Jump to content

Search the Community

Showing results for tags 'Javascript'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 17 results

  1. I have discovered that the Javascript converter doesn't work properly with Firefox. While it seems to do the conversion properly, it won't let the user save the payload (the download box doesn't open). I tried it on both Windows and Linux, with and without add-ons enabled and it doesn't change anything. I checked the debug console and nothing seems to be out of the ordinary as it returns that everything is OK. I also checked with Chrome and there it works flawlessly. Too bad 'cause I want to avoid using Chrome. I tried it with Edge. Same problem as Firefox. And Internet Explorer... completely broken... but what was I to expect?
  2. Hello everyone just though I would say my JavaScript network scanner project here : https://github.com/DarrenRainey/JavaScript-Network-Scanner Currently I it will scan and fingerprint devices based upon what files exist or don't exist on the device and once it fingerprints or can connect to a device it sends a post request with the fingerprint such as the routers model, the internal ip address and the user-agent from the victims PC. This code could be embedded into any website and sent a victim for recon. Currently it only scans a few predefined ip address's in the test.html file but I plan to make it scan the local subnet automatically and report any found devices to the attacker web server. The scanning code is based of lan-js with some custom code for identifying and sending the data to the attacker.
  3. Hi all. I'm a newcomer on Hak5 forum but have been following the channel on Youtube for a little while now. I'm a (moderate) fan. I've been an IT person for about 20 years now and all aspects of security do matter to me. In a previous job I was watching the network security and providing users with common good practices. Although I'm no expert I try my best to act as responsibly as can be, leaving room for improvement — I guess there's plenty of it... For several years now the growing number of security flaws, exploits, vulnerabilities and hacks that have been reported through the news and all the channels that I happened to browse give me the creeps: yahoo breaches, XSS, CPU flaws, software bugs and poor programming practices, which government agencies profit from for spying, poor IoT security, connected spy-tools from Google and Amazon... (I'll stop there.) Not that I'm afraid I rather feel disgusted to the point of wanting to run away from a great part of the technology as much and as far as possible. As a recent measure I am running no-script and am, well, contemplating how the modern web browsing age depends on it... and breaks! For having been a web developer, too, I find it infuriating to see most of these sites rely on javascript to provide the simplest animation or gadget while CSS-only is much wiser and profitable to the user experience. As if no developer couldn't do without like their lives depended on it... (that's only my perception, probably exaggerated.) As I also follow the news and behind the (not-so) recent Meltdown and Spectre flaws that top it all I fee like whatever I can do ends up like putting steel locks with 12 digits on a tipi's curtain. So as for Javascript does it make sense to disable it, given that I don't perceive a browser as a safe platform when it comes to security? I have to confess that I asked this question recently and got slapped so bad I was treated like an obsolete, retrograde, has-been, last-century, ignorant monkey. Anyway I'm pleased to see there are still lots of sites perfectly working without and I'm not sure I'm inclined to going back to a full javascript-enabled experience... Thanks a whole lot, guys and keep the good work.
  4. So I have a question. How do I reverse enginer a Javascript file? The problem comes from my previous thread: The goal is to get the request headers the website has so I can scrape data from the website. The problem is that the website uses a javasricpt to download the request headers and can therefore not be seen in chrome. In the script that the website uses, headers.js does someother mean things. It replaces the http connection with a websocket one: getURL().replace(/^http/,"ws") So I want to run the javascript file so I can print out the final url that it creates complete with headers. Right now they don't show up. Maybe a way would be to directly interact with the website, maybe the chrome console? Link to JS if anyone would able to help: https://www.avanza.se/jmvc/production/241897.18/header/header.js
  5. Hi, i have gone through the tutorials for the evilportal module, and now wanted to create a portal on my own for my needs.... I followed the tutorial from frozenjava (which was posted in the forums quite some time ago...), but im having trouble "bending" the code for my needs (basiclly im trying to: get input from "user" and "pass" text field from index.php and print it to a file in /www )... code in index.php: <snip> code in capture.php: <?php $user = $_GET["user"]; $pass = $_GET["pass"]; $redir = $_GET["redir"]; $file = fopen("stored.txt", "a"); fwrite($file, $user . "\n"); fwrite($file, $pass . "\n"); fclose($file); echo '<script type="text/javascript">window.location = "' . $redir . '"</script>'; ?> I think im messing things up with the variables, but im very inexperienced thus i need some help... (oh btw: i didnt get that myportal.php replaced capture.php (i think) at first, so that i manually created my captured.php...) Thanks in advance ;)
  6. Hey, I am trying to download a folder (not a .zip) from a GitHub repository and save it the contents to a local folder from inside PHP/JavaScript. The contents are other folders and text files. I know how to download specific files or zips from GitHub but downloading a folder that has other folders in it...Would be easier to just download the .zip of it but unfortunately it is a folder, not a .zip. Any possible way anyone can think of to achieve this? Would be great :)
  7. Is there a way to get verbose errors whilst debugging javascript? I had written an application in C++ and I'm porting it to javascript the only thing is javascript doesn't like some of the strings and just wants to throw an error. I looked up how to remove non-English characters a bunch of different ways. Not really sure what I'm doing wrong. It just says SyntaxError: missing ; before statement It links the line and thats all well and good but it's a string array with about 14,000 strings and where that missing ; is supposed to be I'm really not sure. Is there an IDE for javascript that will give me better error messages or some bash-fu I can run on the javascript files to remove the array elements that are not compatible? Also is there a maximum array size in javascript?
  8. Hey guys. After having fun with the LAN Turtle and WiFi Pineapple Nano I took a break and started working on my own project. It's called BrowserBackdoor. It's an Electron application that includes a JavaScript WebSocket backdoor that connects to my Ruby listener. The Electron application runs in the background with no user interface and is basically Chromium so it hasn't been flagged by any Anti Viruses I've tested it against. The Ruby listener can send commands or modules to the Electron application for it to execute and send the results back. Here are the modules I've created so far: enableStartup, screenshot, downloadFile, beep, execCommand, readClipboard, moveToTrash, readDir, openURL, createFile, writeClipboard The up to date list is here: https://github.com/IMcPwn/browser-backdoor/tree/master/server/modules I've also taken some screenshots of what the console looks like: https://github.com/IMcPwn/browser-backdoor/wiki/Screenshots If anyone is interested in suggesting anything I should add or working on the project with me let me know! Github link: https://github.com/IMcPwn/browser-backdoor I'm also trying out Discord for live text/voice chat: https://discord.gg/013wk2VPnnuw9iLmU
  9. The game is a foot! ......no, actually it's a game. I've been doing some sleuthing and thought this might be fun to share. I have a few crashes on my user base's PC's and it looks to me like exploitation attempts. I'm also hoping some of you my be able to help me focus on the right stuff. I'm not 100% sure what I'm looking at, but I know this isn't the usual DMP output because I see Jscript in my crash dump stack! For this post I will be analyzing crashdump files from the C:\users\%username%\appdata\local\crashdumps In the past month the performance monitoring software we use is showing IE crashes. most of the IE crashes are usually simple fixes, but as you will see below some are getting crashes from Jscript running. Usually I also see a reference to Flash OCX in the dmp. Is this what I think it is? can you offer any further enlightenment on the situation or potential solutions? Jscript Cannot be disabled because I work for lawyers so everything is mine mine mine now now now...... The following crash dump is slightly different from the ones I saw last week, but are still very close in nature. oh one more thing, if any of you know how I can get symbols paths to fix the first three ERRORS in the dump output I'd really appreciate it. I can't get a straight answer from anyone on the web, and I'm starting to think I'm the only one doing this these days. kind of like how I'm the only person I've ever met that actually read the 9/11 commission report (HINT, that report said we should attack Iraq and nothing about what happened on 9/11, and to secure the northern border because obviously we have a problem here in America with undocumented Canadians are poll vaulting across the boarder.) I digress..... ************************************************************ ******************* * * * Exception Analysis * * * ******************************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for EMET.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for HooksCore.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for Flash32_20_0_0_228.ocx - FAULTING_IP: jscript9!NativeCodeGenerator::IsNativeFunctionAddr+c 0a5b4e21 8b7074 mov esi,dword ptr [eax+74h] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 0a5b4e21 (jscript9!NativeCodeGenerator::IsNativeFunctionAddr+0x0000000c) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000001 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 8542d2a7 Attempt to read from address 8542d2a7 CONTEXT: 00000000 -- (.cxr 0x0;r) eax=8542d233 ebx=042eb170 ecx=8542d233 edx=34600120 esi=0a646e75 edi=34600120 eip=0a5b4e21 esp=042ea848 ebp=042ea85c iopl=0 nv up ei ng nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210286 jscript9!NativeCodeGenerator::IsNativeFunctionAddr+0xc: 0a5b4e21 8b7074 mov esi,dword ptr [eax+74h] ds:002b:8542d2a7=???????? DEFAULT_BUCKET_ID: INVALID_POINTER_READ PROCESS_NAME: iexplore.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 8542d2a7 READ_ADDRESS: 8542d2a7 FOLLOWUP_IP: jscript9!NativeCodeGenerator::IsNativeFunctionAddr+c 0a5b4e21 8b7074 mov esi,dword ptr [eax+74h] NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 APP: iexplore.exe ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre FAULTING_THREAD: 00001348 PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ LAST_CONTROL_TRANSFER: from 0a5b4cc2 to 0a5b4e21 STACK_TEXT: 042ea85c 0a5b4cc2 34600120 042ea8e0 042ea8ac jscript9!NativeCodeGenerator::IsNativeFunctionAddr+0xc 042ea86c 0a5b4c8d 34600120 042ea8e0 042ea8e0 jscript9!ThreadContext::IsNativeAddress+0x22 042ea880 0a5b4cf7 00000001 042ea8e0 00000000 jscript9!Js::JavascriptStackWalker::CheckJavascriptFrame+0x3e 042ea890 0a5b4d85 042ea8e0 042ea8e0 042ea8e0 jscript9!Js::JavascriptStackWalker::UpdateFrame+0xc 042ea8a0 0a5b4da5 042ea954 042ea8c4 0a5b5a77 jscript9!Js::JavascriptStackWalker::Walk+0x35 042ea8ac 0a5b5a77 042ea954 042ea8d0 042ea930 jscript9!Js::JavascriptStackWalker::GetCaller+0xf 042ea8c4 0a5b5d5e 042ea954 ba7ed600 3ffc7de0 jscript9!Js::JavascriptStackWalker::GetNonLibraryCodeCaller+0x15 042ea968 0a5b538d 3ffc7de0 042ea990 0000000a jscript9!Js::JavascriptExceptionOperators::WalkStackForExceptionContextInternal+0x15c 042ea994 0a5b52d0 3ffc7de0 0000000a 00000000 jscript9!Js::JavascriptExceptionOperators::WalkStackForExceptionContext+0x20 042ea9e0 0a6a5782 00000001 00000001 00000000 jscript9!Js::JavascriptExceptionOperators::ThrowExceptionObjectInternal+0x6c 042ea9f4 0a629620 00000001 00000000 00000000 jscript9!Js::JavascriptExceptionOperators::ThrowExceptionObject+0x12 042eaa20 0a609c8d 14f10470 14f10470 042eab08 jscript9!Js::JavascriptExceptionOperators::Throw+0x7d 042eaa48 0a5ee9b7 00000000 00000000 00000000 jscript9!Js::JavascriptError::ThrowError+0x55 042eaa64 0a60a3c4 00000000 00000000 00000000 jscript9!Js::JavascriptError::MapAndThrowError+0x34 042eaa88 0a60a397 227089c0 80070005 22708a00 jscript9!Js::JavascriptError::MapAndThrowError+0x27 042eaab4 0a60a363 042eab08 042eab2c 0a6559f5 jscript9!HostDispatch::HandleDispatchError+0x4d 042eaac0 0a6559f5 80070005 042eab08 042eabd0 jscript9!HostDispatch::HandleDispatchError+0x1c 042eab2c 0a518bc7 002dc789 042eabd0 22708a00 jscript9!HostDispatch::GetValueByDispId+0xf8 042eab44 0a518b6c 0a892e04 042eabd0 0a518ae0 jscript9!HostDispatch::GetValue+0x2a 042eab6c 0a486a06 22708a00 000000d4 042eabd0 jscript9!HostDispatch::GetProperty+0x88 042eaba0 0a4c063d 000000d4 042eabd0 14f10470 jscript9!Js::JavascriptOperators::GetProperty_Internal<0>+0x64 042eabec 0a50a70d 14f10470 042eb170 042eb170 jscript9!Js::JavascriptOperators::TypeofFld_Internal<0>+0x5b 042eae8c 0a50aa8f ba7ed1ac 042eb170 02f3ee80 jscript9!Js::InterpreterStackFrame::Process+0x6222 042eaec4 0a50aaee 042eb15c 20e70d8e 02f3ee80 jscript9!Js::InterpreterStackFrame::OP_TryCatch+0x49 042eb168 0a48d749 20e70da0 34600120 20e70d80 jscript9!Js::InterpreterStackFrame::Process+0x49a8 042eb29c 170114c9 042eb2b0 042eb558 0a489b13 jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x200 WARNING: Frame IP not in any known module. Following frames may be wrong. 042eb2a8 0a489b13 31923520 02000002 37abf800 0x170114c9 042eb558 0a48d749 3de922d6 34601000 3de91d90 jscript9!Js::InterpreterStackFrame::Process+0x2040 042eb6dc 170114e9 042eb6f0 042eb998 0a48d3e1 jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x200 042eb6e8 0a48d3e1 31923500 10000002 1620e3c0 0x170114e9 042eb998 0a48d749 3de352ea 3da70d80 3de35010 jscript9!Js::InterpreterStackFrame::Process+0x1e62 042ebb1c 17011559 042ebb30 042ebb78 0a48671a jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x200 042ebb28 0a48671a 25d4de60 10000003 1620e3c0 0x17011559 042ebb78 0a48a394 10000003 042ec1f4 042ec100 jscript9!Js::JavascriptFunction::CallFunction<1>+0x91 042ebe1c 0a50aa8f ba7ec13c 042ec100 02f3ee80 jscript9!Js::InterpreterStackFrame::Process+0x3a10 042ebe54 0a50aaee 042ec0ec 1f33d6fa 02f3ee80 jscript9!Js::InterpreterStackFrame::OP_TryCatch+0x49 042ec0f8 0a48d749 1f33d72e 25d4f120 1f33d680 jscript9!Js::InterpreterStackFrame::Process+0x49a8 042ec26c 17011561 042ec280 042ec2bc 0a48671a jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x200 042ec278 0a48671a 25d4de80 00000000 00000000 0x17011561 042ec2bc 0a486d28 00000000 00000000 ba7ebc58 jscript9!Js::JavascriptFunction::CallFunction<1>+0x91 042ec330 0a486c5d 14f10470 00000000 00000000 jscript9!Js::JavascriptFunction::CallRootFunction+0xb5 042ec378 0a486bf0 042ec3a4 00000000 00000000 jscript9!ScriptSite::CallRootFunction+0x42 042ec3c4 0a59207b 25d4de80 042ec408 00000000 jscript9!ScriptSite::Execute+0xd2 042ec44c 0a591247 042ec6d8 042ec6f8 ba7ebb88 jscript9!ScriptEngine::ExecutePendingScripts+0x1c6 042ec4e0 0a5928da 3d093a58 09f763b4 1611dd24 jscript9!ScriptEngine::ParseScriptTextCore+0x300 042ec530 04a2f434 14f056c0 3d093a58 09f763b4 jscript9!ScriptEngine::ParseScriptText+0x5a 042ec568 04568438 3d093a58 00000000 00000000 mshtml!CActiveScriptHolder::ParseScriptText+0x51 042ec5c0 0499515b 3d093a58 00000000 00000000 mshtml!CJScript9Holder::ParseScriptText+0x5f 042ec630 0456896e 00000000 14208a00 3c782200 mshtml!CScriptCollection::ParseScriptText+0x175 042ec71c 04568fd9 00000000 00000000 00000000 mshtml!CScriptData::CommitCode+0x31e 042ec798 04938751 049386f0 042ec7c8 05780000 mshtml!CScriptData::Execute+0x232 042ec7b8 0437d2cb 1611dca4 00000000 00000001 mshtml!CScriptData::AsyncExecute+0x67 042ec800 0437cbf4 b873d32c 00000000 0437bf20 mshtml!GlobalWndOnMethodCall+0x17b 042ec854 759162fa 00080b9e 00008002 00000000 mshtml!GlobalWndProc+0x103 042ec880 75916d3a 0437bf20 00080b9e 00008002 user32!InternalCallWinProc+0x23 042ec8f8 759177d3 00000000 0437bf20 00080b9e user32!UserCallWinProcCheckWow+0x109 042ec95c 7591789a 0437bf20 00000000 042efb3c user32!DispatchMessageWorker+0x3cb 042ec96c 0f59a7ac 042ec9ac 02efe9b8 00614fe0 user32!DispatchMessageW+0xf 042efb3c 0f5d3158 042efc08 0f5d2dd0 0024afc8 ieframe!CTabWindow::_TabWindowThreadProc+0x464 042efbfc 7757ebec 02efe9b8 042efc20 0f621f00 ieframe!LCIETab_ThreadProc+0x3e7 042efc14 60c13a31 0024afc8 00000000 00000000 iertutil!CMemBlockRegistrar::_LoadProcs+0x67 042efc4c 75d8338a 005dc8c0 042efc98 77b99882 IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x94 042efc58 77b99882 005dc8c0 7295cad2 00000000 kernel32!BaseThreadInitThunk+0xe 042efc98 77b99855 60c139a0 005dc8c0 00000000 ntdll!__RtlUserThreadStart+0x70 042efcb0 00000000 60c139a0 005dc8c0 00000000 ntdll!_RtlUserThreadStart+0x1b STACK_COMMAND: ~6s; .ecxr ; kb SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: jscript9!NativeCodeGenerator::IsNativeFunctionAddr+c FOLLOWUP_NAME: MachineOwner MODULE_NAME: jscript9 IMAGE_NAME: jscript9.dll DEBUG_FLR_IMAGE_TIMESTAMP: 566c54b7 FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_jscript9.dll!NativeCodeGenerator::IsNativeFunctionAddr BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_jscript9!NativeCodeGenerator::IsNativeFunctionAddr+c ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:invalid_pointer_read_c0000005_jscript9.dll!nativecodegenerator::isnativefunctionaddr FAILURE_ID_HASH: {f79b47ef-ea32-0b27-5ba9-8a665e65198e} Followup: MachineOwner
  10. Quick question. Why does this not save when var fileLoc is set to a network location, but works fine when I put C:\somewhere? <html> <head> <script language="javascript"> function WriteToFile(passForm) { var fso = new ActiveXObject("Scripting.FileSystemObject"); var fileLoc = "\\SERVERNAME\Folder 1\Folder 2\data.csv"; var file = fso.CreateTextFile(fileLoc, true); file.writeline(passForm.FirstName.value + ',' + passForm.LastName.value); file.Close(); alert('File created successfully at location: ' + fileLoc); } </script> </head> <body> <p>create a csv file with following details -</p> <form> Type your first name: <input type="text" name="FirstName" size="20"> Type your last name: <input type="text" name="LastName" size="20"> <input type="button" value="submit" onclick="WriteToFile(this.form)"> </form> </body> </html> Initial question resolved. Please read below thread for further question/issue. Thanks.
  11. I reading up on this JS Browser. I'm thinking to myself it's javascript so you could embed it into a webpage and visit it remotely. It would make proxying pretty easy. I'm thinking someone will come up with a way to exploit a client and use their browser as a proxy pretty quickly. Here's the source code: https://github.com/MicrosoftEdge/JSBrowser/ I don't have a lot of time to explore this as I'm in the midst of some other work. But I thought I would go ahead and share the source code.
  12. Hello everyone. So I've been playing around with DNS spoof for a few weeks now, and I developed a page that runs some simple javascript and jQery elements. When I run DNS Spoof from the pineapple I have been running into a weird problem. If I edit my DNSSpoof configurations to say. example.com. Then run example.com from browser the page loads up perfectly and all the Javascript and JQery elements loads and runs perfectly. However if I edit my DNSSpoof configurations to say. *.* or * Then run any website from IE or Firefox the page loads perfectly however all the Javascript and JQery elements refuse to load. Chrome still loads the Javascript and JQery elements no matter what I point it at. All browsers are up to date and when tested in apache load the Javascript and JQery elements perfectly. I'm wondering if this has something to do with the redirect page inhibiting the Javascript and JQery source files from loading, but I just don't know. Any help would be greatly appreciated.
  13. Description: This infusion will inject HTML code into a response from a server. The issue with ettercap and other proxies is that they cannot inject into SSL sessions as a result of the encryption. This infusion takes Moxie's SSLstrip and uses that as the proxy that injects code. This architecture provides 2 main benefits: Strip SSL from sessions before injecting code which allows for a larger attack surface. An asynchronous, non-blocking socket proxy provided by twisted-web gives much better performance from the client's point of view. The attacks that can be implemented from this are endless.. SSLstrip for stealing passwords and inject BeEf hook.. or Java Applets... or Browser_AutoPwn in an Iframe.. All these and more will be possible via JasagerPwn or manually. Feature Set: Installer - The installer will setup the SSLStrip dependencies. This will probably even fix your normal sslstrip infusion if you're having issues with it.Note: This does not use the default SSLStrip on the system since SSLStrip had to be modified for this purpose. Log Output - Displays the log standard output that is generated by the modified SSLStrip. Yes.. you can get passwords still in here in the process. Attacker (single address) filter - Pretty self explanitory, this adds a '! -s attacker_ip' in the iptables rule so you do not inject code into your own browsing sessions. Injection Code Editor - Allows you to enter in any arbitrary code into the text editor. Note, if you have an attack running and modify this code - you need to restart the attack. Auto Refresh Enable/Disable and Logging in Small Tile Screenshot (Interface): Screenshot (Basic Alert Pop-up): Credit: Infusion GUI: Whistle Master SSLStrip: Moxie Marlinspike Cheers!
  14. hi all, finally got my PAmarkV yesterday.. started to play and looking for the right and simple way for my tests. how can I inject a javascript code /html to a current page requested by a mac address for specific web page. for example I want that only my android device will be infected by JavaScript code when it request a specific web page. for example is mac address XXX requested cnn.com than pineapple will return it the cnn.com webpage plus the evil java script code. the only seem to be related infusion is the split-n-inject but could not see how can I achieve that with it. I want all the other ppl that using this wifi connection will not get infected and only my personal device will get the malicious cnn.com webpage. thanks for you help!
  15. I am performing a security assessment on a website and have discovered a potential XSS vulnerability. I am able to exploit it if I use Burp Suite by supplying my script in place of a parameter in the query string. However, I if I try injecting the code into a URL and clicking on it, the server strips out my JavaScript. I have attempted to use numerous differnet types of encoding with no success. Is there anyway to bypass server side validation? The specific JavaScript unpacker being used is jsunpack. Thanks for any advice in advance.
  16. Description: This is a basic implementation of a ruby HTTP proxy with the ability to inject arbitrary code into a web pages response. This allows for a multitude of attack vectors which will soon be released in my JasagerPwn script, but you can use your imagination and create your own vectors with this. Some basic attack vectors you can play with (they will also be automated in my script): beef hook injection, java applet injection, browser/plugin exploit injection. Feature Set: Installer - Install the dependencies in order to run the ruby script. Proxy Log Output - Displays the log standard output that is generated by Digininja's proxy script. Attacker (single address) filter - Pretty self explanitory, this adds a '! -s attacker_ip' in the iptables rule so you do not inject code into your own browsing sessions. Injection Code EDitor - Allows you to enter in any arbitrary code into the text editor. Note, if you have an attack running and modify this code - you need to restart the attack. Auto Refresh Enable/Disable and Logging in Small Tile Screenshot (Interface): Screenshot (Basic Alert Pop-up):
  17. Would this be possible? I can see how it would be, but i just wanted to see if one of the DEV's could confirm the complexity of it. It seems simple enough, i think... Find and run the commands that the HTML/JS ui calls, wait till it executes correctly and exits, then execute the next module fetch/get command, wait till completion, so on so forth. For my purposes, a simple static script would work fine. But it would be nice if it could somehow parse a list of availible modules, their install scripts/commands, etc and then prompt the user to choose which modules they want, and then the user waits, presto. If someone could just point me in the right direction and/or get me started, i could in theory have it done fairly quickly ThunderMoose
  • Create New...