Jump to content

rlbug

Active Members
  • Posts

    19
  • Joined

  • Last visited

Everything posted by rlbug

  1. tried both hcxdumptool and wifite2. both are not able to find pmk-id not found.
  2. I am trying on hcxdumptool, I will try wifite2 too. Thank you!
  3. Thanks but i have tried this hcxdumptool before but no luck in capturing handshake. I will try with this set of guide. will update the result. Thanks
  4. Thanks but what's the Tool name to PMKID attack on WiFi device. Any tutorial will be helpful.
  5. @Just_a_User The problem is its a client-less device, so capturing handshake is not possible.
  6. Hi All, Sure, normally WiFi device are connected with a WiFi password or pre-shared key. In my case i like to hack a WiFi device thru guessing password, guessing is not possible these days but I like to know Is there any program or tool to attempt dictionary word list to connect (hack) WiFi device. Reaver is useless when WPS is disabled in router settings. Any suggestions will be helpful. Thanks
  7. Thanks for your replies here is the setup of my network. router IP: 192.168.1.1 DVR IP : 192.168.1.99 ( DVR is connected to the router by wire ) my IP : 192.168.1.5 so i am on same network and i can able to get the login page. its Dahua device. I tried ettercap to sniff data between DVR and ROUTER. I found the DVR serial no 3D00082PE517877 DVR model no XVR4116HS some data are DVR to dahua server on internet GET /heartbeat/device/3D00082PE517877 HTTP/1.1. As it says "hearbeat" of the device ping the dahua server on internet dahua server on internet to DVR HTTP/1.1 200 OK. CSeq: 0. also some data HTTP/1.1 200 OK. Cache-Control: no-cache. Pragma: no-cache. Content-Type: text/html; charset=utf-8. Expires: -1. Server: Microsoft-IIS/8.5. X-AspNet-Version: 2.0.50727. X-Powered-By: ASP.NET. Date: Mon, 2 Oct 2017 15:17:58 GMT. Content-Length: 12. <body><agentAddr><IP address :56871</agentAddr></body>POST /device/3D00082PE517877/p2p-channel HTTP/1.1. CSeq: -1566585999. Authorization: WSSE profile="UsernameToken". X-WSSE: UsernameToken Username="P2PClient", PasswordDigest="TUmkcITSBvsSJmJYshXj7s1QTLo=", Nonce="1000919920", Created="2017-08-15T18:40:12+05:30". Content-Type: . Content-Length: 198. open ports are 37777, 80, 554 the above data seems to be DVR is connected thru P2P dvr app and Auth thru WSSE. so is it possible to extract admin password thru below data ? i am not sure, just asking. UsernameToken Username="P2PClient", PasswordDigest="TUmkcITSBvsSJmJYshXj7s1QTLo=", Nonce="1000919920", Created="2017-08-15T18:40:12+05:30". don't know how to sniff network using wireshark. give me some tutorial link about sniffing data between "DVR" and router or another user who is trying to access the dvr. Thanks
  8. yeah, Dahua DVR (video surveillance ) which is connected to a router so it has a static LAN ip address consider 192.168.1.100 and i'm trying to kick out the dvr device from the lan and make my linux box is has 192.168.1.100 to fetch the login the details of the Dahua dvr. any suggestion ? below is a default login details of dahua dvr
  9. hello Is it possible to get "admin" password of a dvr like "evil twin" used in wifi password ? just a idea. Any suggestions, thanks
  10. @trapman16 Just a concept like "killer USB".I haven't done anything yet but I will test it once i got some answers. The aim is to burn the router's processor by powering to WAN or LAN port on router or anyway have it silently. I chose to use my TP link 841n old router to test but i don't know the how much voltage to burn my router silently. or any suggestion is welcome. but not physically damaging.
  11. what happen if 12v powered in router WAN port ? does it burns the router processor or port alone ? is there surge protection on tp link - wr841n ?
  12. Thanks for sharing info. so its hard to attack someone's mobile phone via fully-remotely. while searching on google there's a video about taping mobile conversations is easy for some people in the below video thanks for tools This place is cool for learning new tech-things.
  13. @haze1434 Thanks for the tip. This type of pentesting which requires to install malicious (.apk) into my android mobile. so without installing any malicious code in android, is it possible to get control a android mobile ? other than installing the malicious code my android mobile more secure right ?
  14. Its a open access and i can able to get connected but no internet connection. sure, everything is educational purpose only. which tool can you prefer for pen-testing android mobile ?
  15. how to leave "hello" by just connecting to that AP ?
  16. @fugu. yes it's fake ap but dono which app or tool. @dXNlcm5hbWU. its a base64Decode but whats all about ? just deciphered name or any fake ap to fetch password or anything from any devices which connects to that AP ?
  17. Hi all, Its showing as android os mobiles like samsung,motorola,etc but the wifi access point ssid be like random letters with open access.I have connected those wifi but there's no internet connection.I am curious about the app and whats will be fun with it. any suggestions? Thanks
×
×
  • Create New...