[Packet Spoofing]

21 hours ago, i8igmac said:

Pivot scenario.

I have installed meterpreter on my phone. When my phone is connected to a persons wifi network I can connect back to my kali desktop and perform network scanning to discover devices and launch exploits onto the network.

 

Once you upload meterpreter to a domain, you can pivot around the network.

 

A reverse proxy is another term.

Just to make sure I have this correctly, you intentionally infected your phone to be able to do that? 

[Packet Spoofing]

On 4/4/2018 at 6:11 PM, Dave-ee Jones said:

What do you mean pivot around the network to the machine itself?

 

I'm still very new to this, and I just know pivoting as a way to get to one device to the other, I think. I'm not entirely sure. Like I said, I'm new.

[Packet Spoofing]

11 hours ago, Dave-ee Jones said:

Potentially, but the box receiving the data might only be listening to traffic coming from specific boxes (via their IP or MAC), or there's some other kind of security handshake.

Hypothetically, if there was no security and it was open to anyone injecting traffic into it, you could probably copy the packet and replay it, but you would need to capture the whole packet first.

I can't really help you from here as I've never done it, I just know it's possible. :P

Hypothetically if I got in, couldn't I pivot around the network to the machine itself? Or if I was there in person, couldn't I spoof my mac?

[Packet Spoofing]

Hping3 looks like it would be really great, but I'm not entirely sure how to go about doing what I need to do. So in this hypothetical situation, let's say I've gotten into a fast food place. Lets say from observing the traffic, I know that in observing the traffic, the orders with a hamburger have a line that tells it to make a hamburger (I don't know enough about the internals of packets to pretend to know how to write that) Is there a way I could tell it do do the same thing by putting in the same kind of line?

[Packet Spoofing]

Hi! I just had a question. I know when you go and do anything online, everything is done by sending and receiving packets. I just wanted to know if it was possible to send fake packets? My scenario is this, I have a test network set up, and I'm connected to a device via metasploits meterpreter. I would like to be able to send a fake packet to a computer, and have to computer act on that, if it makes sense. And is there some tool I could use, say, over wifi on kali to do it, say if I'm in the actual location on their internet? Thanks!

 

--Altair

[Server]

On 3/21/2018 at 11:23 AM, barry99705 said:

Ahh, no.

"Ahh, no." To what? No idea? Or do I have bad ideas? Or what?

[Server]

I'm not sure where this should go, so I'll start here. Does anyone have any advice for choosing a server to host files on? I just recently obtained my bash bunny, and have been loving playing with it, and I want to pull a prank on my friends by creating a back door into their system. But I don't where to host the files. I need it to be able to be read and written to remotely, where I can use the uploadstring thing from command prompt. I'm also not a legal adult, so I can't really pay online for anything, because I don't have any cards or any way to pay. Would any one know where I could find one that fullfils this? Or would the best option be to run my raspberry pi in my room with the apache2 webservice going?

 

Thanks!

Altair