/hmg/ - Hackerman general

Is there any point in buying a laptop just for pentesting, etc a thinkpad or w/e to have Kali linux on it when you're learning.

Attached: https---blueprint-api-production.s3.amazonaws.com-uploads-card-image-150183-rbtelliot.jpg (950x534, 64K)

is it possible to hack original wpa2 wifi router using kali linux?
I'm talking about the non-changed passowrd that comes with the router, the long complicated one.

youtube.com/watch?v=zzKT9At9LpE

Attached: 1518761305010.jpg (700x700, 343K)

I don't have the data to watch that video, is pixie-dust based on wordlist-dictionary atack?

Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon using kali linux 2018.1 Design flaws in many routers can allow hackers to steal Wi-Fi credentials, even if WPA or WPA2 encryption is used with a strong password. While this tactic used to take up to 8 hours, the newer WPS Pixie-Dust attack can crack networks in seconds. To do this, a modern wireless attack framework called Airgeddon is used to find vulnerable networks, and then Bully is used to crack them. When attacking a Wi-Fi network, the first and most obvious place for a hacker to look is the type of network encryption. While WEP networks are easy to crack, most easy techniques to crack WPA and WPA2 encrypted Wi-Fi rely on the password being bad or having the processing power to churn through enough results to make brute-forcing a practical approach. WPS PINs have been attacked by two successive generations of attacks, starting with the most basic brute-forcing methods targeting the way some routers split the PIN into two separate halves before checking them. Years later, another attack emerged that remains effective against many routers and greatly reduces the amount of time needed to attack a target. Using a tool called Bully, we can exploit weak entropy in the keys many routers use to encrypt the WPS pin, allowing us to break the WPS setup pin in vulnerable routers to dump the Wi-Fi password. We will use the WPS Pixie-Dust attack option in the Airgeddon wireless attack framework, as it gives us the most flexibility in selecting and attacking targets.

I just checked, the router does have WPS but it is disabled.

Tfw know a bank that still runs heartbleed OpenSSL version. How do I exploit?

I already tried something similar with reaver but the router is protected with 60s timeouts.

This some honeypot shit heartbleed is old as fuck bro, you gon connect and FBI gon knock knock.

If I can find out the router model and see what kind of passwords they use would it be easier to crack with hashcat?

Hypothethically is this a neighbor or a business wi-fi?

Look into social engineering for this kinda shit, saves you a lot of time.

Post pentest laptops please, i need some inspo on what i should purchase.

Currently eyeballing

Lenovo Thinkpad E470 14"

Lenovo Thinkpad E480 14

I know basic OOP like inheritance, encapsulation or polymorphism but dividing a project into several classes and creating appropriate methods and data attributes for each one is not my shit.
Would prefer procedural programming, but if using OOP for malware is a "must", then i guess i just stay as a skiddie

Attached: feel.jpg (710x473, 63K)

Unless it's outside FBI jurisdiction...

*brazilians

Idunno man, seems fishy heartbleed got a lot of media attention and any IT dept with any self respect would sort it out.

Especially a financial institution

P4rr0t, B4ck|3ox, or Kal!?

you won't be able to do much without them noticing, IMO
unless someone developed a better exploit, the way to get data from a website was to send a shitload of requests and download like 1GB of data, then to analyze that

you'd be surprised the kind of shit you can find out there.

Just use a vm

I have an asus k55vd and I was surprised to see that it supports monitor mode and packet injection, tried to crack some networks last night with kali linux and i got the handshake and all that shit without having to download any special drivers.

It has the Atheros AR9271 wifi adapter.

About 15 years ago i downloaded sub7 and hacked myself, am i l337?

Lmao, member Spy-Net? BlackRat? HackForums?

Imagine being this fucking stupid. The OOP paradigm is almost necessary for any major application (and malware would be considered a major application, given how much goes into writing it). Maybe you shouldn't write malware. Maybe you should focus on creating programs for "good". I guarantee you that if you can't grasp the basics of OOP, you're absolutely nowhere near the realm of writing malware. I also guarantee you that bettering yourself as a programmer by creating things that aren't malicious is the best thing you can do.

How do i hack a cute girl to have sex with me?

Develop some sort of ransomwear that only unlocks her laptop when she's given you an orgasm.

you don't need to get master, there was a ransomware code that shared by some dude on github.

I have an idea for ransomware but I'll wait until I'm tired with this fucking world.

hakshop.com/products/wifi-pineapple?variant=81044992

This is very tempting

I'd love to go one thread without it being riddled with people trying to hack the planet™. Pick up a book, learn how to hack for good. Amass tons of wealth in bug bounties, and do it all legally. Talk to anyone who is an active pentester or cyber-sec reasearcher, they'll be miles better than you at every single thing when it comes to hacking because they took the legal and professional route.

Attached: 1515103508414.png (205x246, 9K)

So whats this shit they say you need to know C or assembly for hacking. last time i checked, neither of them support OOP.

Attached: 118-1.png (500x333, 90K)

I mostly care about this because I don't have unlimited data for like 2 months from now.

Yeah, leave it to someone like who I replied to to know C or assembly. They can't grasp the simplest concepts of OOP, how the hell are they going to write malware in asm or C?

Understandable, and I think personally that your approach and line of questioning is a great one, and I support you in asking questions. But I assure you that reading a book written by people who do this stuff for a living will yield better results than asking a couple NEETs on this board. Pick up a book, look at some talks, go to some meets.

I just started and it is pretty interesting, didn't really sleep the last 2 night because i kept thinking about what i should do next. This will definetly keep me occupied for the rest of the month.
Do you know any good wifi adapters for pentest with kali linux?
Kinda looking for something with good range as if I can't find anything close enough i'll look for longer ranges, I also have a yagi antena outside just in case.

Start Kali Linux and login, preferably as root.

Plugin your injection-capable wireless adapter (unless your computer card supports it).

Disconnect from all wireless networks. Open a Terminal, and type airmon-ng. This will list all of the wireless cards that support monitor (not injection) mode.

If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it.

Type airmon-ng start followed by the interface of your wireless card. For example, if yours is wlan0, your command would be: airmon-ng start wlan0.

The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.

Type airodump-ng followed by the name of the new monitor interface. The monitor interface is probably mon0.

Review the Airodump results. It will now list all of the wireless networks in your area, and lots of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl+C on your keyboard to stop the process. Note the channel of your target network.

Copy the BSSID of the target network. Now type this command: airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface]

Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).
A complete command should look like this: airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0.

This shit is on wikihow nigger, look it up

I already tried this and it works but the password was not in the wordlsit, but this is not what my problem is, I wanna know if the password is too though to crack so I know if I should even bother to try and crack it.

None off the top of my head. Check out some def-con videos on the subject and see what the speakers recommend. I'm sure any adapter that allows promiscuous/monitoring mode will work.

yeah i\m thinking i will buy something with the same chipset my current laptop has as it worked perfectly with no issues.

my dorm's wifi is slow as fuck. how do I make it faster without anyone noticing?
btw I don't want it to be traced back to me

The Alfa AWUS036NH 2.4 GHz

The Alfa AWUS036NH is a b/g/n adapter with an absurd amount of range. This is amplified by the omnidirectional antenna and can be paired with a Yagi or Paddle antenna to create a directional array.

If you gain access to the router admin page they might have imposed a duplex restriction that gives each of you 2mb/s etc and you could potentially unlimit yourself but it will be visible for any admin checking it. If anyone bothers

Try changing the channel to one which doesn't have so much traffic and disable power saving mode for the router if it's enabled.
To do this get the ip put it into a browser and you'll get an acess panel with admin and password, look for the model of the router to find those online.

Thanks I was thinking that one or the NHA version, is this better than the newer one?

This probably has more support and docus on it than a newer one.

Just checked and it's pretty much sold out everywhere.

>The Alfa AWUS036NH
I found shitloads of it on Amazon

the router pw has been changed and doesn't have known backdoors

Bruteforce the crap out of it, ddos it to shit so they buy a new one whatever be creative.

Social engineer call up whoever the fuck IT department say you're bla bla network team doing maintenenace need access to router.

I'm looking to learn python for scientific and data programming.
Is it also useful for pentesting? Do we need much more programming knowledge to be a /hackerman/ or can I get it done with python + network/systems knowledge? Is programming even needed?

Attached: maxresdefault.jpg (1280x720, 36K)

I'm from europe.

You can just skid it out at this point, kali linux and hak5 gear and voila all wi-fi hotspots will tremble

Pretty much this, if it has been changed then it's probably a weak password you could easily bruteforce.

You don't have to know to much, just use google and don't be a brainlet.

Amazon ships to Europe, whatchu mean

Anyone interested in a little story from HackForums and how 14 year old me faked his own death to avoid paypal chargebacks from angry skids?

>Alfa AWUS036NH
This item does not ship to Italy

Go ahead but don't be any of the following:
>fake
>gay

>Alfa AWUS036NH
3gweb.it/

or persistent usb

Do we absolutely need an external wireless adapter for the wpa2 access?, for the pack sending and shit like that. I gave up on learning the wifi cracking due to not having one and assuming my wireless cards are shit.

>14 Year old me, known as "Vipex"

Fuck the original death thread is deleted, pretty much sold a really shitty RAT coded in Visual Basic which would drop "clients" frequently and had a host of other problems. Made around a 1000 dollarinos on this shit.

Attached: VipeX.png (1585x697, 109K)

What laptop are you using right now, I tried it on my own laptop and surprisingly I had the right chipset to use it, I just wanna buy an adapter to use directly on my desktop and also get a better range for other networks in case I can't crack the one I can reach already with my laptop.
Download kali linux 64 or 32 bit, depends what processor you have, burn it on a USB and boot it to see if it already works.
Any of these chipsets should be good for monitor mode and injection.
Atheros AR9271
Ralink RT3070
Ralink RT3572
Ralink RT5572
Realtek RTL8812AU
Ralink RT5370N

>reputation -49

Attached: Top_Kek.png (1457x1545, 564K)

>AWUS036NH
Nigga there's nothing there.

I don't think Kali requires any specific chip to work. I mean that, it seems, for aircrack, you need a chip capable of packet injection:

null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/

null-byte.wonderhowto.com/how-to/buy-best-wireless-network-adapter-for-wi-fi-hacking-2018-0178550/

Is this a thing or did I fall for an advertising meme? I got kali installed and working fine, but this stopped me on my tracks when I was gonna look for some guides or books to learn.

It's a thing if you want a wifi card capable of monitor mode and packet injection, if you just wanna browse than any card should do.

Thanks user. So I DO need an adapter in case mine sucks. It's an Acer Aspire v5, but I'll figure it out.

>Atheros AR9271
Best and easiest way to do it is just make a bootable usb drive with kali linux and test directly if it supports monitor mode with command airmon-ng start wlan0 and then test if it's capable of packet injection.
Even if this does not work try to see what chipset you're using and download the special drivers to see if it it gets the job done.
I would recommend buying an adapter if you got the money as you get better signal and range.

Must be some adapter somewhere that you can buy, google harder

I feel like golang would be good for malware. Hard to disassemble, good at sockets and network stuff, good for encryption etc

I'll see but if I can't find it i'll buy the NHA version instead.

just learn c or assembly you lazy brainlet.

I just googled it again and it's everywhere, am I drunk?

So you could buy it in Italy after all?

Attached: giphy.gif (339x261, 1.75M)

First season: alright, had trouble finishing but wasn't bad

Second season: absolute god tier television some of the best media I've ever consumed

Third season: they hired woman writers.

yes, i must have googled some other version.

Pretty good, pretty accurate hacking scenes.

youtube.com/watch?v=PGjLhOhMLXc

I tried but couldn't go past the multicultural hacking organisation trying to bring down evilcorp from season 1

Just try season 2 m8 you don't even need to know much from season 1 for it

why did this thread suddenly get filled with script kiddies and LARPers?
Sad!

>1234
Script kiddie confirmed!

>Third season: they hired woman writers.
did they? honestly, that'd explain quite a lot.
s3 is beyond bad

She's a criminal.

why is hydra such a shit bruteforcer for web apps fuck that fucking pos

Because massive bruteforcing is so 2008. If you run it with a limited users and passwords list it works much much better.

For you