[http relay check for next command easy way to do it? Remote administration]

I've been fooling around with writing a remote administration tool.

The server has a MySQL database that stores commands.

The client will query the server by the auto incremented primary key for the database entry and will compare it to the id stored from the latest command it executed. I thought doing this by downloading the php file with the id output and grabbing the value with a streamreader and then compare them. If it's a id number is higher the number of the latest command the client will execute the latest command. Then store the latest id in the text file for comparison against future commands.

Thus far I've been downloading the file and comparing the integer value to the value stored in another the other stored file.

Is there an easier way an easy way to read a remote file? Just get the id number as a stored value. It basically just needs to read the first line of the file.

I got the idea from how some software automatically updates. It will query a remote server for something like version.txt and if the version number in the remote file is higher it will download and install the latest version of the software. Easy enough. So I thought hmmm. I could issue commands like that. I also thought I could issue commands through a web interface to all of the connected in a botnet sort of way or legitimately getting clients to install updates or perform other tasks.

Any thoughts?

[Include a payload in Visual Studio project?]

Legit. I was searching for stuff like how to unzip a zip file Visual BASIC 2015. My Google Fu is not so hot. But pretty sweet. There's a VB example on the same page. Thanks Cooper. I'll keep in mind shorter, more concise queries.

Imports System.IO
Imports System.IO.Compression

Module Module1

    Sub Main()
        Dim startPath As String = "c:\example\start"
        Dim zipPath As String = "c:\example\result.zip"
        Dim extractPath As String = "c:\example\extract"

        ZipFile.CreateFromDirectory(startPath, zipPath)

        ZipFile.ExtractToDirectory(zipPath, extractPath)
    End Sub

End Module

[Multiple Boot Partitioning Scheme: NEED YOUR INPUT!]

If you already have Windows installed just download Wubi and setup Ubuntu on that. If you are setting this all up for the first time, select any Linux as your Virtualbox host then install, Windows, Ubuntu, and Kali as virtual machines. Having the VMs is also an added layer of secuirty.

[apt-get update Error on Kali 1.1.0]

Isn't there like an add-apt gpg key type thing you have to do sometimes? Like sometimes the APT signatures are missing? Just something I looked up once. It's one of APT's security features that make sure the packages are signed by the author and they are from trusted sources.

Something like this here:

apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6

Or maybe edit:

/etc/apt/trusted.gpg.d

or something like

gpg --recv-keys AED4B06F473041FA
gpg -a --export AED4B06F473041FA| sudo apt-key add -

or

gpg --keyserver pgpkeys.mit.edu --recv-key AED4B06F473041FA
gpg -a --export AED4B06F473041FA| sudo apt-key add -

Not really sure if those are the right keys. I'm wrong a lot. But the statement looks something like that.

How does the whole apt key thing work?

But yeah like digip says, getting Kali 2.0 is going to be way less hassle. Also if you install with a network connection APT will be configured correctly automatically.

[Include a payload in Visual Studio project?]

Here's something I'm noticing if I try to copy the executable outside the working directory of the installed program is that it is throwing an unauthorized access exception. That kinda sucks. I'm not good enough at coding. But the other thing I was thinking is just downloading the archive and extracting it to the working directory then running the binary. But I'm not totally sure if there's an easy way to extract an archive from a .NET program. Every code example I've looked at has some syntax issues and really it's hard when you don't know how to do something and you are looking up how to do it and every example you find doens't work. You don't know why it doesn't work just that it doens't. If you any of know how to unzip a .zip file with .NET, Visual BASIC, C#, Visual C++, maybe powershell, but everytime I try to do something with powershell from an external program it fails.

But anyway is there a standalone portable upzipping program that can be run from the command line? Being able to unzip the program instead of dowloading the entire directory and subdirectories and creating folders for them with the appropriate error handing is a lot of extra code for pretty much no reason.

[Properly deploy a Java applet]

Ok, so I have this nifty java application that will download and run an application. All of the code works fine. I wanted to make it into an applet and deploy it from a webpage. I thought it was just a matter of an <applet></applet> tag with the right attributes. But Oracle's website says I need to use a deployjava.js and use a <script> to deploy the java applet. But I noticed in the script example that it is calling a jar file. I'm not sure how to properly create a jar. In the tutorials its a class file. What's the correct way to build and deploy an applet?

[Is my optical drive broken? How to check?]

Wrote new entries a few times. Nothing happens. Shows up when I look through the drives. Shows up in setup. But can't boot from it and it won't read a disk.

[Meterpreter dies right away on Windows 10]

I was pretty stoked that I could get a session on a Widows 10 box. I was using a cs meterpreter reverse https I created with veil-evasion. I would get a session then it would die after about 20-30 seconds. Anybody mess around with Windows 10 much and know what could be causing this? I was thinking it's something that isn't installed and maybe Windows 10 doesn't like run once programs. Not totally sure though. Any thoughts?

Nevermind DLL injection gets caught by sandbox.

[Include a payload in Visual Studio project?]

I thought it would be sneak deadly to put a payload into visual studio program. This is easy because there are a lot of code examples and program projects out there.

I know you can add resourses such from the gui. But I'm not exactly sure how to include them in code. Calling an external program is easy enough. I'm just not sure about calling the locally stored binary and what path to use.

Have any of you guys done this recently? Really it's a matter of including the binary and then just calling it. Just not sure how.

[Is my optical drive broken? How to check?]

Ok this is kinda odd. I noticed my optical drive doesn't want to mount. It spins up a bit. But nothing happens. I tried to manually mount it but there's issues with fstab and I'm not sure what /etc/fstab is supposed to look like. Anybody have some ideas.

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/StreetFighter--vg-root /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sda1 during installation
UUID=43724152-31cc-4633-90c9-964f75ffe70b /boot           ext2    defaults        0       2
/dev/mapper/StreetFighter--vg-swap_1 none            swap    sw              0       0
/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

[Good client side exploitation references?]

I've been exploring some client side attacks lately. What are some good references on client side exploitation? Stuff I've been reading up on lately: Social Engineering Toolkit, Metasploit payloads, Stegosploit. exploit kits, phishing. Always looking for more dirty tricks. If you know of a good client side sucker punch. Books, websites etc.

[Governments cracking down on cyber-liberties?]

In light of the recent attack on Paris by (supposedly) ISIS, do any of you think that politicians trying to push-through bills like CISA in the U.S. will have more success? Since most of these terrorist groups are communicating through encrypted emails or IRC chat online, it isn't hard to believe we will hear discussion about forcing people to provide encryption keys to governments in an act to prevent them from doing so. As we all know, this sort of thing wouldn't actually give intelligence on terrorist attacks (since terrorists don't, you know, care about breaking laws), and would perhapse be an act of security theater even more glaring than the existance of the TSA. Do any of you remember that statement made by U.K. Prime Minister David Cameron after the last attack on Paris? While the claim was later denied, I'm not seing any other way to interpret that stament. Sorry if this sounds like a rant; I just wanted to get this off my head.

This thing with France is obviously an imigration issue. Keeping those people out of the EU in the first place would have been the best solution. What difference does it make what they say on the internet if they can't get here?

[what is the best wifi hacking tool kali linux without wordlist]

+1 wifite is a great newb tool. While scripts aren't a substitute for command line interface proficiency they fill the gap while you work on your skill set.

[Can't get Kali Linux USB or SD to boot on Chromebook]

Zero out the drive with:

dd bs=512k if=/dev/zero of=/dev/sdx

Before running dd to create the media will clean the drive and remove remnants that might be causing issues. Might help with any issues.

I kinda wish dd had a verbose option that would show percent complete.

[Issue with Kali]

I actually didn't know about

airmon-ng check kill

I had been running the kill command with the process numbers.

kill 569

Somthing like that.

[Alt to Kali?]

There are a few tools like veil that are only officially supported on Kali. So you would have to do some monkeying to make them work. Regular tools like aircrack, reaver, nmap, metasploit, john, will run on most Linuxes (Did I spell that right? What the plural or Linux? Should it be pronounced like Linuces, like the plural of matrix is matrices) without issue.

I also agree with what was said with the new aircrack suite on kali 2.0. There are usually a bunch of processes to kill. Not a big deal but when you are trying to automate and not look at error messages in the terminal. It's not bad. It's just more things to consider when you're already busy.

Easy enough to write a script. Just use dpkg --get-selections from kali and create an apt and wget script. Or you could create an ISO with something like aptoncd and and use a script to install from that. It might be a worthwhile group project to write some scripts to install kali tools and tools included on other distros like Bugtraq on almost any Linux. Well at leaast the main Linuxes. Debian, Ubuntu, Fedora, OpenSUSE, sorry if I missed any there. There are so many.

[XFCE wireless login required.]

Breaking things is therapeutic. It's true, what I did to that Orange Pi Plus was complete barbaric. It felt great. I'm a savage. I know.

[cuda enabled ruby script?]

There's OpenCL support for Ruby. I'm not into ruby enough have an intelligent conversation. But short answer yes you can speed that up with GPU.

[XFCE wireless login required.]

Less than a month, if memory serves. I hope this is not how you confront all your challenges.

Nah dude. I did it just to be a smart ass more than anything. I figure I'll put up a demolition compilation video for keks. First I need to break a few more things.

Wait there's an idea for a Youtube channel. Just breaking shit all the time.

[XFCE wireless login required.]

Problem solved.

[XFCE wireless login required.]

I feel so much better now.

I like how the logo almost says range pi over the wooden stock color. It's perfect.

[XFCE wireless login required.]

OK I did all of that. It's still not working. I've spent like 7 hours troubleshooting this thing and about 0 hours actually using it. Plus the cost of the the machine. Net loss. It's time to just take this thing out and shoot it. At least I'll get some enjoyment out that.

[XFCE wireless login required.]

i tried to document all my steps, i have been threw all of this... but im a little rusty...

i like to killall networking services, ifup, networking, network-manager...

cat /etc/network/interfaces

#AWUS036nha bgn 2.4gh supports master mode...
#internet source
auto wlan2
iface wlan2 inet static
address 192.168.0.87
gateway 192.168.0.1
ntmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255

you will want to test your config, make sure its working properly...

cat myqwest3957.conf

network={
	ssid="myqwest3957"
	scan_ssid=1
	psk="somepassword"
	proto=RSN
	key_mgmt=WPA-PSK
	pairwise=CCMP TKIP
	group=TKIP
}

then i add 2 lines to my /etc/rc.local... may have to stall this part so all the drivers have a chance to load.

sleep 10

wpa_supplicant -Dnl80211 -iwlan2 -cmyqwest3957.conf -B&

dhclient wlan2

OK this is a start. What directory are these connections stored in? I think this is part of the issue. I will save the network connection then it will get deleted.

Also it would be pretty sweet to exploit the clients and steal the wifis. It's a lot less work than cracking the wifis.

network={
	ssid="myqwest3957"
	scan_ssid=1
	psk="somepassword"
	proto=RSN
	key_mgmt=WPA-PSK
	pairwise=CCMP TKIP
	group=TKIP
}

[XFCE wireless login required.]

Yeah. That and make the ethernet work at all.

[XFCE wireless login required.]

I have this armhf XFCE Kali build. It's just pretty buggy. I have to log in to wireless every time I boot the thing up. I want to have it headless and just SSH of VNC into it. But I can't do that because the wireless just doesn't want to log in automatically. It's on an OrangePi Plus which I thought was going to really cool because has a SATA port and onboard EMMC but it's not super cool because the thing is not well supported.

I don't really know if this is an XFCE issue or a Linux issue or a build issue. I thinking it's a build issue. I don't want to spend 4 hours on a live build but I probably will. I'm still in denial. Everything works perfectly.