other places), if you purchase a device and it is owned by you, you can do what you like with it, including hacking it.

Hacking other people's devices without written permission is inappropriate. Hacking your own devices is fine (and fun).

[linux distro for pen testing]

Parrot is better than Kali, IMO, however Kali is more widely supported and used in tutorials.

[ReVdK3-r1]

So it might be failing on the following line (259);

while [[ "$MDK3_MAIN_MENU_OPTION" != @(1|2|3) ]]; do

 

After it fails, can you echo $MDK3_MAIN_MENU_OPTION?

If it isn't set to 1, 2 or 3, the script will hang here indefinitely, as the writer hasn't added an 'else'.

 

Scratch that, sorry. It's stating if the option isn't one of those.

Between line 256 and 278, can you add an echo between each line? e.g; echo 1, echo 2 echo 3....

That way, you can see which echo is the last to show up before the script ends.

[ReVdK3-r1]

You need to narrow down the exact line in the script that it fails/ends on.

What's the last output that you see on your screen before the terminal closes?

[[PowerShell] - Why does this script generate spaces between every character of a password?]

Thanks matey. Nice one-liner! Much appreciated.

[Linux]

How far does the machine boot? Does it get as far as starting the SSH deamon, so you can get to the file system that way?

[ReVdK3-r1]

Have you tried pressing y then enter?

[ReVdK3-r1]

4 minutes ago, ForgedInception said:

The terminal does not close after inputing -p ? Thanks

I'm confused. You advised earlier that the terminal closes after you press return/enter on the line "Are you satisfied with this configuration? if not,  input 'r' and you will be returned to Reaver's Configuration Wizard:". Does it close or not? I thought that was the issue?

 

5 minutes ago, ForgedInception said:

how can i add an echo message?

If you are uncertain how to do a simple thing like adding an echo/Write-Host message, it's probably not a good idea to try and work with a long, complicated shell script. You should learn basic PowerShell before continuing.

[ReVdK3-r1]

Can you add an echo message just before and after the 'done' and the 'clear' lines?

That way, you can narrow down which lines successfully run and therefore work out where the script stops.

[Not receiving items booked through Hak5 store]

Hak5 are a good bunch of guys n gals. I think this is a case of impatience.

In an era of Amazon next-day-delivery, too many people assume instant service from every supplier. This is not how life works.

Please also note that these are not necessarily 'off-the-shelf' items. When you order stuff on Amazon, it's already been made by someone else and is in a warehouse ready to be shipped. Hak5 design, build and ship their own bespoke products.

Patience is a virtue.

[[PowerShell] - Why does this script generate spaces between every character of a password?]

Hi all,

I am using the following;
 

Quote

 

Do {

$password = $null

$characters = ‘abcdefghkmnprstuvwxyzABCDEFGHKLMNPRSTUVWXYZ12346789!£$%^&*()?’

$random = 1..10 | ForEach-Object { Get-Random -Maximum $characters.length }

$password = [String]$characters[$random]

} Until ($password -match "[0-9]")

 

 

This outputs passwords with spaces in-between every character, for example "P ! A r g k X 7 n g".

I want the password to have no spaces, for example "P!ArgkX7ng".

I can achieve this by using the following;

Quote

$password_nospace = ($password -replace "\s","")

However I'm pretty sure I'm doing something wrong in the above to make the password produce with spaces in it?

Thanks.

[ReVdK3-r1]

I would assume 'done' or 'clear' are closing your terminal, unsure why though.

[ReVdK3-r1]

For other's info, this is the script and the below is the lines directly after the 'Are you satisified with this configuration?' bit.

https://github.com/0x90/wps-scripts/blob/master/ReVdK3-r1.sh

 

read -p "Are you satisified with this configuration? if not, input 'r' and you will be returned to Reaver's Configuration Wizard": SATISFIED_OPTION;

done

if [ -e /etc/reaver_tmp.txt ]; then

rm -f /etc/reaver_tmp.txt

fi

if [ -e /etc/aireplay_tmp.txt ]; then

rm -f /etc/aireplay_tmp.txt

fi

clear

 

[Parrot OS - Nvidia Laptop]

On ‎4‎/‎21‎/‎2018 at 10:12 AM, PixL said:

I have a laptop with an Nvidia 1050 GPU, i've tried to install quite a few Linux distributions and have failed to get my GPU working with all of them except Mint Linux... that picked it up automatically and just worked...so i've been sing that for a while.

I would like to use Parrot OS but none of the online tutorials i've found actually get the GPU working, has anyone got any experience?

Unfortunately Parrot / a lot of Linux distros initially recognise the on-board graphics card, rather than any added GPU.

I've come across tutorials previously online, doing a search maybe try one of the following. I think they call it 'GPU passthrough' if you need to search Google;

https://medium.com/@dubistkomisch/gaming-on-arch-linux-and-windows-10-with-vfio-iommu-gpu-passthrough-7c395dde5c2

https://www.reddit.com/r/linuxmasterrace/comments/2z30dq/gpu_passthrough_or_how_to_play_any_game_at_near/

Be aware that I don't believe you can get the full graphic card's potential released through passthrough though. You'll lose some of the computational power from Linux having work out how to use the GPU.

[Smartwatch hacking]

4 hours ago, Dave-ee Jones said:

1. Network Scanning on the go (assuming the watch had WiFi)
   1. This would mean I could just look at my watch, hit 'Scan' and start scanning the network as I'm doing something else, not needing to hold a phone or anything like that.
   2. More inconspicuous.
   3. Could just start a service on your phone and grab data from your phone, making your phone do all the hard work while you monitor it on your watch. Harder, but makes more sense.

 

Already done this;

• RPi with Parrot / Kali installed, in a backpack / pocket.
• Install Raspberry SSH on your phone.
• Raspberry SSH works with Android smart watches, so you'll get any created buttons show up on your watch.
• Buttons = Send any command to the RPi. Create a button to start a BASh script.
• Profit.