All Activity

The best way is most often related to why you want stronger signal and more range. What's the use case? And, the best way to get questions answered about the MK7 is to post them in the MK7 section of the forums, not in the section for the Mark IV.

Whats the best way of getting more range with of the MK7

What anti malware software are you using?

What product was detecting it as malware and did it provide any information of why it was detecting it? The text below is from a quite recent post by the Hak5 head dev of Cloud C2 "Question: "C2 cloud download from hak5 says it has malware" Answer: **TLDR; its a false positive. CloudC2 contains no malware nor anything malicious. ** This is an unfortunately (and ironically) a side affect of providing our software in an *easily accessible zip for all architectures*. This arbitrary determination by random AV scanners is unfortunate and **nearly impossible to combat.** AV detection is a game of "if my AV detects it and yours doesn't, mine is better" so even false positives spread like wildfire. Understandably because in the case something is actually malicious this protects more users quicker (something we can all appreciate). So what nuance are these AV companies missing in their determination of Cloud C2? Architecturally Cloud C2 is designed to** only communicate with Hak5 devices**; there is no way to even abuse Cloud C2 to provide access to even the host its running on. The executables don't even communicate with the host machine they run on -- this is both by design and for your privacy and security; *Cloud C2 is effectively a sandbox*. We expressly provide the sha256sum of the archive, and within the archive a list of sha256sums of each individual binary so that you can be sure they haven't been intercepted or tampered with. Each binary is built and tested by us in house from the same codebase and then provided to the user via our own hand built infrastructure so that you can be sure no one is able to alter the software nor track you. **In even more detail:** The combination of features Cloud C2 provides, from a *blindly heuristic perspective*, has just fooled many scanners into** false positive**; looking to naive data models that it "could be used maliciously" due to the fact that it: - requires a token and a license key to access; providing security and ensuring you're the only one who can complete the setup process - contains a self contained web server that can communicate in a custom protocol scanners have never heard of and don't understand (expressly so that your Hak5 devices are secure when using Cloud C2) - supports https and uses aes256 to communicate with Hak5 devices, making traffic uninspectable - contains a ssh server so you can remotely shell in (only) to your registered devices with a single click - supports one click OTA updates as a self updating binary - contains a cross platform compatible database architecture - contains a fully built-in web ui (which would appear as an embedded file system) - supports user accounts with fully configurable role based access control for your data security - supports full audit level internal logging of requests made to your server and actions taken by your server users **All with zero external dependencies packaged into a single executable.** The **only communication Cloud C2 server makes**: - directly with your Hak5 devices you've explicitly registered with your server, - to validate the license and only the license information."

Went to download the zip file from https://downloads.hak5.org/cloudc2 and it was flagged as malware. Can I get some confirmation as to why it was, thank you,

Just send an email to the address from which the order confirmation was sent. It has worked for me when I've had reasons to have questions about my orders (which hasn't been many btw over the years). I guess you are the same one that posted on Discord about that error. The USB (onboard) hub is probably broken which doesn't make it possible to access the USB mounted radios (and when saying USB, I don't refer to any of the physical USB ports on the Pineapple, but a USB hub that you can't use like a regular hub since it's onboard connecting the onboard 7601 based radios that you seem to have issues with). Also, make sure that the Pineapple gets enough power. I seem to remember that there has been situations when an underpowered Pineapple has shown such error. Use a power source that is guaranteed to be able to deliver 2A and that the cable used is rated for at least 2A as well (using the cable that came with the Pineapple is a good start). If these requirements have been met, and it still show those errors, then it's likely that the mentioned USB hub is bad.

I am totally bummed I cant find a solution to the (UCI unable to set Country to Radio 1 error), tried all the forums. the sad part is I had to wait 45 days for them to ship and then the ship time, 😞 so dissappointed, I cant seem to get any response to my tickets. 😞

#!/bin/bash ##################################################################### ############## Configuration Backup and Restore Script ############# ##################################################################### # List of configuration files to backup and restore config_files=( "autossh" "dhcp" "firewall" "fstab" "pineap" "network" "system" "wireless" ) # Backup directory backup_dir="/etc/config/backup" # Function to backup configuration files backup_config() { if [ ! -d "$backup_dir" ]; then mkdir "$backup_dir" fi for file in "${config_files[@]}"; do backup_file="$backup_dir/$file.backup" if [ -f "/etc/config/$file" ]; then if [ ! -f "$backup_file" ]; then cp "/etc/config/$file" "$backup_file" echo "Created backup for $file configuration at $backup_file" else echo "Backup for $file configuration already exists at $backup_file" fi else echo "Warning: /etc/config/$file does not exist, skipping backup." fi done } # Function to restore configuration files restore_config() { for file in "${config_files[@]}"; do backup_file="$backup_dir/$file.backup" if [ -f "$backup_file" ]; then cp "$backup_file" "/etc/config/$file" echo "Restored $file configuration from $backup_file" else echo "Warning: $backup_file does not exist, skipping restore." fi done } # Function to run the LED color sequence run_led_sequence() { # Color sequence colors=("G" "Y" "G" "Y" "G" "Y" "G" "B") # Duration for each color (in seconds) duration=0.1 for color in "${colors[@]}"; do LED $color VERYFAST sleep $duration LED $color SOLID sleep $duration done LED B SUCCESS } # Main script execution backup_config restore_config run_led_sequence Button script to backup all settings to a subfolder /backup and then do some randomized diod blinking. Backup is done if there are no backup files, otherwise it creates the files and flashes. usefull if you get locked outof root portal after playing with iptables instead of flashing recovery.

Is the cable marked?

I found the o.mg cable in my house with the cable detector. I have plugged the cable into my computer in the past Am I able to detect any other devices that may be in the house? Can someone please provide some guidance as if it would link to anyone? How do I know if other devices are in the house? Thx

Nice...

Hello Yes, of course! Make sure you are using the correct connection and port when connecting your Shark Jack to your laptop. Verify that the USB connection settings for Android are set up correctly. In case the serial USB connection isn't detected, experiment with an alternative cable or port. I hope this is useful. Regards Nisha Marshall Removed spam for a really bad gardening company.

wlan2 represents the WiFi client interface of the Pineapple, so I can't see why that would directly be involved in the use of the evil rogue AP.

Hi guys, just fresh installed firmware 2.1.3 and running the PineAP Evil Enterprise and get this error: no address range available for DHCP request via wlan2 My iPhone cannot connect to it but does show the username pw entry fields. Any clue? Logfile: https://file.io/MoNVAxqkkSXa

There is a "conflict" here. Combining the two (plugging the SJC directly to the router, and having the SJC in arming mode) should lead to issues since the Shark will "be the network" in arming mode (using the IP address of 172.16.24.1) and reaching that address shouldn't really be possible since/if the router presents a totally different network and expects networking clients to connect to it. That's also why I'm a bit surprised you are even able to ping it or be able to get something in return when trying to ssh into it (although it throws back an error). To use the SJC as a client and plugging it into a router expecting it to get network (and internet) access, I would instead create a payload that would set the SJC in "NETMODE DHCP_CLIENT" at boot and also start the ssh daemon. Then find the IP address that the Shark has received on the LAN and ssh into it. This will not work for different reasons. One is that your MacBook most likely don't have a DHCP service running that is able to hand out a DHCP lease to the SJC. You will also have additional issues since you most likely need to configure both the Shark and the Mac to let the Shark have internet access via the Mac.

Might be a newb question but I seem to be unable to ssh into the SJCable busybox when it is attached directly to my router and in arming mode. I can see it via the router admin panel and can ping it nicely from my terminal but ssh root@dhcp_ip returns => port 22: Connection refused When I connect directly via USB-C based Ethernet Cable on my MacBook I can ssh into the static IP but then can not activate NETMODE DHCP_CLIENT => here the bugger simply hangs in an endless loop Any ideas on how best to tackle? Simply need to run the initial upgrades. Thx a bunch

That can't be too difficult to do a Google search on. Especially since "John" is also mentioned in the payload readme/instructions plus the fact that the GitHub repo is linked in the instructions. So... JtR stands for "John the Ripper", it's a tool. https://github.com/openwall/john https://en.wikipedia.org/wiki/John_the_Ripper https://www.openwall.com/john/ You haven't included any commands in the post, but I guess that you are referring to the commands in the payload instructions. They should be executed on the Bunny itself (when it has been configured to be able to reach the internet). You will most likely run into a bunch of errors while running the apt commands since Jessie is EOL and the upstream package repos aren't maintained anymore. The payload itself is interesting as a concept, but nothing I would use that much since it's rather limited in the way that it is only able to try a limited amount of possible passwords. I would go with QuickCreds/Responder instead and do any "password restoring" on something more powerful than the Bunny. The Responder version that is used in the payload is also older than needed.

Hi there, I started playing with Bash Bunny, I would like to unlock a Windows PC, without knowing the password, for security measures I cannot reset the password. I have seen the Bunnypicker (Win10 Lockpicker for Bash Bunny) payload, listed on official GitHub repo. Has anyone worked with it? I have the following question as this person mentioned in the GitHub issue. I will list the questions here as well: 1. What does JtR means? 2. Where do I run the following commands? In Windows, on the Setup machine (a Windows where I setup the BashBunny USB stick) ? Based on what I have seen, the below commands can be run on a Windows Machine with Linux subsystem activated (WSL2). Am I missing something?

@viggolek did u fixed the issue, having the same problem sadly ? 😞

I was having problems with the forum. I am not abusing anything there is people abusing your products and it's impacting people and they are targeting vulnerable people. I'm not having it local law enforcement. Don't get it. They don't see it. I see it very clearly now do I have to go to the FBI with this? I already put a complaint in on whatever site that is they have nobody ever contacted me back but the level that these guys are at they got guys working in the data center. They got guys that are working on the lines. This is serious shit.

Pro license of PayloadStudio is not included if you don't buy the "Pro" or "Elite" bundle when you buy the Ducky, which is possible to read all about on the shop page https://shop.hak5.org/collections/best-selling/products/usb-rubber-ducky It's possible to buy it separately as well https://shop.hak5.org/products/payload-studio-pro No, it's not necessary. You can use the community version for free (which is as cheap as it gets) as stated in the official documentation https://docs.hak5.org/payload-studio

Hi everyone! I'm looking to buy the RubberDucky and learn how to use it. But I have a question before I buy. Is the PRO licence included in the purchase of the RubberDucky or do you have to buy it separately? Is the PRO licence necessary to encode code on a microSD and put it in the rubber on payloadstudio.com or is there another way (preferably cheaper)? Thank you very much Nicolas

I've had this issue with people hacking me for about two years now and I'm a retired IT professional. I'm 58 years old and where I live there's a bunch of kids running around doing things you don't want to get caught doing. . What should I do? It's crazy. They are into everything like cockroaches. They're even in the cops shit and I told them you're hacked you're penetrated and they never had their IT guy call me. I worked in corporate IT for over 30 years and if somebody came up to me and told me, hey, you got a security issue issue or whatever I would've made that call by the end of the day. They got a bad internal problem because I know they got a guy that works in the data center and then they have other guys that are contractors for the cable company and they're with the bucket trucks. This shit blew my mind what I stumbled upon and I don't wanna do something that's gonna hurt you guys so please give me some advice. these are not good people because I gave them every opportunity to knock it off and if they have a problem with me, they need to come talk to me. I have enough evidence to send them away for a long time. I mean, come on using fucking jammers. I got them using jammers on my fucking Wi-Fi cameras and my neighbors.

This isn't your grandma's SDR beginner post! I'm putting out a bat-signal to all the SDR enthusiasts out there: hackers, tinkerers, hardware wizards, developers of all stripes (software, firmware, you name it) – anyone who gets a thrill from pushing the boundaries of tech. Beyond Signal Hunting: Sure, I'm a newbie in the SDR world, but my interests are more than just finding radio signals. I'm obsessed with reverse-engineering hardware and unlocking the hidden potential of SDR. Level Up My Skills: I've been hitting the books (official docs) and forums hard, but I crave the next level: deep dives into the technical nitty-gritty. Here's what gets my neurons firing: Academic Intel: Research papers and white papers that crack open the frontiers of SDR technology. Bleeding-Edge Projects: Proof-of-concept adventures and experimental applications that showcase the true power of SDR. The Resourceful Hacker Way: Bootstrapping My Setup: Repurposing hardware and mastering the art of reverse engineering is my jam. Eco-Friendly Hacking: Minimizing waste is a priority. I believe in responsible hacking that maximizes knowledge gain. Future-Proof Investment: I'm on the hunt for an SDR platform that can grow with my skills and ambitious projects, even if it means getting my hands dirty with some soldering and coding. Calling All SDR Gurus: Are you a seasoned SDR developer who gets fired up by cutting-edge concepts and guiding enthusiastic newcomers? If so, I'd be honored to connect and learn from your expertise. Collaboration is the Name of the Game: In addition to a mentor, I'm on the quest for hidden knowledge: Academic Gems: Hit me with links to those insightful research papers or white papers that delve into the latest SDR advancements. Hidden SDR Haunts: Point me in the direction of lesser-known forums, communities, or projects that explore advanced SDR topics. Let's push the boundaries of SDR together. Raspberry Pi and Arduino are fantastic tools for teaching electronics and programming while promoting sustainable practices. Learning how to critically think, troubleshoot, and repurpose old components not only benefits individuals but also contributes to a more sustainable and efficient society.

Hi newbi3, the portals work great except that they don't log anything the first time I enter my creds. I have to reconnect and enter them again before they get logged. This happens with all the portals. I am using the Kleo Portals. Any idea what the Problem could be that i dont get the creds on the first attempt ?