-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
With the firewall turned on. Run a nmap port scan on 445
Metasploit says the connection timed out on port 445
-
I think the fire wall blocks income port 445. Exploit fails.
-
This device I found on Amazon CECTDIGI android ultra-thin mobile phone @175$
I hope to get some ideas for a mini battery powered android device I could make into a sports music Pandora player. I skateboard every year and hope to find a extremely small device that will sit in my pocket unnoticeable...
small as possible.
Battery power, a few hours.
Android/linux.
Wifi 2.4ghz.
Headphone jack.
with some start up scripts, I can make do with out a touch screen, But would be... if it was wifi enabled I can place my phoone in my car with a hotspot enabled...
I was thinking about android watches? But have not looked much into these...
Any hacky ideas?
-
I have seen these kinds of packets before... my first thought was maybe these are attempts to exploit a specific wireless chip. I seen metasploit has broadcom exploits maybe worth reading the source on these types of exploits...
I have also seen 00:00:00:00:00:00 access point with wep encryption... I find strange...
-
do you have this gpu in your possession?
Post your pyrit benchmark speeds. My labtop is around 13000per second nvidia 560m and my desktop was like 17000per second. Nvidia something...
So, a little bit of math.
36**8=2,821,109,907,456
2.8 trillion combinations possible.
And how many seconds will it take me to complete the 2.8trillion using 2 of my machines...
36**8/30000=94,036,996
It will take me 94 million seconds to complete this 2.8trillion crunch... but we hope to find it half way threw lol...
31,536,000 thats how many seconds in a year so... 3 years of my machines crunching away at this...
-
Are you watching the live data pass threw the wire?
Step one, start a packet capture tool (wireshark, tcpdump, tcpick, etc) capture 2 packets, $request and $response...
!step one (Bigmacs way) open 2 terminals and launch 2 cammands... this will filter out the client request and the server response in separate windows.
Tcpick -i eth0 -bPS -C
Tcpick -i eth0 -bPC -C
with your browser, send off the packet your trying to mimic and then copy down the request and response.
Open a 3rd console,
nc place.ip.address (press enter)
(Paste a copy of the request from step one)
(Press enter twice)
2 new lines represents the end of the request.
If a exact copy of the request is sent off and fails, then this will show that the token must be updated after every transaction...
With these 2 consoles still running, you can now attempt curl commands and watch live results... you may also want to try wget...
maybe there is a token that changes after every request, witch will require some trickery. burp suite is updating this token automatically
-
I do the same thing. I have been running a raspberry pi Kali machine with 2 Alfa cards, you will need a usb powered hub witch makes it a mess of wires. ..
I purchased a pogoplug for 15$ off Amazon that can run debian witch has enough power to run all the devices you want plus hard drives...
-
Try some of those client side attacks, smb Windows file share exploits... try sending a pdf attachment or mp3
Internet explorer I would guess. Grab the user-agent of the machine. ..
How can I unroll into this class... my Brian is automating the email exploit process...
-
I never tried. But if your instructed to do so. I would assume it works fine.
I have netcat on all my machines, first learn netcat basics. Try and have 2 machines connect and communicate. Send files threw the pipe. Maybe try a quick webserver... LEARN THE BASICS...
follow all the tutorials you can find with netcat. Would be worth writing a tutorial and make it sticky...
If 2 machines can connect with netcat, then so will meterpreter , always test your connection s with netcat first to know for sure there is nothing blocking the connection.
-
I have read articles about XOR being detected religiously.
the method you come up with should be unique, what if you simply base64 encode the key log function, I would assume saving the file to the hard drive will not set up any Flags.
-
This looks like fun. What if was staged. Get the keylogging function from a remote location so it never hits the hard drive?
-
Try other WiFi cards that use different drivers.
-
Try
Curl A "Mozilla" -h -c "session" link-here
-
Maybe check each machine on the network for hops...
If you have a lab setup. Try this command
Nmap -O -v 192.168.0.*
I think bridge mode puts this VM machine on the same subnet as the hosting machine. The hosting machine should be another hop...
-
I would think a string exist in ram. When ram is maxed out then you will discover the break point...
BUFF=""
100,000,000.times do |x|
BUFF<<x
Puts BUFF.size
# puts the buff size
# buffer will grow by one, until the buffer is maxed out.
End
-
-
ruby on rails
so, im updating this post... server sent events is the new subject... with use of actioncontroller::live i can do live streaming of data with my web browser...
ill post some example code that has allowed me to run a linux application on my web server, stream each line as live output to the web browser...
when the command completes the page will respond with a DONe message...
it was a little tricky finding exmaples that worked well enough to build off...
/app/controllers/messaging_controller.rb
require 'open3' class MessagingController < ApplicationController include ActionController::Live def send_message response.headers['Content-Type'] = 'text/event-stream' #response.stream.write "data: #{l.chomp.to_json}\n\n" #run a application, until it finishes Open3.popen3("ping -c 10 google.com"){|i,o,t,p| while l=o.gets response.stream.write "data: #{l.chomp.to_json}\n\n" end} #kill the process on completion response.stream.write "data: kill_stream\n\n" rescue IOError puts "error" rescue ClientDisconnected puts "he discconected" ensure response.stream.close end end
this will run `ping -c 10 google.com` and send each line to the web browser.
when the execution completes, this controller will send the client a kill_stream message.
here is a index file that will connect to the action controller and display the stream as it happens...
there is a #progress id and a #Kill id... each message will show in the appropriate div...
/app/views/messaging/index.html.erb
<div class="container-fluid"> <h3>Completion</h3> <div class="panel panel-default"> <div class="panel-body"> <div id="kill"></div> </div> </div> <hr /> <h3>Progress</h3> <div class="panel panel-default"> <div class="panel-body label-success"> <div id="progress"></div> </div> </div> </div> <script type="text/javascript"> jQuery(document).ready(function() { setTimeout(function() { var source = new EventSource('/messaging'); function eventLogger(event){ if (event.data == 'kill_stream') { $("#kill").append("DONE.." + "<br>"); source.close() } else { $("#progress").prepend(event.data + "<br>"); } } source.onmessage = eventLogger; }, 10); }); </script>
and you need to modify your routes.rb
/config/routes.rb
root 'messaging#index' get 'messaging' => 'messaging#send_message'
-
go for the dual boot.
dual voot installation is automated...
My suggestions, install kali first with the gui... then install linux mint with the gui and select 'side by side installation"
So the mint will boot first by default.
-
this works good enough...
ip route delete default
dhclient wlan0
-
I agree with this...Maybe put Kali on a bootable flash drive. Simply boot from the flash when you need it.
How much hard drive space do you have... dual boot is nice some times...
-
i have looked into a few examples of metric, seems like it could be the right place...
so, ill start off by showing what my machine looks like with wlan2 down... im ssh into the machine by eth0
turdsplash@192.168.96.148# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.96.1 0.0.0.0 UG 0 0 0 eth0 192.168.96.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
all my machines can talk threw this gateway... here is a little trick to get your external ip address
turdsplash@192.168.96.148# curl http://ifconfig.me 71.212.63.195
Typically if you want to use a wireless card to connect to a access point and start surfing the internet, you would do something like this...
turdsplash@192.168.96.148# wpa_supplicant -Dnl80211 -iwlan2 -c/etc/wpa_supplicant.conf –B Successfully initialized wpa_supplicant wlan2: CTRL-EVENT-SCAN-STARTED wlan2: SME: Trying to authenticate with 14:ab:f0:11:d0:90 (SSID='HOME-D092' freq=2412 MHz) wlan2: Trying to associate with 14:ab:f0:11:d0:90 (SSID='HOME-D092' freq=2412 MHz) wlan2: Associated with 14:ab:f0:11:d0:90 wlan2: WPA: Key negotiation completed with 14:ab:f0:11:d0:90 [PTK=CCMP GTK=TKIP] wlan2: CTRL-EVENT-CONNECTED - Connection to 14:ab:f0:11:d0:90 completed [id=0 id_str=] turdsplash@192.168.96.148# dhclient wlan2 RTNETLINK answers: File exists
authentication worked and dhclient has issued me a new working ip address of 10.0.0.24
you can now ping all the machines on this newly accessible network...
turdsplash@192.168.96.148# ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=9.17 ms ^C --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 9.172/9.172/9.172/0.000 ms turdsplash@192.168.96.148# nmap -sP 10.0.0.* Starting Nmap 6.40 ( http://nmap.org ) at 2016-03-06 20:06 PST Nmap scan report for 10.0.0.1 Host is up (0.0023s latency). MAC Address: 14:AB:F0:11:D0:91 (Arris Group) Nmap scan report for 10.0.0.19 Host is up (0.11s latency). MAC Address: 2C:41:38:3D:0B:54 (Hewlett-Packard Company) Nmap scan report for 10.0.0.24 Host is up. Nmap done: 256 IP addresses (3 hosts up) scanned in 24.20 seconds
all is going as expected, until you try and ping google.com and you notice the packets are still passing threw the default gateway assigned to eth0...
this default gateway assigned to eth0 is the priority for many reasons, one might be quality or strength of this connection is better.
turdsplash@192.168.96.148# curl http://ifconfig.me 71.212.63.195
you can see above, that this machine is still using the same ISP (external ip address) (instead of the new one)
at this point here is a route -n showing eth0 is still holding the default gateway
turdsplash@192.168.96.148# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.96.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan2 192.168.96.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
so, to complete the connection you have to perform these next 2 steps (i hope to eliminate the ip route commands)
turdsplash@192.168.96.148# ip route delete default turdsplash@192.168.96.148# ip route add default via 10.0.0.1 turdsplash@192.168.96.148# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 wlan2 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan2 192.168.96.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 turdsplash@192.168.96.148# curl http://ifconfig.me 73.225.146.158
now things are working as it should... you can see the new isp address and the default gateway the traffic is passing threw...
i hope to simply run 2 commands to complete this interface (wpa_supplicant and followed by dhclient)
Mr-protocal made a suggestion of changing the metric values but i have not been successful...
maybe some example commands?
How to remove this eth0 priority
-
Thank you for this. perfect!
-
okay yeah so after so many stress full days i finally got a lil tym to make the screencast, hope u enjoy and understand it.
please like, share and subscribe.
Nice video.
Can some post the script on pastbin... I would like to view source...
It looked like the networking service was restarted at the end of the video that suggest a wpa config was made with the pin configured and authentication with the access point was completed?
-
http://www.t1shopper.com/tools/port-scan/
I use this tool when checking of a port is open... make your changes and try the scan again...
Are you using a modem and a router?
[microsoft exploit] ms08_067_netapi
in Security
Posted
Looks about right... this fire wall wont let connections in BUT outbound trafic is allowed, you can exploit this with a crafted web link.
You should look into client side attacks for port 445... metasploit will launch a webserver hosting exploit code, when the target machine clicks the link, you should see the magic happen. This also means your payload should be configured as a reverse_shell of some kind.