Jump to content

Decoy

Active Members
 View Profile  See their activity

  • Posts

    248

  • Joined

  • Last visited

  • Days Won

    2

 Content Type 

Posts posted by Decoy

    [RELEASE] Packet Squirrel Firmware 3.x

    in Packet Squirrel

    Posted · Edited by Decoy

    On 8/5/2019 at 5:27 PM, Foxtrot said:

    Hi!

    Alongside our WiFi Pineapple and LAN Turtle firmware release, we're happy to announce firmware 3.0 for the Packet Squirrel. This update, like the LAN Turtle's, features an up-to-date kernel, firmware base and packages, including nmap, tcpdump and OpenVPN.

    Change Log 3.1:

    • General
      • Fix an issue where NTFS and VFAT formatted USB storage devices would not be detected properly.
    • Misc
      • Fix an issue where the C2 Client would not auto-start.

    Change Log 3.0:

    • General
      • Update base firmware from OpenWRT 15.05 to 19.07.
      • Update kernel from 3.18.84 to 4.14.133.
    • Packages
      • OpenVPN package now supports LZ4-V2 compression.

     

    To update your Packet Squirrel, grab the latest firmware from the Hak5 Download Portal and follow the Upgrade Instructions.

    - The Hak5 Development Team

     

    Hi @Foxtrot - the new firmware is great. Is there any chance we can modify '/etc/opkg.conf' in a future release to add the following line? 

    dest usb /mnt

    I've been experimenting with installing required packages directly onto USB with some success so far and was hoping a firmware update wouldn't wipe it out or require others to add it for future payloads. Thanks!

    Decoy

    Packet Squirrel/PCAP Timestamp

    in Packet Squirrel

    Posted

    I know this post is super old - but a quick fix (which I just used recently) is to modify the payload changing NETMODE from TRANSPARENT to BRIDGE. Obviously this won't work if you're looking to keep the device hidden as you will be assigned an IP address from the target; however for my purposes I was simply monitoring one node on my network. This allowed me to track time appropriately.

    Payload modification:  

    function run() {
	# Create loot directory
	mkdir -p /mnt/loot/tcpdump &> /dev/null
	
	# Set networking to TRANSPARENT mode and wait five seconds
	#NETMODE TRANSPARENT
	# Set networking to BRIDGE to allow for correct timestamp on caps
	NETMODE BRIDGE
	sleep 5
	
	# Start tcpdump on the bridge interface
	tcpdump -i br-lan -s 0 -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null &
	tpid=$!

	# Wait for button to be pressed (disable button LED)
	NO_LED=true BUTTON
	finish $tpid
}

    982606079_Screenshotfrom2019-09-0623-41-59.png.a31bae1bf70197fdca7909d496f90976.png

    IDA Pro Alternatives?

    in Applications & Coding

    Posted

    Hi Everyone,

    So my latest obsession has been with embedded device hacking/reverse engineering. I've been having tons of fun discovering UART/JTAG ports/pins, dumping firmware, and walking the file systems. As far as binary analysis goes - I am looking for something comparable to IDA Pro. I've used it and like it, and from what I have read - it's considered the best; however it is also the most expensive. Does anyone know of any good alternatives the have a comparable feature set? I've been looking into Binary Ninja which is about $150 for a Hobbyist license - I am leaning towards that one so far. Any suggestions would be greatly appreciated. Thanks,

    D

    Packet Squirrel/PCAP Timestamp

    in Packet Squirrel

    Posted

    22 hours ago, SeRCH1nER said:

    Surprised no one has run into this issue before. 

    This was actually mentioned in their "Let's Code" video when the Packet Squirrel was first released - so it's a known "issue". It can be done by syncing with NTP; however this can't be done in Transparent mode. You would need an IP on the target network with Internet access in order to accomplish this. While it might not be perfect, and might require some parsing on your part - you could always snag Timestamps from HTTP headers as well when returned across the wire.

    HakShop Concern

    in Forums and Wiki

    Posted

    4 hours ago, 3lohim said:

    When ever I read your posts, I always hear your words in my mind in a fun kind of loud and obnoxious voice most likely do to your profile photo...

    That's precisely my intention.

    • Like 1

    HakShop Concern

    in Forums and Wiki

    Posted

    So I was able to change my password by pretending to forget it; however it might not be a bad idea to introduce a legitimate feature on the account page for this. Please let me know if I am just blind and can't find it anywhere.

    HakShop Concern

    in Forums and Wiki

    Posted

    Hello,

    I don't know if I am blind or what - but I can't seem to find where to change my Hakshop Account password ANYWHERE. Is this functionality not available? It looks like the only thing I can add/change is my address. Thanks,

    D

    Kali on Nexus vs Android

    in Questions

    Posted

    2 hours ago, i8igmac said:

    I'm not so interested until a android device works out of the box and has atheros chip.

    in the past, I have read about wifi attacks from android you need a usb wifi card and powered usb/hub that supports monitor mode.  this would look super ugly hanging out of your back pocket.

     

    I agree with the ugly pocket; however I do like the idea of using nethunter on a phone while wardriving. It's easier to use my mobile device and slap an alpha card onto my passenger side window or driver side window as opposed to using a laptop.

    Root your car (Idea)

    in Everything Else

    Posted

    Just now, Dave-ee Jones said:

    Actually I think the girl's toy one was OpenSesame. RollJam is basically a radio chip that kinda looks like a Pi Zero...

    That's right. I'm confusing the two. Check out his drone work too, it's pretty awesome. It flies around hacking other drones in flight, creating a drone army.

    Root your car (Idea)

    in Everything Else

    Posted

    Just now, Dave-ee Jones said:

    Just got my mind blown by RollJam and how it works..Pretty ingenious stuff.

    I saw that for the first time last year I think... I'm more amazed that he built it out of a little girl's toy. He also caused mass inflation of the price in which to purchase one... But definitely genius. I've picked up some SDR gear, but I've yet to dabble.

    Which browser(s) do you find yourself using the most?

    in Everything Else

    Posted

    Are we talking strictly Mobile Browsing? The new Focus browser from Firefox is decent, and seems to tote privacy as its primary purpose. If we're talking desktop, I think Firefox is the way to go as there tend to be more plug-ins available for specific tasks. I was really excited for the Mantra Browser (variation of Firefox) from the OWASP project, but support seems to have fizzled out. There hasn't been an update in quite some time. This browser came bundled with a suite of plugins and pre-configured settings for web application testing. Check out some videos when you get the chance, it was pretty slick.

    CUDA

    in Everything Else

    Posted

    18 hours ago, PoSHMagiC0de said:

    I been tinkering around with an idea I plan on writing in python.  It is to query and handle the sqllite files handled by kismet and WiGle for the android.  Want to be able to combine them into 1 common database and more open query options to export results to kml files.

    I've been thinking more about this. Are you talking about GPS locations and such? I'm think you could match on SSID/BSSID to grab that latitude/longitude from the WiGle files and give a more accurate picture of what (and where) you are looking at. This is a great idea.

    CUDA

    in Everything Else

    Posted

    5 hours ago, Dave-ee Jones said:

    @Decoy you sure you couldn't've posted a .txt file with all that up? That's huge..

    Yeah, I posted it from my phone. That GitHub link points to a batch file, what you see above. I'm going to compile it all and clean it up. Maybe I'll submit a pull request for SecLists.

    CUDA

    in Everything Else

    Posted

    This batch file is a pretty comprehensive list of default passwords by router:

    https://github.com/wpatoolkit/Default-Keyspace-List 

    
 
    mkdir "./defaultwpa"
    cd "./defaultwpa"
    mkdir "2WIREXXX-[0-9][len10]"
    mkdir "3Wireless-Modem-XXXX-[0-9A-F][len8]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./3Wireless-Modem-XXXX-[0-9A-F][len8]/3WirelessDefault.txt"
    mkdir "Alice-12345678-[0-9a-z][len24]"
    echo http://wpacalculator.altervista.org/XL/Alice.php>>"./Alice-12345678-[0-9a-z][len24]/AliceDefault.txt"
    mkdir "Andared"
    mkdir "AOLBB-XXXXXX-[0-9A-Z][len8]"
    mkdir "Arcadyan"
    mkdir "ArnetPirelli"
    mkdir "ATTXXX-[0-9][len10]"
    mkdir "ATTXXXX-[0-9A-Z][len10]"
    mkdir "ATTXXXXXXX-[0-9a-z+][len12]"
    mkdir "Axtel"
    mkdir "belkin.xxx-[2-9a-f][len8]"
    echo https://github.com/wpatoolkit/8-Hex-Generator>"./belkin.xxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo https://bitbucket.org/dudux/belkin4xx>>"./belkin.xxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo https://github.com/Konsole512/Crippled>>"./belkin.xxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo http://www.routerpwn.com/belkinwpa/>>"./belkin.xxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo https://raw.githubusercontent.com/devttys0/wps/master/pingens/belkin/pingen.c>>"./belkin.xxx-[2-9a-f][len8]/BelkinDefault.txt"
    mkdir "Belkin.XXXX-[0-9A-F][len8]"
    echo https://github.com/wpatoolkit/8-Hex-Generator>"./Belkin.XXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo https://bitbucket.org/dudux/belkin4xx>>"./Belkin.XXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo https://github.com/Konsole512/Crippled>>"./Belkin.XXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo http://www.routerpwn.com/belkinwpa/>>"./Belkin.XXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo https://raw.githubusercontent.com/devttys0/wps/master/pingens/belkin/pingen.c>>"./Belkin.XXXX-[0-9A-F][len8]/BelkinDefault.txt"
    mkdir "belkin.xxxx-[2-9a-f][len8]"
    echo https://github.com/wpatoolkit/8-Hex-Generator>"./belkin.xxxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo https://bitbucket.org/dudux/belkin4xx>>"./belkin.xxxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo https://github.com/Konsole512/Crippled>>"./belkin.xxxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo http://www.routerpwn.com/belkinwpa/>>"./belkin.xxxx-[2-9a-f][len8]/BelkinDefault.txt"
    echo https://raw.githubusercontent.com/devttys0/wps/master/pingens/belkin/pingen.c>>"./belkin.xxxx-[2-9a-f][len8]/BelkinDefault.txt"
    mkdir "Belkin_XXXXXX-[0-9A-F][len8]"
    echo https://github.com/wpatoolkit/8-Hex-Generator>"./Belkin_XXXXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo https://bitbucket.org/dudux/belkin4xx>>"./Belkin_XXXXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo https://github.com/Konsole512/Crippled>>"./Belkin_XXXXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo http://www.routerpwn.com/belkinwpa/>>"./Belkin_XXXXXX-[0-9A-F][len8]/BelkinDefault.txt"
    echo https://raw.githubusercontent.com/devttys0/wps/master/pingens/belkin/pingen.c>>"./Belkin_XXXXXX-[0-9A-F][len8]/BelkinDefault.txt"
    mkdir "BELLXXX-[0-9A-F][len8]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BELLXXX-[0-9A-F][len8]/BELLDefault.txt"
    mkdir "BigPondXXXXXX-[0-9A-F][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BigPondXXXXXX-[0-9A-F][len10]/BigPondDefault.txt"
    mkdir "BrightBox-XXXXXX-[len8]"
    mkdir "BTBusinessHub-XXX-[0-9][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BTBusinessHub-XXX-[0-9][len10]/BTDefault.txt"
    mkdir "BTHomeHub2-XXXX-[2-9a-f][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BTHomeHub2-XXXX-[2-9a-f][len10]/BTDefault.txt"
    mkdir "BTHomeHub-XXXX-[0-9a-f][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BTHomeHub-XXXX-[0-9a-f][len10]/BTDefault.txt"
    echo http://wpacalculator.altervista.org/XL/BTHomeHub.php>>"./BTHomeHub-XXXX-[0-9a-f][len10]/BTDefault.txt"
    mkdir "BTHub3-XXXX-[2-9a-f][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BTHub3-XXXX-[2-9a-f][len10]/BTDefault.txt"
    mkdir "BTHub4-XXXX-[2-9a-f][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BTHub4-XXXX-[2-9a-f][len10]/BTDefault.txt"
    mkdir "BTHub5-XXXX-[2-9a-f][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./BTHub5-XXXX-[2-9a-f][len10]/BTDefault.txt"
    mkdir "CabovisaoSagem"
    mkdir "CenturyLinkXXXX-[0-9a-f][len14]"
    mkdir "Comtrend"
    mkdir "Contattami"
    mkdir "DDW12345-[DDW123]+[0-9A-F_len6]"
    mkdir "DG123456-[DG1234]+[0-9A-F_len6]"
    mkdir "Digicom_XXXX-[0-9A-Z][len8]"
    mkdir "Discus"
    mkdir "DJAWEB_XXXXX-[0-9][len10]"
    mkdir "Dlink"
    echo http://wpacalculator.altervista.org/XL/DLink.php>>"./Dlink/DlinkDefault.txt"
    echo http://www.devttys0.com/2014/10/reversing-d-links-wps-pin-algorithm/>>"./Dlink/DlinkDefault.txt"
    echo http://lixei.me/codigo-fonte-wpa-dlink-php-c/>>"./Dlink/DlinkDefault.txt"
    mkdir "Domino-XXXX-[0-9A-F][len8]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./Domino-XXXX-[0-9A-F][len8]/DominoDefault.txt"
    mkdir "E583X-XXXX-[0-9][len8]"
    mkdir "E583X-XXXXX-[0-9A-F][len8]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./E583X-XXXXX-[0-9A-F][len8]/E583XDefault.txt"
    mkdir "EasyBox-XXXXXX-[0-9A-F][len9]"
    echo http://wpacalculator.altervista.org/XL/EasyBox.php>"./EasyBox-XXXXXX-[0-9A-F][len9]/EasyBoxDefault.txt"
    echo http://www.wardriving-forum.de/wiki/Standardpassw%C3%B6rter>>"./EasyBox-XXXXXX-[0-9A-F][len9]/EasyBoxDefault.txt"
    echo http://www.patent-de.com/20081120/DE102007047320A1.html>>"./EasyBox-XXXXXX-[0-9A-F][len9]/EasyBoxDefault.txt"
    echo https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130805-0_Vodafone_EasyBox_Default_WPS_PIN_Vulnerability_v10.txt>>"./EasyBox-XXXXXX-[0-9A-F][len9]/EasyBoxDefault.txt"
    echo http://www.routerpwn.com/EasyBox/>>"./EasyBox-XXXXXX-[0-9A-F][len9]/EasyBoxDefault.txt"
    mkdir "EEBrightBox-XXXXXX-[word-word-word]"
    echo https://github.com/wpatoolkit/Word-word-word-Wordlist-Generator>"./EEBrightBox-XXXXXX-[word-word-word]/EEBrightBoxDefault.txt"
    mkdir "Eircom"
    echo http://wpacalculator.altervista.org/XL/Eircom.php>>"./Eircom/EircomDefault.txt"
    mkdir "ELTEX-XXXX"
    mkdir "Fastweb"
    echo http://wpacalculator.altervista.org/XL/Fastweb.php>"./Fastweb/FastwebDefault.txt"
    mkdir "FRITZ!Box Fon WLAN XXXX-[0-9][len16]"
    mkdir "HG824x"
    mkdir "HOME-XXXX(Cisco)-[0-9A-Z][len16]"
    mkdir "HOME-XXXX(SMC)-[serial_len12]+[0-9A-F_len4]"
    mkdir "HOME-XXXX-[0-9A-F][len16]"
    mkdir "Huawei"
    echo http://websec.ca/blog/view/mac2wepkey_huawei>>"./Huawei/HuaweiDefault.txt"
    mkdir "INFINITUMXXXX-[0-9][len10]"
    mkdir "Infostrada"
    echo http://wpacalculator.altervista.org/XL/Infostrada.php>>"./Infostrada/InfostradaDefault.txt"
    mkdir "InterCable"
    mkdir "JAZZTEL"
    echo http://wpacalculator.altervista.org/XL/JAZZTEL.php>"./JAZZTEL/JAZZTELDefault.txt"
    mkdir "Keenetic-XXXX-[a-zA-Z0-9][len8]"
    mkdir "LinksysXXXXX-[0-9a-z][len10]"
    mkdir "Livebox-XXXX"
    mkdir "Maxcom"
    mkdir "Megared"
    mkdir "MeoPirelli"
    mkdir "MGTS_GPON_XXXX-[0-9a-f][len8]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./MGTS_GPON_XXXX-[0-9a-f][len8]/MGTSDefault.txt"
    mkdir "mifi2-[0-9A-Z][len13]"
    mkdir "MiFiXXXX XXX-[0-9][len11]"
    mkdir "MobileWifi-XXXX-[0-9][len8]"
    mkdir "NETGEARXX-[adj+noun+3digs]"
    echo https://github.com/wpatoolkit/Adj-Noun-Wordlist-Generator>"./NETGEARXX-[adj+noun+3digs]/NetgearDefault.txt"
    mkdir "NETIASPOT_XXXXXX-[0-9a-z][len12]"
    mkdir "ONOXXXX-[0-9][len10]"
    mkdir "Orange-[0-9a-f][len8] or [0-9A-F][len12]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./Orange-[0-9a-f][len8] or [0-9A-F][len12]/OrangeDefault.txt"
    mkdir "Orange-XXXX-[2345679ACEF][len8]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./Orange-XXXX-[2345679ACEF][len8]/OrangeDefault.txt"
    mkdir "Ote"
    mkdir "OteBAUD"
    mkdir "OteHuawei"
    mkdir "PBS"
    mkdir "Pirelli"
    echo https://packetstormsecurity.com/files/131834/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering-Rev-2.html>>"./Pirelli/PirelliDefault.txt"
    echo http://ednolo.alumnos.upv.es/?p=1883>>"./Pirelli/PirelliDefault.txt"
    mkdir "PlusnetWireless-XXXXXX-[0-9A-F][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./PlusnetWireless-XXXXXX-[0-9A-F][len10]/PlusnetWirelessDefault.txt"
    mkdir "PRIMEHOME-XX-[0-9a-f][len8]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./PRIMEHOME-XX-[0-9a-f][len8]/PRIMEHOMEDefault.txt"
    mkdir "Ptv"
    mkdir "ROSTELECOM_XXXX-[ACDEFGHJKMNPQRTUXY3467][len8]"
    mkdir "SAGEMCOM_XXXX-[ACDEFGHJKMNPQRTUXY3467][len8]"
    mkdir "SBG123456-[SBG1234]+[0-9A-F_len6]"
    mkdir "Sitecom"
    mkdir "SKYXXXXX-[A-Z][len8]"
    echo https://github.com/wpatoolkit/Upper-Alpha-Keyspace-Reducer>"./SKYXXXXX-[A-Z][len8]/SkyDefault.txt"
    mkdir "Speedport500"
    mkdir "SpeedTouchXXXXXX-[0-9A-F][len10]"
    echo http://wpacalculator.altervista.org/XL/SpeedTouch.php>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    echo http://www.nickkusters.com/en/services/thomson-speedtouch>>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    echo http://www.md5this.com/thomson-speedtouch-crack.html>>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    echo http://klasseonline.aboehler.at/stuff/thomson/>>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    echo http://amigdalo.tk/ST/>>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    echo http://www.hakim.ws/st585/KevinDevine/>>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    echo http://sodki.org/data/uploads/code/thomson.sh>>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    echo https://github.com/wpatoolkit/10-Hex-Generator>>"./SpeedTouchXXXXXX-[0-9A-F][len10]/SpeedTouchDefault.txt"
    mkdir "TAKASHI-XXXXXX-[0-9A-F][len8]"
    mkdir "TALKTALK-XXXXXX-[ABCDEFGHJKMNPQRTUVWXY346789][len8]"
    mkdir "Technicolor-[0-9A-F][len10]"
    echo http://wpacalculator.altervista.org/XL/Technicolor.php>"./Technicolor-[0-9A-F][len10]/TechnicolorDefault.txt"
    echo https://github.com/wpatoolkit/10-Hex-Generator>>"./Technicolor-[0-9A-F][len10]/TechnicolorDefault.txt"
    mkdir "Tecom"
    mkdir "Tele2Tu"
    echo http://wpacalculator.altervista.org/XL/Tele2.php>>"./Tele2Tu/Tele2TuDefault.txt"
    mkdir "Telsey"
    mkdir "TELUSXXXX-[0-9a-f][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./TELUSXXXX-[0-9a-f][len10]/TELUSDefault.txt"
    mkdir "TelstraXXXXXX-[0-9A-F][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./TelstraXXXXXX-[0-9A-F][len10]/TelstraDefault.txt"
    mkdir "TG123456-[TG1234]+[0-9A-F_len6]"
    mkdir "ThomsonXXXXXX-[0-9A-F][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>>"./ThomsonXXXXXX-[0-9A-F][len10]/ThomsonDefault.txt"
    mkdir "TIM_PN51T_XXXX-[0-9][len8]"
    mkdir "TNCAPXXXXXX-[0-9A-F][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./TNCAPXXXXXX-[0-9A-F][len10]/TNCAPDefault.txt"
    mkdir "TPG-XXXX"
    mkdir "TP-LINK_Pocket_XXXX_MMMMMM"
    mkdir "TP-LINK_XXXXXX-[0-9A-F][len8]"
    echo http://www.backtrack-linux.org/forums/showthread.php?t=62673>>"./TP-LINK_XXXXXX-[0-9A-F][len8]/TPLinkDefault.txt"
    echo https://github.com/wpatoolkit/10-Hex-Generator>>"./TP-LINK_XXXXXX-[0-9A-F][len8]/TPLinkDefault.txt"
    mkdir "U12345678-[U123456]+[0-9A-F_len6]"
    mkdir "UNITE-XXXX-[0-9][len8]"
    mkdir "UPCXXXXXXX-[A-Z][len8]"
    echo https://github.com/wpatoolkit/Upper-Alpha-Keyspace-Reducer>"./UPCXXXXXXX-[A-Z][len8]/UPCDefault.txt"
    mkdir "Verizon"
    echo http://wpacalculator.altervista.org/XL/Verizon.php>>"./Verizon/VerizonDefault.txt"
    echo http://aruljohn.com/fios/>>"./Verizon/VerizonDefault.txt"
    echo http://www.xkyle.com/verizon-fios-wireless-key-calculator/>>"./Verizon/VerizonDefault.txt"
    mkdir "Verizon MIFIXXXX XXXX-[0-9][len11]"
    mkdir "virginmediaXXXXXXX-[abcdefghjklmnpqrstuvwxyz][len8]"
    echo https://github.com/wpatoolkit/Lower-Alpha-Keyspace-Reducer>"./virginmediaXXXXXXX-[abcdefghjklmnpqrstuvwxyz][len8]/VirginDefault.txt"
    mkdir "VirginMobile MiFiXXXX XXX-[0-9][len11]"
    mkdir "VMXXXXXX-2G-[abcdefghjklmnpqrstuvwxyz][len8]"
    echo https://github.com/wpatoolkit/Lower-Alpha-Keyspace-Reducer>"./VMXXXXXX-2G-[abcdefghjklmnpqrstuvwxyz][len8]/VirginDefault.txt"
    mkdir "VMXXXXXX-5G-[abcdefghjklmnpqrstuvwxyz][len8]"
    echo https://github.com/wpatoolkit/Lower-Alpha-Keyspace-Reducer>"./VMXXXXXX-5G-[abcdefghjklmnpqrstuvwxyz][len8]/VirginDefault.txt"
    mkdir "WiFi-Arnet-XXXX(Pirelli)-[0-9a-z][len10]"
    mkdir "WiFi-Arnet-XXXX-[0-9a-zA-Z][len13]"
    mkdir "WifimediaR"
    mkdir "WLAN"
    echo http://wpacalculator.altervista.org/XL/WLAN.php>>"./WLAN/WLANDefault.txt"
    mkdir "WLAN1-XXXXXX-[0-9A-F][len10]"
    echo https://github.com/wpatoolkit/10-Hex-Generator>"./WLAN1-XXXXXX-[0-9A-F][len10]/WLAN1Default.txt"
    mkdir "XXXXX-[0-9A-Z][len16]"
    mkdir "ZyXELXXXXXX-[0-9A-Z][len13]"

    CUDA

    in Everything Else

    Posted

    45 minutes ago, i8igmac said:

    what's the deal with netgear? Is there password predictable? Is there a word list for it?

    Yes, that link I posted above generates a good one. Default passwords are always Adjective + Noun + 3 numbers. Example:

    brightcoconut657

    That wpatools has a great wordlist generator. 

    54 minutes ago, Dave-ee Jones said:

    Ouch.

    Now all you need to do is sit it in your garage, stick a VPN or TeamViewer on it and start passing it some hashes from your phone while you roam around, like a supercomputer that's waiting to crack something you send it.

    That's ideally what I'd like. I want to run an Ubuntu Server for hash cracking only. Eventually. For now though, it'd be cool to modify besside to do what you're saying. I might do just that :)

    CUDA

    in Everything Else

    Posted

    1 hour ago, PoSHMagiC0de said:

    I been tinkering around with an idea I plan on writing in python.  It is to query and handle the sqllite files handled by kismet and WiGle for the android.  Want to be able to combine them into 1 common database and more open query options to export results to kml files.

    Keep me posted, I'd be interested in that. I've often toyed with a similar idea as well. It would definitely be useful.

    1 hour ago, Dave-ee Jones said:

    If kH carries on like KB/MB etc then wouldn't it be 781.4 * 1024? So it'd be a bit bigger than 781,400...

    Unfortunately it doesn't.

    1 kH/s = 1000 hashes per second

    1 mH/s = 1,000,000 hashes per second

    1 gH/z = 1,000,000,000 hashes per second

    I chewed through almost a billion hashes in under 20 minutes this afternoon (WPA2).

    CUDA

    in Everything Else

    Posted

    6 hours ago, i8igmac said:

    Are you running these gpu's in sli? Overclocked? Water cooling? 

    And I haven't overclocked them yet, and I have three exhaust fans and one intake fan. Water-cooling makes me nervous.

    CUDA

    in Everything Else

    Posted

    49 minutes ago, PoSHMagiC0de said:

    My 970 only pulls 113kHs on wpa.  I see wpa really drags down the system even with 2 1070s compared to the other hashes.  Awesome.

    Yeah, I'm having a blast with this rig so far. I actually just found this new gem on GitHub, I'm adding these to my toolbox:

    https://github.com/wpatoolkit

    I was actually about to write my own NetGear default tool until I found these.

    CUDA

    in Everything Else

    Posted

    59 minutes ago, i8igmac said:

    Hashtype: wpa/wpa2

    Speed.Dev.#1.....:   388.6 kH/s (52.19ms)
    Speed.Dev.#2.....:   392.8 kH/s (51.63ms)
    Speed.Dev.#*.....:   781.4 kH/s

     

    Is that 781,400 hash's per second?

    can you post pyrit benchmark. I would like to see a comparison...

     

    are you running these gpu's in sli? Overclocked? Water cooling? 

    Yes, that's 781,400 hashes per second. I have a custom wordlist of 80+ million passwords, and  it chews through that in no time at all. I'm running 2x Nvidia GeForce Founders Editions SLI. That's both of them combined. NTLM hashes:

    Hashtype: NTLM

    Speed.Dev.#1.....: 38451.1 MH/s (69.34ms)
    Speed.Dev.#2.....: 39406.8 MH/s (67.55ms)
    Speed.Dev.#*.....: 77858.0 MH/s

    I will post a pyrit benchmark tonight.

×
×
  • Create New...