So, I updated a 2 year old kali laptop to do some handshake capturing and so… here are a few notes: service NetworkManager stop ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfif wlan0 up airodump-ng wlan0 –output-format pcap -w ch7-wlan0 -c 7 Here we are using wlan0 – must be in monitor mode, and we are outputing the format to be pcap, we are naming the file ch7-wlan0 and capturing on channel 7. Now we run until we see we have captured some Handshakes, we break out and lets say we want to crack them in hashcat….we need to convert them to hccapx files so we use the hashcat-utils tools, something like this: root@kali:~# ./hashcat-utils-1.8/bin/cap2hccapx.bin ch7-wlan0-01.cap ch7-wlan0-01.hccapx Now we can use the ch7-wlan0-01.hccapx file in hashcat to do some cracking…like this: root@kali:~# hashcat -a 0 -m 2500 ch7-wlan0-01.hccapx /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule
I was playing with the Saintcon 2019 password cracking challenges and I was over thinking this particular challenge…..Luckily someone else shared their ideas which really helped me. https://www.openwall.com/lists/john-users/2019/10/29/1 Basically the one I am referring to is a password challenge that was paying respects to Ken Thompson and his recently cracked vintage password that was based on a chess move. Given the following hash, just by looking at it and comparing it to hashes you can see it is bcrypt: $2b$10$YGtiAZYewmJE0Yh7O9E4AO49nQA2s4lhwDvWE./IOTyTQ.sgkGbuC with the examples of the password being:2. Nf3 Nc639. Qxh5 Bf6 I originally was building some python code using common chess python library to generate all the possible moves…however lots of flaws in this thinking because there are a LOT of possible moves and the code was giving me a headache as it continued to grow…and grow… Luckily it was pointed out the pattern…from here:https://en.wikipedia.org/wiki/Deep_Blue_versus_Kasparov,_1997,_Game_6. one or two numbers followed […]
Well, we won’t get too basic here, going all the way back to what the User-Agent is…. you can read about that here on wikipedia I have two favorite ways to change the User-Agent, the first is via Curl…. I am a CLI guy. So here we are going to hit a little website I created that will display the user-agent https://lancegrover.com/user-agent.php Here you see we user curl, first without any settings. Next we do the “-H” to set the User-Agent…. So it will look like this: ok, good times, but sometimes we need to be able to do this in the browser…. Currently I run Google Chrome, so we will go with that. When in your browser on the website you want go ahead and press F12 to bring up the developer tools. Then select the additional menu (three dots) -> “More tools”->”Network conditions” Now you will deselect the […]
Supper basic here, but I just wanted to write up some notes on a fun little CTF starter I did. The description of this challenge said, here is the executable, get a URL and password out of it. First thing I always run is strings: Well…we see there is a “secret” function we need to find, and we see it gives us the password somehow… Now we need to execute this bad boy in a sandbox, I usually create a vm that I can blow away, copy the executable there then run it with some tools. First we will run objdump on it to see what functions are in this bad boy: This is where we find the function name…is actually called secret! LOL Now we decide what way to run this bad boy, do we put it into gdb to debug it or use ltrace? Lets start with ltrace: […]
Wired up the maglock to the REX, the new one works! Now…I can run some hacking tests but I don’t have a way to unlock the door from the outside, so….I need to get some more parts that I am waiting on….
I have started wiring up my maglock and RCR-REX….I have found that my maglock just isn’t strong enough so I ordered a better quality one…so back on the waiting.
Anyone that knows me….knows that I am not a fan of running windblows as my operating system. BUT….someone presented me with a challenge….and dang…I just can’t stop until I solve certain kinds of challenges, especially when they are related to Security. Anyway, the problem….. You saw one of my previous posts dealing with ProxyTunnel and tunneling ssh connections over an apache server via ssl….well.. A friend tried running proxytunnel on windblows as I described it and it didn’t work for them. My experience with the problem: I downloaded the 1.9.0 windows exe version of proxytunnel, attempted my connection to the https apache proxy just like I had done in the past and I was getting “error: Socket write error.” That certain level of frustration you only get dealing with Windblows…..oh, you know what I am talking about, I felt it. Worked on this for 2 days…or more…I never tell how […]