0phoi5

I've been toying with this idea for a while, but have yet to buy a Sonnet and so am uncertain if it would work (note the arrow directions)... Attack Box > Wi-Fi connection > Sonnet > > > > > Sonnet < Wi-Fi Connection < RPi > Wi-Fi Connection > Target AP In theory, if the Sonnet allows this correctly, you could connect over a long distance, however the throughput would be pretty slow. OK for terminal though.

Just had to mention hackthebox.eu An excellent website for practicing pentesting; real-time, hackable machines of various skill levels and types. You can sign up for a free account, or pay £10 a month for an upgrade. Well worth it. The free account gives you access to almost everything, the upgrade is just to improve server availability and the hardware you are hacking against, speeds up the process a bit, but you don't have to pay if you don't wish. As a side note; to sign up, you have to hack your way in! (hackthebox.eu/invite)

Very circumstantial, based on how large the buildings are and the materials the walls/windows etc. are made from. You're likely to be able to penetrate 2-3 of these building, but certainly not 10. You defiantly need to either; Get higher, so the signal travels over these buildings Use a much lower frequency for the signal than Wi-Fi (LoRa, mobile network etc.) Get closer.

Is it line-of-sight, or through objects? If through buildings/trees etc, could you give us an indication of how much is between you and the Wi-Fi?

The maximum distance I personally have managed with a simple Yagi antenna (like this) was 1 mile (1.3km). Wi-Fi isn't really designed for the distances you are thinking about, unless you are willing to go the DIY route. You could probably get 1-3 miles with this, I doubt any further. And I'm talking line-of-sight here, not through multiple buildings. Through buildings, you'd get a few hundred yards, not miles. This can only be mitigated by sending the signal above the buildings. People who manage further are pretty much guaranteed to be hobbyists that have DIY'd their own Wi-Fi rigs. It's all about frequency; Wi-Fi is too high of a frequency to travel long distances, hence suggesting using around the 800mhz range above and converting the signal on either end with an RPi / Arduino / etc connected to shorter distance Wi-Fi antennas. The ProxyHam is an exact example of this.

You're going to struggle to get that in a city environment with Wi-Fi wave lengths, unless you're on top of a tall building. You're probably best off researching a way to use a much lower frequency signal, such as the 800mhz range, and use something on either end of that to convert back in to Wi-Fi. Research ProxyHam, LoRa and Sonnet.

Does Kismet have the ability to create a 'heatmap' of Wi-Fi signal strength, or is there any applications that Kismet data can be imported to, in order to create a visual heatmap?

Most of the time, you'll want to go for a Mask Attack. Using Windows CMD, this would be something like; oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1 (run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times) The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers. You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use; -1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2 Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack; oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt I go in this order; Dictionary attacks, using the smallest/quickest dictionary first and the slowest last Mask attack using likely default password layout Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig.

Ha no worries. I'll have to have another play this weekend

I use AWUS036H's myself, but as others have pointed out previously, this only works on 2.4ghz APs, not 5ghz. Not a major issue at the moment, but going forwards in time, it may be that more APs are 5ghz. Maybe not.

If you have about £400 / $550 dollars available, you can do this; https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ Pentesting platform for GSM, as well as a proxy for a real GSM if that's what you want it for.

Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack? Thank you.

https://en.wikipedia.org/wiki/Cellular_frequencies https://en.wikipedia.org/wiki/List_of_WLAN_channels Not the same frequencies.

https://hashcat.net/cap2hccapx/

Loads of experience here. Personally, aircrack-ng and oclHashCat are the way to go. No need for 3. Those 2 do it better than anything else I've come across. Aircrack for grabbing the handshake, HashCat for cracking it using GPU (fastest method I've come across).

https://www.redbubble.com

Sorry, you're going to have to be more articulate with your question(s) before we can help. Not certain what it is that you require.

Everyone's got to start somewhere. No one goes from zero to hero in an instant. In the same way that any online game player will start as a 'n00b' and become pro with time, so then most hackers begin as Skiddies and become pro. Just keep it to that though; no acting like a Skiddy (trolling, asking stupid questions, not taking the time to learn things properly).

You're committing a bit of an anecdotal fallacy there. Actually physics will confirm you're incorrect. 2.4ghz will always reach further than 5ghz, as per the wavelength. It will also always punch through objects better, as per the wavelengths. Potentially, yes, it can lose more packets than 5ghz, due to the nature of longer distances equalling a higher possibility of this happening, but certainly not to the extent you are experiencing, generally. I agree with barry, there must be a reason for this interference, and it isn't the fact that the signal is 2.4ghz.

Wow, definitely not. It's slower, but much better at distance and punching through objects.

Regarding the above, just wanted to clarify; why use PHP? It appears you want to create and use a HTML GUI client-side, but PHP is a server-side language. You'd probably be better with a client-side language such as JavaScript, VBScript, etc.

That. Is. Perfect. Literally couldn't have imagined it more spot-on :')

They'll Big Brother the whole thing, stick adverts everywhere, remove anything they deem a 'threat' to their precious OS (removal of Windows exploits wouldn't surprise me) and use it to monitor everyone. The usual Microsoft stuff. Personally, I'd go elsewhere.

What are the contents of the ophcrack.txt file?

Couldn't you literally just generate a variable consisting of random digits and pipe that to a script that reaches out to a URL to check if it's alive http://123456.onion http://123457.onion etc... Could compute thousands of these a second.