Search the Community

Hey, folks. I've tried using my LAN Turtle on a few engagements now, and while it's nice to show it plugged into a computer in the report, I rarely get much love out of it, and the shell feels too slow to be useful (guess that's why it's called a LAN Turtle! - It's a really slow shell!) Anyway - The idea that I wanted to float today is whether or not it would be possible to turn the LAN Turtle into a "TwinTurtle", similar to the "TwinDuck" firmware for the USB Rubber Ducky, but in this case, the LANTurtle would continue to be a USB-to-Ethernet adapter as well as acting as a HID device, so you could have a "blind terminal" into the machine it's physically plugged into. This could allow direct exploitation of the machine through powershell meterpreter, for example - The only problem I can think of is how to tell if the device is actually unlocked before sending the commands. So the reason I'm bringing this here is that I don't currently have the know-how to write a custom firmware which implements this sort of functionality, but I wanted to bring up the idea to the community, to see if this is something that is even possible, and if there are people willing and able to implement it.

One thing that frustrates me is when someone has disabled booting from USB via the BIOS menu. Would it be possible to bypass this in a method similar to what Rubber Ducky uses? I'm not entirely sure how to develop such an exploit since I'm still in the process of learning, but I figured you guys would know what I'm talking about. If this idea has been done before, please point me in the right direction. I tried searching around for it on the net but haven't found anything as of yet.

Hi there! I just got my hand on the Hak5 toys today, i'm very exited to try to creat new infusion help and learn with the community, how does the infusions work? are they based on any language, python, perl, ruby, php? Sorry for the noob question but I jump right over here before trying to research more and I will once this is posted.. So, I've beeing playing with the FruityWifi project for a few months and xtr4ange have some new cool modules in his project that I would like to port it to my brand new Wifi Pineapple mark V Woud it be easy to port this module to a infusion? https://raw.githubusercontent.com/xtr4nge/whatsapp_discover/master/whatsapp_discover.pl Thanks and Cheers!

So I was working on some powershell-Fu for a customer to restrict e-mails with specific keywords in the e-mail body or subject line from being delivered to a mobile device. In this effort I developed a script that creates hidden rules in exchange that are unable to be detected in the exchange management shell by an admin or in microsoft Outlook by the user. I also wrote a second tool to detect view and delete these hidden rules. What I would like to do is adapt this for the USB Ducky where when the duck is inserted it runs a script that injects a hidden mailbox rule that will auto forward all e-mails received by the user to a specified account. The difficulty here is that the script requires a dll that extends the standard MAPI32.dll that comes with Outlook or the MAPI CDO installer. I am looking for suggestions on the best way to approach getting the dll on the system during the duck script execution. I am considering the Twin Duck firmware ( HID + Mass Storage ) option to see if i could copy the dll to a tmp folder prior to running the script and if i were to do that i would also like to copy the ps1 file so i would just open powershell copy the 2 files to tmp launch the Ps1 from tmp dir and then delete the dir and walk off. any suggestions would be welcome