Jump to content

0phoi5

Dedicated Members
 View Profile  See their activity

  • Posts

    702

  • Joined

  • Last visited

  • Days Won

    20

 Content Type 

Everything posted by 0phoi5

  1. 0phoi5
    Favourite game: Thief Series Favourite OS: Kali Favourite console: I don't tend to console game, although I have an xbox 360. Nationality: English Accent: English, slightly posh apparently. Favourite band: At the moment? Eisbrecher Favourite book: The Necroscope Series Favourite author: Brian Lumley Favourite movie: Back To The Future series Favourite director: No idea. I don't really notice who directs what. Favourite TV Show: House, Battlestar, Death Note Favourite actors: Rowan Atkinson or Hugh Laurie Favourite Pinup: No particular favorite. Although not really 'pinups', as a kid, I put up pictures of Sarah Michelle Gellar and Samantha Mumba. Ha. Favourite Comedian: George Carlin Other hobbies: Mountain walking, fishing, cycling, messing with any kind of script/code, breaking my PC, building PCs. Occupation: Work in IT *edit: Always spell stuff wrongly!
  2. 0phoi5
    Another typical example of the American (and the UK, too) government not having a clue what the heck they are on about, when it comes to 'Cyber Security' (I use this term in the broad sense here). They're not scared of the average Tom, Dick or Harry being affected by drones, they just don't want their own private lives to be intruded upon by potentially flying data-gatherers, because it's just one more avenue that the everyday guy can use to realise how corrupt everyone above him really is. There's been remote-controlled aircraft for an age now, but these had wings or a single rotor, meaning they couldn't carry nefarious equipment around. It's only the addition of the 'quad-coptor' that's got everyone's panties in a twist, because suddenly the upper echelon feel threatened by cyber attacks again. As usual, toffs with no knowledge of what they are talking about gather in a nice leather-clad room to ping glasses over how they can keep the man down, and how they can stop people from spying on them and their rich friends. I don't believe any of this is remotely enforceable, and I don't think they intend to enforce most of it anyway. It's more a front for the sheepling masses, to make them feel 'safe'. The same masses that understand nothing about how most technology actually works. Baa.
  3. 0phoi5
    Hi all, I can search this question on the internet and find the occasional useful byte of information, but most of it's a bit rubbish. Plus, I'd like to get some direct opinions. How would you personally go about setting up an affordable (say, less than $1500) Password hash cracking machine? For example; A computer packed with loads of cheap GPUs? But which ones? A Raspberry Pi cluster? Pay a service to do it for you? If so, what services are available? Other? Thanks. *edited* My spelling and grammar is always terrible because I type too fast.
  4. 0phoi5
    Ah, this seems to work... @echo off set "userone=" set "usertwo=" set "userthree=" set "userfour=" for /F "skip=1 tokens=2 delims=\" %%a in ('psloggedon -l -x \\%Hostname%') do if not defined userone set userone=%%a for /F "skip=2 tokens=2 delims=\" %%b in ('psloggedon -l -x \\%Hostname%') do if not defined usertwo set usertwo=%%b for /F "skip=3 tokens=2 delims=\" %%c in ('psloggedon -l -x \\%Hostname%') do if not defined userthree set userthree=%%c for /F "skip=4 tokens=2 delims=\" %%d in ('psloggedon -l -x \\%Hostname%') do if not defined userthree set userthree=%%d echo A. %userone% echo B. %usertwo% echo C. %userthree% echo D. %userfour% Does this seem OK? I don't want to be using 'bad code'. Thank you.
  5. 0phoi5
    I'm not very au fait with Java, you're making me think too hard for a work morning cooper! Is it down to me setting a variable with a variable? Should I just stick to echoing %%a instead of setting %LoggedOnUsers%?
  6. 0phoi5
    Hi all, More batch script goodness. I'm using PSTools' psloggedon for this. In CMD, if I input 'psloggedon -l -x \\HOSTNAME' I get the following result... Connecting to Registry of \\HOSTNAME... Users logged on locally: DOMAIN\USER_ONE DOMAIN\USER_TWO DOMAIN\USER_THREE DOMAIN\USER_FOUR Using FOR in a batch script, I would expect skipping the first 2 populated lines (using /F) and setting the delimiter as '\' should allow me to pipe just the usernames to the screen, however it isn't working. I am using the following... @echo off for /f "skip=2 tokens=2 delims=\" %%a in ('psloggedon -l -x \\%Hostname%') do set "LoggedOnUsers=%%a" echo "%LoggedOnUsers%" ...which results in the variable %LoggedOnUsers% being echo'd as simply... USER_TWO The end result I am aiming for is to output a list of all usernames logged on to a Hostname, regardless of whether it's just 1 user or many users, and then offer a CHOICE to the user of which username they want to select. For example, if a machine had 4 users logged on to it, the return would be; A. USER_ONE B. USER_TWO C. USER_THREE D. USER_FOUR Select a user : A,B,C,D [set variable based on whether input is A, B, C or D to the username for that selection] Where am I going wrong? Thank you. *edit* Amended spelling.
  7. 0phoi5
    Thanks both, I'll have a play and repost results.
  8. 0phoi5
    If you are unable to; target a machine using it's IP and Metasploit with all attempts failing due to AV and you are unable to shut down their AV (you probably could, but it doesn't sound like you've read much in to it) then I would suggest targeting the user of the machine, rather than the machine itself. I.e: A malicious file. This will go past the AV software if the user is silly enough to open it. The most vulnerable part of any system is the Human part.
  9. 0phoi5
    I use the age-old, can't-go-wrong, classic - The Alfa AWUS036H. I have the 7dbi directional and a yagi for it. Both work great for different situations. *Edit* This; http://www.amazon.com/Alfa-AWUS036H-Wireless-Long-Rang-Panel/dp/B003YI4HRM
  10. 0phoi5
    Couldn't agree more. Install Wireshark, Snort and Aircrack on one of your own machines that you can practice against, and examine how your attacks against WiFi show up on the target end. Read up on methods to slow down your scans/attacks and use things like SYN packets to obfuscate the attack. I would also recommend thinking about the hardware you use. Are you going to use a laptop that you also use for gaming and surfing Facebook, or are you going to use a cheap, second-hand laptop with no traceable history back to you? Or maybe a Raspberry Pi that you don't mind getting rid of the moment you feel unsafe? *Edit* Corrected spelling.
  11. 0phoi5
    Hi Cooper, That would be perfect if it worked correctly. Unfortunately, the output of... get-WmiObject -class Win32_printer | ft name, systemName, shareName ...is... name systemName shareName ---- ---------- --------- Send To OneNote 2010 [HOSTNAME] Microsoft XPS Document Writer [HOSTNAME] Fax [HOSTNAME] ... which is wrong. There should be a few hundred printers on the network, but it only shows 3 local printers, nothing on the network at all. If this could show all network printers, that would be amazing, as I could simply then pull the relevant line with the printer name 'Q123' from the output.
  12. 0phoi5
    Hello all, Sorry to ask another CMD/Batch question, I'm still learning and having way too much fun ;) I'm trying to add a printer using... rundll32.exe printui.dll,PrintUIEntry /in /n "\\servername\Printer Name" ... which works great IF you know the full name of the printer you are trying to add. If I use Windows 7's Control Panel > Devices & Printers to add a printer, I can select; Add A Printer > Add A Network Printer > The Printer I Want Isn't Listed > Find a printer in the directory and then type in a small section of the printer's name and it will find it. For example, one of our printers is called 'Q123 HP LJ MFP M880 on SERVERNAME' but I can find it by simply typing in Q123. Is there a way that I can get the batch command to add the printer using something like... rundll32.exe printui.dll,PrintUIEntry /in /n "Q123" ... and get the system to do the same kind of search it would do if I went through the control panel (automatically search our print server for a name like 'Q123' and install it?) I have trawled the internet for a while looking for this info, but was unsuccessful in finding anything that didn't state to input the full name of the printer. Thank you in advance. *edit* Amended grammar/spelling.
  13. 0phoi5
    So the current code I have is... echo %StartInput% | findstr /m /r "[0-9]" IF ERRORLEVEL 1 ECHO This includes numbers echo %StartInput% | findstr /m /r "[^a-zA-Z]" IF ERRORLEVEL 1 ECHO This doesn't include numbers Pause ... but the output, when I enter '1234' as the variable %StartInput% is... 1234 1234 Press any key to continue . . . It appears it's ignoring the findstrs all together and is simply echoing the varibale on-screen twice. Using your example doesn't work either, unfortunately, as it does the same... echo "%StartInput%" | findstr /m /r "[0-9]" IF %ERRORLEVEL% EQU 1 echo "Numbers" echo "%StartInput%" | findstr /m /r "[^a-zA-Z]" IF %ERRORLEVEL% EQU 1 echo "Letters Only" Pause ... and the output, when I enter '1234' as the variable %StartInput% is... "1234" "1234" Press any key to continue . . . I've also tried; echo "%StartInput%" | findstr /m /r "[^0-9]" echo "%StartInput%"|findstr /m /r "[0-9]" echo "%StartInput%"|findstr "[0-9]" All give the same output, namely repeating the variable twice. Hmmm!
  14. 0phoi5
    Worked great, thank you. Turns out I misread the O as a 0 and that the article I was reading had incorrectly quoted an uppercase V. Much appreciated.
  15. 0phoi5
    Thanks, I'll check this out at work tomorrow.
  16. 0phoi5
    Thanks, will give this a test tomorrow :)
  17. 0phoi5
    Hi all, I'm running the following script in NMAP... nmap -sS -T2 -P0 -V [IP Address] -D [Decoy IPs, separated by commas] ... and I get the following output... Nmap version 6.49BETA5 ( https:\\nmap.org ) Platform: arm-unknown-linux-gnueabihf Compiled with: liblua-5.2.3 openssl-1.0.1k libpcre-8.35 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select (sana)USERNAME@localhost:~$ ...and that's it. No actually output from nmap is given. Why is this not giving me anything? What have I done incorrectly? Thank you.
  18. 0phoi5
    Hi all, I have a batch file which starts with the user inputting either; The hostname for a PC The full name of a user The surname of a user I would like the script to work out what was input and GOTO the next relevant section. Basically; Does the variable contain any numbers? If yes, GOTO Hostname If not; Does the variable contain any spaces? If yes, GOTO FullName If not; Does the variable contain only 1 word made up of only letters? If yes, GOTO Surname If not; Error message. I have tried various instances of... echo %INPUT%|findstr /r "[^a-zA-Z]" > nul ... and similar, but I can't seem to get it work correctly. Thanks in advance.
  19. 0phoi5
    BINGO! The finished product... FOR /F "tokens=1* skip=1" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d M:\ /f
  20. 0phoi5
    Darn it!! Nope, still not working. False resolved, turns out the guy's key was already amended before I ran my script. I can see the issue, though. The actual output / script run from... FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s -i reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f ...is... reg add "HKU\SID for WL_DOM1\willhay:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f This doesn't work, as it's picking up the output of USERSID as "SID for WL_DOM1\willhay:" This is down to the command PSGETSID having the following output (when run on it's own for the same user 'WILLHAY')... SID for WL_DOM1\willhay: S-0-0-00-000000000-0000000000-00000000-00000 Unfortunately it's picking up the first line of the output instead of the second. Argh! *EDIT* I found this... http://stackoverflow.com/questions/18083366/getting-second-line-of-text-set-as-a-variable-using-for-in-batch ... But have yet to try it properly, as I finish work shortly. I will update again tomorrow.
  21. 0phoi5
    Ah, it worked! I tested it on a colleague and success! Apologies, the reason I didn't think it worked before was because it actually throws up an error code 1 after doing the 'psgetsid \\%AssetTag% %Username%' bit, but the script actually continues on and completes successfully. In the end then, this was the full set of commands; :Test setlocal cls echo. set /p AssetTag=Test Script - Please Type The User's Asset Tag:%=% cls echo. set /p Username=Test Script - And The User's UserID:%=% cls FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s -i reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f Pause endlocal GOTO Start Much better than the bodge I threw together! Thank you loads Cooper, you've been excellent.
  22. 0phoi5
    No luck with that unfortunately, however I found a way to get it to work 'with gaffer tape and chewing gum' ; :AmendRegistryKey setlocal set /p Hostname=Input the user's PC Hostname : %=% set /p Username=Input the user's Logon ID : %=% psgetsid \\%Hostname% %Username% echo Please type the last few digits of the above SID reference set /p UserSID=(the numbers after the last dash):%=% cls psexec \\%Hostname% -s reg add "HKU\[S-0-0-00-0000000-0000000000-00000000]-%UserSID%\Path\To\Key" /v [Name of key] /t REG_SZ /d [Amendment] /f cls IF ERRORLEVEL 0 ECHO Error 0 means the command completed successfully! IF ERRORLEVEL 1 ECHO Any other error could mean a few things - An incorrect user logon name was entered, access to the remote PC was denied or the registry key was not found. Pause endlocal GOTO Start Not a perfect script, as it requires one more bit of input by the user, but it works and it only added a few seconds to the input, so meh, it does what I need! *edit* For those that read this in the future - This can also be used to map drives, as per my orignal post up top. Just amend the registry keys that point to the user's drives. Just amend the line... psexec \\%Hostname% -s reg add "HKU\[S-0-0-00-0000000-0000000000-00000000]-%UserSID%\Path\To\Key" /v [Name of key] /t REG_SZ /d [Amendment] /f ... to point to the path for the mapped drives. This works for me as the SID for each user in our company remains the same, bar the last 5-6 digits (after the last dash), so I just ask the user to input these digits. It may be different for you. Check a few user's SID's and note how much is the same for each user, then amend the '[s-0-0-00-0000000-0000000000-00000000]-%UserSID%' for your use. Thanks for your help.
  23. 0phoi5
    Got it working. I was dd'ing the .img file to the USB/SD card using a Linux system. I decided to try using my Windows PC and USB Installer, as per this article; http://null-byte.wonderhowto.com/how-to/install-kali-live-usb-drive-with-persistence-optional-0162253/ This worked for me. dd'ing, for whatever reason, wasn't creating the USB correctly, even though the file system looks the same after each. Cheers guys.
  24. 0phoi5
    Acer Chromebook 13. I know it does work though, because I had it loading successfully around 6 months ago. I unfortunately lost the memory stick and my Chromebook has been wiped since then. Should have written down what I did really :/ I'm trying the 32bit version of Kali instead, maybe the Chromebook doesn't handle 64bit.
  25. 0phoi5
    Still won't load. Still getting the same issue.
×
×
  • Create New...