Jump to content

Bob123

Active Members
  • Content Count

    176
  • Joined

  • Last visited

  • Days Won

    6

1 Follower

About Bob123

  • Rank
    Hak5 Zombie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I know I didn't mean to. This one was more directed towards justLooking but then thought others might not see my general question. Let me know if you want me to remove any or all.
  2. Hello everyone. I have an interesting question that I hope someone can answer. Basically what I'm after is, a standard 64bit Kali or Parrot VM that you can download that comes with all the pentesting tools like metasploit...can you actually hack a Win10 64 bit box with it? I'm asking because I went through the cyber mentor's online class, I follow hackersploit's youtube videos, and there seems to be something wrong and I'm just not so sure it's me anymore. I have two Win10 VMs and now the same but physical, on two networks and all I want to do is pivot. I have usernames / passwords. I've dumbed them down to accept msfvenom payloads...They just don't want to work. My findings so far have been: a 64bit payload and listener work, but then meterpreter, getsystem, and other commands don't seem to work. A 64bit payload and 32bit listener don't work. A 32bit payload and listener work, commands work, but I don't get anywhere. The commands don't error out or stall...but they just don't give me proper info and I think they are trying to tell me that I need 64bit payloads and listeners. I'm assuming Armatige is only 32bit since I can't get anything 64bit to work. Psexec doesn't want to work even though the usernames / passwords are mine since I created them. I'm just stuck. And what makes it very interesting is I never had this issue with WinXP back in the day. So I get that Win10 could be a road block because it's different...but are Kali and Parrot with their version of metasploit also a potential road block? Am I missing something? Will this only work with the paid version of metasploit pro??? It just bugs me cause the cyber mentor never had an issue. Hackersploit did a video on pivoting. He didn't show what was behind the scenes but I followed his commands to the T and it still wouldn't work. I've followed several Medium posts and it hasn't helped... Any help would be great. Thanks.
  3. So I'm going to ask a question here and maybe even make my own topic on it cause this ones a bit interesting... So the issues I'm running into seem to really stem from the architecture. The win10 VMs from cyber mentor and now my physical win10 boxes that I'm practicing on are all 64bit. The vanilla style (if you will) metasploit that comes with both Kali and Parrot can do both 32bit and 64bit...but can it really do 64bit? Or is this really something that is more tailored for metasploit pro which is paid for? I'm about to start testing on win10 32bit just to see if any of these issues go away. Cause with my kali and parrot VMs, I'm to the point where I can't even get psexec to work. Which makes no sense since I know the username/password...since I created them for the box. Anytime I'd create a 64bit payload through msfvenom my listener would crash very quickly. And that was due to using a 32bit listener. A 64bit listener would work but then none of the commands or options seem to work. A 32bit payload and listener work best...but then it seems like "getsystem" and trying to get the hash don't seem to work. And I had zero problems back in the day when I had a winxp setup...
  4. I started to mess with GNS3 then like you said, got sidetracked. For cyber mentor it was chapter 19 post exploitation. He talked about pivoting, modified the VMs a bit and showed it working. I did the same but couldn't pivot for some reason. I tried multiple Kali and Parrot VMs with and without armitage all with no luck. I did however try it on some older xp VMs and I could pivot just fine. So either I missed a step or he left a step out. But either way I would like to get it to work. I'm going to start messing with them again now.
  5. Hey justLooking. If your doing the The Cyber Mentor course where he has you create VMs and a domain and all that, when you get to pivoting between the two VMs could you let me know if you get that to work? I couldn't and couldn't figure out why. I'm going to try again today or tomorrow using a different approach but I could pivot between some of my old winxp VMs like nothing...I just can't seem to do it using the VMs I created for his course. Thanks.
  6. Can you give me a few examples and I can try to repeat the process with mine? I've only done a packet capture a few times and it seemed like it was all there...but that was several years ago. Thanks.
  7. Naw I'm not going to smash it. I reformatted it as NTFS for now. Still probably won't trust it. I'll give the sdcard formatter a go. The Bus Pirate v3 looks interesting. Bit pricey but cool. Thanks everyone!
  8. Well never mind. I tried reaching out to both the creator of the vulnhub vm and jackk neither of them are probably around. Anyways I ended up using a different exploit to gain root, then using the python SimpleHTTPServer I was able to rewrite the passwd file like it showed in jackk's video. So I'm happy.
  9. Hey quick question. I know all of this is quite dated but I just thought I'd play around and see what happens. So I have the basic pentesting 1 vm from vulnhub. I'm watching Jackk's ctf walkthough and at the end he wants to modify the passwd file and then send it back through meterpreter to the ctf vm. His works and he becomes root. Mine spits out core_channel_open: Operation failed: 1 which according to what I found on google means I don't have permission. How did he get permission and I didn't when we both did the exact same thing??? Just wondering. Thanks.
  10. Thanks guys. I don't know though...it was already binned. I'm thinking smashing it might be my next order of business.
  11. So check this out. I attached a pic so I'm not crazy. But I have a 16GB thumb drive. It's a POS that I pretty much had given up on. Recently I was going through my jar of pooped out thumb drives and I found it. I inserted it, formatted it, and attempted to give it a new mission in live. I through a bunch of video files on it and also used it to move some work stuff around today. So later today I had it plugged into my laptop, closed the laptop and walked away. I came back to the laptop and saw the drive flashing away. I opened my laptop and found my files all jacked up. The attached image shows what the files look like. It was about a dozen or so video files. Windows explorer states I have 756MB used and 14.2GB of 16GB free. However again from the attached pic there are at least four files that are almost 4GB in size! Has anyone ever seen this before? Look at the file extensions. It's crazy. There's nothing wrong with my laptop and no hacking or crypto/ransom going on. It's just a straight up messed up drive. Guess it's going back in the jar. Pretty damn cool though! Some how my work files survived earlier today...
  12. Nicely put Struthian! I've tried to help out in other parts of this forums when someone is unhappy with a product and I typically get crickets. So I don't think they are truly looking for help. They're just not happy that it doesn't work out of the box. And if I'm wrong by saying that then let's all work together and make it work the way we want. JeffP, if it's still in the garbage can I have it? Thanks.
  13. You know to a point I do feel your pain. I myself have had some pains with Hak5 over the years. But I guess the question really becomes, what did you expect, and what are you aiming for? A $5 rpi zero can do everything the duck can do. Does it look as good as the duck? No. Is it as easy to program as the duck? Big No. But then again why are you buying a duck if you don't at least know some programming? The idea of the Hak5 tools were never meant to be plug in play. I think they started going in that direction because we as humans have gotten to that point of expecting things to just work. But a true hacker would never expect that, nor want that. For me, I got these to mess around with and they have all worked flawlessly. Maybe not painlessly at first. But they all worked. And I've learned so much from them over the years. Because of them I've learned to make a $5 rpi act like a duck. Or a $15 micro router act like a packet squirrel or lan turtle. The whole point of these hak5 tools are to help you to learn. So what would you like to learn about today?
  14. Man I'm really not a fan of reliving the past but someones going to have to tell me what they are doing to their Win10 1903 boxes. I have a Win10 1903 with defender on by default. I have a Win10 1903 VM (several) with defender on by default. Granted when I have a payload with mimikatz or anything defender sees it as questionable and instantly deletes it on me which is a huge pain in the... But I have never seen windows defender prevent my inject.bin from running. I'm not even sure how it would see it as it's code execution from within the duck (keyboard)... So I'd like to help but someone needs to explain what's different from their environment compared to mine. Unless something physically changed in the ducks. I have two. A blue one and a green one. I know they went through several small changes back in their prime but both of mine work exactly the same. Course one other thing to point out. What are all of you trying to do? I'd suggest taking a step back and create a payload that opens notepad and says hello. Can your duck do that? Start there. Let me know what you had for results. Then we can go from there. I just got a Malduino and it itself comes with nothing. So first payload was notepad. They my favorite payload which is to show all of the wifi passwords. And then I have done more from there. But all of which were based off the duck and still to this day work on the duck.
  15. Sweet! Nice work SelfTaughtDude!
×
×
  • Create New...