Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


About Onus

  • Birthday March 9

Profile Information

  • Gender
  • Location
    Boston, MA

Recent Profile Visitors

2,077 profile views

Onus's Achievements


Newbie (1/14)

  1. @icarus255 Here is your first update. I have migrated to hcxdump and published my first major version! Thanks again for inspiring me to take another look at that tool set. It proved to be a huge improvement in so many ways. And as a thanks for your constructive feedback, by all means feel free to throw some hashes my way, that won't kill my electric bill with some unreasonable permutations that take a year or 11, lol
  2. Lol yeah I have a rig set up with 3 1080s and 5 1070s so I'm all set. But thanks. FYI I was just about done migrating to hxcdump and then I corrupted my boot image while trying to fix an auto mounting USB issue.. lol, but it was considerably cleaner and faster. Update coming soon
  3. @icarus , looking into hcxdumptool a little further this morning, i am seeing that i indeed am getting and able to sort handshakes and pmkid with rather ease. Im wondering though how that tool gets handshakes? is it passive? does it still use deauths? I will have to investigate a little more as to how long on average i should let it run, and if i there is an efficent way for me to monitor it. Definitely going to migrate in that direction.. Now that i really look into it, it definitely seems a bit more robust and would make my attack script rather clean. thanks again
  4. @icarus255 all very good feedback and thank you. To your negatives: * I am NOT looking to commercialize it. Really just built it for fun and to play around / make use of the plethora of pi zeros i have laying around. thus the github repo. * yeah i thought about that. That is why it only deauths for like 10 seconds on APs with clients and then reverts back to a ready mode. with no attacking. I wanted to make it as automated as possible. I guess i could make the deauth specific to a client on that AP instead of the AP itself.. (thoughts?) The use case i imagine is that you have a target and you know you can physically get rather close to the router and hang there for a minute. You get close, press the trigger, it grabs BSSIDs with clients (sorted by power/strength) does a quick 30 second deauth attack and goes back to ready mode.. you walk away.. The indicators just let you know if you caught valid handshake or if you need to try again.. * Noted.. but in my experience this attack is still very effective, To your suggestion: I absolutely thought about the hcxdumptool/PMKID attacks and i have been experimenting with them. There are a lot of variables time wise involved and by that i mean it can take a considerable amount of time to capture a PMKID. I did notice though that it seems to capture handshakes as well, and a bit more passively, though i have not got as far as sorting handshakes and pmkid. Also in my experiments i am not getting hashcat to crack the pmkid in most cases even with a short list that includes the known pw. Maybe next revision. blessings always welcome as is the constructive feedback.. again thank you.
  5. Well I could use besside-ng in my script sure, instead of aircrack suite directly. I really just wanted a handshake device. I love my nano and my tetra but some times it's a little more like a flame thrower in that unless I manually set it specifically for this task in advance it's likely going to start broadcasting open APS. This device would serve just that one purpose and merely needs to be powered on and it's ready to go. Plus I wanted to build something!
  6. Hello all. I have been a fan of the hak5 team for a while and over the last 2-3 years have collected pretty much everything in the hak5 shop. I have all the things that do the things. ? Recently during a fever dream, I imagined that I had a new device. One that magically grabbed 4 way WPA handshakes with the push of a button and was small enough to hold in my tiny pen testing fist. We have all been there right? We know there is a network with clients but we are just too far away to effectively do a deauth airodump attack. Sure we could get closer and open our Linux laptop, plug in a wonky antenna and fire up a couple terminals, but as if our hoody wasn't enough of an indication, now we'd really be drawing attention. Ok maybe we all haven't been there but at least I have and when I awoke from that fever dream I thought to myself, damn why didn't I think of this sooner. I need this thing to be as real as all my other things. Anyway, I went right to my work bench and started soldering away. I have started a GitHub repo for this thing that I'm tentatively calling FistBump. It's in it's beta stage for sure and a fairly simple device really, but would love some feedback. Please be constructive with your feedback, it's my first try at prototyping my own device. https://github.com/eliddell1/FistBump
  7. Are there any demos for the new enterprise feature.. seems like the security drop down in recon results is always blocked for me, and i can't seem to figure out how to clone an enterprise ap and harvest the rewards..
  8. How can I install git and responder and such via the terminal/ssh. I tried apt-get only to realize I don't have that.. :/ the responder that comes in module doesn't seem up to date..
  9. I have not tried that.. wonder if responder works better that way as well, and maybe I can install bettercap that way.. :)
  10. I just got a brand new tetra a few days ago and am noticing a slight electric clicking sound coming from it.. almost sounds like Morse code (dot dot dot dot dot dash, dot dot dot dot dash) is this normal? everything seems to be working fine, accept i did notice that if i want to use the eth1 usb port i have to initially unplug tha c adapter to get my machine to see it.. hoping i don't have a short/defective tetra,
  11. I don't see any documentation on the db of the antennas that ship with the Tetra. I am guessing they are around 5 db? Wondering if people have upgraded the antennas on the Tetra and if so what antennas are you using. I have two 7db antenna lying around that i bought for my nano, but not 4, so if i were to try to boost my signal, i wouldn't know which of the 4 antennas to replace, since i only have 2 9bd antennas. I ssh-ed into the pineapple and noticed that only three wireless adapters are actually up: root@Pineapple:~# iwconfig lo no wireless extensions. eth1 no wireless extensions. wlan0-1 IEEE 802.11abgn Mode:Master Tx-Power=30 dBm RTS thr:off Fragment thr:off Power Management:off wlan0 IEEE 802.11abgn Mode:Master Tx-Power=30 dBm RTS thr:off Fragment thr:off Power Management:off eth0 no wireless extensions. wlan1mon IEEE 802.11abgn Mode:Monitor Frequency:2.462 GHz Tx-Power=30 dBm RTS thr:off Fragment thr:off Power Management:off br-lan no wireless extensions. Its great to see they are already at 30dBm but that was confusing to me since there are 4 antennas, and how do i know which antennas on the physical device are which..
  12. Yeah.. never had much luck with ettercap so went with something better ;) it's great.. yeah I tried connecting to the secured AP as well even tried running the scan from different interfaces... Can only detect the gateway and any computer directly connected to the pine AP. Oh well
  • Create New...