Jump to content

Teabot 5000

Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Profile Information

  • Gender
  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Teabot 5000's Achievements

  1. The Pineapple autossh module will automatically create an SSH tunnel back to a server. If you want to forward all traffic through that tunnel I'd imagine you might need to just add in an IPTables rule to do it. You might need to set up NAT using IPTables on the SSH server. It's strange that didn't work with OpenVPN.
  2. I got caught with that on a test run. It's really something to see a few pings grow to a 200MB+ pcap file after a few seconds! I think saving a pcap to a remote host would be useful for the Turtle too. I'll put together a module for the Turtle first and I'll port the functionality over to a Packet Squirrel payload some time in the future, unless someone beats me to it :)
  3. Could the option to added to the tcpdump launch script to save the packet capture to another host rather than having to save on the USB? For example you can pipe the output of tcpdump to an SSH session and append the capture to a file on the SSH server like so: tcpdump -w - | ssh -t user@ "cat >> coolcap.pcap" That'll append new packets to the capture saved on the other host. You can read the capture live on the other side like this: tail -n +1 -f coolcap.pcap | tcpdump -r - Of course you don't need to read the capture live, it's just kinda cool to be able to do it. Adding this would help make packet captures a bit more versatile. It would be a pain to have to stop captures and scp the cap over to another host when the USB drive is full. This way you could just save directly on another host.
  4. I assume by an 'nmap' you mean a portscan. SANs have a nice document on a portscanner called IOSMap. It's capable of performing some basic portscans from Cisco IOS. IOScat is a port of netcat for IOS. If you need service discovery you can use that to perform banner grabbing.
  5. I'd say start off with some Web app exploitation, so SQLI, XSS, CSRF, file upload vulnerabilities, etc. That stuff helps get you in the mindset for looking at other areas like network security and binary exploitation. That said, if you don't have any programming skills I'd recommend starting with that. Learn HTML, javascript, PHP, maybe C or Java, and Python. After that understanding some networking basics would go a long way too.
  6. Everything on the store can be found here I can't see the mug though, it must be gone :(
  7. The tutorials you can find on github are pretty clear.
  8. Send a continuous stream of deauths to the legitimate network. That'll prevent hosts from maintaining a connection with the legitimate access point. However, as far as I'm aware a user would still have to manually select to join the illegitimate network.
  9. The TP-Link wn722n is pretty good all-round https://www.amazon.co.uk/TP-LINK-TL-WN722N-Mbps-Wireless-Adapter/dp/B002SZEOLG I haven't heard of anyone having issues with it in Windows 10.
  10. You'll need to at least sit down with the director and agree what's in scope for the test. Also, you should get a signed letter from the director permitting you to run tests against the items you decided were in scope. There could be some data protection laws in your country that should be taken into account as well.
  11. It's probably not activating because the .ep file is the wrong name, will fix that now. jQuery is included but it's in the "static" folder which doesn't show up in the evilportal GUI. I just changed some of the javascript in the behavious.js file (also in the static directory). I changed the "vanilla" javascript to use jQuery because I thought it seemed to be causing some problems for me. I'd recommend looking at the link to W3schools I gave earlier in the thread. It covers everything from HTML, to Javascript, to PHP. It's worth taking a look at.
  12. There is a GUI for duckencoder, you can find it here. I haven't used it so i'm not sure if it does everything you want though.
  13. Ok, @Kn0wledge and @mercredi here's a quick port of the wifiphisher "wifi connect" module: https://github.com/teabot5000/Evilportal-wifi-connect Instructions are in the readme. I ended up changing some of the javascript to use jQuery (which is provided by evilportal). I merged the index.php file (created by evilportal when you make a new module) with the index.html page in the wifiphisher template. Other than that it was just a case of pointing the form in the template to <?=$destination?>/captiveportal/index.php so evilportal could catch it. I just added some lines to MyPortal.php to save the submitted password to a log file which can be defined in config.php. I just tested it in the preview and with an Android phone, so it will hopefully be working ok with everything else.
  14. I have an interest in getting something similar to the WiFi connect phishing page (this one) working with evilportal, so I'll take a look at it tonight or tomorrow at some point. It should just be a case of moving stuff around to get it working. Do you have a github page for what you managed to do so far?
  • Create New...