Search the Community
Showing results for tags 'mubix'.
Hi, I have written a blog post on using mubix's discovery to grab AD creds using an Evil twin AP and Responder. https://zone13.io/post/Snagging-credentials-over-WiFi-Part1/ pros: • no physical access required • no driver installations.. I can see that Tetra/Nano has Responder modules but not much info on using it. I don't have a Pineapple handy at the moment to try it out. Anyone care to give this a go on tetra/nano? Happy to answer any queries on working. cheers.
Guess who again? :) Here's what's up: Decided to play around with Ozyman. *DUNN Dunn dunnn...* So I'm running Kali Linux on both server (Virtualized on Mac OS X) and on a Netbook (who owns a netbook anymore, common!?) I have my domain set up appropriately (I think so) VIA freedns.alfred and uni.me , it accepted the appropriate namespaces and what not as demonstrated in the original episode with Mubix. On my Virtualized server: In Kali, I have ozyman on the Desktop, so my total bash line looks like this: root@kali~/Desktop/ozyman# ./nomde.pl -i 0.0.0.0 url.uni.me (Obviously it's not really "url.uni.me" :D ) and kicks back : Creating TCP socket 0.0.0.0#53 - done. repeats for UDP* waiting for connections.. Great! now on my client Kali box: ssh -D 8080 -C -o ProxyCommand="/root/ozyman/droute.pl sshdns.url.uni.me" email@example.com *Enter ..... Nothing. Not even a return. It acts like it just hangs. Any ideas? I'm trying this off an isolated network from the server.
So, I was reading Mubix's blog a little while back and he wrote about how PSEXEC shows up in the events log. It got me thinking, why can't I find a list anywhere of things like that which should be red flags in event, and other, logs? Anyone care to help build such a list? I'm starting off with what Mubix mentioned (though, I'm sure it will get changed later) and another obvious one. Windows Server 2003 Event ID 552 - when someone uses something such as RUNAS, it could be a sysad doing their job or an attacker doing something else, but worth looking into. What other things can we all think of? Assuming a network that has a centralized log management server, so all server (say Windows 2003/2008 and maybe some Linux or Solairs ones) logs can be easily alerted off of, as well as firewall events. Anything that's an obvious red flag (like PSEXEC) or warrants further research.
Hey guys!! Ok, so Speaking as a Pineapple no0b, I'm still learning the ways of my Mark IV. I was watching the episode where Mubix explains how to Tunnel your way out of a WiFi Hotspot with DNS (essentially not paying the fee at the hotspot and connecting to your server and bypassing it all). And he started talking about how to incorporate that with the Pineapple. Even though it was on 1st gen Pineapple, It got me thinking: how could something like that be done with the pineapple? Not sure how much could be said obviously (legality and what not) but just my curiosity brewing.