Jump to content

j4k3

Active Members
  • Posts

    16
  • Joined

  • Last visited

Recent Profile Visitors

911 profile views

j4k3's Achievements

Newbie

Newbie (1/14)

  1. Those of us who make a living pentesting are a slight more responsible than sitting in a Stabucks hitting strangers with an MITM. Would also like to add, I've sat in public areas in central London surrounded by 9db aerials, pineapples and assorted kit. The only interest the Police took was making sure I wasn't obstructing anybody. Use your common sense and you should be fine. Also, if you do eventually become a pentester you'll likely find most all professional bodies will strip you of any accreditations you may hold should you try to mess with the Police, refuse to hand over data etc. Oh and you'd likely lose your job if your employer found out. Do nothing illegal, nothing to hide etc. :)
  2. Had that link in my clipboard ready2rock... Then realised I'd been beaten to it. But, thank you for maintaining that page. It's very handy.
  3. So port it? You'll find most people wont do so for various reasons, the primary being it's likely going to be used for nefarious purposes.
  4. Malware don't need Coffee ;) https://www.volatilesystems.com/default/volatility Should spike your interest, you can do some awesome stuff with it.
  5. I really mean no offense by this post so forgive me if I come across as an asshole. If you have to ask the question you just did, you really shouldn't be jacked into a clients network without supervision by someone with much better understanding, especially if you're playing with packets. Even those of us who have a good understanding of the workings of what we're playing with bring stuff down from time to time and I'd question your ability to put something right should you click the wrong button and hijack HSRP or cause a spanning tree loop or some other madness. Now the bit you were after: PORT : UDP 123 | ntp [] PORT : TCP 80 | http [] Judging by this, I'd assume those boxes are NTP and HTTP servers. NTP is network time protocol, lots of applications utilize it so it's not a big deal. HTTP is a standard web server port. Could just be someone browsing the internet. If you have any concerns about these (a lot of botnet C&C's are http nowadays) then my suggestion would be a proper analysis with wireshark or something else which will allow you to see the packets. Hope this helps. :)
  6. Assuming you're talking about the windows meterp. It is flagged by pretty much every AV going, you can try encoding the executable but it wont be 100% (or anywhere close I'd assume). Your best bet is to learn a little about PE structure, a little C++ and code something yourself. You can encrypt an executable, load it into memory and decrypt it there which will cause it to have a much lower rate of detection. In fact, if done with care not a single AV will detect it. :)
  7. http://en.wikipedia.org/wiki/Apple_A4
  8. A *very* high level overview. Client types www.google.com Connects to www.google.com, gets redirected to https://www.google.com HSTS is set in the clients browser, never again will this client use an insecure connection to www.google.com ;) Now, if we can capture this the *first* time a client is visiting the page in question, we can zpwn it. Still, sslstrip is very very basic. It's only the tip of the iceberg of what can be done with full control over a targets environment.
  9. Jake here, Personally I'd skip using two battery packs and go for a few larger cells wired in parallel, you'll be carrying a lot less weight and batteries :p Or if you really want to be loaded on juice go for a much beastier unit, NiCAD preferably. http://www.all-battery.com/rectangularnicd12v5000mahbatterypackforsolarpanelemergencelight.aspx
  10. Hey buddy, Sorry the reply's taken so long. Yes, I don't see an issue using a 12v battery. :)
  11. Wasn't going to steal it, eyed over it and it looks as though it should work out of the box.
  12. It looks interesting, what's the issue with it currently? From what I can tell it seems to function just fine.
  13. Hi guys, I'm currently working on an infusion, it started off solely as an interface to adjust the tx power however I'd like to get some ideas if there's anything you guys would like me to add?
  14. Absolutely not, use anything I post however you wish :)
  15. So here you go guys, how you can make your pineapple fully portable for about £10. (Probably less if you dont go to Maplins). You need the following: 1 x 8AA Battery Box (http://www.maplin.co.uk/aa-size-battery-holders-31427) 1 x Shrink tubing, this needs to be the right size for your cables so check the size before you buy (http://www.maplin.co.uk/heat-shrinkable-tubing-with-adhesive-inner-liner-308) 8 x AA Batteries, you can pick up 100 Maplins branded for £15. I actually found these worked quite nicely. (http://www.maplin.co.uk/aa-alkaline-batteries-217782) 1 x PP3 Connector (http://www.maplin.co.uk/pp3-type-battery-snap-44392) 1 x Pineapple sized power connector (I salvaged one from an old Virgin Media router to save the original plug I got with the Pineapple). Unfortunately I didn't document building this as it was during a pentest and I made it on the counter in Maplins however... You will need to take the battery box and clip the PP3 connector to the top of it, the PP3 wires should come stripped enough to work with. Slide the shrink tubing over the PP3's wires and join up your power connector, twist the wires and shrink the tubing by applying heat (A lighter works nicely). Insert batteries, plug into Pineapple and away you go. Mine lasts approximately 15 hours although the radio strength will decrease over time, the first couple of hours is perfect (and usually enough for my purposes). Consider buying rechargeable batteries if the idea of buying lots of cheap throw aways makes you sad inside. And lastly, the money shot.
×
×
  • Create New...