Jump to content

All Activity

This stream auto-updates

  1. Today
  2. Can't help you any further. I'm not an Apple guy so I can't test/recreate/verify anything IRL since I don't have the equipment needed.
  3. Here are the payloads that I tried LEB B DUCKY_LANG fr ATTACKMODE HID VID_0X05AC PID_0X021E LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G And LEB B DUCKY_LANG fm ATTACKMODE HID VID_0X05AC PID_0X0273 LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G But all of them fails with: Thank you for your help
  4. Here are the payloads that I tried LEB B DUCKY_LANG fr ATTACKMODE HID VID_0X05AC PID_0X021E LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G And LEB B DUCKY_LANG fm ATTACKMODE HID VID_0X05AC PID_0X0273 LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G But all of them fails with: Thank you for your help
  5. What device are you connecting to the open AP? It should be sent to the evil portal.
  6. I tried this one for exemple: Product ID: 0x0343 Vendor ID: 0x05ac (Apple Inc.) I tried ATTACKMODE HID VID_0x05ac PID_0x0343 && ATTACKMODE HID VID_0X05ac PID_0X0343 && ATTACKMODE HID VID_0X05AC PID_0X0343 But the system blocks all 3 of them (i try one at a time of course)
  7. Sorry, with router i meant the Mark VII. I am connected to the open AP and the Portal is only shown when i enter the IP Adress "172.16.42.1" directly into a fresh Browser Page.
  8. Are you using a VID and PID that is valid for an Apple keyboard?
  9. Whatever PID and VID I use, the system is always blocking the B.B asking "Allow accessory to connect?" Do you have a solution to bypass this ?
  10. I know Korben is looking at it (I guess it was you posting about the same thing on Discord). I can't keep myself from looking at it either, but I'm not as proficient as Korben (and not a part of the Hak5 team either) so I guess we have to wait until people with more knowledge are able to look at it. When connecting to a hidden network you need to add scan_ssid=1 to /etc/wpa_supplicant.conf. However, the croc_framework and the config file doesn't have support for this (although a simple thing to add). I'm actually doing some mods to the croc_framework right now to try to get that implemented. (My own Croc that is, not for all Crocs since it needs a new firmware). You can serial into the croc when in arming mode. The way you do it depends on the OS. I'm using Linux most of the time and minicom, on Windows you can use PuTTY. https://docs.hak5.org/key-croc/advanced-usage/serial-console-access
  11. Thanks man, you're very helpful. btw what do you mean by "serial into the Croc" how do I configure key croc for hidden SSID. and lastly do you found any solution regarding key croc doesn't save it's log? Thanks again.
  12. dark_pyrro is totally correct. Connecting to an AP that the Pineapple is connected to as a client will not cause other clients to be redirected to the captive portal. That said, if you have some requirement where the Open AP or Evil AP are not options, ARP cache poisoning and/or DNS spoofing can get clients to connect to the Pineapple.
  13. I have to correct myself when it comes to the config.txt file. The wlan0 interface isn't brought up (and wpa_supplicant not started) if those lines are commented out. Just try to use the correct PSK in the config file without escaping chars. If failing, then put it in arming mode and serial into the Croc and try my script posted above to manually start the WiFi connection.
  14. Where have you looked for payloads this far?
  15. You mention "router" and "mk7" as if they were two different things, so I have to ask; do you mean the Mark VII when saying "router" as well? If not, then my conclusion is that you have mixed up the concept. You need to connect to the Mark VII directly (using the open AP) to get Evil Portal to be displayed as the first thing for the connected client device. If you connect to some intermediate router (to which the Mark VII is connected in some way), then the Evil Portal will not be shown.
  16. https://docs.hak5.org/bash-bunny/writing-payloads/vid-pid-man-prod-sn
  17. Hello all, I'm quite new with bash bunny and trying to work on MacOS payloads. When trying to plug the B.B on MacOS, it is automatically blocked by the system asking "Do you want to connect the USB accessory to this Mac?". I tried with many "ATTACKMODE" but the result is the same. Is there a way to bypass the system validation ? (maybe an ATTACKMODE with a PID number) (I'm running my tests on a macOS 13 with M1 ship) Cheers
  18. Hi, i need some Help with the Evil Portal Module. When i activate the Evil Portal Module and connect to my Router i can only acess the Portal by typing the IP Adress of the mk7. How do i configure the mk7 so that when i connect to the AP, i get send to the Evil Portal Site by default ? thx
  19. I should also add that (even if it would be nice to do it in the web UI), it possible to scp the /root/log.db file to a PC and browse the data in the SQLite DB Browser. Should also be possible to process it directly on the Pineapple in CLI with the help of Python.
  20. This was at least a feature of the Gen 6 PineAP implementation (Nano/Tetra). As I remember the Discord discussions about this, it's not a feature of the web UI for the Mark VII. I haven't found it at least (but not looked for it either lately). I guess this is what it's all about: https://youtu.be/CcnCbxoUWps?t=586 The reference that is mentioned is to look in the event/activity logs (turn on PineAP logging in the PineAP Advanced settings). https://docs.hak5.org/wifi-pineapple/ui-overview/pineap#pineap-settings
  21. Yesterday
  22. Didn't realize that it was a feature. PineAP will list connected clients but not probes. It can respond to probe requests but not log them.
  23. As I said in my previous post; edit the /etc/wpa_supplicant.conf file and add the ESSID and the PSK as they should look like, not with any escaped special chars. Also make sure it's not overwritten at boot (comment out the WIFI-settings in the config file). Do it either by connecting to the Shark using SSH or serial into it from arming mode. You can also create optional wpa_supplicant.conf file (one or many) and activate it manually. You can use the script I've put together when troubleshooting and try different files/network setups. https://codeberg.org/dark_pyrro/Key-Croc-AP_STA The issue is that the croc_framework parses the config file and echoes the PSK along with the escape char (backslash \) which makes the connection fail since it's not the true PSK. Also, if you are trying to connect to a hidden WiFI AP, then another option is needed to be successful.
  1. Load more activity
×
×
  • Create New...