Jump to content
Hak5 Forums

The Power Company

Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by The Power Company

  1. The Power Company

    [RELEASE] WiFi Pineapple Firmware v2.1.0

    Looks pretty nice, can't wait to try it out
  2. The Power Company

    Deep Web Crawler Building 101

    Hey Guys, I've recently been getting into web crawling and I've been considering ways one could make a web crawler to detect onion sites on the Tor network. I know there are already lots of deep-web/dark-web/dank-web indexing sites, such as Ahmia and the onion crate, where one can go to find active onions. However, because new onions appear and disappear daily, it would be handy to have a personal tool that automatically detects onions, possibly even extracting some basic information, and logs the findings for later. Maybe catch some sweet hacks before the feds get to them, or accidentally infect yourself with cutting-edge malware. Idea 1: Brute Force The obvious (and naive) implementation would be to try and brute-force onion names and run something like requests.get from Python's requests library. Assuming you are routing traffic into the Tor network, requests.get will return 200 when an onion site exists and is online at the given address, so any combinations returning 200 should be flagged for later. If if another flag is thrown, such as 404, no action will be taken and the loop will continue to iterate. By iterating through all possible onion links, one would eventually hit some real onions. This design is very similar to password brute-forcing, in both concept and effectiveness. All onion addresses consist of 16-character hashes made up of any letter of the alphabet (case insensitive) and decimal digits from 2 to 7, thus representing an 80-bit number in base32. An example of an actual onion address is http://msydqstlz2kzerdg.onion/ which is the onion link to the Ahmia search engine for Tor sites. This leaves roughly 1208925820000000000000000 possible character combinations for onion addresses. For reference, the largest possible value of a "long", the largest primitive data type for storing integers in Java, is 9223372036854775807, a solid six digits too short to contain the number of potential onions. If you designed a simple program to count from 0 to 1208925820000000000000000 it would take... a long ass time to run (my pc takes about a minute get into 7 digit territory counting by one, and about eight minutes to get into 8 digit territory... the destination number has 24 digits). It isn't that important to me if the web crawler takes several days or even weeks to run through every possible combination, since the majority of onion sites with actual content do persist for a while anyway. As for fresh sites that may not last long, you would have to get lucky for your crawler to hit the correct address during the short period where the site is online. This crawler would be designed to run continuously, looping through every possible combination over and over to continually update the list. There would also be periodic checks of whether onions in the list are still online. Pros: relatively straightforward to program and maintain, could potentially discover onions not contained in other indexes Cons: inefficient and ineffective unless you have a supercomputer lying around Idea 2: Crawler Crawler The next possible implementation would be to leverage the work already done by others by creating an index of indexes. By checking for changes in popular existing indexes at arbitrary intervals, my onion list would update itself with far less computation and time. The one downside is that we can already access these indexes anyway, so we wouldn't get any juicy information before our deep-web peers do. Each site stores its index info in a different format, so the crawler would have to be tailored to read sites from each index differently. We would also have to manually account for index sites going down or new sites being discovered. Pros: less heavy-lifting for my PC, doesn't need to be run constantly Cons: must be tailored to each individual index, more work to code, indexes could go down or change formats, onion sites discovered are ones I could already find anyway. Idea 3: Google-Style Crawler The last idea I have is to implement a crawler algorithm similar to the ones used by Google's own web spiders. My above crawler algorithms only consider the main 'home' addresses, consisting of the 16 characters and the .onion, even though most sites have many pages (fh5kdigeivkfjgk4.onion would be indexed, fh5kdigeivkfjgk4.onion/home would not). One function of professional-grade search-engine crawlers is they build their indexes by following links on the current site. The algorithm would follow links contained in the page source to navigate around the website, and if addresses belonging to new onion sites are found (i.e. the 16 characters are different) it will add them to the index. This would be especially handy upon discovery of sites similar to the Hidden Wiki, which are stuffed full of links to other active (or inactive) onions. Pros: Can take advantage of onion links discovered within new sites, index will fill faster Cons: The Tor network is often quite slow, navigating though sites could be time-consuming. Right now I have some basic test code running to test out a few things, but nothing worth posting quite yet. I will post any progress I make here. Let me know if you guys have any recommendations.
  3. The Power Company

    Pineapples With Kismet Web Inerface?

    Hey guys, So I have been playing around with the newish web interface for Kismet and it is pretty great. I've just been using the standard wireless cards plugged into USB, however, when Darkmatter did his wifi cactus build, he used a bunch of pineapples connected to one pc using ethernet cables and hubs. Does anyone know if this method of interfacing with pineapples is available to the public yet? And if so, how to do it? I know I could just run Kismet on the pineapple itself, but then I won't get that shiny new web interface...
  4. The Power Company


    looks like a fun time! I once stuck my raspberry pi into a tissue box with antennas poking through but this looks a lot better
  5. The Power Company

    Elite Field kit has changed...

    Yeah I bought an elite kit a few months back, can confirm it has not changed (except for it being currently sold out)
  6. The Power Company

    Large Capacity MP3 Players

    I use Google Play music, and even though my entire library is easily too large for my phone's 64gig storage, I can still have all my favorite songs downloaded. There aren't many cases where I lose WiFi access for a long time, but even then I still have about 72 hours worth of songs I can listen too without access.
  7. Really? I thought that hackers were supposed to be as noisy as possible when infiltrating a network!
  8. The Power Company

    Non-Malicious Botnet?

    Hey guys, I was wondering what the best/most efficient way to get multiple devices to act in unison, as a botnet would, but without malicious intentions, as a botnet wouldn't. Would the best choice be to use some cloud platform like Apache Mesos or Docker sort of application? Amazon Web Services maybe? Would designing an actual botnet make any sense? Anyone have any experience with this sort of thing?
  9. The Power Company

    Non-Malicious Botnet?

    Perhaps botnet isn't the correct terminology, but I have a few old laptops sitting around unused. I was thinking that if you were running a program that handles some multi-threaded task and carries out processing methods on a large dataset, you could have a centralized system to keep track of overall progress, assigning the next item in the dataset to be processed as soon as one of the PCs finishes its current task.
  10. The Power Company


    Is it possible to run Piratebox without OpenWrt? I know the Nano already supports OpenWrt, and I'm pretty sure that the Tetra also does, but it isn't in OpenWrt's Table of Hardware yet... EDIT: I wish I could say that I mean the stock version of OpenWrt, but honestly it was so late what I posted this that I completely forgot that both pineapples already run OpenWrt. I mean its not like it says "with OpenWrt" in the ascii art that appear when you ssh into one... oh wait...
  11. The Power Company

    Deep Web Crawler Building 101

    Makes sense. It's funny, the slowness of navigating the Tor network is usually seen as a disadvantage, but from a security standpoint it is actually quite beneficial.
  12. The Power Company

    DownloadExecSMB non powershell payload need

    I figured as much. From looking around a little it seems that Windows XP has powershell anyway, so unless the target manually removed it (which isn't possible to do without breaking it for Windows versions past XP) there shouldn't be any problem... unless I'm completely out of the loop and winxp stands for something other than Windows XP.
  13. The Power Company

    DownloadExecSMB non powershell payload need

    I haven't looked into those specific payloads, but many commands that run in PowerShell are identical to those in the normal command prompt. Does the script use any cmdlets or other PowerShell-specific commands? If it doesn't, it may still work if you just changing the line where it opens PowerShell to opening cmd instead.
  14. The Power Company

    Deep Web Crawler Building 101

    Multi-threading would probably help. I think I'll try implementing some of that sweet Cuda GPU Acceleration sauce as well, it works wonders for deep learning and password cracking.
  15. The Power Company

    Tetra Tactical Shoulder Bag

    Most laptops don't fit in it, but it is great if you are traveling light (and I mean very light)
  16. The Power Company

    Pineapples With Kismet Web Inerface?

    I've gotten the web interface working on Ubuntu 17 but I haven't tried configuring it for pineapples yet.
  17. The Power Company

    Pineapples With Kismet Web Inerface?

    Sweet, not sure how I missed that. Thanks!
  18. The Power Company

    Has anyone hacked the ACT testing system?

    Or just take the SATs instead
  19. The Power Company

    Alfa AWUS036ACH Kali Configuration Guide

    Like many others, I bought myself an Alfa AWUS036ACH, only to find its drivers are not set up by default on the latest version of Kali (despite many if its more recent reviews pointing out this fact). I found that there are few guides on how to get this sexy dual-band interface going, so I made a quick shell script to do everything in one shot. A few things to note before we begin: You need an internet connection for this to work This script works great on a fresh installation of the latest version of Kali Linux (2018.1). I tried running the script on a live boot, but the kernel yelled at me when I was modprobe-ing. If you want this to work with live boot, you will probably need to set up persistence or a custom image. Neither of those options are that difficult. Some of the commands towards the end are not necessary for installation, but I used them while I was figuring out how to set everything up, so I left them in there in case anything breaks. If you are anything like me, you may have a few broken drivers polluting your /usr/src folder from previous failed attempts. Delete them before attempting. Once script has run, I recommend you add the following lines to your NetworkManager.conf [keyfile] unmanaged-devices=interface-name:wlan1;interface-name:wlan2 This prevents NetworkManager from trying to resolve the interface using its own stuff when you reboot again (real men keep NetworkManager disabled anyway, but whatever). If your PC already has a wlan0 assigned by default (i.e. is a laptop with built-in wifi), the keyfile above should work fine. Otherwise, just add interface-name:wlan0; before interface-name:wlan1; The reason I also disabled a second, nonexistent wlan2 at the end is because sometimes, if I unplug the interface and replug it into a different USB port, it will be assigned one number up. This measure adds one get-out-of-NetworkManager-free card to your hand, increasing your chance to pass go and collect that sweet $200. 6. Once you have gotten the interface set up, I would recommend using ifconfig to put it into monitor mode, instead of airmon-ng. I've found that airmon-ng tends to have issues with manually installed drivers on occasion. In case you don't know, here is how its done (assuming your Alfa is assigned wlan1): ifconfig wlan1 down iwconfig wlan1 mode monitor ifconfig wlan1 up Anyway, here is the script in question. As you probably already know, you can copy it to a text file called coolfilename.sh, set it to executable, and give that baby a run from the terminal. Or you could always just manually run the following commands one at a time. #!/bin/sh # Shell script to set up drivers for Alfa AWUS036ACH # You must have an internet connection. # update your repositories apt-get update # install dkms if it isn't already apt-get install dkms # change directory to /usr/src cd /usr/src # if you have any other drivers installed,remove them like so: rm -r rtl8812AU-4.3.22/ # get latest driver from github git clone https://github.com/aircrack-ng/rtl8812au # move into downloaded driver folder cd rtl8812au/ # update files in working tree to match files in the index git checkout --track remotes/origin/v4.3.21 # make drivers make # move into parent directory cd .. # debugging dkms status # rename file for use with dkms mv rtl8812au/ rtl8812au-4.3.22 # build drivers dkms build -m rtl8812au -v 4.3.22 # install drivers dkms install -m rtl8812au -v 4.3.22 # debugging lsmod # summon new interface from the depths of the kernel modprobe 8812au # wifi interface should now appear. ip link
  20. The Power Company

    RF Explorer 3G from EIO -- price too good to be true?

    I love me a good spectral analyzer! While $200 is certainly less than a lot of high-end ones, the site seems to have a good return policy, so if you don't like what you get, just give it back. If a quick google search of "is website.com a scam" doesn't turn up any curious results, you should be good. As with a lot of products online, sometimes you simply don't know until you buy it.
  21. The Power Company

    Pineapple Radios

    Greetings fellow humans, Where/How can I figure out which of the radios on a Tetra is associated with which pineapple function? My shallow understanding is that the Wifi Pineapple Tetra has four radios in it, which are each used for different tasks by default (pineAP, open and management APs, etc). Most people are satisfied with using the dipole antennas that come with the pineapple, but imagine for a second that you wanted to use, say, a directional antenna with PineAP, but you only have one. Which knobs are attached to which wifi interface?
  22. The Power Company

    Pineapple Radios

    Sweet, thanks for the info. You wouldn't happen to know what wlan0-1 is used for, would you?
  23. The Power Company

    Defective Cable=Usb "Disabler"

    Generally speaking, power surges will just outright kill either a device or a port. I've melted many devices by accidentally plugging in a power cable of too high voltage. You are lucky that your ports come back to life after you zap them, but I wouldn't recommend trying to use something like this for any practical application. If you google USB killer, there are videos of people using special devices to short-circuit many devices. It seems your robot isn't powerful enough to actually kill your stuff, but I wouldn't risk it
  24. The Power Company

    Introduce yourself

    I guess I should post here now that I've been here for a little while. Favorite game: entire Dark Souls series Favorite OS: Despite its flaws, I really do like Windows for daily use. I use Kali a lot, but Peppermint Linux is the only Linux that matters Favorite console: Nintendo Switch Nationality: half Cuban, half European, born and raised in America Favourite band: Nine Inch Nails or Gorillaz Other hobbies: amateur HAM radio operator, wardriver, climbing/hiking/biking Occupation: definitely not a FED Other random facts: I am Fluent in English and Spanish, can read Japanese, Russian, and a bit of Chinese. Last summer my friends and I spend two months hiking across the diameter of Spain, from Pamplona to Fistera, and it seems that all the WiFi in the entire country is insecure for the most part. It's like all the data packets collectively get drunk and tend to just stumble into your house by mistake The Pokemon Go fad was great because I could wardrive all over the place and if anyone questioned what I was doing I could just say Pokemon Go, even though there were WiFi radios poking out of my bags, and it was suddenly socially acceptable! I unironically plan to replace my legs with bionic prosthetics the moment they begin to fail me. Possibly my arms as well, not as sure about those though. I'm gonna keep running till the day I die, baby. Maybe I can even program them to automatically walk my corpse to the grave, that would be fun.
  25. The Power Company

    How to make exe to pdf, jpg, png, rar...

    So what is the point of this process? Hiding programs and files in the metadata of something like an image is not a new concept, and it doesn't seem like you will be able to execute the code while it is still in JPEG format. If the goal of this trick is to simply hide away your virus or make it less noticeable in your file explorer, I doubt this will be very useful. This guide largely consists of standard digital forensics procedures in reverse order, so while this may trick your local system admin or coworkers, It would certainly not keep law enforcement out of your data if they seize your PC or grab the file from an email server and pass it off to the right people. The people who would be fooled by this are probably not the ones going through your personal files anyway, so as long as you don't leave THIS_IS_MALWARE.exe sitting on your unlocked desktop with onlookers nearby then you are probably fine. You could even just change the file's extension by renaming it and the results will be largely the same. If the goal is to send the file somewhere with the intent to infect someone, it seems like you would need to implement some sort of unpacking utility to get it to execute anyway, and these sorts of unpacking utilities are what most antivirus software and mail server security programs are designed to look for. If the goal is to pass the code to someone else, there are secure ways to transfer files that don't require this sort of obfuscation, such as copying the file to a flash drive and sending it downriver in a bottle. Or, you know, encryption.