Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Wallruss

  1. Glad to hear you are off to a good start! Keep us posted on how things go.
  2. While your idea is a decent one, I would add that experience is typically the best teacher. You will discover that each situation tends to have some unique combination of elements and therefore a practical hacking guide would quickly spiral out of control (and become unpractical). My strongest and best recommendation is to take the time honored approach and learn each tool, one at a time. Take the time to learn what a tool does, and what the options do, and don't rely on just the GUI - really dig in and understand it. I see too many folks that 'just want it now' and quite frankly this field is not one that rewards those looking for quick wins. Be patient and learn what really works and why it works. I certainly don't want to discourage you - I really like your enthusiasm. Just learn to be patient and invest time and you will be rewarded in many, many ways!
  3. Glad to hear you are taking the ethical road! Ultimately what it comes down to is time and education. In order to truly know which tools work the best, you need to invest time (and it will take a lot of it). By really educating yourself on the benefits and drawbacks of each tool, you will always come out the winner. Why? Because every situation is different, and a well educated hacker will know which tools serve him/her best for that situation. Keep in mind that this field is one where you must be very tolerant of a very high failure rate - that's all part of the education process. Lots of patience and only changing one variable at a time. Trust me, it really pays off big time. If you're looking for a quick fix and win, then this is the wrong area of interest - lol. So dig in and find out for yourself about each option and why some folks like one tool over another. The best opinion is your own, because you'll always find someone else with theirs and all too willing to share. Stick with it an you will be one of the folks advising others one day!
  4. If you have an NVidia graphics card, some Linux distros will load the Nouveau (generic) driver but then attempt to load the proprietary driver. I've found in the more current distros that running the generic driver works quite well. If you attempt (or your OS opts) to install the proprietary driver, it usually involves blacklisting nouveau to prevent it from loading. Another easy try is to simply rename the X11.conf to anything else (located in your X11 folder). Then reboot and allow the OS to redetect the graphics.
  5. You may want to consider Parrot Security OS. I used Kali for quite a while (nothing wrong with it) but I like Parrot much better. https://www.parrotsec.org/. Just throwing it out there for consideration. I'd never heard of it until a few months ago and I love it.
  6. Or send a link to the exploit via email if you're simply testing. The most successful attacks today use social engineering and let the victim do most of the hard work (aka 'hey let's click on this and see what happens'). :-)
  7. In addition to digip's excellent comments, I would also recommend reading up on the filtering options for wireshark. It can be daunting if you're tackling it for the first time. There are plenty of great examples to help proper filtering concepts 'click that lightbulb in your head to on' for you. I would also recommend you start on a simple target network with just one or two machines. That way you can see and understand the traffic better, which will help you solidify the fundamentals. Once you're comfy on the simple network, add some more devices and keep on experimenting.
  8. To second the comments by haze1434, patience and desire to learn is critical along with acceptance of an extremely high failure rate if you want to be in this field as a career or hobby. Learning from the multitude of failed attempts is what helps us succeed. And I always roll my eyes when I see a 'hacker' in the movies magically do things in seconds - lol. Read a lot, play a lot and don't give up. Welcome to a fascinating world!!
  9. Kali does a lot of things well, but I've recently switched over to Parrot Security OS. Interestingly enough, a lot of the 'fuck with factor' I had in Kali (even in the 2016 release) went away when I started using Parrot. You may want to give it a try. https://www.parrotsec.org/. I only suggest it so you can spend more time on the hack and less time getting it to work. Cheers!
  10. The biggest problem I've run across in trying to successfully setup an attack like this is the increasing use of better (aka more secure) protocols - a good thing, BTW! I would recommend starting off by staging your attack with as many security features turned off on your victim device. Run your attack until you're successful and then begin adding in the security layers until your attack breaks and then figure out why and how to get around it. Sorry if this sounds like 'well I already knew that' type advice, but this approach has helped me numerous times.
  11. If your word list contains consistent delimiters like a semicolon, space, etc.. then you could consider writing your own script to parse it and hand off the array to the app of your choice. I do this fairly often when handling lists with items of unpredictable lengths.
  12. You should have an adapter that came with your Rubber Ducky that allows you to remove the SD card in order to allow you to safely add payloads without triggering them. I typically create my payload, add it to the SD Card using the micro SD to USB adapter, and then insert the card back in the Rubber Ducky. It's much easier to handle that way. But if you enjoy playing around to see what stuff does - flash the firmware. Both approaches are good.
  13. Wallruss


    Agreed. VPN will essentially place you on the 'same network' and make it much easier to run remote management tools like PSExec. If you haven't run it on the remote machine before, be sure to add the 'accept eula' switch to avoid some frustration.
  14. I'm with mojo0243. I typically get my MarkV powered up completely, then connect it to my laptop and once I have an IP from the MarkV, then go ahead and run the wp5.sh script to handle forwarding your internet connection. There is a newer script (wp6.sh) for the Tetra and Nano and it works well on those. Haven't tested it on my MarkV but it may be worth a try.
  15. I've been using the pineapples for quite a while now and encourage a buddy of mine to purchase the Tetra (*such a sweet device!). He got the book so I took the opportunity to take a peek at it. It was pretty much what you might expect - decidedly geared towards folks that are new to the whole concept of wifi pineapples and needing that extra hand holding to get them off to a good solid start. If you have been using a pineapple for a while, you'll find there's nothing much in the book for you (assuming you're like most of us and not afraid to jump in with both feet). BUT... if you're just starting out - this book is terrific. I'm glad my buddy got a copy - it should be quite helpful to him. Hopes this answers some of your questions.
  16. haze1434 is spot on. Running an update to grab the latest is always a good idea as well as using several tools to cross reference. The nmap website is an excellent reference to really learn all about the wide variety of switches you can use to target exactly the info you're after.
  • Create New...