admin
Comments Off on Truck Raspberry Pi Kali – for using besside-ng

Story: I wanted a mobile besside-ng instance running in my truck, why? because I can! First I image kali for raspberry pi to an SD card, and I am not going full headless on this install so be aware of that, although I might be able to now that I think of it…..Hold my zipfizz! (I don’t drink beer or soda) dd if=kali-linux-2019.3-rpi.img of=/dev/sdc status=progress bs=1M I am going to run two wifi devices on this kali, which gets interesting with power…so I hope you already have that figured out. In my example I am running an older raspberry pi device with two lower power usb wifi devices, but I am using a special usb cable that supplements the power to the devices – make sure you don’t just plug both ends into the raspberry pi…… now mount the SD card mount /dev/sdc2 /mnt/ now we want to copy a […]

admin
Comments Off on Build a Pwnagotchi…or two

Still looking at wifi cracking, updating myself on stuff and finding that much of what I taught back in 2015 is still relevant, especially when we tie in the password audit fundamentals…. Anyway, in the process of things me and some friends found pwnagotchi These are fun, almost toys, that help people understand a little bit about wifi networks all around us, and capturing handshakes. I have found that the 2.4ghz wifi on the pi-zero is perfect, and with the screen and a 3d printed case you are in pwnagotchi heaven. Here is my config: main: name: ‘pwnagotchi’ whitelist: – ‘mynet1’ – ‘mynet2’ plugins: grid: enabled: false report: false exclude: – ‘mynet1’ – ‘mynet2’ auto-update: enabled: true AircrackOnly: enabled: true memtemp: enabled: true ui: display: enabled: true type: ‘waveshare_2’ I like to use the AircrackOnly plugin so I get more of the handshakes I have a solid method to crack, […]

admin
Comments Off on UPDATE – Netgear default WPA password..and others

So, I did my work on building those netgear wordlists and cracking rules…and then I fine tuned my google-fu and found “another way” actually a better way really….. Here are a few good links but the essence is that all these wifi router people have specific process to generate default WPA passwords for their devices, and some smart people have figured them out. Netgear seems to follow a process, if your default SSID is NETGEARXX where XX is a number then the common password layout is adjective + noun + 1 to 3 digit number….Here are the links to check out: https://hashcat.net/forum/printthread.php?tid=6170https://github.com/wpatoolkit/Adj-Noun-Wordlist-Generatorhttps://github.com/3mrgnc3/RouterKeySpaceWordlistshttps://xiaopan.co/forums/threads/netgearxx-wordlist.6571/

admin
Comments Off on SIOCSIFFLAGS: Operation not possible due to RF-kill

Easy enough fix…keep in mind I usually am running Kali linux but this will get many other distros and get you probably 90% there on others. rfkill list all # rfkill list all0: hci0: Bluetooth Soft blocked: yes Hard blocked: no 1: phy0: Wireless LAN Soft blocked: yes Hard blocked: no 2: phy1: Wireless LAN Soft blocked: yes Hard blocked: no now do this to actually turn the block off: rfkill unblock wifirfkill unblock all now you can list it again to make sure, you may need to reboot as well # rfkill list all0: hci0: Bluetooth Soft blocked: no Hard blocked: no 1: phy0: Wireless LAN Soft blocked: no Hard blocked: no 2: phy1: Wireless LAN Soft blocked: no Hard blocked: no

admin
Comments Off on Observation – netgear default wifi

I was having a discussion with a friend of mine on netgear default password for wifi, you know the ones they put on a sticker on the bottom….or top….of a netgear router. More than just Netgear are doing this but that was the one we were particularly discussing. Anyway, we discovered, or I guess it could be just a theory right now because we don’t have enough information actually, that the password consists of two words and a 3 digit number. More specifically it appears to be made of two word, 6 or 7 character words, with the number. So…I thought to myself….what would it look like to build a word list of just using all the English dictionary 6 character words, combine them, then use a hashcat rule to append every combination of 3 digit number on the end? So that is what I made. I looked around on […]

admin
Comments Off on aircrack – get dem handshakes

So, I updated a 2 year old kali laptop to do some handshake capturing and so… here are a few notes: service NetworkManager stop ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfif wlan0 up airodump-ng wlan0 –output-format pcap -w ch7-wlan0 -c 7 Here we are using wlan0 – must be in monitor mode, and we are outputing the format to be pcap, we are naming the file ch7-wlan0 and capturing on channel 7. Now we run until we see we have captured some Handshakes, we break out and lets say we want to crack them in hashcat….we need to convert them to hccapx files so we use the hashcat-utils tools, something like this: root@kali:~# ./hashcat-utils-1.8/bin/cap2hccapx.bin ch7-wlan0-01.cap ch7-wlan0-01.hccapx Now we can use the ch7-wlan0-01.hccapx file in hashcat to do some cracking…like this: root@kali:~# hashcat -a 0 -m 2500 ch7-wlan0-01.hccapx /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule

admin
Comments Off on Password cracking challenges – thinking another way

I was playing with the Saintcon 2019 password cracking challenges and I was over thinking this particular challenge…..Luckily someone else shared their ideas which really helped me. https://www.openwall.com/lists/john-users/2019/10/29/1 Basically the one I am referring to is a password challenge that was paying respects to Ken Thompson and his recently cracked vintage password that was based on a chess move. Given the following hash, just by looking at it and comparing it to hashes you can see it is bcrypt: $2b$10$YGtiAZYewmJE0Yh7O9E4AO49nQA2s4lhwDvWE./IOTyTQ.sgkGbuC with the examples of the password being:2. Nf3 Nc639. Qxh5 Bf6 I originally was building some python code using common chess python library to generate all the possible moves…however lots of flaws in this thinking because there are a LOT of possible moves and the code was giving me a headache as it continued to grow…and grow… Luckily it was pointed out the pattern…from here:https://en.wikipedia.org/wiki/Deep_Blue_versus_Kasparov,_1997,_Game_6. one or two numbers followed […]

admin
Comments Off on Basics: Change your User-Agent

Well, we won’t get too basic here, going all the way back to what the User-Agent is…. you can read about that here on wikipedia I have two favorite ways to change the User-Agent, the first is via Curl…. I am a CLI guy. So here we are going to hit a little website I created that will display the user-agent https://lancegrover.com/user-agent.php Here you see we user curl, first without any settings. Next we do the “-H” to set the User-Agent…. So it will look like this: ok, good times, but sometimes we need to be able to do this in the browser…. Currently I run Google Chrome, so we will go with that. When in your browser on the website you want go ahead and press F12 to bring up the developer tools. Then select the additional menu (three dots) -> “More tools”->”Network conditions” Now you will deselect the […]

admin
Comments Off on Playing CTF – reverse engineering basic executable on linux

Supper basic here, but I just wanted to write up some notes on a fun little CTF starter I did. The description of this challenge said, here is the executable, get a URL and password out of it. First thing I always run is strings: Well…we see there is a “secret” function we need to find, and we see it gives us the password somehow… Now we need to execute this bad boy in a sandbox, I usually create a vm that I can blow away, copy the executable there then run it with some tools. First we will run objdump on it to see what functions are in this bad boy: This is where we find the function name…is actually called secret! LOL Now we decide what way to run this bad boy, do we put it into gdb to debug it or use ltrace? Lets start with ltrace: […]

admin
Comments Off on Wiring up Maglock…..and more waiting

Wired up the maglock to the REX, the new one works! Now…I can run some hacking tests but I don’t have a way to unlock the door from the outside, so….I need to get some more parts that I am waiting on….