rikka0w0

Find out if your Wifi adapter supports monitor mode

Windows: netsh wlan show wirelesscapabilities in admin cmd shell, look for Network monitor mode.

Linux: iw list | grep -Fe "Supported interface modes" -n10, look for * monitor in section Supported interface modes:.

In Kali Linux

I boot a live Kali 2024.1 on a 8G USB stick on a Acer ES1-531-P8NJ and install hcxdumptool and hcxtools from the official repo. The version of hcxdumptool from the repo is 6.3.1 as of 20240420.

Stop Wifi related services

rikka0w0

1. Install PVE using the official ISO and create a KVM with 512MB of ram and no disk.
2. In the PVE host shell, run these commands to import the official OpenWrt image into the VM:

cd /tmp
wget https://downloads.openwrt.org/releases/23.05.2/targets/x86/64/openwrt-23.05.2-x86-64-generic-squashfs-combined-efi.img.gz
gunzip openwrt-23.05.2-x86-64-generic-squashfs-combined-efi.img.gz
# Replace 101 with the VM ID 
qm importdisk 101 openwrt-23.05.2-x86-64-generic-squashfs-combined-efi.img local-lvm

https://medium.com/@aj.abdelwahed/openwrt-on-proxmox-ve-turn-your-raspberry-pi-into-a-networking-powerhouse-ee61bd2f342c

rikka0w0

# `cat /etc/default/grub`
`GRUB_CMDLINE_LINUX_DEFAULT="intel_iommu=on kvm.ignore_msrs=1 vfio-pci.ids=10de:2786,10de:22bc pci=realloc"`
May also need: `video=efifb:off video=simplefb:off`

# `cat /etc/modprobe.d/blacklist-nouveau.conf`
```
blacklist nouveau
options nouveau modeset=0
```

rikka0w0

https://github.com/as3long/kcpjs https://github.com/hazae41/kcp https://www.npmjs.com/package/ham-kcpjs

rikka0w0

$a = Get-VMSystemSwitchExtensionPortFeature -FeatureId 776e0ba7-94a1-41c8-8f28-951f524251b5
$a.SettingData.MonitorMode = 2
Add-VMSwitchExtensionPortFeature -ExternalPort –SwitchName "DefaultSwitch" -VMSwitchExtensionFeature $a

Also check Enable MAC address spoofing in the VM's NIC settings.

rikka0w0

<!DOCTYPE html>
<html>
<head>
    <title>Simple Webshell</title>
    <style>
        body {
            font-family: 'Consolas', monospace;
        }
        #commandInput {
            display: block;

rikka0w0

% Specify the file path
file = 'D:\1.txt';
count = 4;
length = 256;

% Open the file for reading
fid = fopen(file, 'r');

% Read all lines from the file
data = textscan(fid, '%f', 'HeaderLines', 1);

rikka0w0

Add-Type -TypeDefinition @"
using System;
using System.Net;
using System.Net.Sockets;
using System.Threading;

public static class UDPForward
{
    public static void Main(string[] args)
    {

rikka0w0

# Get the "Remote Desktop - User Mode (TCP-In)" rule
$rule = Get-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)"

# Get the associated firewall filter
$filter = Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $rule

# Set the private IPv4 and IPv6 ranges, including full loopback and link-local addresses, for the Remote Address
Set-NetFirewallAddressFilter -InputObject $filter -RemoteAddress "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fc00::/7", "fd00::/8", "127.0.0.0/8", "169.254.0.0/16", "fe80::/10"

# Set the port to 3389

rikka0w0

// To test this code, first create a new lambda with the AWS Cloudformation with the template below;
// Template URL: https://gist.github.com/rikka0w0/53a38add3c17e61744ff1806080e180d
// It not only handles the lambda creation, but also takes care of the required permissions.
// Then, create a Websocket service in the AWS API Gateway and point the $defsult handler to the lambda function we just created.
// Finally, replace the content of index.js of the lambda function with this file.
// Dont forget to DEPLOY it each time after you make changes. Test with 'wscat -c'

const AWS = require('aws-sdk');
const stream = require('stream');
const util = require('util');