Decoy

OpenCL Platform #1: NVIDIA Corporation ====================================== * Device #1: GeForce GTX 1080, 2048/8192 MB allocatable, 20MCU * Device #2: GeForce GTX 1080, 2048/8192 MB allocatable, 20MCU Hashtype: MD4 Speed.Dev.#1.....: 45633.6 MH/s (58.57ms) Speed.Dev.#2.....: 46114.0 MH/s (57.97ms) Speed.Dev.#*.....: 91747.6 MH/s Hashtype: MD5 Speed.Dev.#1.....: 24664.6 MH/s (54.29ms) Speed.Dev.#2.....: 24992.6 MH/s (53.55ms) Speed.Dev.#*.....: 49657.2 MH/s Hashtype: Half MD5 Speed.Dev.#1.....: 15470.8 MH/s (86.56ms) Speed.Dev.#2.....: 15628.6 MH/s (85.65ms) Speed.Dev.#*.....: 31099.3 MH/s Hashtype: SHA1 Speed.Dev.#1.....: 8158.2 MH/s (82.11ms) Speed.Dev.#2.....: 8260.7 MH/s (81.02ms) Speed.Dev.#*.....: 16418.9 MH/s Hashtype: SHA-256 Speed.Dev.#1.....: 3139.6 MH/s (53.05ms) Speed.Dev.#2.....: 3172.5 MH/s (52.44ms) Speed.Dev.#*.....: 6312.1 MH/s Hashtype: SHA-384 Speed.Dev.#1.....: 1042.2 MH/s (80.34ms) Speed.Dev.#2.....: 1049.5 MH/s (79.75ms) Speed.Dev.#*.....: 2091.7 MH/s Hashtype: SHA-512 Speed.Dev.#1.....: 1060.8 MH/s (78.90ms) Speed.Dev.#2.....: 1074.4 MH/s (77.87ms) Speed.Dev.#*.....: 2135.1 MH/s Hashtype: SHA-3 (Keccak) Speed.Dev.#1.....: 824.6 MH/s (101.56ms) Speed.Dev.#2.....: 840.5 MH/s (99.56ms) Speed.Dev.#*.....: 1665.1 MH/s Hashtype: SipHash Speed.Dev.#1.....: 28686.1 MH/s (93.39ms) Speed.Dev.#2.....: 28972.7 MH/s (92.42ms) Speed.Dev.#*.....: 57658.8 MH/s Hashtype: Skip32 (PT = $salt, key = $pass) Speed.Dev.#1.....: 5381.6 MH/s (2.94ms) Speed.Dev.#2.....: 5532.0 MH/s (2.89ms) Speed.Dev.#*.....: 10913.6 MH/s Hashtype: RIPEMD-160 Speed.Dev.#1.....: 4802.5 MH/s (69.71ms) Speed.Dev.#2.....: 4879.4 MH/s (68.56ms) Speed.Dev.#*.....: 9681.9 MH/s Hashtype: Whirlpool Speed.Dev.#1.....: 251.1 MH/s (166.71ms) Speed.Dev.#2.....: 255.8 MH/s (163.58ms) Speed.Dev.#*.....: 506.9 MH/s Hashtype: GOST R 34.11-94 Speed.Dev.#1.....: 240.6 MH/s (86.98ms) Speed.Dev.#2.....: 245.2 MH/s (85.37ms) Speed.Dev.#*.....: 485.8 MH/s Hashtype: GOST R 34.11-2012 (Streebog) 256-bit Speed.Dev.#1.....: 49596.8 kH/s (208.76ms) Speed.Dev.#2.....: 50254.7 kH/s (205.86ms) Speed.Dev.#*.....: 99851.4 kH/s Hashtype: GOST R 34.11-2012 (Streebog) 512-bit Speed.Dev.#1.....: 49617.7 kH/s (208.67ms) Speed.Dev.#2.....: 50342.5 kH/s (205.59ms) Speed.Dev.#*.....: 99960.2 kH/s Hashtype: DES (PT = $salt, key = $pass) Speed.Dev.#1.....: 18566.1 MH/s (71.89ms) Speed.Dev.#2.....: 18799.3 MH/s (71.05ms) Speed.Dev.#*.....: 37365.4 MH/s Hashtype: 3DES (PT = $salt, key = $pass) Speed.Dev.#1.....: 474.9 MH/s (88.05ms) Speed.Dev.#2.....: 479.4 MH/s (87.30ms) Speed.Dev.#*.....: 954.3 MH/s Hashtype: phpass, WordPress (MD5), phpBB3 (MD5), Joomla (MD5) Speed.Dev.#1.....: 6755.8 kH/s (95.22ms) Speed.Dev.#2.....: 6810.1 kH/s (94.40ms) Speed.Dev.#*.....: 13565.9 kH/s Hashtype: scrypt Speed.Dev.#1.....: 602.4 kH/s (60.99ms) Speed.Dev.#2.....: 607.5 kH/s (60.09ms) Speed.Dev.#*.....: 1209.8 kH/s Hashtype: PBKDF2-HMAC-MD5 Speed.Dev.#1.....: 6729.4 kH/s (61.02ms) Speed.Dev.#2.....: 6847.5 kH/s (60.06ms) Speed.Dev.#*.....: 13576.9 kH/s Hashtype: PBKDF2-HMAC-SHA1 Speed.Dev.#1.....: 3137.2 kH/s (42.05ms) Speed.Dev.#2.....: 3157.9 kH/s (41.79ms) Speed.Dev.#*.....: 6295.2 kH/s Hashtype: PBKDF2-HMAC-SHA256 Speed.Dev.#1.....: 1173.9 kH/s (59.95ms) Speed.Dev.#2.....: 1188.5 kH/s (58.49ms) Speed.Dev.#*.....: 2362.4 kH/s Hashtype: PBKDF2-HMAC-SHA512 Speed.Dev.#1.....: 382.4 kH/s (97.21ms) Speed.Dev.#2.....: 404.7 kH/s (91.96ms) Speed.Dev.#*.....: 787.1 kH/s Hashtype: Skype Speed.Dev.#1.....: 12048.1 MH/s (55.53ms) Speed.Dev.#2.....: 12499.5 MH/s (53.50ms) Speed.Dev.#*.....: 24547.6 MH/s Hashtype: WPA/WPA2 Speed.Dev.#1.....: 388.6 kH/s (52.19ms) Speed.Dev.#2.....: 392.8 kH/s (51.63ms) Speed.Dev.#*.....: 781.4 kH/s Hashtype: IKE-PSK MD5 Speed.Dev.#1.....: 1785.8 MH/s (93.42ms) Speed.Dev.#2.....: 1827.5 MH/s (91.23ms) Speed.Dev.#*.....: 3613.3 MH/s Hashtype: IKE-PSK SHA1 Speed.Dev.#1.....: 766.6 MH/s (54.48ms) Speed.Dev.#2.....: 776.6 MH/s (53.74ms) Speed.Dev.#*.....: 1543.3 MH/s Hashtype: NetNTLMv1 / NetNTLMv1+ESS Speed.Dev.#1.....: 20838.3 MH/s (64.25ms) Speed.Dev.#2.....: 21239.2 MH/s (62.96ms) Speed.Dev.#*.....: 42077.5 MH/s Hashtype: NetNTLMv2 Speed.Dev.#1.....: 1694.6 MH/s (49.36ms) Speed.Dev.#2.....: 1713.3 MH/s (48.74ms) Speed.Dev.#*.....: 3408.0 MH/s Hashtype: IPMI2 RAKP HMAC-SHA1 Speed.Dev.#1.....: 1558.2 MH/s (53.59ms) Speed.Dev.#2.....: 1582.2 MH/s (52.78ms) Speed.Dev.#*.....: 3140.3 MH/s Hashtype: Kerberos 5 AS-REQ Pre-Auth etype 23 Speed.Dev.#1.....: 252.3 MH/s (82.86ms) Speed.Dev.#2.....: 257.0 MH/s (81.42ms) Speed.Dev.#*.....: 509.3 MH/s Hashtype: Kerberos 5 TGS-REP etype 23 Speed.Dev.#1.....: 260.5 MH/s (80.14ms) Speed.Dev.#2.....: 259.3 MH/s (80.71ms) Speed.Dev.#*.....: 519.9 MH/s Hashtype: DNSSEC (NSEC3) Speed.Dev.#1.....: 3231.3 MH/s (51.45ms) Speed.Dev.#2.....: 3283.8 MH/s (50.73ms) Speed.Dev.#*.....: 6515.2 MH/s Hashtype: PostgreSQL CRAM (MD5) Speed.Dev.#1.....: 6129.7 MH/s (54.56ms) Speed.Dev.#2.....: 6348.7 MH/s (52.65ms) Speed.Dev.#*.....: 12478.4 MH/s Hashtype: MySQL CRAM (SHA1) Speed.Dev.#1.....: 2139.6 MH/s (77.79ms) Speed.Dev.#2.....: 2197.0 MH/s (75.81ms) Speed.Dev.#*.....: 4336.5 MH/s Hashtype: SIP digest authentication (MD5) Speed.Dev.#1.....: 3333.4 MH/s (49.89ms) Speed.Dev.#2.....: 3396.0 MH/s (98.55ms) Speed.Dev.#*.....: 6729.4 MH/s Hashtype: SMF (Simple Machines Forum) > v1.1 Speed.Dev.#1.....: 6493.1 MH/s (51.27ms) Speed.Dev.#2.....: 6585.6 MH/s (50.72ms) Speed.Dev.#*.....: 13078.7 MH/s Hashtype: vBulletin < v3.8.5 Speed.Dev.#1.....: 6516.1 MH/s (51.34ms) Speed.Dev.#2.....: 6633.7 MH/s (50.37ms) Speed.Dev.#*.....: 13149.8 MH/s Hashtype: vBulletin >= v3.8.5 Speed.Dev.#1.....: 4524.6 MH/s (73.96ms) Speed.Dev.#2.....: 4612.6 MH/s (72.57ms) Speed.Dev.#*.....: 9137.3 MH/s Hashtype: IPB2+ (Invision Power Board), MyBB 1.2+ Speed.Dev.#1.....: 4661.2 MH/s (71.18ms) Speed.Dev.#2.....: 4771.0 MH/s (69.80ms) Speed.Dev.#*.....: 9432.1 MH/s Hashtype: WBB3 (Woltlab Burning Board) Speed.Dev.#1.....: 1258.4 MH/s (66.18ms) Speed.Dev.#2.....: 1275.1 MH/s (65.35ms) Speed.Dev.#*.....: 2533.5 MH/s Hashtype: OpenCart Speed.Dev.#1.....: 1847.4 MH/s (89.89ms) Speed.Dev.#2.....: 1934.9 MH/s (85.82ms) Speed.Dev.#*.....: 3782.3 MH/s Hashtype: Joomla < 2.5.18 Speed.Dev.#1.....: 23918.2 MH/s (55.66ms) Speed.Dev.#2.....: 24321.4 MH/s (54.73ms) Speed.Dev.#*.....: 48239.6 MH/s Hashtype: PHPS Speed.Dev.#1.....: 6426.4 MH/s (51.45ms) Speed.Dev.#2.....: 6564.8 MH/s (50.46ms) Speed.Dev.#*.....: 12991.2 MH/s Hashtype: Drupal7 Speed.Dev.#1.....: 52478 H/s (96.93ms) Speed.Dev.#2.....: 51281 H/s (99.23ms) Speed.Dev.#*.....: 103.8 kH/s Hashtype: osCommerce, xt:Commerce Speed.Dev.#1.....: 11997.2 MH/s (55.24ms) Speed.Dev.#2.....: 12327.2 MH/s (53.88ms) Speed.Dev.#*.....: 24324.4 MH/s Hashtype: PrestaShop Speed.Dev.#1.....: 7787.2 MH/s (85.68ms) Speed.Dev.#2.....: 7900.1 MH/s (84.41ms) Speed.Dev.#*.....: 15687.3 MH/s Hashtype: Django (SHA-1) Speed.Dev.#1.....: 6536.5 MH/s (50.82ms) Speed.Dev.#2.....: 6687.9 MH/s (49.66ms) Speed.Dev.#*.....: 13224.4 MH/s Hashtype: Django (PBKDF2-SHA256) Speed.Dev.#1.....: 58551 H/s (70.86ms) Speed.Dev.#2.....: 57614 H/s (71.93ms) Speed.Dev.#*.....: 116.2 kH/s Hashtype: MediaWiki B type Speed.Dev.#1.....: 6377.5 MH/s (52.17ms) Speed.Dev.#2.....: 6500.9 MH/s (51.19ms) Speed.Dev.#*.....: 12878.4 MH/s Hashtype: Redmine Speed.Dev.#1.....: 2591.9 MH/s (63.99ms) Speed.Dev.#2.....: 2672.7 MH/s (62.09ms) Speed.Dev.#*.....: 5264.6 MH/s Hashtype: PunBB Speed.Dev.#1.....: 2589.4 MH/s (63.77ms) Speed.Dev.#2.....: 2657.8 MH/s (62.23ms) Speed.Dev.#*.....: 5247.2 MH/s Hashtype: PostgreSQL Speed.Dev.#1.....: 22967.6 MH/s (57.93ms) Speed.Dev.#2.....: 23413.8 MH/s (56.81ms) Speed.Dev.#*.....: 46381.5 MH/s Hashtype: MSSQL (2000) Speed.Dev.#1.....: 8002.6 MH/s (83.24ms) Speed.Dev.#2.....: 8159.1 MH/s (81.62ms) Speed.Dev.#*.....: 16161.7 MH/s Hashtype: MSSQL (2005) Speed.Dev.#1.....: 8260.3 MH/s (80.78ms) Speed.Dev.#2.....: 8402.5 MH/s (79.42ms) Speed.Dev.#*.....: 16662.8 MH/s Hashtype: MSSQL (2012, 2014) Speed.Dev.#1.....: 1002.1 MH/s (83.19ms) Speed.Dev.#2.....: 1020.6 MH/s (81.73ms) Speed.Dev.#*.....: 2022.7 MH/s Hashtype: MySQL323 Speed.Dev.#1.....: 49808.7 MH/s (53.43ms) Speed.Dev.#2.....: 50879.0 MH/s (52.33ms) Speed.Dev.#*.....: 100.7 GH/s Hashtype: MySQL4.1/MySQL5 Speed.Dev.#1.....: 3561.3 MH/s (93.69ms) Speed.Dev.#2.....: 3550.6 MH/s (93.97ms) Speed.Dev.#*.....: 7111.9 MH/s Hashtype: Oracle H: Type (Oracle 7+) Speed.Dev.#1.....: 934.0 MH/s (89.24ms) Speed.Dev.#2.....: 957.8 MH/s (87.09ms) Speed.Dev.#*.....: 1891.8 MH/s Hashtype: Oracle S: Type (Oracle 11+) Speed.Dev.#1.....: 7760.9 MH/s (85.78ms) Speed.Dev.#2.....: 7894.0 MH/s (84.56ms) Speed.Dev.#*.....: 15654.9 MH/s Hashtype: Oracle T: Type (Oracle 12+) Speed.Dev.#1.....: 91521 H/s (110.96ms) Speed.Dev.#2.....: 93987 H/s (108.13ms) Speed.Dev.#*.....: 185.5 kH/s Hashtype: Sybase ASE Speed.Dev.#1.....: 271.4 MH/s (76.75ms) Speed.Dev.#2.....: 275.5 MH/s (75.64ms) Speed.Dev.#*.....: 546.9 MH/s Hashtype: Episerver 6.x < .NET 4 Speed.Dev.#1.....: 6458.4 MH/s (51.39ms) Speed.Dev.#2.....: 6603.2 MH/s (50.27ms) Speed.Dev.#*.....: 13061.6 MH/s Hashtype: Episerver 6.x >= .NET 4 Speed.Dev.#1.....: 2592.1 MH/s (63.95ms) Speed.Dev.#2.....: 2694.6 MH/s (61.56ms) Speed.Dev.#*.....: 5286.7 MH/s Hashtype: Apache $apr1$ MD5, md5apr1, MD5 (APR) Speed.Dev.#1.....: 9800.0 kH/s (64.50ms) Speed.Dev.#2.....: 9977.9 kH/s (63.24ms) Speed.Dev.#*.....: 19777.9 kH/s Hashtype: ColdFusion 10+ Speed.Dev.#1.....: 1717.1 MH/s (48.28ms) Speed.Dev.#2.....: 1767.4 MH/s (94.11ms) Speed.Dev.#*.....: 3484.5 MH/s Hashtype: hMailServer Speed.Dev.#1.....: 2620.3 MH/s (63.30ms) Speed.Dev.#2.....: 2687.6 MH/s (61.52ms) Speed.Dev.#*.....: 5308.0 MH/s Hashtype: nsldap, SHA-1(Base64), Netscape LDAP SHA Speed.Dev.#1.....: 7757.7 MH/s (85.89ms) Speed.Dev.#2.....: 7842.7 MH/s (85.15ms) Speed.Dev.#*.....: 15600.4 MH/s Hashtype: nsldaps, SSHA-1(Base64), Netscape LDAP SSHA Speed.Dev.#1.....: 7757.7 MH/s (85.98ms) Speed.Dev.#2.....: 7869.5 MH/s (84.72ms) Speed.Dev.#*.....: 15627.2 MH/s Hashtype: SSHA-256(Base64), LDAP {SSHA256} Speed.Dev.#1.....: 2936.2 MH/s (56.46ms) Speed.Dev.#2.....: 3043.0 MH/s (54.42ms) Speed.Dev.#*.....: 5979.2 MH/s Hashtype: SSHA-512(Base64), LDAP {SSHA512} Speed.Dev.#1.....: 1009.0 MH/s (82.63ms) Speed.Dev.#2.....: 1017.3 MH/s (81.91ms) Speed.Dev.#*.....: 2026.4 MH/s Hashtype: LM Speed.Dev.#1.....: 17563.8 MH/s (75.99ms) Speed.Dev.#2.....: 18022.4 MH/s (73.67ms) Speed.Dev.#*.....: 35586.2 MH/s Hashtype: NTLM Speed.Dev.#1.....: 38451.1 MH/s (69.34ms) Speed.Dev.#2.....: 39406.8 MH/s (67.55ms) Speed.Dev.#*.....: 77858.0 MH/s Hashtype: Domain Cached Credentials (DCC), MS Cache Speed.Dev.#1.....: 10913.5 MH/s (61.02ms) Speed.Dev.#2.....: 11065.2 MH/s (60.15ms) Speed.Dev.#*.....: 21978.7 MH/s Hashtype: Domain Cached Credentials 2 (DCC2), MS Cache 2 Speed.Dev.#1.....: 313.0 kH/s (50.68ms) Speed.Dev.#2.....: 316.6 kH/s (50.08ms) Speed.Dev.#*.....: 629.6 kH/s Hashtype: DPAPI masterkey file v1 and v2 Speed.Dev.#1.....: 66794 H/s (51.57ms) Speed.Dev.#2.....: 67967 H/s (101.58ms) Speed.Dev.#*.....: 134.8 kH/s Hashtype: MS-AzureSync PBKDF2-HMAC-SHA256 Speed.Dev.#1.....: 9591.2 kH/s (50.88ms) Speed.Dev.#2.....: 9655.9 kH/s (50.45ms) Speed.Dev.#*.....: 19247.1 kH/s Hashtype: descrypt, DES (Unix), Traditional DES Speed.Dev.#1.....: 853.1 MH/s (48.16ms) Speed.Dev.#2.....: 879.5 MH/s (94.52ms) Speed.Dev.#*.....: 1732.6 MH/s Hashtype: BSDi Crypt, Extended DES Speed.Dev.#1.....: 1327.7 kH/s (81.08ms) Speed.Dev.#2.....: 1383.3 kH/s (77.80ms) Speed.Dev.#*.....: 2711.0 kH/s Hashtype: md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) Speed.Dev.#1.....: 9800.6 kH/s (64.39ms) Speed.Dev.#2.....: 9941.0 kH/s (63.53ms) Speed.Dev.#*.....: 19741.6 kH/s Hashtype: bcrypt $2*$, Blowfish (Unix) Speed.Dev.#1.....: 14122 H/s (43.24ms) Speed.Dev.#2.....: 14393 H/s (42.49ms) Speed.Dev.#*.....: 28515 H/s Hashtype: sha256crypt $5$, SHA256 (Unix) Speed.Dev.#1.....: 366.3 kH/s (88.11ms) Speed.Dev.#2.....: 373.2 kH/s (86.43ms) Speed.Dev.#*.....: 739.5 kH/s Hashtype: sha512crypt $6$, SHA512 (Unix) Speed.Dev.#1.....: 145.8 kH/s (56.18ms) Speed.Dev.#2.....: 146.8 kH/s (55.81ms) Speed.Dev.#*.....: 292.6 kH/s Hashtype: OSX v10.4, OSX v10.5, OSX v10.6 Speed.Dev.#1.....: 6606.0 MH/s (50.36ms) Speed.Dev.#2.....: 6680.0 MH/s (49.77ms) Speed.Dev.#*.....: 13286.0 MH/s Hashtype: OSX v10.7 Speed.Dev.#1.....: 806.2 MH/s (103.36ms) Speed.Dev.#2.....: 814.6 MH/s (102.49ms) Speed.Dev.#*.....: 1620.8 MH/s Hashtype: OSX v10.8+ (PBKDF2-SHA512) Speed.Dev.#1.....: 11932 H/s (49.57ms) Speed.Dev.#2.....: 11531 H/s (103.17ms) Speed.Dev.#*.....: 23464 H/s Hashtype: AIX {smd5} Speed.Dev.#1.....: 9915.9 kH/s (63.93ms) Speed.Dev.#2.....: 10055.6 kH/s (62.93ms) Speed.Dev.#*.....: 19971.5 kH/s Hashtype: AIX {ssha1} Speed.Dev.#1.....: 41531.3 kH/s (52.92ms) Speed.Dev.#2.....: 42377.2 kH/s (51.77ms) Speed.Dev.#*.....: 83908.4 kH/s Hashtype: AIX {ssha256} Speed.Dev.#1.....: 16133.0 kH/s (74.26ms) Speed.Dev.#2.....: 16364.0 kH/s (73.10ms) Speed.Dev.#*.....: 32497.0 kH/s Hashtype: AIX {ssha512} Speed.Dev.#1.....: 6205.3 kH/s (98.55ms) Speed.Dev.#2.....: 6294.4 kH/s (97.13ms) Speed.Dev.#*.....: 12499.7 kH/s Hashtype: Cisco-PIX MD5 Speed.Dev.#1.....: 15824.8 MH/s (84.34ms) Speed.Dev.#2.....: 16113.1 MH/s (82.77ms) Speed.Dev.#*.....: 31937.9 MH/s Hashtype: Cisco-ASA MD5 Speed.Dev.#1.....: 16869.5 MH/s (78.94ms) Speed.Dev.#2.....: 16977.0 MH/s (78.58ms) Speed.Dev.#*.....: 33846.5 MH/s Hashtype: Cisco-IOS type 4 (SHA256) Speed.Dev.#1.....: 2867.4 MH/s (57.41ms) Speed.Dev.#2.....: 3021.9 MH/s (54.66ms) Speed.Dev.#*.....: 5889.3 MH/s Hashtype: Cisco-IOS $8$ (PBKDF2-SHA256) Speed.Dev.#1.....: 58354 H/s (71.10ms) Speed.Dev.#2.....: 59083 H/s (70.22ms) Speed.Dev.#*.....: 117.4 kH/s

Yeah, I've been dying to build a new rig. I'll throw a hashcat and pyrit benchmark up soon.

Pumped to build a new CUDA Cracking beast. Anyone have suggestions on cooling and power consumption? I've got 2 Nvidia GeForce GTX 1080 Founders Editions. Can I run both SLI on a 600w power supply or should I use the 750? I have the AMD FX Black Edition 8-Core processor as well.

Laptops I would consider a Mac; however I'd rather just dual boot Linux like I'm doing currently. I also rarely use the windows side... I'd also never use a Mac for a desktop. I like having control of the hardware.

Although for Pentesting POC purposes, you could use any of the methods above to still demonstrate the possible ramifications of leaving a vulnerability like that in place.

Awesome. Enjoy the Nano.

How are you sharing internet with the VM? Have you tried it in client mode or outside of the VM?

Are you connected over WiFi or Ethernet? Have you tried both manual and Guided setup? I found I had to wait until the LED was solid and the Pineapple was fully booted before sharing internet. Over WiFi, I had to reconnect to the Wifi access point after sharing internet when using Parrot.

Also, there have been times where I had to configure manually with wp6.sh, and I had to reconnect to wifi after if I wasn't connected over Ethernet. This only happened with ParrotOS for me. Kali and Ubuntu worked with Guided setup perfectly.

The nano uses wp6.sh, have you downloaded the latest version from GitHub?

A lot of good points. I guess there's a fine line between XSS and CSRF. A large portion of sites (smaller) don't implement CSRF tokens, so code (site functions) can be executed from anywhere on behalf of the authenticated user as you stated above. The XSS via Post is different in that it happens when the response comes back and executes the additional code (malicious payload) as a result. Either way - the attacker would have to do this using those methods as it's not possible to send someone a link for an XSS POST vulnerability like you can with a GET request.

I typically don't run it for more than an hour and a half to two hours at a time, but I can fit this in my pocket without issue and I've done it on multiple occasions. The case itself that comes with the tactical can add unnecessary bulk; however it keeps it all together if you go the backpack route.

Longer scans will give you a better picture of the wifi landscape anyway. Even 2 minutes will net you better results.

Nano Porn:

My Nano is working great. Granted issues to come up here and there; however Hak5 is mostly open source for the benefits of having a community driven forum to discuss these issues in a constructive way. If you don't like how something works, most likely you can modify the code or script to make it function the way you want. Most of the modules being complained about here aren't written by Hak5, and those are also open source. I've made a handful of modifications to almost every module I use. I think the problem is that some people buy these devices and expect everything to work with little or no effort (or knowledge). All that said, it is possible to get defective hardware from time to time, and Hak5 is generally pretty good at responding to those cases from what I've seen. Instead of unboxing and running out to the first apartment complex you see so you can show your friends what a cool haxor you are, setup a lab first. Connect some devices to it, play with it for a while, get comfortable. Hack your own stuff. Try to break it, then try to fix it. Make it better.

I'm in the process of writing a module/web front end for besside-ng. I haven't gone too crazy, but I've seen people doing some really cool things with the Pineapple from the command line.

Have you tried running it from the command line? I've had great success with nmap over SSH. You can SSH from your connected PC and do it that way as well. I also use JuiceSSH on my Pixel XL and it works pretty well.

You could find out the router manufacturer from the MAC Address, and spin up a router/firmware update page and host it on the Pineapple. Then deauth the crap out of the original AP, and as Barry said... If they are stupid, they'll click on your rogue AP, and enter in their key on your spoofed upgrade page. This is more successful than you would think; however this most likely won't be successful on a professional engagement.

Mountain Dew Code Red.

I think what Pierre is saying is that reflected XSS is typically successful because you (the attacker) inherit the trust of the company's official (and often well known) URL. When a malicious email is sent, most people are often fooled by the quick hover to make sure the link points to where it says it points; therefore clicking through to execute the payload. I think he's wondering how to find that same trust in a POST XSS vulnerability, without having to create a website of his own, with little or no trust.

Is there a reason you aren't using the nmap pineapple module? You can use that to scan connected clients.

Awesome. Did you make an image of an old dedicated Windows machine? What did you use to do that? Or did you do a fresh start?

Same. I have to use Windows for some work stuff, otherwise I'd be full Linux. Has anyone tried running Windows strictly through a VM? I've contemplated doing that before. It's be nice if I could create a VM based on my current machine, and just use that.

I was only kidding. I'd be interested to see if your Alfa card works with the rpi3 image. Mine goes into Monitor mode but packet injection doesn't work.

What cable provider is this? I know Xfinity 6/10 times will setup their routers with the users home phone number as the password. I've created wordlists for every area code in Massachusetts, and I've been super successful with those. My favorite thing to do at neighborhood cookouts is scare the crap out of neighbors when I show them how easy it is to crack most WiFi. I'd be interested to know the habits of other cable providers as well.