Jump to content

i8igmac

Dedicated Members
  • Posts

    939
  • Joined

  • Last visited

  • Days Won

    22

Posts posted by i8igmac

  1. You can perform a tcp scan from almost any device. Your cell phone could install a network scanning tool.

     

    You should maybe slow down with metasploit. learn the 3way hand shake and nmap from irongeeks website video tutorial.

     

    You need some networking knowledge to continue. Install a server. Anything like a game or webserver and learn how to properly configure so its accessible publicly.

  2. Just now, Altar314 said:

    Just to make sure I have this correctly, you intentionally infected your phone to be able to do that? 

    Yes meterpreter is installed on my phone.

     

    i could pivot my kali desktop into any network.

  3. You absolutely can run multiple meterpreter sessions in metasploit.

    You can run a commamd on all sessions or interact with a single session. I may have a video where I show this.

     

    Meterpreter running on a android will be persistent until the application is forced closed or the device reboots. (Meterpreter will always try to reconnect) . If the device is rooted then you could get a full persistent meterpreter even after reboot.

     

    after the nonroot phone reboots, there is a metasploit module that can be used to force the application to start by serving a msf uri. But weather the device is vulnerable to this uri exploit may depend on android version or browser used to visit thia crafted webpage.

     

    You could serv this uri with a mitm attack.

  4. 17 hours ago, Altar314 said:

    I'm still very new to this, and I just know pivoting as a way to get to one device to the other, I think. I'm not entirely sure. Like I said, I'm new.

    Pivot scenario.

    I have installed meterpreter on my phone. When my phone is connected to a persons wifi network I can connect back to my kali desktop and perform network scanning to discover devices and launch exploits onto the network.

     

    Once you upload meterpreter to a domain, you can pivot around the network.

     

    A reverse proxy is another term.

  5. I found a the solution to my problem.

    The problem was uploading files from my android to my desktop, I tried many different protocols and different apps...

    No matter what i tried the same results, android tcpsocket failure, the upload stalls. Fails almost instantly.

     

    It turns out that when you run your android on power saving mode this would lower the current supplied to the cpu and cause failure in the tcp protocol.

     

    Solved.

  6. I was reading about this kind of attack years ago.

     

    what I understand.

    If you broadcast a older protocol that has a weaker encryption, if the signal is stronger the device will connect. Unless this device is manually configured not to use backwards compatible protocols it should connect.

     

    It might have been 2g or 1x. I don't remember. 

     

    I would be interested in seing some one build and document this.

  7. 7 hours ago, DarrenRainey said:

    Yes but the thing I like about these kinds of exploit is that they only need a browser to execute so it can be easy to setup a malicious website to take over this devices using JavaScript or even plain HTML.

    I understand you :grin:

    I hope to have some free time. I have been doing things with live streaming by leaving the http/tcp connection between the client<-->server always in a open state. (3way hand shake)

     

    This allows me to send data to the client, waiting for a response then send more data based on some ruby server side if expressions.

     

    If response.include?('netgear exist  10.0.0.1')

      Send(payload.html)

     

    this is not the simple way but I believe it will broaden the possibilities.

  8. 18 hours ago, DarrenRainey said:

    Good to know I'm not alone :)

     

    I really like the idea for abusing some of the lesser known features of a modern web browser. I wrote a PHP script a while ago that could identify what device a user was visiting based upon the user-agent and then serve the appropriate exploit for example if it was a device running Android < 5.1 maybe serve a stagefright exploit otherwise act normal.

     

    There are so many things that people tend to take for granted for example I built a wifi probe sniffer using a nodemcu for £3 with that I can see what the devices around me are looking for and combine that with airodump and strings on my laptop I can get a idea of who owns a device based upon the search history and by using the devices mac address and looking for unique wifi names such as BTHub5-XXXX I can plot the locations they have connected to before. Essentially passive tracking for really cheap using nothing but the public data you phone broadcasts when looking for networks. If you setup a few of the nodemcu's overtime you could see patterns of where the device has been and goes to.

     

    Edit: Found the netgear vuln I was talking about - CVE-2016-6277 - https://www.kb.cert.org/vuls/id/582384 so basically you could use that code to check if its a netgear device and if it send a request to http://192.168.1.X/cgi-bin/;COMMAND

    Cve-2016-6277 metasploit module.

    https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb

    I have used this before. if you search from msfconsole netgear, dlink, tp-link, linksys etc you can find more.

  9. 25 minutes ago, DarrenRainey said:

    I used to have nethunter with nexmon installed on my Nexus 5 so I could use monitor mode with aircrack but now I use a cheap android phone with no sim card and set it up as mobile hotspot for my netbook in my backpack that way I can use an SSH client like JuiceSSH on my phone to do stuff like metasploit, aircrack or other programs.

     

    With the ability's of JavaScript and the insecurity's of some routers its even possible to attack internal devices for example a while ago there was a bug in some netgear routers that you could run any command simply by visiting a specific url so by expanding on this payload you could detect any devices vulnerable to a similar attack then run almost any command you would want on the internal network simply by getting someone to visit a site with the JavaScript embedded

    there are so many directions you could go. my mind wonders down this path almost daily. Smb exploits, brute force defaults, autopwn stuff.

     

    The idea of doing this all from the browser with web sockets I thought was undocumented until this post. I was going to do it from a ruby rails web application.

     

    this is the first time I see someone think like me.:grin:

  10. This has been on my todo list. this is a nice poc. you could go far with something like this. From any device at any time you should always know what's on the network and if any services are exploitable. Automate the shit out of this! :ph34r: 

     

    I have used meterpreter on my android to pivit exploit code from a remote machine onto a local network...  the exploit goes through the tunnel but the shell is directly reverse tcp back to remote desktop. I have also made a reverse proxy to pivot exploit code in the same manner. (Might have some videos)

     

    With debian now running In my pocket (android) the possibilities are incredible. My networking kung fu is dangerously scary.

    • Like 1
  11. I use iptables and what ever proxy mitm tool you like that is capable of modifying the data.

     

    burpsuit is a good one because you have full control with a nice visual.

     

    if you want to get into building your own proxy, there is a lot to learn with modifying http headers. One of my projects was replace all executable's with meterpreter.

    (exe,zip,rar,msi, etc)

     

    Most of these files still download over http. 

  12. I have a linux desktop that runs 24/7 raid configuration ftp server.

     

    Has any one used recently android apps for ftp upload and download.

     

    I have correct chmod folder permissions.

     

    The android apps I use are inconsistent, socket errors and failure half way through a single file upload.

     

    this file server is my backup solution. When you experience data lost you will understand.

  13. 14 hours ago, Dave-ee Jones said:

    Is 217.23.5.33 the actual IP? If so, it probably means the hacker bought a server off of Worldstream (owner of IP) and is using it to hack your network.

    Yah. I email the admin. They respond appropriately asking for detailed information of the attack. but I decided I want to keep my honey pot running hoping to capture private exploits and log as many ip's as possible. The list is big. All easily exploitable 

  14. I would setup crunch real quick. See if you can create a quick multithreaded python/perl/or ruby script.

     

    send out 10,000 dns request, dump the results to a log file for grepable filtering after the scan completes and time this activity.

     

    When complete figure the time it took compared to how many successful 200 response.

  15. 5 hours ago, The Power Company said:

    Multi-threading would probably help. I think I'll try implementing some of that sweet Cuda GPU Acceleration sauce as well, it works wonders for deep learning and password cracking.

    cuda wont matter. The bottle neck is waiting on that 200 response.

     

    16^(32) = kabillion

    my math is inaccurate but this is crazy amount of computing... 

     

    You need IoT distributed. I have been logging IoT activity for a few months. I have a decent list of infected ip addresses.

  16. This is simply a legit YouTube video. well Maybe copyright content but thats it.

     

    Possibly he has other videos with instructions to downloading software to hack your wifes cellphone.

     

    The only harm a person could do with a YouTube page is post links to cpumining software or verbal instructions.

     

    Monitor your cpu. this should be a habit for any puter neerd.

     

  17. 38 minutes ago, SweetRush Coder said:

    Yep that the way i am going at the moment just working on getting the functionality down first then will work on the cosmetics later on with BStrap and some jquary

     

    It seems like your on the right path. if you have working examples I would like to see how you accomplish things.

     

    I have taken a break From this with family life.

     

    I have run into loads of problems that I will have to over come.

    (Example) if I run a reaver attack from the press of a jquery button and open a client connection from another device to view the same tcpstream. There is alot of data management or tcpstream management that has to cover all situations that might happen...

     

    I challenge you to run a reaver attack. :cool:

    Stream the data. Close the browser. view the stream on multiple devices. topical behavior.

     

    Ill get back to it when im done with school.

×
×
  • Create New...