Home » Author: admin
So… there are several reasons I use hostapd on some of my raspberry pi….. and when I do I have seen an issue. To save myself from having to look this up again I just want to note it here. Error: Failed to start hostapd.service: Unit hostapd.service is masked And……to fix it:
Everyone needs a little computer to…well….leave places… Here comes the raspberry Pi Zero W I use Linux as my desktop so…you will have to translate if you are unfortunate and have to use something else… First download a lite Raspberry image: https://www.raspberrypi.org/downloads/raspbian/ Unzip it and copy it to an SD card:# dd if=2019-07-10-raspbian-buster-lite.img of=/dev/sdb bs=512k Now, remove your SD card and plug it back in so you can mount the boot partition by default there is no ssh enabled…so this fixes that:# cd /media/you/boot# touch ssh Now you need to setup the network….also in the boot partition# vim wpa_supplicant.conf Ok, unmount it…. Plug it into your raspberry Pi and power it on! Now, if you control your DHCP server it will show up as a hostname of raspberry and you can ssh into it, user of pi password of raspberry
Ok…so, if you know me the fact I have a PM3 (Proxmark3) is not a surprise. I have had it for years, actually have a v1 and a v3…. Anyway, I love running Kali on bare hardware, have been doing it for years, love it. Anyway, here are a few personal notes for running Proxmark client on Kali 2019. Some notes from here: https://scund00r.com/all/rfid/2018/06/05/proxmark-cheatsheet.html With a few of my own edits Also, I have seen some issues where ModemManager causes the Proxmark to reboot…. so I disable it:systemctl disable ModemManagerandsystemctl stop ModemManager Ok… now that it is compiled here are some notes on flashing the firmware and starting the client:cd proxmark3/client./flasher /dev/ttyACM0 -b ../bootrom/obj/bootrom.elf./flasher /dev/ttyACM0 ../armsrc/obj/fullimage.elf ./proxmark3 /dev/ttyACM0 BOOM, done!
Sometimes I use firejail…well a lot actually….and I usually just use it for a browser like this: firejail –private google-chrome or this firejail –private google-chrome –proxy-server=”socks5://localhost:8080″ But on a few occasions I want to be able to join ssh to the same sandbox instance…so I do this: firejail –list firejail –join=3452 (or whatever the session you want) Another thing I have ran into is I downloaded something but want to save it before I destroy my firejail (private) session…so I do this: firejail –get=5255 ~/.config/google-chrome/Default/Cookies You can see more examples and other documentation here: Basic Usage
As an “Ethical Hacker” I find it necessary at times to perform port forwarding, for many reasons… But I usually just use iptable rules to do that, and then there came firewallD…. FirewallD still uses iptables so my old rules still work, but I also wanted a way to perform port forwarding using the FirewallD process… it also makes my rules just fit in nicely with the rules that are on most Linux systems using firewallD. Lets take for example a RedHat or CentOS system, say a ver7 or something, and I want to use it as a traffic proxy of sorts so when my reverse shell connects it looks like it is connecting to this server when in reality it is just using this iptables/firewallD port forwarding to send the traffic to my box. We will call the location of my reverse shell the Client, we will call the […]
I say honeypot but really it isn’t a honeypot… but it is something I am using to log/capture data from malicious individuals….so thus the reason I say honeypot. I want to edit sshd to log all user/password attempts. Cent7 yum install git make zlib-devel openssl-devel openssh-devel pam-devel screen autoconf gcc vim-enhanced lsof git clone https://github.com/openssh/openssh-portable.git cd openssh-portable/ autoreconf ./configure vim auth-passwd.c (add in my little log code in the auth_password function) //for Lanix logit(“sshd credentials:%s:%s”,authctxt->user,password); make we are going to use the built-in sshd_config and the current ssh_host_keys to prevent anyone remote being able to easily identify the trap. cp /etc/ssh/sshd_config /root/ (modify this as there are multiple parts we didn’t complile into our ssh and errors will be thrown, also to test I run it first on a different port) cp /etc/ssh/ssh_host_* /root/ chmod 0600 /root/ssh_host_* /root/openssh-portable/sshd -f sshd_config -D (I test with the -D so that I can easily […]
I have found that some of the tools I am utilizing and need to compile require zlib.h… and that is in the zlib1g-dev package… so: apt install zlib1g-dev
Just a quick note wile performing recon on a customer I struggled with the dns-names.txt issue on kali, basically thehavester is looking for a file named dns-names.txt in the current directory when you are requesting to perform a dns brute force. The good news is the file exists in two spots on a kali box: yourname@kali:~/Desktop$ locate dns-names.txt /usr/share/golismero/tools/theHarvester/dns-names.txt /usr/share/golismero/tools/theHarvester/discovery/dns-names.txt this is used when you pass the “-c” option, so the easiest work around until this gets updated is to copy one of these files into your current directory. On my box both were the exact same file.
Funny thing about people and passwords… just about anything really, we get comfortable with certain things, for example, you probably know of a family where all the kids first names start with the same letter. Kids tend to be a little more creative, but adults tend to hold onto things, similar things. Lets look at passwords, now keep in mind I am not saying everyone is like this, you may not be, but chances are….the majority of people will have a password that is similar in structure. Lets say this is your password: Cathat89! Your original password was probably something similar to you, say you liked cat in the hat, and you were born in the year 1989. But the content of the password will change over time… but the structure could stay the same. You see how the first character is a capitol, then there are several lower case […]
There are lots of ways to create a wordlist, you can just generate them, find pre-built ones online, etc. In this case I want to create a wordlist that contains components specific to the organization I am auditing. cupp is good if you know details about individuals cupp -i cewl is good to scrape a website for words cewl https://customer-site.com -v -w cewl-wordlist-customer-site.txt there are other options, like following links more than 2 deep (-d option) or target words larger than 8 characters with the (-m 8 option) or if you feel crazy, the -o option will spider to other sites