Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

1,280 profile views

bolus's Achievements


Newbie (1/14)

  1. Mine's running the latest firmware that doesn't work properly.
  2. @i8igmac- you've cracked it! Added the sleep command and it's working a treat now. thank you for your assistance and suggestions, really appreciate it
  3. Thanks for the quick suggestion @i8igmac - appreciate it. Unfortunately, that's not worked. I've edited /etc/rc.local and added netcat 443 -w 10 On reboot - nothing. If I run the command stand alone, it connects fine, so I've ruled out a connectivity issue there. Could it be anything to do with the user that the pi boots with? I've tried adding sudo in front of the netcat command - nothing. any suggestions from you guys is appreciated
  4. I'm trying a proof of concept whereby when my Pi starts, it kicks off a Netcat session with my Kali laptop. Setup: Kali laptop ( netcat -lvp 443 Pi ( I have the script boot_netcat.sh (and ran chmod +x on it): !#/bin/bash netcat 443 -w 10 In crontab I have added: @reboot /home/pi/scripts/boot_netcat.sh When I reboot the Pi, the script isn't run. I've tried adding sudo to the script and also the crontab entry - still no joy. I've also tried this by ensuring cron is run at boot via /etc/rc.local: /etc/init.d/cron/start And still nothing. If I run ps aux |grep cron I can see cron running. If I run the script on its own, it executes and connects to my Kali laptop netcat listener. I'm sure it's something very simple that I'm not doing or not seeing - any suggestions as to what the problem is, or is there a better way to do this? Thanks in advance
  5. Thanks @digininja, appreciate the quick response. confirms one of my theories
  6. I've got a page where the content access is restricted by a username/password combination. It's not credentials where the user has to register for, it's just set on the server where all content is publicly accessible, apart from this page. I've found that I can access this by changing the header host value (via burp) Original: GET /content HTTP/1.1 host: site.com which returns HTTP 401 authorization required I change the header details to: GET /content HTTP/1.1 host: evil.com then I can access the requested page. I kinda stumbled across this, and would like to learn more about it - any advice as to what this type of vulnerability is called, and why it happens? I *think* that it's happening due to the validation only working when the request comes from the host domain, but would like confirmation of this. Cheers
  7. I've finally found some time to come back to the LanTurtle and see if I can get modules to autostart on boot. I've performed a manual factory reset of the LT with latest firmware (4), and decided to have another crack at the Netcat-revshell module, and I'm still not having this module start from boot. 1. I've tested a manual start of this module and my NC listener works - I can interact with the LT machine from my remote box 2. I've set the Bootup status to ENABLED, and rebooted 3. After login to the LT again, I can see that the netcat-revshell module still has Bootup Status: ENABLED, and current status: STOPPED 4. I can manually start this module and it works like a charm. 5. I've looked at another module - URLSnarf. that's not saving my configuration selection (save log to /tmp/) so here's another module that's not fully working. This is just frustrating; @Sebkinne and @Darren Kitchen are there any plans to look into this issue? I'm not the only user with these problems. Has Hak5 stopped supporting LT? If so, please confirm and I'll ditch the LT altogether and not spend more time on it anymore. I really want to use the LT on engagements, and to generally have a play around with some of the other modules that use tools/tech I've not spent much time with. If the LT is flawed, then it's just an expensive usb-ethernet adapter. hope that we see these issues resolved soon
  8. @Sebkinne has looked into this and messaged to say that he's identified the issue and a new firmware will be released.
  9. Further to my post about Netcat reverse shell not starting, I've spent more time with the LanTurtle trying to get it working. I've noticed that whatever module I enable, it doesn't run at boot. I've also noticed that with the Netcat module there have been times where I've started the module, only to find that when I return to the main netcat module screen, it's not running. Unsure how I got it working. It's very frustrating as I'm currently left with a LanTurtle that I have to SSH into whilst at the same device it's plugged into. Not overly covert :) Has anyone else had problems with enabled modules not starting? Not necessarily with V4 firmware, any version will do Thanks in advance
  10. Update: I manually reset the Turtle today using latest firmware, re-downloaded modules. Same story, when a module is set to auto start, they don't actually start. Has anyone else experienced this issue lately? It's been a frustrating week of this so any suggestions or pointers will be gratefully received.
  11. @Darren Kitchen and @Sebkinne Are there any logs I can tail, or configs that I should look at to diagnose this problem? I'm using latest firmware V4. Thanks in advance
  12. I've reset my Lan Turtle, installed the latest firmware and am now looking at the netcat reverse shell. If I start/stop it manually then everything works fine, but if I set Bootup Status to Enabled, when I reboot, the setting is retained but the module hasn't actually started. Any suggestions where to look or what to do? Any logs that will assist in solving the problem? Cheers
  13. Any tools you can recommend for looking at a website/application to deduce the software and versions that have been used? I don't mean like an nmap scan to identify services, but the software and services that are used when you're browsing the site. Thinking along the lines of builtwith.com, and something that goes a little deeper thanks in advance
  14. Thanks both for your feedback, very interesting and useful
  15. When you're running the OSINT and passive part of your engagement, what's the typical order of tools that you tend to run through? Dig, Fierce, DNS Recon Google hacks, Shodan, netcraft, built with Harvester Recon-ng, OSINT Framework Nikto Skipfish HTTrack, Burpsuite etc. etc. How do you structure your part of a pen test?
  • Create New...