Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Urieal

  1. Hi everyone - Unique question hoping for some assistance. The question / objective: Rent / Acquire / Invest / Purchase VM space in the cloud for the purposes of running Kali Linux instances. Looking for privacy first cloud services, something akin to protonmail. Anyone able to make some recommendations if I find anything as well I'll be sure to update this post.
  2. Sorry everyone, don't mean to raise a dead topic but I'm sure others may be curious as well. I see a couple of you have invested in multiple battery packs, anyone willing to divulge what brands and how many MAH's per they are? Thanks again
  3. Greetings all, Recently recovered several hashes during a recent engagement - cracked all but one. Anyone care to take a stab? It's an NTHASH, I've tried hashcat, rainbowtables via oph still no dice HASH: 59658e5f44d88ec0ff7b40cfcb21ecc2
  4. Unplugged - Look into PhishMe - Great Product, encouraging, and really does help cut down on problems! Partner winning departments with gift cards / lunch / pizza / whatever and I assure you will see rapid improvement.
  5. Let's look at what you've written a little more closely... in your opening statement to this forum you have used words like "Unofficially" "Unofficial" "Hundreds of Attacks" "There Network". "Verbal Permission". You want advice? Well I'm about to give you some. Just say no. First of all, if you actually knew what you were doing you wouldn't be asking us for advice on how to proceed legally. You'd know that part of the initial scoping call and pre-engagement meeting where it's defined what exactly you're going to be doing, that you'd also have obtained whats commonly referred to as a "Get Out of Jail Free" card. This "card" is signed paperwork that has a clearly defined scope, context, and signing officers that prevents you from being held liable or responsible for any "issues" that may occur so long as what you were doing was within the "scope" as "defined" in the "pre-engagement" and "scoping" meetings. Secondly, in an environment such as law enforcement it's highly unorthodox for them to seek out "non-professional" assistance from someone who is still "learning. In fact the only thing more expensive than hiring an expert is an amateur - if you're suggesting that we provide assistance, support, direction, or advice on how to perform a penetration test / show & tell I'd encourage you to stop dead in your tracks - put your best foot forward, and pursue no more. Third - There is far more to "Training & Information" than just the pineapple. Any half breed, potato head knows that Wireless vs Wired should be separated. If you think exposing them to what the PineApple can do then you're not really doing them any justice. If they really want to know whats "out there" theres things like BlackHAT - Now that will be an eye opener! If you're still hellbent on not following my advice or anyone else that's trying to steer you in the clear then keep in mind that the biggest fear for law enforcement is data breach. So technologies like drop-boxes, rogue access points, detection and suppression, SIEM / USM's, hardware key loggers both wired and wireless, layer 3 switches with DAI engaged are things you'd want to talk about. My point in all of this is your limited knowledge of the entire "threat landscape" is not going to serve them any justice. When we talk wireless, are they using 802x Radius, WPA2-Personal? Is it Two Stage, is it Voucher Based, do they already have detection systems in place. I mean the list really does go on and on and on... In the end, you do what you feel is right - but my advice, as someone who does this for a living... If you have to ask how to do it "legally" - you don't do it period.
  6. Cleared for Confidentiality. Mods please delete post.
  7. Cleared for Confidentiality. Mods please delete post.
  8. Cleared for Confidentiality. Mods please delete post.
  9. MSF is currently broken, they are releasing updates almost hourly trying to get it back up and running... The past 2 days have resulted in over 600mb updates.. Are you apt-get update apt-get upgrade daily on your nix distro? Also, be sure to run service postgresql start followed by service metasploit start. You may need to rebuild manually...
  10. I'll just chime in here for a brief moment. Chris H; if you're reading this I want you to know that I personally found your videos and guides invaluable. More often than not we (all of us) search the internet for resources and assistance dealing with a wide variety of issues. Your videos were clear, concise, to the point... I can personally say that as a small business in the Pen Testing game your videos were integral to some of our major wins... On behalf of Digitally Evolved, we salute you.
  11. Ugh, captive portal with credential harvester. Forget trying to research HSTS; no disrespect intended but HSTS is also worked directly into the browser... If any of you are legit pen testers, I really hope that you all do a lot more reconnasiance on your targets instead of waiting for 'someone' to release a HSTS SSL STRIP..... Target using Internet Explorer inhouse? SSLSTRIP Target using Chrome,Safari,Firefox,ect, Credential Harvester / Social Engineering / Ettercap. Many people use forums that don't offer https and these same people are likely to use the same passwords for several other areas of internet access. Everytime I see someone inquire about HSTS / SSLSTRIP I can't help but feel its a skid/teenybopper. Trying to compromise facebook accounts. Legit Pen Testing is all about the shell, besides.. if you're doing credential harvesting you're already in red teaming territory? Why not just keylog? Just sayin'.
  12. I'd recommend you take a look at this thread: https://forums.hak5.org/index.php?/topic/33629-on-assignment-disappointed-with-mark-v/ Towards the bottom is how we got it to work (AND) keep the internet sharing alive. Still waiting on an official word, but the above worked well for us...
  13. We've got it working now, -we think-, internet is still active for users whom are connected and in partnership with sslstrip all seems to be operational. Thus, the question. - Earlier on it was advised that if installed correctly, you simply select your interface and hit start..... clearly in our attempts this did not work. Is this a known problem, did we skip a step, is there something we're not seeing here? We'll be on deployment this Tuesday for about a week.... and want to bring the pineapple along for the assessment -- however, until I know for sure its certain I right now have a fewhundred dollar paperweight. Anyone able to chime in?
  14. Step 6.) We went back into the etter.conf file, have changed the uid / gid in step 5 AND proceeded to remove the #'s surrounding ip forwarding. We then rebooted the pineapple and restarted ettercap. Clients connected to the Pineapple still have internet at this point and redir_command_on is no longer showing. It 'appears' to be fixed...
  15. Stage 5.) We have edited the etter.conf file located /etc/etter.conf via nano We have edited the uid and ged values to 0. We rebooted the pineapple and restarted ettercap. - All devices connected - lose internet at this point again. -
  16. 1.) I'm navigating to the pineapple bar and selecting ettercap. I'm installing it to SD Storage. 2.) The main tile page refreshes and I'm greeted with a red tile (Ettercap) I've let it sit for almost 20 minutes, - nothing - I decided to hit Install at the bottom and WAIT. 3.) Eventually the tab is refreshed and I get this as a popup. 4.) I select br-lan and hit start and am greeted with the following: ANyone connect to the device loses internet.. At this stage of the game we've been advised to change the ged and uid to 0 in etter.conf (This file is located in /etc/etter.conf -- not to be confused with the /usr/ path linked in the guide from WhistleBlower earlier).
  17. Want to give an update as to where we're at. We can't seem to locate the etter.conf file anywhere on the sd card (Where the infusion was installed to) We're now looking for it on the pineapple itself... We recently reset the pineapple to default settings (as if we unboxed for the first time.) I went to the infusion pineapple bar, installed ettercap. The Live Tile was 'red' and said Install dependancies. We hit install and after a few moments the tile refreshed on its own and was green (normal). We hit start and were greeted with the log Listening on eth0... (Ethernet) eth0 -> 00:13:37:A5:2D:8A invalid invalid SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to UID 65534 GID 65534... 28 plugins 39 protocol dissectors 53 ports monitored 7587 mac vendor fingerprint 1698 tcp OS fingerprint 2183 known services Starting Unified sniffing... According to the link supplied by Whistleblower the goal is to edit the etter.conf file. Our issue: We can't find it ANYWHERE on the Pineapple? Perhaps its in a certain folder? We're happy to edit it, but still at this point can't seem to locate it... Is this happening to everyone who installs ettercap? Did we screw something up? -- Update 4:37 Changed the UID's to 0 -- Still getting the error SSL dissection needs a valid 'redir_command_on' script in the etter.conf file So what we did was went to line 168 and 169 and removed the # on the ip_tables line. I cant help but feel like we've done something wrong here in general. There is no way everyone is experiencing the same problem as us.. Any and all assistance would be greatly appreciated on resolving this issue.... -- Update 4:57pm. 1.) Reinstalled Pineapple factory settings. 2.) Installed Ettercap infusion 3.) Large Tile was 'red' with INSTALL link on it. 4.) Clicked install 5.) Waited a few moments, the tile refreshed on its own 6.) Hit 'start' on the br-lan interface 7.) Received error SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to UID 65534 GID 65534... 8.) Used Whistleblowers link and putty'd our way onto the pineapple nano /etc/etter.conf 9.) changed ec_uid and ec_gid to 0 and SAVED the file. 10.) Attempted to run ettercap, and was given the same SSL error, however it now says SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges droped to UID 0 GID 0... 11.) SSH'd back into the pineapple and opened /etc/etter.conf once again 12.) Modified Line 168 and 169 and unhashed the iptables for SSL Forwarding. 13.) Saved the file, rebooted the pineapple and now it appears that it may be working.. Tested it with internet explorer. We also took the time to ssh in and run cat /proc/sys/net/ipv4/ip_forward Which displayed 0. I guess in the end, it looks like its working, albeit slower than molasses on a cold winter day. This is a lot of work from the simple 'select the interface and hit start' we originally recieved. Personally, I'd love to know did we do something wrong? When I hit install on the large tile when it was in red, should I have waited, should something else have happened? Did we edit the right file. Overall, Whistleblower, can you please give us an update on how we're doing, if we messed up in the process. and perhaps would it be best to reinstall 'again' but perhaps wait longer on the 'install' click in the large tile? Forever greatful, (You should PM me your paypal if you ahve one, happy to donate.)
  18. So I just want to bring to the attention of the experts.. We're currently on assignment and our Mark V is really dropping the ball for us. Scenario 1.) Pine AP - enabled Karma MK5 - enabled Beacon Responder - enabled Harvester - Enabled using the TILE FOR ETTERCAP ettercap on br-lan, hit start. using the TILE FOR SSLSTRIP hit start. -- So long and short, we activate this. Ettercap turns off / stops working after about 30 seconds. -- In otherwords it STOPS WORKING. SSL Strip looks like its working Pine AP, Karma, Beacon, Harvester all reset back to 'disabled' after about 5 minutes. What am I doing wrong? Scenario 2.) To actually get ETTERCAP to work we've gone ahead and ssh'd into it Via Putty cd /sd ettercap -Tq -i br-lan -w filename.pcap This scenario works, but prevents us from enabling pineap or any of those options in the web browser. sure enough after about 30 minutes It stops working too. Can someone please tell me why this isn't working. We bought hte pineapple with intention of using it for our pen testings. but so far its been headache after headache We are having far more benefi from kali linux and simple etter capping the network that way Ultimately we want to use the Mark V though Please someone - anyone... :\ Sadly, not impresssed or happy at the moment. I even followed the advice of Whistleblower in another thread, but still no dice -- it simply stops working.
  19. So from the infusion I click the LARGE tile, and that gives me options (regarding Ettercap) The first tab has an area to select the INTERFACE and there is also a section for the command line? Is this where I would put in (in my case I'm using the SD CARD). cd /sd ettercap -Tq -i (interface) -w filename.pcap and then hit start? Thus saving the entire log to the SDCARD named filename.pcap One last question-- again sorry (maybe this can get stickied) The interface I want to select to monitor is the wlan0 if I'm using PineAP for clients to connect? My Setup is as follows: WLAN0 - > PineAP Access Point. WLAN1 - > Not Active WLAN2 (usb) - > Client Mode via Seperate WiFi) based on my setup I take it people connect and use WLAN0 therefor I monitor THAT access point? OR should I be monitoring WLAN2 in this scenario? I am *NOT* Using eth0.
  20. Another method for those of you who enjoy metasploit can be found.. https://www.mattandreko.com/2013/02/21/hsts-metasploit-module/ msf > use auxiliary/scanner/http/http_hsts msf auxiliary(http_hsts) > show options Module options (auxiliary/scanner/http/http_hsts): Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no Use a proxy chain RHOSTS yes The target address range or CIDR identifier RPORT 443 yes The target port SSL true yes Negotiate SSL for outgoing connections THREADS 1 yes The number of concurrent threads VHOST no HTTP server virtual host msf auxiliary(http_hsts) > msf auxiliary(http_hsts) > set rhosts www.paypal.com, www.google.com, www.yahoo.com, www.wikipedia.org rhosts => www.paypal.com, www.google.com, www.yahoo.com, www.wikipedia.org msf auxiliary(http_hsts) > msf auxiliary(http_hsts) > run
  21. I stole this post from the Mark IV forums and was wondering if someone could clarify... Is he referring to running the command cd /usb ettercap -Tq -i br-lan -w filename.pcap from the Tile.. or SSHing in and running from there?
  22. I am experiencing this same problem, perhaps someone can chime in? To provide a little more information I have the following running PineAP: PineAP Enabled MK5 Karma Enabled Beacon Response Enabled Network: wlan0 enabled wlan1 disabled wlan2 enabled (connected to my android hotspot) to provide internet. sslstrip 'on' and is clearly working as I can see it. urlsnarf on br-lan interface. 1.) The internet essentially stops for targeted people when urlsnarf and sslstrip are 'on'. I tried having urlsnarf monitor br-lan AND wlan0 in seperate tests but again no luck. 2.) SSLSTRIP is working without fail; however when urlsnarf and sslstrip are on at the same time the internet comes to a hault.. and about 30 seconds later it works again, but clearly urlsnarf is not logging. Any ideas on how to make the two work together?
  23. Life is like a giant puzzle and everyday you work to add another piece to the inevitable masterpiece. For what it's worth - everytime I read a post from you or watch a video of yours, I feel like another piece of this massive puzzle has been placed. Thanks your writeups, your examples, your scenarios, and your simplified breakdown on how, where, when, what, and why things do what they do. Forever Greatful, Urieal.
  24. https://forums.hak5.org/index.php?/topic/33518-big-thanks-to-hak5-i-snuck-in-a-question-too/ I posted about this in my thread -- I hope some of the pros read through it. It involves DNS Proxy 2 and SSLSTRIP2. It has a pretty high success rate; but I'm having a hard time contacting the author.. Hopefully someone can expand on this...
  25. My understanding is it is entirely dependent on the browser -- and -- if its apart of the HSTS site list... Thats why In another forum post I am inquiring to the infusion of SSLSTRIP2 and DNS2Proxy. SSLStrip as it stands has worked flawlessly against all our targets of interest when using Internet Explorer... Safari,Chrome,Firefox -- Thats a different story all together.. But remember - just because SSLStrip doesn't work -- you could always just ettercap or wireshark the data and hope they login to something with HTTP (Clear Text) You'd be surprised how many people use the same email and password for everything -- We're human. If you're not having much luck with SSLStrip and you're currently working for someone (client) perhaps try SEToolkit... clone the page and e-mail your clients.. You'd be amazed at how many people believe they really did win a free Ipad -- or a cruise to the bahamas.
  • Create New...