Jump to content
Hak5 Forums

Michael Weinstein

Active Members
  • Content count

    17
  • Joined

  • Last visited

About Michael Weinstein

  • Rank
    Hak5 Fan
  1. What is the packet squirrel?

    Awesome. Currently in Orlando. Fun fact: my bash bunny payload is named for Bushing who is also a hacker from VA and introduced me to it back in 9th grade. I think he also was friends with Dual Core before he passed last year :(
  2. What is the packet squirrel?

    Thanks. My other big recent genome hack is here (worked with Microsoft on it) https://www.biorxiv.org/content/early/2016/10/05/078253 Definitely waiting to see the squirrel arrive and make a payload or two.
  3. What is the packet squirrel?

    https://github.com/michael-weinstein/veraT It gets the tumor and normal tissue DNA exomes and the tumor RNA. It extracts the patients HLA type (immune system markers) form the normal tissue DNA, finds the tumor-specific mutated proteins by comparing the tumor and normal DNA, and then looks at the RNA to figure out if the mutated proteins are likely being made. It then takes the mutated protein sequences and the HLA types and predicts which of these mutant proteins are going to be best presented to the immune system, which essentially gives the most immune-vulnerable changes in the cancer. Once that happens, we can try to target those things for an immune response.
  4. What is the packet squirrel?

    I thought you were from VA where I used to live. Wanna see a vulnerability scanner for brain cancers? That’s my latest big hack on the genome.
  5. What is the packet squirrel?

    And ordered. Wish I could attend the event tomorrow, but I’m in Florida hacking the gibson genome.
  6. Firewall Breach

    So we've had Eminem, Slim Shady... and this would be Marshall Mathers? https://getyarn.io/yarn-clip/ba393c1f-4166-443c-9f8c-5cb380b26ecf#SyInJJbNa-.copy
  7. Firewall Breach

    Kid, don't run any ducky scripts anybody gives you here. At this point, they're all going to be rm -rf / and fork bombs. Also, there's very little interesting stuff you can run on a chromebook that's not rooted and running... uh... not chromeOS.
  8. WPA2 - Broken

    Sample code! https://pastebin.com/aZyyS16w
  9. bushingsBlueTurtle: A little patience = reverse HTTPS as root on Mac and Linux

    I'm thinking of putting in an additional feature where it will take over /bin/sudo (or wherever it's supposed to be for that specific machine) with my wrapper so that you could get anybody who sudos after.
  10. bushingsBlueTurtle: A little patience = reverse HTTPS as root on Mac and Linux

    https://github.com/michael-weinstein/bashbunny-payloads/tree/bushingsBlueTurtle/payloads/library/credentials/bushingsBlueTurtle
  11. Taking the idea (again, mad props to sudoBackdoor) a bit further with some python scripting, I scared myself (and unintentionally pwned myself a few times as well) with this thing. How it works: The user's .bash_profile or .bashrc gets tweaked to point to ~/.config/sudo A python script called sudo is installed there. [Patience is required here, as you need to wait for the user to sudo some command now] This will take their password, validate it by running its own sudo command (literally just echoing something) and seeing if it works Once it confirms a good password, it stores the password for later retrieval and executes the intended sudo command in a subshell that the user shouldn't even notice a difference in After executing their command, it will use the password to sudo open up a reverse https meterpreter session on the machine. It will do this every time sudo is run. I unintentionally self pwned a few times, because the meterpreter session is being run as root, and one must sudo kill to get rid of it. Sudo killing it will get rid of the existing session as expected, but then will open up a shiny new session as its last step (unless the python script is gone). Because antivirus tends to recognize the base64-encoded meterpreter payload as malicious, I also wrote a script called "shellSmuggler.py" to go with it. If you use the msfvenom command I supply here, you should be able to pipe the output to the shellSmuggler and scramble the payload enough that antivirus doesn't alert on/block it anymore. You will need to know your listening machine's IP and listening port (obviously).
  12. darkCharlie (stealing SSH creds)

    oXis, I was debating about that one. Truth be told, it's generally not installing packages. The packages it tries to install usually come standard (except for sometimes paramiko) and if it can find them, it won't try to install them. The main package it depends on is getpass to give a proper password prompt, but I think that's a standard python package now. It's worked pretty well in testing, although I put it aside for a bit because I got another interesting idea. JediMasterX... check it out at the link.
  13. darkCharlie (stealing SSH creds)

    I decided to put together a payload to get myself familiar with the bunny. This was inspired by SudoBackdoor and borrows heavily from it, but uses python because I'm more fluent in that than bash. I'm hoping to have this thing completed by the end of this week or possibly the weekend. The code under development is on my github at https://github.com/michael-weinstein/bashbunny-payloads/tree/darkCharlie/payloads/library/credentials/darkCharlie
  14. [PAYLOAD]SudoBackdoor

    This was awesome. Hope you don't mind, I'm using this as a start to get my first bunny payload for snagging SSH credentials.
×