Jump to content

Search the Community

Showing results for tags 'Wifi'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. I have been working around the Evil Twin Airbase-ng for quite a while and i am unable to get my victim PC which is my other windows 10 machine to connect; It did connect to the AP once(rarely) and when it did it had no internet connect which has kept me up for sometime, i am going to post the proccess i have performed please go through them and guide me through the issue. Note:i have tried iptables and echo 1 it didnt help Setting up USB Adapter TP-LINK TL-WN722N Version 1 to monitor mode airmon-ng start wlan0 Checking for background proccesses that can interfere with the work airmon-ng check wlan0mon(assigned new name) Setting up the Fake AP airbase-ng -a 72:02:71:73:0D:B6 --essid Ryan -c 1 wlan0mon 17:19:25 Created tap interface at0 17:19:25 Trying to set MTU on at0 to 1500 17:19:25 Trying to set MTU on wlan0mon to 1800 17:19:25 Access Point with BSSID 72:02:71:73:0D:B6 started. 17:19:40 Client D0:13:FD:07:79:07 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:41 Client 20:16:D8:F4:0D:98 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:57 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" 17:20:03 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" Deauthorizing clients on another terminal aireplay-ng -0 0 -a 72:02:71:73:0D:B6 wlan0mon 17:22:11 Waiting for beacon frame (BSSID: 72:02:71:73:0D:B6) on channel 1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:15 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 Installing DHCP server apt-get install isc-dhcp-server Reading package lists... Done Building dependency tree Reading state information... Done isc-dhcp-server is already the newest version (4.3.5-3+b1). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Configuring nano /etc/dhcp/dhcpd.conf authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 8.8.8.8; range 192.168.1.10 192.168.1.200; default-lease-time 600; max-lease-time 7200; } Installing bridging utilities apt-get install bridge-utils Reading package lists... Done Building dependency tree Reading state information... Done bridge-utils is already the newest version (1.5-14). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Bridging interface root@kali:~# brctl addbr evil \\Name of the bridge i made root@kali:~# brctl addif evil eth0 \\my ethernet connection root@kali:~# brctl addif evil at0 root@kali:~# ifconfig at0 0.0.0.0 up root@kali:~# ifconfig evil up Starting DHCP server root@kali:~# systemctl start smbd.service root@kali:~# dhclient evil root@kali:~# service isc-dhcp-server restart root@kali:~# service isc-dhcp-server status ? isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server; generated; vendor preset: disabled) Active: active (running) since Wed 2017-12-06 17:32:35 EST; 6s ago Docs: man:systemd-sysv-generator(8) Process: 2049 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) CGroup: /system.slice/isc-dhcp-server.service +-2061 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0 Dec 06 17:32:33 kali systemd1: Starting LSB: DHCP server... Dec 06 17:32:33 kali isc-dhcp-server2049: Launching IPv4 server only. Dec 06 17:32:33 kali dhcpd2060: Wrote 11 leases to leases file. Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same subnet: eth0 evil Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same shared network: eth0 evil Dec 06 17:32:33 kali dhcpd2061: Server starting service. Dec 06 17:32:35 kali isc-dhcp-server2049: Starting ISC DHCPv4 server: dhcpd. Dec 06 17:32:35 kali systemd1: Started LSB: DHCP server. /etc/init.d/isc-dhcp-server start ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service. IP gateway root@kali:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0
  2. Hi all, I'm a newbie to Hak5 Forums, so if this thread is in the wrong category, it would be great if the admins could move it to the correct category. Most of you are probably using 'BO' as the region for 'iw' on Linux. This allows the WiFi interface to operate at 30dBm (1 Watt) at max. However, if you're like me and have a device that is capable of transmitting over 1W (I have Alpha Network AWUS036NH - 2W), you might be interested in increasing the TX power beyond 30dBm. By default, selecting 'BO' as the region only allows the device to operate at a maximum of 30dBm. I tested this on my Raspberry Pi 3, Model B running Kali Linux (with the kali-linux-full metapackage). *** If you are lazy and don't want to follow these manual steps below, I made two bash scripts that will work on Kali Linux and Ubuntu : https://github.com/hiruna/wifi-txpower-unlocker Working directory: /root Steps: 1. Update and upgrade apt-get update apt-get upgrade 2. Install dependencies to compile apt-get install pkg-config libnl-3-dev libgcrypt11-dev libnl-genl-3-dev build-essential 3. Download the latest Central Regulatory Domain Agent (CRDA) and Wireless Regulatory Database I downloaded crda-3.18.tar.xz and wireless-regdb-2017.03.07.tar.xz wget https://www.kernel.org/pub/software/network/crda/crda-3.18.tar.xz wget https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2017.03.07.tar.xz 4. Unzip the downloaded files tar xvJf crda-3.18.tar.xz tar xvJf wireless-regdb-2017.03.07.tar.xz 5. Navigate into wireless-regdb-2017.03.07 cd wireless-regdb-2017.03.07 6. Open db.txt and locate the region BO section nano db.txt You will see something like this: country BO: DFS-JP (2402 - 2482 @ 40), (30) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) The number in the second set of brackets (for each frequency) is the txpower. Since I'm using the 2.4Ghz and want a txpower of 2W (~33dBm), I changed the 20 to 33, and saved the file: country BO: DFS-JP (2402 - 2482 @ 40), (33) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) I also noticed that region AU allows 36dBm for 2.4Ghz, so you could just continue without modifying the region BO: country AU: DFS-ETSI (2400 - 2483.5 @ 40), (36) (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW (5250 - 5350 @ 80), (20), NO-OUTDOOR, AUTO-BW, DFS (5470 - 5600 @ 80), (27), DFS (5650 - 5730 @ 80), (27), DFS (5730 - 5850 @ 80), (36) (57000 - 66000 @ 2160), (43), NO-OUTDOOR However, I checked with Kali Linux (without compiling and changing the regulatory.bin) and it showed that max txpower was only 20dBm: country AU: DFS-ETSI (2402 - 2482 @ 40), (N/A, 20), (N/A) (5170 - 5250 @ 80), (N/A, 17), (N/A), AUTO-BW (5250 - 5330 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW (5490 - 5710 @ 160), (N/A, 24), (0 ms), DFS (5735 - 5835 @ 80), (N/A, 30), (N/A) So I'm assuming Kali Linux is using an old regulatory.bin and legislation in AU has changed. 7. Compile make 8. Backup up your old regulatory.bin file and move the new file into /lib/crda mv /lib/crda/regulatory.bin /lib/crda/regulatory.bin.old mv regulatory.bin /lib/crda As mentioned in https://wireless.wiki.kernel.org/en/developers/regulatory/crda and https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb, we need to include RSA public keys in crda-3.18/pubkeys. I noticed that there are already 2 .pem files in crda-3.18/pubkeys: sforshee.key.pub.pem linville.key.pub.pem 9. Copy root.key.pub.pem into crda-3.18/pubkeys. I also copied sforshee.key.pub.pem from wireless-regdb-2017.03.07 as it was newer: cp root.key.pub.pem ../crda-3.18/pubkeys/ cp sforshee.key.pub.pem ../crda-3.18/pubkeys/ I found that there are two other pubkeys located at /lib/crda : -rw-r--r-- 1 root root 451 Jan 18 12:58 benh@debian.org.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 linville.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 sforshee.key.pub.pem So I copied them too (wasn't too sure whether I needed to copy them): cp /lib/crda/pubkeys/benh\@debian.org.key.pub.pem ../crda-3.18/pubkeys/ cp /lib/crda/pubkeys/linville.key.pub.pem ../crda-3.18/pubkeys/ 10. Navigate into crda-3.18 and open the Makefile cd ../crda-3.18 nano Makefile In Kali Linux, crda is located at /lib/crda instead of /usr/bin/crda, so in the file change the 3rd line REG_BIN?=/usr/lib/crda/regulatory.bin to REG_BIN?=/lib/crda/regulatory.bin : REG_BIN?=/lib/crda/regulatory.bin 11. In the Makefile, find the line CFLAGS += -std=gnu99 -Wall -Werror -pedantic and remove the -Werror option (I couldn't compile without changing it as it treats warnings as errors): CFLAGS += -std=gnu99 -Wall -pedantic 12. Compile make clean make make install That's it! I rebooted my Raspberry Pi after compiling. reboot 13. Now let's change the region and set the txpower to 33dBm: ifconfig wlan1 down iw reg set BO iwconfig wlan1 txpower 33 ifconfig wlan1 up
  3. So I have my wifi pineapple set up and everything, I need to install wp6.sh for wifi sharing. So I do the command wget wifipineapple.com/wp6.sh. It installs I do the chmod +x wp6.sh, then I ran the application ./wp6.sh. It comes up with a menu for many options. I do guided install then it tells me y/n for 3 things I do y for all of them. Then I hit c to continue with current settings. It says travel to the website for wifi pineapple. But up above it says this SIOCDELRT: no such process and right below it says, eth0: Unknown host I am running on kali linux. thx, Cameron ps, the bulletins don't load.
  4. ok so im stumped, have installed the ralink-fw for the 5370 yet my kali machine will still not detect this adaptor, the hak5 site states this adaptor works with kali yet for me its not, i have other adaptors but i like how small this is thanks in advance
  5. Another problem all. Trying to set I'm WFP to my local network for internet however in the drop down box it only gives me wlan1 option but the note below states "using wlan1 will interfere with pineap" how can I get more options ??
  6. I bought an ASRock USB WiFi dongle from HAK5 recently. I'm using on my XPS13 running Ubuntu 17.04. When I plug it in and do an ifconfig it returns as wlx002522508b5d If I then try and pit it in monitor mode using sudo airmon-ng start wlx002522508b5d The device then vanishes from the ifconfig list and I get phy0 wlan0 wl Broadcom Limited BCM4352 802.11ac Wireless Network Adapter (rev 03) phy6 wlx002522508b5d rt2800usb Ralink Technology, Corp. RT2870/RT3070 Interface 15mon is too long for linux so it will be renamed to the old style (wlan#) name. (mac80211 monitor mode vif enabled on [phy6]wlan1mon (mac80211 station mode vif disabled for [phy6]wlx002522508b5d) I then try sudo wash -i wlan1mon it returns wash v1.4 WiFi Protected Setup Scan Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> [X] ERROR: Failed to open 'wlan1mon' for capturing I have tried substituting wlam1mon for [phy6]wlan1mon, [phy6], [phy6]wlx002522508b5d, wlx002522508b5d and they all return the Failed to open error. Where an I going wrong please? Thanks for any help
  7. Hi, I was looking at the pineapples and found the Nano and Tetra very interesting but on the Hak5 store description, they don't really compare the too together. I'd like to know especially if the size of the Tetra is worth it if it has a lot of extra range and power. I've also heard the Tetra needs a lot of batteries while the Nano doesn't. So what's worth to get between these 2 models in terms of range, power and stealth? Thanks
  8. Hello people, I was recently doing some work with those VEX Robotics wireless control robots and I had some ideas about packet sniffing attacks, replay attacks, man in the middle attacks, and de-authentication attacks. The robots use the Vex cortex, which has a wireless adapter through a USB port, it says that is is 2.4 GHz, and another USB wireless adapter is plunged into a controller, like a joystick. My school did a competition with these robots, and it ended last week, now we are doing another thing just as a school, they said we were doing battle bots. When I did some research I hadn't seen anybody do anything like this and I though I would look into it. When I was doing research I found that, the robots don't use any encryption it is end to end, the controllers or create there own network an access point that the robot connects to, the network it creates is hidden it does not broadcast its SSID and has to be pared with the cortex, they are 2.4 GHz, they all have independent channels or mac addresses (many can operate at the same time without interference). The first thing I though of would be a deauth attack, where I would send out deauth frames to disconnect their robot from the controller from the cortex leaving their robot powerless, I was tinging I could do this with Aircrack-ng, put my wireless card into monitor mode with airmon-ng, find the mac address and channel of the robot with airodump-ng, deauth with aireplay-ng. The next attack I though of was if I could intercept packets from the remote to the cortex and either replay them to keep doing an operation or send in my own by finding out what commands correlated to what packets and injecting them while impersonating the robot. I have not done much with packet sniffing/replay/injection if anybody knows anything on how I could do that? or if anybody has done anything with these robots? or if you have any ideas on wireless attacks? I am all ears and I would love help and suggestions, this seems like a really cool project. I would love to hear your thoughts, thank you
  9. Is there a way using the WiFi Pineapple Nano to find out what APs a targets device has in it's previously connected wifi list? Phones, I would guess, have many APs in it's memory that they have previously connected too and are constantly on the look out for. It would be handy to know what they were so that I may create a clone of that AP to get the target device to connect too. Thanks for any help Tim
  10. Hi, im new to this forum and i have a question related to wireless penetration testing. I have a Alfa AWUS036NH Card and amped it to 33dBm and a Yagi-uno antenna with 25dBi of gain.. If i'm correct the EIRP calculation should result in 58 Watts / EIRP. So my question is how far would i get with this setup and another thing i live in a place where surrounded with a lot of houses does that mean that the walls, roofs etc block the signal and decrease the signal so i get less further than when (i.e on top of a building.)
  11. Does anyone know if there is anything simple inside that I could use to tell if WiFi is on or off? I'm looking at situation where I absolutely, positively cannot do any emissions. Was thinking perhaps hooking a small LED indicator. The display LEDs seem to have a mind of their own..
  12. Hi, let me give you some introduction: I bought the nano months ago and pentested some of my old routers. Unfortunately I had to realize that the nano only can handle the 2.4 GHz frequency, but no problem, great product anyway. Most newer routers support both 2.4 to 5 GHz, so I decided to buy the tetra to continue pentesting with my network that has one brand new access point with both frequencies up at the same time. The start with the tetra was great, because with the "Recon" tab it's possible to scan both frequencies at the same time. Sorry I'm not a fan of the "Modules" so I always continue with an ssh connection and use the aircrack-ng tools. Here comes the question: Why can I scan my networks (2.4 and 5 GHz on same AP), but the injection does not work on the 5 GHz frequency? I know that the MAC Address changes in the last character, but I started to airodump my 5 GHz and fixed the channel (also tried different ones), but it is still not working. What am I doing wrong? Screenshots included. Scan results: http://i.imgur.com/2QV8OkJ.png Airodump: http://imgur.com/taEl4EY Aireplay: http://imgur.com/wRSW3ed Second test with another router (also dual frequencies): I'm wondering how I can capture my WPA2 handshake when I'm connected to the 2.4 GHz frequency and when I try to deauth my phone for example, it will reconnect to the 5 GHz frequency without giving the handshake. Same goes if I'm connected to the 5 GHz first and deauth it, the reconnect goes to the 2.4 GHz. I know that is normal behavior for modern devices, but can you please give me some advices how to handle this? Maybe a script with a loop of switching frequenies and deauth could work? Thank You!
  13. HI all. My first post here. I bought a Wifi Pineapple Nano (tactical edition) yesterday. I have not received it yet, but I've got a question about wifi. Since I did not buy the "Elite" edition, since it has been withdrawn from the site, there is no Ralink wifi usb module with the device. This means you have to tether the Pineapple to my phone via Usb or Wifi. But wouldnt it be perfectly possible for the pineapple to connect to a mobile broadband hotspot instead of using my cellular data on my phone? Its a TP-link Mifi device and since I have a simcard with a dataplan of 100Gb pr. month, it would be a perfect match. But is it possible? Thanks in advance - CC
  14. My last question was answered so well I thought I throw another one at you guys. Has anyone used a balloon for receiving radio signals? (4g, wifi, tv or whatever else) i moved and now live behind a ridge, the AT&T tower is a stubby piece of crap like maybe 40 ft tall and can't go beyond the ridge. i bought a 4g booster/repeater and I figured the best way I could test it would be a balloon, before I put up a tower. if anyone has tried this with something similar I would be very interested to hear what type of balloon and any tricks you have. thank you
  15. Is it possible to apply a filter to airodump-ng to show AP's with a similar ESSID. e.g ACME1234, ACME5678 ? obviously it can be done with BSSID's by applying a mask, but I can't find any examples that show it being applied to the ESSID. can someone please advise? Thank you.
  16. DumpCreds 2.0 Author: QDBA Version: Version 2.0.2 Target: Windows Description Dumps the usernames & plaintext passwords from Browsers (Crome, IE, FireFox) Wifi SAM Hashes Mimimk@tz Dump [new] Computerinformition ( Hardware, Softwarelist, Hotfixes, ProuctKey, Users...) without Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock) Internet connection (becaus Firewall ContentFilter Blocks the download sites) Configuration None needed. Requirements Impacket must be installed. Install it from tools_installer payload https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/tools_installer STATUS LED ----------------------- Status -------------------------------------------------------------- White Give drivers some time for installation Red Blink Fast Impacket not found Red Blink Slow Target did not acquire IP address Amber Blink Fast Initialization Amber HID Stage Purple Blink Fast Wait for IP coming up Purple Blink Slow Wait for Handshake (SMBServer Coming up) Purple / Amber Powershell scripts running RED Error in Powershell Scripts Green Finished Download https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/DumpCreds_2.0 ToDo paralellize Creds gathering with PS while Bashbunny is waiting for Target finished the script it can do some other nice work. i.e. nmap the target. (Not very usefull at the moment, because I'm Admin on Target Host) remove the modifications of the Powersploit scripts, so you can download and use the original Files. (At the moment you must use my scripts) Not Possible at the moment put some version information into the sourcecode and the output file rewrite some code of the payload so the payload will work no matter if you have admin rights (UAC MsgBox) or not (Credentials MsgBox) Maybe! If Target is in a AD Domain and Mimik@tz give us some Passwords try to get some more information about the AD Domain Credits to...... https://github.com/sekirkity/BrowserGather Get-ChromeCreds.ps1 https://github.com/EmpireProject/Empire Get-FoxDump.ps1, Invoke-M1m1k@tz.ps1, Invoke-PowerDump.ps1
  17. Hi all, I have myself a stack of various routers; an old BT Hub 2, Hub 6, an original TALKTALK router, some random router that looks like it's from the 90's (I forget the model), etc. People give me their old stuff to play with because they know I'm a massive nerd in my spare time Pentesting the router password hash is easy enough with Aircrack, however I can't find much information about how one goes about capturing the admin password hash of a router (or plain text, if it's old and crappy like the random router I suspect may be!) So a basic question; What tools / methods are used for capturing admin router passwords? I plan on having a play with each router over the weekend. I did an online search for information, but the search just yielded lots of rubbish news articles with no actual useful information. Thanks guys.
  18. so i see alot of scripts like wifiphisher and fluxion they work great but the only sad part is when they clone the wireless network ...is it possible to let the user automatically connect to our fake access point by disabling their own access point..like without displaying the access point in the wifi list.
  19. Hello everyone, I am a little bit new to the WiFi Pineapple Tetra device and specially to the Hak5 Community :D but I am pretty interested in it and I want to get one. However I have some problems. First of all I live in Lebanon hakshop doesn't ship this to my country, second of all hakshop only supports PayPal which also isn't supported in Lebanon. So in this case I started thinking of borderlinx (www.borderlinx.com) and this company provides the user a US address that I can ship the products to and later on ship to Lebanon and they also have a concierge service that can buy the product using PayPal. This sounds like good and bad because well first of all this would definitely increase the overall price that I am going to pay, first to pay the shipment price for borderlinx to US address then the shipment price to Lebanon along with the custom fees and taxes and also pay the concierge fee (5% of the product price), well I don't care I'll pay whatever amount but I also checked on the hakshop website on the terms/policies page that they prohibit freight forwarding services? Does that mean that I can't user borderlinx? And in that case how in the world would I get my hands on this amazing product? On the other hand, I wanna ask about the compatible and supported mobile hotspots. My Telco provider has the "Huawei 4G E5786Bs" Mobile Hotspot, but does it support USB Tethering? Is it compatible with Pineapple Tetra which essentially is based on OpenWRT which is Linux? Also I really didn't find much documentation and videos online. Any help would be much appreciated.
  20. Hi is there a any way to create a ap with wep encryption but this ap needs to accept all passwords entered,is it possible?
  21. hello everyone, i just got my wifi pineapple a few weeks ago. i have been trying to troubleshoot it myself but i just cant seem to figure out what is going on with my nano. i set it up correctly and followed the directions like i was supposed to. then when i go to run the guided setup everything goes smooth until it tells me to connect my pineapple to my computer. i connect it but it doesnt seem to recognize it. now i connected it to my laptop and can go to the website with it and its fine but in order for me to connect it to the internet my computer for some reason will not recognize it . if anyone can help me that would be very much appreciated. thank you!
  22. Hi, I saw one of Shannon's podcasts and Darren said that the Bash Bunny is Debian, so you can "sudo apt-get install whatever you want". Is this true? Does the Bash Bunny have wifi? Because in the release video they didn't say anything about the Bunny having built-in wifi, nor does the product page. If it doesn't, can you share the internet connection from my computer to the Bunny? Thanks!
  23. Hi all, I am creating some shell scripts that occasionally need to use an external Alfa WiFi card, but not all of the time. Rather than leaving the Alfa card enabled constantly, I would like the script to bring the card online when it is required, and switch it back off when it is not. I have read various methods to do this online, but none seem definitive, so I would like to ask which method I should use. So far, I have seen suggestions of; Using WLAN# up and WLAN# down Disabling USB ports using Hub-CTRL Using hardware add-ons This or this (unknown what is being done here) Even people saying it's not possible. What would you suggest? Has anyone else had any luck with switching off and back on an Alfa Wifi Card from a Linux command line/script? I haven't yet played around, as I'm not at home, but I don't want to waste my time trying a method that won't work as well as something else. Thank you.
  24. Hey folks, i searched the Forum, but found nothing really helpful to my issue, so I decided to start my own thread. Recieved my NANO yesterday and most of the things work fine. Just the client mode wont work with the delivered wifi dongle. It doesnt show up my router or my hotspot from android tablet if i scan with wlan2. Even if the nano lies in front of it. Tried it with a TP-Link and it works fine. But i really dont want to stick that white bulky thing into the pineapple while its in the elite bag. Hows that looking? Actual setup: Factory resetted NANO with elite antennas. OS 1.1.3 installed. only module installed is DWall The included wifi dongle is plugged in. I scan with wlan1 and find all the APs sorrounding me.But I want to use the PineAP, so I scan with wlan2. Most of the time it finds no single AP. Any ideas how to fix this?
  25. I've been working on a project that I think some of you will find interesting. I wanted to see a map of the WiFi networks in my area, and be able to filter on things like encryption. The closest thing I found was the map on wigle.net, which wasn't anywhere near as detailed as I had envisioned. So I started almost from scratch, and built my own solution, based on data collected through the WiGLE Android app. It's possible to search and filter on a number of network properties, as well as show detailed info on where a particular network has been spotted. It's also possible to import data from airodump-ng, and see which clients have been connected to an access point (based on MAC addresses), and the SSIDs probed by that client. It's come a long way since the first POC version, and is now working quite nice, once you have it set up. It is available on GitHub, with link to a live version. I've been learning HTML/CSS/JavaScript/PHP/MySQL while making this, so there are bound to be some bugs, and less-than-optimal code. Please take a look, and tell me what you think.
×
×
  • Create New...