Jump to content

i8igmac

Dedicated Members
  • Content Count

    939
  • Joined

  • Last visited

  • Days Won

    22

Everything posted by i8igmac

  1. I heard something about empty pipes? Secret code, come on in... I've always wanted to cover this topic. Pipes! Sometimes its best to practice with tools like netcat. You should simulate this pipe work or pivit with basic pipes and hello world examples to make sure you can get a proper tcp 3way handshake. Kali~> Ssh -R 4444:localhist:4444 admin@victim.ip This is a basic pivit like command. It will pivit port 4444. Its just a example of what metasploit is basicly doing. When i was doing my testing with metasploit and reverse tcp pivit. I had to change the exploit code to generate the payload with a public ip address. LHOST is used when generating the payload but also used by the multihandler. So you cant just change lhost in msfconsole because your multihandler will fail with unknown local ip. Multihandler has to listen on 192.168.0.2:4444 The payload has to generate with the public reverse address... Maybe im wrong or things have changed since my testing. I thought about adding my own var to metasploit payload generation. LHOST/PHOST I think the metasploit team intentionally left this option unavailable. because its intended use is very powerful. Or maybe provided by the paid version lol
  2. Yes. Routers are hacked like its the wild wild west. Along with home iot devices. I found 30 thousand devices generating coin for one person. At the time the value was like 120$ per day. Most the time these devices are old routers from the 90's or just old devices with bad default settings like remote management is open by default with default password. Chances are your device is new and your fine
  3. What windows manager are you using. This might be a gnome/kde/xfce thing.
  4. I have used qemu and virtualbox. But i never tried to clone a phone and test drive it on a emulator. Ill have to spend the hours testing to answer my questions. Im 50% sure i could clone this hd then use file recovery software from a emulator. This has been a lot of fun honestly
  5. Send me a pm. I have some free time. You're success will depend entirely on whether or not you're willing to do the research and perform trial and error learning. I wish i met a bigmac 15 years ago. All my machines are calling my name lol i have been looking through my old code and projects i never released.
  6. Do you have the equipment for this testing? I have 5 pi's laying around. I have a directional parabolic anttenna design in freecad and ready for 3d printing. I daydream about setting up a mesh Network across a main stretch of highway and i wonder how far i could reach. Or even Focus all mesh nodes at a packed football stadium. Or Think about what you could do on a Vegas Strip. It's all in theory, what would you do with this traffic. Airebase-ng does a good job as a generic Rogue access point that works with most Wi-Fi cards.
  7. Data recovery. Maybe somebody can share opinion and experience on recovering deleted data. I hope to successfully clone the cell phone and open it on virtualbox or another emulator. My understanding in data recovery with layman terms. The file is deleted but in the background it's simply a piece of free space now ready to be Rewritten or overwritten. When trying to recover data it's best to shut the machine down when the removal or deletion was done, as soon as possible if the machine is powered off it will prevent overwritten of this data space stored on the hard drive. If I DD clone the HD, I assume I can recover any data left untouched with an emulator and an exact cloan of the cell phone HD partition... i should also be able to boot up this clone.... Any advice? Am i wrong? I don't want to mislead future visitors of this thread.
  8. So. I made some progress this morning. The first challenge was to ADB authorization to access the phone. This was done by taking screenshots and navigating through the phone. One screenshot at a time, I could click my way through system settings and authorize my PC. I am now mirroring the Android screen on my Linux laptop through USB. With adb screen record i can pipe the live video stream to vlc, ffplay or mplayer. This works over usb and tcp. The first thing i enabled in developer options was 'show screen touches' This now makes things a little easyer when click on the black screen i could see each touch from vlc in real time. I just now need to install a app for backing up my data. I'll try to post a full write-up with example commands video and screenshots. I will also provide a Android system configuration that will allow this type of recovery to be possible for future broken screens. adb shell screenrecord --output- format=h264 - | ffplay -
  9. That is my last option. The device is not worth fixing.
  10. Git clone phonesploit. Seems like everything i need. https://github.com/metachar/PhoneSploit/blob/master/README.md I now think its a bad idea to roll around with debugging enabled on your android... But im a Rebel, I'm so happy my old broken phone had USB debugging enabled. I will always have this enabled on future phones. Phone sploit has a feature for screen sharing and plenty of other useful autimation to speed up the recovery process.
  11. i have a broken android screen. the screen works when i click it, i can hear sound effects and from memory i can manage to click 'enable usb file sharing' so. i have the pictures backed up. But i need EVERYTHING... There is hope... So, at this point i have a usb attached and can navigate through the files on my pc. then i can press the android home+power button to take a screen shot. from my pc i can see those screen shots and almost navigate through the phone. (very difficult but doable) usb debugging is enabled, But to extract the information in recovery mode i would have to navigate the bootloader from a black screen and this would be a potential risk of whipping all data. I can turn the device on and it will connect to my accesspoint. i might have a reverse meterpreter already installed. (cant remember if its there or its configuration) jruby might also be installed, this could allow me to automate the screen shot process for a hacky remote like access of the screen. so at this point, im looking for ideas on screen sharing. if i can navigate the screen remotely. this will be a step in the right direction. maybe i can install and run meterpreter.apk or other remote control software via adb shell. maybe there is screen sharing options already installed by default. tips, advice, ideas, experience... (navigating a black screen is Fucking hard)
  12. I cant exactly provide a answer. This error has popped on me a few times, once while 24 hours of cracking has already been done. I do have a suggestion. I have a bootable kali linux usb stick with all the propper drivers installed for both my desktop and my labtop. I cloned a backup and when i need to crack i just boot up. I found the NVidia-cuda-version.deb file through trial and error and once i had a stable system clone a backup of everything I love pyrit, i love the cluster options. I can clone my usb stick and build a cluster very quick. But, pyrit had its issues and i now use hashcat. Its quicker and has a lot more features like a proper recovery system.
  13. I posted a hping3 script. Does anyone have access to the old backtrack forums. I would like to share the script, it covered all typs of packet flooding attacks.
  14. I ran into issues when hosting access points with hostapd. most cards i tested would only run stable if rates were set no higher than 11M. Insufficient current would just disconnect the USB device. Good luck with the project
  15. I made something like this before. I used all the tools to capture hand shakes and brute pins. The goal was to cover all vectors when cracking wifi. If you use a pi with onboard wifi to create a hotspot. You could login with ssh and use a console based frontend for your tool or at least monitor live data from your phone and launch other attacks. I would include a reaver attack of the most used defailt pins like 0000000, 01234567 etc. Range is the most common issue with River attacks but with this in your bag you can walk up extremely close to a building for just a couple minutes. Also collecting handshakes is a must add function and maybe with a 'deauth all' to acquire those stubborn handshakes. Did you ever experience insufficient current with your Wi-Fi card?
  16. Most data recovery i run into is with pictures. Ive lost photos of my kids on three occasions before i setup my own cloud desktop running raid5 and 3 hard drives minimum. Even to pretect from spontaneous situations like the weather may cause incredible spikes. I install a over current protection device on my desktop circuit. On a live USB, I have Linux Mint and Kali on a few USB devices. If you need to install recovery software it will only take a second to have what ever you need from a live os. `Apt-cache search File | grep recovery` I also like to search my Repository for keyword searches. Example above There are live operating systems designed for file recovery. they offer the same tools kali may already have or already exist in the repo. Do the research and decide what tool suits your needs, Google Linux file recovery tools. That's your first place to start. Then document here what you did and how you did it. What tools you used and how you installed them or what operating system you use. It's almost like writing yourself an instructional tutorial, for when 5 years down the road, you have to perform these procedures again. That's how I learneded everything I know.
  17. I'm running hostapd, dnsmasq, iptable rules and ip forwarding. been running for years with out any issues. I shut down all networking services. WPA_supplicant networking network-manager I assume this is running on a computer or labtop? this error with the adapter, when it happens check dmesg to see what other errors are reported. could check for firmware updates. I would start off with a basic config. see if you can get a open wifi hotspot to work properly. then you can incorporate encryption and performance options. (from a glance your config looks fine) you mention nothing about dnsmasq or iptable. I can post my full configuration. possibly tonight. there are other config files involved, your not giving enough information. my guess is the client can't establish a ip with the host. so a dnsmasq config is needed with also running ifconfig <DEVICE> up 192.168.69.1
  18. it was pre installed on backtrack 3 if I remember. see how much information you can gather... read and watch tutorials
  19. I think the tool is called metagoofil. its a advanced search google gui that will scrape information together in a nice organized way. install it on kali. test it out
  20. the devices you are deauthing are updated and wont connect to the spoofed hotspot.
  21. I run a desktop at home. Linux mint with all my favorite tools like metasploit and ports cinfigurednto accept reverse tcp oayloads on port 4444. Your looking to get a device on a network and then launch post exploitation modules or a better term is pivot your exploits onto the network. The device you place on the network could be anything like a android phone, raspberry pi, bash bunny, network turtle or any device that can run meterpreter_reverse_tcp. Long story short, you have a device on the target network, install meterpreter on your device and connect back to your metasploit desktop at home. meterpreter already has pivot functionality that would allow your desktop to launch exploits like autopwn onto the target network using your bash-bunny-meterpreter as a tcp pivot point. DESKTOP-> (Exploit-code:445)-> bashbunny Bashbunny-(exploit-code:445)-> [node-10.0.0.105] [Node-10.0.0.105]->(payload-shell:4444)-> DESKTOP the point of this, your little devices trying to run metasploit is like a slug racing a rabbit... its just not practical. The performance gains of simply using your turtle as a tcp relay point are huge.
  22. share with ethernet or wifi. How does your linux machine connect to the network Dnsmasq and some ip tables will do it with eth0 Same concept with wifi but u would need hostapd to broadcast wifi.
  23. I have been messing with some ram tweaks. If you had 30 gigs free of ram. Your system can boot to ram with the remaining 2 gigs. Store a 30 gig wordlist in ram, run it in hashcat64.bin... I only have a machine with 8gigs of ram. Ill run some performance test on my machines. A kali or linuxmint bootable usb stick with the boot parameter 'toram'
  24. yah the pipe lol. Wpatools Has a lot of eordlist for default routers like netgear. 1800 numbers also is a default set by the isp I would suggest phone numbers and 1800 numbers first for a quick check.
  25. Has any one tried wpatools. I had some success with this word list.. The most success I had was with crunch and phone numbers. Old people use there phone for wifi passwords Crunch 10 10 -t 253%%%%%%% | hashcat64.bin 2500 out.hccap Ill make a video of the process this weekend. The hole process, starting from capturing a handshake, gpu cracking, manual configuration of wpa_supplicant config, authenticate with wpa_cli using the passphrase and then a failed attempt to brute force the router admin page...
×
×
  • Create New...