Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'shell'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 8 results

  1. exploit/unix/x11/x11_keyboard_exec

    Im trying to exploit my rooted galaxy core prime which is vulnerable to the exploit/unix/x11/x11_keyboard_exec module. Im having a bit of trouble getting a shell. Ive got to the point where a session is created, but when i try to interact with the session to get a shelll it just stops and hangs and does nothing. Ive tried different payloads but the same thing happens everytime. It just says interacting with session <ID>, and I cant get any further than that. Any tips or help would be appreciated. And Im also a bit confused on configuring the reverse shell payload. is the LHOST supposed to be my IP or the victims in a reverse shell. plus what is the proper IP and port number for "ReverseListenerBindAddress" and "ReverseListenerBindPort? Thank you.
  2. Hi all, I am creating some shell scripts that occasionally need to use an external Alfa WiFi card, but not all of the time. Rather than leaving the Alfa card enabled constantly, I would like the script to bring the card online when it is required, and switch it back off when it is not. I have read various methods to do this online, but none seem definitive, so I would like to ask which method I should use. So far, I have seen suggestions of; Using WLAN# up and WLAN# down Disabling USB ports using Hub-CTRL Using hardware add-ons This or this (unknown what is being done here) Even people saying it's not possible. What would you suggest? Has anyone else had any luck with switching off and back on an Alfa Wifi Card from a Linux command line/script? I haven't yet played around, as I'm not at home, but I don't want to waste my time trying a method that won't work as well as something else. Thank you.
  3. Hello guys. So I have just followed this guide to set up my lan turtle over wifi so I don't need to plug it into the ethernet to set it up/update/etc https://www.youtube.com/watch?v=11qAQ3X71X0 I do this on my Kali machine (So I can open up the turtle.sh file) I follow all the steps... it works fine... I can even ping google... But as soon as i unplug the Turtle, and plug it into my Windows PC... All that change and config gets deleted.... I cant access the turtle.sh to set it up on my windows PC either because you cant open bash scripts in powershell And now when I RE-PLUG it back into my Kali to do all the ./turtle.sh again... It wont ping google now??? I follow the step by step, run the bash file... Set up my default gateway... And then when its all done and says "happy shelling" it no longer pings google???? Do I need to do a hard reset?
  4. I would just like to preface by saying that I won't be here to read or respond to comments. I apologize for that, but I am spending as much time as I can focusing on research and learning everything I can. This is a time I would consider to be my intellectual prime and I really want to use this time as best I can in that regard, so I hope you can understand why I won't be actively engaging as a user in general. https://medium.com/@ViGrey/phishing-for-root-using-shell-functions-against-mac-and-linux-2b1b7edbb9a9 This is a script that pretends to be sudo and /usr/bin/sudo, acts like the password prompt, steals the password and deletes traces of itself, including the shell history of running the script itself. The specific ducky script in this post is for Ubuntu with Unity, but it could easily be tweaked to work with other desktops, distros, and even Mac OS X. The idea for this came when I was in the early stages of the research project I'm currently working on involving U2F security tokens (I'll make a post here about that later after I get a POC and blog post up). After testing out some commands for the project, the thought "Could I alias sudo?" came to mind and I decided to try it. Sure enough, it worked flawlessly. I then checked to see if I could alias sudo and call sudo at the end, essentially injecting commands into sudo. That worked flawlessly as well. Figuring these things out opened more questions and I ended up in a rabbit hole thinking about what I could do with it. After getting some other work done, I decided to start working on the ideas about 2 or 3 days ago after figuring out the same can be said about shell functions as aliases and came up with this. The ducky script is in the blog post, but also at https://gist.github.com/ViGrey/a988c76c87898a2156da7724c57f16b4#file-rootphisher-ducky. Go ahead and tinker with it; make it better. I know there are probably better ways to handle some edge cases that can arise, but I leave that as a exercise for you all and possibly myself in the future to look at. I just had fun working on this. Apologies for any confusing parts or spelling errors in the blog post. I wrote that post in a bit of a rush so I could get back to my current research project. Have fun with it!
  5. The HID is coming from inside the Bunny!

    Is there a way from the Bash Bunny shell to control what the Bash Bunny "does to" the host? For example, if my payload just checks the OS version, connects to a Bash Bunny shell and starts a new script based on that? As one simple example, determining Windows XP (UAC evasion not required) vs Windows 7+ could be useful. Another case might be defaulting to, and then unloading, the ECM_ETHERNET module and replacing it with the RNDIS if we detect that we are on Windows. I realize that the latter case might be better handled using the Switch to change payloads... but doing something like I'm thinking could give me, effectively, more than 2 payloads. If I'm not using the right terminology I apologize... I'm just getting started. I can't find anything by searching but I could be looking for the wrong thing... In the long run some way to control what the Bunny does based on the Host OS would be useful. Thanks!
  6. Hi all, I have multiple wireless devices connected to one computer and I'm trying to create a BASH script to find the LogicalName of one of them automatically. For example, I have WLAN0, WLAN1 and WLAN2 connected. I want to find the LogicalName for my 'Super Awesome WiFi Thingy'. So far I have been unable to find a line of BASH that will take the Device Name 'Super Awesome WiFi Thingy' and find which WLAN LogicalName it belongs to. Any ideas? *Edit* I need to output to a variable in format 'WLAN#', rather than just display a list of devices. Thank you.
  7. Can someone help with this PCAP file?

    Here is the file - https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=dns-remoteshell.pcap And a screenshot - http://i64.tinypic.com/6gwu2v.jpg I have to analyse this file and answer several questions about it, like, small description of the events and weather this shows an attack, but I'm new to Wireshark so I'm a bit lost. If anyone could have a look and get back to me that would be great!
  8. I created a shell script to help manage my ducky scripts and to copy what i wanted to use to the root of the drive. After creating it, i wanted to post it just incase anyone else might find it useful and came across this thread. I made this shell script on a mac, and also tested it out on another linux based box and didn’t have any problems. The only thing I had to do on the mac was download the “dialog” command via brew. Currently my SD card contains the following directory structure: As you can see, some of these scripts are from the repository. The Directories are the same name as the script, each directory has the script and the compiled version of the script ready for the duck. When i put in the SD card, i run the menu.sh to bring up the “script manager” what is does is just read the contents of the directory structure and puts it in a menu. I find the one i want and hit enter and it will copy it to the root drive and the script exits. if the inject.bin does not exist where the script is located at, then it will compile it. A lot of the top vars can be changed if you need to. I mostly created it based on how i run and manage the scripts. GitHub for DuckMenu Source: #!/bin/bash #ducky_menu.sh #Version: 1.0.5 #by JM MainFile="inject.bin"; #the compiled file for the rubber ducky CurrentPath=$PWD; #The path of were the menu.sh was ran, this can be hardcoded if needed ScriptsPath="$CurrentPath/scripts"; #path of where the scripts are at, usually a sub folder of the current EncoderPath="$CurrentPath/Encoder/encoder.jar"; #location of the encoder MakeDirMoveFiles=true; #if you have the code in the scripts director and what it to be in it's own directory ScriptExt="txt"; #the extenstion of the script PathName=""; #global var, leave blank choices=""; #global var, leave blank MakeDirFromFiles() { cd $ScriptsPath for file in *.$ScriptExt; do mkdir -- "${file%.$ScriptExt}"; mv -- "$file" "${file%.$ScriptExt}"; done cd $CurrentPath } DoCopy() { cpFrom="$ScriptsPath/${PathName[@]}/$MainFile" cpTo="$CurrentPath/$MainFile" cp "$cpFrom" "$cpTo" dialog --title 'File Copied' --msgbox "$cpFrom was copied to $enTo" 6 60 } RunEncoder() { enFrom="$ScriptsPath/${PathName[@]}/${PathName[@]}.$ScriptExt" enTo="$CurrentPath/$MainFile" java -jar $EncoderPath -i "$enFrom" -o $enTo dialog --title 'File Compiled' --msgbox "$cpFrom was comiled to $enTo" 8 60 } DoMenu() { i=0 x=1 while read line do array[ $i ]="$line" if [[ -n "$options" ]]; then options=("${options[@]}" "$x" "\"$line\"" "off") else options=("$x" "\"$line\"" "off") fi (( i++ )) (( x++ )) done < <(ls $ScriptsPath) cmd=(dialog --separate-output --checklist "Select options:" 22 76 16) choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) if [ -z "$choices"] ; then choices=0 fi if (($choices > 0)) ; then arrayID=`expr $choices - 1` PathName="${array[$arrayID]}" if [ -f "$ScriptsPath/$PathName/$MainFile" ]; then DoCopy $PathName else RunEncoder $PathName fi clear echo "Good Bye Happy Ducking!" else clear echo "No Options selected..Good Bye!" fi } if $MakeDirMoveFiles ; then MakeDirFromFiles; fi DoMenu;