mubix
-
Content Count
516 -
Joined
-
Last visited
-
Days Won
3
5 Followers
Recent Profile Visitors
10,067 profile views
-
Mubix, im seeing alot of issues with the quickcred module you built. and it has never worked for me despite following the blow by blow how too. had to add my own Responder folder and subsequent logs, no creds captured, full bloning light for at least 20 minutes until i get bored!
anychance of a how too that involves getting the thing to work?
-
When I do physical assessments that have WPA/2 enabled wireless networks I would like to have the ability to walk around the facility with a pineapple in my backpack and have it constantly trying to get a handshake in a reliable way. Here are a few requirement requests: Stability is key. I might only get one walk through to get it done. Needs to support more than one WPA ESSID (name). If I am targeting a building and they have a Employee and Guest networks I need to be able to get both in one go. See #1 Ability to automatically verify the handshake is valid via Aircrack
-
I'm soo late to this game but I made a video to describe my feelings about it and help where I can to spread the word: https://www.youtube.com/watch?v=Wggu_qaYJaQ part of http://hackingtogether.org/ We on this list are for the most part already participating in a social group that has support. I'm not saying we don't have problems, but the ones that don't have such support, who aren't part of any groups or you only see at a con or two, but don't speak, don't participate in CTFs or other side events. Those are the ones (usually) in the most danger of feeling isolat
-
Pictures and screenshots could help with troubleshooting. Right now all we have to go on is this: You are using a 2GB SD card from an old phone formatted to FAT (I'm assuming this is a microSD You tried multiple payloads and they didn't work. Questions: Are you encoding the payloads? What payloads have you tried? Does it recognize as a keyboard when you plug it in? What operating systems have you tried plugging it into? inject.bin is in the root folder of the SD card right?
-
HowToGeek has a good write up on cracking WPA - http://www.howtogeek.com/202441/your-wi-fi’s-wpa2-encryption-can-be-cracked-offline-here’s-how/ You also have the Hak5 episode about cracking WPA:
-
reverse_tcp connections I use when I know that system can get directly to me. bind_tcp I use when I don't have another option and reverse_http / reverse_https are the ones I use the most.
-
Sorry don't have the phone anymore. Trying to find a phone that will work good. :/
-
Someone linked me to this on twitter today: http://penturalabs.wordpress.com/2013/07/29/green-for-the-anti-pineapple/
-
Any ideas on why the droid would show USB not connected, when I connect with the exact same cable to a PC it works just fine. This is what I get in dmesg [ 996.800000] usb 1-1.2: new high-speed USB device number 29 using ehci-platform [ 996.930000] scsi20 : usb-storage 1-1.2:1.0 [ 997.130000] usbcore: deregistering interface driver usbserial_generic [ 997.130000] USB Serial deregistering driver generic [ 997.140000] usbcore: deregistering interface driver usbserial [ 997.170000] usbcore: registered new interface driver usbserial [ 997.170000] USB Serial support registered for generic
-
Mailvelope is still a good solution on Windows. My only hit on the product was that the developer wasn't using the available encryption in Chrome to encrypt his storage so that an offline attacker couldn't get the keys. And yes your point still holds that if people use a good password then the keys will be useless to the attacker.
-
Honestly these guys covered it really well. Technically Meterpreter itself operates only in memory. So really the only effect it has is when memory is referenced / accessed / or stored (ie. System Profiling software, Normal process execution, and Hibernate respectively). The more evident parts come in a few flavors: How the Meterpreter shellcode / payload gets executed.Is it a binary you put your payload in? a PDF?Where was it stored?Is it backed up? Is it in a location targeted by Volume Shadow Copies or Restore Points? Does the company have a shared storage of roaming profiles? How was it
-
Easiest way is to use Brup proxy to man in the middle all web traffic. Here are some tutorials how: http://carnal0wnage.attackresearch.com/2010/11/iphone-burp.html http://portswigger.net/burp/help/proxy_options_installingcacert.html#iphone You can check in side SSL with that setup. If it's not web and it's using some other protocol you may be out of luck, but good chance that it's using HTTP or HTTPS
-
If you still have the ability to login as that user, forced password change or not, I think you should still be able to decrypt the password. I forced a password change from one administrator account to the other and once logged in (as the user with bearshare installed) still able to decrypt the bearshare password
-
Ya, it was password stored in the users store. Wrote a quick script to decrypt: (mostly stolen from post/windows/gather/credentials/outlook.rb) def prepare_railgun rg = session.railgun if (!rg.get_dll('crypt32')) rg.add_dll('crypt32') end end def decrypt_password(data) rg = session.railgun pid = client.sys.process.getpid process = client.sys.process.open(pid, PROCESS_ALL_ACCESS) mem = process.memory.allocate(128) process.memory.write(mem, data) if session.sys.process.each_process.find { |i| i["pid"] == pid} ["arch"] == "x86" addr = [mem].pack("V") len = [data
