Search the Community

Hi guys, I have read many articles claiming that several Browser types are suited for Kali Linux, but which one do you use and why? Here is a short list of the (apparently) most popular: Tor Browser; QupZilla; Midori; NetSurf; Rekonq; Pale Moon; Firefox ESR, Chromium; and DuckDuckGo!

Hey Guys, with April fools coming up soon I want to try to make an nCage payload for the LanTurtle. For the uninitiated, "nCage" is a Chrome extension that replaces every picture in the web browser with a picture of Nick Cage. I swear I saw somewhere that there was a payload for the LanTurtle that replaced pictures in the browser with pictures of cats, so I figured I could modify that payload, but I couldn't find it. Is anyone familiar with a payload similar to that?

DumpCreds 2.0 Author: QDBA Version: Version 2.0.2 Target: Windows Description Dumps the usernames & plaintext passwords from Browsers (Crome, IE, FireFox) Wifi SAM Hashes Mimimk@tz Dump [new] Computerinformition ( Hardware, Softwarelist, Hotfixes, ProuctKey, Users...) without Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock) Internet connection (becaus Firewall ContentFilter Blocks the download sites) Configuration None needed. Requirements Impacket must be installed. Install it from tools_installer payload https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/tools_installer STATUS LED ----------------------- Status -------------------------------------------------------------- White Give drivers some time for installation Red Blink Fast Impacket not found Red Blink Slow Target did not acquire IP address Amber Blink Fast Initialization Amber HID Stage Purple Blink Fast Wait for IP coming up Purple Blink Slow Wait for Handshake (SMBServer Coming up) Purple / Amber Powershell scripts running RED Error in Powershell Scripts Green Finished Download https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/DumpCreds_2.0 ToDo paralellize Creds gathering with PS while Bashbunny is waiting for Target finished the script it can do some other nice work. i.e. nmap the target. (Not very usefull at the moment, because I'm Admin on Target Host) remove the modifications of the Powersploit scripts, so you can download and use the original Files. (At the moment you must use my scripts) Not Possible at the moment put some version information into the sourcecode and the output file rewrite some code of the payload so the payload will work no matter if you have admin rights (UAC MsgBox) or not (Credentials MsgBox) Maybe! If Target is in a AD Domain and Mimik@tz give us some Passwords try to get some more information about the AD Domain Credits to...... https://github.com/sekirkity/BrowserGather Get-ChromeCreds.ps1 https://github.com/EmpireProject/Empire Get-FoxDump.ps1, Invoke-M1m1k@tz.ps1, Invoke-PowerDump.ps1

Just received my pineapple a couple of days ago, yay (with a defective power supply, unfortunately) What is the best practise to control a pineapple from a smartphone? I'm using a Nexus 6, but my browser can't handle the big tiles properly. When entering a big tile, I can't scroll down within that tile. That makes most of the infusions useless to control from a smartphone. I've tried Chrome and Firefox even in "Desktop mode" but still no joy. How do you guys control your pineapple from a smartphone (android in particular)? //WB

Hi there. Long time viewer of Hak5. (Tried successfully hacking the ZipIt Z2 to run AirCrack) I've recently invested in a Lenovo Thinkpad W510 [intel Quad-core i7 720QM, 4GB RAM, Win7] for my small business. I'm mainly going to be doing online surfing, video conferencing, and word processing. Though my main focus for this post is the online surfing and perhaps the conferencing too. I'm not computer literate. I've dabble lightly in networking, (aka I'm the one who fixes the 'internet' at home) so I know the surface of the malicious threats that can befall someone surfing the net. But my question is this: What sort of extensions for Chrome and perhaps simple programs on Win7 exist out there that can offer me a smidgen of an illusion of a more secure laptop and online experience, from online and wifi threats? You know, so I don't have to reformat every few months, give up sensitive client info, or sacrifice sanity while using my browser. It doesn't need to be a free option, I don't mind paying a developer for a program or system of security worth my time and effort.

i want to test and demo pwning of mobile devices such as Android and iOS. i googled a lot and found a recent example: https://www.youtube.com/watch?v=TbyQoWyaw2g can i achieve the same thing using Pineapple only? right now i am trying to get Kali machine + beef + metasploit working with that module without success (that specific vulnerability). i found in the forum there's something named JasagerPwn that contains beef: https://forums.hak5.org/index.php?showtopic=30588 but don't know if this is an updated infusion or if it was replaced with other infusion. bottom line - is there an infusion or setup with Pineapple that can operate beef against browsers of mobile devices and let me run exploits and to be specific the UXSS demo shown in the movie? will be happy to get your inputs and redirection what is the needed setup i need to focus on? more general questions - what else do you think i can demo on mobile phones/browsers? keylogger? i am looking for something with an affect - visual or sound that can be an action i decide what is the timing (not redirecting to a page that will play wav file). thank you very much! pineapple is so cool - can't wait to understand how deep i can use it

I am trying to intercept the homepage call from within firefox using dll injection c#. Is any familiar with the call that is made when the user clicks on the firefox homepage button?

I just got the Mark IV pineapple and Im ready to get the road on the show. I followed the instructions in the booklet for "Connecting for the first time" with windows Ethernet testing- I'm running windows 8- but after configuring my home WiFi (internet facing adapter) and the LAN connection (Pineapple Facing Adapter) as illustrated in the booklet I still cant connect to 172.16.42.1/pineapple in my web browser.Whenever i try i just get a php.redirect and whatever page im on just reloads. my WiFi IPv4 and DNS is set to automatically obtain (Image 1) and pineapple settings are in Image 2. What do I need to do to get into the pineapple GUI!? any help would be greatly appreciated. Any additional info you may need just let me know. Image 1 Image 2