Jump to content

Fuylo

Active Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by Fuylo

  1. True.. Good Grief I need to look at the post dates, sorry about that M8!
  2. Also, I forgot to mention a USB hub with a burner android with usb tethering/prepaid data are used for the internet connection (when applicable).
  3. A couple of things: Have you tried using -T to specify a target? I don't believe I've ever been able to get anything more than wireshark-style packet sniffing without specifying a target along with the HTTP proxy command. Look at the bettercap website for details. Is there a reason you're using BackBox? Not that there's really anything wrong with it, but I'm pretty sure you're going to get better support, better compatibility with ruby, and more up-to-date libraries with newer Kali and Debian distros. Don't expect newer tools (especially pen-testing tools) that are updated frequently to work with a distro that hasn't updated their downloadable image in over 6 months. That's a pretty long time in the world of infosec. Also, try testing against different browsers, and try getting creative with JavaScript and BeEF. This tool was built IMO to make it easier for session highjacking; not script-kiddy-ing through ssl-stripping (though you can in certain situations). I've tested it against the newest version of Mozilla Firefox (as of Jan 2017) and ssl stripping worked well. It didn't work against Safari or Chrome. As for those wondering about getting it to work on the pineapple: save yourself finding out that the pineapple doesn't run it well and just get a RasPi 3 with Kali. My mobile setup is a Nano with a AWUS Alfa 036NH added to it, RasPi 3 model B configured to auto-connect to the MGMT AP on the Pineapple on boot, running Kali with Bettercap. I control the Nano via webui on my iPhone, and the RasPi 3 via vSSH lite (free SSH), all battery powered. The alfa card is used for the mgmt AP, and the range is fantastic. With some practice you can do a ton of really cool stuff with it.
  4. that sounds pretty awesome; I've tried to get away from password cracking and pursue exploits/rouge APs a bit more; this looks like a great place to start. Thanks for the info.
  5. That power bill is for real; made that mistake once. I've not tried fluxion yet, It's been a good while now since I've taken a crack at WPA2 cracking, so I'll have to check it out. Aircrack with the list I posted earlier takes like 2 weeks on a clunky core i3 office-style workstation, but OCL Hashcat with a newer Nvidia quadro took under 3 hours around 250k a second and higher (done in Windows; blegh I know but it's so much easier to use Hashcat for Windows per not having to go through Nvidia cuda setup on a Linux box. I'm lazy too I guess) What is this, fluxion you speak of?
  6. I know this is an old thread, but after reading it, I really have to ask those having problems cracking via dictionary; are you just stopping after trying the rockyou list or other small, built-in lists that come with Kali? Up your game and make a mondo beast of a list (1billion+), or just scour p2p sites and download one of the many gigantic lists that are out there. Heck, here's a link to a really effective one here on hak5. I guess it depends on where you live, but seriously, don't overestimate residential security in regards to secure password generation. Most people aren't harboring nuclear bomb plans; an easy-to-remember password is almost always chosen over having a complicated pain-in-the-ass when guests ask you for your wifi password. The 10% success rate someone mentioned above just sounds lazy; try harder!
×
×
  • Create New...