phpsystems
-
Posts
132 -
Joined
-
Last visited
-
Days Won
4
Posts posted by phpsystems
-
-
Hi,
So my question is:
Is there a firmware out there that will let me use the Ducky as BOTH a USB mass storage device AND a HID keyboard, which will mount the USB AND kick off the inject.bin upon insertion without requiring any keys or buttons to be pressed?
Yes, the composite firmware does this. Windows will autodetect the device, linux may require inject.bin to mount the files. There is also discussion in this forum about finding the mounted drive once plugged in (for windows). A quick search should point you in the right direction.
-
Running:
bash -x <script name>
Helps with debugging.
-
It is working for me on chrome.
-
And a bit of googling revels this : https://forums.hak5.org/index.php?/topic/26314-wifite-auto-attack-script-site-survey/ which includes how to install scapy on the MK4. Hope it works for the MK5.
-
Hi,
Has anyone written any python code for the pineapple that did examination of Wifi packets? I have some code which I wrote using scapy, but I would like to move to the pineapple. I'm just looking for a starting point. The code itself just waits for a specific SSID to be seen.
If you are interested, my code in scapy is here: https://github.com/phpsystems/ssidlistener
Tim
-
If you want to set the pineapple up as a rogue access point, that would be possible. The attack is called "Evil twin".
You could then setup a pineapple as a repeater, while deauthing connections to the main AP.
As to what I would run, that would depend on the engagement.
-
While not auto-detecting, it is possible for the ducky to deliver different payloads, based off key press during insertion.
The firmware was the multi-payload version found here: https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware
-
Try running the command with -vv to see what is happening.
Also, you shouldn't need the .nse part, but may also require an equals sign. Ie, --script=smb-enum-users
Tim
-
The ISP has full control, so whatever makes sense to them goes. Look up the Defcon talk "Pwned by the owner" by Zoz where just under 8 minutes in the DNS name for the person who stole the speaker's machine is shown. You'll notice it includes the city in abbreviated form but the rest is, to us, just a bunch of characters.
We're talking dial-up, meaning you logged in to get access... Come to think of it, it's a pretty good way to prevent 2 people sharing a single ISP account but going online at overlapping times.
Just to add to Cooper (I have and still do work for ISPs in the UK) -
ISPs usually only add PTR records (sometimes called rDNS or Reverse DNS) to the IPs. These mappings are usually internal use in the ISP to keep track of what the ip block is used for, etc. If you have a static IP address, the ISP should allow you to change it, but you will require a domain name for that. These are also used as a basic method to prevent spam, hence why the ISP should allow you to change it.
Dial-up (generally in ISPs) uses a system called radius. This hasn't really changed in 20+ years, and is now used for ADSL and certain other technologies like VPNs. Static addresses can be assigned to the account, so it's tied to your username / password combination.
-
Hi,
Is it just me or has the main hak5.org (and certain sub pages) stopped updating with episodes of:
Tekthing
Metasploit Minute
-
Sorry, I tend to assume people run linux, unless told otherwise.
-
Have you tried running the command with the -v option to see why the disconnects are occurring?
-
Beaglebone Black? Ubertooth one?
-
Googling suggests .ashrc rather than .bashrc. Hope this helps.
-
The default shell is ash, rather than bash. Not sure if ash uses .bashrc or has an equivalent...
What about editing /etc/profile (nb, will modify all logins)?
-
About time I filled in one of these...
My name is Tim a.k.a Phpsystems
Favourite game: Fallout
Favourite OS: FreeBSD
Favourite console: Wii
Nationality: British
Accent: British (not northern, southern or midlands)
Sex: Male
Race: White
Height: 5' 11"
Build: Skinny (ish)
Favourite band: Black Stone Cherry
Favourite book: Dune
Favourite author: Frank Herbert
Favourite movie: Hackers
Favourite director: Stanley KubrickFavourite TV Show: Elementary
Favourite actor: Johnny Lee MillerFavourite actress: Famke Janssen
Favourite Pinup: Jessica Alba
Favourite Comedian: Dave Gorman
Other hobbies: Programming,fitness, car maintenance.
Car: Mk1 Eunos Roadster (Silver) - (japanese version of the MX5 or Miata)
Occupation: Senior Systems Administrator -
You might want to try something more like sdr sharp (if you use windows). Gnu Radio would be able to do it as well.
RTL-TCP streams the radio data before it's demodulated, so you would need a program to do that.
-
And now I've found a way to do what I want to do with grep, so no extra packages to install.
-
And, I can just use the package "diffutils"...
-
Hi,
I've written a script in shell which automatically ping scans clients in a subnet every second, and does deeper scans on any new clients. I'm using diff to generate a "what's changed" report, which isn't on the pineapple. Anyone know of an alternative?
The code for the script (which works on Kali) is here:# cat autonmap.sh
#!/bin/sh
SUBNET=$1
NMAP=/usr/bin/nmap
TMPDIR=/tmp/autonmap
SUBNET2=$(echo $SUBNET | sed -e 's/\//_/g')
if [ -z $SUBNET ]; then
echo "Usage: autonmap.sh "
exit
fi
mkdir -p $TMPDIR
mkdir -p $TMPDIR/results
# Start of the While
while [ 1 ] ; do
$NMAP -sP $SUBNET -oG $TMPDIR/$SUBNET2.txt
diff -Naur $TMPDIR/$SUBNET2.txt.old $TMPDIR/$SUBNET2.txt > $TMPDIR/$SUBNET2.diff
for i in `cat $TMPDIR/$SUBNET2.diff | grep -E "^\+Host:" | awk '{print $2}'`; do
DATE=$(date +%Y%m%d%H%M%S)
$NMAP -sT -p1-65335 $i -oG $TMPDIR/results/$i-TCP-$DATE.txt &
# $NMAP -sU -p1-65335 $i -oG $TMPDIR/results/$i-TCP-$DATE.txt &
done
mv $TMPDIR/$SUBNET2.txt $TMPDIR/$SUBNET2.txt.old
wait
sleep 1
doneAny help is greatly appreciated. My plan is to then turn this in to a full infusion with access to the scan reports.
Tim
-
One thing that would be nice to have, is the configuration scripts using the configured network address, rather than just 172.16.42.1
-
Sorry, I bought this 6 months ago, and I have no plans to resell.
-
What exactly did your payload do?
It sounds like it worked successfully as the Ducky was doing something. The point of most payloads is that they aren't obvious they have actually been run.
You might want to try writing a payload first, to have a play.
-
On the current firmware (2.0.3), I get an issue with the infusion. When running the steps in the executable by hand I get:
X-Powered-By: PHP/5.4.5 Set-Cookie: PHPSESSID=a4f0e2c39e31a5528c27cee25cf91b6a; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-type: text/html <html> <head> <title>WiFi Pineapple - Login</title> <meta http-equiv="cache-control" content="max-age=0" /> <meta http-equiv="cache-control" content="no-cache" /> <meta http-equiv="expires" content="0" /> <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /> <meta http-equiv="pragma" content="no-cache" /> <link rel="stylesheet" type="text/css" href="includes/css/styles.php" /> <script src="includes/js/jquery.min.js"></script> <noscript><meta http-equiv="refresh" content="0;url=index.php?noJS" /></noscript> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body style="background-color:black; color: white;"> <center> <div style="background-color: black; position: absolute; margin: auto; top: 50%; left: 50%; width: 256px; height: 356; ; margin-top: -178px;"> <img src="/includes/img/mk5_logo.gif"><br /><br /> <form action="" method="POST"> <table> <tr><td>Username:</td><td><input type="text" name="username" value="root"></td></tr> <tr><td>Password:</td><td><input type="password" name="password"></td></tr> </table> <input type="submit" name="login" value="Log In"> </form> </div> </center> </body> </html>Modifying the executable from :
php-cgi $DIR/meterpreter.php $IP $PORT > /dev/null
to :
cd $DIR > /dev/null php-cgi ./meterpreter.php $IP $PORT > /dev/null
Seems to solve the issue.
Where to learn web application security?
in Security
Posted
Mutilidae is a web site for practice of the OWASP top 10. There are also training videos online about using it.