Jump to content


Active Members
  • Posts

  • Joined

  • Days Won


Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

thoregem's Achievements


Newbie (1/14)

  1. If you haven't done so already, I'd save common passwords into a database, so when people search for a hash you can just spit the plaintext right back out.
  2. Before even opening it up, I'd recommend port scanning it. Some devices have open telnet ports that you can connect to, sometimes with no password or a factory preset one. You could try bruteforcing it, but opening it up might be easier. I'd recommend searching the net before attempting to brute force it; most of the time, somebodies tried to get into it before you. Next, open it up. Look for serial connections (rx, tx and gnd). You're going to need some tools. Me and a few of my friends compiled this list of electronics from china. You want the CP2102 or the usb to serial adapter. They're the same thing, and you can pick one up for around $2. Often, when you connect over serial, you'll get a root shell on the device. From there, it's up to you. IIRC, samy kamkar has a pretty good talk on this at Hackaday Superconductor.
  3. Yeah I got the part about supporting the show. I really like the work that Darren and you guys do but I'm pretty strapped for cash. I've built similar devices before, but I was just wondering the difference between a device like the interceptor and the packet squirrel.
  4. From what I've gathered reading through this forum for the past 20 minutes, the interceptor is the community project that birthed the Packet Squirrel. What I want to know is, why even bother with the Pi/Packet squirrel? In Irongeek's implementation, he used a pi zero with an ethernet-usb adapter. Now, in 2018, we could use a pi zero and an usb/ethernet hub along with another ethernet adapter to achieve the same functionality. But, what was stopping them from using an arduino pro mirco/nano with 2 ethernet adapters and just logging everything to an SD Card? I may just be pandering, but I don't really have the money for a $50 mitm packet capturing device, so I was just wondering why it didn't work out when implemented using just an arduino, 2 ethernet adapters, and a micro sd adapter. I think that'd be a lot cheaper than a packet squirrel. Correct me if I'm wrong, but isn't the interceptor just collecting packets, or is it forwarding them across the net?
  5. Then, it's really up to you. As I said, it does run a bit slower, which is actually quite a lot slower since it's older hardware. Bootup takes about three times as long as it used to, as it has to load all the packages on boot. However, you do get a sweet app developed by the offensive security folks that lets you execute a plethora of attacks from within it. There are tradeoffs. If you want to turn your phone into a mobile pentesting station, then I'd say go for it. If you're worried, I'd wait until you upgrade devices and then do it. My nexus isn't my main phone (it's a tablet) so I don't have to worry about bricking it and then being screwed. I think it's pretty cool, but I don't know how much use you'd get out of it. If you do pentesting professionally, then it'd be a great thing to be able to bring with you on jobs. It's up to you dude.
  6. I have nethunter installed on my nexus 7. It's like standard android, but it runs a bit slower. You do have a full kali shell, so that's pretty cool. If you want to, I say go for it.
  7. 1. The library computer likely has protections against people doing this sort of thing, which is why it isn't working 2. It's illegal, which is why everyone else (including myself now) are telling you to stop. So stop trying to break other people's property, whether it's intentional or unintentional.
  8. Yes, you do have to put an IP in your reverse shell. However, you could buy a server in a country with lax internet laws and send your traffic to that in a screen session, then just ssh into that through tor and you're pretty much untraceable, as long as they can't trace the money you've spent. There are ways to remain anonymous when doing these kind of attacks, but for most pentesting jobs, a raspberry pi running a server is pretty much golden, since you're on contract with the company and don't need to remain anonymous. You'd use the same technique (seriously, look into screen), and the setup would be pretty much identical.
  9. ooh I want one too.... I already have an NHA, but you can never have too many wifi adapters
  10. I'm going to bump this, since it's been a while since it was posted. I still need help on this issue, as I'm rather stuck
  11. Yes, the drivers work on all unix based systems, so they will work on a mac. I'd recommend installing linux, as you'll get far more use out of it in an OS that you can customize and change settings to your liking. You could increase the txpower, which will increase the range. If that isn't far enough for you, look into 2.4Ghz Yagi-Uda Antennas. They're really fun, as they can give you wifi ranges of over a mile. Hak5 has a video talking about it.
  12. This is more of a legal question. The way I look at it is: If I have to ask if I'll get into trouble doing something, I shouldn't do it. Only hack on your own network, and nobody elses. DO NOT bring your pineapple to school, or try to show off what you can do there. It's good that you're getting into this field early, but you have to understand that there are limits if you want to pursue this legally. I'd recommend installing linux on your computer and customizing it. Learn the CLI, and teach yourself how it works under the hood. This will come in super handy when you learn server exploitation in the future. Not to mention, Open Source is superior to windows.
  13. The problem with most windows backdoors (including reverse shells) is that they need the window open to function. Your best bet is going to be to try and hide that window, so I've linked some stackexchange answers that explain how to do exactly that below. Most of these involve making the script into a vbs object, which by default run in the background on windows systems. Answer #1 Answer #2
  14. The Pi is a small arm linux box, so this is very feasible. You'd want to use software like GQRX to listen to signals, and there is plenty around for decoding. I've used my Pi 3 and Pi 2 with my RTL-SDR, and I haven't had any problems. I don't see how this would be any different. The yardstick one has linux drivers available, and this project shouldn't take too long to complete.
  • Create New...