Jump to content


Dedicated Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by i8igmac

  1. Pivot scenario. I have installed meterpreter on my phone. When my phone is connected to a persons wifi network I can connect back to my kali desktop and perform network scanning to discover devices and launch exploits onto the network. Once you upload meterpreter to a domain, you can pivot around the network. A reverse proxy is another term.
  2. I found a the solution to my problem. The problem was uploading files from my android to my desktop, I tried many different protocols and different apps... No matter what i tried the same results, android tcpsocket failure, the upload stalls. Fails almost instantly. It turns out that when you run your android on power saving mode this would lower the current supplied to the cpu and cause failure in the tcp protocol. Solved.
  3. Hping3 can send a spoofed packet
  4. I have made a post about this kind of activity. I setup a honey pot and give the attacker access with basic user/password. (Ip tables to redirect the attack to the honey pot) If you see multiple ip address attempt to login. Then my guess is its a automated IoT botnet. there are hundreds of botnet campaigns involved, its not just one identity, they all want the same thing. there goal is monero mining, if the device is incompatible with the mining software then it simply becomes appart of the brute force pool. the attacker's start with multiple compromised gig hosting services. distributes a tcp Scans across the ipv4 subnet lightning fast looking for easily exploitable services like your dvr. I have discovered 30,000 machines mining monero. but that's just one identity. There where others. I have logged a huge amount of data and a huge amount of ip address's. Mining software, root kits and exploit code.
  5. I was reading about this kind of attack years ago. what I understand. If you broadcast a older protocol that has a weaker encryption, if the signal is stronger the device will connect. Unless this device is manually configured not to use backwards compatible protocols it should connect. It might have been 2g or 1x. I don't remember. I would be interested in seing some one build and document this.
  6. I understand you I hope to have some free time. I have been doing things with live streaming by leaving the http/tcp connection between the client<-->server always in a open state. (3way hand shake) This allows me to send data to the client, waiting for a response then send more data based on some ruby server side if expressions. If response.include?('netgear exist') Send(payload.html) this is not the simple way but I believe it will broaden the possibilities.
  7. Cve-2016-6277 metasploit module. https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb I have used this before. if you search from msfconsole netgear, dlink, tp-link, linksys etc you can find more.
  8. there are so many directions you could go. my mind wonders down this path almost daily. Smb exploits, brute force defaults, autopwn stuff. The idea of doing this all from the browser with web sockets I thought was undocumented until this post. I was going to do it from a ruby rails web application. this is the first time I see someone think like me.
  9. This has been on my todo list. this is a nice poc. you could go far with something like this. From any device at any time you should always know what's on the network and if any services are exploitable. Automate the shit out of this! I have used meterpreter on my android to pivit exploit code from a remote machine onto a local network... the exploit goes through the tunnel but the shell is directly reverse tcp back to remote desktop. I have also made a reverse proxy to pivot exploit code in the same manner. (Might have some videos) With debian now running In my pocket (android) the possibilities are incredible. My networking kung fu is dangerously scary.
  10. i8igmac


    That looks like a noce example. Almost like hping syntax but instead of tcp level its on 802.11 wifi
  11. I use iptables and what ever proxy mitm tool you like that is capable of modifying the data. burpsuit is a good one because you have full control with a nice visual. if you want to get into building your own proxy, there is a lot to learn with modifying http headers. One of my projects was replace all executable's with meterpreter. (exe,zip,rar,msi, etc) Most of these files still download over http.
  12. There are other tools that do this. Your best bet is from a linux labtop. I forget what tool I used to successfully convert pcap for use wilth hashcat. I hate to say google it but. I can't remember off the top of my head. "Pcap to hccap"
  13. I have a linux desktop that runs 24/7 raid configuration ftp server. Has any one used recently android apps for ftp upload and download. I have correct chmod folder permissions. The android apps I use are inconsistent, socket errors and failure half way through a single file upload. this file server is my backup solution. When you experience data lost you will understand.
  14. Yah. I email the admin. They respond appropriately asking for detailed information of the attack. but I decided I want to keep my honey pot running hoping to capture private exploits and log as many ip's as possible. The list is big. All easily exploitable
  15. (Your trying to kill the labtop?) Good luck with this. when the system reaches a dangerous temp it powers off... You might have to put a decent amount of effort into this. You could give it a black screen. From the bios disable the hard drive. or a little water. Let it dry out before you beg for a new one.
  16. Iptables You might have to drop all Then allow -ip https://www.garron.me/en/bits/iptables-open-port-for-specific-ip.html
  17. I would setup crunch real quick. See if you can create a quick multithreaded python/perl/or ruby script. send out 10,000 dns request, dump the results to a log file for grepable filtering after the scan completes and time this activity. When complete figure the time it took compared to how many successful 200 response.
  18. cuda wont matter. The bottle neck is waiting on that 200 response. 16^(32) = kabillion my math is inaccurate but this is crazy amount of computing... You need IoT distributed. I have been logging IoT activity for a few months. I have a decent list of infected ip addresses.
  19. You would need a botnet style brute force. the dns response time is slow and needs to be distributed across lots of multi threaded bots.
  20. This is simply a legit YouTube video. well Maybe copyright content but thats it. Possibly he has other videos with instructions to downloading software to hack your wifes cellphone. The only harm a person could do with a YouTube page is post links to cpumining software or verbal instructions. Monitor your cpu. this should be a habit for any puter neerd.
  21. It seems like your on the right path. if you have working examples I would like to see how you accomplish things. I have taken a break From this with family life. I have run into loads of problems that I will have to over come. (Example) if I run a reaver attack from the press of a jquery button and open a client connection from another device to view the same tcpstream. There is alot of data management or tcpstream management that has to cover all situations that might happen... I challenge you to run a reaver attack. Stream the data. Close the browser. view the stream on multiple devices. topical behavior. Ill get back to it when im done with school.
  22. Images maybe subject to copyright. Maybe some one could elaborate. I guess these images maybe used for non profit purpose.
  23. I have also been interested in this. do any of these nexus devices have autheros wifi chip? packet injection works with internal chip? I'm not interested if I have to carry around usb wifi card.
  24. I don't believe this tool has worked in 5 years... maybe it does work on sites that have not Implant the latest security protocols like hsts. You guys should learn how to use these tools on a kali linux labtop. Understand the steps it takes to configure these attacks. Then trouble shooting is simple... back in the day I would use arpspoof and sslstrip... its a simple attack to learn. Maybe 4 commands to configure this.
  25. Hhah. You could also hold down your receipts so they don't blow off your desk. most people put this stuff in a bag and use it as a conversational prop. Dude show me how to use your L33T hacker tactical kit. Sure thing bro. Ummm. I can't right now. Nothing is working.
  • Create New...