Jump to content

flipchart

Active Members
  • Content Count

    46
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by flipchart

  1. if the computer is not bitlocker encrypted, you don't even need his password to access the data. Simply take the harddrive/ssd out of the computer into a harddrive case and access the data like you normally do with external harddisks: https://s.click.aliexpress.com/e/_ApZIwK

    If you happen to have a large 3.5" disk you should get some connector with an integrated power supply: https://s.click.aliexpress.com/e/_ApMtIm

    This should do the trick. Maybe you are lucky enough to find a backup of the Huawei Phone on the computer to restore your pictures...

    I wish you success!

  2. Hi Francis

    I am very sorry for your loss!

    To keep my answer short, I can tell you, that the Rubber Ducky won't help you. The Rubber Ducky can only automate your manual typing as it acts as a keyboard which can be programmed.

    What you need is a real forensic company. Unfortunately I do not know any company doing these kind of service near you, but a good company should be able to access at least the Win10 data, as long as it is not bitlockered...

    all the best

    flipchart

    • Upvote 2
  3. I just encountered the same Problem here. Changed cables, power supply, Adapters and so on, but the Screen Crab keeps telling me that there is no signal, even though there is.

    The signal comes from a Lenovo X270 in its Docking station via HDMI to the Screen Crab and further via an HDMI to DVI Cable to a Lenovo Thinkvision L1951pwd. It worked in the beginning with a few (3-4) screenshots but now no more. (I have to say that some screenshots were broken jpegs)

    Tried another monitor and it works fine, HDMI 1.4 also connected via DVI adapter. The Lenovo Thinkvision is super old but already supports HDCP, maybe this is the problem. That would explain why it first worked but now, as the OS and the monitor got "to know each other" they probably swapped for HDCP... #noIdea

  4. Ok, ScreenCrab.apk is a system app having this in its Manifest:

    android:sharedUserId="android.uid.system"

    And system apps with sharedUserId need to be signed with the same key as the system (as far as I understood). So there is currently no chance for me in getting this apk easily modded and working...

     

    Well, then, lets think around the other corner:

    ScreenCrab does store images offline every 5 sec. Why not write a script which uploads all these images to an sftp?

    Unfortunately, there is no curl on the ScreenCrab - but we have busybox with very useful tools like "mt" (Control magnetic tape drive operation) 🙂

    But thankfully there is a precompiled curl - statically linked - available here: https://github.com/moparisthebest/static-curl

    Direct link: https://github.com/moparisthebest/static-curl/releases/download/v7.75.0/curl-armv7

     

    Now all that's missing is a wrapper handling the file uploads and a wrapper checking the wrapper is always running...

     

    BTW: File transfer to the ScreenCrab can be done by having an http (no ssl) server serving the files and downloading them from the ScreenCrab with "busybox wget http://..." -> https://chryzsh.gitbooks.io/pentestbook/content/transfering_files.html

  5. ok, one step further: The sinner is "ScreenCrab.apk" which can be found at /system/priv-app/ScreenCrab/ScreenCrab.apk

    I decompiled the app online at http://www.javadecompilers.com and found in sources/org/hak5/screencrab/p004c2/Device.java this function:

        private String getWANInterfaceName() {
            return "wlan0";
        }

    so my eth1 should be called wlan0 or I have to try to change this string in this apk. As I am not an Android Developper I first tried the renaming of the interface with some adjustments of my script:

    #!/system/bin/sh
    # wait for eth1
    
    /system/bin/svc wifi disable
    
    while [[ $(/system/bin/ip a | /system/bin/grep -m 1 -o eth1) != "eth1" ]]; do
    /system/bin/sleep 1
    done
    
    /system/bin/ifconfig eth1 down
    /system/bin/sleep 1
    /system/bin/ip link set eth1 name wlan0
    /system/bin/sleep 1
    
    /system/bin/ifconfig wlan0 10.13.37.22 netmask 255.255.255.0 up
    /system/bin/sleep 1
    /system/bin/route add default gw 10.13.37.1
    /system/bin/sleep 1
    /system/bin/ndc resolver setnetdns wlan0 8.8.8.8 8.8.4.4
    /system/bin/sleep 1
    
    exit 0

    But so far wihtout success. Any help is appreciated, this is also why I attach the ScreenCrab.apk .

    @mods : If this violates any rules feel free to delete the attachement, I am just desperately seeking for help for my ScreenCrab <-> Ethernet project. Thanks for understanding!

    ScreenCrab.7z

  6. ok, got a step further:

    busybox vi /system/etc/mkshrc
    ================ add line to the end ===================
    /etc/eth-setup.sh &
    ========================================================
    
    
    -> /system/etc gets mapped to /etc
    
    busybox vi /system/etc/eth-setup.sh
    ========================================================
    
    #!/system/bin/sh
    # wait for eth1
    while [[ $(/system/bin/ip a | /system/bin/grep -m 1 -o eth1) != "eth1" ]]; do
    /system/bin/sleep 1
    done
    
    /system/bin/ifconfig eth1 10.13.37.22 netmask 255.255.255.0 up
    /system/bin/sleep 1
    /system/bin/route add default gw 10.13.37.1
    /system/bin/sleep 1
    /system/bin/ndc resolver setnetdns eth1 8.8.8.8 8.8.4.4
    /system/bin/sleep 1
    
    exit 0
    
    ========================================================

    The "autorun" gets handled by the mkshrc script which by default gets loaded as there is a shell presented on tty...

    This now works, but C2 only works over WiFi.

     

    @darren & Team:

    How can I enable C2 connections, even if there is no WiFi (e.g. only my LAN)?

    Please help... please...

  7. In case anyone out there is working in the same direction:

    mount -o remount,rw /dev/block/mmcblk0p1 /system

    mount -o remount,rw /dev/block/mmcblk0p1 /system

    lets you persistently edit files in /system which will be symlinked to /etc and the like on boot...

    Any help is appreciated!

  8. Hey Guys

    I am trying to use my Screen Crab over Ethernet... So far I found this USB-C gigabit adapter with integrated power delivery port to work:

    https://www.delock.de/produkt/65402/merkmale.html?setLanguage=en

    After having fiddled around with this weird OpenWRT Installation on the Screen Crab, I've found the following commands to work and get the ethernet up and running:

    ifconfig eth1 10.13.37.22 netmask 255.255.255.0 up
    route add default gw 10.13.37.1
    ndc resolver setnetdns eth1 8.8.8.8 8.8.4.4

    after this I can ping and lookup dns records. The commands are entered by using the onboard serial connector within my Screen Crab (yes, warranty voided)

     

    Does anyone have any hints on how to get these commands run at boot?

  9. On 11/11/2020 at 7:41 PM, hhammidd said:

    Hi 

    Is there any general method to get such a kind of informations from the firmware of cctv cameras?

    using binwalk or any others?

    thanks

    binwalk -e helps a lot, often you can simply edit the binary file, as the config is part of the last few bytes and ascii 😉

  10. Ok, I got the SOLUTION! :

    STATIC IP AND CUSTOM MAC:

        # Set Static IP & Custom MAC
        uci set network.lan.proto='static'
        uci set network.lan.ipaddr='10.11.12.188'
        uci set network.lan.gateway='10.11.12.1'
        uci set network.lan.dns='8.8.8.8'
        uci set network.lan.netmask='255.255.255.0'
    
        /etc/init.d/network restart
    
        ifconfig eth0 down
        ifconfig eth0 hw ether 12:00:15:b7:13:37
        ifconfig eth0 up

    This way you set your static IP, restart network to commit the changes, take eth0 down, set MAC and put eth0 back up again. If you restart the network, you get another random MAC.

     

    Thank you for all the support 🙂 especially @kdodge && @lespacefish

  11. On 5/6/2020 at 7:57 PM, kdodge said:

    This is the configuration file/system for most linux OSes

    Well, the shark jack is an openwrt, so the networking should be defined in /etc/config/network. And then there is the NETMODE command... But luckily the NETMODE command is just the following script:

    root@shark:/etc/config# cat /usr/bin/NETMODE 
    #!/bin/bash
    
    function show_usage() {
        echo "Usage: $0 [DHCP_CLIENT|DHCP_SERVER]"
        echo ""
    }
    
    case $1 in
        "DHCP_CLIENT")
            uci set network.lan.proto='dhcp'
            ;;
        "DHCP_SERVER")
            uci set network.lan.proto='none'
            /etc/init.d/odhcpd start
            ;;
        *)
            show_usage
            exit 0
            ;;
    esac

    so i tried to setup everything with uci in the payload:

        uci set network.lan.proto='static'
        uci set network.lan.macaddr='13:37:13:37:13:37'
        uci set network.lan.ipaddr='10.11.12.188'
        uci set network.lan.gateway='10.11.12.1'
        uci set network.lan.dns='8.8.8.8'
        uci set network.lan.netmask='255.255.255.0'
    
        /etc/init.d/network restart

    This works, except for the MAC address...

     

    I kind of think that the network restart also assigns a random MAC, but I am not yet down there...

  12. I am getting pretty tired now... I really tried hard, i must be missing something:

    As I do not want to fire off a DHCP request, i selected NETMODE TRANSPARENT. With the following ifconfig commands I tried to achieve static IP and hw address set:

    # Change MAC address
    ifconfig eth0 down
    ifconfig eth0 hw ether 00:XX:XX:XX:XX:XX
    ifconfig eth0 192.168.2.102 netmask 255.255.255.0 up
    
    route add default gw 192.168.2.1

    and I always get a random MAC.

    When I select NETMODE DHCP i get my custom MAC but an IP from DHCP...

     

    I was already looking for a way to set the shark random MAC to my custom MAC, but there must be an easier way... what am I missing?

  13. most of these cheap chinese cameras have limited functionality and are very bad in terms of security... (not saying the more expensive ones are better 🙂 )

    What you can do is dumping the memory, usually the firmware is on a SOP8 Chip which you can dump via a BIOS ROM reader (https://s.click.aliexpress.com/e/_dYbO35F ). Then unpack it with binwalk and edit the password which is hardcoded in the firmware. Then simply pack it and write it back to the chip... Boot the camera and there you go!

    there are many cool things you can do by editing the firmware this way. Like import additional features or remove the cloud feature of the vendor...

    Just always keep a copy of the original firmware, in case things go south 🙂 

  14. Hey Guys

    I just found my old Mark V in its original box, with all the cables, the quickstart guide, a pineapple sticker and the additional USB to Pineapple Cable (Juice Cable)... But I simply have no use for it anymore. If anyone is interested in it (for collection/for use or whatever) I would be willing to swap it for something else  from hak5 or anything you come up with that makes my pentesting/HAM heart happy...

    Pictures: (sorry, attachement quota filled with one image and cannot delete it anymore... ;( )

    https://ibb.co/KNMY7qm
    https://ibb.co/3Tr8tV1
    https://ibb.co/JpfG58J
    https://ibb.co/MNrcYdj
    https://ibb.co/3vn2WbW
    https://ibb.co/d6xx5P6
    https://ibb.co/HtGrwyL

  15. Plunderbug does not work on iOS Devices... It works only on Computers and some Android devices with root access:

    Quote

    Coupled with cross-platform scripts for Windows, Mac and Linux – or an Android root app – this smart network sniffer enables passive recording or active scanning.

    https://shop.hak5.org/products/bug

     

    And the Plunderbug is not primarily thought to be a standard network interface card (NIC). Plunderbug is thought to intercept between the two network ports it has. But you can also use it as standard NIC. Read the docs below and have a look at the mode changing (2nd link)

    https://docs.hak5.org/hc/en-us/articles/360019046533-How-to-tap-an-Ethernet-link-with-the-Plunder-Bug

    https://docs.hak5.org/hc/en-us/articles/360018810834-About-Mode-Switching-on-the-Plunder-Bug

×
×
  • Create New...