Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Bob123

    Is HAK5 dead?

    I know this has been brought up before but is Hak5 dead? I mean seriously? When was the last time any of you watched a Hak5 video on youtube? Threatwire is still somewhat active but is everything else dead? If I'm missing something please let me know. I miss the show and miss everything else with it. If it is truely gone did I miss the goodbye? If so please point me in the right direction cause I'd like some closure. :) Learned a lot from you guys and gals! Plus is the show is truely dead then I can leave the forums too. I try to help where I can but the forums these days are pretty much dead too.
  3. Is there a list of resolutions that work vs not... I have been trying to get this to caputure off of a Jetson Nano, and raspberry pi with no luck going to try my gaming pc which has more options
  4. Just a note for individuals. If you are experiencing SSH issues (like others) please ensure that your C2 Cloud Server is up to date. When first logging in you should see a notification to upgrade.
  5. So a good example of a reverse proxy is this... "Void-Byte and All Your Base are best friends. All Your Base has a crush on Hak5, and wants to ask Hak5 on a date. However, All Your Base does not want anyone to know they asked Hak5 on a date. So instead All Your Base asks Void-Byte to ask Hak5 on his behalf. Now people think Hak5 asked All Your Base on a date when it was in reality All Your Base."
  6. Please remember that obfuscation is not truly considered a form of "security". Even though you will open port 443 for HTTPS that form of traffic is encrypted, and if you harden your server you can help counter general threats. If you are worried about people seeing that you have an open port you can create firewall rules to inhibit external traffic to that port, utilize anti-scanner tools, etc.
  7. Also very interested in this feature for testing our IOT products.. Has this been forgotten about :( ?
  8. kuyaya

    Payload ideas

    This is a topic to collect ideas for new payloads. Just write them down here.
  9. I'd like to request assistance regarding how I can bypass windows 10 defender while I am actually tying to execute a vbscript payload. I have two VBS script. One the main Payload and the second is a VBScript that disabled windows antivirus but it raises UAC prompt. I am trying to bypass the UAC prompt then execute the VBscript to Disable the windows defender before downloading intstalling the main payload that get blocked by windows anti-malware. I would appreciate you assitance about this. Best Regards.
  10. Last week
  11. The USB Rubber Ducky is just a keyboard. So, can someone steal your password if they can type on the computer?
  12. kdodge

    USB HDMI Input

    So, back in the day, there were "Video Capture Cards" for like desktop computers, that would provide TV inputs into the computer. I'm talking about old old old ISA slots, but i don't know if they still make those now for like USB or not, if they do it should be HDMI compatible. Good luck man!
  13. If you didn't look to see if the data on the iPhone was deleted, it's quite possible some was still there after the factory reset. I would contact your lawyer and the police and give them the name of the person you sold your iPhone to, so they can add it to the police report. To me it seems like they should be looked into.
  14. Depends who they are, what backing they have, and how skilled they are. But probably not
  15. That's not the reason I'm asking. I'm concerned about whether others can hack my password.
  16. Hey guys, I'm sorry if this is posted in the wrong category, if so please advise me where it should be it and I'll change it ASAP. Would it be possible for a more advanced 3rd party user to create a module for the NANO that preforms a factory reset of the device with the single push of a button through the website? (172.16.42.1:1471)
  17. Do university networks running Windows 10 prevent USB Rubber Ducky password theft?
  18. Thanks Darren All I did was choose DENY to let every client join and it worked. Iain
  19. Awesome recommendation @Charbot I didn't even think about that. @nige to "make sure that you have the nano's usb ethernet network connection correctly configured on your host computer" (Using Windows 10) Press the start button on your Desktop> Go to view network connections> Find your NANO> Right-click> Properties>Double click on Internet protocol version 4 (TCP/IPv4)> (Change the settings to match my attached screenshot - remember to click the box to validate settings upon exit)> click okay> exit out of those windows> Open your PC's internet browser and go to 172.16.42.1:1471. You should see the welcome screen.
  20. For the Linux savvy ones, I found something strange. So I can login as root and I can go pretty much anywhere when I SSH into one of the robot units (terminal only). Now there is a folder called /usr/Lely, which has these contents. /usr/Lely # ls AGS Ax_A_AGS Ax_A_RCS LFWTimeServer RCS.start bootNetConf AGS.start Ax_A_AURS Ax_A_XLinkUpdater LFWTimeServer.start Software chrome.sh AURS Ax_A_LDNTranslator DoUpdate PC2Target VNC.start killme AURS.start Ax_A_LFWTimeServer LDNTranslator Proxy Version.txt lelyboot Ax_A_1024x768.qss Ax_A_PC2Target LDNTranslator.reset Proxy.start XLinkUpdater setNetConf Ax_A_640x480.qss Ax_A_Proxy LDNTranslator.start RCS XLinkUpdater.start vnc So I'd say there should be a user called Lely. However, when I check all the users using cat /etc/passwd, there's no user Lely to be found. login as: root root@10.4.1.102's password: sh: xauth: not found / # cat /etc/passwd root:WKOt7g4Zs.7W6:0:0:root:/home/root:/bin/sh daemon:*:1:1:daemon:/usr/sbin:/bin/sh bin:*:2:2:bin:/bin:/bin/sh sys:*:3:3:sys:/dev:/bin/sh sync:*:4:65534:sync:/bin:/bin/sync games:*:5:60:games:/usr/games:/bin/sh man:*:6:12:man:/var/cache/man:/bin/sh lp:*:7:7:lp:/var/spool/lpd:/bin/sh mail:*:8:8:mail:/var/mail:/bin/sh news:*:9:9:news:/var/spool/news:/bin/sh uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh proxy:*:13:13:proxy:/bin:/bin/sh www-data:*:33:33:www-data:/var/www:/bin/sh backup:*:34:34:backup:/var/backups:/bin/sh list:*:38:38:Mailing List Manager:/var/list:/bin/sh irc:*:39:39:ircd:/var/run/ircd:/bin/sh gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:*:65534:65534:nobody:/nonexistent:/bin/sh messagebus:x:42:64002:Linux User,,,:/var/run/dbus:/bin/sh haldaemon:x:43:64:HAL:/var/run/hald:/bin/sh polkituser:x:44:64004:polkituser:/var/run/polkit:/bin/sh / # / # Anyone knows what's up?
  21. That's weird. I don't have a whole lot of experience with ssh'ing into it yet besides the basics so I won't be much help there unfortunately. - Does it still reset to the setup screen if you use the NANO through the website? (172.16.42.1:1471) Just curious. - Shooting in the dark here, but have you tried to reformat the SD card (perhaps it became corrupted. I've had that happen to me and the NANO didn't like that) or can you try using a different SD card - making sure to format it first. - I'm not 100% sure if you need to use 2A while the NANO is running, but it couldn't hurt for troubleshooting purposes. Provide the NANO it's full power requirements to eliminate it being a power supply issue. - That's good that you're using version 2.6.2 - I think we can eliminate your reset button being bad so that's good. - Have you preformed a firmware reset in conjunction with a factory reset on your NANO yet? https://docs.hak5.org/hc/en-us/articles/360010471774-Firmware-Recovery Couldn't hurt to start from scratch and it only takes about 5-10 minutes. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- **UPDATE** After playing around with my NANO, it's now doing the same rest loop as yours @jackTheSignal (I don't have any modules loaded on the SD card - already formatted it via Windows) How I got my NANO to do the reset loop (For the Hak5 admins @Darren Kitchen @Foxtrot @Sebkinne wondering how unintentionally fucking up the NANO's) I was on a different thread trying to help another user through a firmware reset, and after I performed it myself on my NANO, it started doing the same reset loop described as above. Luckily, I back tracked and figured out the root cause and now my NANO's working fine with no reset loop. So hopefully @jackTheSignal this will work for you as well. Perform a firmware reset following the provided instructions here (https://docs.hak5.org/hc/en-us/articles/360010471774-Firmware-Recovery) **HOWEVER** don't click on the link provided for the NANO Recovery Image. For whatever reason (perhaps it's an old/outdated/incompatible/corrupted link?) when I uploaded this file into my NANO, it worked at first but the initial setup screen was slightly different that what I was used to seeing. What I saw: 1. When I pressed the reset button to disable the WiFi antennas to complete the initial setup, the blue LED wouldn't shut off like it normally does. 2. The filter options for Client and SSID were different than what I was used to seeing. It didn't have any check mark boxes, but rather a buttons to change them from allow or deny. 3. The web portals "Dashboard" screen "Bulletins" button was different as well. (After I completed the setup, within the minuet the NANO started doing the perpetual reset loop.) SOLUTION I followed the same firmware reset instructions provided above but I used this link instead for my firmware image (https://www.wifipineapple.com/downloads) (I used the 2.6.2 download) and loaded that into the NANO. No issues now. (Make sure to give your NANO about 5 full minutes to fully update after you upload the new firmware)
  22. To anyone else finding themselves on this page looking for help; the solutions above do work and get the NANO back up and running successfully. Here's what worked for me. My OS: Windows 10. NANO Software Version: 2.6.2. Had my NANO give me the fast flashing blue LED light ("Bricked") For an unknown reason when I powered it on (been using for about 2 months with no issues) I first tried to reformat the SD card with Windows thinking perhaps it became corrupted. No change in the NANO's LED status. I then tried the factory reset method (press and hold the reset button on the back of the device for 7 seconds) with no change (still flashed blue continuously). I then followed the link @Foxtrot provided (posted above) to the firmware reset page (https://docs.hak5.org/hc/en-us/articles/360010471774-Firmware-Recovery), downloaded the NANO firmware image to my PC, changed my NANO's IP address, uploaded the firmware image into the NANO via the provided website, changed the NANO's IP address back and the NANO fired right back up with no issues.
  23. Correct. You can simply go to the "Filters" tab and change the needed settings through there.
  24. Everyone also has to realize that if Hak5 we're to become responsible for producing the 3rd party modules, they would open themselves up to all sorts of nasty lawsuits and the fed's would quickly shut them down. Hak5 is responsible for the physical NANO and it's main operating system; nothing else. Everything else is left open to the community. It's no different than any other product on the open market available for consumers. EXAMPLE: Anyone can legally buy an ordinary pencil from a store. No big deal, right? However the end user has the choice on how they wish to use the pencil. They can choose to use the pencil in a legal manner - on paper - or use the pencil to stab someone in the eyeball (now that pencil become an illegal weapon). The pencil itself isn't illegal by nature. How the pencil is used by the end user determines the legality of the pencil. **Hypothetically** (Don't do this!) if you walk into any police station and try to have them arrest you for carrying a normal, everyday pencil, they'd look at you like you were insane. You won't get arrested for walking around with a pencil on your person. Now take that same pencil in our hypothetical situation and stab that same police officer (Don't do this!) who just said he won't arrest you for carrying around a pencil. You'll get jumped and arrested before you even know what's going on (and you'll probably get 6 warning shots to the back for good measure lol) You as the end user took a perfectly legal item and just turned it into an illegal weapon. Is that the fault of the pencil company? Absolutely not. The pencil company only produces legal pencils for its customers. That end user decided to use the pencil in an illegal manner. So, if Hak5 decided to start writing their own modules with their name on it which allowed end users to use their product in an illegal manor, the NANO would then become illegal object to own. (Imagine if the same pencil company put instructions on how to stab people with their pencils on their boxes) How quickly would that company be getting dragged into court? 1 day? It's up to the Hak5 community to write our own modules and decide for ourselves on how to use the NANO. So if you're unhappy about the 3rd party modules not working quite right, I suppose you'd better brush up on your coding and make the necessary edits to allow you to accomplish your own end goals. If you break it down the NANO is really just running the Kali Linux software inside a custom built hardware shell. And last time I checked, owning a Kali Linux OS is not illegal. How you use it determines the legality.
  1. Load more activity
×
×
  • Create New...