Jump to content

bolus

Active Members
  • Posts

    55
  • Joined

  • Last visited

Everything posted by bolus

  1. Mine's running the latest firmware that doesn't work properly.
  2. @i8igmac- you've cracked it! Added the sleep command and it's working a treat now. thank you for your assistance and suggestions, really appreciate it
  3. Thanks for the quick suggestion @i8igmac - appreciate it. Unfortunately, that's not worked. I've edited /etc/rc.local and added netcat 192.168.1.215 443 -w 10 On reboot - nothing. If I run the command stand alone, it connects fine, so I've ruled out a connectivity issue there. Could it be anything to do with the user that the pi boots with? I've tried adding sudo in front of the netcat command - nothing. any suggestions from you guys is appreciated
  4. I'm trying a proof of concept whereby when my Pi starts, it kicks off a Netcat session with my Kali laptop. Setup: Kali laptop (192.168.1.215): netcat -lvp 443 Pi (192.168.1.217): I have the script boot_netcat.sh (and ran chmod +x on it): !#/bin/bash netcat 192.168.1.215 443 -w 10 In crontab I have added: @reboot /home/pi/scripts/boot_netcat.sh When I reboot the Pi, the script isn't run. I've tried adding sudo to the script and also the crontab entry - still no joy. I've also tried this by ensuring cron is run at boot via /etc/rc.local: /etc/init.d/cron/start And still nothing. If I run ps aux |grep cron I can see cron running. If I run the script on its own, it executes and connects to my Kali laptop netcat listener. I'm sure it's something very simple that I'm not doing or not seeing - any suggestions as to what the problem is, or is there a better way to do this? Thanks in advance
  5. Thanks @digininja, appreciate the quick response. confirms one of my theories
  6. I've got a page where the content access is restricted by a username/password combination. It's not credentials where the user has to register for, it's just set on the server where all content is publicly accessible, apart from this page. I've found that I can access this by changing the header host value (via burp) Original: GET /content HTTP/1.1 host: site.com which returns HTTP 401 authorization required I change the header details to: GET /content HTTP/1.1 host: evil.com then I can access the requested page. I kinda stumbled across this, and would like to learn more about it - any advice as to what this type of vulnerability is called, and why it happens? I *think* that it's happening due to the validation only working when the request comes from the host domain, but would like confirmation of this. Cheers
  7. I've finally found some time to come back to the LanTurtle and see if I can get modules to autostart on boot. I've performed a manual factory reset of the LT with latest firmware (4), and decided to have another crack at the Netcat-revshell module, and I'm still not having this module start from boot. 1. I've tested a manual start of this module and my NC listener works - I can interact with the LT machine from my remote box 2. I've set the Bootup status to ENABLED, and rebooted 3. After login to the LT again, I can see that the netcat-revshell module still has Bootup Status: ENABLED, and current status: STOPPED 4. I can manually start this module and it works like a charm. 5. I've looked at another module - URLSnarf. that's not saving my configuration selection (save log to /tmp/) so here's another module that's not fully working. This is just frustrating; @Sebkinne and @Darren Kitchen are there any plans to look into this issue? I'm not the only user with these problems. Has Hak5 stopped supporting LT? If so, please confirm and I'll ditch the LT altogether and not spend more time on it anymore. I really want to use the LT on engagements, and to generally have a play around with some of the other modules that use tools/tech I've not spent much time with. If the LT is flawed, then it's just an expensive usb-ethernet adapter. hope that we see these issues resolved soon
  8. @Sebkinne has looked into this and messaged to say that he's identified the issue and a new firmware will be released.
  9. Further to my post about Netcat reverse shell not starting, I've spent more time with the LanTurtle trying to get it working. I've noticed that whatever module I enable, it doesn't run at boot. I've also noticed that with the Netcat module there have been times where I've started the module, only to find that when I return to the main netcat module screen, it's not running. Unsure how I got it working. It's very frustrating as I'm currently left with a LanTurtle that I have to SSH into whilst at the same device it's plugged into. Not overly covert :) Has anyone else had problems with enabled modules not starting? Not necessarily with V4 firmware, any version will do Thanks in advance
  10. Update: I manually reset the Turtle today using latest firmware, re-downloaded modules. Same story, when a module is set to auto start, they don't actually start. Has anyone else experienced this issue lately? It's been a frustrating week of this so any suggestions or pointers will be gratefully received.
  11. @Darren Kitchen and @Sebkinne Are there any logs I can tail, or configs that I should look at to diagnose this problem? I'm using latest firmware V4. Thanks in advance
  12. I've reset my Lan Turtle, installed the latest firmware and am now looking at the netcat reverse shell. If I start/stop it manually then everything works fine, but if I set Bootup Status to Enabled, when I reboot, the setting is retained but the module hasn't actually started. Any suggestions where to look or what to do? Any logs that will assist in solving the problem? Cheers
  13. Any tools you can recommend for looking at a website/application to deduce the software and versions that have been used? I don't mean like an nmap scan to identify services, but the software and services that are used when you're browsing the site. Thinking along the lines of builtwith.com, and something that goes a little deeper thanks in advance
  14. Thanks both for your feedback, very interesting and useful
  15. When you're running the OSINT and passive part of your engagement, what's the typical order of tools that you tend to run through? Dig, Fierce, DNS Recon Google hacks, Shodan, netcraft, built with Harvester Recon-ng, OSINT Framework Nikto Skipfish HTTrack, Burpsuite etc. etc. How do you structure your part of a pen test?
  16. You need to get even closer.
  17. I've not watched this yet; what did they mess up? was it intentional so that viewers have to find out for themselves, or was it an oversight?
  18. I'm learning my way through SQLi, and wondered what typically, the next steps are after I've: 1. Identified a vulnerability 2. via SQLi I've listed DB, user, tables, columns, content of columns etc 3. identified that user is not sysadmin (on a MySQL system) Where does one typically go next with identifying further information, and ultimately escalating privileges? I'm not after a step by step hold my hand approach, more a general 'this is the order I tend to do things in', as I know everyone has a different approach. thanks in advance
  19. Probably one of these: https://aws.amazon.com/ec2/instance-types/(Scroll down for GPU G2). TBH I've only just started looking into this, and I was fortunate enough to receive a $50 AWS voucher, so thought I'd have a play around with GPU pyrit. Model GPUs vCPU Mem (GiB) SSD Storage (GB) g2.2xlarge 1 8 15 1 x 60 g2.8xlarge 4 32 60 2 x 120
  20. Sorry, I worded my question rather vaguely. I have not a lot at home in terms of processing power, so am thinking that AWS GPU solution might be the way to go. thanks for your quick response
  21. Hi all. I've got a WPA2 handshake to crack, I know the format is 8 upper case A-Z and 0-9. I was thinking of using an AWS GPU instance to pipe Crunch output into Pyrit GPU, as I don't have masses of storage space to save the output. Does this sound like a feasible option, or can you think of a better way? Cheers
  22. If you've got time to prepare whilst other presentations are on, why not run a recon as close to the clients as you can get, and try to identify their devices. Then you can log probes that their devices are making, and set up PineAP with some of their SSIDs, and omit any other probes - that way you keep it targeted to the client and show them that they can be singled out pretty easily. Might be worth finding out if there are any legal issues with this before you embark
  23. The changes I make (via my Nano front end) to the landing page are saved into /etc/pineapple/landingpage.php This is the page that I see when I connect to PineAP with my phone. the images and other php files that my landing page uses are called from /www/ so, it's all working, but is the landing page being stored in the correct location?
  24. I don't have /etc/www folder - I assume I create this myself, or should it be present by default?
  25. sounds valid, thanks for feeding back some further info; my devices are connected to my local Wi-Fi network, not the PineAP. I've looked at the mac address of some of the devices broadcasting from my neighbours, and if the results are to be believed, a device vendor search shows some of them as Apple devices too. I'll play around more and report back
×
×
  • Create New...