Jump to content
Hak5 Forums

All Activity

This stream auto-updates     

  1. Past hour
  2. What would you like to see added to firmware v1.2? Here are a couple of my suggestions. Native gpg or other public/private key encryption support pip support for adding libraries
  3. Today
  4. 15 Second Mr. Robot Hack question

    Great advice, thanks for your response! I took your advice and here is what I got: 2017-11-20_19-46-03.creds is not writable.#file_put_contents($file, file_get_contents("php://input")); So, it looks like the file does not have write permissions. I thought I had the permissions set appropriately; but clearly I wasn't right. The file has write permissions for www-data. What setting do I need to set so that this file has permissions to write to the server? Sorry for the nooby question. Thanks again for your help in identifying the issue!
  5. Modules Requests Discussion

    How about a module that can tell you which other modules are currently running? I have not dug deep on this one.. just a thought. For example, DNSMasq Spoof, wps and other modules have a button (start / stop), where you can start and stop that particular module. There is no other real indicator in the GUI showing that the module is running, so if you leave the module's page you have to just remember which ones are running. It would be cool if there was some sort of standardized api/hook that can tell if a module is currently running (maybe there is one already), and change the color of the module's text in the left navigation pane using CSS. This way I can tell at a glance which modules are up and running, without having to click through each module.
  6. Site not responding

    Also, additional information, the link tries to take me to
  7. Site not responding

    Just got a brand new Tetra, I followed the instructions to go to your website to the /tetra page, it provides an IP address link to "complete the setup", but that link does not respond. I tried it under Chrome and Firefox with the same results. Is this link down?
  8. Hi all. I´m new to DJI products, so what is the best way to handle my drone? I already compiled a patched 4.1.3 apk. Shall i use it from the beginning? Is there a disadvantage to newer versions (as far as i can see the 4.1.3 has more options to patch)? And dont upgrade the drone and RC firmware? I want to use it as i want without any restrictions (NFZ can stay) and with the most stable performance. (Sorry if this is the wrong topic for my questions) Greetings Hektor
  9. Unknown Computer appeared on RAT?

    What ports are used, when a target machine runs the trojin, does it connect back to your machine? If so then you would have configured port forwarding? What port if this? You should monitor this port, its possible random traffic hit your open port but also possible your tool is a backdoor. hackforum is full of bs tools. I may have misunderstood what you see. A vnc session? Maybe some one ran your trojin from a vm.
  10. Yesterday
  11. My wifi pineapple nano doesnt load the page unless the host computer is connected to its wifi. How do i fix?
  12. Unknown Computer appeared on RAT?

    Theoretically he could've been running any Windows, but from the description it sounds like 98. Was Wireshark actually running or did you just see the icon on the desktop? Either way, worst case scenario is he's a hacker that was trying to hack you. 'Best' case scenario is he was curious and wanted to try out something. Not sure what 'found' and 'terminated' could relate to, could be the connection, but I don't think it would say 'found' if a connection between you and him was seen. Terminated was probably when (or just before) you were cut off if that's the case. A command prompt running a Python script with the name 'clock' is a bit weird, though. Not sure there, could be anything. Not sure why he would name it clock..
  13. Packet Squirrel Switch3 openVPN Client Tunnel

    You don't need to say "/usr/bin/NETMODE VPN", just say "NETMODE VPN". I don't think it's wise to use their DNS server. Just use the Google one ( They are, of course, going to recommend their own server but that's just a selling point. You haven't configured your OpenVPN client to use the OpenVPN config file. Refer to line 45-46 in the OpenVPN payload example here.
  14. date and time

    Classic Sebkinne. "Yes it does." "No, it doesn't." No explanation - still leaves everyone in the dark by answering a question. Haha.
  15. Is this payload possible

    A decent MITM program..The Packet Squirrel itself is the MITM. The PS doesn't have the power to decrypt traffic, sadly. However, you could use the Bash Bunny/Rubber Ducky to configure the PC to receive certain packets from the PS, interpreting them into commands or even just simpler things like doing Network Administrator attacks on the PC. What you're saying isn't impossible. You could even write your own proxy server in python if you wanted to. I think there's a few 'pocket' proxy servers around on the internet.
  16. Need help with PasswordGrabber

    Nevermind, we all make mistakes while sooner or later we realize :)...It's good that everything's excellent in the end. I've also sent a suggestions to the author of this payload, because he need to either make the file FUD or to add disable AV functions before the .exe file loads :)
  17. Need help with PasswordGrabber

    Know what, when I read through the payload.txt, I completely missed there was nothing there to create the folder it is dumping its files to. Yeah, creating the folder would be important. I have not used this payload.
  18. identify physical intruders SSID

    That is really cool! while having a read i stumbled on this that may or may not be it. It certainly sounds similar https://www.cs.cmu.edu/afs/cs.cmu.edu/user/fp/www/papers/wireless03.pdf https://github.com/dysonltd/gts Thanks for the info digip
  19. This is the 3rd time. Previous attempts to post content included some ruby code. https://github.com/rapid7/metasploit-framework/blob/master/lib/metasploit/framework/login_scanner/ssh.rb Edit. Strange it works this time. Ill take screen shots next time this happens ;.,/'[]{8\=-~=~ `ls` system("uname") }
  20. So our Cloudflare setup blocked your request because it detected a RCE attack. No idea why that would trigger from some links in the post, but I would suggest you try posting them again.
  21. [PAYLOAD] PasswordGrabber

    I've finally made it up! But there are is one more thing that I would suggest you to add. Since any AV will detect lazagne.exe file as a malicious file, it would be much better if you could either crypt it on your way so you can make it FUD or if you could add a few commands to the payload that will disable the AV before the payload starts the .exe file.
  22. Need help with PasswordGrabber

    I've finally found the solution but there is one pro and few cons.. To all people who bought this but are facing the same issue with PasswordGrabber then here is the following solution and the thing I got stuck Make a folder inside loot "USB_Exfiltration", if you don't have that folder then PasswordGrabber will not work at all Upon making the folder, plug in the USB and wait for the caps lock to finish blinking two times (twice per blink) Once you got the files needed, you can delete everything what's inside of a "USB_Exfiltration" but DO NOT DELETE USB_Exfiltration folder or next time PasswordGrabber will not work Now the other thing is that, PasswordGrabber will not work if you have any anti-virus software turned on, so you have to disable everything in order to make it work while "DumpCreds" will take off all the data from the victim's PC since it does not contain any .exe files which makes the PC vulnerable to attacks. But the con to this is that it might take around 1:30min to finish with the attack. DumpCreds works on Windows 10 only (It will not work on lower versions of windows - tested) I would like to thank to all people who tried to help me out to solve this issue and help everyone who's facing this problem in the future. Thank you so much guys!
  23. Unknown Computer appeared on RAT?

    Sorry I didn't know that. I think the problem was that I opened the UDP and TCP Ports without any security.
  24. Need help with PasswordGrabber

    the only time it doesn't work for me is if i don't let it do its thing long enough. i got to go to work but you can clone my whole switch folder from git hub Here's the link ^ if you get errors from that its probably from premature BB pulling or you have no files with the extension your xcopying
  25. identify physical intruders SSID

    OMG you guys are awesome! Im going to call this project GOM (grumpy old man!) I will be researching all of this and working on it this week. I promise to reply with any results good or bad. Digip - I already use webcams with motion detection in a specific area, but it would be cool to trigger the cameras based on wifi signals on top of motion detection. Ironically my neighbor right in front of my house had his truck broken into last Saturday. They took a bunch of stuff. It had only been parked for 20min or so. My cameras would have captured an image, but his truck was not in my motion zones. The worst part was that they broke a window and scratched his paint too. My hope is that if it is the same people then eventually I will be able to identify them by MAC and any time they pass by my cameras will go off and I will get sms or email etc.
  26. Need help with PasswordGrabber

    I've downloaded your CMD and replaced it with the existing one, still, sometimes works sometimes it doesn't...mostly it does not work
  27. Unknown Computer appeared on RAT?

    #1 - don't link to cracked/pirated software #2 - More than likely, you just got yourself hacked from the sounds of it, if any of it is true.
  28. Need help with PasswordGrabber

    Can you please upload the file elsewhere because the forum does not allow me to download the file.
  1. Load more activity