Jump to content

beakmyn

Active Members
  • Posts

    422
  • Joined

  • Last visited

Posts posted by beakmyn

  1. Maybe MITM arp poison and own the traffic? Then re-route to your malicious server with a java payload for reverse shell?

    I was thinking about something like that. I could put a fonera in line hosting a local copy of the ikat kiosk hacking website. I redirect all traffic internally, bypassing the need to go outside the firewall. Hmm.

    Right now IE blocks all file system access, got a couple other tricks to try.

  2. One trick that I figured out on my campus. Open notepad, write in a cmd or whatever code you want and save it as a .bat file. Run the .bat file and away you go.

    Darren also did mention something very similar to this on one episode, can't remember which. Might have been ducky related.

    Or if you are trying to get a shell on it, you can fire up S.E.T. and instead of typing in a DNS name, type in the IP so it doesn't hit a DNS white/black list and run the java exploit and reverse shell :)

    I wish it was that easy. He set up the policy so there is only Internet Explorer and custom program that doesn't allow user interaction. No Notepad, no paint, not even Microsoft help.

    The IP address trick doesn't work either.

  3. Came across a scenario that I'm testing out. I've set up a machine in my office to mimic a machine I came across in the wild. The machine is locked down with group policies. The user has access to Internet Explorer and a custom program. Trying to access the file system from IE is blocked. There is no run or anything else. Web surfing is possible but limited to a white list of sites.

    I've got a free dinner from a client if I can figure out a way to be able to a program. I can't reboot with live-CD though, that's cheating.

    Any ideas?

  4. This may be legit. I found something a while back that I was told will come into play at a later date/time. Maybe this is that time. When it becomes apparent I'll let you know. For now I'll sit back and let you guys have fun.

  5. an interesting thing to try would be to leave a USB stick at a bar or where ever. you could even go to like a bank or something and leave it on the tellers desk. who knows what could happen. hmm...

    Don't think you're the first one to come up with that idea. Pentesters do it all the time, talks have been given at Shmoocon on it. The human race is easiest way to break into a computer/network. There are 2 constants

    1. Use the dock door it's always open

    2. Ask the secretary, they know everything

    This attack was way beyond a switchblade. The switchblade is defeated by a simple guest account or turning auto-run off.

  6. I definitely remember that but yours was on Fonera devices as far as I can remember, this is about whether they will run on the Pineapple V2 which I'm assuming means the new OpenMesh devices and not the Foneras.

    Can't see any reason it won't work though.

    The single port Openmesh routers are Accton, same company that makes the Fonera. Still haven't found anyone that re-sells Accton's 2-port model (Fonera+)

  7. Man I downloaded Sneakers like night and I reckon it was a hell of a movie. Does any one know any other movie like Sneakers or a similar movie.

    Nothing exactly like it but might I suggest.

    The Conversation

    The Heist

    3 Days of the Condor

  8. NetStumbler?

    No. Netstumbler uses "Active Probing". If an AP has it's SSID set to non-broadcast it will not respond to the probe packet and Netstumbler won't see it.

    If you want to find Non broadcast AP you need to use Kismet. Kismet is a passive scanner and listens only. So, if an AP is not broadcasting Kismet will still see the data/traffic going in and out of it. It will capture the packets and extract the SSID from those packets. This only works if there is traffic on the hidden AP. Which there usually is.

    Netstumbler only works 100% with Orinoco PCMCIA cards. Anything else will most likely use the Windows NDIS driver which is severely limited in it's capabilities. The one thing that holds certain when using the NDIS driver is that the SNR graphs are bogus. NDIS doesn't support discrete SNR. Also, Netstumbler probably won't work with Windows 7 or Vista due to how the wireless is set up in those OSes.

    Marius is planning on releasing a new version of Netstumbler that will work under Vista and Win 7 but there is currently no track for when that release will happen.

    For now the best freeware that is Windows Vista/7 working is http://www.metageek.net/products/inssider

  9. I had a similar issue with one of my Fon+ a few weeks ago. I could flash it (using fonflash), access reboot via the serial port. I could get internet through it but I could not access the web page. After flashing several different images I ended up doing a FULL flash/de-brick procedure through the serial interface via redboot manually.

  10. take for instance my ssid is INTERNET but my router is by netgear can i use the netgear rainbow tables ?

    any help greatly appreciated :)

    You asked two different quetions.

    1. The tables ARE SSID specific. The SSID is used as the salt in the WPA hash. Which is why Renderman picked the top ## SSID to create tables.

    http://www.churchofwifi.org/Project_Display.asp?PID=90

    2. The tables ARE NOT manufacturer specific.

  11. I updated the refrigerator cabinet.

    4315971876_801e6b331c.jpg

    Got rid of the old hardware and replaced it with 2 HP Proliant DL145 servers. Ran two new circuits from the main panel in the house to power it. Need to get a UPS for the servers still.

    Top box is the FreeNAS:SAMBA/RSYNC/secondary webserver

    Bottom Box is my Pfsense: Firewall/captive portal/VPN/ClamAV/Proxy/Webserver - LAN/WAN/WIFI all segregated on the 3 internal nics

  12. But, when I've got my laptop on a random wireless connection somewhere, I want to be able to connect to the vpn (using dyndns lol), and force all the internet traffic from my laptop to go through my vpn at home. Basically, I want to encrypt all my internet traffic.

    I know it'll be slow and all, but I'd still like to do it.

    That's what I do. my 300K upload is ok for websurfing but not much else. I've got OpenVPN running on 1194 and 53 sometimes one will get through where the other won't ;). All my traffic goes through the VPN.

×
×
  • Create New...