Jump to content

Urieal

Active Members
  • Posts

    29
  • Joined

  • Last visited

Recent Profile Visitors

1,612 profile views

Urieal's Achievements

Newbie

Newbie (1/14)

  1. Hi everyone - Unique question hoping for some assistance. The question / objective: Rent / Acquire / Invest / Purchase VM space in the cloud for the purposes of running Kali Linux instances. Looking for privacy first cloud services, something akin to protonmail. Anyone able to make some recommendations if I find anything as well I'll be sure to update this post.
  2. Greetings all, Recently recovered several hashes during a recent engagement - cracked all but one. Anyone care to take a stab? It's an NTHASH, I've tried hashcat, rainbowtables via oph still no dice HASH: 59658e5f44d88ec0ff7b40cfcb21ecc2
  3. Unplugged - Look into PhishMe - Great Product, encouraging, and really does help cut down on problems! Partner winning departments with gift cards / lunch / pizza / whatever and I assure you will see rapid improvement.
  4. Let's look at what you've written a little more closely... in your opening statement to this forum you have used words like "Unofficially" "Unofficial" "Hundreds of Attacks" "There Network". "Verbal Permission". You want advice? Well I'm about to give you some. Just say no. First of all, if you actually knew what you were doing you wouldn't be asking us for advice on how to proceed legally. You'd know that part of the initial scoping call and pre-engagement meeting where it's defined what exactly you're going to be doing, that you'd also have obtained whats commonly referred to as a "Get Out of Jail Free" card. This "card" is signed paperwork that has a clearly defined scope, context, and signing officers that prevents you from being held liable or responsible for any "issues" that may occur so long as what you were doing was within the "scope" as "defined" in the "pre-engagement" and "scoping" meetings. Secondly, in an environment such as law enforcement it's highly unorthodox for them to seek out "non-professional" assistance from someone who is still "learning. In fact the only thing more expensive than hiring an expert is an amateur - if you're suggesting that we provide assistance, support, direction, or advice on how to perform a penetration test / show & tell I'd encourage you to stop dead in your tracks - put your best foot forward, and pursue no more. Third - There is far more to "Training & Information" than just the pineapple. Any half breed, potato head knows that Wireless vs Wired should be separated. If you think exposing them to what the PineApple can do then you're not really doing them any justice. If they really want to know whats "out there" theres things like BlackHAT - Now that will be an eye opener! If you're still hellbent on not following my advice or anyone else that's trying to steer you in the clear then keep in mind that the biggest fear for law enforcement is data breach. So technologies like drop-boxes, rogue access points, detection and suppression, SIEM / USM's, hardware key loggers both wired and wireless, layer 3 switches with DAI engaged are things you'd want to talk about. My point in all of this is your limited knowledge of the entire "threat landscape" is not going to serve them any justice. When we talk wireless, are they using 802x Radius, WPA2-Personal? Is it Two Stage, is it Voucher Based, do they already have detection systems in place. I mean the list really does go on and on and on... In the end, you do what you feel is right - but my advice, as someone who does this for a living... If you have to ask how to do it "legally" - you don't do it period.
  5. Cleared for Confidentiality. Mods please delete post.
  6. Cleared for Confidentiality. Mods please delete post.
  7. Cleared for Confidentiality. Mods please delete post.
  8. MSF is currently broken, they are releasing updates almost hourly trying to get it back up and running... The past 2 days have resulted in over 600mb updates.. Are you apt-get update apt-get upgrade daily on your nix distro? Also, be sure to run service postgresql start followed by service metasploit start. You may need to rebuild manually...
  9. I'll just chime in here for a brief moment. Chris H; if you're reading this I want you to know that I personally found your videos and guides invaluable. More often than not we (all of us) search the internet for resources and assistance dealing with a wide variety of issues. Your videos were clear, concise, to the point... I can personally say that as a small business in the Pen Testing game your videos were integral to some of our major wins... On behalf of Digitally Evolved, we salute you.
  10. Ugh, captive portal with credential harvester. Forget trying to research HSTS; no disrespect intended but HSTS is also worked directly into the browser... If any of you are legit pen testers, I really hope that you all do a lot more reconnasiance on your targets instead of waiting for 'someone' to release a HSTS SSL STRIP..... Target using Internet Explorer inhouse? SSLSTRIP Target using Chrome,Safari,Firefox,ect, Credential Harvester / Social Engineering / Ettercap. Many people use forums that don't offer https and these same people are likely to use the same passwords for several other areas of internet access. Everytime I see someone inquire about HSTS / SSLSTRIP I can't help but feel its a skid/teenybopper. Trying to compromise facebook accounts. Legit Pen Testing is all about the shell, besides.. if you're doing credential harvesting you're already in red teaming territory? Why not just keylog? Just sayin'.
  11. I'd recommend you take a look at this thread: https://forums.hak5.org/index.php?/topic/33629-on-assignment-disappointed-with-mark-v/ Towards the bottom is how we got it to work (AND) keep the internet sharing alive. Still waiting on an official word, but the above worked well for us...
  12. We've got it working now, -we think-, internet is still active for users whom are connected and in partnership with sslstrip all seems to be operational. Thus, the question. - Earlier on it was advised that if installed correctly, you simply select your interface and hit start..... clearly in our attempts this did not work. Is this a known problem, did we skip a step, is there something we're not seeing here? We'll be on deployment this Tuesday for about a week.... and want to bring the pineapple along for the assessment -- however, until I know for sure its certain I right now have a fewhundred dollar paperweight. Anyone able to chime in?
  13. Step 6.) We went back into the etter.conf file, have changed the uid / gid in step 5 AND proceeded to remove the #'s surrounding ip forwarding. We then rebooted the pineapple and restarted ettercap. Clients connected to the Pineapple still have internet at this point and redir_command_on is no longer showing. It 'appears' to be fixed...
  14. Stage 5.) We have edited the etter.conf file located /etc/etter.conf via nano We have edited the uid and ged values to 0. We rebooted the pineapple and restarted ettercap. - All devices connected - lose internet at this point again. -
  15. 1.) I'm navigating to the pineapple bar and selecting ettercap. I'm installing it to SD Storage. 2.) The main tile page refreshes and I'm greeted with a red tile (Ettercap) I've let it sit for almost 20 minutes, - nothing - I decided to hit Install at the bottom and WAIT. 3.) Eventually the tab is refreshed and I get this as a popup. 4.) I select br-lan and hit start and am greeted with the following: ANyone connect to the device loses internet.. At this stage of the game we've been advised to change the ged and uid to 0 in etter.conf (This file is located in /etc/etter.conf -- not to be confused with the /usr/ path linked in the guide from WhistleBlower earlier).
×
×
  • Create New...