admin
Comments Off on RFID Skimmer – backpack or messenger bag

Well… all this RFID stuff wasn’t all just because I was trying to be a maker person…. nope, there was still the hacker/pen tester in me that was driving all this RFID shenanigans. I built something, it was actually something I built before I made the RFID holocron raspberry Pi RDM6300 thing…. First I want to give credit where credit is due, I basically used the notes from this wonderful info sec individual named Alex Dib and his post on the RFID Thief v2.0 – Here another great post Here and it is all based on the Wiegotcha code found Here. Parts:– Raspberry Pi 3 – I also made a variation using a Raspberry Pi Zero W but more on that latter – I also got one working with a Raspberry Pi 2 but needed a USB wifi dongle to go into AP mode– HID MaxiProx 5375 – got mine […]

admin
Comments Off on RFID Kyber Crystals and Holocrons post 1

Well…. You can’t blame me and the other people like me, if you make cool toy that has a cool technology you can’t blame us for checking it out and figuring it out….. Well, I took my previous project using a RDM6300 and a raspberry Pi and I added some 5050 LED strip lights…..I planed on making the lights do something different based on the RFID that was detected….so I needed some EM4100 RFIDs to read and mess with….so I found certain Kyber Crystals from the big D place just happened to have EM4305 RFID chips in them that could be read as EM4100s. I did similar wiring to this page here. But I specifically used GPIO pins 23, 24, 25 to control the RGB of the 5050 led strip. Then I hacked up this python code here (I borrowed some of it from the link in the last post […]

admin
Comments Off on RFID – RDM6300 – EM4100 and Raspberry pi

ok, we are going to play with a little RFID…. I have messed a lot with RFID access cards, IOProx, HID, etc…. but not much with the EM4100 and EM4305 so that is what I am playing with right now. I will probably write some notes up on HID and IOProx later…. Parts:– Raspberry Pi Zero W – with SD Card obviously– RDM6300 module and antenne– Logic Level Shifter– jumper wires Start with a headless install of a Raspberry Pi – like from these notes here Now you need to wire up this stuff…..first the pinouts Now we gotta wire it all together…here is my poor attempt at portraying that…. I did use this page for some help, but it is a little old – here. You now need to enable/disable some stuff on the regular raspian image….first run “sudo raspi-config”– Select “Interfacing Options” this was number 5 for me– […]

admin
Comments Off on Hostapd on raspberry pi

So… there are several reasons I use hostapd on some of my raspberry pi….. and when I do I have seen an issue. To save myself from having to look this up again I just want to note it here. Error: Failed to start hostapd.service: Unit hostapd.service is masked And……to fix it:

admin
Comments Off on Headless install Raspberry Pi Zero W

Everyone needs a little computer to…well….leave places… Here comes the raspberry Pi Zero W I use Linux as my desktop so…you will have to translate if you are unfortunate and have to use something else… First download a lite Raspberry image: https://www.raspberrypi.org/downloads/raspbian/ Unzip it and copy it to an SD card:# dd if=2019-07-10-raspbian-buster-lite.img of=/dev/sdb bs=512k Now, remove your SD card and plug it back in so you can mount the boot partition by default there is no ssh enabled…so this fixes that:# cd /media/you/boot# touch ssh Now you need to setup the network….also in the boot partition# vim wpa_supplicant.conf Ok, unmount it…. Plug it into your raspberry Pi and power it on! Now, if you control your DHCP server it will show up as a hostname of raspberry and you can ssh into it, user of pi password of raspberry

admin
Comments Off on Proxmark3 and Kali – 2019

Ok…so, if you know me the fact I have a PM3 (Proxmark3) is not a surprise. I have had it for years, actually have a v1 and a v3…. Anyway, I love running Kali on bare hardware, have been doing it for years, love it. Anyway, here are a few personal notes for running Proxmark client on Kali 2019. Some notes from here: https://scund00r.com/all/rfid/2018/06/05/proxmark-cheatsheet.html With a few of my own edits Also, I have seen some issues where ModemManager causes the Proxmark to reboot…. so I disable it:systemctl disable ModemManagerandsystemctl stop ModemManager Ok… now that it is compiled here are some notes on flashing the firmware and starting the client:cd proxmark3/client./flasher /dev/ttyACM0 -b ../bootrom/obj/bootrom.elf./flasher /dev/ttyACM0 ../armsrc/obj/fullimage.elf ./proxmark3 /dev/ttyACM0 BOOM, done!

admin
Comments Off on Join a firejail session

Sometimes I use firejail…well a lot actually….and I usually just use it for a browser like this: firejail –private google-chrome or this firejail –private google-chrome –proxy-server=”socks5://localhost:8080″ But on a few occasions I want to be able to join ssh to the same sandbox instance…so I do this: firejail –list firejail –join=3452 (or whatever the session you want) Another thing I have ran into is I downloaded something but want to save it before I destroy my firejail (private) session…so I do this: firejail –get=5255 ~/.config/google-chrome/Default/Cookies   You can see more examples and other documentation here: Basic Usage

admin
Comments Off on Port Forwarding with FirewallD for a Reverse Shell

As an “Ethical Hacker” I find it necessary at times to perform port forwarding, for many reasons…  But I usually just use iptable rules to do that, and then there came firewallD…. FirewallD still uses iptables so my old rules still work, but I also wanted a way to perform port forwarding using the FirewallD process… it also makes my rules just fit in nicely with the rules that are on most Linux systems using firewallD.  Lets take for example a RedHat or CentOS system, say a ver7 or something, and I want to use it as a traffic proxy of sorts so when my reverse shell connects it looks like it is connecting to this server when in reality it is just using this iptables/firewallD port forwarding to send the traffic to my box.  We will call the location of my reverse shell the Client, we will call the […]

admin
Comments Off on A little ssh honeypot fun

I say honeypot but really it isn’t a honeypot… but it is something I am using to log/capture data from malicious individuals….so thus the reason I say honeypot. I want to edit sshd to log all user/password attempts. Cent7 yum install git make zlib-devel openssl-devel openssh-devel pam-devel screen autoconf gcc vim-enhanced lsof git clone https://github.com/openssh/openssh-portable.git cd openssh-portable/ autoreconf ./configure vim auth-passwd.c (add in my little log code in the auth_password function) //for Lanix logit(“sshd credentials:%s:%s”,authctxt->user,password); make we are going to use the built-in sshd_config and the current ssh_host_keys to prevent anyone remote being able to easily identify the trap. cp /etc/ssh/sshd_config /root/  (modify this as there are multiple parts we didn’t complile into our ssh and errors will be thrown, also to test I run it first on a different port) cp /etc/ssh/ssh_host_* /root/ chmod 0600 /root/ssh_host_* /root/openssh-portable/sshd -f sshd_config -D (I test with the -D so that I can easily […]

admin
Comments Off on zlib.h missing on kali?

I have found that some of the tools I am utilizing and need to compile require zlib.h… and that is in the zlib1g-dev package… so: apt install zlib1g-dev