Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About Urieal

  • Rank
    Hak5 Fan

Recent Profile Visitors

1,364 profile views
  1. Hi everyone - Unique question hoping for some assistance. The question / objective: Rent / Acquire / Invest / Purchase VM space in the cloud for the purposes of running Kali Linux instances. Looking for privacy first cloud services, something akin to protonmail. Anyone able to make some recommendations if I find anything as well I'll be sure to update this post.
  2. Sorry everyone, don't mean to raise a dead topic but I'm sure others may be curious as well. I see a couple of you have invested in multiple battery packs, anyone willing to divulge what brands and how many MAH's per they are? Thanks again
  3. Greetings all, Recently recovered several hashes during a recent engagement - cracked all but one. Anyone care to take a stab? It's an NTHASH, I've tried hashcat, rainbowtables via oph still no dice HASH: 59658e5f44d88ec0ff7b40cfcb21ecc2
  4. Unplugged - Look into PhishMe - Great Product, encouraging, and really does help cut down on problems! Partner winning departments with gift cards / lunch / pizza / whatever and I assure you will see rapid improvement.
  5. Let's look at what you've written a little more closely... in your opening statement to this forum you have used words like "Unofficially" "Unofficial" "Hundreds of Attacks" "There Network". "Verbal Permission". You want advice? Well I'm about to give you some. Just say no. First of all, if you actually knew what you were doing you wouldn't be asking us for advice on how to proceed legally. You'd know that part of the initial scoping call and pre-engagement meeting where it's defined what exactly you're going to be doing, that you'd also have obtained whats commonly referred t
  6. Cleared for Confidentiality. Mods please delete post.
  7. Cleared for Confidentiality. Mods please delete post.
  8. Cleared for Confidentiality. Mods please delete post.
  9. MSF is currently broken, they are releasing updates almost hourly trying to get it back up and running... The past 2 days have resulted in over 600mb updates.. Are you apt-get update apt-get upgrade daily on your nix distro? Also, be sure to run service postgresql start followed by service metasploit start. You may need to rebuild manually...
  10. I'll just chime in here for a brief moment. Chris H; if you're reading this I want you to know that I personally found your videos and guides invaluable. More often than not we (all of us) search the internet for resources and assistance dealing with a wide variety of issues. Your videos were clear, concise, to the point... I can personally say that as a small business in the Pen Testing game your videos were integral to some of our major wins... On behalf of Digitally Evolved, we salute you.
  11. Ugh, captive portal with credential harvester. Forget trying to research HSTS; no disrespect intended but HSTS is also worked directly into the browser... If any of you are legit pen testers, I really hope that you all do a lot more reconnasiance on your targets instead of waiting for 'someone' to release a HSTS SSL STRIP..... Target using Internet Explorer inhouse? SSLSTRIP Target using Chrome,Safari,Firefox,ect, Credential Harvester / Social Engineering / Ettercap. Many people use forums that don't offer https and these same people are likely to use the same passwords for several othe
  12. I'd recommend you take a look at this thread: https://forums.hak5.org/index.php?/topic/33629-on-assignment-disappointed-with-mark-v/ Towards the bottom is how we got it to work (AND) keep the internet sharing alive. Still waiting on an official word, but the above worked well for us...
  13. We've got it working now, -we think-, internet is still active for users whom are connected and in partnership with sslstrip all seems to be operational. Thus, the question. - Earlier on it was advised that if installed correctly, you simply select your interface and hit start..... clearly in our attempts this did not work. Is this a known problem, did we skip a step, is there something we're not seeing here? We'll be on deployment this Tuesday for about a week.... and want to bring the pineapple along for the assessment -- however, until I know for sure its certain I right now have
  14. Step 6.) We went back into the etter.conf file, have changed the uid / gid in step 5 AND proceeded to remove the #'s surrounding ip forwarding. We then rebooted the pineapple and restarted ettercap. Clients connected to the Pineapple still have internet at this point and redir_command_on is no longer showing. It 'appears' to be fixed...
  15. Stage 5.) We have edited the etter.conf file located /etc/etter.conf via nano We have edited the uid and ged values to 0. We rebooted the pineapple and restarted ettercap. - All devices connected - lose internet at this point again. -
  • Create New...