Jump to content

PoSHMagiC0de

Dedicated Members
  • Posts

    618
  • Joined

  • Last visited

  • Days Won

    26

Everything posted by PoSHMagiC0de

  1. Want to know what. I forgot to give the link to the project hahah. The project is Webmin.
  2. Take a look at this first. If you still wish to D.I.Y. then come on back. I would ask this in the coding topics part of the forums since you will be asking for some coding help then. Before going that route, you should see if the below solution would suite you. Personally, I would put a web based PC admin tool as a list on local host only and use SSH to access it through port forwarding through SSH. Secure SSH with a certificate based authentication with password auth turned off.
  3. Keep in mind this is not a simple pinout solution. This is a controller solution. You will need to build a controller. USB and SATA do not directly chat in the same language with the same pin outs and voltages. You will need the pinout to the appropriate voltages for the voltage side and then a controller (maybe a pi if it is fast enough (may need to write the software in assembly or C to get faster responses) or a special programmable chip) to handle the conversion from SATA to USB. Dude, thinking about it is making my head hurt and I'm lazy hehe.
  4. Obfuscated Powershell I see. There is a way to obfuscate more but I digress. Issue you are having issues is because your are dancing around the max run line length. Windows run line has a max length for commands, around 8k characters. I don't have the exact number on me but I use 8000 as a rough estimate since it is so close to it. Anything after that magic number is truncated so your command will be broken. I looked through your encoded powershell. You might can get away with compressing the payload, encode and then wrap the code to decompress and run around the encoded code and encode that to use. You will have to do a size comparison afterwards to see if it made a difference. Looks like a generic metasploit payload when decoded but doesn't do much for obfuscating the actual payload, you might even be able to get away with removing all that obfuscation.
  5. This means start talking about crypto in the sections they most relate to if there was no crypto. If enough if it starts popping up where they have to reign it into its own topic section then it will happen. :-)
  6. You can guess from last reboot if it is after 2016 then it might be patched. Only other way is look to see if the patch is installed. In this case I think it might be "KB3139914".
  7. There is a command in powershell to create a CSV file. Issue is your variables are unnamed (no column names) so the cmdlet will not work. If you plan on creating a CSV of items, place the things you want into a single object with names like so. $mystuff = new-object psobject -Property @{ variable1=$variable1 variable2=$variable2 variable3=$variable3 } $mystuff | where {-not ([string]::IsNullOrEmpty($_))} | convertto-csv -notypeinformation | add-content -path "c:\yourpath\yourcsv.csv" Now, if one of the variables is multiline then you will have issues. You will need to add a pipe before the convertto-csv to check for this and combine the lines to make them 1 line.
  8. It is a question that has to be asked. Did you fully path the victim machine? If so, it will not work. You will need to load a completely unpatched OS. I only used it with Win7. Have not tried it with server but should work.
  9. Depends on what you want to do but I would agree with the others to just start since when it comes to non-compiled languages like python, ruby, powershell, vbs, js is pretty much becomes syntax. C# is like between those languages and the lower level languages since it compiles. Now, if you want to get into binary exploiting then you will need to learn the lower level languages like C C++ to maybe understand what the pitfalls are but ultimately you will need to learn assembly and its conversion to ops codes to be able to do any type of custom code injection or understand lower level exploits.
  10. If you have a raspberry pi you could always use pi-hole. https://pi-hole.net/ Do not know how advanced your router is but if you can setup separate DNS options for reserved clients then you can setup their DNS to point to pi-hole. Now you can blackhole any DNS requests to sites you do not want them having access to. Do not know if pi-hole can mac filter requests but I do know it can act as a DHCP server too. It will give you an insight of all the queries they make too..in essence their sites. It pretty much black holes any DNS requests for sites you do not want. You could go with squid but you will need to tell the clients to use it via proxy settings. If you are really serious you could put a Snort/Saracata machine in line to do sniffing and filtering which will force them through it. Adding a cert trusted by the clients will give you insight into their https request contents as well.
  11. This reminds me of malware a customer of mine caught a while back. It replaced the original folder's names with a SID name and hid it and then created a shortcut that looked like the old folder that would tell it to run the malware first before opening the hidden folder it is associated with. Of course finding it is as simple as having "show hidden files" on in view.
  12. Do not know how manufacturers provision their devices. If they just burned the same image onto their devices with ssh installed already and if they set it up for key login with a key then there will be one there in all the images. Also the ID key of the server will be the same though I believe the server key will only assist you with MiTM to trick the user that you are the SSH server. If they never used keys to sign into SSH then there will be no default keys, just default passwords. If they never installed SSH but gives you the option to D/L and install like with Open WRT and opkg files then the key will be regenerated for the server and the user can copy a new logon key to the server for authentication which will not be default. So in short, it depends. The keys I think you are looking for are auth keys. If the manufacturer never used keys for auth then it will never have default key, just password.
  13. Just wanted to add 1 thing. Sharing violation is not hit here if after GC you sort it. Reason being when gc was ran against the files, all their content was picked up first, files were closed and then contents were piped. Powershell runs all of the command in each pipeline before proceeding to the next. To see this in action, GC a large file and pipe it to out-string. If it did it line by line then the out-string would populate line by line but it sits for while while it gets the contents before doing the out-string. Watch the process mem size and you will see it increases as it is reading the file. To read it bit by bit you will need to access the .NET classes and create a steam and use in a while loop or something of the sort that can be looped to keep reading the stream and do something with the contents until the stream is done. So, the above command will work like so: Get-Childitem C:\path\to\files\* -include *.txt -Recurse -File | gc | Sort-Object -Unique | Set-Content c:\path\to\sorted\wordlist.txt The above will work. I include "-File" in get-childitem to get only files..in case some folder is named something.txt. Just a habit for me to target objects I want to work with.
  14. Yelp, new installations of distros from iso generates new keys. If it is an img that is just copied to device like pi or phone the keys will be whatever they are in that image unless ssh is not installed in which case when it ssh server is installed it will generate new keys.
  15. That pertains to prebuilt images for non PC devices. Nethunter and Kali for Raspberry PI or other Arm devices comes as a preinstalled OS image, same goes for the virtual images. Those will have default keys and you can get them from the images when downloaded. Anyone that used the ISO to install will have new keys because the package is installed at that moment hence it generates the keys right there.
  16. Here is a script to another quick OpenVPN setup except this one focuses more on hardening your connection more. https://github.com/Angristan/OpenVPN-install
  17. Powercat is a powershell version of netcat that can be used to avoid using the ncat binary that sometimes fire off the AV. https://github.com/secabstraction/PowerCat Powershell has 2 ways to invoke web requests. If you are on 2.0 (if you can control the environment you should be on 4+ already since MS announced the deprecation of PS 2.0) the you will need to tap into the .NET assemblies. Reference to it is here: https://msdn.microsoft.com/en-us/library/system.net.webclient(v=vs.110).aspx Example usage to download a string is: # Create webclient object $wb = New-Object System.Net.WebClient #use it to download some from web as string $stuff = $wb.DownloadString("web_url_here_with_port_if_not_80_and_path") If > 2.0 then you can use "Invoke-WebRequest". Usage is here: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-5.1 Invoke-Webrequest uses the application type from the server so if the server is serving anything other than text then Invoke-Webrequest will only download it as a file. That is why if you want text, you want to either make sure the server sends the item as text or the item has a text like extension that the server will autosend as text. The item it gets is a webrequest object and what you want is in the $webrequestobject.Content section. I can keep going on but this can turn into a blog. The links should give you reference to how to use the commands. Have fun.
  18. Depends if you are making it temporary or permanent. To make it simple I will complete the way you are trying to use it is call upon the .NET Environment class to make it permanent machine wide. [Environment]::SetEnvironmentVariable("variable_name_here", "variable_value", "Machine") To invoke this machine wide you must be admin. Of course your command will just make the wget environment variable the current script that made it. Will still need to prepend the powershell command and this would just run the script again to make the environment variable.
  19. I am going to second this post. I have this year had my first taste of trying to put linux on a UEFI enabled system. I have not found any way to make a UEFI bootabled USB stick except for with rufus on windows. With that said, if someone knows how to make a UEFI bootable USB stick in Linux from an ISO, I am all ears....or eyes I should say.
  20. After disabling ufw try, sudo iptables -F sudo iptables -X sudo iptables -Z
  21. PoSHMagiC0de

    Hacknet

    I love hacknet. Been playing hackmud too. Hackmud is multiplayer where you can actually write scripts. I feel the game is sitting on top of a mongodb database. Just the way the commands work.
  22. Well, lets try and troubleshoot this. So, if you nmap from the Ubuntu host to the metsploitable VM do you get any open ports? If so then next I would try this little thing. Run "python -m SimpleHTTPServer" from the Ubuntu host and see if you can browse to it from your remote machine. Last thing is instead of scanning for an open port on metasploitable, try and connect to the web port with your browser from remote machine to see if you get the page. If you can browse it from the Ubuntu host, use the same URL on the remote machine. Pretty much trying to see what is being blocked and where. Also is your VM on the same subnet as the ubuntu host as well as the remote machine?
  23. Also, if you want to spin up a quick AD test lab with an eval of server 2012 R2...or maybe 2016, have not tried this with 2016, you can use DSC to quickly spin one up when you need to. The longest part is the preupdates and downloading the powershell module required for AD DSC. I do not have my script on me, it is in the office but I have one that one will configure DHCP, DNS, AD and a few accounts with different permissions. You could use some of those test run VMs for Windows or do fresh installs of windows to add some machines to the test domain. I do this mainly in the office off our test host isolated with pfsense. Here is a link so you can get started with a base DSC lab before hand. https://blogs.technet.microsoft.com/ashleymcglone/2015/03/20/deploy-active-directory-with-powershell-dsc-a-k-a-dsc-promo/
  24. you can use iptables to look too. #For main policies sudo iptables -L #For nat tables sudo iptables -t nat -L This will list all your policies including those that were placed there by ufw I believe. When I ran Ubuntu, I looked up a way to destroy their preset firewall rules so I could do my own with iptables.
  25. If you are running the VM from ubuntu, you may want to check the firewall settings.
×
×
  • Create New...