0phoi5

I've had success with Fluxion on an RPi, in a pocket, and SSH to it with a 'PwnPhone'. Works great.

What hardware are you going to be using?

The Ducky is simply a HID emulator. You'd basically need to know exactly what keyboard shortcuts do what on the specific phone you want to attack. Plug an actual keyboard in to the android device (or Bluetooth on to it) and experiment with the keys, to work out which ones do what. Then, play around with the best method to do what you want to achieve; pressing a series of buttons on the 'keyboard' until you navigate around on the phone and do what you need to do. Copy this same key press series to a Ducky script. You can buy USB to Micro USB adapters to then plug the ducky in to the victim phone. Honestly though, I think a Rubber Ducky to attack an Android phone is probably not the best method. Perhaps a fake AP or Bluetooth attack would be better.

What does it act like on other devices, other than iOS ones? At least then you can start to narrow down if it's an iOS thing. Could be they have inbuilt security measures to spot ARP spoofing, although I'd have to research to confirm.

Literally the best lockpick 'excuse' I've ever read.

Sorry, the context of your English isn't too clear here. Do you; a.) wish to attack an Android device using Meterpreter, using another device as the attack platform (https://null-byte.wonderhowto.com/how-to/create-persistent-back-door-android-using-kali-linux-0161280/) b.) wish to use the Android device as the attack platform? (https://www.kali.org/tutorials/kali-linux-android-linux-deploy/)

The only (bodge-job) method I ever managed was; Create SendKeys based VBScript to press 'yes' on a Remote Desktop Connection approval pop up Copy VBScript to target machine Create Scheduled Task on target machine, to run as logged in user, using PSEXEC, to run the above VBScript. Send a Remote Desktop Connection request just before the above runs. Profit. This does require some pre-requisites, such as an admin account credentials.

https://hashcat.net/wiki/doku.php?id=example_hashes Not a recognisable hash. I would say it's one of their own making. You'd need the code from the other side (Java by the looks?) to see what happens with that 'hash' after the HTML form.

I would; Contact the Police and give them as much information as possible. Contact Instagram Customer Support with details of the previous account names the culprit has used and quote to them the Police contact details and case number, so that they can pass along details of the phone numbers/email addresses used to sign up with. Hopefully from this the Police will have some evidence of your ex or someone associated with them setting the accounts up.

This. Then you come across the I-need-the-thing-I-only-removed-from-my-bag-2-days-ago-because-i-never-used-it scenario

Under UK law (and likely most other places), if you purchase a device and it is owned by you, you can do what you like with it, including hacking it. Hacking other people's devices without written permission is inappropriate. Hacking your own devices is fine (and fun).

Parrot is better than Kali, IMO, however Kali is more widely supported and used in tutorials.

So it might be failing on the following line (259); while [[ "$MDK3_MAIN_MENU_OPTION" != @(1|2|3) ]]; do After it fails, can you echo $MDK3_MAIN_MENU_OPTION? If it isn't set to 1, 2 or 3, the script will hang here indefinitely, as the writer hasn't added an 'else'. Scratch that, sorry. It's stating if the option isn't one of those. Between line 256 and 278, can you add an echo between each line? e.g; echo 1, echo 2 echo 3.... That way, you can see which echo is the last to show up before the script ends.

You need to narrow down the exact line in the script that it fails/ends on. What's the last output that you see on your screen before the terminal closes?

Thanks matey. Nice one-liner! Much appreciated.

How far does the machine boot? Does it get as far as starting the SSH deamon, so you can get to the file system that way?

Have you tried pressing y then enter?

I'm confused. You advised earlier that the terminal closes after you press return/enter on the line "Are you satisfied with this configuration? if not, input 'r' and you will be returned to Reaver's Configuration Wizard:". Does it close or not? I thought that was the issue? If you are uncertain how to do a simple thing like adding an echo/Write-Host message, it's probably not a good idea to try and work with a long, complicated shell script. You should learn basic PowerShell before continuing.

Can you add an echo message just before and after the 'done' and the 'clear' lines? That way, you can narrow down which lines successfully run and therefore work out where the script stops.

Hak5 are a good bunch of guys n gals. I think this is a case of impatience. In an era of Amazon next-day-delivery, too many people assume instant service from every supplier. This is not how life works. Please also note that these are not necessarily 'off-the-shelf' items. When you order stuff on Amazon, it's already been made by someone else and is in a warehouse ready to be shipped. Hak5 design, build and ship their own bespoke products. Patience is a virtue.

Hi all, I am using the following; This outputs passwords with spaces in-between every character, for example "P ! A r g k X 7 n g". I want the password to have no spaces, for example "P!ArgkX7ng". I can achieve this by using the following; However I'm pretty sure I'm doing something wrong in the above to make the password produce with spaces in it? Thanks.

I would assume 'done' or 'clear' are closing your terminal, unsure why though.

For other's info, this is the script and the below is the lines directly after the 'Are you satisified with this configuration?' bit. https://github.com/0x90/wps-scripts/blob/master/ReVdK3-r1.sh read -p "Are you satisified with this configuration? if not, input 'r' and you will be returned to Reaver's Configuration Wizard": SATISFIED_OPTION; done if [ -e /etc/reaver_tmp.txt ]; then rm -f /etc/reaver_tmp.txt fi if [ -e /etc/aireplay_tmp.txt ]; then rm -f /etc/aireplay_tmp.txt fi clear

Unfortunately Parrot / a lot of Linux distros initially recognise the on-board graphics card, rather than any added GPU. I've come across tutorials previously online, doing a search maybe try one of the following. I think they call it 'GPU passthrough' if you need to search Google; https://medium.com/@dubistkomisch/gaming-on-arch-linux-and-windows-10-with-vfio-iommu-gpu-passthrough-7c395dde5c2 https://www.reddit.com/r/linuxmasterrace/comments/2z30dq/gpu_passthrough_or_how_to_play_any_game_at_near/ Be aware that I don't believe you can get the full graphic card's potential released through passthrough though. You'll lose some of the computational power from Linux having work out how to use the GPU.

Already done this; RPi with Parrot / Kali installed, in a backpack / pocket. Install Raspberry SSH on your phone. Raspberry SSH works with Android smart watches, so you'll get any created buttons show up on your watch. Buttons = Send any command to the RPi. Create a button to start a BASh script. Profit.