[[microsoft exploit] ms08_067_netapi]

Looks about right... this fire wall wont let connections in BUT outbound trafic is allowed, you can exploit this with a crafted web link.

You should look into client side attacks for port 445... metasploit will launch a webserver hosting exploit code, when the target machine clicks the link, you should see the magic happen. This also means your payload should be configured as a reverse_shell of some kind.

[[microsoft exploit] ms08_067_netapi]

With the firewall turned on. Run a nmap port scan on 445

Metasploit says the connection timed out on port 445

[[microsoft exploit] ms08_067_netapi]

I think the fire wall blocks income port 445. Exploit fails.

[mini android/pandora sports device...]

This device I found on Amazon CECTDIGI android ultra-thin mobile phone @175$

I hope to get some ideas for a mini battery powered android device I could make into a sports music Pandora player. I skateboard every year and hope to find a extremely small device that will sit in my pocket unnoticeable...

small as possible.

Battery power, a few hours.

Android/linux.

Wifi 2.4ghz.

Headphone jack.

with some start up scripts, I can make do with out a touch screen, But would be... if it was wifi enabled I can place my phoone in my car with a hotspot enabled...

I was thinking about android watches? But have not looked much into these...

Any hacky ideas?

[Unusual SSIDs]

I have seen these kinds of packets before... my first thought was maybe these are attempts to exploit a specific wireless chip. I seen metasploit has broadcom exploits maybe worth reading the source on these types of exploits...

I have also seen 00:00:00:00:00:00 access point with wep encryption... I find strange...

[Worth piping crunch to pyrit GPU]

do you have this gpu in your possession?

Post your pyrit benchmark speeds. My labtop is around 13000per second nvidia 560m and my desktop was like 17000per second. Nvidia something...

So, a little bit of math.

36**8=2,821,109,907,456

2.8 trillion combinations possible.

And how many seconds will it take me to complete the 2.8trillion using 2 of my machines...

36**8/30000=94,036,996

It will take me 94 million seconds to complete this 2.8trillion crunch... but we hope to find it half way threw lol...

31,536,000 thats how many seconds in a year so... 3 years of my machines crunching away at this...

[curl command, change user-agent]

Are you watching the live data pass threw the wire?

Step one, start a packet capture tool (wireshark, tcpdump, tcpick, etc) capture 2 packets, $request and $response...

!step one (Bigmacs way) open 2 terminals and launch 2 cammands... this will filter out the client request and the server response in separate windows.

Tcpick -i eth0 -bPS -C

Tcpick -i eth0 -bPC -C

with your browser, send off the packet your trying to mimic and then copy down the request and response.

Open a 3rd console,

nc place.ip.address (press enter)

(Paste a copy of the request from step one)

(Press enter twice)

2 new lines represents the end of the request.

If a exact copy of the request is sent off and fails, then this will show that the token must be updated after every transaction...

With these 2 consoles still running, you can now attempt curl commands and watch live results... you may also want to try wget...

maybe there is a token that changes after every request, witch will require some trickery. burp suite is updating this token automatically

[Connecting to internet from a far away wifi HotSpot without a PC]

I do the same thing. I have been running a raspberry pi Kali machine with 2 Alfa cards, you will need a usb powered hub witch makes it a mess of wires. ..

I purchased a pogoplug for 15$ off Amazon that can run debian witch has enough power to run all the devices you want plus hard drives...

[Netcat with meterpreter]

Try some of those client side attacks, smb Windows file share exploits... try sending a pdf attachment or mp3

Internet explorer I would guess. Grab the user-agent of the machine. ..

How can I unroll into this class... my Brian is automating the email exploit process...

[Netcat with meterpreter]

I never tried. But if your instructed to do so. I would assume it works fine.

I have netcat on all my machines, first learn netcat basics. Try and have 2 machines connect and communicate. Send files threw the pipe. Maybe try a quick webserver... LEARN THE BASICS...

follow all the tutorials you can find with netcat. Would be worth writing a tutorial and make it sticky...

If 2 machines can connect with netcat, then so will meterpreter , always test your connection s with netcat first to know for sure there is nothing blocking the connection.

[Obfuscation of a custom ".exe" PE]

I have read articles about XOR being detected religiously.

the method you come up with should be unique, what if you simply base64 encode the key log function, I would assume saving the file to the hard drive will not set up any Flags.

[Obfuscation of a custom ".exe" PE]

This looks like fun. What if was staged. Get the keylogging function from a remote location so it never hits the hard drive?

[[RPi3] Kali/Raspbian wlan0 Arpspoof Error]

Try other WiFi cards that use different drivers.

[curl command, change user-agent]

Try

Curl A "Mozilla" -h -c "session" link-here

[CPT Exam Questions]

Maybe check each machine on the network for hops...

If you have a lab setup. Try this command

Nmap -O -v 192.168.0.*

I think bridge mode puts this VM machine on the same subnet as the hosting machine. The hosting machine should be another hop...

[Maximum STRING length]

I would think a string exist in ram. When ram is maxed out then you will discover the break point...

BUFF=""

100,000,000.times do |x|

BUFF<<x

Puts BUFF.size

# puts the buff size

# buffer will grow by one, until the buffer is maxed out.

End

[ruby on rails? web dev's? spoon feed me...]

[ruby on rails? web dev's? spoon feed me...]

ruby on rails

so, im updating this post... server sent events is the new subject... with use of actioncontroller::live i can do live streaming of data with my web browser...

ill post some example code that has allowed me to run a linux application on my web server, stream each line as live output to the web browser...

when the command completes the page will respond with a DONe message...

it was a little tricky finding exmaples that worked well enough to build off...

/app/controllers/messaging_controller.rb

require 'open3'
class MessagingController < ApplicationController
	include ActionController::Live
  def send_message
    response.headers['Content-Type'] = 'text/event-stream'
    #response.stream.write "data: #{l.chomp.to_json}\n\n"
    #run a application, until it finishes
    Open3.popen3("ping -c 10 google.com"){|i,o,t,p| 
    	while l=o.gets
    		response.stream.write "data: #{l.chomp.to_json}\n\n"
    	end}

    	#kill the process on completion
    	response.stream.write "data: kill_stream\n\n"
    rescue IOError
    	puts "error"
    rescue ClientDisconnected
    	puts "he discconected"
	ensure
    response.stream.close
  end
end

this will run `ping -c 10 google.com` and send each line to the web browser.

when the execution completes, this controller will send the client a kill_stream message.

here is a index file that will connect to the action controller and display the stream as it happens...

there is a #progress id and a #Kill id... each message will show in the appropriate div...

/app/views/messaging/index.html.erb

<div class="container-fluid">
<h3>Completion</h3>
<div class="panel panel-default">
	<div class="panel-body">
		<div id="kill"></div>
	</div>
</div>

<hr />

<h3>Progress</h3>
<div class="panel panel-default">
	<div class="panel-body label-success">
		<div id="progress"></div>
		</div>
	</div>
</div>





<script type="text/javascript">
  jQuery(document).ready(function() {
    setTimeout(function() {
      var source = new EventSource('/messaging');
      function eventLogger(event){
        
        if (event.data == 'kill_stream') {
        	$("#kill").append("DONE.." + "<br>");
        	source.close()
        } else {
        	$("#progress").prepend(event.data + "<br>");
        }

      }
      source.onmessage = eventLogger;
    }, 10);
  });
</script>

and you need to modify your routes.rb

/config/routes.rb

root 'messaging#index'
get 'messaging' => 'messaging#send_message'

[Dual Function Laptop]

go for the dual boot.

dual voot installation is automated...

My suggestions, install kali first with the gui... then install linux mint with the gui and select 'side by side installation"

So the mint will boot first by default.

[debian networking services. device priority. eth0>wlan]

this works good enough...

ip route delete default

dhclient wlan0

[Dual Function Laptop]

Maybe put Kali on a bootable flash drive. Simply boot from the flash when you need it.

I agree with this...

How much hard drive space do you have... dual boot is nice some times...

[debian networking services. device priority. eth0>wlan]

i have looked into a few examples of metric, seems like it could be the right place...

so, ill start off by showing what my machine looks like with wlan2 down... im ssh into the machine by eth0

turdsplash@192.168.96.148# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.96.1    0.0.0.0         UG    0      0        0 eth0
192.168.96.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0

all my machines can talk threw this gateway... here is a little trick to get your external ip address

turdsplash@192.168.96.148# curl http://ifconfig.me
71.212.63.195

Typically if you want to use a wireless card to connect to a access point and start surfing the internet, you would do something like this...

turdsplash@192.168.96.148# wpa_supplicant -Dnl80211 -iwlan2 -c/etc/wpa_supplicant.conf –B
Successfully initialized wpa_supplicant
wlan2: CTRL-EVENT-SCAN-STARTED 
wlan2: SME: Trying to authenticate with 14:ab:f0:11:d0:90 (SSID='HOME-D092' freq=2412 MHz)
wlan2: Trying to associate with 14:ab:f0:11:d0:90 (SSID='HOME-D092' freq=2412 MHz)
wlan2: Associated with 14:ab:f0:11:d0:90
wlan2: WPA: Key negotiation completed with 14:ab:f0:11:d0:90 [PTK=CCMP GTK=TKIP]
wlan2: CTRL-EVENT-CONNECTED - Connection to 14:ab:f0:11:d0:90 completed [id=0 id_str=]
turdsplash@192.168.96.148# dhclient wlan2
RTNETLINK answers: File exists

authentication worked and dhclient has issued me a new working ip address of 10.0.0.24

you can now ping all the machines on this newly accessible network...

turdsplash@192.168.96.148# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=9.17 ms
^C
--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.172/9.172/9.172/0.000 ms

turdsplash@192.168.96.148# nmap -sP 10.0.0.*

Starting Nmap 6.40 ( http://nmap.org ) at 2016-03-06 20:06 PST
Nmap scan report for 10.0.0.1
Host is up (0.0023s latency).
MAC Address: 14:AB:F0:11:D0:91 (Arris Group)
Nmap scan report for 10.0.0.19
Host is up (0.11s latency).
MAC Address: 2C:41:38:3D:0B:54 (Hewlett-Packard Company)
Nmap scan report for 10.0.0.24
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 24.20 seconds

all is going as expected, until you try and ping google.com and you notice the packets are still passing threw the default gateway assigned to eth0...

this default gateway assigned to eth0 is the priority for many reasons, one might be quality or strength of this connection is better.

turdsplash@192.168.96.148# curl http://ifconfig.me
71.212.63.195

you can see above, that this machine is still using the same ISP (external ip address) (instead of the new one)

at this point here is a route -n showing eth0 is still holding the default gateway

turdsplash@192.168.96.148# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.96.1    0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wlan2
192.168.96.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0

so, to complete the connection you have to perform these next 2 steps (i hope to eliminate the ip route commands)

turdsplash@192.168.96.148# ip route delete default
turdsplash@192.168.96.148# ip route add default via 10.0.0.1
turdsplash@192.168.96.148# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 wlan2
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wlan2
192.168.96.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0
turdsplash@192.168.96.148# curl http://ifconfig.me
73.225.146.158

now things are working as it should... you can see the new isp address and the default gateway the traffic is passing threw...

i hope to simply run 2 commands to complete this interface (wpa_supplicant and followed by dhclient)

Mr-protocal made a suggestion of changing the metric values but i have not been successful...

maybe some example commands?

How to remove this eth0 priority

[debian networking services. device priority. eth0>wlan]

Thank you for this. perfect!

[Reaver "AP rate limiting detected" and automatic mdk3 solution]

okay yeah so after so many stress full days i finally got a lil tym to make the screencast, hope u enjoy and understand it.

please like, share and subscribe.

https://youtu.be/y3ByYdVJFqg

Nice video.

Can some post the script on pastbin... I would like to view source...

It looked like the networking service was restarted at the end of the video that suggest a wpa config was made with the pin configured and authentication with the access point was completed?

[DD WRT Port Forwarding Issue]

http://www.t1shopper.com/tools/port-scan/

I use this tool when checking of a port is open... make your changes and try the scan again...

Are you using a modem and a router?