[Noob question anyone on this website should be able to answer]

Plug laptop/PC into Pineapple.

Bridge Pineapple to a network via WiFi/ethernet (not sure if the Pineapple can join via WiFi - I would assume so as it is a WiFi pentesting tool..)

[Not receiving items booked through Hak5 store]

On 4/24/2018 at 8:44 PM, haze1434 said:

I think this is a case of impatience.

On 4/21/2018 at 12:42 AM, deano123 said:

(been more than a month)

Hak5 stuff comes within a week or 2 from my experience, and I live on the other side of the world. ? 

[Smartwatch hacking]

17 hours ago, haze1434 said:

Already done this;

• RPi with Parrot / Kali installed, in a backpack / pocket.
• Install Raspberry SSH on your phone.
• Raspberry SSH works with Android smart watches, so you'll get any created buttons show up on your watch.
• Buttons = Send any command to the RPi. Create a button to start a BASh script.
• Profit.

You forget - Tizen OS, not Wear OS. ? 

[Smartwatch hacking]

Anyone had any experience doing a bit of smartwatch hacking?

There are lots of possibilities to what a smartwatch could be useful for, e.g.:

1. Network Scanning on the go (assuming the watch had WiFi)
   1. This would mean I could just look at my watch, hit 'Scan' and start scanning the network as I'm doing something else, not needing to hold a phone or anything like that.
   2. More inconspicuous.
   3. Could just start a service on your phone and grab data from your phone, making your phone do all the hard work while you monitor it on your watch. Harder, but makes more sense.
2. Bluetooth mouse/keyboard
   1. Would be very nice to be able to pair my watch with a USB dongle and then plug the dongle into a PC and have it automatically act as a bluetooth mouse without any client-side programs to handle input - just like a normal bluetooth mouse/keyboard (could be achieved by spoofing VID/PIDs)

These are just 2 examples, but I think they would make a very nice touch to my EDC.

Looking into creating apps for the smartwatch now.

For those wondering, it's probably the worst one to develop for - a Samsung Gear S3 Frontier. No where near as easy to hack as Wear OS ? 

[Problem with Fern WFI cracker]

On 4/20/2018 at 10:48 PM, trapman16 said:

But I know, it doesn't support 5 GHz....

I like 5 GHz because of the superior speeds, but realistically if you're pentesting a WiFi network you don't really need the speed, just the reliability and a decent connection. 100Mbps would be fine. I like the idea of having a phone with an in-built Nethunter-capable WiFi adapter but I don't think there are many like that.

[Micro SD Card Not Found]

On 4/21/2018 at 9:07 AM, hiiamu said:

I don't see it in disk management, is it a dead sd? The 'Hello World!!!' script works fine on it. I put the sd card in the plastic adapter and there is no extra drives in 'This PC' or 'Disk Management', although 'Device Manager' shows the usb as 'MXT-USB Storage Device USB Device'

So your saying the Ducky can see it and read from it? That's good, means it's not dead.

It could be the adapter, or it could just be that Windows doesn't recognise the file system, which is a bit strange. I would have assumed that the Ducky uses FAT32 for it's SD card. Have you got another adapter lying around, or an SD card slot in your PC/laptop? Might be worth giving that a shot.

[Micro SD Card Not Found]

8 hours ago, hiiamu said:

I just got my rubber ducky, the script works like it should when it arrives, but when I put the Micro SD card in the adapter so I can edit the code it doesn't show up, there is a beep from windows saying a new usb drive is in the computer but there is nothing in 'This PC'.

Check Device Manager and Disk Management. They might give you more information.

If you can't open Disk Management (taking far too long, causing Windows to be slow and potentially crash etc.) you probably have a dead SD.

If you see it in Disk Management it might be as simple as formatting it.

[AWUS036H]

17 hours ago, haze1434 said:

Probably already covered this replying to another topic, but I have 2 x AWUS036H myself and they are excellent.

The AWUS036H works out-of-the-box with Kali & Parrot and the range is fine. Using a Yagi and line-of-sight,  they'll cover a 1 mile range with an OK signal acquisition. Using the default antenna they come with, you'll still get 100 meters line-of-sight, which is good for most pentest scenarios. And yes, they inject and monitor.

As I said in another thread though - maximum throughput of 54Mbps, no 802.11n support, USB 2.0 (tbh, that probably fixes half the driver issues with the ACH), etc. etc. Very old card.

[Who to trust on the Internet ?]

I know the feels. Down Under has a few large ISPs competing, especially in the mobile network area. Telstra is dominating the coverage scene, Optus not too far behind but still lacking.

3 hours ago, cerebrussaxon said:

1. How do i go about finding out who is in charge of what down here?

3 hours ago, cerebrussaxon said:

Now, down where i live there is basically 1 major internet provider, there are others in the country but this 1 dominates the market so bad that the others are not opperating in every region of the country.

Sounds like you already know. ? 

3 hours ago, cerebrussaxon said:

2. Can I trust my ISP not to eavesdrop on my traffic?

Ehhhhhh, not really. It depends on what your country's standards are on internet traffic and stuff. In Australia I don't think many ISPs track every URL you go to, but I would imagine they would monitor them a bit so the government can catch out baddies looking at bad things. I would imagine it's similar in Belgium - although, Europeans are strange people so I don't know. ?

3 hours ago, cerebrussaxon said:

3. And if not, how do i protect myself ( Thinking VPN but id need a VPS for that and do i trust that VPS provider?)

That's one option.

You don't really need a VPS, there are a few VPNs out there that have good intentions for their users. Just don't go to any free ones, and make sure you read the small text before you buy any.

If you want to go the way of the VPS, it's the same thing. Read small text, make sure they're hosted somewhere with a stable internet connection. Rules out Aus. ?

 

[Problem with Fern WFI cracker]

12 hours ago, Bamse said:

BUMP

Whut you bumpin'?

The problem with the AWUS036H is that it's super old, and doesn't even support 802.11n (LIKE, C'MON) and has a maximum speed of 54Mbps. That's less than 7MBps. Horrific.
(Still faster than my internet speed though)

The AWUS036ACH hits speeds of up to 1200Mbps, which is 150MBps. One of the fastest cards on the market at the moment, I would think.

[Problem with Fern WFI cracker]

12 hours ago, Bamse said:

i am using AWUS036ACH

11 hours ago, trapman16 said:

What version of kali are you running?  More than likely a driver issue.  The AWUS036ACH supports monitor and injection but from reports on other forums there is a lot of driver issues.  I personally have not used the adapter, but have seen people report the kali default driver does not work and requires updating.  

6 hours ago, Bamse said:

I am using kali linux 2018

50 minutes ago, trapman16 said:

I would do a google search to find some good info on updating the driver to hopefully resolve your problem with the adapter.  Several good sources can be found.

The amount of times I've dealt with posts about the ACH model in the past week is just silly..

So I happen to have this model at home, and I can only reliably use it with a Windows machine. Kali and other Linux-based machines struggle to even see this adapter - and there's a lot of driver magickery to get it working. There's a few tutorials out there for standalone Kali machines (easiest to get working on), but if you've got a setup even slightly different to theirs you'll struggle. I did.

See what you can get from the tutorials, but just keep in mind that the more you mess with the drivers the more likely it is not going to work. Best to keep it as clean and simple as possible, otherwise you'll have issues, even if you do get it to see the adapter. E.g. won't inject packets correctly, might drop in and out occasionally (flakey connection), might not think it has monitor mode etc.

Use the monitor mode + packet injection driver on Github found here:

https://github.com/astsam/rtl8812au

That should work provided you follow his steps on a standalone Kali box (or potentially VM).

[Going to leave this here -- encrypting all networks]

6 hours ago, ki4jgt said:

There would need to be some time contingent information involved but generating a key which matched the hash exactly would prove complicated as CJDNS uses an actual asymmetric key as their IPv6 address for their users. They don't even use hashes. To generate an exact hash for an onion address in the TOR network takes eons. All onion addresses are simply hashes of the public keys of their hosts. So you can spoof the hash, just can't prove you're the owner of the hash without the private and public keys. The keys would then need to use time-coded data to exchange the AES keys. If the time in the data is out of date, the receiver knows the packet is not valid. The AES keys should be randomly generated by the software, so the hacker doesn't know if they've broken the key or not and should be different for each connection from your machine.

That's more like it.

However, there's only 1 hash for each public key - so wouldn't it just mean a more public "public key", if you catch my drift? It basically means that the hash is the public key, the public key is a slightly-more-public private key, and the private key is a private key. :P

6 hours ago, ki4jgt said:

The AES encryption is done throughout the entire connection.

I would hope so. :)

[Problem with Fern WFI cracker]

What WiFi card are you using as wlan0?

I suspect it doesn't support monitor mode.

[Restock?]

I'm not sure. Best bet is to ask them over at Hak5 Support. :)

https://hakshop.zendesk.com/hc/en-us/requests/new

[Going to leave this here -- encrypting all networks]

10 hours ago, ki4jgt said:

I was under the impression that SSL handed off to aes after RSA. That's been the standard for years. Once you've exchange your encryption key you exchange an aes key and then have communications from there because AES doesn't take as much processing power as RSA. AES is pretty secure mate. In fact, that's what a lot of encryption systems do, even whole hard drive encryption. It stores the AES key in an asymmetric encryption then uses the key to decrypt AES -- again to spare the processor the heavy burden of using public key cryptography for everything as it is very resource intensive.

I think you're missing the humour in my response there. 

10 hours ago, ki4jgt said:

-snip-

I'm not sure about all the extra details you haven't elaborated on, but could a hacker simply not spoof the hash response? Think of it this way - if you can see the traffic between 2 entities on a network, you can see everything about their security. You might only see a wall of characters, but it's still how they're communicating. If a hacker knew that the AES keys are sent only in the first 2 packets exchanged then he could reply with a similar packet, couldn't he? Another theory - couldn't he just record all of the packets they used, setup an enclosed network and assign similar IPv4/IPv6 address onto 2 machines on his enclosed network and then re-send each packet from the machines - just as they were talking before - to see the traffic "unencrypted"?

Also, if the AES encryption is only done at the start of a connection, why can't a hacker get in during a connection. There's no way of 1 PC knowing that the other PC has been spoofed by another, the first being disconnected or pushed out.

This is all theory and can probably be blown away with a simple answer, but there still things that I'm concerned about in my ignorance. :)

This sounds very similar to another security method I saw recently, too..

[Going to leave this here -- encrypting all networks]

5 hours ago, Spoonish said:

AES = Always Exxtra Secure

Always Ends Sadly.

Stupid cryptos. :(

[Create temp LAN behind Corp LAN]

If you don't need internet, it should be quite straightforward. Ish.

You can put all the devices you want off of the Corp network onto the switch, but don't plug the wall port into the switch to connect it to the Corp LAN (bear in mind that the devices need to be on the same subnet if the subnet mask is 255.255.255.0 - or /24). Then you can plug your PC, laptop or even phone onto the switch and access those devices, bearing in mind that you have to set a static IP, unless there's a DHCP server on the switch.

However, the only problem here is that if you have one network adapter you can only be connected to one network at a time. But you could fix that by going out and buying a USB to ethernet adapter to act as another NIC quite easily. Plug and play, just configure the adapter to have the IP you want.

From there you could then share your Corp LAN internet with the switch to provide a connection to the internet on that side - just be wary if you have a DHCP server on the switch it may double-NAT the Corp LAN too (or vice versa), and that'll end up in big doo-doo. But you could always access those devices remotely by accessing your PC remotely, anyway. It's like a PC in the middle :)

Hope it helps!

[Going to leave this here -- encrypting all networks]

Although, it definitely sounds interesting, but wouldn't it only be as secure as AES?

[Large Capacity MP3 Players]

11 hours ago, barry99705 said:

Note 8 with one of these in it gets you pretty close.

https://www.amazon.com/gp/product/B074RNRM2B/ref=as_li_tl?ie=UTF8&tag=patricknorton-20&camp=1789&creative=9325&linkCode=as2&creativeASIN=B074RNRM2B&linkId=e7b5f5c5a56f6ee904799f7ad070bf56

That card is just as expensive as my first phone..

You know, I think a OnePlus 5T would be quite nice. Can't go wrong with 128GB SD and 8GB RAM out of the box :) Price is pretty generous though, but still underneath iPhones of a similar generation.
That said, the Xiaomi Black Shark is looking to be quite powerful too.

[Elite Field kit has changed...]

I suspect he was looking at the other field kit :)

[oracle vm virtual box usb wifi not working]

On 4/14/2018 at 9:50 AM, skyman377 said:

i have already done that but because the network card is usb plugged into my pc vm thinks its an ethernet cable on parrot and kali i need them both to see it as a wifi card 

The problem is that there is, in reality, 2 problems.
1 being the fact that the VMs aren't recognising it as a WiFi card (it's getting a direct "ethernet" connection from the host - basically the host is passing it's WiFi through as "ethernet" to the VM), and 2 being that the VMs probably don't have the correct drivers for the adapter.

[Elite Field kit has changed...]

Eh?

https://hakshop.com/products/hak5-elite-field-kit

Pretty sure it's all still there:

• TETRA
• Bash Bunny
• Rubber Ducky
• LAN Turtle (SD Model for local storage)
• Packet Squirrel
• 5x Field Guides (PS, RD, LT, BB, PineAP)
• Anker PowerCore+ 13400 USB Battery
• 5-port Ethernet switch
• USB Ethernet Adapter (100Mbps I'm assuming - same with switch)
• Retractable Ethernet cable
• Hak5 Elite Equipment Wrap
• USB OTG
• USB A to USB C adapter
• USB A male to female
• Micro SD USB card reader
• Micro USB cables

[help/hint CTF]

Tempted, but I can't be bothered copy-pasting 13 times. :P

[Maybe someone can help out...]

On 4/8/2018 at 9:56 PM, Linds3y said:

Where can I find forums\communities that discuss fraud? (Not the ones to prevent it)

It would almost be more beneficial to discuss how to prevent fraud as you would understand it better as you go along.

You usually have to learn about the problem before you can fix it. Same with this.

 

[Large Capacity MP3 Players]

512 GB of music...

Alright.

1 hour ago, PixL said:

What is there in existence for the music listener who would like to carry 512gb with him? :)

These days most people buy a large mobile plan and stream music - or they get a plan that comes with some kind of Spotify subscription or something so they can stream music for free without using data.