Br@d
-
Posts
39 -
Joined
-
Last visited
-
Days Won
2
Posts posted by Br@d
-
-
On 12/8/2017 at 2:01 AM, 6ftdan said:
What are the tools you plan on doing this with? Does it need to be a script or would a programming language work? Do you know the length of the pin (in your example you gave it's 4)? If the pin is shorter then you only need to work about changing the end by that much (if I'm not mistaken). What you say about shifting by 3 and the next line doesn't make any sense without reasons for this handicap.
For normal brute force character sequences their's a tool called crunch. For what you're asking for it's not that hard to write a little program.
I'm trying to brute force a physical lock that only looks at the last numbers pressed, hence using the sequences. But it times out after 40 keys are pressed. Since I will been manually entering the codes I need/want it to be as efficient as possible
-
Let's see if I can adequately describe what I need help with here. I'm trying to shift the lines of a txt file do meet my required output.
I'm trying to create a list of numbers to brute force a lock (that I own). This lock will ignore everything leading up to the correct pin. for example, if the pin is 1234 and enter 46541198751234 and it will unlock. In my research, I have discovered the De Bruijn sequence (https://en.wikipedia.org/wiki/De_Bruijn_sequence) which will allow me to quickly go through all possible PINs in a very efficient manner without having to enter each option individually. The problem is that as a weak brute force protection they lock allows for almost 40 keys to be pressed before it times out for 30 seconds.
I have split the De Bruijn sequence down into 40 character lines, but to ensure that I do not miss any of the 4 digit pins I need to use the last 3 of the previous line at the start of the next. This also means that I have to cut 3 from the end of the line to stay within the 40 character limit.
For example, if my file has the following list of numbers...
00000000000000000000
11111111111111111111
22222222222222222222
33333333333333333333... I would need to re-arrange them as follows
00000000000000000000 <- first line is untouched, but the last 3 numbers are used at the start of the next line
00011111111111111111 <- the last 3 of the previous line are added to the start of this one, but to make room 3 character are automatically bumped to the next line
11111122222222222222 <- and the process would need to continue until the end of the 100 or so lines
11111111122222222222
11111111111122222222
11111111111111122222
11111111111111111122
12222222222222222222
22223333333333333333The also means that new lines would be added to the end of the list to accommodate the continually growing shift.
Any clues on how to accomplish this?
-
not sure what it is yet but just shut up and take my money!!!
-
7
-
-
Success!! That script has changed a bit over the past few weeks... but not a lot
I appears (and I'm guessing) that there is some background services needed that have not loaded by the time the script was called.
The fix was to set the pi to auto-login and call the script for the .bashrc file... this seems to be working well, but I have a lot of testing to do.
Thank you everyone for your help!
-
yep I sure did :(
-
Awesome, thanks.. that was a lot of help!
so here is the next funny thing.....
The script runs exactly as expected if run it manually "sudo ./MyScirpt.sh"
But... when running it as a start up script it does not run correctly. Instead it shows the airodump-ng scan on the screen and does not quite after 30 seconds...
thoughts?
-
On 1/1/2017 at 2:40 PM, Teabot 5000 said:
There's a few ways to get it running on boot. Imagine I saved the script as "coolScript.sh" in the /path_to_file/ directory.
The quick way would be to add a line like the following to the /etc/rc.local file (above the "exit 0" in the rc.local file of course):
/path_to_file/coolScript.sh || exit 1;
The better way would be to add an init script by adding a new script to the "/etc/init.d/" folder that calls the script. The commands would be like so (Note: must be run as root):
echo '#!/bin/sh' > /etc/init.d/runCoolScript
echo '/path_to_script/coolScript.sh' >> /etc/init.d/runCoolScript
chmod ugo+x /etc/init.d/runCoolScript
update-rc.d runCoolScript defaultsThe top two lines could obviously be done in an editor instead or echoing them.
ok I seem to be having issues getting this to run at power on.... can you try to elaborate on they steps needed in a Linux for dummies version.... (the amount I have learned in the last few weeks has surprised me but there is still a long way to go )
-
those files are actually created with line #33
# running the wireless survey airodump-ng -w $recon --output-format csv $wlaninterface &> /dev/null &on parrot system (currently dead) do not try to call those variables until they actually called into action later in the script after the relevant content was created. They should just be defined at the start but seem to be called on instead... is that possible?
-
oops sorry... the error is "line 22: -1: substring expression < 0"
but I just noticed that the was one error before that "grep: scouted*.csv: No such file or directory"
It looks like it is trying to call the variables before the are actually called on ---- or something like that
-
ok so the script seemed to be working well on a test system running the Parrot distro but on my pi running Kali for ARM I get an error on line 22
ch=${channel::-1}which was used to removes the comma from the output of the previous line (which found the desired channel but had a comma at the end)..
any thoughts
-
so far so good. The script works as is but with some caveats, so i'm going to make it more stable.
I still have to figure our the best way to make it run automatically on power on :)
-
this is the work in progress
-
OK, I have not scripted anything in a number of years, and those scripts were either a batch file for powershell v1 and v2.
I thought it would be fun to write a script that I could set to run at start up and use with a Raspberry Pi and the proper WiFi dongle to automatically capture open WiFi traffic based on the most active network.
I would greatly appreciate the community taking a look at what I have and help me clean up and refine the code.
<this is of course purely for educational purposes>
I thinks this could also be converted to a useful pineapple module
#/bin/bash # references the interface wlaninterface=wlan0mon # sets the base file name for the wireless survey recon=scouted # sets the file name for the pcap file to write too pcapfile=DaCapFile # sets the lenth of time to run the survey for - in seconds recontime=30s # sets the lenth of time to run the packet capture for - in seconds capturetime=600s # finds the open WiFi network with the most active traffic and get the channel number channel=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $6}') # removes the comma from the output of the previous line ch=${channel::-1} #finds the open WiFi network with the most active traffic and get the ESSID network=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $19}') # removes the comma from the output of the previous line ssid=${network::-1} # general house cleaning to remove previous captures rm $recon*.csv &> /dev/null rm $pcapfile*.cap &> /dev/null # setting wlan0 into monitor mode airmon-ng check kill airmon-ng start wlan0 # running the wireless survey airodump-ng -w $recon --output-format csv $wlaninterface &> /dev/null & sleep $recontime kill $! #running the packet capture airodump-ng -c $ch --essid $ssid -w $pcapfile --output-format pcap $wlaninterface &> /dev/null & sleep $capturetime kill $! -
hmm so it does work but it looks like the "awk" command looks treats "," and spaces the same... or just looks are the spaces which could cause issues if a SSID has a space in the name
-
perfect, that is a huge step in the right direction for me THANKS!
I'm pretty close to getting the desired output now, just needs some more tweaking and learning :)
-
I do not know if is possible <Uber Noob Here> but I'm trying to automate the capture of open WiFi traffic to be used with a headless Raspberry Pi or possible WiFi Pineapple.
What I have so far is a basic Bash script (which a plan to run on startup) that set the wlan0 into monitor mode. Then does a 30 second capture of airodump-ng and writes the results to a csv file. From there I can use grep to fine only the lines that apply of a bssid with open authentication.
What I want to do next, and the part that I currently have issues with is to find the bssid (row) with the highest value for iv's (traffic) and out put the value to it's channel column.
From there I plan to restart airodump-ng to capture traffic on that defined channel and write it to a pcap file.
Any suggestions on how to accomplish this next step? or am I going about this all wrong?
-
well i just did all available os updates for Parrot, rebooted and what do you know... it now works
-
<BUMP> I have a very similar issue with the Parrot distro
lsusb shows the ASIX Elec Corp but nothing shows for ifconfig other than the pc's onboard nic.
Is there a guide on how to troubleshoot this?
shifting values in a list
in Applications & Coding
Posted
Nailed it! thanks
I was going so far down the other way of thinking... Thanks for the redirection!