/tech/ - Technology

On a similar note why is it so difficult if not outright impossible to spoof the MAC address of Bluetooth devices or even Bluetooth cards/dongles? Anything else is as simple as using a single command.

>>24914
idk, I'm still very new to cracking but would also like to know why too

btw if someone does not know, Nethunter is a pentesting distro/custom ROM for Android devices based on kali gnu/linux. apparently it works on all devices if you include the rootless approach

>>24913
picrel. ive nvr used rootless nethunter, bu i imagine it'd b good for swipin rifd cards and security camera hackin (which btw, the majority run on the local network with no protection). wut bluetooth script does it use? ive always used bettercap 4 pentest stuff.
https://github.com/bettercap/bettercap

Nethunter isn't really useful without root and a customized kernel IMO.

>>24925
>wut bluetooth script does it use
idk I was following some tutorials on how to snoop on bluetooth but all commands return "permission denied"
>bettercap
lol it gives "permission denied" when opening bettercap on rootless nethunter
>>24930
trueeee

>>24930
On a side note i got my small alfa card working but the power supply of my phone is too low ofcourse :(

>>24941
>metasploit
ok so metasploit actually works on nethunter rootless but I assume it won't be of use for bluetooth snooping

I think I should learn how to use Kali and its programs(bettercap, metasploit etc) since I know 0% about cracking before using nethunter
>but the power supply of my phone is too low ofcourse :(
my phone's battery is tanking it quite well but it is almost literally melting in my hands, but no smell of smoke so its okay

>>24962
>ok so metasploit actually works on nethunter rootless but I assume it won't be of use for bluetooth snooping
Not surprising, I'm guessing some functionalities won't work but for basic payload generation and shit it shoudl be fine ig.

>since I know 0% about cracking
Cracking is pretty straightforward tbh, but doing it directly on a phone sounds painful.
I haven't tried it yet, but there is a project that is a distributed WPA cracker, a bit like folding@home I think. https://wpa-sec.stanev.org/

>almost literally melting in my hands
Wouldn't be fun without some firehazard.

I love Teto!!

>>24976
>there is a project that is a distributed WPA cracker
cool, sounds like hashcat but its only a python script but for uploading the cracks
>Wouldn't be fun without some firehazard.
it's to burn all the evidence
>basic payload generation and shit it shoudl be fine ig
haven't tried it, currently rootless nethunter is only useful for show off lol
>>24977
saaaame but the AI voicebank is like 8,000円, im gonna buy it though
https://www.amazon.co.jp/AHS-Synthesizer-V-AI-%E9%87%8D%E9%9F%B3%E3%83%86%E3%83%88/dp/B0BYZ417DW

>>24962
>anon tries to crack wifi password on their android device
this does sound incredibly painful, y not jus capture the hashes on ur mobile and crack them at home?
>I think I should learn how to use Kali and its programs(bettercap, metasploit etc) since I know 0% about cracking before using nethunter
100%. this'll b useful not jus for this individual hack ur tryna do, bu future hacks aswell. either flash the kali ISO onto ur computer, or download a vm (i personally use an recommend qemu w/ kvm) and run kali from there. learn how to use linux an the tools, do sum CTFs, my recommendation: https://overthewire.org/wargames/bandit
>>24976
>I haven't tried it yet, but there is a project that is a distributed WPA cracker, a bit like folding@home I think. https://wpa-sec.stanev.org/
this is a vry cool tool anon, thx for sharin.

>>24982
for whtrvr reason i recommended kali, idk y i dont even use kali anymore lulz. i'd personally recommend parrot os insted.

>>24982
>this does sound incredibly painful
it burns
>y not jus capture the hashes on ur mobile and crack them at home?
idk what hashes are but I'll crack my own wifi just for experiment
>or download a vm (i personally use an recommend qemu w/ kvm) and run kali from there
I used it to install LFS version 12.0, imma do it with kali
>https://overthewire.org/wargames/bandit
thanks I'll use it with kali GNU/ₗᵢₙᵤₓ
>>24983
I think parrot os would be better if I were a pro I feel like

>>24991
>idk what hashes are
Nta, but essentially hashes are a fundamental security measure. Before hashes, passwords were just kept on servers and what not in plain text. This has two main concerns: A. if a malicious actor gains accsess to the site, the passwords are right there for exploitation and B: maybe I don't trust the person I'm sending my password to. Hence, encryption was introduced. At a very simple level, hashing just involves taking a given password (doesnt have to be a password but using this as an example) and processes it through a mathematical algorithm that rearranges and/or changes the password in such a way the output looks nothing alike to the original. Modern-day hashes do this mathematical algorithm hundreds of times over, for extra security.
<Back to how this matters to you
When you scan a wifi network, such as using airdump, occasionally the wifi router will broadcast the wifi password as a hash. Otherwise, your phone wouldn't be able to connect. You can use airdump to find the hash, save it to a file, then simply upload the file to your computer, and using a software such as Hashcat, you can then crack it.

bruh the kali-gnuI refuse to say linux vm literally almost has the same appearance as nethunter, but more tools work
>>24997
>Nta, but essentially hashes are a fundamental security measure. Before hashes, passwords were just kept on servers and what not in plain text. This has two main concerns: A. if a malicious actor gains accsess to the site, the passwords are right there for exploitation and B: maybe I don't trust the person I'm sending my password to. Hence, encryption was introduced. At a very simple level, hashing just involves taking a given password (doesnt have to be a password but using this as an example) and processes it through a mathematical algorithm that rearranges and/or changes the password in such a way the output looks nothing alike to the original. Modern-day hashes do this mathematical algorithm hundreds of times over, for extra security.
interesting, very cool I didnt know
>such as using airdump
hmm I'm gonna have to buy new hardware such as a wifi-adapter/bluetooth-adapter and etc to make this work

>>25001
>hmm I'm gonna have to buy new hardware such as a wifi-adapter/bluetooth-adapter and etc to make this work
ion hve nethunter bu i would imagine it has airdump on it, no? jus use ur phone, and if it doesnt im sure theres sum android app that'll do it for u. sure wifi-adapter's p pretty cheap, i got one for like 12 bucks off amazon, bu dont waste money when u alrdy got the tools.

>>25004
>it has airdump on it, no?
<picrel is nethunter rootless
yep it has(in aircrack-ng + airodump-ngbut they need to access the wifi/bluetooth hardware of android but it's denied in rootless afaik, thus probably requiring adapters) + all the tools kali has in the vm but most don't work because of lack of root access(sudo only works inside the chroot in nethunter, but it needs root access outside too which android doesn't have)
> android app
there's hundreds in the nethunter store but like 90% require root access (~_~;)