Jump to content

Search the Community

Showing results for tags 'Passwords'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 14 results

  1. I just received my bash bunny In the mail today! And to put it mildly, I am Enthused! Right away I was very interested in "alternative" ways to use the bash bunny's power. I am new to the Ethical Hacking / IT community (I'm currently enrolled in college as a Cyber sec. and Info. Assurance major) and therefore am not extremely acquainted with scripting. Now. Onto my Idea! I use KeePass on a day to day basis. It is my most trusted application. And I thought I could combine it with the power of the bash bunny! Imagine, If you will, plugging in the bash bunny, it opens KeePass Portable (probably housed in its filesystem), It auto types an insanely long and complex password, (optionally) It searches for your 2FA Key (for security since we are bypassing a password) (presumably on a separate flash drive) and enters it in. What the result would be, you plug in your 2FA drive, You plug in your bash bunny, Boom... passwords all in one place without the hassle! Optional additions: OS Detection that opens a compatible version of KeePass portable Synchronization of old KeePass files of the same name as the database Anywho! Glad to be a part of these forums! Please leave me suggestions and tips! they are greatly appreciated! Many Thanks 9ShadesLeft
  2. I posted this in a seperate HAK5 forum room. How do you think is the best way to deploy this code? I tested it on a Windows 10 machine. It writes all SSID and Credentials to a temp file, then emails it to the attacker.
  3. Violation of CoC
  4. Is there any possible ways of doing MITM attacks that would take usernames and passwords. When I try to use Xerosploit, PytheM, or even bettercap. None of these methods work on websites such as Facebook, Twitter, Paypal, Gmail, etc. Is there any new methods that is the latest that is working right now?
  5. Hello, so i live opposite a school and during drop off and pick up day 1.. pineapple harvested a ton of SSID's from mobile phones probing day 2.. had alot of connected clients connected to the SSID's pineAP made when the mobile phones connect to the SSID would they automatically give up the WPA stored password upon login? and if so is there an infusion that will siphon the password to a log file? they may only give up the password if wpa security is set to on.. maybe someone could make an infusion that acts like wpa is turned on and is requestiong a password while we are connected to the client and logging the information they give up Cheers Coroner
  6. So I know that the router generates random passwords in this structure: xxxx-xxxx-xxxx It uses all loweralphnumeric and includes the dashes, but no other special characters. I've been reading about generating rainbow tables, but all the options include too much, or wont allow me to generate 12 character long passwords. But I don't know if I totally understand the process yet, I'm still reading. Does anyone know a good way of generating either plaintext dictionary or rainbow tables that fit this specific format only? I want to create a dictionary that includes all possible combinations for this format. Correct me if I'm wrong, but there should be: 62^12 = 3,226,266,762,397,899,821,056 possible combinations? This if for my personal TP-Link router that I bought. Noticed this default password formatting and want to see if I can generate a customized table for it. Really appreciate any advice or input.
  7. Thanks to Hak5 for bring the Mark V to the masses--would like to see more examples of various hacks thus I assume this is what the forums are for so, here are some questions. I went to the link below and thinks its a good tutorial but think the person left out a bunch of Stuff and has it wrong on the whole Whitelist thing they mentioned in the guide--I think they met to say you need to black list----- file:///home/q/Downloads/Phishing%20for%20Facebook%20logins%20with%20the%20WiFi%20Pineapple%20Mark%20V%20from%20HAK5%20%28Setup%20Guide%29%20|%20.%20.%20TheSecurityBlogger%20.%20.%20..html ==================================================== While these are Mundane ---I think Hak5 should address them or put out a printed living document on the various options Questions: I want to create a rouge AP ( for edutional purposes only ) to get those in my vacinity ( class rooms) outside perimieter to connect through my Mark V. As in article above I want to use the 3 tools TCPDUMP ( need wireshark ro look at dump file??? ) WIFI manager and SSLstrip PLus using Karma the follwing questions arise hoe top get feed back. I am running a laptop, with a WIFI router connection ( rouge AP ) and Pineapple connected to my laptop 1) Where in the WIFI setup tabs do I " Share " the network? 2) Should both Wlano --my wifi and Wlan1 my wired --should both be enabled? 3)In Wifi Manager Should both Physicial interfaces be enabled? >DO you have to click "start Monitor" for both interfaces or do you need only to monitor the wireless? 4)On my laptop under network connections should the setting be on ad hoc or infrastructure? 5)When using TCPdump--what should be selcted in the drop menu , Wlano,Mono,LO,Etho,Br-lan ??? What is Br -Lan 6)TcpDump--SHould Verbose be used? Does Dont resolve host names or Dont resolve Portnames should it be used? 7)When I click SSlstrip log file it just displays a black page in a window webbrowser--this requires using the back button to get back into mark V pannel -- KARMA As I read the forum--with the above scanrio-- I want or HAVE to Blacklist my SSID ??? Correct??? AND I also have to Blacklist my MAC addresses??? Both Wireless ( which is under SSID ) AND Wired MAC ??? I am unclear on this Thank you in advance for your replies!
  8. Hey guys, I have followed the video reviews for quite some time, congratulations on the great show. Meterpreter has some automated scripts for downloading stored firefox, IE, and chrome password credentials. The thing is that from IE10 and forward they are now stored in the windows credential manager, and so the script doesn't apply anymore. I found this little piece of code in raidersec.blogspot written in C that seems to retrieve these. What could be the best way to use it with meterpreter? Do I need to compile it, upload it, and run it from native shell? Thanks in advance using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Windows.Security.Credentials; namespace PasswordVaultTest { class Program { static void Main(string[] args) { // Create a handle to the Widnows Password vault Windows.Security.Credentials.PasswordVault vault = new PasswordVault(); // Retrieve all the credentials from the vault IReadOnlyList<PasswordCredential> credentials = vault.RetrieveAll(); // The list returned is an IReadOnlyList, so there is no enumerator. // No problem, we'll just see how many credentials there are and do it the // old fashioned way for (int i = 0; i < credentials.Count; i++) { // Obtain the credential PasswordCredential cred = credentials.ElementAt(i); // "Fill in the password" (I wish I knew more about what this was doing) cred.RetrievePassword(); // Print the result Console.WriteLine(cred.Resource + ':' + cred.UserName + ':' + cred.Password); } Console.ReadKey(); } } }
  9. hey guys! Our 3 new laptops at my work (Lenovo T430) have a corporate pre-image on them using the GAG Graphical Boot Loader. Im 99% positive our corporate IT department will give me a 404 Error if I try asking for the password to access the pre-image file VIA the loader (Get the bad joke there? 404 Error Denial B) ) I did some reading and research, it looks like GAG actually can hide the pre-image files from viewing files within the ghosted image. My goal is to find the password file (I'm sure it'll be encrypted hopefully without Faults) and get into there to manage the pre-image myself (Long story short, Corporate managed to give us a corrupt image on all 3 laptops. Good Job guys! not...) Does anyone have any words of wisdom to go about finding said password file? I found some really intreaguing .GHO files that I want to explore, even if I could find the areas I want to keep up with, I may not have sufficient sudo privilages. Thanks for any help and advice in advance!!
  10. Ok, so there's a lot of cool Ducky scripts out there, my personal favourite is the script that steals Windows passwords - AWSOME!!! But do any scripts aim to get more than just a Windows password? Do any of them "Backup" Google Chrome Login Data, WiFi keys, Windows Product Keys or Replace the Administrator password or even hide the account so you can have "stealthy" remote access via Windows Shares (Known as SMB)? I THINK PAYLOADS SHOULD DO MORE! So... I introduce the ULTIMATE DATA THEIF!!! Payload: Unfortunately, the forum only allows a maximum of 500kb of upload space and the extra data is just over 1MB so I put the file on my Dropbox account instead. Link: https://www.dropbox.com/sh/ad8jegywipd3l76/jo2KqlU3CB READ ME!!.txt contents: SCRIPT/PAYLOAD BY LAVANOID VOLCANIC THE DIRECTORIES ABOVE OR BELOW (DEPENDING ON YOUR CONFIGURATION) SHOULD BE COPIED TO THE ROOT DIRECTORY OF THE DUCKY DRIVE. YOU SHOULD EDIT THE SP.BAT FILE AND THE INJECT.TXT FILE TO SUIT YOUR REQUIREMENTS. FILE LOCATIONS: SP.bat -- Data\SP.bat inject.txt -- Scripts\Projects\Steal_Data\inject.txt Compiler.bat -- Scripts\Compiler.bat COMPILER.bat description: The compiler batch file basically takes away the hassle of entering all those annoying time draining commands. If the Compiler.bat file is stored on the Duck, the compiler will ask if you want to install it on the Duck. WHAT I HOPE: I hope that my project will be featured in one of the Hak5 videos since I do like some attention. THIS WORLD IS LONELY YOU KNOW!! Thank you for choosing to spend a bit of your time by poking your nose into my work.
  11. hi there i am experimenting with wpa/wpa2 basically i've locked myself i've installed ubuntu on my laptop and forgot wpa2 code for my router idoit move i know i have tryed using a wordlist size 33gb and 10gb one and no luck so then i tried reaver and i gave up after 19 hours i can still use xbox360 and other machines but this laptop is my main and my favourite i am begging for help please
  12. Hi! Today I recieved a new Alfa Ap121u and a USB UART TTL adapter. I went this route as I am not in the US and the shipping / customs was just too much. I would love to donate tho if possible. So, by using the awesome Wiki pages and Mr-Protocol's video guide I was up and running within the hour.! Not bad from delivery to pineapple.! :P Had the issue in Putty that was getting no output from the router on com port, but changing out the TX and RX order got things on the way. I done the clean flash, with firmware 1.1.1 and upgraded to 2.5.0 using the pineapple update from the webpage. Easy. I also managed to setup my 4gb flash drive to use as storage and to install add-on modules/infusions. I shared the internet connection easily within windows 7, and the pineapple is online and loving it. So now im up and running, I would like to ask some premiliary questions. How can I set up the pineapple to capture credentials of the 'victims' that connect.? I have been using Backtrack 5 and the easy-creds script which uses Ettercap, sslstrip and urlsniff to capture passswords sucessfully in my Lab. I would like to achieve the same ease with the pineapple. (without backtrack!) I have had a look around on the Pineapple Bar and downloaded some exellent 'infusions' such as Ettercap, sslstrip, jammer, sitesurvey, (many thanks to whistlemaster) your a STAR! :) So to clarify, i would like to setup my shiney new yummy pineapple with the ability to automatically capture credentials, passwords e.t.c, and save the logs to a usb drive. Can you please guide me on how to setup please? many thanks for the fantastic work and community. I look forward to hearing from you. cheers!
  13. I don't know if this is a newbie/scriptkitty question, but I've looked on the internet for one and have heard on the show about a similar one. Is there such a script or program or even a website that will take a dictionary.txt/dictionary.dic file and modify it to add numbers to the words. (Ex. hello = hello1, hello01 hello 001...) It seems like that is the only thing i'm missing. I'm doing some pen testing on my router and the password resemles (passwordNNNN) It is a default from the ISP and I was going to epicly "Take that!" to a frind of mine. When i was watching an onld episode of Hak.5 i heard darren talk about a similar program that turnes words to 1337 speak. That got me wondering about an option to add special characters or number to a particular area of the dictionary words. (IE.beginning-end, every other, similar pattern.) if there is one for linux and I didn't see or search for it right, please let me know. I'm new here; long time Hak.5 viewer; and don't really know where to post quiestions like these. So if this is the incorrect place, I apologise. time on the computer these days seems to run thin. Thank you in advance for you replies.
  • Create New...