Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


1 Follower

About haze1434

  • Rank
    Hak5 Ninja

Profile Information

  • Gender

Recent Profile Visitors

2,820 profile views
  1. Firewall Breach

    This. Sorry, I don't believe for a moment that you aren't allowed to confiscate it. Schools are well within their rights to confiscate mobile phones, knives, and anything else them deem unsafe, inappropriate or a breach of their rules. The Rubber Ducky falls within this.
  2. Insib.vbs

    Ah yes, thanks kdodge. It's always those pesky quotation marks. Anonymous; Be aware that when you copy-paste scripts from web pages, some characters (in particular, and in this case, quotation marks) don't paste as the same encoding. If it's a one-liner/short bit of code, you're best to type it out manually rather than copy-paste. That way, you'll find it will be the right encoding and with the added bonus that it helps commit it to memory better.
  3. Hashcat mask/rules?

    I use a GTX 970 from Palit; I'm mainly a gamer, rather than using it for Pentesting, but it slowly does the job for less than £300 ($400).
  4. Insib.vbs

    Edit your invis.vbs file and check; Does it read exactly as the above? Are all of the quotation marks parsed correctly? (maybe re-type all of the quotation marks to be sure) Are the ampersands parsed correctly? (maybe re-type these as well) If in doubt, don't copy and paste the code. Type it out, so you can make sure all of the characters are exactly as they should be. If you still get the error, the code must be incorrect, therefore you'll need to narrow down why by searching online and learning a little VBScript.
  5. Hashcat mask/rules?

    You could use Crunch to generate a wordlist, and then use HashCat with this wordlist. I believe you can pipe one directly to the other, without having to save a file in-between. I don't have much experience of Crunch to be honest. You can download it here, and some instructions are here.
  6. Hashcat mask/rules?

    Really? That's slow! What GPU do you use? FYI, a GTX 970 is £300 and average by today's standards. Someone with a Titan at £1000 could crack about 30% faster than the table on my other post (linked in the post above).
  7. Hashcat mask/rules?

    No worries. The best page to read through all of the available options for mask attacks is this. You may also find my previous post interesting.
  8. Hashcat mask/rules?

    For a password that is numbers only, 8 digits, I wouldn't bother. It'll crack so fast, it'd take you longer to type the mask out than the crack time without it anyway! 8^10 = 1,073,741,824 = About 6 seconds to crack for GTX 970. hashcat64 -a 3 [filename] -l ?d?d?d?d?d?d?d?d
  9. TUmkcITSBvsSJmJYshXj7s1QTLo appears to be Base64. Username: P2PClient Password: MIp&bXPL Here is some info on how WSSE works. Also read Using Burp Suite to Test Web Services with WS-Security (you need nonce and timestamp as well as the above). See also this.
  10. Everything appears to be in HTTP? Does wireshark/tshark capture the password in plain text? Documentation on how to use this is here.
  11. RIP Kerby

    If you edit your original post, you can change the title of the post.
  12. DVR? Digital Video Recorder? I have no idea what you mean by getting the admin password for a DVR. DVRs generally don't give out any kind of wireless signal DVRs don't really have an 'admin' password. Unless you mean something else?
  13. Insib.vbs

    So according to the site linked, invis.vbs should only have 1 line and it should be; CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False Is this the case? What does your invis.vbs file contain? Also, as @kdodge mentions, check that none of the characters are being parsed as Unicode, such as the ampersand.
  14. Insib.vbs

    A very quick search on Google advises invis.vbs is dodgy. So either; You got owned and should scan your PC You're attempting to use code from invis.vbs for your owns means, which is fine, but the code is not correct and you need to check your syntax in line 1.
  15. Insib.vbs

    We're going to need more information. Please confirm; What is invis.vbs? Did you put that on there? Please post the code here, in particular, line 1. How are you attempting to access the ducky to copy files? (are you taking the SD card out of the ducky and putting it in an SD card reader) Do you have an inject file on your Rubber Ducky? What is that attempting to do (post code)? Thanks.