Jump to content
Hak5 Forums

PoSHMagiC0de

Active Members
  • Content count

    452
  • Joined

  • Last visited

  • Days Won

    10

2 Followers

About PoSHMagiC0de

  • Rank
    Hak5 Pirate

Contact Methods

  • Website URL
    https://github.com/PoSHMagiC0de

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. PoSHMagiC0de

    Wait for exe to finish

    So, I think I posted quite a few dozen times about the attack mode some of the payloads do..."Storage". Think USB storage. What do you have to do with USB sticks on machines to ensure they are written to before you pull them out? You eject them. There you go. Data will not show up to the bash bunny on its side until you eject it on the victim side. There are already a few payloads out there that have examples of Powershell doing this. Second thing is I see lazagne is being ran as a process so you will have to do a wait-process for it so the script waits until lazagne is done running before moving on and then you can add the done file and eject so it is seen by the BB. What needs to be pinned at top of forums.... Bashbunny storage mode requires an eject/sync;umount to ensure files are written to the BB storage. (ala clean eject)
  2. PoSHMagiC0de

    Long rang hacking

    Maybe a yagi and a wifi amp? I built me a couple of cantennas from stainless steel toilet brush holders and mounted them to tripods. Good range directionally. I am waiting for a 3000mW 35db amp to come in this week to see if I can make it go even further. For extreme ranges you will need a directional antenna which seems to work good and maybe an amp if you want to get more. Heck on amazon you can get some huge wifi amps and a parabolic dish if you are that serious.
  3. PoSHMagiC0de

    Problem with long strings

    I believe there is a way to change the typing rate but cannot find it anywhere. If you find it, you can try slowing down the rate to see if that does it?
  4. PoSHMagiC0de

    Running netcat on Raspberry Pi boot

    Hmm, could the command be added to the interfaces file after autoup-ing the interface? Might can create a service that starts after the interface is up. Background bash file called from local.rc that looks at interface every 5 seconds and launches netcat when an ip shows?
  5. PoSHMagiC0de

    Types of Hackers?

    @Just_a_User I was waiting for someone to bring up the old MIT definition which is the definition I follow. It is also the definition Hackerspaces follow. Term has gone through all kinds of changes when it originally meant something like jury rigging or taking parts meant for one thing and re-purposing them for something they were not intended for originally. With that meaning you can use it like Information Security Hacker. This could mean someone who can take parts of Information Security and make it do things it was not intended to do....like allow unauthorized access. Later the term began being used to just mean Security Hacker. Later in an attempt to reclaim the term people began to use it as meaning an expert of something. Regardless, I go by the original MIT term since I do do security, my real hobby is building stuff at my local hackerspace....like my new cantenna I made from a stainless steel toilet brush holder. 😛 Looks professional even with a tripod hehe. Oh, not a fan of Macs. I never have been, especially for hacking. It is restrictive and gets more restrictive with each update. Even clobbering Linux onto them is not a walk in the park at all and too much effort (and money) to even get it for that. With Computer InfoSec you want something that is flexible. Macs are not flexible. Neither is Windows. You can use what you want, I am sticking with Linux on a compat thank you.
  6. PoSHMagiC0de

    Is it right to start as a script kitty?

    I waited to reply to this. I am an old fud. There is nothing wrong with using the tools other before you have provided. The thing that makes me really call someone a script kiddy is when their learning and understanding stops there. So, you have this tool and its source..or an exploit and its source but you never bothered to look into how it works or what makes it tick. You never reverse engineered it to see what is going on hence you really do not know what it is doing. That is like giving a 5 year old a nuke. They know it goes boom but they do not know anything about fallout and radiation. So, being a temporary kiddy on your way to understanding is cool. Being a kiddy because you are mentally lazy is not hacking. Doesn't even define the word because you are only an expert at running someone else's tool. In my opinion you become one of the masses on github asking a creator they should figure out and add a certain exploit instead of themselves knowing anything about how the exploit works, much less adding it themselves. That is a script kiddy through and through. So, if you use metasploit to pop a test box, look at how that exploit works. Try and rewrite it in another language like python or whatever. Metasploit even comes with tools built into itself to inspect its payloads source. Want to learn how to exploit with Powershell, look at Empire and its modules. Use the tool and then look under the hood to see how it is pulled off so you know and can do this in any situation with almost any custom code. In the process you may come up with cool ideas yourself. Those two tools have taught me so much about how a C&C server would work. A magician pulling a magic trick when the magician who is doing it has no idea how they did it is sad. Funny when someone in the audience does know and can do it even better because they do.
  7. PoSHMagiC0de

    acceesing network from outside

    Also, if I read correctly you are planning on having a public facing exploitable machine with a VPN tunnel to your internal network? Hmm, I would not do that. You can accomplish a lab like this all internally without facing anything to the public with VMs and a pfsense VM. Pretty much all you are going to be practicing is exploiting a firewalled machine with some services port forwarded that your attacker can see with a VPN to some machine or machines in another subnet firewalled except for VPN.
  8. PoSHMagiC0de

    Payload sometimes not working...

    Hmm, maybe payload executing before drivers are installed? I do know on new systems with the BB if I do not have some sort of wait or check (like with network attack mode I wait till the target gets an ip) the BB will begin typing before it is able to type on the victim hence the stager is never launched. That is the only time I seen it not execute on first try on a machine but then execute on the second try on same machine. This is why I normally use network delivery so I can do dual attack and use the network detection to let me know when the target has drivers loaded by it getting an IP. Do not know how of if you can do this with HID only or HID and storage. I seen most people put a standard delay after setting the attack before proceeding like 5 seconds or so.
  9. PoSHMagiC0de

    Lost default password BashBunny

    Hmm, just a thought. I believe payloads are ran as root on the BB. So, you could make a payload to change the password. You will not be able to do it via passwd command unless there is a way to do it without confirming. You could create the hash and then write a command to replace it in the shadow file, if you do not want to do a reset. 😛
  10. PoSHMagiC0de

    Microsoft acquiring Github

    Or, it could be MS is buying Github so they can all of a sudden change the terms of service and then jack everyone's code on the site to make a profit off of using it in their projects and make up some BS for the original creator to not get credit. That sounds more like Microsoft. It follows their history of stealing starting with Bill himself.
  11. PoSHMagiC0de

    build EXE on target machine... (hardcode some info)

    Now that is a rabbit hole but a fun one so I will let you run down it since I am all about the learning but I will point you in the direction to begin with some side notes. Seeing you are interested in compiling .NET code, I assume you know .NET. I bet when you saw my reply you tried to google how to compile .NET code with Powershell in memory and got information overload? Here is a better search that I did since I, at my roots, am a C# developer. I went the .NET route. I searched how to programmically compile .NET code in C#. Powershell has access to the .NET library so you can adapt .NET code to Powershell. Key things to keep in mind. Temp files are generated like in any compilation so you have to make sure to include the function that determines where they go and to clean them up when done. Also, keep in mind what versions of Powershell has access to what versions of .NET. Like 2.0 Posh can only access 2.0 .NET. Begin here. https://support.microsoft.com/en-us/help/304655/how-to-programmatically-compile-code-using-c-compiler Here is the class that does it: https://msdn.microsoft.com/en-us/library/system.codedom.compiler(v=vs.110).aspx And here is the in memory part: https://msdn.microsoft.com/en-us/library/system.codedom.compiler.compilerparameters.generateinmemory(v=vs.110).aspx
  12. PoSHMagiC0de

    Any RDP Cracker in the house?

    HTC-Hydra can do a bruteforce on RDP. Of course if common practice is used there shouldn't be an exposed RDP unless behind a RDP gateway. Even if still if they follow some security, you will most likely lock the account out which will ruin the rest of your attack. If not, Hydra can brute it with a wordlist, you will have to follow the examples and lower the thread count though or you will DOS the service. Other than that if they did not apply a cert you can use the self signed cert you see to get the machine name inside the network and domain name. If CredSSPSupport is off you can get the graphical desktop and see what Windows they are running.
  13. PoSHMagiC0de

    Linset or Fluxion on a smartphone?

    Fluxion uses xterm to open multiple windows so you need a desktop environment for that to happen. It is some fancy scripting that uses aircrack for recon to assist in target select, MDK3 as an option for deauthing, cowpatty as an option to verify handshakes, aircrack or hostapd for AP, isc-dhcp for dhcp on the ap, DNS spoof to spoof DNS for captive portaling and several other modules like php and stuff to serve the captive portal. I actually found it faster to get the handshakes outside of fluxion to use for fluxion's captive portal rather than use the snooper...well at least in the recent updates. Probably can remove the need for the desktop environment by having it run each of its task windows as background tasks instead and keep track of their pid to kill when the user stops the attack. Maybe to screens too? I think the reason for all the windows (which I do find helpful) is so you can monitor all the modules and see what is going on in case something is not working.
  14. PoSHMagiC0de

    build EXE on target machine... (hardcode some info)

    There is a way to do this in pure powershell without call csc since it is .net. You will have the option to compile to disk or in memory. Since I do most stuff in memory with reflections or add-type, I hardly use it. I have to look up the way for 2.0 Powershell but here is the "add-type" way. http://www.ingmarverheij.com/run-and-compile-net-code-in-res-workspace-manager-using-powershell/
  15. PoSHMagiC0de

    Good Free Hosting EXEs

    Instead of just giving the answer, the answer is the second answer here for handing binary files. I tried to find a page to discuss it but everyone seems to be encoding text more than binary out there. https://stackoverflow.com/questions/42592518/encode-decode-exe-into-base64 The premise is this. You use the "[System.IO.File]::ReadAllBytes(<full path to binary>)" method from .net to read all bytes of the binary which will make a byte array and then use [convert]::ToBase64String() to convert that to base64 and save that string to a text file to host. You Posh script should download that contents of that text file and decode it from base64 and then you can write back out the bytes to the disk to run from disk as the original file or do whatever else you were going to do with it. If the file was text like a script you would user [System.IO.File]::ReadAllText(<full path to text file>) and then use "[System.Text.Encoding]::ASCII.GetBytes(<string object>)" to convert to bytes to encode in base64. If you plan on using the .NET functions do not take relative paths to files as parameters so you will have to use the full path to the file when reading them in. "$(Resolve-Path -Path <relative path to file>).path" can be used to convert relative path to full path before passing to the .net functions.
×