Jump to content

vailixi

Active Members
  • Posts

    377
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by vailixi

  1. I've been fooling around with writing a remote administration tool. The server has a MySQL database that stores commands. The client will query the server by the auto incremented primary key for the database entry and will compare it to the id stored from the latest command it executed. I thought doing this by downloading the php file with the id output and grabbing the value with a streamreader and then compare them. If it's a id number is higher the number of the latest command the client will execute the latest command. Then store the latest id in the text file for comparison against future commands. Thus far I've been downloading the file and comparing the integer value to the value stored in another the other stored file. Is there an easier way an easy way to read a remote file? Just get the id number as a stored value. It basically just needs to read the first line of the file. I got the idea from how some software automatically updates. It will query a remote server for something like version.txt and if the version number in the remote file is higher it will download and install the latest version of the software. Easy enough. So I thought hmmm. I could issue commands like that. I also thought I could issue commands through a web interface to all of the connected in a botnet sort of way or legitimately getting clients to install updates or perform other tasks. Any thoughts?
  2. Legit. I was searching for stuff like how to unzip a zip file Visual BASIC 2015. My Google Fu is not so hot. But pretty sweet. There's a VB example on the same page. Thanks Cooper. I'll keep in mind shorter, more concise queries. Imports System.IO Imports System.IO.Compression Module Module1 Sub Main() Dim startPath As String = "c:\example\start" Dim zipPath As String = "c:\example\result.zip" Dim extractPath As String = "c:\example\extract" ZipFile.CreateFromDirectory(startPath, zipPath) ZipFile.ExtractToDirectory(zipPath, extractPath) End Sub End Module
  3. If you already have Windows installed just download Wubi and setup Ubuntu on that. If you are setting this all up for the first time, select any Linux as your Virtualbox host then install, Windows, Ubuntu, and Kali as virtual machines. Having the VMs is also an added layer of secuirty.
  4. Isn't there like an add-apt gpg key type thing you have to do sometimes? Like sometimes the APT signatures are missing? Just something I looked up once. It's one of APT's security features that make sure the packages are signed by the author and they are from trusted sources. Something like this here: apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6 Or maybe edit: /etc/apt/trusted.gpg.d or something like gpg --recv-keys AED4B06F473041FA gpg -a --export AED4B06F473041FA| sudo apt-key add - or gpg --keyserver pgpkeys.mit.edu --recv-key AED4B06F473041FA gpg -a --export AED4B06F473041FA| sudo apt-key add - Not really sure if those are the right keys. I'm wrong a lot. But the statement looks something like that. How does the whole apt key thing work? But yeah like digip says, getting Kali 2.0 is going to be way less hassle. Also if you install with a network connection APT will be configured correctly automatically.
  5. Here's something I'm noticing if I try to copy the executable outside the working directory of the installed program is that it is throwing an unauthorized access exception. That kinda sucks. I'm not good enough at coding. But the other thing I was thinking is just downloading the archive and extracting it to the working directory then running the binary. But I'm not totally sure if there's an easy way to extract an archive from a .NET program. Every code example I've looked at has some syntax issues and really it's hard when you don't know how to do something and you are looking up how to do it and every example you find doens't work. You don't know why it doesn't work just that it doens't. If you any of know how to unzip a .zip file with .NET, Visual BASIC, C#, Visual C++, maybe powershell, but everytime I try to do something with powershell from an external program it fails. But anyway is there a standalone portable upzipping program that can be run from the command line? Being able to unzip the program instead of dowloading the entire directory and subdirectories and creating folders for them with the appropriate error handing is a lot of extra code for pretty much no reason.
  6. Ok, so I have this nifty java application that will download and run an application. All of the code works fine. I wanted to make it into an applet and deploy it from a webpage. I thought it was just a matter of an <applet></applet> tag with the right attributes. But Oracle's website says I need to use a deployjava.js and use a <script> to deploy the java applet. But I noticed in the script example that it is calling a jar file. I'm not sure how to properly create a jar. In the tutorials its a class file. What's the correct way to build and deploy an applet?
  7. Wrote new entries a few times. Nothing happens. Shows up when I look through the drives. Shows up in setup. But can't boot from it and it won't read a disk.
  8. I was pretty stoked that I could get a session on a Widows 10 box. I was using a cs meterpreter reverse https I created with veil-evasion. I would get a session then it would die after about 20-30 seconds. Anybody mess around with Windows 10 much and know what could be causing this? I was thinking it's something that isn't installed and maybe Windows 10 doesn't like run once programs. Not totally sure though. Any thoughts? Nevermind DLL injection gets caught by sandbox.
  9. I thought it would be sneak deadly to put a payload into visual studio program. This is easy because there are a lot of code examples and program projects out there. I know you can add resourses such from the gui. But I'm not exactly sure how to include them in code. Calling an external program is easy enough. I'm just not sure about calling the locally stored binary and what path to use. Have any of you guys done this recently? Really it's a matter of including the binary and then just calling it. Just not sure how.
  10. Ok this is kinda odd. I noticed my optical drive doesn't want to mount. It spins up a bit. But nothing happens. I tried to manually mount it but there's issues with fstab and I'm not sure what /etc/fstab is supposed to look like. Anybody have some ideas. # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/StreetFighter--vg-root / ext4 errors=remount-ro 0 1 # /boot was on /dev/sda1 during installation UUID=43724152-31cc-4633-90c9-964f75ffe70b /boot ext2 defaults 0 2 /dev/mapper/StreetFighter--vg-swap_1 none swap sw 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
  11. I've been exploring some client side attacks lately. What are some good references on client side exploitation? Stuff I've been reading up on lately: Social Engineering Toolkit, Metasploit payloads, Stegosploit. exploit kits, phishing. Always looking for more dirty tricks. If you know of a good client side sucker punch. Books, websites etc.
  12. This thing with France is obviously an imigration issue. Keeping those people out of the EU in the first place would have been the best solution. What difference does it make what they say on the internet if they can't get here?
  13. +1 wifite is a great newb tool. While scripts aren't a substitute for command line interface proficiency they fill the gap while you work on your skill set.
  14. Zero out the drive with: dd bs=512k if=/dev/zero of=/dev/sdx Before running dd to create the media will clean the drive and remove remnants that might be causing issues. Might help with any issues. I kinda wish dd had a verbose option that would show percent complete.
  15. I actually didn't know about airmon-ng check kill I had been running the kill command with the process numbers. kill 569 Somthing like that.
  16. vailixi

    Alt to Kali?

    There are a few tools like veil that are only officially supported on Kali. So you would have to do some monkeying to make them work. Regular tools like aircrack, reaver, nmap, metasploit, john, will run on most Linuxes (Did I spell that right? What the plural or Linux? Should it be pronounced like Linuces, like the plural of matrix is matrices) without issue. I also agree with what was said with the new aircrack suite on kali 2.0. There are usually a bunch of processes to kill. Not a big deal but when you are trying to automate and not look at error messages in the terminal. It's not bad. It's just more things to consider when you're already busy. Easy enough to write a script. Just use dpkg --get-selections from kali and create an apt and wget script. Or you could create an ISO with something like aptoncd and and use a script to install from that. It might be a worthwhile group project to write some scripts to install kali tools and tools included on other distros like Bugtraq on almost any Linux. Well at leaast the main Linuxes. Debian, Ubuntu, Fedora, OpenSUSE, sorry if I missed any there. There are so many.
  17. Breaking things is therapeutic. It's true, what I did to that Orange Pi Plus was complete barbaric. It felt great. I'm a savage. I know.
  18. There's OpenCL support for Ruby. I'm not into ruby enough have an intelligent conversation. But short answer yes you can speed that up with GPU.
  19. Nah dude. I did it just to be a smart ass more than anything. I figure I'll put up a demolition compilation video for keks. First I need to break a few more things. Wait there's an idea for a Youtube channel. Just breaking shit all the time.
  20. I feel so much better now. I like how the logo almost says range pi over the wooden stock color. It's perfect.
  21. OK I did all of that. It's still not working. I've spent like 7 hours troubleshooting this thing and about 0 hours actually using it. Plus the cost of the the machine. Net loss. It's time to just take this thing out and shoot it. At least I'll get some enjoyment out that.
  22. OK this is a start. What directory are these connections stored in? I think this is part of the issue. I will save the network connection then it will get deleted. Also it would be pretty sweet to exploit the clients and steal the wifis. It's a lot less work than cracking the wifis. network={ ssid="myqwest3957" scan_ssid=1 psk="somepassword" proto=RSN key_mgmt=WPA-PSK pairwise=CCMP TKIP group=TKIP }
  23. Yeah. That and make the ethernet work at all.
  24. I have this armhf XFCE Kali build. It's just pretty buggy. I have to log in to wireless every time I boot the thing up. I want to have it headless and just SSH of VNC into it. But I can't do that because the wireless just doesn't want to log in automatically. It's on an OrangePi Plus which I thought was going to really cool because has a SATA port and onboard EMMC but it's not super cool because the thing is not well supported. I don't really know if this is an XFCE issue or a Linux issue or a build issue. I thinking it's a build issue. I don't want to spend 4 hours on a live build but I probably will. I'm still in denial. Everything works perfectly.
×
×
  • Create New...