aethernaut

https://en.wikipedia.org/wiki/Ntopng

For those of you that use Raspberry Pis to experiment with and build things like Hak5 C2, and Kismet boxes, the below may be of interest. MagPi Magazine #91 March 2020 page 6

No idea. Just haven't seen much evidence of it over the past year. Remains to be seen what, if anything, happens.

Possibly, but that assumes Hak5 actually wants to continue.

@Void-Byte Apologies. I had a "senior moment". I now see that this thread has been going for some time and your post reminds users to ensure they are on the most current (2.1.2) release.

I don't think they will. Whilst Hak5 has been off-air YouTube has cracked down on anything they consider to be teaching / promoting "hacking". This would cover pen-testing, which is basically the same thing but with a "different coloured hat". So if Hak5 wanted to go back to more instructional videos it could face being shut down. I suppose this ban could even cover videos demonstrating how to use some Hak5 products. An option is to follow Null Byte's lead and post trailers on YouTube but host the full video on their own site, but then they lose any YouTube ad revenue. I can't see Hak5 engaging in anything that does not generate money, it is a for-profit business after all. I would like to be wrong about this but after all this time I just can't see it happening.

I'm treating it as if it is. Everything relating to YouTube output seemed to pretty much grind to a halt after the move to Oakland. Then Tekthing went and Threatwire seems to be an independant production supported by Patreon donations. Does Shannon even use the Hak5 studio any more? (Actually even Darren doesn't when he advertises another product). There was a promise a while back that there would be new output and a year or so ago a new format was tested but nothing came of it. I stopped subscribing on YouTube a while back, although looking at it, subscriber numbers appear to still be going up. I have no idea why. Maybe people are reading about the kit, buying it and then subscribing. I only return to the forums because occasionaly a useful "nugget" of information comes up, but more and more it is "I want hack mentor", "How do I hack", "Have I been hacked", "why does <insert product here> not work" posts. If there was a button to close my forum account I probably would have pressed it. I guess they are making enough money from shifting kit to not have to worry about YouTube.

@Void-Byte For something newer than 2.1.2 released in December 2019? Hak5 downloads doesn't show it...

No, it's not just you... EDIT: By that I mean a person in Canada, not you as an individual!!

That's quite a task you have set yourself. The main things that may affect the recovery of your data is how long since the file was deleted and have you used the disk much since then? As disks are so large these days many files, especially smaller ones, are recoverable a long time after they are deleted, even if the disk is in use. However if the disk hasn't much free space left there is a much higher chance that the file system has had to re-use clusters from previously deleted files. Also a VM will be a very large file and there is therefore a good chance that many of its clusters would have been re-used. Of course if it was on a separate disk you have hardly used since, you may get lucky. As for software to do this I can't really suggest anything that is easy to use. Also "professional" data recovery software is horrendously expensive and assumes you know how to use it (they will likely have training courses you can buy - for the price of a reasonable holiday!) However a util that I have heard good things about is PhotoRec. Despite what its name suggests it does have the ability to recover LOTS of file types including vmdk and vdi files (See the full file format list). Also remember you shouldn't really install and run recovery software on the disk you want to recover files from, because installing / using the software and saving recovered files may actually overwrite data you will want to recover. Of course if you want go go down the "full-on" forensic recovery route you can try Autopsy but be warned; the learning curve can be astronomical for those who are not already familiar with this aspect of computing. Finally, recovery software may appear to recover lots of files but that does not mean that they will always be valid / readable. This type of software often has to make assumptions and those assumptions can be wrong. Always expect to get nothing and then you will always be happily surprised when something does come out intact. Best of luck!!

It may well be much quicker which is why I suggested testing on a smaller list just so you can get an idea as to how many years it would take 🙂. However with a large wordlist I doubt it will be that quick. Of course if someone ever used this in the real world they could come up against something like Fail2Ban which would bring the whole exercise to a sudden and grinding halt!

Forgot to mention, to overwrite the whole partition this super large file will have to be an exact multiple of the space available. When space runs out and the whole file cannot be copied the copy process will error. It will not carry on writing whatever of the super large file it can. Therefore if your super large file is, say, 40GB and your partition is not an exact multiple of 40GB you will have an area that is not overwritten. For example if after a copy of the file is written there is only 35GB free space left the copy will fail and leave 35GB of disk space untouched. The bigger your super large file is the more you will possibly leave behind.

That is not formatting, that is disk wiping (hopefully). Crudely, formatting just resets file system pointers and leaves the data intact but in unallocated space and easy to recover. Disk wiping overwrites the whole disk with cycles of zeros and random data. With DoD I think that is seven cycles. The Guttman method uses 35 overwrites!! See how long that takes on a 6TB HDD!! I have found that one pass of zeros is normally enough if you verify afterwards that the drive is all zeros. Disk wiping programs often provide this as an option. You could. The main difference is that your method will only fill the file system not the entire disk. Disk wiping starts a sector 0 and carries on until the whole disk is overwritten. There have been arguments made that even this will not erase the data in clusters that have been marked bad during the life of the disk. Getting at this data however is NOT trivial. Another scenario is that initially, say, you had two partitions on the disk that used all the available disk space. You later change that to one partition. However one partition, due to the maths, cannot occupy all the disk and you have disk slack that contains data from one of your two previous partitions. Likely only to be very small, if any. The paranoid and those with very sensitive data take such things seriously and will crush the hard disk rather than wipe it and let someone else have it. That's right but you will only get the last place your data resided. Remember disks defrag and clusters containing part of that file may no longer be associated with the file because the data from it has been moved to somewhere better for read speed. The defrag copies the data to the new location but does not wipe the old location. Sure you are only talking about a cluster sized chunk but it could be an important cluster or even a consecutive chain of clusters! Also many programs create many, many temporary copies and working files as you draft a doc / sheet (Word, Excel I'm looking at you). These get splashed all around the disk and all can be recovered unless they happen to have been overwritten by later files. I have had drive wiping / formatting / partitioning software kill cheap flash drives or somehow make them read only. That's normally because I was being nasty to the drive rather than anything malicious. I have also had cheap thumb drives die on me precisely because they were cheap thumb drives. Not going to make that recommendation in case things go wrong!!!

Yes, using a password list is a dictionary or wordlist attack. Brute-forcing is progressively trying every possible combination of letters, numbers, and symbols a password, of possibly unknown length, may contain. How long depends on what you are doing, and if BB means Bash Bunny it is likely to be a long time and it certainly won't be hash cracking. Assuming you wish to throw a user/password combo at something, like BruteBunny does, you can see how long it would take by making a small list to test it with that contains the password** so that you can check it actually works. Remember with payloads like BruteBunny if you use a list of account names with 9 entries, the BB will have to process the entire wordlist 9 times. So if you tried that just with your Rockyou list (14M passwords?) that's up to 126M logon attempts. If it checks at one per second (24/7) that's up to 4 years and there is no guarantee the list actually contains the password. If you find it's faster than one per second, divide accordingly. **You will know the password because it will be your equipment you are testing this on.