Search the Community

I have a keylogger set to email logs to me on a USB drive, and a BadUSB that can run it on my home computer by navigating to the directory and opening it. However, because drive letters change from computer to computer, is there a way to make the script consistent? The drive letter on my computer is V, but obviously on other computers it could be anything. The BadUSB script opens the file through explorer by typing the drive letter, and I would like it to work on any computer, and not require admin access.

Hi, im new to this forum and i have a question related to wireless penetration testing. I have a Alfa AWUS036NH Card and amped it to 33dBm and a Yagi-uno antenna with 25dBi of gain.. If i'm correct the EIRP calculation should result in 58 Watts / EIRP. So my question is how far would i get with this setup and another thing i live in a place where surrounded with a lot of houses does that mean that the walls, roofs etc block the signal and decrease the signal so i get less further than when (i.e on top of a building.)

Hey, I'm signed up for the 30 day OSCP course to start in about a month and have a few questions, I understand everyone is supposed to keep quiet about the exam so if this is breaking the rules please let me know. So in the exam I've heard you have 5 machines on the network you have to get root on, are they all in the same IP range for example 192.168.0.1 -> 192.168.0.255 or is it more complicated than that? I'm guessing at the start they won't tell you what the IP addresses are as well? Also are there more machines on the network you aren't supposed to target to make things trickier? I managed to get all the way through the Kioptrix 1.1 machine (walkthrough in the link is the way I did it) past the command injection part without a problem but then the rest I managed to do with a bit of difficulty. For the sake of my sanity I was wondering how difficult are the machines in the lab compared to this, disregarding the four or so scary ones I've heard about? The one issue I'm having with the Kioptrix labs and metasploitable, which is making me feel a hell of a lot like a script kiddie is always searching searchsploit and google to find vulnerabilities and not being able to write them myself, I hear people saying a lot about in the OSCP you need to modify scripts but so far all I have had to do is download/find scripts, compile them or make them executable. Are there any other ways I'm supposed to modify scripts for the labs/exam and will I need to write my own scripts for exploitation or just for enumeration? In a review of the course I read online someone mentioned the first two stages of a pentest should almost always be enumeration/ports etc, then finding services running etc, so far I assume these two are the same thing and I'm worried i'm missing something out, surely something like nmap -A or -sV would enumerate and find services right? As I'm taking the 30 day i'm quite paranoid to get all of the basics covered as I possibly can before the time starts, I'm comfortable with the following: nmap, command line, bash, python, perl, c, assembly, metasploit, decent understanding of a lot of the network protocols, wireshark, nc, dns zone transfers, SQL injections, basic javascript in XSS Is there anything else I should look into before to give myself the best chance to do it in 30 days? Thanks for spending the time to read, I hope this doesn't come under yet another OSCP thread

Hi all, i'm undertaking a project to determine which vulnerability scanning tools within Kali Linux are best suited for the job, there were three tools tested and these were, Nikto, Sparta and OpenVAS. The results that these scans returned when scanning metasploitable 2 with a Kali linux machine are as follows: Metasploitable 2 Nikto 15 Sparta 46 OpenVAS 144 These results are solely the number of vulnerabilities that were returned, OpenVAS seems to be the right choice but im looking for feedback to back up these results of whether this is accurate? or maybe whether the other tools have features that may give them an advantage over the other. Any feedback would be most welcome. Thanks.

Hi all i'm currently undertaking a project that involves exploiting a metapsloitable 2 machine and a windows XP machine running SP3, however the findings that i have found are that there are limited resources available when using metapsloit as there seems to be many step by step guides of how to complete an exploit but not enough information regarding troubleshooting. Do you think it would be beneficial to learning to explain more about each step of an exploit in terms of what each command does and if an exploit fails for there to be more information available about why it fails and workarounds for how to solve such problems. For instance when trying to exploit Windows XP with the popular ms08_067_netapi exploit the results for my conducted test just returned "Exploit Completed, but no session was created" Any feedback regarding this would be most welcome. Thanks.

Anyone interested in playing capture the flag? I've started a small group. We have VM hosting being set up over the next couple of days. Mostly just for fun. Probably prizes in the future. Contact me directly if you are interested.

Hi there, I've got a question. During a professional penetration test with a team of penetration testers for a client, what is an effective way to store raw data during and after the tests? With this question I am looking for a data storage (directory and files) structure. The goal of this structure is to make a general overview for al penetration testers. As example, when I performed a penetration test in the past and store my raw data (output tools, phases of testing, logging, etc) in an encrypted environment, and a colleague needs to perform another test for the same client, what is a fast and effective way for the colleague to see what I have done in the past. Or if a client asks for logging data? I am not looking for a tool, I am looking for a kind of structure with consistency which can help me. Does anybody know a kind of structure, methodology, checklists or have any suggestions regarding the storage? Regards,

Hello hackers, coders and imagineers, I don't know if the Rubber Ducky is looking for an upgrade anytime soon, but if so I have a few ideas based on a recent project of mine, which uses the Teensy 3.1. Firstly, the one way nature of the device makes it difficult to acquire information from the host system. I see you have solved this by suggesting that a USB drive is used in parallel with the Rubber Ducky. Whilst this is a solution, it would be nice if the device could imitate a hub and provide the functionality of both the Rubber Ducky and a USB drive. Though, this will increase the hardware requirements and cost, so may not be ideal. In my project I simply used the onboard EEPROM to store data, which removes the need for two USB sticks, but severely limits the amount of non-volatile memory available. So, the addition of some non-volatile memory that can be written to and then read from at a later time would be nice to see on the Rubber Ducky. Secondly, although there is non-volatile memory available on the Teensy, this doesn't solve the problem of feedback: How do you get the data mined from the host system back on to the device? This is difficult since the device is pretending to be a keyboard and keyboards generally don't require feedback. In my project I utilised the fact that whilst the Teensy emulated a keyboard it could simultaneously run a serial connection. In this way I could get the Teensy to find the relevant information and then send it to itself via an open serial link. This opens up the use of the available non-volatile memory as mentioned above, but also many other things that weren't possible without feedback. For example, in my project I mess with the "networksetup" command in terminal, which, in most cases requires the user to specify the hardware port in question. As such, the first thing I do is to get a list of all the ports on the host system. This is then fed back in to the Teensy, which searches for the hardware port related to the WiFi. Then this information can be used to send commands to turn the WiFi card off, change the AP to which the host system is associated or just gather more information. This could be a huge advantage if implemented on the Rubber Ducky. Lastly, with most keystroke injection attacks commands have to be sent and then there's a delay whilst the host system executes the command. However, these delays can vary wildly making them very difficult to predict. In my project I added a debug mode option, which allows the user to step through chunks of code so that the variable delays can be controlled by the user. Additionally, these types of attacks are unreliable, since a program may not start as expected or a pop up gets in the way. For this reason I also added a reset button, so that if the attack fails it can quickly be reset and start again without having to unplug and replug in the device. These can be very useful in practise, however they both require the addition of a button, which could make the Rubber Ducky look less like a legitimate USB drive. As a side note, another thing I found useful was an LED indicating when the program was complete. It's especially convenient when you are unable to see the screen of the host system. If anyone is interested this is the link to my project called the WiFi Pixie: http://www.instructables.com/id/WiFi-Pixie/ There's code there as well, which is the most interesting part of this project. The Teensy platform is good if anyone wants to get very hands on with this type of pen testing tool. It uses the Arduino IDE and will require some knowledge of C. But if you're more familiar with scripting languages and you want an easy device to plug-and-play with, then the Rubber Ducky is probably a better option. I would also be interested to hear of any other ideas people have for this kind of device... Hack on!

I want to learn more about hacking. I have heard about free hacker spaces. But whenever I look those up on Google I find a nice long list of broken links. Are there still any legal hacker spaces open?

So I received a message from one of our fellow members on the forums. Maybe this should be stickied, maybe just moved to another thread, but the answer I gave applies to pretty much everyones questions in how to get started in hacking. DigiNinja did a whole questionnaire as well as a few talks on the same subject answering much of the same things, so I would suggest anyone having similar questions, go seek out his talk on YouTUBE. I'd post the links but I don't have them handy. They may even be on his site. Below was the question posted to me though, and my answer, and I hope it helps anyone looking for help in the same areas. ----------------------------------------------------------- Backtrack and Kali have much of the same tools installed. Kali is just 1, more stable, 2, more linux file system compliant, and 3, long term support with many new additions. As for books, I'm self taught up till now and am taking the OSCP class. If you want to learn it without taking a course, best place to start is 1, download either distro, 2, setup some virtual machines on your home network and 3, dive right in. Use places like YouTUBE and SecurityTube. Especially SecurityTube, for demos of tools found in both distros, but also the kali.org and backtrack-linux site's and their forums, as well as wiki's and documentation. Hacking is not exactly something one can learn by reading alone. It will get you started on terms and familiar with concepts but in reality hacking only happens by trial and error. No amount of books will change this other than one that took every question you had, and was written specifically to hold your hand and walk you through each hack, and there are no such books. People and Conference talks I would look to for videos, Derbycon conference videos, Defcon archives, Georgia Weidman and Raphael Mudge(for metasploit and armitage demos, classes). Georgia even gives online classes reguarly and has lots of talks online for free, hence check out SecurityTube. For reading, IronGeek's site has a shit ton of documentation, videos, links and more, and should also be on your list of things to dive into. There is no quick answer. It takes time, patience, dedication, lots of self searching, trial and error, and perseverance to get anything out of hacking, and its not the distro you use. Its not the tool someone else wrote. Its curiosity, not being afraid to try something new, and spending hours upon hours of trying one simple thing, that might take someone else 3 lines of code to do, but so long as you do it, you learn as you go, just like the rest of us. I'm also going to post this in a thread, since this is more or less helpful to everyone, and hopefully can answer peoples questions. ------------------------------------------- Anyone who has other suggestions, answers to give for the above question and topic in general, please feel free to add, such as books to help point in the right direction, classes to look into, sites, etc. There are more I could of listed, but for me, hacking is not something one simply sits down to do and "poof" magic happens because you booted Linux and suddenly your mr leet haxor(and no, that is not directed at the person asking the question, its a general comment for anyone thinking it makes a hill of beans difference what you use). Hacking starts with yourself, desire to learn, curiosity to tinker, self discovery and hard fucking work to research anything you want to learn. Most of us are self taught. I am, and would have loved to have been able to go to school for computers, find local 2600 meetings in my area or have a mentor, but the truth is, I had none. I learned what I know on my own, as I think most people have. Sure, some of you have taken a class on programming, so you may have a one up on others when it comes to understanding the fundamentals, but don't be deterred. Johnny Long, infamous creator of the GHDB, was self taught, and spawned a whole industry of OSINT hacking by simply trying things on his own, and networking with like minded people. This I would say, is your best bet as well. You can read all the books you want, and try all the tools in the world, but if you don't get your hands dirty actually trying things, learning how and why thing do what they do, or how a tool works in the first place and what its actually doing to make that happen, you won't be learning. You will be regurgitating and repeating nothing more than documentation on how to carry out a process, and that isn't hacking. For me, hacking is the desire to tinker, play, invent, and use your curiosity to learn as much as you can about something, and that takes time, and dedication. You can't get that from a book, or a tool. You can only get that from doing it yourself, and if you are not much of a self starter, well, there is no time like the present to start! I don't consider myself leet, or even a tenth knowledgeable about things regarding high end hacking techniques. That doesn't stop me from learning every day, and poking away at something for hours, that might take someone 5 minutes to do. You want to learn, you have to put in the time and effort to do so. There is a famous quote, one Mati uses in the OSCP course, taken from Abraham Lincoln. If I had 8 hours to chop down a tree, I'd spend 6 hours sharpening my ax. The same goes for anything you do in life, not just hacking. If you don't have the time to dedicate to researching and trying, even if you don't understand or know where to start, you won't ever get anywhere. Not to be cliché, but if you want to learn to swim, jump in the water and get started! (Just make sure you have a life vest on first. Some of you aren't very good swimmers, myself included...) - DigiP