Jump to content

Recommended Posts

Posted (edited)

Hey everyone!

Shadowblade72 and I are proud to present a project we've been working on for months; Hax0rBl0x! This framework is designed to have a central menu that allows you to pick and choose which attacks you want to use in a pentest. These tools are also being designed to function on Backtrack 5 R3 for use with a computer, or for use on a (Pi)neapple attack platform. We also want the ability to add new tools as we produce them. We will be updating this thread from time to time to announce new updates and new capabilities. If you guys have any suggestions, requests, bugs, or anything else, please let us know.

List of tools:

-Hax0rBl0x.sh: This is the main menu framwork that allows us to add more tools by simply dragging and dropping files.

-Passive OS Fingerprinting: This is a passive scanner that will read information from passing packets to find OS, Browsers, Apps, Open Ports, uptime, Host type, and manufacturer of each host on the network (or on your pineapple)

-Cred Harvester (Now with Arpspoofing built in!): This is a tool similar to Easy-Creds or YAMAS, but extremely polished to harvest creds, cookies, social security numbers, or credit card numbers from selected targets. The info is then displayed on an easy to read summary on screen and dumped into an easy to read report for further perusing. The programs launched are Ettercap, SSLStrip, Dsniff, Hamster & Ferret, NGREP, and URLSnarf.

The link to our code can be found at: http://code.google.com/p/hax0rbl0x/

NOTE: We are still working on getting the install code working properly as we just switched to Google Projects, so stay tuned!\\

EDIT 2/21/2013: A couple of things. We've gotten Google Code working nicely and are working on getting a streamlined install working properly. also, this tool set has been tested on both BackTrack 5 R3 and the Pi. We make no promises that it will function at all on the pineapple itself.

Edited by airman_dopey
Posted

As Dopey said, we really hope you guys enjoy this. Lots of time went into bring this to you, so please feel free to give us your honest feedback.

Also, if you run into ANY errors or logic failures, please let us know. This is version 1.0, so there may still be a few lingering bugs waiting to get squashed. That being said, we tested this pretty extensively, it should be smooth sailing.

Cheers guys.

Posted

Hey guys and gals.

ShadowBlade72 and I have spoken about tools we're working on to be used with both BackTrack 5 and the Pi for use with the pineapple or through simple arp spoofing and the like. Well, we've finished our first tool and are releasing it as a "sneak peek" for what's to come. You can find the post over at the Applications and Coding forums here:

http://forums.hak5.org/index.php?/topic/28677-hax0rbl0x-sneak-peak/

We wanted to tell you guys here as we designed them to be used with the (Pi)neapple platform as well. Please let us know what you think!

Posted (edited)

Hey guys and gals!

Been working hard on the latest HaxorBlox release coming soon. Wanted to give a little sneak peek of what's coming down the pipe; Cred Harvester!

Looking at the problems the Pineapple has had with running multiple tools at once, we wanted to see what we could do using a (Pi)neapple setup or offload the tools to a computer while keeping the simple interface. Hopefully you guys dig what we came up with. Similar to Easy-Creds (although we had the idea prior to discovering the tool) we decided to have a simple script that would handle Ettercap, SSLStrip, DSniff, URLSnarf, Hamster & Ferret (Sidejacking attack), and NGREP. In addition to dumping the output to a nice log file automatically, we wanted to have a simple display showing real-time creds as they are captured. We were able to filter the output to prevent duplicate creds displaying, and wrote a simple filter wizard to only display real-time URLSnarf data that you ACTUALLY NEED to see right now. No data is left out of the final report (with multiple logging options) so you can still get everything you need, but see real-time only what you want.

(As a side note, we also do not blanket wipe out IPTables or anything like that. Every check is done to attempt to keep your system the same as what it was, while only changing and cleaning up what's needed for whatever program you choose to load.)

The tool is in the final stages of being created, and we still need to sanity check and do some final polish, but we should have it released in the next week or so. We are REALLY excited over this addition and we hope you guys are too! If you have any ideas, comments, or feedback we'd love to hear it!

post-40962-0-03920500-1360402279_thumb.j

Main menu of Cred Harvester

post-40962-0-31237600-1360401685_thumb.j

Loading Screen

post-40962-0-49716100-1360401684_thumb.j

Action shot

Edited by airman_dopey
Posted

Looks great Airman! Can't wait to check out the latest and greatest

f5 f5 f5 f5 f5 f5 f5 f5 f5

telot

Posted (edited)

Hey guys, just wanted to stop by and post a quick update. We're still hard at work on the Cred Harvester script. It's getting to a point where we're both pretty happy with it.

At this point we're just cleaning up some aesthetics and fixing any bugs we can find.

By the way, if anyone has any sample DSniff output, we'd be interested in obtaining it.

Edited by ShadowBlade72
Posted

Hey guys!

Wanted to let you know that the Cred Harvester has been released! We have tried to cover all the bases as far as sanity checks, requirements, etc but no one can get everything first try. If you guys find anything please let us know and we'll get it fixed ASAP. We're also close to having the main framework and install procedure finished, so we'll keep you posted on that. IN the mean time, try out the fruit of our labor and let us know what you think!

Sanity Check Menu

CredHarvesterSanity_zps179d26dc.png

Main Menu

CredHarvesterMainMenu_zps758aa224.png

Loading Selected Programs

CredHarvesterLoading_zpsd6969591.png

Program Running

CredHarvesterLoaded_zps2ded31c7.png

(Pictures courtesy of ShadowBlade72)

Posted

Ngrep was pulled from the pineapple due to a lack of power. We want tools that allows the pineapple to do what it does best and leave the heavy lifting to ask pi or another computer. Besides, I'd rather be able to do as little or as much as I want for any given attack; not be limited by the hardware.

Posted

Ngrep was pulled from the pineapple due to a lack of power. We want tools that allows the pineapple to do what it does best and leave the heavy lifting to ask pi or another computer. Besides, I'd rather be able to do as little or as much as I want for any given attack; not be limited by the hardware.

No I mean, It won't run at all lol

./40_Cred_Harvester_1.0.sh: line 377: tput: command not found
./40_Cred_Harvester_1.0.sh: line 377: tput: command not found
./40_Cred_Harvester_1.0.sh: line 377: tput: command not found
./40_Cred_Harvester_1.0.sh: line 377: tput: command not found
./40_Cred_Harvester_1.0.sh: line 377: tput: command not found
./40_Cred_Harvester_1.0.sh: line 377: tput: command not found
|              [Q] Quit             |             [X] Override             |
./40_Cred_Harvester_1.0.sh: line 378: tput: command not found
./40_Cred_Harvester_1.0.sh: line 378: tput: command not found
|--------------------------------------------------------------------------|
./40_Cred_Harvester_1.0.sh: line 380: tput: command not found
./40_Cred_Harvester_1.0.sh: line 380: tput: command not found
./40_Cred_Harvester_1.0.sh: line 380: tput: command not found
./40_Cred_Harvester_1.0.sh: line 380: tput: command not found
Enter your menu choice:
 

But yeah, I know what you mean. I need to buy an SD card for my Raspberry Pi, then I can rock the suite :D

-Foxtrot

Posted (edited)

You can try this, but I'm going to go ahead and give you a heads up. This cred harvester is WAY WAY WAY too resource intensive to run on the pineapple. Just to run Ettercap on the Pi, it sucks up about 40-50% CPU. I could only imagine running it on the Pineapple.

apt-get install tput

Edited by ShadowBlade72
Posted (edited)

You can try this, but I'm going to go ahead and give you a heads up. This cred harvester is WAY WAY WAY too resource intensive to run on the pineapple. Just to run Ettercap on the Pi, it sucks up about 40-50% CPU. I could only imagine running it on the Pineapple.

apt-get install tput

I'm not saying it wouldn't hurt the Pineapple, I'm just saying it floods with tput lol :P

Great job however, looking forward to use :)

p.s (You cant use apt-get on a Pineapple)

-Foxtrot

Edited by Foxtrot
  • 3 weeks later...
  • 2 weeks later...
  • 2 weeks later...
  • 3 weeks later...
Posted (edited)

Version 1.3 updated, now with Arpspoofing via Ettercap built in. No more need for another script to make it work.

Edited by airman_dopey

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...