Jump to content

Thecolorchanges

Active Members
  • Content Count

    39
  • Joined

  • Last visited

Posts posted by Thecolorchanges


  1. Was wondering what the official method to update metasploit is? for now I've installed git to clone the repo, then gem install bundle, chown -R the new folder to 1004:1004 and rename it the metasploit-framework and delete the old one. Working well so far, and can run msfupdate. Any thoughts on this being a bad idea to get the latest version?


  2. I pulled out one of my older turtles running v2 earlier after @Sebkinne corrected a server side issue and noticed I couldn’t pull the update to v3 either. Got a quick look at wget attempting to pull the .bin and failing due to SSL. Was able to scp the file up and update as wiki/ @mekvii detailed. Though I cannot repeat the moduleManager issue, pulled down 5-6 all at once. Working ok here ?


  3. started sifting through /usr/bin and decided to chmod +x meterpreter-https

    ./meterpreter-https awseome.vps.com 443

    Sessions opens on vps. 

    It doest quite work when I interact with it but there is some neat stuff in store ?


  4. I think the 3g LanTurtle boils down to this: Stealth. As a Sysadmin if I were to see one of these, I'd never give them a second glance. You hang an old Nexus 5X off one of my racks, well I'll pick that up immediately and know something is up. I've been on pentests where the network was so restricted that SSH and even https was restricted. This would have let me leave the site and still stay connected. Worth the $250 if I can go home and finish the job on my couch :)


  5. On 6/14/2017 at 3:39 AM, Miko said:

    Hi Sebkinne,

    So what would you recommend to view/edit a .bin file ?

    When I did a Google search, it recommended the above program wxhexedit.

    So, what you're doing here with with wxhexedit is essentially peering into a zip file. The .bin file is flashable code containing a modified version of OpenWRT. Essentially when you use a hexedit, you're seeing padding/etc. .bin's can be extracted.. it's alot of work but can be done if you nose around. Seb has said there are a few minor issues, I've had my nano for quite a while and while it does have a few minor, minor quirks the code is pretty solid.

    • Upvote 1

  6. 11 hours ago, RickyHax20 said:

    Never mind about it... I was connecting to the management AP at the time. When I mean "time after time" I meant that when I enter the password (that is the correct one) it tries to connect and asks me for the password again.

    Are you running pineap with rebroadcast + allow (basically everything checked) this will happen, the pineapple treats your phone no different than the devices tested against, you'll have to whitelist/blacklist to avoid.


  7. Quick question, i had a bit of this too. I narrowed it down to a bad SD card. Have you tried formatting/swapping that out? I also found that i get the best results by using the Y cable plugged into a battery pack with 2 outputs. I use a tertiary radio to connect the pineapple to my hotspot. When the tertiary radio is down, or if the pineapple is under very heavy load I've seen this as well. Also, do you already have PineAP running when you attempt to recon?


  8. On OSX: disable all active network connections (onboard LAN/Wifi) and then plug in a Cat5 cable from your router/switch to the lanturtle. Plug lan turtle into mac, open a terminal and type: ifconfig
    you should have an ip address of 172.16.84.x from there just ssh root@172.16.84.1
    From there you should be set!

×
×
  • Create New...