3mrgnc3
-
Posts
93 -
Joined
-
Last visited
-
Days Won
1
Posts posted by 3mrgnc3
-
-
I think you are confused Ekber48
The Lan Turtle won't automatically hack into computers on the same lan.
Rather, in the configuration you suggest, it gives you a foothold on the lan. Then from there you are able to conduct furter recon/spoofing/sniffing/mitm activity.
The Lan Turtle can be used to attack a host directly via its usb in various ways but that requires a diferent use case from what you described.
if you connect the turtle to any device via the RJ45/ethernet port, the network/computer/server (whatever you wish to call it) needs to assign an IP address to the turtle because it will request one via its dhcp client.
It is possible to statically assign the ip beforehand if you know the target subnet is and what addresses are available. but that could cause problems.
-
Hi digip,
I sent you a DM on twitter mate. I messed up the clue for that flag. I've sent you a correction and will be updating the ova and my blog shortly today.
As a point of note. The flags are not needed in order to root this box. They are really just designed as a parallel challenge to tackle. I have made some of the flags very tricky to find.
Cheers.
-
Still no walkthroughs submitted as of yet. If anyone has done one, please either tweet it to @3mrgnc3 or email me at 3mrgnc3@techie.com.
-
46 minutes ago, digip said:
Looks like the audio.js file causes the game to crash for me, so will try to dig through it manually.
That's a shame. Are you attacking from a VM with limited resources? What browser are you using?
Going through the code will obviously work too though.
-
On 04/09/2017 at 10:03 AM, digip said:
I just hacked the game, set all the walls to blanks..lol
Nice job :D
;D
-
21 minutes ago, digip said:
Not sure how far in I am or what flag this is, but enjoying the missile game
Nice :D
Glad you like it digip.
-
New VM just sent in... to Vulnhub.com
but here is a link for anyone who is into all that and wants to try it out now.
D0Not5top Boot2Root
This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made.
That being said, it will depend on you how hard it is :D
It's filled with a few little things to make the player smile.Again there are a few “Red Herrings”, and enumeration is key.
DIFFICULTY
?????CAPTURE THE FLAGS
There are 7 flags to collect, designed to get progressively more difficult to obtainDETAILS
File: D0Not5top_3mrgnc3_v1.0.ova
OS: ?????
VM Type: VirtualBox
IP Address: DHCP
Size: 700 MBDOWNLOAD
https://3mrgnc3.ninja/files/D0Not5top_3mrgnc3_v1.0.ovaSUPPORT
Any support issues can be directed to 3mrgnc3@techie.comSCREENSHOT
I hope you all enjoy it!3mrgnc3
;DP.s.
my previous challenge can be found here.
https://3mrgnc3.ninja/2016/12/64base/
-------------------------------------------
NOTE:
I Origionally posted this in 'everything else' forum but wanted to move it here.
Not sure how to do that...
Mods please feel free to remove origional.
-
On 04/04/2017 at 6:20 PM, Lok! said:
3mrgnc3 thats gorgeous, good job and thank you! :¬}
Cheers
:D
-
Very nice job... I was gonna have a go at this one but got distracted with work and other stuff.
Very cool theme.
-
2 hours ago, humantoad said:
Someone is trying to bruteforce the ssh password for sure.
Tue Mar 28 09:14:11 2017 auth.info sshd[4468]: Failed password for root from 183.214.141.104 port 14350 ssh2
Tue Mar 28 09:14:12 2017 auth.info sshd[4468]: Failed password for root from 183.214.141.104 port 14350 ssh2
Tue Mar 28 09:14:13 2017 auth.info sshd[4468]: Failed password for root from 183.214.141.104 port 14350 ssh2
Tue Mar 28 09:14:14 2017 auth.info sshd[4468]: Failed password for root from 183.214.141.104 port 14350 ssh2
Tue Mar 28 09:14:15 2017 auth.info sshd[4468]: Failed password for root from 183.214.141.104 port 14350 ssh2
Tue Mar 28 09:14:16 2017 auth.info sshd[4468]: Failed password for root from 183.214.141.104 port 14350 ssh2Is there something like fail2ban for the pineapple distro?
There is a project I found on github that is a fail2ban style solution for opewrt that would probably work on the pineapple https://github.com/robzr/bearDropper
Edit: lol just saw this was the same as suggested above too :D
However, the issue with fail2ban's blacklisting style solution to the problem is that it ends up appending hundreds and hundreds of IP addresses to an iptables rule list. Then this has to be loaded/parsed/compared whenever connection attempts are made. This could give a significant performance hit to you little old pineapple.
The simplest and least CPU intensive solution to the problem is to switch ssh to a high port (eg. 61222) AND use RSA key authentication, STRICTLY disallowing password auth in your config. Then (as just_a_user alluded to) WHITELIST you own IP addresses using iptables.
The ssh BOT/BOTS that are trying to brute you tend only to focus on port 22, and if they are smart enough to detect password auth is dsabled will give up quickly.
But in 99.9% of cases I would put money on the problem going away if your using a non standard high port number for ssh.
Hope this helps.
-
3 minutes ago, Just_a_User said:
Yeah we dont have w or who on Pineapple AFAIK. On the pineapple we use openSSH and it seems to log to syslogd. There isnt a traditional /var/log/auth.log.
You can view ssh server logins by using
logread | grep sshdor dump it to a file with
logread | grep sshd > /var/log/auth.log
As an example. hope this helps.
lol, Oh Yeah
, Forgot about that when thinking about what I saw on my VPS, cheers for posting and letting people know I was mistaken 
in suggesting those particular commands.
-
On 03/07/2017 at 0:44 PM, digininja said:
Put the effort in and persist, you'll speed up soon enough.
On 03/07/2017 at 0:42 PM, haze1434 said:Sh*t, I use nano
I can use vi, but it's so slow to use. Sometimes you just want to amend a file quickly
I grep then use sed
(No logs left in home dir)
-
I don't know about the pineapple, as I don't leave any of mine connected to the internet for a long period of time.
However, on the VPS I run my blog from I was seeing many connections 'ESTABLISHED' to port 22 in netstat output. After also looking at my auth.log files too I saw Chinese IP addresses attempting to brute force my ssh password (unlucky for them I disable passwords and only use rsa keys).
Sadly, this is common behaviour now in this age of cyberwarfare.
I changed my ssh port to a non-standard one and now I have no problems.
Just so everyone is clear, a netstat connection 'ESTABLISHED' doesn't mean an ssh session has been 'AUTHENTICATED'.
Check using the commands:
'w', 'last', & 'lastlog'
Then you will see precisely who is/has connected to your server and when.
-
On 03/19/2017 at 5:26 PM, Kenny_lex said:
I want to monitor my own network to see who are connected, how much net traffic there is and other useful data, I have a laptop that I can use for this and it stands a bit away, I have tried some command line based programs to do this, but the problem is that it is hard to see the text from a distance, so now I wonder if there is any program out there that can monitor my network but present the information is a SCI like way, i.e with larger graphics easy to see and with large alert if some use to much bandwidths, to see how many clients that are using the same network and so on. Just now I run Kali Linux (overkill for me) so I will also take suggestions for what system I shall use if I want to dedicate a Laptop just to monitor my own network.
Let Me Google That For You.
-
14 hours ago, cdoc said:
Hello,
do you guys know if it's possible to capure Client(s)-to-WifiRouter(s) probe request, just like Karma does, but without "answering" to any of those requests by using python?
I mean, to passively monitor surrounding devices' probes and log them in to a text file or something, but be invisible in their wifi network list.
Any python libraries suggestions would be appreciated!
I googled it for you...
Monitor Wi-Fi Client Probes In 10 Lines Of Python
http://www.securitytube.net/video/7265
Or
Just use airodump-ng with -w flag. Then you will have multiple file formats produced you can process/parse/filter/script against.
Or
wireshark capture on monitor interface. You can construct a capture or display filter to only show probes.
google should have all the examples you need.
-
I love the last educational scenario.
A level up from that. You could demonstrate the importance of properly implemented wireless security.
This could be given as a small business guest network in the classroom. Setup similar to before, but using WPA2 with a weak passphrase (ie. its in the rockyou wordlist) or even WPS enabled with a weak implementation.
Then
1. An attacker deauths clients and captures 4-way handshake packets.
2. He Joins the network and demonstrates ability to do attacks such as ARP Spoofing.
3. Sets up an evilAP with the pineapple using network name and MACaddress of WPA2 Access Point with same passphrase on a different channel.
4. constantlty Deauthenticate broadcast MAC address on origional channel.
5. Demonstrate students connecting to EvilAP
Homework.
What are the fundemental differences to the 1st scenario?
Are there flaws in the level of trust we assign based on whether a wifi network is open or WEP/WPA/WPA2?
What can we do about the problem?
Regards,
Ps. Wish I'd had that class back in the day... :D
-
On 03/19/2017 at 0:58 AM, derffr6 said:
Does anyone have or know of somewhere of where I can find a list of open hotspot SSID's? I am looking for as much of a complete list to dump into PineAP. I know I can search wardriving result web pages but I am sure someone else has already though of this.
Thanks in advance!
Have a look at https://wigle.net/
-
On 03/17/2017 at 3:11 PM, Mr-Protocol said:
Pretty cool, I used a pre-made plastic case for USB Drive that it was designed to fit. Just had to cut a hole for the antenna with a round file.
Enclosure Options
YARD Stick One ships without an enclosure. It is designed to fit 3A-260906U from New Age Enclosures, but you will need to drill a hole for the SMA connector. Another good option to protect YARD Stick One is 5/8" clear heat shrink tubing.
via: https://github.com/greatscottgadgets/yardstick/wiki/YARD-Stick-One
Pretty sure it fits the Ubertooth One as well.
Yeah, it'll fit Ubertooth too. Was tricky to print on the makerbot x2. came out useable but it needed alot of support material to hold its shape. Then after sanding I still need to finnish it off a bit.
Plus, the depth of the embosing on the GSG logo side was a bit shallow. I'm gonna try again with a deeper font embos on each side I think.
-
On 01/21/2017 at 9:45 PM, digip said:
Thought some here might get a laugh out of it. If you've ever taken an Offsec course, you'll know this feeling.
http://www.captiongenerator.com/320492/Offsec-Student-Admins
Yup :D
-
Here's a YARDStick1 case design I made.
Will post up the 3D files later so people can re-use/modify themselves.
-
2 hours ago, kbeflo said:
Requesting inverted theme
I'll have a go at that later. ;D
-
1
-
-
Hi,
I love the bootstap interface on the pineapple but the very bright default colours give me terrible eyestrain.
So I made this and thought I would share.
WIFIPineapple-TETRA-NANO-Themes
https://github.com/3mrgnc3/WIFIPineapple-TETRA-NANO-Themes?files=1
Hope others enjoy it too.
EDIT:
I'll post some screenshots tomorrow so people can see it properly before trying it out. I don't have my TETRA powered up right now and its sleepy time here in the UK right now.
If anyone else has any themes/skins and wants to, they can send me a link and I'll add them to the repo.
I intend to have a go at making a theme changer module sometime in the near future. When I get time that is.
UPDATE...
Here are the screenshots I promised.
3mrgnc3
-
3
-
-
Smarty -
With the front (LED side) of the WiFi Pineapple TETRA facing you, the two antennas on the left are wlan0 and the two on the right are wlan1. Another way to put look at it is that the two wlan0 antennas are closest to the RJ45 Ethernet port while the two wlan1 antennas are closest to the Reset button. Both radios are in a diversity configuration by default and ship with dual-band antennas.
Also it sounds like your power issue is related to the extra draw of the LTE modem. The upgraded PSU will fix that. You'll be receiving an email shortly if you haven't already.
Cheers,
Darren
Was having similar power issues. DHL just delivered the extra PSU. USA plug type :D but I can live with that. I'm in the UK but couldn't wait for the EU shop to have the TETRA in stock. So I can't complain :P
Plus, it came with a super awsome wifipinapple logo sticker.
Thanks Darren
+1
-
Just had to recover my "Lan Turetle"
hadn't used it in a while and forgot/accidentally deleted the root password from my password manager DOH!
This made me smile though, so had to share
..
, Forgot about that when thinking about what I saw on my VPS, cheers for posting and letting people know I was mistaken 
in suggesting those particular commands.
..
C0m80 - Challenge Released
in Gaming
Posted · Edited by 3mrgnc3
added intro
Reposted from https://3mrgnc3.ninja
I thought some in the Hak5 forum community might like this too.
C0m80 Boot2Root
This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two.
But again, that being said, it will depend on you how hard it is :D
The theme with this one is all about ‘enumeration, enumeration, enumeration’, lateral thinking, and how to “combine” vulnerabilities in order to exploit a system.
Important Note
Once you have an IP insert it into your attack system /etc/hosts like this:
[dhcp-ip-address] C0m80.ctf
This VM will probably be different to other challenges you may have come across. With C0m80 You will be required to log in locally in the VirtualBox console window at some point. This, I know, may ‘rile’ some of the purists out there that say you should be able to compromise a boot2root fully remotely over a network. I agree to that in principle, and in this case I had intended to allow vnc or xrdp access. Alas, due to compatibility problems I had to make a compromise in this area in order to get the challenge published sooner rather than later.
It should be obvious at what point you need to log in. So when that time comes just pretend you are using remote desktop. ;D
Sorry, I hope you can forgive me.
Difficulty Rating
[Difficult]
Get to The Root Flag
There is only one goal here. Become God on the system and read the root flag.
I Hope You Enjoy It.
Download
https://3mrgnc3.ninja/2017/09/c0m80
Details
File: C0m80_3mrgnc3-v1.0.ova
OS: WondawsXP ;D
VM Type: VirtualBox
IP Address: DHCP
Size: 2.7 GB
Walkthroughs
Please leave feedback and comments below. Including any info on walkthroughs anyone wishes to publish, or bugs people find in the VM Image.
Good Luck & TryHarder ;D