Thanks that worked :). Where can i find the documentation for that naming ?

I am trying to use the rest api to automate the setup of my pineapple VII and want to install the evilportal module. I have read the guide here : https://hak5.github.io/mk7-docs/docs/rest/modules/modules/ but find the method description for downloading and installing a module hard to understand.. It just says: Install remote module use the PUT /api/modules/install Request Body { BODY } Response If successful, RETURNS: { RESPONSE } I cant figure out how to send that CURL line .. !? Here is what I am doing so far but cant get the correct syntax: CURL="/usr/bin/curl" # GET REST_API_TOKEN TOKEN=$(${CURL} -s -X POST http://172.16.42.1:1471/api/login -d '{"username": "root", "password": "Ihateplaintextpasswordsincommands"}'|cut -d '"' -f 4) # Download and install the evilportal module using the Token i just got from the last command ${CURL} -s -X PUT http://172.16.42.1:1471/api/modules/install -H "Authorization: Bearer ${TOKEN}" -d '{"name":"evilportal"}' It returns this error: {"error":"json: cannot unmarshal array into Go value of type models.RemoteModule"} # This works and will return a list of modules i can download: ${CURL} -s -X GET http://172.16.42.1:1471/api/modules/available -H "Authorization: Bearer ${TOKEN}" [{"name":"MACInfo","title":"MAC Info","author":"KoalaV2","version":"1.1.1","description":"Lookup information on MAC Adresses","size":11405,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/MACInfo/download"},{"name":"hcxdumptool","title":"Hcxdumptool","author":"lorenzoPrimi","version":"1.0","description":"Small tool to capture packets from wlan devices.","size":14696,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/hcxdumptool/download"},{"name":"DNSspoof","title":"DNSspoof","author":"90N45","version":"1.0.2","description":"Spoof DNS records","size":11237,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/DNSspoof/download"},{"name":"httpeek","title":"HTTPeek","author":"newbi3","version":"1.2.1","description":"View plaintext HTTP traffic, such as cookies and images.","size":13077,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/httpeek/download"},{"name":"cabinet","title":"Cabinet","author":"newbi3","version":"1.2.1","description":"A simple browser based file manager for the WiFi Pineapple.","size":11452,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/cabinet/download"},{"name":"evilportal","title":"Evil Portal","author":"newbi3","version":"1.5.3","description":"An evil captive portal for the WiFi Pineapple.","size":35812,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/evilportal/download"},{"name":"DenyIP","title":"DenyIP","author":"90N45","version":"1.0.0","description":"Declare IP addresses and refuse their traffic","size":9056,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/DenyIP/download"},{"name":"locate","title":"Locate","author":"KoalaV2","version":"1.1.1","description":"Geolocate IP addresses and domain names over HTTPS via ipapi.","size":8822,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/locate/download"},{"name":"wpasec","title":"WpaSec","author":"makcanca","version":"1.0","description":"Provides UI to submit WPA handshakes to https://wpa-sec.stanev.org","size":9587,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/wpasec/download"},{"name":"wigle","title":"WiGLE","author":"90N45","version":"1.0.2","description":"Information gathering of APs with the WiGLE.net database","size":15160,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/wigle/download"},{"name":"mtr","title":"MTR","author":"KoalaV2","version":"1.1.1","description":"Traceroute and ping a host.","size":17496,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/mtr/download"},{"name":"tcpdump","title":"TCPDump","author":"newbi3","version":"1.3.1","description":"Web GUI for the tcpdump packet analyzer tool.","size":15522,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/tcpdump/download"},{"name":"mdk4","title":"MDK4","author":"newbi3","version":"1.3.2","description":"Web GUI for the MDK4 wireless testing tool.","size":29669,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/mdk4/download"},{"name":"nmap","title":"Nmap","author":"newbi3","version":"1.3.1","description":"Web GUI for Nmap, the popular network mapping tool.","size":20094,"download_link":"https://downloads.hak5.org/api/devices/wifipineapplemk7/modules/nmap/download"}] How do I get this download and install to work ? /Regards T.

naaa i get them too.. I think there is something broken inside of the pineapple code that messes up things..

root@server:/srv/hak5# cat /lib/systemd/system/knockd.service [Unit] Description=Port-Knock Daemon After=network.target Documentation=man:knockd(1) [Service] EnvironmentFile=-/etc/default/knockd ExecStart=/usr/sbin/knockd $KNOCKD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillMode=mixed SuccessExitStatus=0 2 15 ProtectSystem=full #CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE #CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN [Install] WantedBy=multi-user.target Alias=knockd.service # Here is the knockd.conf in /etc root@server:/srv/hak5# cat /etc/knockd.conf [options] PidFile = /var/run/knockd.pid LogFile = /var/log/knockd.log Interface = ens192 [startHAK5] sequence = 80,1337,443,6666 seq_timeout = 5 command = /srv/hak5/port_knock_on tcpflags = syn [stopHAK5] sequence = 5555,443,1337,80 seq_timeout = 5 command = /srv/hak5/port_knock_off tcpflags = syn

I got one step closer ( have not tested a client connection yet) Now my covert server is online and when you know the "secret" link you will get the c2 login page - in this example below the secret link is /hak5 To ensure it is not always online i have also installed knockd and run a start / stop script that ensures nothing from the c2 is exposed or running when I do not need the C2. To get knockd to work you have to alter /lib/systemd/system/knockd.service and remove or # outcomment the "CapabilityBoundingSet" line - then it can run the scripts. I am using iptables (not sure it is needed) -A POSTROUTING -o ens192 -j MASQUERADE Starting C2 like this: /srv/hak5/c2/c2_community-linux-64 -db ./c2.db -hostname www.my-covert-server.com -https -listenip 127.0.0.1 And I am use cloudflare and took cloudflares certificate ( they make it for you ) - converted it in to a pem and a .key file And in apache default-ssl.conf i added this: SSLCertificateFile /etc/ssl/private/my-covert-server.com.pem SSLCertificateKeyFile /etc/ssl/private/my-covert-server.com.key Then i found cloudflares CA cert by googling and added it also to the default-ssl.conf SSLCertificateChainFile /usr/share/ca-certificates/cloudflare/cloudflare-ca.crt and for proxying i added this (also to default-ssl.conf).. <IfModule mod_proxy.c> # a2enmod proxy # a2enmod proxy_http ProxyPreserveHost On SSLProxyEngine On ProxyRequests Off ServerName www.my-cover-server.com ServerAlias my-cover-server.com # ProxyPassMatch "/hak5/(.*)" "https://127.0.0.1:443/$1" ProxyPassReverse "/hak5/(.*)" "https://127.0.0.1:443/$1" ProxyPassMatch "/assets/(.*)" "https://127.0.0.1:443/assets/$1" ProxyPassReverse "/assets/(.*)" "https://127.0.0.1:443/assets/$1" ProxyPassMatch "/api/(.*)" "https://127.0.0.1:443/api/$1" ProxyPassReverse "/api/(.*)" "https://127.0.0.1:443/api/$1" ProxyPassMatch "/login/(.*)" "https://127.0.0.1:443/login/$1" ProxyPassReverse "/login/(.*)" "https://127.0.0.1:443/login/$1" ProxyPassMatch "/dapi/(.*)" "https://127.0.0.1:443/dapi/$1" ProxyPassReverse "/dapi/(.*)" "https://127.0.0.1:443/dapi/$1" </IfModule>

Would it be possible to run the C2 on an existing webserver ? My ideal setup would be: webserver listen on ip 10.0.0.80 (just some local ip the server has and is behind NAT to an external IP) and port 443 + 80 and run HSTS, behind cloudflare or alike. The hak5 C2 listen on 127.0.0.1 port 443, 80 2022 The webserver redirects /whatever_i_choose/link to the C2 service -> 127.0.0.1:443, 80 2022 etc.. That way i can have a covert C2 running behind a legit looking webserver. I were thinking of using IP tables or apache proxy, mod_rewrite to do this - would it work when the C2 wants the ssl cert ? could this be done ? Best regards T root@server:~# netstat -tupln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 782/sshd tcp 0 0 10.10.10.10:80 0.0.0.0:* LISTEN 1565/apache2 tcp 0 0 10.10.10.10:443 0.0.0.0:* LISTEN 1565/apache2 tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 1633/c2_community-l tcp 0 0 127.0.0.1:443 0.0.0.0:* LISTEN 1633/c2_community-l tcp 0 0 127.0.0.1:2022 0.0.0.0:* LISTEN 1633/c2_community-l

De-Authentication attack. Will the Pineapple have any value when everybody uses 802.11w ( http://en.wikipedia.org/wiki/IEEE_802.11w-2009 ) ? The protocol ensures a hash value to all management frames that are sent so a 3 party can not de-authenticate (without having the correct hash value) Cisco calls the feature for "Management Frame Protection" (http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82196-mfp.html) I also saw that The Wi-Fi Alliance (WFA) has made support of Protected Management Frames (PMF) mandatory to pass 802.11ac or Passpoint also called HotSpot2.0 certifications.

I have added a script to set the background image of a windows 10 ( might work on other versions also..) https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Change-the-background-to-MyLittlePoney-(win10) Regards Keld. rubberduckcode.txt

Any one know if the 2.4.0 code can run on more powerfull hardware or have been ported ? I would like to run it on an i7 NUC with an octo core, therrabytes of memory, solid state disk and .. :) Regards Thermostaten

Sure - but .. what is the alternative ? Run the same functions that Mark V delivers on a self installed openwrt running on a NUC with proper CPU, Disk and memory ;) Well - i think i figured it out - the auto start of pineap does not run well when the dip switches starts the same function ( running twice) Now my focus is on the speed of the sd card.. it also troubles me (darn slow.. ) http://www.bhphotovideo.com/explora/photography/buying-guide/fastest-memory-cards-money-can-buy I hope the next mark VI is with +2G memory and options to expand it ..

I have this problem - tmp runs full .. because of perhaps to many clients for the pineap ? what is the easy way to get that tmp directory moved to /sd/tmp ? root@bridge:/tmp# df -h Filesystem Size Used Available Use% Mounted on rootfs 3.1M 2.4M 720.0K 78% / /dev/root 11.8M 11.8M 0 100% /rom tmpfs 30.2M 30.2M 0 100% /tmp tmpfs 512.0K 0 512.0K 0% /dev /dev/mtdblock3 3.1M 2.4M 720.0K 78% /overlay overlayfs:/overlay 3.1M 2.4M 720.0K 78% / /dev/sdcard/sd1 904.4M 69.3M 789.7M 8% /sd Here is the "sinner file" - filling up tmp root@bridge:/tmp# ls -alh spool/cron/atspool/a00004017012b1 -rw------- 1 root root 30.1M Nov 12 11:11 spool/cron/atspool/a00004017012b1 root@bridge:/tmp# tail spool/cron/atspool/a00004017012b1 Cannot accept client. Cannot accept client. Cannot accept client. Cannot accept client. Cannot accept client. Cannot accept client. Cannot accept client. Cannot accept client. Cannot accept client. Cannot accept client.root@bridge:/tmp# at -l 4 Thu Nov 12 10:53:00 2015 = root It is made by the AT job .. root@bridge:/tmp# at -c 4 #!/bin/sh # atrun uid=0 gid=0 # mail root 0 umask 22 CONFIG_cfg02e48a_TYPE=system; export CONFIG_cfg02e48a_TYPE USER=root; export USER CONFIG_cfg058bba_dev=eth0; export CONFIG_cfg058bba_dev CONFIG_autostart_log_associations=1; export CONFIG_autostart_log_associations CONFIG_cfg078bba_dev=wlan0; export CONFIG_cfg078bba_dev HOME=/; export HOME CONFIG_cfg058bba_TYPE=led; export CONFIG_cfg058bba_TYPE CONFIG_cfg02e48a_timezone=GMT-1; export CONFIG_cfg02e48a_timezone CONFIG_cfg098bba_dev=wlan1; export CONFIG_cfg098bba_dev CONFIG_cfg078bba_TYPE=led; export CONFIG_cfg078bba_TYPE CONFIG_ntp_server_LENGTH=; export CONFIG_ntp_server_LENGTH CONFIG_ntp_server=; export CONFIG_ntp_server CONFIG_cfg098bba_TYPE=led; export CONFIG_cfg098bba_TYPE CONFIG_cfg058bba_trigger=netdev; export CONFIG_cfg058bba_trigger CONFIG_autostart_harvester=1; export CONFIG_autostart_harvester CONFIG_cfg078bba_trigger=netdev; export CONFIG_cfg078bba_trigger CONFIG_cfg098bba_trigger=netdev; export CONFIG_cfg098bba_trigger CONFIG_ntp_enable_server=1; export CONFIG_ntp_enable_server CONFIG_autostart_TYPE=pineap; export CONFIG_autostart_TYPE CONFIG_cfg058bba_sysfs=mk5:amber:lan; export CONFIG_cfg058bba_sysfs CONFIG_ntp_TYPE=timeserver; export CONFIG_ntp_TYPE status=1; export status CONFIG_cfg078bba_sysfs=mk5:blue:wlan0; export CONFIG_cfg078bba_sysfs CONFIG_NUM_SECTIONS=1; export CONFIG_NUM_SECTIONS CONFIG_autostart_enabled=1; export CONFIG_autostart_enabled CONFIG_autostart_pineap=1; export CONFIG_autostart_pineap CONFIG_autostart_dogma=1; export CONFIG_autostart_dogma PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH CONFIG_LIST_STATE=; export CONFIG_LIST_STATE CONFIG_cfg098bba_sysfs=mk5:red:wlan1; export CONFIG_cfg098bba_sysfs CONFIG_autostart_log_probes=0; export CONFIG_autostart_log_probes foreground=0; export foreground CONFIG_cfg058bba_name=ethernet; export CONFIG_cfg058bba_name CONFIG_autostart_karma=1; export CONFIG_autostart_karma CONFIG_cfg078bba_name=wlan0; export CONFIG_cfg078bba_name CONFIG_cfg098bba_name=wlan1; export CONFIG_cfg098bba_name CONFIG_cfg058bba_mode=link\ tx\ rx; export CONFIG_cfg058bba_mode CONFIG_ntp_server_ITEM1=10.13.37.42; export CONFIG_ntp_server_ITEM1 CONFIG_cfg078bba_mode=link\ tx\ rx; export CONFIG_cfg078bba_mode CONFIG_cfg098bba_mode=link\ tx\ rx; export CONFIG_cfg098bba_mode CONFIG_SECTION=autostart; export CONFIG_SECTION PWD=/; export PWD CONFIG_cfg02e48a_hostname=bridge; export CONFIG_cfg02e48a_hostname CONFIG_autostart_beacon_responses=1; export CONFIG_autostart_beacon_responses CONFIG_SECTIONS=autostart; export CONFIG_SECTIONS cd / || { echo 'Execution directory inaccessible' >&2 exit 1 } pineap 6 00:13:37:A5:09:BE

This driver SHOULD be default in Mark IV base installation - it is the most awesome looking card - and image does matter :) Nice post - thanks for the guide!

Anyone here got the huawei e5776 usb tethering to work ? I have had some mixed results with writing my own /etc/usb_modeswitch.d/12d1\:1506 and echo '12d1 1506' > /sys/bus/usb-serial/drivers/option1/new_id But neve got to see a ethX show up Regards Thermostaten

Workaround: # ssh to the Mark V: ssh root@172.16.42.1 # Install the packages opkg update opkg install curl opkg install msmtp # That should do it..