Jump to content

M@$T

Active Members
  • Posts

    40
  • Joined

  • Last visited

Posts posted by M@$T

  1. 9 minutes ago, Enzym3 said:

    Most definitely. I intentionally left out a handful of the typical obfuscation tricks just so you could see what's happening in the video since I recorded it just before bed that night instead of doing one with a voiceover and more in depth description. I'm currently driving 15 hours back home for thanksgiving, but sometime after family get togethers today I'll sit down and remote into my home PC and get you guys my source code. I still plan on vastly improving it and adding features, but if any of you make your own changes, I'd love to see what you've come up with!

    Happy Thanksgiving!

    -Enzym3

    great stuff! 

    looking forward to seeing the code!

  2. 5 hours ago, Ferryman said:

    Would love to get a copy of that payload.

    Same here..

    Maybe you can make the screens smaller (reduce the PS window size or minimize the windows so that they don't look suspicious) so that they don't really show like in the original payload?

  3. 3 minutes ago, mojo0243 said:

    Also a great option but normally when someone is doing an external test they don't have physical access though yes some times they do.  I think using the lan turtle though kills the learning process and essentially just gives him access back into the network and then it is the same as just doing an internal exploit.

    Fair enough ;) 

     

    I suggest you set up a local LAN and have a pc connected to a neighbors WIFI or a hotspot from your cell phone so that you will be connected to an "outside network" and practice. you will not manage at first but persistence always prevails   

  4. 10 minutes ago, mojo0243 said:

    M@$T is correct.  Even if you have the port open if you are trying to get IN then the router needs to be forwarding all incoming traffic from a port to that computer and it's open port.  This will require getting into the router from inside the network.  Then you can also setup a DNS host on the router with something like duckdns which will let you connect even if the IP changes (which most of the time it will when they reset the router).  The best thing is to send a shell OUT to a VPS and then connect to the VPS and open the shell.

    or you can use the lan turtle if you have physical access to the PC and get a remote shell =)

  5. Hi there, 

    I followed the steps for the credential snatching.. I plugged in the turtle and the amber led keeps flashing however it remains that way and does not load into windows 10..

    is there a way i can confirm i configured the turtle properly?

  6. Gotcha.. Thanks digip - so basically without placing a hub I can't sniff the workstation next to me just by using wireshark.. 

     

    However.. If you are on an internal wifi - is this possible just using wireshark?

  7. Hi there, 

    Thanks for your reply, Is it possible to sniff another PC on the network however? I know it might be a long shot but this is to create awareness of not using ssl. I cant find the proper way of sniffing another IP

  8. Hi All, 

    Getting to understand and play around with wireshark for network sniffing.. I know that when i filter for http.request.method == POST i can view un encrypted passwords.. Question is.. If you are on a network and you want to sniff a specific PC.. how should the sniff be? do i filter out the IP of that specific PC? or listen to anything going towards the router and filter that PC's IP?

  9. Hi Guys, 

    was looking at the scripts to snatch the password form a windows PC.. If there a way to instead of upload the file on the web, to save the file locally on the USB? would remove a variable in case the attacked PC does not have a connection..

×
×
  • Create New...