Jump to content

bored369

Active Members
  • Posts

    288
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by bored369

  1. I don't like math so I don't even attempt the calculations for wattage, plus those specs for usb connections are variable from what i've found with a usb amp detection device from system to system same specs. There was an entire thread about running the tetra from battery packs that they included on the initial shipment and it rebooting periodically. This was solved for me by having 4 anker battery packs with above 4amp output ratings attached to two y-cables (also included on initial shipments out), plus I can run my tetra for almost 48 hours continuously (real life testing) with the amount of mAh I have available on the packs combined. They change what they include on the packs, so what is listed on the site when you order is what you are going to get and I haven't checked it in a while so I was just going off what i got in my order. I really don't think there is anything physically wrong with your tetra, like b0N3z said it's probably just not getting enough power from the computer. The 12v2a plug plus the y-cable to your system should be more than enough I would think. Also great thing about the tetra is the ethernet port for internet connection, makes it so easy to do. I normally don't do ICS because no OS really does it right IMO. If I don't have a ethernet to plug into i fall back to adding a wifi adapter to the usb port and connecting it directly and changing the gateway in the networking section to the ip or gateway (varies on the different wifi networks i've connected to like hotels vs businesses vs home) of the wifi adapter.
  2. The tetra requires a lot of power, are you using both the y-cables it came with for both usb-micro ports? I normally find I use a couple battery packs on one y-cable and then use two usb ports on the computer, sometimes just one port on the computer and a third battery pack. Otherwise travel plugs to adapt the US plug are pretty cheap.
  3. I searched for openwrt as access point and that's probably the information you would want to follow to get to that point. These two look like the most probable directions to take: https://wiki.openwrt.org/doc/recipes/dumbap or https://wiki.openwrt.org/doc/recipes/routedap I haven't tried them myself, but since the tetra is openWRT based they should work the same...may cause issues with the modules though, but depends on what they depend on.
  4. I had the best luck flashing it in Linux using the dfu-programmer as described here: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Flashing-ducky#Flashing_the_Firmware When I tried to do the Windows way I had issues with loaded firmwares working as expected.
  5. You can get all the various firmwares from here: https://github.com/hak5darren/USB-Rubber-Ducky/tree/master/Firmware/Images
  6. If you are talking about autorun.inf you can use it on USB keys as well, mostly XP is the only thing set to auto run the file actions by default, vista+ it starts asking you when it detects it. On one of the recent episodes of Hak5 they were mentioning adding cd-rom support to emulate disc drives and it's not uncommon to see disc drives as USB devices, actually my dvd burner is USB because I need the sata ports for hard drives.
  7. Same kind you can do with any linux box. I mean that's a pretty broad question. You just have to remember that there's not a lot of processing power, so it would be more useful to get the passwords or hashes you want cracked with the Pi then transfer it another system to do the bruteforce work.
  8. An online service would be the only portable thing worth it. It takes raw power to make guesses and you aren't going to get that out of something portable when compared to something that fills entire rooms. But then you have security concerns of posting stuff through a 3rd party and possibly charges as well. Also keep in mind that's a small combination set I mentioned in my previous post, you start adding other chars and length it takes exponentially longer for anything to brute force it.
  9. You can do it on either, you would just need to install the app on raspbian probably. But as we learned from Jurassic Park....you may be spending too much time figuring out if you can, that you forgot to think if you should A post on another forum explains it pretty well here: https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=95180&start=25 "let's talk about cracking time. I cracked my home network using brute force methods, so that is the only method I can weigh in on. Brute forcing is when you throw a bunch of passwords at what you want to crack and see any works. The RPi's 30 passwords a second is just too slow unless you know the password could be one of only a few. My laptop could do 400p/s, desktop could do 7000p/s and desktop with gpu could do over 100,000p/s. Let us say you were trying to brute force a 10-digit numeric password. That's 10 billion combinations or 0000000000-9999999999.10billion / 30keys/sec = 333 million seconds to try all combinations333333333/60/60/24/365= 10.57 Years to crack with a PiHowever with a desktop computer with a good gpu, you could crack the same password in under 30 hours." -by Zen1 » Sat Jan 17, 2015 5:09 am
  10. The site is in Korean but translated they look like they have a purchase procedure for the license here http://www.excerebar.com/board_hNVO84. They also have a plus version out there too you may want to look into as well. Either way you should purchase and support those who created it for you so they can provide updates and keep making software that you want to use.
  11. You should have your work pay for it if you want it.
  12. If you have a USB port available you certainly can. Processing power is kinda weak but it was reasonably usable for it.
  13. The Bash Bunny is essentially a highly configurable linux system on a USB stick with a couple switches to perform pre-defined operation at boot. Almost every USB device I've ever plugged has required a driver to be installed, most of the Windows systems out there are set to automatically search Windows Updates and install a driver. Unless the USB device has already been installed on the system. This process does not require administrative rights and will even install at a Windows Lock Screen (didn't test if it would work at the login screen (where no users are currently signed in), but it probably will). I just tested those on a blank Windows 10 system logged in as a standard user. The driver install popped up and recognized the Ethernet device and installed the driver as expected. Let's say it doesn't work that way for you (each system is different), from that point you would need to perform more setup and configuration based off your research of the target in question. This is where the Bash Bunny really shines IMO. Since it is a highly configurable linux system, there's very little that you can't change about it to suit your intended purpose. Like changing the VID/PID of the device to a known already installed usb ethernet device or trying a different attack vector. You need to know things like are the users running as administrator or which ones do specifically (those normally would be your focus the majority of the time anyway i would assume), what security features are enabled (things like disabling usb or the recent usb canary tool out there, firewalls and how they are configured, or static IPs/domain names/dns stuff). In the end though like all tools of any trade you have to know more than just how to plug it in and turn it on to use it efficiently and wisely. Your not going to be able to just pick a payload and then expect it work in all the situations out there.
  14. Easy2Boot might be interesting on this device though....I'll have to check if the storage in arming mode is available at boot time, that would be awesome to be able to use it as a boot device as well.
  15. Darren has mentioned he uses the Tetra for his in-home AP, imagine that gets a good amount of usage and is on all the time.
  16. Exactly! That's what I think IDNeion isn't getting, that a process is not the same as a separated virtualized environment. A process, service aren't really separated from Windows itself, in fact they have clear easy access to actually manage Windows through API calls. Windows is more an environment that allows things to do whatever they want however they want. It's not really managing much of anything, quite the opposite considering programs can manage Windows however they want once they gain appropriate permissions. Which is extremely easy to do in Windows, mainly because of their focus on backward compatibility. It's not all Microsoft's fault though, the users complain anytime they actually try to secure the OS because it causes inconvenience or breaks legacy applications, because some company (like the US Defense Department) using Windows still wants to run software from 1989.
  17. This one is both logically and from a design standpoint far more secure than Windows could ever be in it's current state. Windows is designed with backward compatibility and 3rd party integration in mind, Qubes OS is designed with security first and foremost then ease of usage for the user interface of managing fully virtualized systems in mind. The segregation and securities built into windows is designed to be worked around and avoided. A program can be easily written that compromises every portion of a Windows OS from just a single point of execution. Where in Qubes you may be able to compromise a portion of it with a single execution; it's much more difficult to compromise every portion of it because you have to break out of your confined point of entry first and then execute more once you have broken out of that portion. While it's not impossible, it's much more improbable. So for your example "compromising the firewall VM", you have to think about how you are going to even access the firewall VM to compromise it. Considering the User Interface/setting up VMs is the only portion that has access to compromise that VM, that means you must have something execute in the User Interface portion of the OS, but then considering you don't actually execute anything from the user interface besides VMs really, then that means you must compromise a VM running on the system, break out of that context into the host OS (where the user interface is located), then execute from there a way to compromise the firewall vm. Taking on top of all of that, those points described have been thoroughly vetted to harden and to try to prevent such attacks (again nothing is impossible but they try to make it as improbable as they can). So even if Dom0 is compromised from a general standpoint it's possible they have already hardened it where that point of compromise may be moot in their implementation. I've been following the project since it's very early stages and the team behind it is pretty awesome at what they do. While I don't use it regularly, because 99.99% of everything I do is based in Windows, I do apply their concepts to my general operation flow. Meaning I use segregated VMs to perform various operations and take advantage of snapshots routinely to revert whatever I may have just done in that VM. Comparatively this is still far more insecure then their implementation because I run Windows OS VMs on top of a Windows host and there are a number of known attacks to break out of the VM and then compromise the host in that situation it still makes it more difficult and luckily those type of attacks are not the most common. Even further if I'm testing malware I actually go the inception VM route where my Windows host launches a Linux based VM and then that VM launches another Windows VM inside of it where I then test the malware. A situation where it is very unlikely that an attack is designed to circumvent multiple OS's and virtualized systems to attack the actual host system. There's no such thing as a 100% security in computers, all you can do is make it harder for attackers to achieve their goals. Qubes makes it easy to implement a setup where that is possible to do since it was the original design goal in the first place.
  18. Try this site: http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/ What you have is an RTL-SDR so you don't need to worry about the purchase information it mentions just follow the software installation However Linux is much more advanced when it comes to available software and abilities in the SDR realm, I would highly recommend looking to dual booting or live disk setup with a distro designed for it Also great note that site is filled with amazing documentation on various things you can do with the SDR adapter you have
  19. btw i know you think the problem is 'bin opening in notepad' but the question is more what are you trying to do with a bin file in windows causing it to open in notepad, what are you expecting to accomplish? the last time i associated .bin in windows was so my cd burning app opened it to write it to a cd
  20. that's correct. what's the issue you are having...that might help more. btw the default reg for .bin in classes is: [HKEY_CLASSES_ROOT\.bin] "NoOpen"="" [HKEY_CLASSES_ROOT\.bin\PersistentHandler] @="{098f2470-bae0-11cd-b579-08002b30bfeb}" what you posted before is the default reg for an executable, which a bin file in windows is not..
  21. When you right click you should have an option to "Open with..." (pick "choose another app" if that is available), then in that message box a check box to "Always use this app to open .[xxx]", select whatever you want to open .bin files (which btw there is no default association in windows for that file type, so pick whatever you do want to open that file type).
  22. Is the start menu itself disabled? Is search on the start menu disabled? If no to both of those, just do START, then type what you are looking for and CTRL+SHIFT+ENTER will launch it in admin mode if needed. Another option would be START+E to open explorer and then tabbing your way around that way (either search or address bar to type what you are looking for)
  23. Sorry, rough holidays (couldn't access things to respond while i was traveling due to a crashed video card driver helper *don't ask*). But I did end up trying it on my Mint OS and it went through same steps as on the wiki guide. Didn't have to have any routes added and didn't have anything networked except the the lan turtle's usb side plugged in. Set the static ip on that adapter and was able to access the recovery interface without any issues. Updates and all seemed to go through fine as well. Mine did not auto-assign a 192. address though, I had to statically set it so I'm not sure how you were getting that auto-assigned.
  24. That's really awesome to hear, ticket systems are soooo much better than inboxes for managing and processing requests and contacts.
  25. Interesting about it being auto-assigned I don't think I had that happen before but if it's not getting a 172. address autoassigned I would think you would in the correct mode. And as I recall that's how it should be taken from the wiki: hold the button down (don't think it matters how long) plug it in, hold the button down for a bit afterwards (if it said 3 probably no harm in holding it for 5-10 seconds). Then you should be able to connect to the 192.168.1.1 if you have just 192.168.1.2 statically set with the subnet and nothing else. I will go ahead and note the times I've done it I've used Windows to connect and access the firmware upload page. Past that I might would recommend using different browsers/incognito mode without additional add-ons enabled things like that to try as well. I don't recall having any issue like that but I have seen other firmware upload pages on other routers and such have issues with all but one browser and that one browser could be any of the major browsers (in one case I even had to use IE even though it didn't do anything with active x) out there sometimes. I want to say I just used Chrome or Firefox and didn't have any issues when I tried it previously. If I have some time later tonight or tomorrow; I'll try to go through the process on my mint laptop and document the steps I take to convey them here better than just from my memories of it.
×
×
  • Create New...