Jump to content

DarrenRainey

Active Members
  • Posts

    13
  • Joined

  • Last visited

  • Days Won

    1

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

DarrenRainey's Achievements

Newbie

Newbie (1/14)

  1. Yes but the thing I like about these kinds of exploit is that they only need a browser to execute so it can be easy to setup a malicious website to take over this devices using JavaScript or even plain HTML.
  2. Good to know I'm not alone :) I really like the idea for abusing some of the lesser known features of a modern web browser. I wrote a PHP script a while ago that could identify what device a user was visiting based upon the user-agent and then serve the appropriate exploit for example if it was a device running Android < 5.1 maybe serve a stagefright exploit otherwise act normal. There are so many things that people tend to take for granted for example I built a wifi probe sniffer using a nodemcu for £3 with that I can see what the devices around me are looking for and combine that with airodump and strings on my laptop I can get a idea of who owns a device based upon the search history and by using the devices mac address and looking for unique wifi names such as BTHub5-XXXX I can plot the locations they have connected to before. Essentially passive tracking for really cheap using nothing but the public data you phone broadcasts when looking for networks. If you setup a few of the nodemcu's overtime you could see patterns of where the device has been and goes to. Edit: Found the netgear vuln I was talking about - CVE-2016-6277 - https://www.kb.cert.org/vuls/id/582384 so basically you could use that code to check if its a netgear device and if it send a request to http://192.168.1.X/cgi-bin/;COMMAND
  3. Personally I would just install a custom recovery like TWRP then dump everything to a sdcard and copy any relevant files/folders to my device to view such as /sdcard and /data
  4. Wifite is a good automated tools but from experience using airodump will typically give better results depending on your network card. For Wifite (Assuming your on a Debian based distro (Debian/Ubuntu/Kali) and your network card is called wlan0 apt install wifite aircrack-ng -y airmon-ng start wlan0 wifite -i wlan0mon For Aircrack-ng apt install aircrack-ng -y airmon-ng start wlan0 airodump-ng wlan0mon -w out # this will log the data in multiple different formats and files # Wait until airodump displays WPA Handshake captured in the top right then press CTRL+C to kill airodump aircrack-ng out.cap -w wordlist # Attempt to bruteforce the password other tools like hashcat can use your GPU to speed up this process Also I recommend that you run Linux natively or use a usb wifi card for virtual machines
  5. I used to have nethunter with nexmon installed on my Nexus 5 so I could use monitor mode with aircrack but now I use a cheap android phone with no sim card and set it up as mobile hotspot for my netbook in my backpack that way I can use an SSH client like JuiceSSH on my phone to do stuff like metasploit, aircrack or other programs. With the ability's of JavaScript and the insecurity's of some routers its even possible to attack internal devices for example a while ago there was a bug in some netgear routers that you could run any command simply by visiting a specific url so by expanding on this payload you could detect any devices vulnerable to a similar attack then run almost any command you would want on the internal network simply by getting someone to visit a site with the JavaScript embedded
  6. Hello everyone just though I would say my JavaScript network scanner project here : https://github.com/DarrenRainey/JavaScript-Network-Scanner Currently I it will scan and fingerprint devices based upon what files exist or don't exist on the device and once it fingerprints or can connect to a device it sends a post request with the fingerprint such as the routers model, the internal ip address and the user-agent from the victims PC. This code could be embedded into any website and sent a victim for recon. Currently it only scans a few predefined ip address's in the test.html file but I plan to make it scan the local subnet automatically and report any found devices to the attacker web server. The scanning code is based of lan-js with some custom code for identifying and sending the data to the attacker.
  7. This is a simple ducky script I wrote that will clear your google chrome history and automatically log you off tested on windows 7 (Windows 8-10 requires modification because of start menu.) This payload is useful for when run/GUI + R is blocked DELAY 1000 CTRL + H DELAY 750 DELETE DELAY 2000 CTRL + W DELAY 750 GUI DELAY 100 TAB DELAY 100 TAB DELAY 100 ENTER You may want to increase the delays as most library computers can be slower than the average machine.
  8. Hello im working on a small project and was wondering how I can replicate the wifi pineapples ability to pretend to be a known network basically I want I raspberry pi to pretend to be the victims home network then open a captive portal. any ideas
×
×
  • Create New...