kerpap
-
Posts
44 -
Joined
-
Last visited
Everything posted by kerpap
-
How do we operate pineapple from terminal connection/shell
kerpap replied to overwraith's topic in WiFi Pineapple Mark V
it works pretty much link kali or back-track would. basic unix commands work plus there are a lot of tools added. https://wifipineapple.com/ (page 2 or 3 says what is comes with) I wrote some bash scripts that I loaded on to it and they work like a charm. the GUI is pretty basic. you will get the most out of this platform via the CLI. -
I am interested in what some of you use during your pen-tests to hijack sessions and steal cookies. this is a subject that I am a bit of a novice at. What I like to do is filter traffic in wireshark using the http.cookie option and using firecookie to edit the session. I have found this to not work all the time. as I said, I am also a beginner at session hijacking attacks and mitigation. are there better options? what is your favorite session hijacking platform/methods?
-
incorrect. write mem works on pretty much any cisco device. I use the command all the time even in 15.2 release of IOS.
-
or wr mem or just wr works (write mem) if in config mode do wr mem. thing is that unless you are super Cisco savvy you may poorly configure your network and there are some cool tricks that you can do to exploit it and get interesting info. if you are running wireshark pay attention to STP. it will give you the bridge ID of the switch the BPDU is coming from. default is 32,768. if the root bridge has this ID it is possible that the config on the root switch was not forced into root bridge. you can plug a switch into the LAN and configure it to have a bridge priority of 0 and force it to be the root bridge and if it works, all traffic will flow through your switch. you can setup a SPAN port ond sniff sensitive network traffic. this is called (at least be Cisco) a "Rouge Switch Attack"
-
The thing I like about this article is using a SPAN session for traffic sniffing. you could take a switch and plug it into the port a PC is plugged into in an office you are pentesting and configure it as the root bridge and configure a SPAN session and then you can sniff all traffic on the network.
-
the idea is by having admin access, you can shut down the victim's router. if its a consumer level wireless router like a linksys, you would be cloning the settings of their router i.e. SSID and WPA key. then using the Cisco switch you can sniff all traffic going in and out with a SPAN session. it was an interesting concept albeit very elaborate and would only work in specific conditions. I did the CCNA:SECURITY certification and have been researching how relevant their "best practices" really are. stuff like VLAN hopping only seem theoretical however that too can be done. it too will only work with very specific conditions. I have actually done traffic sniffing on a SPAN sport before with back track and its really neat what you can get from it. it basically copies all traffic specified and delivers it to the SPAN port in which you connect your BT/Kali machine. anyways, I thought this article was cool and worth a read
-
I came across this article and thought it was pretty cool. reminds me of a more complex pineapple.http://fsosecurity.com/SPAN_MITM.pdf (I understand some might be leery about it being a PDF. its clean. don't worry)
-
ok so I think I get it. what I did was generate the shell code and output to c if I understand it correctly, the LHOST ip address is where it will look to download the rest of the code. if not, im not sure how to call out for it. if, it is calling back to the listening machine (LHOST) where do I put the code to download to complete the exploit? there is no option in the generator to specify it generates stage 1 and 2 thats it. am I on target? or way off? im really not sure how to get this to work in the lab.
-
Thanks! much appreciated!
-
so I have been reading some tutorials on anti-virus evasion and came across several references to msfpayload's ability to download part or most of the content of the exploit payload from a remote location as this is effective on some anti virus platforms to avoid detection. the thing is, (unless im missing something) there has never been any reference to how to create your payload to do that. so with that, can anyone point me in the right direction as to where I can read up on how to do that? mother google is not being very kind to me on this. perhaps I am not entering the correct search criteria. thanks!
-
ace hackware was a bad choice. terrible customer service. never again
-
Thanks! Perhaps they will give me a discount if I buy in bulk. :)
-
What is the URL please?
-
what arguments did you use during your scan? can you post some output? reaver wont work the same for every router and sometimes not at all. there is some tweeking that needs to be done when scanning like timeout settings, delays, no nacks etc.
-
Hiya! so I am interested in adding some hardware key loggers to our pen-testing arsenal. I am curious about which ones are good and which ones are not so good. some things I want to know are affordable reliable can I make my own? (code on a USB drive) best overall brand where to buy them (cheap) your experiences I did a bit of googling and saw things like key ghost but its $300 I am looking into getting several 15 - 20 so I want to keep costs down. it seems like something that should be/could be a lot cheaper. I have a great opportunity in an upcoming test to use the, and want to deploy them.
-
HI all, I have been browsing google and cant seem to find the exact thing I am looking for. perhaps it hasent been developed yet. I am wondering if there are any metasploit payloads developed for use with cisco devices such as routers and switches. for example, if I gain access to someones router, is there a payload that can be placed on the router's flash that can exploit their system like, send a copy of traffic to an IP address, key logging etc. really I am just curious if there are any at all.
-
the major telco here issues these wifi routers to their customers. they are 2WIRE routers and guess what encryption they use... Worthless Encryption Protocol also the admin control panel is almost never secured and is wide open. you can probably deduce what country I am in, and that the entire "island" is a war driver's paradice.
-
I have noticed in my region that a lot of open wifi routers have their port 23 open to its linux kernel. I use overlook fing on my droid and can easily connect via telnet using admin/admin,. I notice these exact routers are also connected to their credit card machines. is it really so bad these days that hacking can be so easy? I have been to several bar/grill type places and have seen this type of setup.. recommended action.... FIX IT! this is on some linksys routers and some telco issued routers. my guess is it is left there for help desk related fixes. I brought it to the attention of my favorite bar (im friends with and I was aware of the risk) and I was awarded a free dinner which I refused. I simply said I wont accept, just fix the security hole.