digip

Can you post the hash?

If you copy the CURL request(right click the "purple" bar) and then paste into a console, it will do the same request and you could log the output. But if it expects two way data back and forth, you need to answer the responses and then reply, which you could do in a bash script, or some other language you're comfortable in. It depends on what the web socket app/service expects after the initial connect is sent. Without knowing what the thing is you're connecting to and the source for the endpoint on what it requires, kind of hard to help any more than suggestions on things to try. If people knew more about the service, and if it had an API for interacting with it, might be more helpful and easier to script something, but just try simple things like the CURL request first and log all the info and can use verbose output to see everything going back and forth. Then work out what you need to do from there and kind of reverse engineer it to be done with a script.

No clue what you're talking about, but if it's cracking a hash you want to reverse, try throwing it in a file and cracking with JTR. John will tell you what kind of hash it thinks it is and can try multiple hash attacks against it without the need to specify the hash like hashcat will want. if it's a wireless key, might need to convert it for cracking.

Bluish? lol. yeah, the purple bar, or "lavender" bar. Fuck. The colored bar on the left..lol

If it's a post and reply of data, sure, that's quick an easy. If it's an interactive thing like conversations back and forth, not easily unless you script the use of curl to send replies to incoming responses, which could be done but probably easier in a different language that can do it all in one. If it is some sort of back and forth chat, then build/script a client that logs all the back and forth. Alternatively, fire up wireshark(so long as it isn't over SSL) and you could just filter the pcap and save out just the conversation, which again, is as simple as right clicking and save our the HAR to a file. If you want this automated with hands free just to capture data, then you need to build some sort of client that interacts and logs everything.

Because they don't exist in the kali repository. If you want those tools, find their sites and source and manually install them. If on git, then git clone and follow the install instructions for them. thefatrat is not exactly a pentest tool. It automates other tools which you would probably be better off learning vs point and shoot stuff; if you don't know how they work or what they do, probably should read up on them first. Recondog is a python script. you can get it on git as well.

Right click on the blue bar and copy all as HAR, then paste to a text file. It will have all the data in there. Otherwise, like mentioned, you'd need to interact with it, and log the output. There are probably code samples out there for how to use html5 web sockets with other languages. Rachet might even be able to do what you want, bit I have not tried it.

Draw your own conclusions but I think the name is just a name and more or less to give people the sense of the same type of attacks as the hak5 pineapple. Still, if it doesn't work the same way as a pineapple with respect to listening for probes and then brining in device connections, it may be more or less just marketing hype to get the word out.

8000 might be a web proxy. You can test by setting your browsers http proxy to use port 8000 and the IP address of the work site, then opening any website to see if it loads anything or displays an error message. This might also be a work VPN port for something like a java VPN but more than likely some kind of web proxy port like a squid box. Could also be a honeyport, depending on what is running on the network, port forwarded to a honeypot that responds, logs your IP and eventually blocks you all together. Try different scan's like "-sT -Pn -p- -v -n" or "-sF -Pn -p- -v -n" and also UDP scanning with the -sU switch. Still, if you're in charge of the network stuff, you should have login deets for the router/modem(all in one device I assume) to look at what ports are open or forwarded. Some devices have ports opened that can only be closed by logging onto them over telent or SSH(from the lan side) and the stopping the service. My asus routers for example, start things like STP on boot, whcih can be disabled by logging in with telnet and then disabling and putting a commit to nvram, then rebooting, which will then start without the service. Some devices have these ports open that can never be turned off, most of the time for the ISP to connect and configure devices, which modems fall into that category, since all ISP's that I know of, have access to provision devices, even self owned modems(thanks comcast for bricking a few of mine in the past too). About the only thing that can make you less paranoid, buy your own modem and swap it out from the ISP's and call them to put the MAC address of your purchased modem onto the network. Just check with them first on what modems they allow as not all ISP's accept every modem manufacturer and might need specific models that have a certain protocol family in place, ie: DOCSIS 3.0 vs 1.0 for cable modems, or also have VOIP+Network capabilities.

On the highlighted item on the left, you should also be able to save its output with a right click to show the various options. Click save all as HAR and paste to text file.

Were all the intended items there when you got it? Wondering if someone opened it during transit and messed with stuff before it's final destination. Would seem quite off for the team to do it, without an intended purpose, and I can't see them being the culprit. Could be an honest mistake though, with someone stuffing envelopes while the CD was already in there and didn't realize it before shipment.

Yeah,l if you don't personally have an account with Equifax, then you shouldn't have any info in their database for your email and passwords. If you used one of their other products, and a site is owned by them on their servers, then maybe it's a concern, but I'd be more concerned on personal details, like SS#'s and address, full name, mothers maiden name type of things, vs an email and password, which again, if you didn't use their services or site, then you shouldn't have anything to worry about.

Someone had just posted this at work the other day. Haven't had a chance to watch it yet. Interesting. I don't use bluetooth for anything but my cars have it on by default, so not good.

You need to also poison DNS and redirect them to the portal page. I use Fruity WiFi on Kali to test at home and have redirected to my own fake portal page. You also need to have a web server running to serve them the page as well, or they won't be able to load it. Wifiphisher may run it's own, not sure. Many tools implement simple HTTP servers in python for attacks, but you can do this many different ways. Basically you need 3 things in place. 1 - fake AP/connection to your network 2 - poisoned/fake DNS responder 3 - Web server to host your payload for fake portal site that stores the entered inputs, which can post to a PHP script and dump to raw file or database storage. A simple output to CSV works fine in most cases. If you're trying to redirect everything to the portal page, you may find it won't work for certain sites, like Google, which requires stripping HSTS and SSL, but most browsers now have hard coded stuff for certain HSTS sites like google and facebook. Site's like AOL for example, don't enforce and can be pushed to HTTP and injected or redirected completely, as where google, will more than likely fail with an error message. An interesting thing I noticed when clients connect, if they are on a cell phone, most android phones will upload info on your wifi network or even request a ping to check if the connection is working. iPhones usually don't show to much automatic into on connect, but that depends on the apps they have running. You might see stuff that tries to automatically connect to a weather service or Snapchat for various phones when they go on wifi, which is also a big thing these days you see that any mobile device with those types of apps, automatically scan the network and connect to various services upon connect like ntp, weather and social networks.

You should try and confirm the results are actually from your work. Seeing SMTP and Torrents in a scan result, would mean that the ports need to be forwarded to the end machines that are responding to them unless the router itself has some kind of reverse shell that is impersonating on those specific ports, which is probably not the case, but also not impossible. You can setup SSH to any port for example and in the event your work's firewall rules have something that allows only specific ports for in/outbound then an attacker would need to know this to make use of it as such. More than likely you're scanning the VPN's network. What range of IP did you try to scan? 192.168.x.x, 172.16.x.x, 10.x.x.x? If so, you're not hitting the work network, unless you scan from INSIDE the network, as these are LOCAL private ip ranges. You can't just fire up nmap and scan 192.168.1.0/24 from home and expect to see the work network, but we're assuming you know this much about subnets and IP networking before so. If you didn't know this, it explains more the results you're seeing.

What did you use to find your email on the dark web? I'd be leary of tools like this, as you could just be getting phished to begin with. If any of them ever ask to check for your password as well, this is a red flag. Never give a search engine both the email and password to try and verify anything. You will more than likely find yourself hacked in the end when doing this. A legit site to look for things on, is have I been pwned. - https://haveibeenpwned.com/ If you want to search your email on there, safe to do so. I'd not do the password search, but if you only searched your password, you're only seeing if it's been seen, and unless it's 100% unique, chances are, other people have used the same password as you, which really makes consolidating your email and pass, not an easy thing, as where your email is unique, so easier just to see what kinds of breaches you're in. I don't know if https://haveibeenpwned.com/ has the Equifax data yet, but worth looking up your email for just to see where/what hacks it could be in. As for dark web sleuthing, protect yourself by not going there to begin with, till you fully understand what you're doing. Many onion sites are just booby-trap sites that are going to have triggers in place listening and scanning for visitors on entry to their Onion site. If your system is vulnerable to something they have waiting for on the other end, you could end up worse than just coming up on a hacked database. At the end of the day, change ALL your passwords and make them all unique per site, and is possible a different email, per site.

If it's like TrueCrypt, you still need the TrueCrypt app to open the encrypted files, but this goes for any container, including a RAR or 7Z file with encrypted files and password protection. ZIP files, do not encrypt the files by default but can password protect, but you'll see the file names in plain text if you open a ZIP in a text editor. You can in most things, put the Vera/True crypt app on the thumb drive as well, but this gives away that there might be a hidden encrypted file on the drive without having to dig deeper into the drive to look for it. Putting the encrypted files on one drive and carrying a portable version of the app on another would make more sense, but no OS will natively open TrueCrypt/Veracrypt files. If you need to be able to open it on ant system then basic ZIP with password protection is about the best you're going to have out of the box. The rest of the solutions would require installing something or having the portable version on the same drive or second flash drive.

1) - USB Thumb drives come in many sizes, and are more than robust enough, just going to be slower than a full install to native HDD boots. Same for USB HDD, although I'd just use a thumb drive and save the HDD for backup storage or such. Thumbdrive is more portable and easier to carry, and can be both a full install, or live install with persistence. 2) - USB booting is more or less the setup of the machine you plug into. You need to either have the boot order set in the bios to boot from USB first, before CD and HDD, or, F9(or whatever the machines settings are on this) on boot and select the USB drive to boot from directly. Few caveats to #2. 1, if the system is UEFI/EFI booting(WIndows 8 and later and certain versions of MAC OS), you need an EFI setup on the thumb-drive, otherwise, you need to change the bios to disable EFI and allow legacy booting. If you don't, the system may not even see the thumbdrive, and will skip right to the main OS. Check docs.kali.org on how to setup a USB with UEFI. Kali 2017.1 will allow you to install with UEFI natively to the HDD as well, if you wanted to dual boot the system. You'd still have to select the boot order, unless you wipe windows MBR and go with grube to chain load, but I'd say leave it alone and do the F9 trick on boot to select which OS Drive to boot from. That is what I ended up doing on my laptop which now dual boots Windows 8 and Kali. It defaults to boot windows, but if I press F9 on boot, I can then select kali instead, but this is BIOS dependent with UEFI settings for my machine. Yours may be different. If you want speed(and space) dual booting would be the way to go and install to native hardware. Wifi tools and others will work much better on native hardware as well. Especially if you've been playing with it in a VM. Most everything will work fine in a VM, with some exceptions to a few USB wireless cards which is generally OS and hardware related issues, but that's for another thread and you can see plenty of posts here with others experiencing issues on VM's and what Wifi cards work and don't 100%.

POC||GTFO..lol Show us some video demos. Shouldn't be hard to test possibilities, but I don't own an iPhone.

Yes, I think that is the same one, similar to TrueCrypt, only still being developed. TrueCrypt has a security flaw and I think they stopped updating it few years ago.

Interesting. Great find. If it were USB 3.0, then I'd say probably advantageous even as a spare RAID setup, but I would think even USB in raid(if it can be done, which looks like MAC can. but I'm on windows, and would have to try to find out) would still be slower than say, a SATA raid, even with conventional HDD's. Read and write on regular USB is generally pretty slow unless on 3.0. Still if this is merely for splitting the file so it required a pair of USB sticks to be be used at the same time to protect the data, then it would be useful merely for the storing of an encrypted file, that can't be read without the second drive, so might be worth a try. This all being more or less conceptual, but maybe not as practical for everyday use purposes if you want just one drive to carry around with you. You'd have to make sure you never lost the other drive(s) or format them, or all your shit is gone if just one of them is gone. I'm going to have to get a couple of cheap USB drives now and see about setting them up as RAID on windows. Linux can probably do it if a MAC can, so will have to test this. Curious how well it will work on windows regardless of the encryption aspect; just want to see the RAID setup on a flash drive in action. I've got both USB 2.0 and 3.0 ports on my machine, so will need to also invest in a 3.0 hub to give this a try. With the right setup, this could also make a nice storage array that can be easily moved between machines.

Do you have permission to scan the work network? When on a VPN, you're scanning from inside the work network, which might have more lax security settings(assuming it's the work VPN and not another 3rd party VPN service, which you could end up scanning your VPN services network if not careful). My guess is, scanning from outside the network, packets are being dropped and not reset or replied to. There are different types of scans you can try like fin scans and xmas tree scans, but if you see bit torrent on there, unless it's port forward by the modem/router, you probably shouldn't see it at all, and could be hitting another device like workstation or server. Port 25 is SMTP, for an email server, which I don't think is going to be running on the modem/router itself, nor should a torrent client. Assuming you do have permission, try: nmap -sC -sV -v -Pn -p- -O --fuzzy --open -T5 x.x.x.x

Not sure you can RAID removable media, but that would be interesting to see how it worked. I don't see how it protects the data though. Partial file recovery still would expose some data with forensic tools. You'd want an encrypted file or container to really be effective, so RAID with encryption maybe, just not RAID by itself.

There is a tool similar to true crypt, can't remember the name, but you can create a hidden encrypted partition on the drive on NTFS for windows or EXT3/4 on Linux. You would then mount with the encrypting program and it will prompt for a password to show the contents of the files. You'd need to install the encrypting program on the hosts, but some are portable and can just be copied to the drive, or to be stealthy, put it on a separate thumb drive.

Now I want a burger. Thanks for making me hungry. Damn you.