Jump to content

nemo_nihil

Active Members
  • Posts

    24
  • Joined

  • Last visited

Posts posted by nemo_nihil

  1. Let me start by explaining the goal. I am at my university and I would like to reverse ssh to connect to certain services remotely. I have an EC2 instance that is acting as my server.

    On to the problem. When I ssh to my server like this:

    ssh -R 9091:localhost:9091 [username]@[serverip]

    and at the same time configure firefox and do this:

    ssh -D 8080 [username]@[serverip]
    I can connect to the service running on localhost:9091. However when I point my web browser to [serverip]:9091. If someone could explain what I am doing wrong that would be wonderful.
  2. I have been following irongeek's guide located here: http://www.irongeek.com/i.php?page=security/svartkast-pogoplug-dropbox and I am stuck at the remote access part. I have successfully installed i2p and I can access a few of the eepsites I have setup, however I am stumped on how to get remote access working. I supposedly should be able to ssh and point it at my localhost which will forward to the base32 address of my blackthrow. Any help on how to proxy my ssh connection over the i2p network would be great.

  3. I have heard a lot about how "Cell phones are unsafe" and it is possible to turn on the mic/camera to listen in. I was wondering if there is any open source version of this sort of program. There are a lot of spy things you can buy to "catch a cheating spouse" (not interested) and I have been playing with Georgia Weidman's botnet (http://www.grmn00bs.com/SMSbotPoC-complete.c and http://georgiaweidman.com/wordpress/more-android-sms-bot-stuff/). While this is both fun and useful I have had a tough time sifting through all the crapware out there to find anything that has some of the more "fun" functions that we all worry about.

  4. I have seen a lot of articles on how to exploit a machine through some sort of java applet or exe embedded into another file type that calles back to the attacker and then run post exploit modules such as persistence.rb from there. The problem that I have with these exploits is that I need to have a listener and/or a machine hosting the exploit running somewhere else. Is it possible to have a standalone backdoor that can be interacted with at a more convenient time? (note this is with physical access unattended computer, etc)?

  5. Just thought I would throw in my 2 cents. I use Amazon EC2 now and then if I want to try something offsite. as long as you stay under 750 hours (and a few other easy requirements) it is free to use. Just something to think about depending on what your needs are. There are ubuntu and backtrack instances that are prebuilt and ready to go.

  6. when I tried to put the interface up it failed (that was why I thought that wireless was not buit into TRK) but I should have tried my card first, regardless I ended up just removing the drive and putting it into my dock and running several virus scans from there as well as TRK through a VM. Thanks for all the help.

  7. you need credentials for the wireless, but for the wired you need to have some sort of cisco client software (i don't mess with wired) it is a laptop so that is an option but as far as wireless i didn't think trinity supported that natively.

  8. I am trying to remove some viruses from a friends computer. He opened an email and had like 87 pop up on his computer. It is blocking me form opening up clam av and any other exe type of file I try to open so I booted into trinity on my Katana USB. It found some viruses, but the definitions were out of date so i assume that is why it didn't find all of them. Regardless i burned CD of it and now i am trying to share internet from my Mac (sharing internet sharing then from easyteather to ethernet) to the computer. We are at college and they do not allow unauthorized connections (otherwise i would just plug him in to the wall). I have tried to share internet from my phone tether but it is not recognizing a connection "neither dns nor proxy paramaters found ...". Any help getting this connected to the internet OR virus removal would be appreciated.

  9. Darren talks about this in episode 911 (http://hak5.org/episodes/episode-911). There is a good breakdown on the site (http://hak5.org/hack/pineapple-phishing), but the basics of the hack is that he had a fake paywall if you went to any place other than facebook or twitter. Then the fake websites (file save page as "web page complete") are stored in /www on the pineapple and you modify it to store the username and password locally. The tutorial gives detailed information on how to do this but what I think you are asking is "how does this work" basically it works by editing the variables in the webpage to store it rather than send it.

  10. ok option one:

    turn off anti virus

    boot into backtrack on a separate machine on the network

    start Social Engineering Tool kit

    set up browser based attack (numbers 1, 1, 2, 1, 1, 2, 2, 16, then just follow the instructions)

    login into guest account and navigate to the ip of your browser attack

    wait for exploit to run

    getsystem

    hashdump

    then take the hash to an online hashcracker OR check out this http://project-rainbowcrack.com/tutorial.htm

    option two

    download from http://unetbootin.sourceforge.net/

    select disk image

    select USB drive

    select drive letter

    click "ok"

    then boot into USB and from there i assume you know what you are doing

    if you need help on a specific step i hang out in the IRC just pm me and i will do my best

  11. if I were you I would probably start off with some reading these are a few books/resources I found helpful:

    BackTrack 5 Wireless Penetration Testing Beginner's Guide by Vivek Ramachandran (creator of securitytube.net)

    also check out his WLAN Security Megaprimer course DVD (free download) and the Metasploit Megaprimer (also free to view)

    metasploit the penetration tester's guide brought to you by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts)

    http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training (by the guys at OffSec)

    http://www.social-engineer.org/framework/Social_Engineering_Framework

    http://www.social-engineer.org/se-resources/ (same site this one is just videos though)

    Viveck does a good job of explaining what is going on for most of these attacks (don't just ignore those parts that is what will help you really learn to hack) so i would read his book watch his dvd and poke around his site as much as possible. The other resources focus mostly on how to use the tools which is great, but that really won't make you a great hacker

×
×
  • Create New...