Jump to content


Dedicated Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by i8igmac

  1. I heard something about empty pipes? Secret code, come on in...


    I've always wanted to cover this topic. Pipes!


    Sometimes its best to practice with tools like netcat. You should simulate this pipe work or pivit with basic pipes and hello world examples to make sure you can get a proper tcp 3way handshake.


    Kali~> Ssh -R 4444:localhist:4444 admin@victim.ip

    This is a basic pivit like command. It will pivit port 4444. Its just a example of what metasploit is basicly doing. 


    When i was doing my testing with metasploit and reverse tcp pivit. I had to change the exploit code to generate the payload with a public ip address.


    LHOST is used when generating the payload but also used by the multihandler. So you cant just change lhost in msfconsole because your multihandler will fail with unknown local ip.


    Multihandler has to listen on

    The payload has to generate with the public reverse address...


    Maybe im wrong or things have changed since my testing.


    I thought about adding my own var to metasploit payload generation. LHOST/PHOST

    I think the metasploit team intentionally left this option unavailable. because its intended use is very powerful. Or maybe provided by the paid version lol



  2. Yes. Routers are hacked like its the wild wild west. Along with home iot devices.

    I found 30 thousand devices generating coin for one person. At the time the value was like 120$ per day.


    Most the time these devices are old routers from the 90's or just old devices with bad default settings like remote management is open by default with default password.


    Chances are your device is new and your fine


  3. 22 hours ago, kdodge said:

    You might try QEMU, they have the ability to emulate arm and you can assign a file as the devices HD, theres lots of options so you will need to look up a tutorial how to get it working for you. QEMU is in the linux repos

    I have used qemu and virtualbox. But i never tried to clone a phone and test drive it on a emulator. Ill have to spend the hours testing to answer my questions. Im 50% sure i could clone this hd then use file recovery software from a emulator.


    This has been a lot of fun honestly

    • Like 1
  4. Send me a pm. I have some free time. You're success will depend entirely on whether or not you're willing to do the research and perform trial and error learning.


    I wish i met a bigmac 15 years ago.


    All my machines are calling my name lol i have been looking through my old code and projects i never released.



  5. Do you have the equipment for this testing?

    I have 5 pi's laying around. I have a directional parabolic anttenna design in freecad and ready for 3d printing.


    I daydream about setting up a mesh Network across a main stretch of highway and i wonder how far i could reach. Or even Focus all mesh nodes at a packed football stadium. Or Think about what you could do on a Vegas Strip.


    It's all in theory, what would you do with this traffic. Airebase-ng does a good job as a generic Rogue access point that works with most Wi-Fi cards. 

  6. Data recovery.


    Maybe somebody can share opinion and experience on recovering deleted data.


    I hope to successfully clone the cell phone and open it on virtualbox or another emulator.


    My understanding in data recovery with layman terms. The file is deleted but in the background it's simply a piece of free space now ready to be Rewritten or overwritten. When trying to recover data it's best to shut the machine down when the removal or deletion was done, as soon as possible if the machine is powered off it will prevent overwritten of this data space stored on the hard drive.


    If I DD clone the HD, I assume I can recover any data left untouched with an emulator and an exact cloan of the cell phone HD partition... i should also be able to boot up this clone....


    Any advice? Am i wrong? I don't want to mislead future visitors of this thread.

    • Like 1
  7. So. I made some progress this morning. The first challenge was to ADB authorization to access the phone. This was done by taking screenshots and navigating through the phone. One screenshot at a time, I could click my way through system settings and authorize my PC.


    I am now mirroring the Android screen on my Linux laptop through USB. With adb screen record i can pipe the live video stream to vlc, ffplay or mplayer. This works over usb and tcp. 


    The first thing i enabled in developer options was 'show screen touches' 

    This now makes things a little easyer when click on the black screen i could see each touch from vlc in real time.


    I just now need to install a app for backing up my data.


    I'll try to post a full write-up with example commands video and screenshots.


    I will also provide a Android system configuration that will allow this type of recovery to be possible for future broken screens.


    adb shell screenrecord --output-
    format=h264 - | ffplay -
  8. Git clone phonesploit. Seems like everything i need.




    I now think its a bad idea to roll around with debugging enabled on your android...


    But im a Rebel, I'm so happy my old broken phone had USB debugging enabled. I will always have this enabled on future phones. Phone sploit has a feature for screen sharing and plenty of other useful autimation to speed up the recovery process.


  9. i have a broken android screen. the screen works when i click it, i can hear sound effects and from memory i can manage to click 'enable usb file sharing'

    so. i have the pictures backed up. But i need EVERYTHING... There is hope...


    So, at this point i have a usb attached and can navigate through the files on my pc. then i can press the android home+power button to take a screen shot. from my pc i can see those screen shots and almost navigate through the phone. (very difficult but doable)


    usb debugging is enabled, But to extract the information in recovery mode i would have to navigate the bootloader from a black screen and this would be a potential risk of whipping all data.

    I can turn the device on and it will connect to my accesspoint.

    i might have a reverse meterpreter already installed. (cant remember if its there or its configuration)

    jruby might also be installed, this could allow me to automate the screen shot process for a hacky remote like access of the screen.


    so at this point, im looking for ideas on screen sharing. if i can navigate the screen remotely. this will be a step in the right direction. 

    maybe i can install and run meterpreter.apk or other remote control software via adb shell. maybe there is screen sharing options already installed by default.


    tips, advice, ideas, experience... (navigating a black screen is Fucking hard) 

  10. I cant exactly provide a answer. This error has popped on me a few times, once while 24 hours of cracking has already been done. I do have a suggestion.


    I have a bootable kali linux usb stick with all the propper drivers installed for both my desktop and my labtop. I cloned a backup and when i need to crack i just boot up. I found the NVidia-cuda-version.deb file through trial and error and once i had a stable system clone a backup of everything


    I love pyrit, i love the cluster options. I can clone my usb stick and build a cluster very quick.


    But, pyrit had its issues and i now use hashcat. Its quicker and has a lot more features like a proper recovery system.

  11. On 10/24/2019 at 5:43 PM, Cap_Sig said:

    Sounds like a nice build.  I have done several headless builds using a tablet, phone, laptop for control.  Just did the build with display for the idea of it. 

    I have done a lot of testing with the alfa cards and what you can power without issues.  As long as you have a stable 2 amp supply it will run two AWUS036NH adapters without issues. The biggest thing to not is actual power consumption of alfa adapters are much lower than TX ratings as this is based on EIRP.  Mixed results with three, seems to just depend on the load collectively for all three.  Six adapters is possible with a USB hub but under full load it results in slow Ethernet as they are tied together on the chipset.  

    I am currently working on a build that I plan to post soon with the odroid ux4 (started the build before pi 4 was easily available).  It is very stable under high USB loads especially with powered hubs. 

    I ran into issues when hosting access points with hostapd. most cards i tested would only run stable if rates were set no higher than 11M.  Insufficient current would just disconnect the USB device.  Good luck with the project

  12. I made something like this before. I used all the tools to capture hand shakes and brute pins. The goal was to cover all vectors when cracking wifi. 


    If you use a pi with onboard wifi to create a hotspot. You could login with ssh and use a console based frontend for your tool or at least monitor live data from your phone and launch other attacks.


    I would include a reaver attack of the most used defailt pins like 0000000, 01234567 etc. Range is the most common issue with River attacks but with this in your bag you can walk up extremely close to a building for just a couple minutes.


    Also collecting handshakes is a must add function and maybe with a 'deauth all' to acquire those stubborn handshakes.


    Did you ever experience insufficient current with your Wi-Fi card?

  13. Most data recovery i run into is with pictures.

    Ive lost photos of my kids on three occasions before i setup my own cloud desktop running raid5 and 3 hard drives minimum. Even to pretect from spontaneous situations like the weather may cause incredible spikes. I install a over current protection device on my desktop circuit.

    On a live USB, I have Linux Mint and Kali on a few USB devices. If you need to install recovery software it will only take a second to have what ever you need from a live os. `Apt-cache search File | grep recovery`

    I also like to search my Repository for keyword searches. Example above


    There are live operating systems designed for file recovery. they offer the same tools kali may already have or already exist in the repo.


    Do the research and decide what tool suits your needs, Google Linux file recovery tools. That's your first place to start. Then document here what you did and how you did it. What tools you used and how you installed them or what operating system you use.


    It's almost like writing yourself an instructional tutorial, for when 5 years down the road, you have to perform these procedures again.


    That's how I learneded everything I know.



  14. I'm running hostapd, dnsmasq, iptable rules and ip forwarding. been running for years with out any issues. I shut down all networking services.






    I assume this is running on a computer or labtop?


    this error with the adapter, when it happens check dmesg to see what other errors are reported. could check for firmware updates.


    I would start off with a basic config. see if you can get a open wifi hotspot to work properly. then you can incorporate encryption and performance options. (from a glance your config looks fine)


    you mention nothing about dnsmasq or iptable.


    I can post my full configuration.  possibly tonight. 


    there are other config files involved, your not giving enough information. my guess is the client can't establish a ip with the host. so a dnsmasq config is needed with also running ifconfig <DEVICE> up


  15. I run a desktop at home. Linux mint with all my favorite tools like metasploit and ports cinfigurednto accept reverse tcp oayloads on port 4444.


    Your looking to get a device on a network and then launch post exploitation modules or a better term is pivot your exploits onto the network.


    The device you place on the network could be anything like a android phone, raspberry pi, bash bunny, network turtle or any device that can run meterpreter_reverse_tcp. 


    Long story short, you have a device on the target network, install meterpreter on your device and connect back to your metasploit desktop at home. meterpreter already has pivot functionality that would allow your desktop to launch exploits like autopwn onto the target network using your bash-bunny-meterpreter as a tcp pivot point.


    DESKTOP-> (Exploit-code:445)-> bashbunny

    Bashbunny-(exploit-code:445)-> [node-]

    [Node-]->(payload-shell:4444)-> DESKTOP


    the point of this, your little devices trying to run metasploit is like a slug racing a rabbit... its just not practical. The performance gains of simply using your turtle as a tcp relay point are huge.

  16. I doubt its a driver issue with kali. Its fully loaded with wifi adapter firmware. But I guess upgrade for fun.


    maybe a virtual box driver issue, check for updates. My opinion, a bootable kali usb or dual boot with internal ssd. 


    Try other wifi adapters.


    Install kali. Change to gnome-shell and its a slick operating system...


    Or I run linux mint19 on all my machines and I just install all thools I want from kali

  • Create New...