Jump to content

Michael Weinstein

Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About Michael Weinstein

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Awesome. Currently in Orlando. Fun fact: my bash bunny payload is named for Bushing who is also a hacker from VA and introduced me to it back in 9th grade. I think he also was friends with Dual Core before he passed last year :(
  2. Thanks. My other big recent genome hack is here (worked with Microsoft on it) https://www.biorxiv.org/content/early/2016/10/05/078253 Definitely waiting to see the squirrel arrive and make a payload or two.
  3. https://github.com/michael-weinstein/veraT It gets the tumor and normal tissue DNA exomes and the tumor RNA. It extracts the patients HLA type (immune system markers) form the normal tissue DNA, finds the tumor-specific mutated proteins by comparing the tumor and normal DNA, and then looks at the RNA to figure out if the mutated proteins are likely being made. It then takes the mutated protein sequences and the HLA types and predicts which of these mutant proteins are going to be best presented to the immune system, which essentially gives the most immune-vulnerable changes in the cance
  4. I thought you were from VA where I used to live. Wanna see a vulnerability scanner for brain cancers? That’s my latest big hack on the genome.
  5. And ordered. Wish I could attend the event tomorrow, but I’m in Florida hacking the gibson genome.
  6. So we've had Eminem, Slim Shady... and this would be Marshall Mathers? https://getyarn.io/yarn-clip/ba393c1f-4166-443c-9f8c-5cb380b26ecf#SyInJJbNa-.copy
  7. Kid, don't run any ducky scripts anybody gives you here. At this point, they're all going to be rm -rf / and fork bombs. Also, there's very little interesting stuff you can run on a chromebook that's not rooted and running... uh... not chromeOS.
  8. Sample code! https://pastebin.com/aZyyS16w
  9. I'm thinking of putting in an additional feature where it will take over /bin/sudo (or wherever it's supposed to be for that specific machine) with my wrapper so that you could get anybody who sudos after.
  10. https://github.com/michael-weinstein/bashbunny-payloads/tree/bushingsBlueTurtle/payloads/library/credentials/bushingsBlueTurtle
  11. Taking the idea (again, mad props to sudoBackdoor) a bit further with some python scripting, I scared myself (and unintentionally pwned myself a few times as well) with this thing. How it works: The user's .bash_profile or .bashrc gets tweaked to point to ~/.config/sudo A python script called sudo is installed there. [Patience is required here, as you need to wait for the user to sudo some command now] This will take their password, validate it by running its own sudo command (literally just echoing something) and seeing if it works Once it confirms a good password, it sto
  12. oXis, I was debating about that one. Truth be told, it's generally not installing packages. The packages it tries to install usually come standard (except for sometimes paramiko) and if it can find them, it won't try to install them. The main package it depends on is getpass to give a proper password prompt, but I think that's a standard python package now. It's worked pretty well in testing, although I put it aside for a bit because I got another interesting idea. JediMasterX... check it out at the link.
  13. I decided to put together a payload to get myself familiar with the bunny. This was inspired by SudoBackdoor and borrows heavily from it, but uses python because I'm more fluent in that than bash. I'm hoping to have this thing completed by the end of this week or possibly the weekend. The code under development is on my github at https://github.com/michael-weinstein/bashbunny-payloads/tree/darkCharlie/payloads/library/credentials/darkCharlie
  14. This was awesome. Hope you don't mind, I'm using this as a start to get my first bunny payload for snagging SSH credentials.
  • Create New...