Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About 3mrgnc3

  • Rank
    Hak5 Fan ++

Profile Information

  • Gender
  • Location
    The Untidied Kingdoms
  • Interests
    Electro Magnetism
    Emergent Phenomena
    Cognitive Dissonance
    Acoustic Guitar
    Coke Zero
    & Tropical Fruits

Recent Profile Visitors

2,766 profile views
  1. Afaik, devices call back via auto ssh on port 2022. the web interface is just for you to control everything. I too have a problem with a similar config though, but with my TETRA. I am also using c2 behind an NGINX reverse proxy with HTTPS. For me The TETRA connects back fine (via ssh), but Terminal wont work properly. When i select it I just get a double disconnected error message in the window. Disconnected. Disconnected. And on my VPS I get the following error message. [*] Initializing Hak5 Cloud C2 [*] Running Hak5 Cloud C2 2018/12/24 12:40:02
  2. Reposted from https://3mrgnc3.ninja I thought some in the Hak5 forum community might like this too. C0m80 Boot2Root This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two. But again, that being said, it will depend on you how hard it is :D The theme with this one is all about ‘enumeration, enumeration, enumeration’, lateral thinking, and how to “combine” vulnerabilities in order to exploit a system. Important Note Once you have an IP insert it into your attack system /etc/hosts like this: [dhcp-ip-add
  3. I think you are confused Ekber48 The Lan Turtle won't automatically hack into computers on the same lan. Rather, in the configuration you suggest, it gives you a foothold on the lan. Then from there you are able to conduct furter recon/spoofing/sniffing/mitm activity. The Lan Turtle can be used to attack a host directly via its usb in various ways but that requires a diferent use case from what you described. if you connect the turtle to any device via the RJ45/ethernet port, the network/computer/server (whatever you wish to call it) needs to assign an IP address to the tur
  4. Hi digip, I sent you a DM on twitter mate. I messed up the clue for that flag. I've sent you a correction and will be updating the ova and my blog shortly today. As a point of note. The flags are not needed in order to root this box. They are really just designed as a parallel challenge to tackle. I have made some of the flags very tricky to find. Cheers.
  5. Still no walkthroughs submitted as of yet. If anyone has done one, please either tweet it to @3mrgnc3 or email me at 3mrgnc3@techie.com.
  6. That's a shame. Are you attacking from a VM with limited resources? What browser are you using? Going through the code will obviously work too though.
  7. Nice :D Glad you like it digip.
  8. New VM just sent in... to Vulnhub.com but here is a link for anyone who is into all that and wants to try it out now. D0Not5top Boot2Root This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made. That being said, it will depend on you how hard it is :D It's filled with a few little things to make the player smile. Again there are a few “Red Herrings”, and enumeration is key. DIFFICULTY ????? CAPTURE THE FLAGS There are 7 flags to collect, designed to get progressively more difficult to obtain
  9. Very nice job... I was gonna have a go at this one but got distracted with work and other stuff. Very cool theme.
  10. There is a project I found on github that is a fail2ban style solution for opewrt that would probably work on the pineapple https://github.com/robzr/bearDropper Edit: lol just saw this was the same as suggested above too :D However, the issue with fail2ban's blacklisting style solution to the problem is that it ends up appending hundreds and hundreds of IP addresses to an iptables rule list. Then this has to be loaded/parsed/compared whenever connection attempts are made. This could give a significant performance hit to you little old pineapple. The simplest and least CPU intens
  11. lol, Oh Yeah , Forgot about that when thinking about what I saw on my VPS, cheers for posting and letting people know I was mistaken in suggesting those particular commands.
  12. I grep then use sed (No logs left in home dir)
  13. I don't know about the pineapple, as I don't leave any of mine connected to the internet for a long period of time. However, on the VPS I run my blog from I was seeing many connections 'ESTABLISHED' to port 22 in netstat output. After also looking at my auth.log files too I saw Chinese IP addresses attempting to brute force my ssh password (unlucky for them I disable passwords and only use rsa keys). Sadly, this is common behaviour now in this age of cyberwarfare. I changed my ssh port to a non-standard one and now I have no problems. Just so everyone is clear, a netstat co
  • Create New...