Jump to content

0phoi5

Dedicated Members
 View Profile  See their activity

  • Posts

    702

  • Joined

  • Last visited

  • Days Won

    20

 Content Type 

Everything posted by 0phoi5

  1. 0phoi5
    I'll give it a try. Chromebooks aren't ideal - For example, they don't produce enough power through their USB slots to power an external wifi card. And I've had teething issues with some Linux programs such as Tor. However, if you have £200 to spare, they make a very nice portable hacking tool that's much cheaper than a laptop. Just takes a bit more setting up. I like being able to switch between ChromeOS and Linux on this and then I keep Windows on another laptop.
  2. 0phoi5
    Thanks Cooper. I will need to try this on Monday, as I'm going on a fishing weekend I will repost then. Your time is much appreciated, thank you.
  3. 0phoi5
    Hi all, I have successfully run Kali from a persistent USB and SD card on a Chromebook in the past, however I unfortunately didn't take down how I did it. Silly me! I have enabled Developer Mode and run; crossystem dev_boot_usb=1 dev_boot_legacy=1 dev_boot_signed_only=0 sudo chromeos-firmwareupdate --mode=todev All completed without error. However, on loading my Chromebook and pressing CTRL+U, it fails to boot from USB or SD. I just get a low-frequency beep. On pressing CTRL+L, it also fails to read any SD or USB and I get 2 high-frequency beeps. I'm at a loose end, as searching around the net only yields the above. Anyone have any ideas? Cheers.
  4. 0phoi5
    Ah, no. The command... FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO set /p USERSID=%%a ...still isn't working. After running this command manually, and then echoing %USERSID%, CMD just literally echos "%USERSID%", so the variable isn't being set at all. I'm going to try and save the variable USERSID to a text file and see what it does. The second part works fine. Running... psexec \\%AssetTag% -s -i reg add "HKU\[Input SID manually]\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f ...manually achieves the registry change with no errors.
  5. 0phoi5
    Thank you. I believe this has gotton me further along, however, annoyingly, I am still coming across an error. My code currently is; :ShellKeys setlocal cls echo. set /p AssetTag=Shell Folder Registry Keys - Please Type The User's Asset Tag:%=% cls echo. set /p Username=Shell Folder Registry Keys - And The User's UserID:%=% cls FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO set /p USERSID=%%a TIMEOUT 1 /nobreak psexec \\%AssetTag% -s -i reg add "HKU\%USERSID%\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f Pause endlocal GOTO Start However, this results in CMD prompt stating; SID for [SERVERNAME] / [%USERNAME%] : [SID successfully shows here] Waiting for 0 seconds . . . reg exited on [%AssetTag%] with error code 1. Press any key to continue . . . I can see that the SID is being successfully pulled, as I can ECHO it and it shows on-screen as per the above, however the REG command doesn't seem to be working. I have been unable to pinpoint why. I will get this to work, if it's the last thing I do! Thanks
  6. 0phoi5
    Ah, OK. I'll have to have a play tomorrow and see what happens. Would it be best to simply remove the a and leave the % on it's own? So like this?; FOR /F "tokens=*" % IN ('psgetid \\%IPAddress% %Username%') DO set /p USERSID=% Essentially this line is supposed to use PSGETID from PSTools and assign the result to the variable USERSID.
  7. 0phoi5
    OK, so far I have; :AmendRegKey setlocal set /p IPAddress=Please Type The User's IP:%=% set /p Username=And The User's UserID:%=% cls FOR /F "tokens=*" %a IN ('psgetid \\%IPAddress% %Username%') DO set /p USERSID=%a TIMEOUT 1 /nobreak psexec \\%IPAddress% -s -i reg add "HKU\%USERSID%\Path\To\Key" /v Keyname /t REG_SZ /d Z:\ /f Pause endlocal GOTO Start However, on running this in PSTOOLS I get an error stating "IPAddressUsernamea was unexpected at this time".
  8. 0phoi5
    Thanks Cooper :) I've had a dig around the interwebs and I think - although not yet tested to confirm - that I can use PSTOOLS PSGETSID to pull the user's SID and then user REG ADD and the full path to registry keys (including said user SID) to amend the user's registry. This should hopefully change the keys for the user and not me, as it's pointing to their own personal keys via their SID (HKU in regedit). I can then use this method to amend the keys for mapping drives and many other useful things. I think. I'll have to let you know! A quick question to help me try this out... How do I pull the output of a CMD command to a new variable? For example; PSGETSID \\A1234 USERNAME gives the output "123456789". How do I get "123456789" to assign to the variable %usersid%? I'm having too much fun here Cheers
  9. 0phoi5
    Hi Cooper, I believe this would then prompt me for the user's password, which I wouldn't have access to. I was holding out hope that an admin could run PSEXEC cmd.exe as a local user, but it seems I can only do it as myself, which is silly really. Makes PSEXEC only half as useful.
  10. 0phoi5
    To give further detail/clarification, I am able to run the following successfully; :ConfirmedGPUpdate psexec \\%AssetTag% -s -i -d -c -f cmd.exe /c gpupdate /target:user /force /boot Pause endlocal GOTO Start This is because '/target:user' in the GPUpdate runs the command for all users of the PC I am sending it to, so although it runs the command as me (admin), it still runs a GPUpdate for the logged on user as well. I want to do the same for other commands, not just GPUpdate. Thanks.
  11. 0phoi5
    Hi all, I'm using PSEXEC to map a drive on a user's machine remotely, amongst running various other CMD commands to amend registry files etc. I am running PSTOOLS on my machine under an admin account, because I cannot use PSTOOLS otherwise. On running the following script, as an example of one of the CMD commands I am trying to run, it runs it as me (as in, an admin). However, I don't want it to do this, as this doesn't map the drive for the user. I want the script to run the CMD command as the currently logged on user, not as me. :MapDrive psexec \\%IP% -s -i -c -f -d cmd.exe /s /c "NET USE X: \\GBUS0042\SMSAPPS$ /persistent:yes" IF ERRORLEVEL 0 ECHO Success! Pause endlocal GOTO Start How would I go about this? I have tried calling a batch file instead, but it still runs the batch file as me (admin) on the user's PC, rather than as them. The idea behind these scripts is to stop me having to remote to every user who simply requires a registy amendment or a drive mapping. Thank you in advance, Haze
  12. 0phoi5
    Ah, I found out why it doesn't work. I was running CMD as admin and the key change only takes place if running as local user, as it's a local user key. It was indeed working, but it was changing the key for my admin account and not the localy logged-on user (The key was HKCU, not HKLM) Doh. Thanks for the reply barry99705.
  13. 0phoi5
    Hi all, I am using the following CMD command; reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d P:\ /f However, this doesn't work. The key already exists, as as 'M:\', but I need it to change to 'P:\'. The CMD prompt states 'The operation completed successfully', but the key does not change. I need to do this via CMD, rather than a .reg or regedit. Thank you.
  14. 0phoi5
    Hi all, Just read a simple but interesting article in the Daily Mail regarding hacking the FitBit sports watch; http://www.dailymail.co.uk/sciencetech/article-3284611/Can-Fitbit-really-hacked-10-seconds-Analyst-claims-wearable-infect-computer-malware-makers-insist-attack-impossible.html It's an interesting concept, I was wondering if some of the more 'out-of-the-box' minds here could explain how something like this might be achieved using the programs and concepts we know today? I found it funny that the company who owns the FitBit stated that there's no way it could be hacked. Clearly they don't understand that ALL technology receiving a signal can be hacked. It's just a matter of working out how. Possibly, due to their lack of an interest in protecting against hacking, there could be some as-yet unknown vulnerabilities here. I'm thinking along the lines of getting malicious files on to the FitBit, or overwriting the data already held on there, and then transferring this malicious code when the user connects the FitBit to a PC to download fitness data/charge the battery? Any ideas/thoughts? *edit* So according to their own website, their watches sync wirelessly to user's PCs using Bluetooth, or plugs in to the user's PC via USB data cable. So of course it could be hacked! Probably possible to spoof the MAC/IP of the PC to get the FitBit to connect to your PC instead of the users, but ofc you'd have to be in close proximity. Or obviously just plug it in! It is a data cable, after all.
  15. 0phoi5
    Thanks overwraith :) Good info.
  16. 0phoi5
    Ah, nice idea! That's closer to what I was looking for, thank you
  17. 0phoi5
    Ah, good point. That's a huge shame. Maybe something for a future update to the Ducky? I guess it would be a case of carrying multiple mini-SD cards for different tasks and using some tip-ex to mark them etc.
  18. 0phoi5
    No one? Not possible?
  19. 0phoi5
    Hi all, Is there a way to load multiple payloads for different mobile phones on to one Rubber Ducky, and then get the payload to recognise the model of the phone it has been plugged in to and run the appropriate payload? Thank you, Haze
  20. 0phoi5
    Hi all, Apologies if this has been asked before, I'm new here and I had a good look around the forum but couldn't find anything related. When using the Rubby Ducky to run commands on a mobile phone, you have to of course use the equivilent of keyboard shortcuts, for example the shortcuts found here; http://www.pcworld.com/article/184656/android_keyboard_shortcuts.html Is there a website or resource available that lists the shortcuts for multiple phones, so regardless of which mobile phone I wanted to create a payload for, I could easily look up the shortcuts required to type up the payload? It'd be nice to not have to scour the internet for an hour each time I wish to create a payload for a different phone, trying to find it's keyboard shortcuts. Thanks all, Haze
×
×
  • Create New...