Jump to content

Dave-ee Jones

Dedicated Members
  • Posts

    1,488
  • Joined

  • Last visited

  • Days Won

    40

Everything posted by Dave-ee Jones

  1. Hak5 stuff comes within a week or 2 from my experience, and I live on the other side of the world. ?
  2. You forget - Tizen OS, not Wear OS. ?
  3. Anyone had any experience doing a bit of smartwatch hacking? There are lots of possibilities to what a smartwatch could be useful for, e.g.: Network Scanning on the go (assuming the watch had WiFi) This would mean I could just look at my watch, hit 'Scan' and start scanning the network as I'm doing something else, not needing to hold a phone or anything like that. More inconspicuous. Could just start a service on your phone and grab data from your phone, making your phone do all the hard work while you monitor it on your watch. Harder, but makes more sense. Bluetooth mouse/keyboard Would be very nice to be able to pair my watch with a USB dongle and then plug the dongle into a PC and have it automatically act as a bluetooth mouse without any client-side programs to handle input - just like a normal bluetooth mouse/keyboard (could be achieved by spoofing VID/PIDs) These are just 2 examples, but I think they would make a very nice touch to my EDC. Looking into creating apps for the smartwatch now. For those wondering, it's probably the worst one to develop for - a Samsung Gear S3 Frontier. No where near as easy to hack as Wear OS ?
  4. I like 5 GHz because of the superior speeds, but realistically if you're pentesting a WiFi network you don't really need the speed, just the reliability and a decent connection. 100Mbps would be fine. I like the idea of having a phone with an in-built Nethunter-capable WiFi adapter but I don't think there are many like that.
  5. So your saying the Ducky can see it and read from it? That's good, means it's not dead. It could be the adapter, or it could just be that Windows doesn't recognise the file system, which is a bit strange. I would have assumed that the Ducky uses FAT32 for it's SD card. Have you got another adapter lying around, or an SD card slot in your PC/laptop? Might be worth giving that a shot.
  6. Check Device Manager and Disk Management. They might give you more information. If you can't open Disk Management (taking far too long, causing Windows to be slow and potentially crash etc.) you probably have a dead SD. If you see it in Disk Management it might be as simple as formatting it.
  7. Dave-ee Jones

    AWUS036H

    As I said in another thread though - maximum throughput of 54Mbps, no 802.11n support, USB 2.0 (tbh, that probably fixes half the driver issues with the ACH), etc. etc. Very old card.
  8. I know the feels. Down Under has a few large ISPs competing, especially in the mobile network area. Telstra is dominating the coverage scene, Optus not too far behind but still lacking. Sounds like you already know. ? Ehhhhhh, not really. It depends on what your country's standards are on internet traffic and stuff. In Australia I don't think many ISPs track every URL you go to, but I would imagine they would monitor them a bit so the government can catch out baddies looking at bad things. I would imagine it's similar in Belgium - although, Europeans are strange people so I don't know. ? That's one option. You don't really need a VPS, there are a few VPNs out there that have good intentions for their users. Just don't go to any free ones, and make sure you read the small text before you buy any. If you want to go the way of the VPS, it's the same thing. Read small text, make sure they're hosted somewhere with a stable internet connection. Rules out Aus. ?
  9. Whut you bumpin'? The problem with the AWUS036H is that it's super old, and doesn't even support 802.11n (LIKE, C'MON) and has a maximum speed of 54Mbps. That's less than 7MBps. Horrific. (Still faster than my internet speed though) The AWUS036ACH hits speeds of up to 1200Mbps, which is 150MBps. One of the fastest cards on the market at the moment, I would think.
  10. The amount of times I've dealt with posts about the ACH model in the past week is just silly.. So I happen to have this model at home, and I can only reliably use it with a Windows machine. Kali and other Linux-based machines struggle to even see this adapter - and there's a lot of driver magickery to get it working. There's a few tutorials out there for standalone Kali machines (easiest to get working on), but if you've got a setup even slightly different to theirs you'll struggle. I did. See what you can get from the tutorials, but just keep in mind that the more you mess with the drivers the more likely it is not going to work. Best to keep it as clean and simple as possible, otherwise you'll have issues, even if you do get it to see the adapter. E.g. won't inject packets correctly, might drop in and out occasionally (flakey connection), might not think it has monitor mode etc. Use the monitor mode + packet injection driver on Github found here: https://github.com/astsam/rtl8812au That should work provided you follow his steps on a standalone Kali box (or potentially VM).
  11. That's more like it. However, there's only 1 hash for each public key - so wouldn't it just mean a more public "public key", if you catch my drift? It basically means that the hash is the public key, the public key is a slightly-more-public private key, and the private key is a private key. :P I would hope so. :)
  12. What WiFi card are you using as wlan0? I suspect it doesn't support monitor mode.
  13. I'm not sure. Best bet is to ask them over at Hak5 Support. :) https://hakshop.zendesk.com/hc/en-us/requests/new
  14. I think you're missing the humour in my response there. I'm not sure about all the extra details you haven't elaborated on, but could a hacker simply not spoof the hash response? Think of it this way - if you can see the traffic between 2 entities on a network, you can see everything about their security. You might only see a wall of characters, but it's still how they're communicating. If a hacker knew that the AES keys are sent only in the first 2 packets exchanged then he could reply with a similar packet, couldn't he? Another theory - couldn't he just record all of the packets they used, setup an enclosed network and assign similar IPv4/IPv6 address onto 2 machines on his enclosed network and then re-send each packet from the machines - just as they were talking before - to see the traffic "unencrypted"? Also, if the AES encryption is only done at the start of a connection, why can't a hacker get in during a connection. There's no way of 1 PC knowing that the other PC has been spoofed by another, the first being disconnected or pushed out. This is all theory and can probably be blown away with a simple answer, but there still things that I'm concerned about in my ignorance. :) This sounds very similar to another security method I saw recently, too..
  15. If you don't need internet, it should be quite straightforward. Ish. You can put all the devices you want off of the Corp network onto the switch, but don't plug the wall port into the switch to connect it to the Corp LAN (bear in mind that the devices need to be on the same subnet if the subnet mask is 255.255.255.0 - or /24). Then you can plug your PC, laptop or even phone onto the switch and access those devices, bearing in mind that you have to set a static IP, unless there's a DHCP server on the switch. However, the only problem here is that if you have one network adapter you can only be connected to one network at a time. But you could fix that by going out and buying a USB to ethernet adapter to act as another NIC quite easily. Plug and play, just configure the adapter to have the IP you want. From there you could then share your Corp LAN internet with the switch to provide a connection to the internet on that side - just be wary if you have a DHCP server on the switch it may double-NAT the Corp LAN too (or vice versa), and that'll end up in big doo-doo. But you could always access those devices remotely by accessing your PC remotely, anyway. It's like a PC in the middle :) Hope it helps!
  16. Although, it definitely sounds interesting, but wouldn't it only be as secure as AES?
  17. That card is just as expensive as my first phone.. You know, I think a OnePlus 5T would be quite nice. Can't go wrong with 128GB SD and 8GB RAM out of the box :) Price is pretty generous though, but still underneath iPhones of a similar generation. That said, the Xiaomi Black Shark is looking to be quite powerful too.
  18. I suspect he was looking at the other field kit :)
  19. The problem is that there is, in reality, 2 problems. 1 being the fact that the VMs aren't recognising it as a WiFi card (it's getting a direct "ethernet" connection from the host - basically the host is passing it's WiFi through as "ethernet" to the VM), and 2 being that the VMs probably don't have the correct drivers for the adapter.
  20. Eh? https://hakshop.com/products/hak5-elite-field-kit Pretty sure it's all still there: TETRA Bash Bunny Rubber Ducky LAN Turtle (SD Model for local storage) Packet Squirrel 5x Field Guides (PS, RD, LT, BB, PineAP) Anker PowerCore+ 13400 USB Battery 5-port Ethernet switch USB Ethernet Adapter (100Mbps I'm assuming - same with switch) Retractable Ethernet cable Hak5 Elite Equipment Wrap USB OTG USB A to USB C adapter USB A male to female Micro SD USB card reader Micro USB cables
  21. Tempted, but I can't be bothered copy-pasting 13 times. :P
  22. It would almost be more beneficial to discuss how to prevent fraud as you would understand it better as you go along. You usually have to learn about the problem before you can fix it. Same with this.
  23. 512 GB of music... Alright. These days most people buy a large mobile plan and stream music - or they get a plan that comes with some kind of Spotify subscription or something so they can stream music for free without using data.
×
×
  • Create New...