Jump to content

Search the Community

Showing results for tags 'injection'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 8 results

  1. Hi, my partner purchased a used 3D Printer from 10+ years ago back when they were making them based on windows xp instead of their own embedded design or android. It required some login to allow printing with a complex sql database to connect to it. It run MS SQL Express 2005 which seem like mysql based. I had been trying to SQL inject for a few hours now. The only decent result i had success was a blind sql vulnerability in wapiti. Is there anyway to be able to inject it to get admin password or is there a better way with hashcat with the img of the hdd we made just in case ? It also required a barcode bypass from a cardridge format that was discontinued years ago. The company had bankrupted years ago too. So it would be nice to not be stuck with a paperweight for any longer. The web login's something called v-flash. Any help would be appreciated. BTW, i am in Quebec, Canada, so there's a high chance the password would be in french too. Thank.
  2. Hi, I was hoping to leverage PineAP's frame injection capability to execute key reinstallation attacks. However, when I tried injecting arbitrary packets with PineAP, I couldn't pick up said packets on another monitor. On my machine, I set up a Fedora VM with wireshark/airmon-ng and a USB WiFi card to monitor packets, and the Pineapple next to the WiFi card. From the Pineapple, I used aireplay-ng on wlan1mon to play a deauthentication attack, and successfully captured the deauth packets on my VM. I then copied the packet's hex stream from wireshark, and tried to play the same attack using PineAP. (MACs changed) c0 00 3a 01 60 ab 67 12 34 56 e8 cc 18 22 34 56 e8 cc 18 12 34 56 50 27 07 00 < client MAC > < AP MAC > I pasted the above (minus the comments) into the payload field, with parameters; Channel: 3 (the same channel I was monitoring on with the VM) Frame count: 100 Send delay: 100ms However, I didn't pick up any such packets on my VM. Same thing happens on different channels, as well as after I rebooted the Pineapple. I tried to use the CLI, but I did not pick up any packets from this either: $ cat test.packet c0 00 3a 01 60 ab 67 12 34 56 e8 cc 18 22 34 56 e8 cc 18 12 34 56 50 27 07 00 $ pineap inject test.packet 3 100 100 Am I missing something on how to inject frames using PineAP? Doesn't seem like a hardware issue, since aireplay-ng is able to use the radios to replay packets. Additionally, instead of blocking for (100 packets * 100ms delay per packet) = 10s, the above injections, from the web UI and the pineap invocation, instantly returned. Is this command supposed to be non-blocking? Thanks!
  3. Hi everyone!, I need to know how to create a hotspot wifi network with ads content. Actually i've tried js-inject by mitmf to an ip address for testing. But that is not enough what i need. Can someone suggest me any hak5 product or something else for my project? please. Thank you.
  4. Hi, let me give you some introduction: I bought the nano months ago and pentested some of my old routers. Unfortunately I had to realize that the nano only can handle the 2.4 GHz frequency, but no problem, great product anyway. Most newer routers support both 2.4 to 5 GHz, so I decided to buy the tetra to continue pentesting with my network that has one brand new access point with both frequencies up at the same time. The start with the tetra was great, because with the "Recon" tab it's possible to scan both frequencies at the same time. Sorry I'm not a fan of the "Modules" so I always continue with an ssh connection and use the aircrack-ng tools. Here comes the question: Why can I scan my networks (2.4 and 5 GHz on same AP), but the injection does not work on the 5 GHz frequency? I know that the MAC Address changes in the last character, but I started to airodump my 5 GHz and fixed the channel (also tried different ones), but it is still not working. What am I doing wrong? Screenshots included. Scan results: http://i.imgur.com/2QV8OkJ.png Airodump: http://imgur.com/taEl4EY Aireplay: http://imgur.com/wRSW3ed Second test with another router (also dual frequencies): I'm wondering how I can capture my WPA2 handshake when I'm connected to the 2.4 GHz frequency and when I try to deauth my phone for example, it will reconnect to the 5 GHz frequency without giving the handshake. Same goes if I'm connected to the 5 GHz first and deauth it, the reconnect goes to the 2.4 GHz. I know that is normal behavior for modern devices, but can you please give me some advices how to handle this? Maybe a script with a loop of switching frequenies and deauth could work? Thank You!
  5. Hi everyone. I recently picked up a new Pi 3, and I set it up to run headless with CC through SSH. I'm having difficulty getting packet injection to work for some reason. I know the Alfa cards work, I can use them successfully on my other devices just fine. 0/30 tests failed with aireplay-ng injection testing on the Pi for some reason. Kali 2.0 works fine on my laptop and PC. Anyone else have this issue before? I can pick up APs just fine, I've tried turning off channel hopping, specifically defining an ssid. No joy. Any ideas would be greatly appreciated!
  6. has anyone figured out how to inject using a tetra on DFS channels? eg. 52 or 100. No master so devices don't inject ... is there a way around this?
  7. This thread is for the Injection Set feature in Portal Auth. Any questions pertaining to injection sets may be asked here but any other feature of Portal Auth must be discussed on the official support thread. This first post will serve as a repository for links to injection sets. If you create one and would like to share it then please send me a private message with the link and I will post it here after a brief review. To start things off here is the default injection set that comes with Portal Auth. Injection Sets: Default (infotomb.com/jhh5p) Free WiFi Week (infotomb.com/cpcw3) It appears the files have been deleted from InfoTomb. If you would like to download them you can go to my website (http://www.puffycode.com/download/PortalAuth/InjectSets/) or you can download them directly from the Injects tab of the infusion.
  8. Have you guys read the recent news? http://thehackernews.com/2013/09/hacking-facebook-to-delete-any-account.html The researcher literally shares the single .php line to put into the URL that is needed to delete ANY facebook account, and even the ID data needed is publicly available too. It's an even more shame because the researcher turned this into Facebook (for those who know, Facebook pays those who find bugs in their system) and they won't even look at his submission. It's a shame
×
×
  • Create New...