Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About oXis

  • Rank
    Hak5 Fan

Profile Information

  • Gender
  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. . C:\YOURPATH\get_facebook_cookies.ps1 To import the code. Windows might warn you that the code is not signed or something like that.
  2. `get_facebook_cookies.ps1` is a Powershell script that creates two functions ( Get-FacebookCreds-Firefox and Get-FacebookCreds-Chrome). If you import this script inside one of yours, or if you import this script inside a Powershell shell you can then use those functions.
  3. Replace sudo with a little bash script that acts like a wrapper around the real sudo to get sniff the password when the admin is using the sudo command.
  4. Looks great. It's a shame you're installing pip packages on the victim computer, maybe you can try and bundle those packages together to avoid having to rely on a external internet connexion.
  5. A couple of time ago I posted this script on Evil Portal's topic. The PineAP works with openwrt, so the iptable chains are a little bit different than the ones in Debian for example, so it's hard to use a Pi to prototype the rules. Here is my script, https://pastebin.com/zZhzqf91 the init section shows the rules to redirect traffic. HTTPS is hard to redirect because of HSTS and Certificates, either you drop it or you expect clients to authorised the self signed certificate (doesn't work with HSTS). Hope it helps.
  6. Hi, You should have a folder /sd/portals, the symlink is from /root/portals to /sd/portals (ln -s TARGET LINK), so the command is ln -s /sd/portals /root/portals Hope it helps
  7. It works on my Nano, so I bet it's in the kernel now. Take the last version, I've changed something (HTTP input ACCEPT)
  8. Hi @newbi3, I've been looking at the iptables rules to create a captive portal. Because the PineAP runs OpenWrt, there are some predefined rules that interfere with yours. So I've written a script that creates the iptables rules. https://pastebin.com/zZhzqf91 ./portal.sh init -> will initialise the captive portal ./portal.sh purge -> remove all the rules, but keep OpenWrt ones ./portal.sh add/remove IP -> authorise a user HTTP (80) is successfully redirected to port 80 on the PineAP. HTTPS (443) is dropped and DNS is accepted (you can also redirect
  9. Ding ding, it's payload time This is a two stages payload. First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords. Second, you use the 'cleaner' to get the passwords back and clean the backdoor. So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy Link: https://github.com/oXis/bashbunny-payl
  10. Payload updated! Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it. Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies But, I've come across some bugs in Windows 7, powershell regex groups are not working....
  11. I had the same problem. Your solution seems fine I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB.
  12. Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies. https://github.com/oXis/WindowsCookies What do you you think?
  13. Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy
  14. I'm far from being able to do that.
  • Create New...