Dave-ee Jones

TeamViewer can easily be stopped though as it shows on the bottom right corner of your screen that he's connected, and you can just click "Disconnect" or whatever to disconnect him from you, so I wouldn't say that's a very efficient hack. Maybe look into a silent VNC server, MITM attacks, rogue AP to collect his data etc. etc. Don't do anything that will risk losing his data or opening his firewall to the outside world open to attacks from other hackers who won't think twice about crypto-ing his machine or whatever. I wouldn't usually condone this kind of purposeful hacking but seeing as it's a friendly competition..That said, there are some things that you don't even try in friendly competitions.

Just try flashing it, see what happens. Probably get a separate SD card and flash it onto that, then try booting from it, it might work if you use one of the ARM images (assuming you're processor is still the ARM one). If you get stuck, Google is your friend.

Doh! They're staying in America :(

Australian Tacos are pretty meh, but if it was tacos why wouldn't they move somewhere more taco-riginal? *cough*mexico*cough**cough*

Yes, please! Bye bye insane shipping costs! And I could potentially visit them

So you have a Windows 10 machine that's running a virtual machine which has Ubuntu installed on it. However, you want Metasploit, SQL MAP and Duckhunter installed on your Ubuntu, as well. Is that right? If so, I would just install Kali on a virtual machine. You can either delete the Ubuntu one (don't do this if you've got files on it) or you can create another VM, download a Kali iso and install that on the VM and have a play. I don't think Duckhunter can be installed on Kali because the PC is the one that takes HID commands, it doesn't give them. Duckhunter is part of Nethunter which is a kernel that can be installed on some mobile devices. Mobile devices can be plugged into computers and then give HID commands out to them to act as a keyboard. So yeah, it might be possible but it won't be very useful, sorry.

Strange, I would've thought that Linux would be able to do something as "simple" as that. I just use YUMI or Rufus. I would just knock it out with a Google-y afternoon. Research and try everything :P

I'm confused. So you want to install Nethunter onto your Android device? What device is it? What's your device running on currently (Android version)? Questions, questions, questions! Fortunately for you I just recently flashed my Nexus 5 with Nethunter, and it has the Duckhunter HID attacks and all kinds of cool features. Rooting your device is pretty easy, especially if it's a Nexus 5. I used CF Auto Root to get mine rooted, but you may have to find one that suits your device. The next step is installing a recovery. I would recommend TWRP (like 90% of other people in the world with rooted phones) so go ahead and install that, and then follow it's prompts to download the image and flash it (all automated for you). After the flash, you can copy the Nethunter zip file you downloaded for your device (assuming it's a supported device, otherwise you'll have to either buy one, find a zip someone else has compiled for the device or make your own), reboot into Recovery Mode (this step will be shown to you when you install TWRP), boot into TWRP, select "Install", go to the folder where your Nethunter zip is located and flash it. Then wait for Nethunter to boot and follow the prompts. Hope this helps!

One way to do it, I guess. Not entirely legal, but it might work - but I know a lot of teachers don't really have a list of answers for tests because oftentimes they don't run the tests (especially if it's exams).

One would hope you do.

+1

Looks pretty good so far. I'm not entirely sure how to get your website out there to the world but obviously getting it Google-friendly would be ideal, so that when people Google "clip art" or something along those lines it shows on the first page. There are "Google-bots" that go around looking for good websites that are relevant to certain searches, so you can do a bit of research on how to make your site more appealing to those bots.

Still need to know the answers to script the Bunny to type them out. You would also need to know the questions before the test so it would be a lot harder than just answering it yourself.. Haha.

Basically the consensus is if you want to start learn pentesting in a legal-safe environment, just have a play with scripting, programming, WiFi pentesting (using the Pineapple and maybe a VM with Kali on it to have a bit of fun with monitor-mode and packet-injection) and all that jazz. That won't hurt anyone until you take it into the real world which I wouldn't suggest doing unless it's your job description and someone's paying you to find flaws in their system. If you can learn what's under the hood of Linux and Windows you're pretty much set for any environment.

Yeah I'd already looked into that option however it doesn't support Nexus 5X. Hopefully they fix that soon :) Still, the Nexus 5X has a different WiFi card to the Nexus 5, meaning that Kali can't use it for network pentesting, sadly.

Did a factory reset, re-root and flashed Nethunter again (does the installer ever work on it's own? it always get stuck on 40% or 90%..) put the USB interface to MIDI and it seems to be working better, although the default HID Attack script ("*ipconfig etc.") doesn't work, but the DuckHunter one does - which is alright. Is there any program that allows you to use the phone's keyboard as the PC's keyboard though (as in, the pop-up keyboard on the android phone pushes the pressed keys as HID input to the victim PC). I think that would be pretty neat.

Got it running fine on my Nexus 5, however HID attacks don't seem to work. I'm probably doing something wrong, but I've tried these 2 cable techniques: Straight USB (PC) to Micro USB (phone) This is the standard cable that comes with most 10 y.o. phones USB OTG (phone) -> USB male (from OTG) to USB male (to PC) 2 separate cables, USB OTG from phone to USB male to PC Either my USB port is broken (although, I tried others), the male-to-male USB cable is broken (I have 2 of these, though, same manufacturer) or I'm just doing the cabling wrong. Or I could just be doing everything wrong and I don't need the cables. I don't know. Haven't found a single tutorial out there that shows the cabling end-to-end so it must be something ridiculously obvious.

Oh boi. You've got a HDD and SSD in one?! Haha. 4GB of DDR2 800MHz RAM, eh? Prehistoric stuff there, mate.

Yeah, trouble is I use my phone for work and other bits and pieces, and I've customised it quite heavily.

Hoi! So I've been looking into Nethunter a bit more and am deciding whether or not it's worth installing it as a primary OS on my primary phone (Nexus 5X). I was wondering if anyone could answer a few questions about it for me..here they are: Can it act as a normal phone (make/answer calls, download Google Play apps, SMS, etc.)? Is it reliable enough not to crash on 99% of the apps I download from Google Play? What are the major benefits to having Nethunter as a primary OS (if any)? At first I wanted to dual-boot/use a MultiROM manager so I can have the best of both worlds but it may not be as ideal as I first thought.. I will probably just install it on my old Nexus 5 and see how it goes but I thought it better to pose the question here as I know there are at least a few who have messed around with Nethunter and Kali. Thanks!

Also, haven't seen anyone mention the Thinkpad X220 yet. I wouldn't mind putting Kali on a Samsung tablet though (Tab S2, maybe?) because of their small footprint, it's just the touchscreen would be useless.

Mighty beefy. 8th Gen i7, pretty nice.

GPU = Graphics Processing Unit = Graphics Card. I was asking what graphics card you're putting in it. :)

Ye. Basically, it says to the hacker "I'm here and ready to go!". You could have a chain of Python servers but it could still be traced through each one..

Let me explain more clearly: There's a difference between using a USB stick to store documents and using a USB stick to grab all credentials and stored data on the PC. Most people that use that computer use the internet to log into Facebook, check email, look for employment etc. etc. which 99% of the time includes logging into some portal. Many of these people don't understand how a computer works and will often leave their data (like saved passwords etc.) on the device, meaning that when someone like you comes along just looking to have a bit of fun by testing their new toy has suddenly just broken a few laws about personal security and exploiting someone else's property. Except for the internet? I would say it's connected to everything. Have you looked into it? Many people have said stuff ignorantly like you have and been taken to court for less and lost. That they can, doesn't mean you should do it. Anyone can throw a rock at someone's window to get in their house, but does it mean they should do it? Does it mean it's right? I would argue no. If you got into a fight in court about personal security, the person who breached the other person's security will lose - unless they've done something so bad that the person who breached their security is completely out of the question.